Professional Documents
Culture Documents
Data encryption is one of the simplest technologies to implement to secure data in transit and
at rest. Encryption, which entails the process of converting information or data into a code, is a
key element in data security. Prior to transporting sensitive information, businesses generally
choose to encrypt the data so that it may be protected during transmission. There are several
methods for doing this.
There are connection-level encryption schemes that can be enforced, and the most widely used
types of encryption are connections using Hypertext Transfer Protocol Secure (HTTPS),
Transport Layer Security (TLS), and File Transfer Protocol Secure (FTPS). HTTPS is encrypted in
Page 18
Artificial Intelligence and Data Analytics (AIDA) Guidebook
order to increase security of data transfer. This is particularly important when users transmit
sensitive data, such as by logging into a bank account, email service, or health insurance
provider. Any website, especially those that require login credentials, often uses HTTPS. A
primary use case of TLS is encrypting the communication between web applications and
servers, such as web browsers loading a website. TLS can also be used to encrypt other
communications such as email, messaging, and voice over IP (VoIP). FTPS is a secure file
transfer protocol that allows businesses to connect securely with their trading partners, users,
and customers. Sent files are exchanged through FTPS and authenticated by FTPS supported
applications such as client certificates and server identities.
When compared to the data in transit, data at rest is generally harder to access, which means
that oftentimes private information, such as health records, are stored this way. Making the
interception of this data more valuable to hackers and more consequential for victims of cyber-
attacks. Despite the greater security, there is still a risk of this data being intercepted by
hackers through cyber-attacks, potentially causing private information such as addresses and
financial records to be released, putting an individual’s safety at risk. Protecting all sensitive
data, whether in motion or at rest, is imperative for modern enterprises as attackers find
increasingly innovative ways to compromise systems and steal data.
If the data must be protected for many years, one should make sure that the encryption
scheme used is quantum-safe. Current publically available quantum computers are not
powerful enough to threaten current encryption methods. However, as quantum processors
advance, this could change. Most current public-key encryption methods (where different keys
are used for encryption and decryption) could be broken with a powerful enough quantum
computer. On the other hand, most current symmetric cryptographic algorithms (where the
encryption and decryption keys are the same) are not susceptible to quantum attacks,
assuming the keys are sufficiently long.11
For applications where confidentiality of the data in use is of utmost importance, additional
technologies could be used. When one wants to keep the data private even while it is being
processed, there are a number of technologies that can be employed independently or, in some
cases, even together. These include homomorphic encryption, differential privacy, federated
computing, and synthetic data. Homomorphic encryption is a technique that allows operations
to be performed on encrypted data without decrypting it.12 This permits the confidential
processing of data on a system that is untrusted. The results of the computation can only be
only decrypted with the original key. The biggest barrier to widespread use of homomorphic
encryption has been its poor performance. It is significantly slower than performing the
11
http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010
-c1.pdf
12
See https://eprint.iacr.org/2015/1192 for an overview of homomorphic encryption and related technologies
Page 19
Artificial Intelligence and Data Analytics (AIDA) Guidebook
Data Transparency
Today, firms across the world are incorporating AI-based and data analytics systems to
automate their business processes and enable their workforce to focus on customer and
operational needs. Data Transparency is paramount to make data, analysis, methods, and
interpretive choices underlying researcher claims visible in a way that allows others to evaluate
them. However, the incorporation of AI technology is impeded by several challenges, and the
biggest one is the lack of data transparency. Often you cannot manipulate or control a system if
you do not know what goes into it. AI systems are often considered as a black box, which
means regulators are able to see what goes into the AI and what comes out but are unable to
see how the algorithms and technology actually works, and this makes it challenging to pinpoint
logical errors in the underlying algorithms. Tech companies are hesitant to share their
algorithms because it can lead to potential intellectual property infringement and theft. These
challenges in data transparency are often at odds with efforts to enforce data privacy.
Sometimes protected data is not transparent data, and in these cases, cybersecurity can
introduce challenges in efforts to expand, control, and monitor AI as it is applied. In this
instance, having greater security might present barriers to having more visible, transparent AI,
making it imperative to develop explainable AI. It is easy to see how this can be a problem
when faced with an application of this technology for government or in a public domain.
13
https://www.vanderbilt.edu/jetlaw/
14
https://arxiv.org/abs/1511.03575
15
https://sagroups.ieee.org/2795/
16
See https://ai.googleblog.com/2017/04/federated-learning-collaborative.html for how Google uses Federated
Learning on Android devices
17
https://ieeexplore.ieee.org/document/7796926
Page 20