Are blockchains decentralized?

Curated on Posted on by Stefaan Verhulst

Trail of Bits report: “Blockchains can help push the boundaries of current technology in useful ways. However, to make good risk decisions involving exciting and innovative technologies, people need demonstrable facts that are arrived at through reproducible methods and open data.

We believe the risks inherent in blockchains and cryptocurrencies have been poorly described and are often ignored—or even mocked—by those seeking to cash in on this decade’s gold rush.

In response to recent market turmoil and plummeting prices, proponents of cryptocurrency point to the technology’s fundamentals as sound. Are they?

Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to examine the fundamental properties of blockchains and the cybersecurity risks associated with them. DARPA wanted to understand those security assumptions and determine to what degree blockchains are actually decentralized.

To answer DARPA’s question, Trail of Bits researchers performed analyses and meta-analyses of prior academic work and of real-world findings that had never before been aggregated, updating prior research with new data in some cases. They also did novel work, building new tools and pursuing original research.

The resulting report is a 30-thousand-foot view of what’s currently known about blockchain technology. Whether these findings affect financial markets is out of the scope of the report: our work at Trail of Bits is entirely about understanding and mitigating security risk.

The report also contains links to the substantial supporting and analytical materials. Our findings are reproducible, and our research is open-source and freely distributable. So you can dig in for yourself.

Key findings

  • Blockchain immutability can be broken not by exploiting cryptographic vulnerabilities, but instead by subverting the properties of a blockchain’s implementations, networking, and consensus protocols. We show that a subset of participants can garner undue, centralized control over the entire system:
    • While the encryption used within cryptocurrencies is for all intents and purposes secure, it does not guarantee security, as touted by proponents.
    • Bitcoin traffic is unencrypted; any third party on the network route between nodes (e.g., internet service providers, Wi-Fi access point operators, or governments) can observe and choose to drop any messages they wish.
    • Tor is now the largest network provider in Bitcoin; just about 55% of Bitcoin nodes were addressable only via Tor (as of March 2022). A malicious Tor exit node can modify or drop traffic….(More)”

Societal Readiness Thinking Tool

Curated on Posted on by Stefaan Verhulst

About: “…The thinking tool offers practical guidance for researchers who wish to mature the societal readiness of their work. The primary goal is to help researchers align their project activities with societal needs and expectations. The thinking tool asks reflective questions to stimulate thinking about how to integrate ideas about responsible research and innovation  into research practice, at different stages in the project life. We have designed the tool so that it is useful for researchers engaged in new as well as ongoing projects. Some of the reflective questions used in the tool are adapted from other RRI projects. References for these projects and a detailed account of the tool’s underlying methodology is available  here.   If your project involves several researchers, we recommend that the full team is involved in using the Societal Readiness Thinking Tool together, and that you reserve sufficient time for discussions along the way. Ideally, the team would use the tool from the from the earliest phases of the project and return at later stages thougout the project life. You can learn more about the tool’s RRI terminology  here…(More)”.

Evidence decision-making tool for policymakers

Curated on Posted on by Stefaan Verhulst

Repository by The Australian Education Research Organisation (AERO) (via APO): “…outlines tools for education policy-makers to assess their confidence in a certain policy, program or initiative, and decide on next steps.

The evidence decision-making tool assists you to:

  • assess how confident you are that a certain policy, program or other initiative is likely to be effective in your context
  • decide on next steps, including how to implement the initiative given your level of confidence, and how to collect more evidence to increase your confidence in its effectiveness

The evidence decision-making tool can be used by an individual or a group, for example, in a planning workshop. It’s designed to be flexible, so you can use it to consider a change to an existing initiative or the introduction of something new…(More)”.

Digital Government Model

Curated on Posted on by Stefaan Verhulst

Report by USAID: “The COVID-19 pandemic demonstrated the importance of digital government processes and tools. Governments with digital systems, processes, and infrastructure in place were able to quickly scale emergency response assistance, communications, and payments. At the same time, the pandemic accelerated many risks associated with digital tools, such as mis- and disinformation, surveillance, and the exploitation of personal data.

USAID and development partners are increasingly supporting countries in the process of adopting technologies to create public value– broadly referred to as digital government–while mitigating and avoiding risks. The Digital Government Model provides a basis for establishing a shared understanding and language on the core components of digital government, including the contextual considerations and foundational elements that influence the success of digital government investments…(More)”

How the Federal Government Buys Our Cell Phone Location Data

Curated on Posted on by Stefaan Verhulst

Article by Bennett Cyphers: “…Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.

One app developer received the following marketing email from data broker Safegraph:

SafeGraph can monetize between $1-$4 per user per year on exhaust data (across location, matches, segments, and other strategies) for US mobile users who have strong data records. We already partner with several GPS apps with great success, so I would definitely like to explore if a data partnership indeed makes sense.

But brokers are not limited to data from apps they partner with directly. The ad tech ecosystem provides ample opportunities for interested parties to skim from the torrents of personal information that are broadcast during advertising auctions. In a nutshell, advertising monetization companies (like Google) partner with apps to serve ads. As part of the process, they collect data about users—including location, if available—and share that data with hundreds of different companies representing digital advertisers. Each of these companies uses that data to decide what ad space to bid on, which is a nasty enough practice on its own. But since these “bidstream” data flows are largely unregulated, the companies are also free to collect the data as it rushes past and store it for later use. 

The data brokers covered in this post add another layer of misdirection to the mix. Some of them may gather data from apps or advertising exchanges directly, but others acquire data exclusively from other data brokers. For example, Babel Street reportedly purchases all of its data from Venntel. Venntel, in turn, acquires much of its data from its parent company, the marketing-oriented data broker Gravy Analytics. And Gravy Analytics has purchased access to data from the brokers Complementics, Predicio, and Mobilewalla. We have little information about where those companies get their data—but some of it may be coming from any of the dozens of other companies in the business of buying and selling location data.

If you’re looking for an answer to “which apps are sharing data?”, the answer is: “It’s almost impossible to know.” Reporting, technical analysis, and right-to-know requests through laws like GDPR have revealed relationships between a handful of apps and location data brokers. For example, we know that the apps Muslim Pro and Muslim Mingle sold data to X-Mode, and that navigation app developer Sygic sent data to Predicio (which sold it to Gravy Analytics and Venntel). However, this is just the tip of the iceberg. Each of the location brokers discussed in this post obtains data from hundreds or thousands of different sources. Venntel alone has claimed to gather data from “over 80,000” different apps. Because much of its data comes from other brokers, most of these apps likely have no direct relationship with Venntel. As a result, the developers of the apps fueling this industry likely have no idea where their users’ data ends up. Users, in turn, have little hope of understanding whether and how their data arrives in these data brokers’ hands…(More)”.

Data saves lives: reshaping health and social care with data

Curated on Posted on by Stefaan Verhulst

UK Government Policy Paper: “…Up-to-date information about our health and care is critical to ensuring we can:

  • plan and commission services that provide what each local area needs and support effective integrated care systems
  • develop new diagnostics, treatments and insights from analysing information so the public have the best possible care and can improve their overall wellbeing
  • stop asking the public to repeat their information unnecessarily by having it available at the right time
  • assess the safety and quality of care to keep the public safe, both for their individual care and to improve guidance and regulations
  • better manage public health issues such as COVID-19, health and care disparities, and sexual health
  • help the public make informed decisions about their care, including choosing clinicians, such as through patient-reported outcome measures (PROMs) that assess the quality of care delivered from a patient’s perspective

When it comes to handling personal data, the NHS has become one of the most trusted organisations in the UK by using strict legal, privacy and security controls. Partly as a consequence of this track record, the National Data Guardian’s recent report Putting Good Into Practice found that participants were supportive of health and social care data being used for public benefit. This reflects previous polls, which show most respondents would trust the NHS with data about them (57% in July 2020 and 59% in February 2020).

During the pandemic, we made further strides in harnessing the power of data:

However, we cannot take the trust of the public for granted. In the summer of 2021, we made a mistake and did not do enough to explain the improvements needed to the way we collect general practice data. The reasons for these changes are to improve data quality, and improve the understanding of the health and care system so it can plan better and provide more targeted services. We also need to do this in a more cost-effective way as the current system using ad hoc collection processes is more expensive and inefficient, and has been criticised by the National Audit Office and the House of Commons Public Accounts Committee.

Not only did we insufficiently explain, we also did not listen and engage well enough. This led to confusion and anxiety, and created a perception that we were willing to press ahead regardless. This had the unfortunate consequence of leading to an increase in the rate of individuals opting out of sharing their data. Of course, individual members of the public have the right to opt out and always will. But the more people who opt out, the greater the risk that the quality of the data is compromised….

In this data strategy, which differs from the draft we published last year, we are putting public trust and confidence front and centre of the safe use and access to health and social care data. The data we talk about is not an abstract thing: there is an individual, a person, a name behind each piece of data. That demands the highest level of confidence. It is their data that we hold in trust and, in return, promise to use safely to provide high-quality care, help improve our NHS and adult social care, develop new treatments, and, as a result, save lives…(More)”

Prediction machines, insurance, and protection: An alternative perspective on AI’s role in production

Curated on Posted on by Stefaan Verhulst

Paper by Ajay Agrawal, Joshua S. Gans, and Avi Goldfarb: “Recent advances in AI represent improvements in prediction. We examine how decisionmaking and risk management strategies change when prediction improves. The adoption of AI may cause substitution away from risk management activities used when rules are applied (rules require always taking the same action), instead allowing for decisionmaking (choosing actions based on the predicted state). We provide a formal model evaluating the impact of AI and how risk management, stakes, and interrelated tasks affect AI adoption. The broad conclusion is that AI adoption can be stymied by existing processes designed to address uncertainty. In particular, many processes are designed to enable coordinated decisionmaking among different actors in an organization. AI can make coordination even more challenging. However, when the cost of changing such processes falls, then the returns from AI adoption increase….(More)”.

A Future Built on Data: Data Strategies, Competitive Advantage and Trust

Curated on Posted on by Stefaan Verhulst

Paper by Susan Ariel Aaronson: “In the twenty-first century, data became the subject of national strategy. This paper examines these visions and strategies to better understand what policy makers hope to achieve. Data is different from other inputs: it is plentiful, easy to use and can be utilized and shared by many different people without being used up. Moreover, data can be simultaneously a commercial asset and a public good. Various types of data can be analyzed to create new products and services or to mitigate complex “wicked” problems that transcend generations and nations (a public good function). However, an economy built on data analysis also brings problems — firms and governments can manipulate or misuse personal data, and in so doing undermine human autonomy and human rights. Given the complicated nature of data and its various types (for example, personal, proprietary, public, and so on), a growing number of governments have decided to outline how they see data’s role in the economy and polity. While it is too early to evaluate the effectiveness of these strategies, policy makers increasingly recognize that if they want to build their country’s future on data, they must also focus on trust….(More)”.

AI Ethics: Global Perspectives

Curated on Posted on by Stefaan Verhulst

New Course Modules: A Cybernetics Approach to Ethical AI Designexplores the relationship between cybernetics and AI ethics, and looks at how cybernetics can be leveraged to reframe how we think about and how we undertake ethical AI design. This module, by Ellen Broad, Associate Professor and Associate Director at the Australian National University’s School of Cybernetics, is divided into three sections, beginning with an introduction to cybernetics. Following that, we explore different ways of thinking about AI ethics, before concluding by bringing the two concepts together to understand a new approach to ethical AI design.

How should organizations put AI ethics and responsible AI into practice? Is the answer AI ethics principles and AI ethics boards or should everyone developing AI systems become experts in ethics? In An Ethics Model for Innovation: The PiE (Puzzle-solving in Ethics) Model, Cansu Canca, Founder and Director of the AI Ethics Lab, presents the model developed and employed at AI Ethics Lab: The Puzzle-solving in Ethics (PiE) Model. The PiE Model is a comprehensive and structured practice framework for organizations to integrate ethics into their operations as they develop and deploy AI systems. The PiE Model aims to make ethics a robust and integral part of innovation and enhance innovation through ethical puzzle-solving.

Nuria Oliver, Co-Founder and Scientific Director of the ELLIS Alicante Unit, presentsData Science against COVID-19: The Valencian Experience”. In this module, we explore the ELLIS Alicante Foundation’s Data-Science for COVID-19 team’s work in the Valencian region of Spain. The team was founded in response to the pandemic in March 2020 to assist policymakers in making informed, evidence-based decisions. The team tackles four different work areas: modeling human mobility, building computational epidemiological models, predictive models on the prevalence of the disease, and operating one of the largest online citizen surveys related to COVID-19 in the world. This lecture explains the four work streams and shares lessons learned from their work at the intersection between data, AI, and the pandemic…(More)”.

Dynamic World

Curated on Posted on by Stefaan Verhulst

About: “The real world is as dynamic as the people and natural processes that shape it. Dynamic World is a near realtime 10m resolution global land use land cover dataset, produced using deep learning, freely available and openly licensed. It is the result of a partnership between Google and the World Resources Institute, to produce a dynamic dataset of the physical material on the surface of the Earth. Dynamic World is intended to be used as a data product for users to add custom rules with which to assign final class values, producing derivative land cover maps.

Key innovations of Dynamic World

  1. Near realtime data. Over 5000 Dynamic World image are produced every day, whereas traditional approaches to building land cover data can take months or years to produce. As a result of leveraging a novel deep learning approach, based on Sentinel-2 Top of Atmosphere, Dynamic World offers global land cover updating every 2-5 days depending on location.
  2. Per-pixel probabilities across 9 land cover classes. A major benefit of an AI-powered approach is the model looks at an incoming Sentinel-2 satellite image and, for every pixel in the image, estimates the degree of tree cover, how built up a particular area is, or snow coverage if there’s been a recent snowstorm, for example.
  3. Ten meter resolution. As a result of the European Commission’s Copernicus Programme making European Space Agency Sentinel data freely and openly available, products like Dynamic World are able to offer 10m resolution land cover data. This is important because quantifying data in higher resolution produces more accurate results for what’s really on the surface of the Earth…(More)”.