DATA PROTECTION IN VIEW OF ARTIFICIAL INTELLIGENCE
Updated: Dec 7, 2022
Author: Hritik kumar, II year of B.A.,LL.B. from Parul institute of Law, Parul University.
Co-author: Shruti Agrawal, II year of B.A.,LL.B. from Parul institute of Law, Parul University
With the world’s second largest population, having over 700 million internet users in the global information economy, personal data have become the fuel driving much of current online activity. Every day, vast amounts of information are transmitted, stored and collected across the globe, enabled by massive improvements in computing and communication power. Data privacy is often linked with artificial intelligence (AI) models based on consumer data. There are several methods and techniques that to solve privacy concerns often linked to artificial intelligence. The artificial intelligence is responsible for the large datasets, analysis and can process big data in a reasonably short amount of time, it gets abused when it comes to privacy. The privacy is the major concern that is faced by Artificial intelligence, that their data of customer and of business or of health sector gets leaked out affecting the rights and freedom of the people. The personal data that is given by people on social media or their searches in google, do this gets leaked out and affects the persons right? Henceforth this research shall be on secondary data available, the laws exist and the case laws. This research paper shall contain various methods and techniques that help to solve the problems of privacy which often is connected to artificial intelligence. The paper shall also elaborate on how AI based Blockchain technology can help in solving the issue of data protection.
Introduction
As population is increasing tremendously, protecting of individuals information plays a very major role. Data protection plays a very vital role. Personal data means that the personal information that is collected by government or any agency from which the person can be identified. The constitution of India, do not patently grant the fundamental right to privacy. But privacy right was read with article 19 and article 21 of Indian constitution with the restriction mentioned. But in the recent case of KS Puttaswamy v Union of India, the Hon’ble Supreme Court held that Privacy is the fundamental right, but it is subject to certain limitations.
Laws related to data protection
What is GDPR and How It is useful?
The European general data protection regulation (GDPR) which can also refer as privacy and protection law, has changed all the rules and regulation on how website owners have to handle their users information. This comes under the website that supports the WordPress. It came into effect on may 25, 2018. GPDR has 99 articles[1], that specifies controller, and processor responsibilities.
Controller states legal person, public authority agency that is responsible or determines the purpose of data collecting and processing. Personal data means that an information which is about or concerning of an individual which states their location, name, biometrics, or their social identity. Processor means that any party that processes personal data on behalf of controller.
The above mentioned GDPR is related to European citizens or the companies and organization that complies with EU. That states that it covers almost all international scales business and website owners, everyone who is related has to follow GDPR regulation. If it result into failure of following the regulation, GDPR may result into a huge fine. For example the information commissioner office can fine for smaller offences up to 10 millions or 2% of the company’s annual global revenue.
GDPR also gives several individuals right that is protected in this regulation. It consists of six rights. They are: -
1) Right of access by the data subject: here users are given right to know that why the website has collected their personal information and where it will be distributed. They can also obtain a copy of undergoing processing.
2) Right of rectification: Visitors can request that their data is inaccurate so they need to be corrected. They can also add more information to their data.
3) Right to erase: Users can request to erase their personal data.
4) Right to restriction of processing: users have right to deny the processing that involve their personal data.
5) Right to data portability: user can ask for a copy of their data from the controller.
6) Right to object: users have right to object profiling for direct marketing.
Laws related to data protection in India
India does not have any specific data protection law till date. But it have set of rules and regulations under the IT Act. This area is deal by Information Technology Act and the Information Technology (Reasonable Security Practices and procedures and sensitive personal data or information) Rules,2011[2]. Section 43A of IT Act states that where a body corporate, possessing, dealing or handling any sensitive personal information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. Section 72A states that person including intermediary who discloses sensitive personal information without consent, can be punished with imprisonment or a fine.
Nevertheless these laws are not sufficient and also their scope is very limited. So the personal data protection bill was introduced in 2018 which aimed to provide the right governing mechanism, and deploying the right data infrastructure[3]. The bill which was introduced was bombard by controversies, and also been amended thrice. The government has withdrawn the personal data protection bill from parliament as it site a “comprehensive legal framework”. The government has withdraw the bill after the four years of bill pending in the parliament. The bill has gone under several amendments, review by a joint committee of Parliament. It has also faced a pushback stakeholders that are biggest tech companies that includes Facebook and Google and civil society activists. Reason behind the withdrawal was given in a note which was circulated by Member of Parliament, Union IT Minister Ashwini vaishnaw that the personal data protection bill in joint committee of Parliament where 81 amendments and 12 recommendations were given towards a legal framework, so it was needed to withdraw.
According to Indian Penal code[4], sections which deal with data protection are
Section 405 that states the criminal breach of trust
Section 407 that states the criminal breach of trust by carrier that whoever being entrusted with property as a carrier, wharfinger or warehouse-keeper, commits criminal breach of trust in respect of such property, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall be liable to fine.
Section 408 states the criminal breach of trust by clerk or servant that whoever being a clerk or a servant or employed as a clerk or servant, and being in any manner entrusted in such capacity with capacity with property, or with any dominion over property, commits criminal breach of trust in respect of that property, shall be punished with imprisonment of 7 years and shall also be liable to fine.
Section 409 states the criminal breach of trust by public servant, or by banker, merchant or agent that whoever being in any manner entrusted with property or with any dominion over property in his capacity of a public servant or in the way of his business as a banker, merchant, factor, broker, attorney or agent, commits criminal breach of trust in respect of that property, shall be punished with imprisonment for life or with imprisonment for term of 10 years and shall also be liable to fine.
Introduction to AI
The capability to make machines think like a human is called Artificial. If anyone can program the machine in such a way that it can make any logical decision with its own capability or by using the past experience then we can call that machine is using artificial intelligence.
Here the term, decision making is very important. The best example of AI is we can see in game playing like Chess/tic tac, toe/ checkers: here the machine needs to make a decision among many choices in such a way that it should be in advantages position
Another example we can take is stock/whether prediction: in this types of job also the AI does the work of making decision using many parameters like atmospheric condition, current stock price and the most important is past records (which are done using machine learning, which is a subset of AI).
Also we use google lens, smart cameras which highlights the human faces, google recommendations, etc. From this example we get an idea about AI, basically its job is to make some decision. According to that decision some actions are taken according to our convenience.
In this topic of Data Security also the main job of AI is to just make decision and according to that decision some actions will be taken. AI will just try to avoid the situation where data can be leaked but it will not help in the situations where data is already leaked or manipulated (in these kind of situations cryptography or blockchain technologies can help). It can just take preventive measures to keep the data safe.
Some Basics about Cryptography And Block Chain
Cryptography
It is the art of transforming plain text to cipher text using mathematical functions called cryptographic algorithms. There are many cryptographic algorithms but the most famous we use are: AES, DES, etc.[5]
What is Plain Text: It is the actual data. Anyone can understand it. It has some meaning.
For example: today we had pavbhaji in dinner
What is Cipher Text: It is the data but in unreadable form. It has no meaning and no one can read this.
For example: wrgdbzhkdgsdyekdmllqglqqhu (this message was converted from the above plain text using caeser cipher algorithm in which each alphabets are shifted 3 letters ahead)
This process is needed while sending any kind of sensitive information on internet, because internet is very vulnerable to cyber attacks.
Block Chain
It is technology where the data are stored in form of blocks.
This technology is completely temper free. No one can manipulate the data from these chain. Each block has 3 important fields: data, current hash and previous hash.
What is Hash?
It is a unique digital finger print of any kind of data. We can hash from data but we can’t get data from hash. Mathematical functions are used to obtained hash. Name of some of the famouse algorithms to obtain hash are md5, sha256, sha128, sha526 and many more.
Suppose we have a data: “5 Mobiles” We need to calculate the hash of this data using sha256 algorithm Hash = “182739c6027dba214cbba5c55d7a0b4c4e8c4cc8761a64e203d0b2ba726e6e6d”
Now suppose someone tries to manipulate the data secretly without anyone’s permission, New Data: “6 Mobiles” New hash will be = “c9ffe24b0207d635b00e5269b62c083ca9ae93a0f9d0a3e68b948cda5f11a0f2”
As we can see, only a small change in data and the fingerprint is completely changed and we can easily get that something has been changed in the data.
So here, if the data in one block is corrupted then all the blocks behind that block will be corrupted because each block has its own data, hash and the hash of previous block.
Types Of Cyber Attacks And Their Solutions Using AI[1]
Phishing Attack
It is same as fishing, as fisherman throws the rod in the pool and the fish gets caught, this works same as that. Here the attacker sends a fraud offer like lucky draw or jackpot kind of thing, even they try masquerading (the act of being or pretending someone else who the victim knows) to get money from you. This is mostly done on email or sms or even calls.
How AI helps here
AI scans the email or sms in many ways like:
If already someone have reported the mail into spam then it directly throws into spam folder.
If the mails mail is over decorated, the words like FREE FREEFREE or BUMPER OFFER or JACKPOT are used more frequently, then also it throws into spam folder.
If the sender id is unknown and is asking for any unusual money request.
Denial Of Service Attack
The technique in which the attack use to send millions of request to your system, due to which your system gets slow for some time and the performance of your system will degrade. Due to this if there is any genuine request to our system, then it will also gets delayed Best example is getting 30-60 sms in 3-5 seconds. (here if we have any genuine sms in our list it may possible that it will be ignored). This kind of activity is impossible by manual work, it is done with the help of bots. They are also carried out by some malwares (a kind of virus which is injected in our system which slows down the system by eating up your RAM).
How AI helps here
If AI detects these kind of activity in the system, then first of all it checks the source, then it will directly block that particular IP Address.
To avoid this kind of attacks the websites uses captcha so that any bots cannot enter into their system.
Malicious Programs
Sometimes when you try to download some file from unknown places on internet or from infected pen drives or disk or any other source, some malicious program also enters your system in form of viruses, worm or trojen horses. This may slow down the system or leak the data or even harm your devices. Some it can also be ransomware. Due to these it is always advisable to use trusted websites and input devices in your system.
How AI helps here
Special kind of software known as antivirus software are been used over here. These software uses majority functionalities of machine learning by detecting the activities like is any program consuming more than required RAM, is it replicating the program, its existence is affecting other program on the system or is sending some data to unknown place on internet.
Note: There many more cyber attacks like SQL Injection, Brute Force Techniques (password guessing technique), and many more.
How AI can help in Data Security?
AI bots can be deployed on social media platform which keeps track of unusual or automated data moment of data on the network.
These bots can also keep track of the offers getting from any unknown source in form of any jackpot or lucky draw or something like that because they can also inject some malwares on our system which further leaks the data.
They must also keep the note that they don’t direct us to unsecure webpages.
They must also keep the note about proper utilization of the CPU, if the CPU is utilizing its power in some operation not operated by the user or any of the normal operation of OS then it may also be a thread towards data leak.
Detection of fake news or beginning of riots
Bots can be deployed on the social media platform which can track some specific kind of message which has unusual contend inside it like some keyword related to fiery speech, some unusual pictures or videos. These bots can be trained to match the keywords that can be fetched through a separate database. As soon as the bot finds any such activity on the online platform (like twitter or WhatsApp or Instagram or such app) it should immediately report to the admin.
Password Recording
Suppose the platforms are hacked by online criminals, or if you lose your password-remembering devices, chances are you will lose control of your accounts. Many password recording software also includes two-factor authentication (2FA) technology to increase data security. The technology adds an extra layer of security to protect your account in addition to your username and password. Instead of logging in immediately with your password, software with 2FA technology will ask you for 2FA technology, for example, only the real user knows. , questions about your childhood experience or thereby identifying your fingerprint, technology minimizes the risk of losing your account or personal data when you make your password live.
Internet of things
IoT technology helps to make information synchronization more efficient for its users. If you are Apple user, you can sync all your Apple devices by signing in to the same iCloud. There is also potential threat brought by IoT. If you lose one of your devices, there is a potential danger that a criminal who found your lost device could hack into all of your information in the IoT network. IoT Security Requirements/Technologies : Confidentiality through encryption, integrity through hash generation, authorization through implemented policies, and non-repudiation through digital signatures.
Online payment
In online payments when you submitting your credit card information to countless shopping websites, which sometimes makes you worry about the security of your bank accounts. Here, artificial intelligence algorithms can help payment companies study and analyze the data and use it to identify fraudulent transactions. It can help the system learn from every single transaction, improve learning, and solve problems effectively.
Website browsing
Almost every search engine offers a "history" function, helping its users to remember which websites they visited in case they want to go back to them or reopen websites that were closed by mistake. In this situation the list of "history" records not only serves its owners but also provides valuable customer information for advertisers. What you didn't know was that this list is often sold covertly to advertisers, allowing them to know the interests of their potential consumers. Cognitive advertising is powered by AI, and involves computer algorithms that analyze the information – automatically improvising experiences. Marketing teams must ensure that they use consumer data ethically and in compliance with standards (such as GDPR). If this is not followed, companies run the risk of heavy penalties and reputation damage. This can be a challenge with AI.
Conclusion
To bridge the gap between AI and actual deployment by law enforcement, Several hurdles need to be overcome. Law enforcement personnel will need support to handle AI models in their workflow. This means that the standing and interpreting model comes out and retraining the model on the new data. This research paper interprets that how AI and blockchain technology can solve the issue of data protection. AI is able to detect potential data vulnerabilities and modify them before an attack can be exploited. whereas blockchain technology is able to detect the manupilated data and cyberfrauds. The three recommendations of this research paper are -
1) There is need to adopt more AI and Blockchain technology with effecive law enforcement in the field of data protection.
2)There should be a legal framework for using these technology like granting the licenses to practice the practice the safe and effective technology.
3) As recommend by NITI AYOG, the data protection issue can be solved by the vast driven AI based technology.
[1]https://www.weforum.org/agenda/2019/06/ai-is-powering-a-new-generation-of-cyberattack-its-also-our-best-defence/ [1]https://gdpr-info.eu/ GDPR [2]https://law.nirmauni.ac.in/data-privacy-protection-in-india-technology-vis-a-vis-law/#:~:text=Section%2043A%20of%20the%20Information,procedures%20relating%20to%20such%20data. IT Act [3]https://prsindia.org/billtrack/the-personal-data-protection-bill-2019 Data protection bill, 2019 [4]https://www.ipcgmbh.com/dataprotection Data protection provision given in IPC [5]https://www.google.com/amp/s/www.geeksforgeeks.org/cryptography-in-blockchain/amp/ Cryptography and Blockchain