About Me

I am a Technology Fellow at Irish Council for Civil Liberties (ICCL) where I work on technology-policy with a focus on algorithmic decision making. Previously I was a researcher at TU Darmstadt where I worked on applied cryptography, privacy enhancing technologies (PETs) and Internet infrastructure security.

Recent Blog Posts

While waiting

We spend much of our life waiting. We wait for someone. We wait for something.

We often wait. But, not all waits are made the same. Waiting for the train that we take every weekday morning is not the same as waiting for a friend to arrive. We know how long we have to wait for the train to arrive. At least approximately. We may not know when the friend will arrive if they are already late.

There are other times when the wait is longer. When you are waiting to receive the reviews for the first academic article you submitted to a conference or journal. When you wait for the approval of a visa application and don’t know whether it will be approved. We know how long we need to wait and yet, we are anxious.

In Agnès Varda’s film Cléo from 5 to 7 (1962), we see Cléo wait 90 minutes1 for her medical test results. She suspects that she might have cancer. In the beginning, we see her wait anxiously. She asks the opinion of a tarot card reader, shops with her assistant, practices a song with a composer who comes to her apartment and has a superficial afternoon chat with her lover.

She does everything possible not to feel that she is waiting. When she is not occupied with others, she is occupied with herself. She is surrounded by mirrors. Just as mirrors in elevators in high rises make us feel that the wait is shorter, Cléo uses mirrors to distract herself. But then, she is frustrated with what she sees, until she does not need to see herself in the mirror.

  1. The film runs from 5pm to 6:30pm. 5 to 7 is a joke. See Agnès Varda. Cléo from 5 to 7↩︎

Template-based facial recognition

This post is an edited version of my Twitter thread from 3 November 2021.

On 2 November 2021, Facebook announced that they will delete the data and shut down the facial recognition system on Facebook.

Which data is being deleted? Facebook’s blogpost does not say that they will delete the models that were generated using the data. It also does not say that they will not use people’s image data to train models. It only says “we will delete more than a billion people’s individual facial recognition templates.” Is deleting templates enough?

What are these templates? Templates are not images. Templates are generated using images. To understand how templates fit into a facial recognition system, it can be useful to understand the different steps involved in a template-based facial recognition system 1. Here is a simplified version of the steps involved:

  1. Image collection: A collection of images. People upload images in Facebook. So, collection is easy.
  2. Creating templates: Using a combination of algorithms to process the collected images of a person to smooth out non-facial elements and the background.

  1. Template-based facial recognition is only one of the methods. There are other methods for facial recognition systems such as relying on specific features of the object such as the boundary, shape, colour, etc.↩︎

Sun and shade

I enjoy the sun. Not for any particular reason. I enjoy the sun just as I enjoy the clouds, the rain and the snow. They are in the nature. I enjoy them as they are.

I have many friends who place the sunlight on a pedestal. They value the sun much more than many other natural elements. They have a much more favourable view of the sunlight than the rain, for instance. This is in part because they have grown up in parts of the world where sunlight and the warmth it offers is not prevalent throughout the year. They make the most of the opportunities they get to bask under the sunlight.

Would they feel the same if the sun was beating down, day after day, without any possibility to find shade? Many who live in hotter parts of the world, especially closer to the equator experience the sun in this way. Many others, even those further away from the equator, have tasted days when the heat was too much to bear.

The sun can also be used as a metaphor as in the film A Sun (2019). The elder son, Hao, of A-Wen is brilliant. He is the sun of the family. His parents are proud of him. His brother hates him for being brilliant. He is shy, helpful and caring. People around him know that he is thoughtful. But, they have no idea what he is thinking.

He hardly puts a foot wrong. He is garnered with praises at almost all times. But, how does he feel? Does he bask in the sunlight of praises? Does he expect to be praised regularly? Is he afraid of making mistakes? His family and friends do not know the answers to these questions. Not until, they read his last message before he jumped off a building.

Hao was exposed to so much sun that he felt as if he was being burnt. Unlike many humans and non-human animals, he felt he “had no water tanks and no hiding places, but only sunlight1.” He was exposed to the uninterrupted supply of sunlight. He was not seeking a place to get tanned. The sun was hunting him down and burning him.

  1. Hao’s last message in A Sun (2019)↩︎

Father of a sun

When we are faced with situations in life that question the identity we hold close to our hearts, we sometimes distance ourselves from the event. If the event involves someone we know, then we create a story in our mind that makes the present easier to live. We avoid the wrongs and focus on the positives.

A-Wen in the 2019 film A Sun is one such person. His identity as a father is questioned when the younger of his two sons is sent to juvenile detention for accompanying a friend who chopped-off the hand of a similar-aged boy. A-Wen’s approach to continue living his life involves a mental tweak. Whenever someone asks him how many children he has, he responds confidently that he has one son. This mental tweak helps him to avoid thinking about his role as a father in the development of his younger son.

This mental tweak helps him for a few days until he faces another tragedy. One evening, the older son jumps to his death from the roof of their apartment building. His older son had been the spark in the family. Excellent student at school and high-achieving. He was shy and thoughtful. No one really knew what he was thinking about. Just that he was often deep in thought. He was the son the father was proud of.

How many sons did the father have now? He still had one son, the one he did not want to acknowledge. No mental tweak needed now. As the younger one tells one of the officers in the detention center, the older brother was brilliant. He was just brilliant. But, it does not matter anymore. Only the younger one is alive now.

A-Wen reminded me of a conversation with a friend. This friend told me how they are proud of a grand father who fixed planes. The grandfather fixed planes during the second world war. They, a pacifist, mentioned how their grandfather did not kill anyone during the war and they only fixed planes. I was struck by this line of thought. The planes were used to bomb cities. Their grandfather may not have shot anyone, but they did contribute to the apparatus that was used to kill thousands of people. Nevertheless, the belief that their grandfather had not killed anyone during the war made them proud and limited the guilt they might otherwise have felt.

Apple PSI

Earlier in August, Apple announced a technology to limit the spread of Child Sexual Abuse Material (CSAM) by detecting them before they are uploaded to iCloud. Child safety advocates have voiced their support for this technology while privacy advocates emphasize that this technology can be misused and there is no protection against this technology being used for other purposes by states around the world.

Many others have written about the system, how it works and the potential privacy and surveillance issues. As part of the system, Apple uses a variant of private set intersection (PSI) that when properly used can provide cryptographic privacy. I want to focus on this part of the system and whether its use provides even cryptographic privacy in this context.

PSI is a cryptographic technique where only the intersection of two data sets is revealed and nothing else about the data sets is revealed. Lets say that you and I are huge fans of Marcel Proust’s In Search of Lost Time. But, neither of us has the entire collection of seven volumes. We want to avoid embarrassing each other by mentioning Proust’s writing from the volumes that one of us has not read. We want to identify the books that both of us have read. We also don’t want to leak which other volumes we have read. For this purpose, we could run a PSI protocol to identify which volumes both of us have while not revealing anything else.

Apple PSI does something similar. In fact, it does even better. It does not even reveal the intersection, only the associated data when there is an intersection. However, I think that the assumptions required for the protocol to provide cryptographic privacy in this particular setting of Apple do not hold.

PSI protocols run between a server and a client are a specific instance of secure two-party computation (2PC), which allows two parties to run a protocol and compute a function, without revealing anything other than the outputs of the function. In the case of PSI, the output is the elements that are common among the participating entities. In the case of Apple PSI, if there are common elements between the sets held by the server and those on the client device, then the server is informed through the associated data while the elements themselves are not revealed to the server. The client receives no output.

When we run a PSI protocol, the client and server need to be available. In simpler words, both of them want to participate in the protocol at a desired time. The server and the client need to be independent and they should not collude with each other. Non-collusion is important in this discussion and it is a requirement if we are to prove any kind of security for these protocols, such as in Section 4.4 of The Apple PSI System.

Is this requirement of non-collusion satisfied in the technology proposed by Apple? The server is controlled by Apple. The client is also controlled by Apple. The end-user may be able to disable syncing with iCloud, but the end user cannot control whether or not to participate in the PSI protocol if they want to use iCloud. If the end user could control whether or not to participate in this technology, then Apple’s CSAM limiting technology will fail. So, Apple has good reasons to prevent user control. However, this also means that Apple cannot claim to provide the end user cryptographic privacy as the requirement for running PSI requires that the end-user wants to participate in the protocol and that the client does not collude with the server, which is not the case here.