Privacy Quest Village : Battle for AI Week 5 Newsletter
Get weekly cases and puzzles that progressively enhance your legal, engineering, and compliance skills to help you become a revered privacy engineer and AI governance expert in the Battle for AI!
Battle for AI Week 5 - Agenda 📅
🎁 Battle for AI Week 5 Guide [Download] - Greetings, PQ Villagers! This week on PQ Village, we're kicking off with a walkthrough game session featuring Kim Wuyts! After that, we'll delve into the EU Data Strategy Policy Landscape with Muhammed Demircan, and wrapping up the week, we have another amazing Fireside Chat with Steve Hickman discussing the Epistimis Modeling Tool!
Don't hesitate to introduce yourself and ask questions to the community if you find yourself stuck along the way! - PQ Team 🧙♂️ 🧙♀️
🔎 Week 5 Missions & Agenda (Feb12th-Feb19th)
⚔️ Main Quest: Privacy Threat Modeling Walkthrough Session with Kim Wuyts (📅 FEB 13) (⏰ 40-minute session)
Join us for a puzzle walkthrough session on the Privacy Quest platform with Kim Wuyts, exploring privacy threat modeling in a fun-filled session in PQ Village. Both factions will learn the fundamental concepts behind threat modeling through a high-paced, cyberpunk-themed quest aimed at protecting cyborg rights activists in the PQ Universe!
🎫 Fireside Chat Ticket - Privacy Threat Modeling Quest Walkthrough Session with Kim Wuyts [Download Link] (required for Week 5 Main Quest💡)
⚔️ Main Quest: Engineering Puzzle - Agent, we've uncovered concerning practices within an ovulation tracking app, where sensitive health data of women is shared with third-party marketers via SDK integrations, violating privacy policies.
💾 Evidence : FTC Evidence
💾 Evidence : LINDDUN Privacy Threats
This involves the use of unique identifiers like IDFA and AAID, allowing for detailed tracking and personalized advertising without disclosing personal identities. Such actions raise serious privacy concerns, especially considering the unauthorized transfer of sensitive information.
🔍 Task: Which privacy threat from the LINDDUN framework could be triggered by integrating AAID and IDFA identifiers with user-generated sensitive data from period tracking app usage, potentially enabling individual identification?
[🧩 INPUT ANSWER] 👉 Solve the Puzzle on Privacy Quest!
🛡️ Side Quest I: Compliance Puzzle - Epistimis Threat Modeling Fireside Chat session with Steve Hickman (📅 FEB 17) (⏰ 40-minute session)
Steve Hickman is set to meet with both factions at Privacy Quest Village for a confidential session on utilizing the Epistimis Modeling Tool. This tool serves as an additional resource in the Battle for AI, aiding factions in improving their privacy engineering and AI governance efforts.
🎫 Fireside Chat Ticket - Epistimis Threat Modeling Fireside Chat with Steve Hickman [Download Link] (required for Week 5 side Quest💡)
🛡️ Side Quest I: Agent, we've received further complaints highlighting privacy violations by numerous period tracking apps, accused of breaching user privacy. These apps deceptively assured users through their privacy policies that health information would not be shared with third parties without explicit consent, and any collected data would remain non-identifiable, solely for analytics or advertising. Contrary to these promises, the apps utilized third-party SDKs for advertising purposes, sharing health information without obtaining users' affirmative express consent, a practice spotlighted by the FTC.
This breach resulted in the exposure of sensitive information about a user's failed pregnancy to outside parties, prompting the PQ Intelligence Division to investigate. Your task is to examine the evidence provided and determine the necessary steps for notifying affected users about the data breach.
💾 Evidence I: FTC Evidence
💾 Evidence II: Data Marketplace Selling Info About Who Uses Period Tracking Apps
🔎 Task: Based on the FTC Evidence, determine the appropriate duration for displaying Exhibit A on the affected product, in addition to direct communications with the data subjects.
[🧩 INPUT ANSWER] 👉 Solve the Puzzle on Privacy Quest!
🛡️ Side Quest II: Legal Puzzle - Copyright Law: AI Edition
ChatGPT's Training requires absorbing vast amounts of text and its unique outputs depend entirely on its training dataset. Authors claim their works were used to train ChatGPT without consent, leading to legal action against OpenAI. Despite OpenAI's partial legal victory, the controversy surrounding the use of copyrighted materials without author consent raises significant copyright infringement concerns.
Objective: Locate and identify a crucial corpus of books at the heart of a legal battle where authors have accused OpenAI of using their copyrighted works without permission to train ChatGPT. ChatGPT was trained on a substantial number of books. The "OpenAI Books1" dataset is estimated to contain about 63,000 titles, likely sourced from Project Gutenberg or similar. The "OpenAI Books2" dataset, with approximately 294,000 titles, is thought to include content from shadow libraries known for copyright infringement.
💾 Evidence: UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION
Specifics about these datasets have not been disclosed, suggesting they include a wide range of internet-based book collections. OpenAI has been particularly reticent about the GPT-4 dataset, citing competitive and safety concerns.
🔎 Your Task: Agent, the Division requires you to investigate the evidence and identify the “term” used to describe copyright-infringing websites such as Library Genesis (LibGen), Z-Library (Bok), Sci-Hub, and Bibliotik, which are suspected of being the source for the "OpenAI Books2" dataset, as mentioned in the evidence.
[🧩 INPUT ANSWER] 👉 Solve the Puzzle on Privacy Quest!
📣 PQ Village: DPD24 FEST is taking place between Jan 12th-Feb28th!
What is PQ Village: DPD24 FEST? 👀
✅ Step into the privacy festival realm – the digital village we've curated for you: Privacy Quest Village! Since #DataPrivacyDay on January 2023, we have been diligently crafting ideas and projects aimed at uniting the privacy community. Especially those with creative backgrounds and enthusiasts of geek culture, science fiction, and gaming. Our mission is to cultivate a culture of creative privacy, using unique approaches to spread awareness in unprecedented ways. 👉 https://festival.privacyquest.org/
What is Privacy Quest? 👀
🧩 Level up your privacy skills with PQ Platform - Dive into cyberpunk-themed detective missions and puzzles within privacy labs, designed to introduce you to fundamental concepts of privacy engineering and AI governance. Level up your skills in thrilling and immersive privacy quests!
Start playing 10min a day to level up your technical privacy and security skills 👉 https://play.privacyquest.org/quests