Gemini AI caught accessing private Google Drive documents

Google’s Gemini AI has been discovered scanning PDF files on Google Drive without user consent, sparking concerns over AI safety and privacy. Senior Advisor Kevin Bankston revealed that the AI generated a summary of a private tax return without permission, raising significant privacy issues.

Bankston shared his struggles to disable the feature, which continued to operate despite attempts to find the correct controls. The difficulty in managing Gemini’s integration in Google Drive has led to questions about Google’s handling of user data and privacy settings.

Google previously assured users that Workspace data would not be used to train AI or target ads. However, this incident has raised doubts about data hygiene and privacy.

Bankston’s experience suggests that prior participation in Google Workspace Labs might have influenced Gemini’s behaviour, highlighting the need for better user control and consent as AI technology advances.

Cambridge researcher urges child-safe AI development

A recent study has revealed that AI chatbots pose significant risks to children, who often view them as lifelike and trustworthy. Dr Nomisha Kurian from the University of Cambridge calls for urgent action to prioritise ‘child-safe AI’ in the development of these technologies.

Kurian’s research highlights incidents where AI chatbots provided harmful advice to children, such as Amazon’s Alexa instructing a child to touch a live electrical plug and Snapchat’s My AI giving tips on losing virginity.

These cases underscore the ’empathy gap’ in AI, where chatbots fail to respond appropriately to children’s unique needs and vulnerabilities.

The study proposes a 28-item framework to help developers create safer AI by working closely with educators and child safety experts. Kurian argues that AI has great potential if designed responsibly, but proactive measures are essential to protect young users.

OpenAI’s project Strawberry: Transformative AI sparks ethical debate

According to a Reuters report, the fairly new OpenAI project, Strawberry, is set to create giant waves in the research industry. The project, which some claim could be a renamed version of the company’s project Q* from last year, has been tagged as potentially having capabilities to navigate the net to conduct deep research.

The company’s representative confirmed to the news agency that the reasoning ability of their models will invariably improve with time. Just last Tuesday, employees of OpenAI were treated to a demo of a model with human-like reasoning capabilities. The meeting came on the heels of the negative commentary the company has faced for placing a gag order on employees for publicly exposing the dangers its innovations can potentially pose to humanity.  

Earlier in July, employees sent a seven-page letter to the US Security Exchange Commission (SEC) chair, Gary Gensler, detailing what they deem as risks OpenAI’s projects can pose to humans. The letter was tinged with urgency as the agency was advised to take swift and aggressive action against the company for violating current regulations.

US senators introduce COPIED Act to combat intellectual property theft in creative industry

The Content Origin Protection and Integrity from Edited and Deepfaked Media Bill, also known as the COPIED Act, was introduced on 11 July 2024 by US lawmakers, Senators Marsha Blackburn, Maria Cantrell and Martin Heinrich. The bill is expected to safeguard the intellectual property of creatives, particularly journalists, publishers, broadcasters and artists.

In recent times, the work and images of creatives have been used or modified without consent, at times to generate income. The push for legislation in the area was intensified in January after explicit AI-generated images of the US musician Taylor Swift surfaced on X

According to the bill, images, videos, audio clips and texts are considered deepfakes if they contain ‘synthetic or synthetically modified content that appears authentic to a reasonable person and creates a false understanding or impression’. If moved into legislation, the bill restricts online platforms where US-based customers frequent, and annual revenue of at least $50 million is generated or where 25 million active users are registered for three consecutive months.

Under the bill, companies that deploy or develop AI models must install a feature allowing users to tag such images with contextual or content provenance information, such as their source and history, in a machine-readable format. After that, it would be illegal to remove such tags for any other reason than research, use these images to train subsequent AI models or generate content. Victims will then have the right to sue offenders. 

The COPIED Act is backed by several artist-affiliated groups, including SAG-AFTRA, the National Music Publishers’ Association, the Songwriters Guild of America (SGA), the National Association of Broadcasters as well as The US National Institute of Standards and Technology (NIST), the US Patent and Trademark Office (USPTO) and the US Copyright Office. The bill also has received bipartisan support.

North Korean hackers funneled stolen crypto to Asian payment firm

According to blockchain data, a major Cambodian payments firm, Huione Pay, received over $150,000 in cryptocurrency from a digital wallet linked to the North Korean hacking group Lazarus. The funds were sent between June 2023 and February this year from an anonymous wallet used by Lazarus to launder money stolen from three crypto companies through phishing attacks. The FBI reported that Lazarus stole around $160 million from Atomic Wallet, CoinsPaid, and Alphapo last year to fund North Korea’s weapons programs.

Huione Pay, based in Phnom Penh, stated it was unaware of receiving funds indirectly from the hacks and cited multiple transactions between its wallet and the source as the reason. The company declined to explain why it had received the funds or provide details on its compliance policies. Despite blockchain tools allowing companies to identify high-risk wallets, Huione Pay claimed it had no control over the anonymous wallet’s transactions.

The National Bank of Cambodia (NBC) prohibits payment firms like Huione Pay from dealing with cryptocurrencies due to risks like money laundering and financing terrorism. The NBC indicated it might take corrective measures against Huione Pay. Meanwhile, US blockchain analysis firms reported that Huione Pay was among several platforms receiving stolen crypto, which was converted into different currencies, including tether (USDT), to obscure the money trail. Southeast Asia has become a hotspot for high-tech money laundering and cybercrime operations, highlighting the need for stronger regulatory measures.

Germany to exclude Huawei and ZTE from 5G network by 2029

Germany has finalised a significant agreement with telecom providers to exclude Chinese firms like Huawei and ZTE from its 5G network by 2029, announced Interior Minister Nancy Faeser. The decision, hailed as crucial for digital security in Europe’s largest economy, follows intensive negotiations with Deutsche Telekom, Vodafone, and Telefonica Deutschland. The aim is to safeguard Germany’s critical infrastructure from potential security risks associated with Chinese technology.

Faeser emphasised that Berlin informed Beijing about the agreement and did not anticipate retaliatory actions despite China’s embassy warning Germany of the consequences. The embassy criticised the move as an attempt to stifle competition, asserting that no conclusive evidence has been provided by any country regarding Huawei’s security risks.

The phased-out approach, initially removing Chinese technology from 5G core networks by 2026 and extending to components like antennas by 2029, marks Germany’s delayed adherence to the EU security measures. While telecom operators have resisted the costly transition, Huawei has condemned the politicisation of cybersecurity in Germany. The minister did not disclose further details of the agreement.

Indonesia begins data recovery after ransomware attack

Indonesia is starting to recover data encrypted in a significant ransomware attack last month, which impacted over 160 government agencies. The cybercriminals, identified as Brain Cipher, initially demanded $8 million in ransom but later apologised and released the decryption key for free, according to cybersecurity firm StealthMole.

The attack disrupted several government services, including immigration and primary airport operations. Officials acknowledged that much of the data had yet to be backed up. Chief Security Minister Hadi Tjahjanto stated that data for 30 public services across 12 ministries had been recovered using a ‘decryption strategy,’ though details were not provided.

The Communications Ministry is gradually restoring services and assets affected by the attack. It remains to be seen if the government used Brain Cipher’s decryption key directly. Neither Hadi nor Communications Minister Budi Arie Setiadi commented on the matter.

Ransomware attacks involve encrypting data and demanding a ransom to unlock it. In this case, the attackers used malicious software known as Lockbit 3.0.

US House committee releases TikTok hearing transcript

The US House has voted to release a transcript of a March hearing on TikTok’s security threats to aid the Justice Department in defending a law that mandates ByteDance, TikTok’s Chinese owner, to divest its US assets. The US government’s stringent approach follows the lawsuits from ByteDance and TikTok creators challenging the law, which was signed by President Biden and could ban TikTok in the US if divestiture isn’t completed by January 2025.

Representative Cathy McMorris Rodgers stated that intelligence officials at the March hearing warned of dangers from foreign-controlled apps like TikTok, which could misuse American data. Despite the law, China has not intended to relinquish control over such applications, suggesting potential nefarious uses against Americans.

TikTok criticised the legislative process, claiming it was secretive and rushed. The Justice Department is set to respond to the legal challenges by 26 July, with a court hearing scheduled for 16 September.

The courts halted a previous attempt to ban TikTok by former President Trump in 2020. The current efforts focus on national security concerns, citing the app’s extensive data collection and the risks posed by Chinese ownership.

UEFA European Championship causes shifts in internet traffic across Europe

According to Cloudflare analysts, European football fans watching the UEFA European Championship are causing noticeable changes in internet traffic within their countries. The most significant impact on internet usage was observed during the semi-finals, as fans tuned in to watch key matches. Cloudflare’s analysis, which began on 14 June and will continue until the final on 14 July between Spain and England, highlights how major sporting events broadcast on national TV can influence internet traffic patterns across Europe.

Cloudflare noted that traffic drops were particularly pronounced during critical moments of the matches, such as last-minute goals and penalty shootouts, with Spain and England experiencing significant reductions during the knockout stages. For instance, internet traffic in Spain decreased by 19% at the end of games, while England saw an 11% drop. Other countries, including the Netherlands and France, experienced the largest drops in the first half of the finals, with overall average declines of around 6% across participating nations.

Interestingly, while most nations saw reduced internet usage, some, like Ukraine, Poland, Romania, and Albania, experienced increases, likely due to unstable broadcast signals pushing fans online to watch the games. Despite the popularity of online services for live scores, sports news, and betting, national team football still needs to catch up on regular internet activities. Cloudflare, headquartered in San Francisco, emphasises that understanding these trends can help protect against cyber threats and maintain website availability globally.

NATO unveils new Cyber Defence Centre

NATO has announced the establishment of the NATO Integrated Cyber Defence Centre (NICC) at its headquarters in Belgium, aimed at bolstering the alliance’s cyber defence capabilities. The following move, unveiled during the 2024 NATO Summit in Washington, DC, comes as NATO marks its 75th anniversary. The NICC will serve to alert military commanders about potential cyber threats and vulnerabilities, enhancing the protection of NATO’s networks and operational use of cyberspace.

The decision to create the NICC is driven by the increasing frequency and sophistication of cyberattacks targeting NATO and its member nations, especially following the Russian invasion of Ukraine in 2022. Notable Russian cyber threat actors like APT 29 and APT 28, along with various hacktivist groups, have been responsible for major cyberattacks, including the 2020 SolarWinds hack and recent attacks on tech companies and the EU diplomatic entities.

NATO spokesperson Farah Dakhlallah announced the creation of the NICC on social media, highlighting its role in leveraging advanced technologies to boost situational awareness in cyberspace and enhance collective resilience and defence. The new centre will integrate civilian and military personnel from NATO countries and involve experts from the cybersecurity industry. Additionally, it will incorporate privately owned civilian critical infrastructure to support NATO’s military activities.

The NICC will be based at NATO’s Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium, home to NATO’s Allied Command Operations. Further details about the NICC and its operations are expected to be disclosed in the coming months.