Groping toward appropriate regulation of AI. Data regulation and its offensive potential. – The CyberWire

Posted: September 4, 2021 at 6:09 am

At a glance.

Wired traces the influences shaping the EUs proposed Artificial Intelligence Act, which is expected to impact policy internationally, as has the GDPR. The legislation would categorize AI applications by risk level and more closely control high risk systems.

Critiques of the bill fall along predictable lines. Some human rights groups want stricter controls and worry about law enforcement, education, health care, public surveillance, border security, social scoring, insurance, transhumanism, and subliminal manipulation applications. They point to the power disparity between those wielding the tools and those on the receiving end, and highlight existing abuses.

Some industry groups describe the law as overbroad, fearing it will impose unmanageable costs, interfere with basic business functions, squash innovation, and drive away talent. Competing studies put total compliance costs between 1.6 and 10 billion yearly.

The EU hopes the bill will level the playing field and spur growth while promoting principled business decisions. Meanwhile, the US is developing its own guidelines and regulations, including a National Institute of Standards and Technology tool and an Algorithmic Accountability Act. In the background, as always, looms Chinese innovation, and what strategic advantages authoritarian rivals will achieve while the West puzzles out competing interests and ethical dilemmasexercising a soft advantage of its own.

Breaking Defense reiterates concerns that the vulnerability disclosure component of Beijings Data Security Law (DSL) will help the CCP stockpile zero days for use against state and private sector targets. As weve seen, the legislation directs researchers, companies, and foreign firms with local offices to disclose to the Ministry of Industry and Information Technology within forty-eight hours uncovered zero days, and restricts their further distribution. Microsoft and Amazon Web Services, both of which contract with the US Defense Department, are covered by the regulation.

Heritage Foundation China scholar Dean Cheng sees the move as an instance of lawfare, or legal warfare, and says Beijing is 100 percent likely to weaponize the disclosed vulnerabilities. Georgetown University security researcher Dakota Cary observed that theyve effectively co-opted a pipeline of research, which costs a great deal of money to do, in order to increase their own offensive and defensive hacking capabilities.

The DSL, Fortune notes, also prohibits unapproved cross-border data transfers. The law took effect yesterday.

SWI reports that Switzerland is working to establish a rapid reaction cyber defense command center staffed by roughly six-hundred military personnel with new capacities to protect private sector and critical infrastructure assets. The center will deliver informational, logistical, and technical capabilities.

Link:
Groping toward appropriate regulation of AI. Data regulation and its offensive potential. - The CyberWire

Related Posts