At a glance.
- What counts as "high risk" AI?
- Data regulation and its offensive potential.
- Switzerland plans a cyber defense center.
Regulation of AI and the question of “high risk.”
Wired traces the influences shaping the EU’s proposed Artificial Intelligence Act, which is expected to impact policy internationally, as has the GDPR. The legislation would categorize AI applications by risk level and more closely control “high risk” systems.
Critiques of the bill fall along predictable lines. Some human rights groups want stricter controls and worry about law enforcement, education, health care, public surveillance, border security, social scoring, insurance, transhumanism, and subliminal manipulation applications. They point to the power disparity between those wielding the tools and those on the receiving end, and highlight existing abuses.
Some industry groups describe the law as overbroad, fearing it will impose unmanageable costs, interfere with basic business functions, squash innovation, and drive away talent. Competing studies put total compliance costs between €1.6 and €10 billion yearly.
The EU hopes the bill will level the playing field and spur growth while promoting principled business decisions. Meanwhile, the US is developing its own guidelines and regulations, including a National Institute of Standards and Technology tool and an “Algorithmic Accountability Act.” In the background, as always, looms Chinese innovation, and what strategic advantages authoritarian rivals will achieve while the West puzzles out competing interests and ethical dilemmas—exercising a soft advantage of its own.
China’s data security law seen as having a potential offensive utility.
Breaking Defense reiterates concerns that the vulnerability disclosure component of Beijing’s Data Security Law (DSL) will help the CCP stockpile zero days for use against state and private sector targets. As we’ve seen, the legislation directs researchers, companies, and foreign firms with local offices to disclose to the Ministry of Industry and Information Technology within forty-eight hours uncovered zero days, and restricts their further distribution. Microsoft and Amazon Web Services, both of which contract with the US Defense Department, are covered by the regulation.
Heritage Foundation China scholar Dean Cheng sees the move as an instance of “lawfare,” or “legal warfare,” and says Beijing is “100 percent” likely to weaponize the disclosed vulnerabilities. Georgetown University security researcher Dakota Cary observed that “they’ve effectively co-opted a pipeline of research, which costs a great deal of money to do, in order to increase their own offensive and defensive hacking capabilities.”
The DSL, Fortune notes, also prohibits unapproved cross-border data transfers. The law took effect yesterday.
Switzerland plans cyber defense center.
SWI reports that Switzerland is working to establish a “rapid reaction” “cyber defense command center” staffed by roughly six-hundred military personnel with new capacities to protect private sector and critical infrastructure assets. The center will deliver informational, logistical, and technical capabilities.