I conclude my mini-mini-series with discussion of differential privacy, its imposing mathematical theory on Wikipedia vs. the relatively prosaic implementation reality of simply adding noise, why adding noise provides more privacy than you might think, and how these methods can go bad when used on datasets where outliers are numerous, extreme, or important.

As it is Election Day in the United States I have decided to set aside regularly scheduled programming to talk about the power of encrypted data-in-use techniques to better secure voting and voting machines. A little more obvious is how these techniques could improve the privacy of your vote, and then a little less obvious is how powerful they are for preventing tampering and improving auditability. I close by explaining the more general cybersecurity relevance of these ideas and give a bit of a teaser trailer for some future videos with the real sexy big ideas about transforming what it means to own data.

I continue my mini series on privacy-enhancing technologies with a two part mini mini series on synthetic data and differential privacy. In addition to giving some very basic definitions, I will focus this week especially on some shared pros and cons between these two techniques. Next week, I will admit to some minor lies I told about differential privacy and clean things up to give the full story of that technique.

This week we talk homomorphic encryption... I will give a basic definition, talk a little about examples vs. non-examples, give a brief demonstration via Ghost PII, talk applications around data sovereignty going forward, and Meta's struggles with international data transfers under GDPR.

MINI-SERIES EVENT! Over the course of Quarter 4, I will be posting a series of videos giving an overview of what are increasingly grouped together as "privacy-enhancing technologies" or PETs. (This will include homomorphic encryption, secure multi-party computation, zero-knowledge proof, differential privacy, synthetic data, and maybe a little bit on trusted execution environments.) I will take special care both to point out why the business side might decide to care about these things and to clarify the rather problematic and messy nomenclature in my last sentence's parenthetical word salad.

This video is a whirlwind tour of what is to come. A specific schedule is coming soon.

#DataScience #Privacy #Cybersecurity

It's very unusual these days that an executive face criminal liability related to corporate wrongdoing so the story of ex-Uber CISO Joe Sullivan is a notable one. I discuss the relevant 2016 ransomware incident, the key legal role played by notification of law enforcement (or the lack thereof in this case), the gray zone around bug bounty programs, and the broader debate about when criminal liability is appropriate. I think this story has many interesting angles and I will also digress a little into executive compensation, the Theranos trials, and the legal meaning of the "O" in your favorite "C?O" title.

Uber's recent breach is about as classic as it gets. I talk about what is classic in it including the role of social engineering, lateral movement and using some access to get more, and the sad predictability about who it is that got taken. I also discuss some unique wrinkles including the announcement of the breach by the hacker in an internal company chat only to receive jeering and disbelief.

I talk about Huobi's recent decision to delist privacy coins like Zcash and Monero, contextualize it within broader conflicts between law enforcement and digital privacy, and talk in detail about enforcement goals vs. business incentives on both sides.

Like #emojis?

Since you have said yes, you can definitely spare ~2 minutes to spend with Jack Phillips and I checking out a fun encrypted search & basic sentiment analysis demonstration using Ghost PII.

#Python #DataPrivacy #CyberSecurity

Today I have a goodie bag of test drive toys for the cool kids that are actually watching and listening in detail... #Python #DataScience #CyberSecurity

In this video I fill in some of the details about how Federal law enforcement has shut down the Tornado Cash transaction mixer because of its involvement in money laundering by North Korean hackers and then backtrack to answer questions like "What is a transaction mixer?" and "Why might you use it for money laundering?"

The government loses your data, too, and when it does it probably does it in a way that intersects something else you were nervous about. In this video I discuss the recent thefts of 1) name and address for ALL concealed carry permit holders in California stolen from a misbegotten Department of Justice portal, and 2) billions of records of comprehensive personal information probably describing more or less everyone in China and probably stolen from the Shanghai National Police database. Both stories are evolving...

You share data with someone or you don't, right? Wrong!

In this video I continue my mini-series on how Ghost PII provides encrypted data-in-use techniques and a flexible permissions system so you can allow a partner to compute just what you want to let them compute and just how you want them to compute it. It's a great way to regulate risk, maintain auditability into how partners use your data, and escape from the either / or of wholesale sharing or not will allow you to get some exciting things done you might not have otherwise. #DataScience #Python #DataPrivacy #CyberSecurity

Have you ever felt like you had a good reason to put data someplace but ran into too much static regarding data privacy or cybersecurity? Maybe you had a prototype that was only allowed on a test environment, but your ideal test data was only allowed on prod. Maybe you wanted to share data with an external partner, but one that compliance felt couldn't maintain cybersecurity standards to your own. If you have run into these kinds of headaches, maybe we can help. In this example, we encrypt some data, pool it while encrypted, and show how the owners can give a third-party analyst the ability to do some computations (mean, stdev) on that pooled, encrypted data but not others (decryption). #Cybersecurity #DataScience #Python

Don't like that Google knows when you go to the bathroom? I know a better way. Check out this demonstration of Ghost PII on location data for contract tracing. It minimizes data exposure to the bare minimum needed for the real-life activity that these analytics are meant to enable.

#CyberSecurity #DataPrivacy #Python

Financial contagion explained via the 2008 crash, similar exploration of the fallout of Luna's collapse via the Luna Foundation Guard, and just how financial contagion could potentially spread after another stablecoin implosion.

"Even if you don't care about the crypto world, this is the kind of disaster where the crypto world could come to see you."

You should find ~6 minutes to learn about major recent events around the stablecoin Luna UST notably its recent depegging (and some basic "hey what is that?"), some problematic design features that put it in danger, comparisons to the 1997 Asian financial crisis and the role of the Federal Reserve, and questions about whether the larger and likely more contagious Tether may be next.

I do some basic regression modeling encrypted data using Ghost PII's Python client as well as giving some background like why one might want such a model, why one might want to get such a model via a more private method, etc.

I discuss the recent decision of the Nigerian government to block more than a third of the SIM cards in that country, provide some context on the relation of these events to security issues as well as the unusual importance of cellular infrastructure in much of Africa, and do some compare and contrast of Nigeria's national identity card program with similar events in the US, EU, and Kenya.

Spare ~5 minutes for a short update on the frontiers of money laundering in cryptocurrency via new information on the Ronin Network / Axie Infinity hack including revelations the North Korea sponsored Lazarus hacker group is responsible, their use Tornado (a transaction bundler in the Ethereum ecosystem, reactions by law enforcement, similarities to events in Russia, and a TikTok rapper named Razzlekhan.