The Cyber Solicitor: Privacy Engineering

How homomorphic encryption works

Mahdi Assan — Fri, 22 Nov 2024 09:01:01 GMT

What is homomorphic encryption

Homomorphic encryption (HE) is a solution for performing functions on encrypted data without decrypting it.

To quote a previous post of mine explaining how encryption works:

...encryption is a method for transforming data from one format into another. The way encryption does this makes it a common security measure across diff…

A quick guide to differential privacy

Mahdi Assan — Fri, 04 Oct 2024 08:01:32 GMT

TL;DR

This newsletter is about differential privacy. It looks at what it is, how it works and some practical applications of this solution, including for the development of machine learning models.

Here are the key takeaways:

Differential privacy is about quantifying the information leakage of an algorithm. This leakage is measured by using the algorithm i…

What a VPN does and does not do

Mahdi Assan — Fri, 24 May 2024 08:01:51 GMT

Virtual private networks (VPN) are applications that protect the internet connections made from your device. It does so in the following two ways:

Encrypting your internet connections
Hiding your IP address

To use a VPN, you can install software (i.e., a VPN client) from a VPN service provider. The client connects to the VPN server of the provider, and bot…

A very basic introduction to encryption

Mahdi Assan — Fri, 10 May 2024 08:01:22 GMT

Simply put, encryption is a method for transforming data from one format into another. The way encryption does this makes it a common security measure across different computer systems.

Encryption involves three main elements:

The plaintext
A cipher
A key
An algorithm
The cipher text

Encryption takes plaintext (i.e., the data to be encrypted), and applies an a…

AI can unlearn what it has learned

Mahdi Assan — Fri, 22 Mar 2024 09:01:28 GMT

TL;DR

This newsletter is about machine unlearning. It looks a potential implementation of this that could be used to comply with data protection law.

Here are the key takeaways:

Training data extraction attacks reveal the personal data contained in the web-scraped datasets that LLMs like ChatGPT are trained on.
Using personal data for training requires a su…

Notes on E2EE and Client-Side Scanning

Mahdi Assan — Sat, 05 Aug 2023 13:11:20 GMT

Intro

These are my notes on end-to-end encryption (E2EE) and Bugs in Our Pockets, a paper on the risks of client-side scanning (CSS). The authors of this paper include some well-known experts and researchers in the cryptography space; one of them, for example, is Whitfield Diffie, who is one of the creators of the Diffie-Hellman key exchange protocol (al…

Hash-based tools for content moderation

Mahdi Assan — Fri, 21 Apr 2023 20:49:12 GMT

TL;DR

This post explores how hash-based detection tools work and how they are used for content moderation on internet platforms.

In a previous post I explained what content moderation is and given an overview of how it generally works across different internet platforms:

Content moderation is where an internet platforms reviews content or communications on…

New Law #2: The Privacy Engineer

Mahdi Assan — Fri, 13 Mar 2020 21:33:02 GMT

One of the keys to the effective implementation of a privacy programme within an organisation is ‘the company buy-in’; getting stakeholders to believe in the programme and contribute to its success. To do this, some may cite the fines imposed for non-compliance, particularly under the GDPR. However, with such an approach, the impression that one may dev…