penn-testing

Presentation to the Security Group, University of Kent

  • Posted on: 15 November 2016
  • By: warren
Undefined
Processing legal documents with AI: Notes from the field.
Wednesday, 23 November 2016, 5PM
 
In a world where the marginal cost of copying information is nil, the marginal cost of storing information is nil, and the marginal cost of transmitting information is nil, the opportunities for data disasters are numerous and their consequences are devastating to individuals and corporations. Even well-intentioned gestures such as AOL's release of anonymized query logs have resulted in privacy violations in ways not immediately obvious to the principals.
 
Interestingly, portability and interoperability are now working against us: in the world of single sign on, once you have access to the user you have access to all of their systems, and the first leak tends to be the last leak. This talk will be about the security of AI engines in contract analysis and the unexpected and counterintuitive lessons learned along the way. Security auditors want audit logs; forensics-aware systems people want traceability; privacy advocates want minimal information kept; developers want ease of maintenance and debugging; and users want to be minimally impacted. Now all of these views are necessarily compatible and some interesting conflicts arise in the creation and operations of applications.
 
In the end, the creation of online apps that handle sensitive information, preserve privacy and security, while enabling distributed teams to collaborate requires much more than following best practices. They rest on a culture of security within the organization.