Avoiding Liability and Other Legal Land Mines in the Evolving Genomics Landscape.

This article reviews evolving legal implications for clinicians and researchers as genomics is used more widely in both the clinic and in translational research, reflecting rapid changes in scientific knowledge as well as the surrounding cultural and political environment. Professionals will face new and changing duties to make or act upon a genetic diagnosis, address direct-to-consumer genetic testing in patient care, consider the health implications of results for patients' family members, and recontact patients when test results change over time. Professional duties in reproductive genetic testing will need to be recalibrated in response to disruptive changes to reproductive rights in the United States. We also review the debate over who controls the flow of genetic information and who is responsible for its protection, considering the globally influential European Union General Data Protection Regulation and the rapidly evolving data privacy law landscape of the United States.

The Importance, Challenges, and Possible Solutions for Sharing Proteomics Data While Safeguarding Individuals' Privacy.

Proteomics data sharing has profound benefits at the individual level as well as at the community level. While data sharing has increased over the years, mostly due to journal and funding agency requirements, the reluctance of researchers with regard to data sharing is evident as many shares only the bare minimum dataset required to publish an article. In many cases, proper metadata is missing, essentially making the dataset useless. This behavior can be explained by a lack of incentives, insufficient awareness, or a lack of clarity surrounding ethical issues. Through adequate training at research institutes, researchers can realize the benefits associated with data sharing and can accelerate the norm of data sharing for the field of proteomics, as has been the standard in genomics for decades. In this article, we have put together various repository options available for proteomics data. We have also added pros and cons of those repositories to facilitate researchers in selecting the repository most suitable for their data submission. It is also important to note that a few types of proteomics data have the potential to re-identify an individual in certain scenarios. In such cases, extra caution should be taken to remove any personal identifiers before sharing on public repositories. Data sets that will be useless without personal identifiers need to be shared in a controlled access repository so that only authorized researchers can access the data and personal identifiers are kept safe.

Confidence-ranked reconstruction of census microdata from published statistics.

A reconstruction attack on a private dataset D takes as input some publicly accessible information about the dataset and produces a list of candidate elements of D. We introduce a class of data reconstruction attacks based on randomized methods for nonconvex optimization. We empirically demonstrate that our attacks can not only reconstruct full rows of D from aggregate query statistics Q(D)∈ℝm but can do so in a way that reliably ranks reconstructed rows by their odds of appearing in the private data, providing a signature that could be used for prioritizing reconstructed rows for further actions such as identity theft or hate crime. We also design a sequence of baselines for evaluating reconstruction attacks. Our attacks significantly outperform those that are based only on access to a public distribution or population from which the private dataset D was sampled, demonstrating that they are exploiting information in the aggregate statistics Q(D) and not simply the overall structure of the distribution. In other words, the queries Q(D) are permitting reconstruction of elements of this dataset, not the distribution from which D was drawn. These findings are established both on 2010 US decennial Census data and queries and Census-derived American Community Survey datasets. Taken together, our methods and experiments illustrate the risks in releasing numerically precise aggregate statistics of a large dataset and provide further motivation for the careful application of provably private techniques such as differential privacy.

Associations between forensic loci and expression levels of neighboring genes may compromise medical privacy.

A set of 20 short tandem repeats (STRs) is used by the US criminal justice system to identify suspects and to maintain a database of genetic profiles for individuals who have been previously convicted or arrested. Some of these STRs were identified in the 1990s, with a preference for markers in putative gene deserts to avoid forensic profiles revealing protected medical information. We revisit that assumption, investigating whether forensic genetic profiles reveal information about gene-expression variation or potential medical information. We find six significant correlations (false discovery rate = 0.23) between the forensic STRs and the expression levels of neighboring genes in lymphoblastoid cell lines. We explore possible mechanisms for these associations, showing evidence compatible with forensic STRs causing expression variation or being in linkage disequilibrium with a causal locus in three cases and weaker or potentially spurious associations in the other three cases. Together, these results suggest that forensic genetic loci may reveal expression levels and, perhaps, medical information.

Genetics and COVID-19: How to Protect the Susceptible.

Along with the potential for breakthroughs in care and prevention, the search for genetic mechanisms underlying the spread and severity of coronavirus disease 2019 (COVID-19) introduces the risk of discrimination against those found to have markers for susceptibility. We propose new legal protections to mitigate gaps in protections under existing laws.

FedSPL: federated self-paced learning for privacy-preserving disease diagnosis.

The growing expansion of data availability in medical fields could help improve the performance of machine learning methods. However, with healthcare data, using multi-institutional datasets is challenging due to privacy and security concerns. Therefore, privacy-preserving machine learning methods are required. Thus, we use a federated learning model to train a shared global model, which is a central server that does not contain private data, and all clients maintain the sensitive data in their own institutions. The scattered training data are connected to improve model performance, while preserving data privacy. However, in the federated training procedure, data errors or noise can reduce learning performance. Therefore, we introduce the self-paced learning, which can effectively select high-confidence samples and drop high noisy samples to improve the performances of the training model and reduce the risk of data privacy leakage. We propose the federated self-paced learning (FedSPL), which combines the advantage of federated learning and self-paced learning. The proposed FedSPL model was evaluated on gene expression data distributed across different institutions where the privacy concerns must be considered. The results demonstrate that the proposed FedSPL model is secure, i.e. it does not expose the original record to other parties, and the computational overhead during training is acceptable. Compared with learning methods based on the local data of all parties, the proposed model can significantly improve the predicted F1-score by approximately 4.3%. We believe that the proposed method has the potential to benefit clinicians in gene selections and disease prognosis.

Approximate maximum likelihood estimation in cure models using aggregated data, with application to HPV vaccine completion.

Research into vaccine hesitancy is a critical component of the public health enterprise, as rates of communicable diseases preventable by routine childhood immunization have been increasing in recent years. It is therefore important to estimate proportions of "never-vaccinators" in various subgroups of the population in order to successfully target interventions to improve childhood vaccination rates. However, due to privacy issues, it may be difficult to obtain individual patient data (IPD) needed to perform the appropriate time-to-event analyses: state-level immunization information services may only be willing to share aggregated data with researchers. We propose statistical methodology for the analysis of aggregated survival data that can accommodate a cured fraction based on a polynomial approximation of the mixture cure model log-likelihood function relying only on summary statistics. We study the performance of the method through simulation studies and apply it to a real-world data set from a study examining reminder/recall approaches to improve human papillomavirus (HPV) vaccination uptake. The proposed methods may be generalized for use when there is interest in fitting complex likelihood-based models but IPD is unavailable due to data privacy or other concerns.

Collaborative inference for treatment effect with distributed data-sharing management in multicenter studies.

Data sharing barriers present paramount challenges arising from multicenter clinical studies where multiple data sources are stored and managed in a distributed fashion at different local study sites. Merging such data sources into a common data storage for a centralized statistical analysis requires a data use agreement, which is often time-consuming. Data merging may become more burdensome when propensity score modeling is involved in the analysis because combining many confounding variables, and systematic incorporation of this additional modeling in a meta-analysis has not been thoroughly investigated in the literature. Motivated from a multicenter clinical trial of basal insulin treatment for reducing the risk of post-transplantation diabetes mellitus, we propose a new inference framework that avoids the merging of subject-level raw data from multiple sites at a centralized facility but needs only the sharing of summary statistics. Unlike the architecture of federated learning, the proposed collaborative inference does not need a center site to combine local results and thus enjoys maximal protection of data privacy and minimal sensitivity to unbalanced data distributions across data sources. We show theoretically and numerically that the new distributed inference approach has little loss of statistical power compared to the centralized method that requires merging the entire data. We present large-sample properties and algorithms for the proposed method. We illustrate its performance by simulation experiments and the motivating example on the differential average treatment effect of basal insulin to lower risk of diabetes among kidney-transplant patients compared to the standard-of-care.

"Incorporating large language models into academic neurosurgery: embracing the new era".

This correspondence examines how LLMs, such as ChatGPT, have an effect on academic neurosurgery. It emphasises the potential of LLMs in enhancing clinical decision-making, medical education, and surgical practice by providing real-time access to extensive medical literature and data analysis. Although this correspondence acknowledges the opportunities that come with the incorporation of LLMs, it also discusses challenges, such as data privacy, ethical considerations, and regulatory compliance. Additionally, recent studies have assessed the effectiveness of LLMs in perioperative patient communication and medical education, and stressed the need for cooperation between neurosurgeons, data scientists, and AI experts to address these challenges and fully exploit the potential of LLMs in improving patient care and outcomes in neurosurgery.

'I just LOVE data': perceptions and practices of data sharing and privacy among users of the Lioness.

High profile data breaches and the proliferation of self-tracking technologies generating bio-feedback data have raised concerns about data privacy and data sharing practices among users of these devices. However, our understanding of how self-trackers in sexual health populations, where the data may be sensitive, personal, and stigmatising, perceive data privacy and sharing is limited. This study combined industry consultation with a survey of users of the world's first biofeedback smart vibrator, the Lioness, that enables users to monitor and analyse their sexual response intensity and orgasm duration over time. We found users of the Lioness are motivated to self-track by both individual and altruistic goals: to learn more about their bodies, and to contribute to research that leads to better sexual health outcomes. Perceptions of data privacy and data sharing were shaped by an eagerness to collaborate with sexual health researchers to challenge traditional male-centric perspectives in biomedical research on women's sexual health, where gender plays a crucial role in defining healthcare systems and outcomes. This study extends our understanding of the non-digital aspects of self-tracking by emphasising the role of gender and inclusive healthcare advocacy in shaping perceptions of data privacy and sharing within sexual health populations.

Patient and Public Willingness to Share Personal Health Data for Third-Party or Secondary Uses: Systematic Review.

BACKGROUND: International advances in information communication, eHealth, and other digital health technologies have led to significant expansions in the collection and analysis of personal health data. However, following a series of high-profile data sharing scandals and the emergence of COVID-19, critical exploration of public willingness to share personal health data remains limited, particularly for third-party or secondary uses. OBJECTIVE: This systematic review aims to explore factors that affect public willingness to share personal health data for third-party or secondary uses. METHODS: A systematic search of 6 databases (MEDLINE, Embase, PsycINFO, CINAHL, Scopus, and SocINDEX) was conducted with review findings analyzed using inductive-thematic analysis and synthesized using a narrative approach. RESULTS: Of the 13,949 papers identified, 135 were included. Factors most commonly identified as a barrier to data sharing from a public perspective included data privacy, security, and management concerns. Other factors found to influence willingness to share personal health data included the type of data being collected (ie, perceived sensitivity); the type of user requesting their data to be shared, including their perceived motivation, profit prioritization, and ability to directly impact patient care; trust in the data user, as well as in associated processes, often established through individual choice and control over what data are shared with whom, when, and for how long, supported by appropriate models of dynamic consent; the presence of a feedback loop; and clearly articulated benefits or issue relevance including valued incentivization and compensation at both an individual and collective or societal level. CONCLUSIONS: There is general, yet conditional public support for sharing personal health data for third-party or secondary use. Clarity, transparency, and individual control over who has access to what data, when, and for how long are widely regarded as essential prerequisites for public data sharing support. Individual levels of control and choice need to operate within the auspices of assured data privacy and security processes, underpinned by dynamic and responsive models of consent that prioritize individual or collective benefits over and above commercial gain. Failure to understand, design, and refine data sharing approaches in response to changeable patient preferences will only jeopardize the tangible benefits of data sharing practices being fully realized.

Contextual Acceptance of COVID-19 Mitigation Mobile Apps in the United States: Mixed Methods Survey Study on Postpandemic Data Privacy.

BACKGROUND: The COVID-19 pandemic gave rise to countless user-facing mobile apps to help fight the pandemic ("COVID-19 mitigation apps"). These apps have been at the center of data privacy discussions because they collect, use, and even retain sensitive personal data from their users (eg, medical records and location data). The US government ended its COVID-19 emergency declaration in May 2023, marking a unique time to comprehensively investigate how data privacy impacted people's acceptance of various COVID-19 mitigation apps deployed throughout the pandemic. OBJECTIVE: This research aims to provide insights into health data privacy regarding COVID-19 mitigation apps and policy recommendations for future deployment of public health mobile apps through the lens of data privacy. This research explores people's contextual acceptance of different types of COVID-19 mitigation apps by applying the privacy framework of contextual integrity. Specifically, this research seeks to identify the factors that impact people's acceptance of data sharing and data retention practices in various social contexts. METHODS: A mixed methods web-based survey study was conducted by recruiting a simple US representative sample (N=674) on Prolific in February 2023. The survey includes a total of 60 vignette scenarios representing realistic social contexts that COVID-19 mitigation apps could be used. Each survey respondent answered questions about their acceptance of 10 randomly selected scenarios. Three contextual integrity parameters (attribute, recipient, and transmission principle) and respondents' basic demographics are controlled as independent variables. Regression analysis was performed to determine the factors impacting people's acceptance of initial data sharing and data retention practices via these apps. Qualitative data from the survey were analyzed to support the statistical results. RESULTS: Many contextual integrity parameter values, pairwise combinations of contextual integrity parameter values, and some demographic features of respondents have a significant impact on their acceptance of using COVID-19 mitigation apps in various social contexts. Respondents' acceptance of data retention practices diverged from their acceptance of initial data sharing practices in some scenarios. CONCLUSIONS: This study showed that people's acceptance of using various COVID-19 mitigation apps depends on specific social contexts, including the type of data (attribute), the recipients of the data (recipient), and the purpose of data use (transmission principle). Such acceptance may differ between the initial data sharing and data retention practices, even in the same context. Study findings generated rich implications for future pandemic mitigation apps and the broader public health mobile apps regarding data privacy and deployment considerations.

Electronic Health Record-Oriented Knowledge Graph System for Collaborative Clinical Decision Support Using Multicenter Fragmented Medical Data: Design and Application Study.

BACKGROUND: The medical knowledge graph provides explainable decision support, helping clinicians with prompt diagnosis and treatment suggestions. However, in real-world clinical practice, patients visit different hospitals seeking various medical services, resulting in fragmented patient data across hospitals. With data security issues, data fragmentation limits the application of knowledge graphs because single-hospital data cannot provide complete evidence for generating precise decision support and comprehensive explanations. It is important to study new methods for knowledge graph systems to integrate into multicenter, information-sensitive medical environments, using fragmented patient records for decision support while maintaining data privacy and security. OBJECTIVE: This study aims to propose an electronic health record (EHR)-oriented knowledge graph system for collaborative reasoning with multicenter fragmented patient medical data, all the while preserving data privacy. METHODS: The study introduced an EHR knowledge graph framework and a novel collaborative reasoning process for utilizing multicenter fragmented information. The system was deployed in each hospital and used a unified semantic structure and Observational Medical Outcomes Partnership (OMOP) vocabulary to standardize the local EHR data set. The system transforms local EHR data into semantic formats and performs semantic reasoning to generate intermediate reasoning findings. The generated intermediate findings used hypernym concepts to isolate original medical data. The intermediate findings and hash-encrypted patient identities were synchronized through a blockchain network. The multicenter intermediate findings were collaborated for final reasoning and clinical decision support without gathering original EHR data. RESULTS: The system underwent evaluation through an application study involving the utilization of multicenter fragmented EHR data to alert non-nephrology clinicians about overlooked patients with chronic kidney disease (CKD). The study covered 1185 patients in nonnephrology departments from 3 hospitals. The patients visited at least two of the hospitals. Of these, 124 patients were identified as meeting CKD diagnosis criteria through collaborative reasoning using multicenter EHR data, whereas the data from individual hospitals alone could not facilitate the identification of CKD in these patients. The assessment by clinicians indicated that 78/91 (86%) patients were CKD positive. CONCLUSIONS: The proposed system was able to effectively utilize multicenter fragmented EHR data for clinical application. The application study showed the clinical benefits of the system with prompt and comprehensive decision support.

Data privacy-aware machine learning approach in pancreatic cancer diagnosis.

PROBLEM: Pancreatic ductal adenocarcinoma (PDAC) is considered a highly lethal cancer due to its advanced stage diagnosis. The five-year survival rate after diagnosis is less than 10%. However, if diagnosed early, the five-year survival rate can reach up to 70%. Early diagnosis of PDAC can aid treatment and improve survival rates by taking necessary precautions. The challenge is to develop a reliable, data privacy-aware machine learning approach that can accurately diagnose pancreatic cancer with biomarkers. AIM: The study aims to diagnose a patient's pancreatic cancer while ensuring the confidentiality of patient records. In addition, the study aims to guide researchers and clinicians in developing innovative methods for diagnosing pancreatic cancer. METHODS: Machine learning, a branch of artificial intelligence, can identify patterns by analyzing large datasets. The study pre-processed a dataset containing urine biomarkers with operations such as filling in missing values, cleaning outliers, and feature selection. The data was encrypted using the Fernet encryption algorithm to ensure confidentiality. Ten separate machine learning models were applied to predict individuals with PDAC. Performance metrics such as F1 score, recall, precision, and accuracy were used in the modeling process. RESULTS: Among the 590 clinical records analyzed, 199 (33.7%) belonged to patients with pancreatic cancer, 208 (35.3%) to patients with non-cancerous pancreatic disorders (such as benign hepatobiliary disease), and 183 (31%) to healthy individuals. The LGBM algorithm showed the highest efficiency by achieving an accuracy of 98.8%. The accuracy of the other algorithms ranged from 98 to 86%. In order to understand which features are more critical and which data the model is based on, the analysis found that the features "plasma_CA19_9", REG1A, TFF1, and LYVE1 have high importance levels. The LIME analysis also analyzed which features of the model are important in the decision-making process. CONCLUSIONS: This research outlines a data privacy-aware machine learning tool for predicting PDAC. The results show that a promising approach can be presented for clinical application. Future research should expand the dataset and focus on validation by applying it to various populations.

Exploring the tradeoff between data privacy and utility with a clinical data analysis use case.

BACKGROUND: Securing adequate data privacy is critical for the productive utilization of data. De-identification, involving masking or replacing specific values in a dataset, could damage the dataset's utility. However, finding a reasonable balance between data privacy and utility is not straightforward. Nonetheless, few studies investigated how data de-identification efforts affect data analysis results. This study aimed to demonstrate the effect of different de-identification methods on a dataset's utility with a clinical analytic use case and assess the feasibility of finding a workable tradeoff between data privacy and utility. METHODS: Predictive modeling of emergency department length of stay was used as a data analysis use case. A logistic regression model was developed with 1155 patient cases extracted from a clinical data warehouse of an academic medical center located in Seoul, South Korea. Nineteen de-identified datasets were generated based on various de-identification configurations using ARX, an open-source software for anonymizing sensitive personal data. The variable distributions and prediction results were compared between the de-identified datasets and the original dataset. We examined the association between data privacy and utility to determine whether it is feasible to identify a viable tradeoff between the two. RESULTS: All 19 de-identification scenarios significantly decreased re-identification risk. Nevertheless, the de-identification processes resulted in record suppression and complete masking of variables used as predictors, thereby compromising dataset utility. A significant correlation was observed only between the re-identification reduction rates and the ARX utility scores. CONCLUSIONS: As the importance of health data analysis increases, so does the need for effective privacy protection methods. While existing guidelines provide a basis for de-identifying datasets, achieving a balance between high privacy and utility is a complex task that requires understanding the data's intended use and involving input from data users. This approach could help find a suitable compromise between data privacy and utility.

Federated-learning-based prognosis assessment model for acute pulmonary thromboembolism.

BACKGROUND: Acute pulmonary thromboembolism (PTE) is a common cardiovascular disease and recognizing low prognosis risk patients with PTE accurately is significant for clinical treatment. This study evaluated the value of federated learning (FL) technology in PTE prognosis risk assessment while ensuring the security of clinical data. METHODS: A retrospective dataset consisted of PTE patients from 12 hospitals were collected, and 19 physical indicators of patients were included to train the FL-based prognosis assessment model to predict the 30-day death event. Firstly, multiple machine learning methods based on FL were compared to choose the superior model. And then performance of models trained on the independent (IID) and non-independent identical distributed(Non-IID) datasets was calculated and they were tested further on Real-world data. Besides, the optimal model was compared with pulmonary embolism severity index (PESI), simplified PESI (sPESI), Peking Union Medical College Hospital (PUMCH). RESULTS: The area under the receiver operating characteristic curve (AUC) of logistic regression(0.842) outperformed convolutional neural network (0.819) and multi layer perceptron (0.784). Under IID, AUC of model trained using FL(Fed) on the training, validation and test sets was 0.852 ± 0.002, 0.867 ± 0.012 and 0.829 ± 0.004. Under Real-world, AUC of Fed was 0.855 ± 0.005, 0.882 ± 0.003 and 0.835 ± 0.005. Under IID and Real-world, AUC of Fed surpassed centralization model(NonFed) (0.847 ± 0.001, 0.841 ± 0.001 and 0.811 ± 0.001). Under Non-IID, although AUC of Fed (0.846 ± 0.047) outperformed NonFed (0.841 ± 0.001) on validation set, it (0.821 ± 0.016 and 0.799 ± 0.031) slightly lagged behind NonFed (0.847 ± 0.001 and 0.811 ± 0.001) on the training and test sets. In practice, AUC of Fed (0.853, 0.884 and 0.842) outshone PESI (0.812, 0.789 and 0.791), sPESI (0.817, 0.770 and 0.786) and PUMCH(0.848, 0.814 and 0.832) on the training, validation and test sets. Additionally, Fed (0.842) exhibited higher AUC values across test sets compared to those trained directly on the clients (0.758, 0.801, 0.783, 0.741, 0.788). CONCLUSIONS: In this study, the FL based machine learning model demonstrated commendable efficacy on PTE prognostic risk prediction, rendering it well-suited for deployment in hospitals.

A practical guide to the development and deployment of deep learning models for the orthopaedic surgeon: Part III, focus on registry creation, diagnosis, and data privacy.

Deep learning is a subset of artificial intelligence (AI) with enormous potential to transform orthopaedic surgery. As has already become evident with the deployment of Large Language Models (LLMs) like ChatGPT (OpenAI Inc.), deep learning can rapidly enter clinical and surgical practices. As such, it is imperative that orthopaedic surgeons acquire a deeper understanding of the technical terminology, capabilities and limitations associated with deep learning models. The focus of this series thus far has been providing surgeons with an overview of the steps needed to implement a deep learning-based pipeline, emphasizing some of the important technical details for surgeons to understand as they encounter, evaluate or lead deep learning projects. However, this series would be remiss without providing practical examples of how deep learning models have begun to be deployed and highlighting the areas where the authors feel deep learning may have the most profound potential. While computer vision applications of deep learning were the focus of Parts I and II, due to the enormous impact that natural language processing (NLP) has had in recent months, NLP-based deep learning models are also discussed in this final part of the series. In this review, three applications that the authors believe can be impacted the most by deep learning but with which many surgeons may not be familiar are discussed: (1) registry construction, (2) diagnostic AI and (3) data privacy. Deep learning-based registry construction will be essential for the development of more impactful clinical applications, with diagnostic AI being one of those applications likely to augment clinical decision-making in the near future. As the applications of deep learning continue to grow, the protection of patient information will become increasingly essential; as such, applications of deep learning to enhance data privacy are likely to become more important than ever before. Level of Evidence: Level IV.

Federated learning for medical image analysis: A survey.

Machine learning in medical imaging often faces a fundamental dilemma, namely, the small sample size problem. Many recent studies suggest using multi-domain data pooled from different acquisition sites/centers to improve statistical power. However, medical images from different sites cannot be easily shared to build large datasets for model training due to privacy protection reasons. As a promising solution, federated learning, which enables collaborative training of machine learning models based on data from different sites without cross-site data sharing, has attracted considerable attention recently. In this paper, we conduct a comprehensive survey of the recent development of federated learning methods in medical image analysis. We have systematically gathered research papers on federated learning and its applications in medical image analysis published between 2017 and 2023. Our search and compilation were conducted using databases from IEEE Xplore, ACM Digital Library, Science Direct, Springer Link, Web of Science, Google Scholar, and PubMed. In this survey, we first introduce the background of federated learning for dealing with privacy protection and collaborative learning issues. We then present a comprehensive review of recent advances in federated learning methods for medical image analysis. Specifically, existing methods are categorized based on three critical aspects of a federated learning system, including client end, server end, and communication techniques. In each category, we summarize the existing federated learning methods according to specific research problems in medical image analysis and also provide insights into the motivations of different approaches. In addition, we provide a review of existing benchmark medical imaging datasets and software platforms for current federated learning research. We also conduct an experimental study to empirically evaluate typical federated learning methods for medical image analysis. This survey can help to better understand the current research status, challenges, and potential research opportunities in this promising research field.

Improved Scheme for Data Aggregation of Distributed Oracle for Intelligent Internet of Things.

Oracle is a data supply mechanism that provides real-world data for blockchain. It serves as a bridge between blockchain and the IoT world, playing a crucial role in solving problems such as data sharing and device management in the IoT field. The main challenge at this stage is determining how to achieve data privacy protection in distributed Oracle machines to safeguard the value hidden in data on the blockchain. In this paper, we propose an improved scheme for distributed Oracle data aggregation based on Paillier encryption algorithm, which achieves end-to-end data privacy protection from devices to users. To address the issue of dishonest distributed Oracle machines running out of funds, we have designed an algorithm called PICA (Paillier-based InChain Aggregation). Based on the aggregation on the Chainlink chain and the Paillier encryption algorithm, random numbers are introduced to avoid the problem of dishonest Oracle machines running out of funds. We use the traffic coverage method to solve the problem of exposed request paths in distributed Oracle machines. Simulation and experimental results show that in small and medium-sized IoT application scenarios with 10,000 data nodes, each additional false request in a single request will result in a delay of about 2 s in data acquisition and can achieve a request response time of 20 s. The proposed method can achieve user data privacy protection.

Human-Unrecognizable Differential Private Noised Image Generation Method.

Differential privacy has emerged as a practical technique for privacy-preserving deep learning. However, recent studies on privacy attacks have demonstrated vulnerabilities in the existing differential privacy implementations for deep models. While encryption-based methods offer robust security, their computational overheads are often prohibitive. To address these challenges, we propose a novel differential privacy-based image generation method. Our approach employs two distinct noise types: one makes the image unrecognizable to humans, preserving privacy during transmission, while the other maintains features essential for machine learning analysis. This allows the deep learning service to provide accurate results, without compromising data privacy. We demonstrate the feasibility of our method on the CIFAR100 dataset, which offers a realistic complexity for evaluation.