// HIGHLIGHT //
Geneva SDOs chime in: Standards are the answer to safe AI development
The safe development of AI seems to be on everyone’s minds these days. If you’ve been reading any tech-related news, you’re probably aware of Pause giant AI experiments: An open letter. (Sidebar: if you haven’t read it, tech experts, including Elon Musk, Steve Wozniak, and Yuval Harari are asking tech giants for a six-month pause in the training of AI systems more powerful than GPT-4, until we can ensure that their effects will be positive and their risks manageable.). The letter has encountered criticism; for example, Bill Gates believes that pausing AI development won’t solve the challenges and would be difficult to enforce. Ex-Google CEO Eric Schmidt commented that such a pause ‘will simply benefit China’.
So far, the letter hasn’t achieved much in practice as companies clearly continue competing in AI – just in the past week, Meta released an AI model that can identify items within images, Microsoft rolled out an AI image generator in Edge, Alibaba invited businesses to test its chatbot Squirrel AI, and Qualcomm and Nvidia sparred for the top spot in AI chip efficiency tests.
Three key Geneva-based international standards-developing organisations (SDOs) chimed in. In their reply to the open letter, the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), and the International Telecommunication Union (ITU) highlight the role that standards can have in safe AI development. Standards underpin regulatory frameworks, provide ‘appropriate guardrails for responsible, safe, and trustworthy AI development’, and ‘can help mitigate the risks associated with AI systems and ensure that they are aligned with societal values and expectations’. The three SDOs invited interested stakeholders to join the work of developing consensus-based international standards and encourage their adoption.
But international standards take time to develop. and their uptake by the industry is very much a voluntary matter (there are some exceptions when regulations may require compliance with specific standards). So some countries have started taking matters into their own hands to at least alleviate data privacy concerns: After Italy’s much-talked-about (temporary) ban of ChatGPT, privacy regulators in France, Ireland, and Switzerland reached out to Italian ones to find out more about the basis of the ban, and Germany is considering a ban as well.
The company behind ChatGPT, Open AI, has since offered remedies in Italy, having committed to enhancing transparency in using personal data and existing mechanisms to exercise data subject rights and safeguards for children.
But the company may also have to offer remedial measures in Canada, where the Office of the Privacy Commissioner of Canada will investigate a complaint alleging that OpenAI collected, used and disclosed personal information without consent.
More countries are keeping a close eye on generative AI (rhyme not intended). The UK’s Information Commissioner’s Office (ICO) has stressed that organisations developing or using generative AI must approach data protection by design and default and outlined eight important questions that developers and users should consider. Switzerland’s Federal Data Protection and Information Commissioner had a similar message, advising users to examine the purposes for which text or images they upload are used and reminding companies that employ AI to observe data protection legislation.
Will more countries follow with their own warnings? Almost certainly.
// TIKTOK //
Bans, lawsuits, fines and investigations
The latest in the slew of bans on TikTok comes from Australia, which opted to ban the app on government devices, similar to its Five Eyes intelligence allies and multiple European countries. Albania is also contemplating such a ban.
TikTok has been blasted for allowing children under 13 to use its app, contradicting its terms of service. In the last week, it has been fined for this reason in the UK and sued in Portugal. The UK fine includes collecting children’s data without parental consent.
Another lawsuit has been filed in Portugal against TikTok for ‘misleading commercial practices’ and ‘opaque privacy policies’.
Vietnam, TikTok’s sixth biggest market, is also set to open an investigation into the platform because of the harmful content and false information that its algorithm can suggest. If it’s found guilty, strict fines will be imposed.
TikTok seems to be in the direst straits in the USA, where a general ban on the app is being contemplated. A top TikTok lawyer reportedly laughed when an employee asked about the ban. Will he have the last laugh?
// CYBERSECURITY //
UK reveals details of its cyber operations
The UK National Cyber Force (NCF) disclosed how it conducts ‘responsible cyber operations to counter state threats, support military operations, and disrupt terrorists and serious criminals’.
The document Responsible cyber power in practice highlights that the NCF’s cyber operations are accountable, precise, and calibrated, i.e. conducted in a legal and ethical manner, timed and targeted with precision, with their intended impact carefully assessed.
The NCF’s approach to adversarial cyber operations is based on the ‘doctrine of cognitive effect’ – using techniques that have the potential to sow distrust, decrease morale, and weaken the targets’ ability to plan and conduct their activities effectively, with the goal of changing their behaviour.
The NCF highlighted that its operations are covert, and the intent is that adversaries do not realise that the effects they are experiencing are the result of a cyber operation, which is why it was not forthcoming with details. The NCF did state that it has protected military deployments overseas; disrupted terrorist groups; countered sophisticated, stealthy and continuous cyber threats; countered state disinformation campaigns; reduced the threat of external interference in democratic elections; and removed child sexual abuse material from public spaces online.
Operation Cookie Monster seizes criminal marketplace Genesis Market
A joint international law enforcement operation has seized the Genesis Market, a dark web market which offered access to over 80 million account access credentials such as usernames and passwords for email, bank accounts, and social media. The operation, led by the US FBI and the Dutch National Police, involved 17 countries and was codenamed Operation Cookie Monster.
Can sharks eat the internet?
Well, no, not really. But the headline gets us all thinking about the extreme vulnerability of the undersea infrastructure on which the digital world relies, Diplo’s director Dr Jovan Kurbalija writes.
Can AI beat human intuition?
Check for yourself! What does your intuition tell you: did AI write text A or text B in this blog post?
Latest edition of Digital Watch newsletter
The freshly published April issue of our monthly newsletter on digital policy includes: a look at TikTok coming under fire from several countries due to data privacy and national security concerns, a look at how ChatGPT-4 model is pushing the boundaries of AI development, and a summary of OEWG 2021-2025 continued to discuss cybersecurity at its fourth substantive session.
