At a glance.
- US-UK data sharing partnership comes into effect.
- AI Bill of Rights protects Americans from abusive algorithms.
- Over 2 million Australians impacted in Optus data breach.
- US DHS grant program supports SLT government cybersecurity.
US-UK data sharing partnership comes into effect.
On Monday an agreement between the governments of the UK and the US to join forces to fight cybercrime went into effect. Authorized by 2018’s Clarifying Lawful Overseas Use of Data (CLOUD) Act, the partnership is the first agreement of its kind, allowing law enforcement in both countries to share critical info in order to defend against digital crime. The press release from the Department of Justice states, “The Data Access Agreement fosters more timely and efficient access to electronic data required in fast-moving investigations, through the use of orders covered by the agreement. This will greatly enhance the ability of the United States and the United Kingdom to prevent, detect, investigate and prosecute serious crime, including terrorism, transnational organized crime and child exploitation, among others.”
The agreement specifies that neither nation can target residents from one country who are located in another. As Nextgov notes, the US has entered CLOUD agreements with other ally nations like Australia, and has worked with the UK previously on a privacy-enhancing technology program aimed at fighting financial crime.
AI Bill of Rights protects Americans from abusive algorithms.
Yesterday US President Joe Biden announced a new AI Bill of Rights, detailing five safeguards Americans should use to protect themselves from the unfair use of artificial intelligence. Created by the White House Office of Science and Technology Policy (OSTP), the document provides practical guidelines for government agencies aimed at curbing discriminatory or ineffective algorithmic decision-making, MIT Technology Review explains. Building on input from AI industry leaders, the white paper’s five principles state that users have the right to control how their data are used, to opt out of automated decision-making, to live free from ineffective or unsafe algorithms, to know when algorithms are being used, and to not be discriminated against by unfair algorithms.
Alondra Nelson, OSTP deputy director for science and society, told WIRED, “Technologies will come and go, but foundational liberties, rights, opportunities, and access need to be held open, and it’s the government’s job to help ensure that’s the case. This is the White House saying that workers, students, consumers, communities, everyone in this country should expect and demand better from our technologies.” However, the AI Bill of Rights does not have force of law, and while it provides guidelines for AI developers, it cannot actually hold them accountable. Annette Zimmermann, an expert in AI, justice, and moral philosophy, says in some cases, the most fair way to curb unfair use of AI is to avoid using it at all. “We can’t articulate a bill of rights without considering non-deployment, the most rights-protecting option,” she states.
Over 2 million Australians impacted in Optus data breach.
The public has been awaiting a clear answer from Australian telecom giant Optus regarding how many individuals were impacted in their recent data breach, and on Monday they disclosed that the number is approaching 2.1 million. Infosecurity Magazine reports that Singtel, Optus’s parent company, confirmed the compromised data included at least one number from a current and valid form of identification for each individual. The company also stated they would be employing Deloitte to conduct a forensic review of the incident. Optus CEO Kelly Bayer Rosmarin stated in a video message to customers, “We’re deeply sorry that this has happened and we recognize the significant concern it has caused many people. While our overwhelming focus remains on protecting our customers and minimizing the harm that might come from the theft of their information, we are determined to find out what went wrong.” Yet some are questioning Optus’s focus, Yahoo reports, as the company has engaged legal firm Slater and Gordon to take expressions of interest in legal action ahead of any potential lawsuits Optus might face as a result of the breach. Assistant Treasurer Stephen Jones told reporters yesterday, "The Australian people want to see Optus deal with the crisis instead of engaging and briefing lawyers. Their number-one priority should be communicating with customers and ensuring them they have put every step in place to ensure the bad situation, which resulted from their botch-up with the data handling, isn't made worse by having that lead to fraud and misuse of that data now."
US DHS grant program supports SLT government cybersecurity.
Last month the US Department of Homeland Security (DHS) announced a cybersecurity grant program for state, local, and territorial (SLT) governments. Nearly $1 billion was allocated for the program through the Infrastructure Investment and Jobs Act of 2021, which established the State and Local Cybersecurity Improvement Act “to help stakeholders across the country understand the severity of their unique local cyber threats and cultivate partnerships to reduce related risks across the SLT enterprise.” The Federal Emergency Management Agency (FEMA) issued a Notice of Funding Opportunity on September 16 detailing the detailed steps that governments must take to receive grants, including four objectives that must be met in order to qualify. While industry professionals have mostly applauded the program’s goals, some experts feel some questions have been left unanswered. Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm Critical Insight, told CSO Online, “I think there's an onus on these committees to not only do the straightforward thing, which is to identify the needs out in local government so that they can fund those, but also address the nuance around procurements, what products are going to be authorized, and how you get to be an authorized product. A lot of that is unclear.”