Interventional Fairness with Indirect Knowledge of Unobserved Protected Attributes

The deployment of machine learning (ML) systems in applications with societal impact has motivated the study of fairness for marginalized groups. Often, the protected attribute is absent from the training dataset for legal reasons. However, datasets still contain proxy attributes that capture protected information and can inject unfairness in the ML model. Some deployed systems allow auditors, decision makers, or affected users to report issues or seek recourse by flagging individual samples. In this work, we examined such systems and considered a feedback-based framework where the protected attribute is unavailable and the flagged samples are indirect knowledge. The reported samples were used as guidance to identify the proxy attributes that are causally dependent on the (unknown) protected attribute. We worked under the causal interventional fairness paradigm. Without requiring the underlying structural causal model a priori, we propose an approach that performs conditional independence tests on observed data to identify such proxy attributes. We theoretically proved the optimality of our algorithm, bound its complexity, and complemented it with an empirical evaluation demonstrating its efficacy on various real-world and synthetic datasets.

Scaling Up Broken Systems? Considerations from the Area of Music Streaming

We discuss the effects and characteristics of disruptive business models driven by technology, exemplified by the developments in music distribution and consumption over the last 20 years. Starting from a historical perspective, we offer insights into the current situation in music streaming, where technology has not only changed the way we access music but also has important implications on the broader ecosystem, which includes the consumers, the authors, the record industry, and the platforms themselves. The discussion points to potential benefits, as well as to the risks involved in the currently deployed systems. We conclude that the increased profitability of the disruptive business models in the music domain and beyond is largely generated at the expense of the providers of the goods or services being brokered. Using the platforms as a consumer further subsidizes their value and might lead to mono- and oligopolies. While technology allows companies to effectively scale up business, the resulting systems more often amplify existing injustices than mitigate them.

Evaluation of different machine learning approaches and input text representations for multilingual classification of tweets for disease surveillance in the social web

Twitter and social media as a whole have great potential as a source of disease surveillance data however the general messiness of tweets presents several challenges for standard information extraction methods. Most deployed systems employ approaches that rely on simple keyword matching and do not distinguish between relevant and irrelevant keyword mentions making them susceptible to false positives as a result of the fact that keyword volume can be influenced by several social phenomena that may be unrelated to disease occurrence. Furthermore, most solutions are intended for a single language and those meant for multilingual scenarios do not incorporate semantic context. In this paper we experimentally examine different approaches for classifying text for epidemiological surveillance on the social web in addition we offer a systematic comparison of the impact of different input representations on performance. Specifically we compare continuous representations against one-hot encoding for word-based, class-based (ontology-based) and subword units in the form of byte pair encodings. We also go on to establish the desirable performance characteristics for multi-lingual semantic filtering approaches and offer an in-depth discussion of the implications for end-to-end surveillance.

Beyond Raw Performance: Neural Machine Translation Based Multi-lingual Classification of Tweets for Automated Disease Surveillance

Twitter and social media as a whole have great potential as a source of disease surveillance data however the general messiness of tweets presents several challenges for standard information extraction methods. Most deployed systems employ approaches that rely on simple keyword matching and do not distinguish between relevant and irrelevant keyword mentions making them susceptible to false positives as a result of the fact that keyword volume can be influenced by several social phenomena that may be unrelated to disease occurrence. Furthermore, most solutions are intended for a single language and those meant for multilingual scenarios do not incorporate semantic context. In this paper we experimentally examine a translation based approach that allows for incorporation of semantic context in multi-lingual disease surveillance in the social web.

Public Adoption and Trust in the Covid-19 Contact Tracing App in the UK: A survey (Preprint)

BACKGROUND Digital contact tracing is employed to monitor and manage the spread of Covid-19. However, to be effective the system must be adopted by a substantial proportion of the population. Studies of (mostly hypothetical) contact tracing apps show generally high acceptance, but little is known about the drivers and barriers to adoption of deployed systems. OBJECTIVE The aim of this study is to investigate adoption and attitudes towards the NHS Covid-19 smartphone app, the digital contact tracing solution in the UK. METHODS An online survey based on the technology acceptance model (TAM2) with the added factor of trust was carried out with a representative sample of the UK population. Statistical analysis shows adoption rates, attitudes towards and trust in the app, compliance with self-isolation advice, and highlights differences for vulnerable populations (older adults and members of black, Asian, and minority ethnic (BAME) communities). RESULTS Around half of the 1001 respondents had downloaded and kept the app, but more than a third either did not intend to download it or had deleted it. Significantly more BAME respondents had deleted the app, and significantly more older adults did not intend to download it. Reasons for uptake were broadly to help the NHS and other people, especially among older adults, although significantly fewer BAME agreed that they did so to help the NHS. Reported compliance with received notifications to self-isolate was high, but significantly lower than reported intended compliance without received notifications. Of those who had ever used the app, only a fifth understood that the decision to send self-isolation notification is automated by the app. There were a range of significantly more negative views among BAME participants, including lower trust in the NHS, whilst older adults were often significantly more positive. Respondents without the app reported significantly lower trust and more negative views towards the app and were less likely to report they understood how the app works. CONCLUSIONS Whilst compliance of the ~50% who have the app is fairly high, there are issues surrounding trust and understanding that hinder adoption and therefore the effectiveness of digital contact tracing, particularly amongst BAME communities. The study highlights that more needs to be done to improve adoption among groups who are more vulnerable to the effects of the virus to enhance uptake and acceptance of contact tracing apps.

Testing Methodology for the TOOP Pilots

The Once-Only Principle project (TOOP) is an initiative, financed by the EU Program Horizon 2020, with the aim to explore and demonstrate the Once-Only principle through multiple sustainable pilots, using a federated architecture on a cross-border collaborative pan-European scale, enabling the connection of different registries and architectures in different countries for better exchange of information across public administrations. The deployed systems in the different Member States for the different piloting domains are being monitored and tested following the TOOP testing methodology that was developed during the TOOP project and with the use of specifically developed TOOP tools in order to monitor, identify errors and improve the quality of the pilots. The specific piloting tests and milestones are customized per pilot domain and are followed by all Member States piloting in the specific domain. The methodology starts from a technical view at the own Member State level with the verification of a check list, continues with onboard testing and connectivity testing and as the last step a connectathon between different Member States takes place.

SoK: Privacy-Preserving Reputation Systems

Trust and user-generated feedback have become increasingly vital to the normal functioning of the modern internet. However, deployed systems that currently incorporate such feedback do not guarantee users much in the way of privacy, despite a wide swath of research on how to do so spanning over 15 years. Meanwhile, research on systems that maintain user privacy while helping them to track and update each others’ reputations has failed to standardize terminology, or converge on what privacy guarantees should be important. Too often, this leads to misunderstandings of the tradeoffs underpinning design decisions. Further, key insights made in some approaches to designing such systems have not circulated to other approaches, leaving open significant opportunity for new research directions. This SoK investigates 42 systems describing privacy-preserving reputation systems from 2003–2019 in order to organize previous work and suggest directions for future work. Our three key contributions are the systematization of this body of research, the detailing of the tradeoffs implied by overarching design choices, and the identification of underresearched areas that provide promising opportunities for future work.

SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version

FPGA system on chips (SoCs) are ideal computing platforms for edge devices in applications which require high performance through hardware acceleration and updatability due to long operation in the field. A secure update of hardware functionality can in general be achieved by using built-in cryptographic engines and provided secret key storage. However, reported examples have shown that such cryptographic engines may become insecure against side-channel attacks at any later point in time. This leaves already deployed systems vulnerable without any clear mitigation options. To solve this, we propose a comprehensive concept that uses an alternative and side-channel protected cryptographic engine within the FPGA logic instead of the built-in one for the crucial task of bitstream decryption. Remarkably this concept even allows to update the cryptographic engine itself. As proof of concept, we describe an application to the Xilinx Zynq-7020 FPGA SoC in detail. We provide two options for a leakage resilient decryption engine which are based on the same primitive, a leakage resilient pseudorandom function (LR-PRF). Depending on a side-channel evaluation of this primitive on the target platform, either a version with additional side-channel countermeasures or a more efficient variant is deployed. The lack of accessible secret key storage poses a significant challenge and requires the use of a physical unclonable function (PUF) to generate a device intrinsic secret within the FPGA logic. At the same time this means that manufacturer-provided secret key storage or cryptography is no longer required; only a public key for signature verification of the first stage bootloader and initial static bitstream. We provide empirical results proving the side-channel security of the protected cryptographic engine as well as an evaluation of the PUF quality. The full design and source code is made available to encourage further research in this direction.

Enabling the Secure Use of Dynamic Identity for the Internet of Things—Using the Secure Remote Update Protocol (SRUP)

This paper examines dynamic identity, as it pertains to the Internet of Things (IoT), and explores the practical implementation of a mitigation technique for some of the key weaknesses of a conventional dynamic identity model. This paper explores human-centric and machine-based observer approaches for confirming device identity, permitting automated identity confirmation for deployed systems. It also assesses the advantages of dynamic identity in the context of identity revocation permitting secure change of ownership for IoT devices. The paper explores use-cases for human and machine-based observation for authentication of device identity when devices join a Command and Control(C2) network, and considers the relative merits for these two approaches for different types of system.

Enabling the secure use of Dynamic Identity for the Internet of Things — using the Secure Remote Update Protocol (SRUP)

This paper examines dynamic identity, as it pertains to the IoT; and explores the practical implementation of a mitigation to some of the key weaknesses of a conventional dynamic identity model. This paper explores human-centric and machine-based observer approaches for confirming device identity, permitting automated identity confirmation for deployed systems. It also assesses the advantages of dynamic identity in the context of identity revocation permitting secure change of ownership for IoT devices. The paper explores use-cases for human and machine-based observation for authentication of device identity when devices join a C2 network, and considers the relative merits for these two approaches for different types of system.