At a glance.
- European data regulators continue to address ChatGPT.
- Montana could be the first US state to ban TikTok.
- Advocacy group for white-hat hackers.
- How secret is “top secret”?
European data regulators continue to address ChatGPT.
As we previously discussed, Last month Italy’s data protection authority ordered ChatGPT to stop processing Italian user data amid allegations that the popular chatbot was violating the General Data Protection Regulation by using public user data for training its AI. Now, TechCrunch reports, the Italian regulator has issued a set of compliance demands that ChatGPT parent company OpenAI must meet in order to lift the order. Among the requirements, OpenAI must publish an information notice detailing its data processing, implement age gating to prevent minors from using ChatGPT, state its legal basis for using user data for training its AI, and provide a way for users to opt out of allowing OpenAI to use their data for this training. For most of these demands, Italian officials are giving OpenAI until April 30 to comply, and until May 31 to submit a plan for implementing the age verification tech. In a press release, the Italian regulator stated, “Only in that case will the Italian SA lift its order that placed a temporary limitation on the processing of Italian users’ data, there being no longer the urgency underpinning the order, so that ChatGPT will be available once again from Italy.”
Meanwhile, Reuters reports that the European Data Protection Board (EDPB) announced yesterday that it has established a task force to focus on ChatGPT. The statement said, "The EDPB decided to launch a dedicated task force to foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities." Along with Italy, EU countries including Germany and Spain have expressed concerns about OpenAI’s data handling, and an anonymous source at one European privacy watchdog said the task force will aim to unify member states’ policy positions.
(Added, 5:45 AM ET, May 1st, 2023. Aaron Mendes, CEO & Co-Founder of PrivacyHawk, commented on one challenge: can AI forget data on which it's been trained? "Governments are increasingly concerned about personal data being used to train AI models like ChatGPT," he wrote. "These actions can violate privacy regulations and subject consumers to the dangers of future use of their data beyond today’s comprehension. While regulators are working to prevent malicious use of personal data, individuals must also take responsibility to reduce their digital footprint to protect their private data, as regulations can only solve part of the problem. The growing use of consumer data to train AI models means consumers must be empowered to control how their personal information is used by regulators and private sector services”.)
Montana could be the first US state to ban TikTok.
As we’ve discussed, US lawmakers are considering a federal ban of Chinese-owned video streaming platform TikTok, and the New York Times reports that one state might already be setting a precedent. In response to concerns that the popular app might share US user data with Beijing, in February Montana introduced a bill to block the app, and it was approved by the State Senate last month. The State House is scheduled to consider the bill this week, and insiders say it has a strong chance of passing after two more votes. A fierce lobbying battle has been brewing over the bill, with supporters appearing at hearings, and TikTok urging users to contact Montana’s Republican governor, Greg Gianforte, to voice their opposition. Some say Montana offers a sneak peek of what’s in store for the US as a whole if a federal bill is introduced and in addition to backlash from TikTok’s supporters, legal and technical hurdles could make it difficult for a national ban to cross the finish line. Montana’s attorney general, Austin Knudsen, whose office drafted the state bill, stated, “We’re under no illusions that this is not going to get challenged. I think this is the next frontier in First Amendment jurisprudence that’s probably going to have to come from the U.S. Supreme Court. And I think that’s probably where this is headed.”
Advocacy group for white-hat hackers.
A new advocacy group called the Hacking Policy Council was launched in the US yesterday, and its goal is to ensure that good-faith cybersecurity researchers are not punished for their actions. These white-hat hackers test digital networks for vulnerabilities in order to report them and find ways to resolve them before they become an issue, and until now, these cyber vigilantes have lacked a coordinated body to help protect them from criminal prosecution. Ilona Cohen, chief legal and chief policy council at HackerOne and member of the new council, told CyberScoop, “There hasn’t really been an advocacy group focused primarily on hackers. There are advocacy groups for reptile owners but not hackers, so that seems like a miss — and we’re here to remedy that.”
How secret is “top secret”?
The shocking revelation that a US Air National Guard member leaked sensitive Pentagon intelligence has led the US Department of Defense (DoD) to issue a memo to senior Pentagon leadership, combatant command heads, and “defense agency and DoD field activity directors” detailing the force’s responsibilities when it comes to handling classified data. Signed by Deputy Defense Secretary Kathleen Hicks, the memo reads, “Do not access or download documents with classified markings from unclassified websites —either from home or work. As the data may be classified, it may be associated with hostile foreign elements, or it may contain malicious code or embedded capabilities that could introduce cyber threats into our information systems.” Military Times adds that the memo also instructs troops to notify the Defense Department if they are contacted by the media or congressional members. It goes on to remind military personnel, “Personnel with access to classified information are trusted stewards of that information and the responsibility to safeguard classified information is a lifetime requirement for each individual granted a security clearance.”
The New York Times notes that the arrest of Jack Teixeira, the airman allegedly responsible for the data leak, has generated much debate about security clearances and the handling of classified data in the US. “Top secret” clearance allows access to highly sensitive government intelligence, and it is granted to over six hundred generals in the various services, as well as some of their military aides, colonels who work in the Pentagon, captains of Navy ships, some junior officers, and, like Teixiera, enlisted service members working in intelligence units. Evelyn Farkas, the top Defense Department official for Russia and Ukraine during the Obama administration, states, “Clearly, too many people have access to too much top secret information.”