November 17, 2023
In this Episode:
Marcel Brown: November 17th, 1970. Douglas Engelbart receives a U. S. patent for his XY Position Indicator for a display system, more commonly known as the computer mouse. Engelbart called his device a mouse because the cord looked like a tail.
Edwin Kwan: A popular WordPress plugin has been discovered to be vulnerable to a high-severity vulnerability. There are currently more than 600,000 websites that are using the vulnerable version and are potentially exposed to the vulnerability.
Katy Craig: As the European Union considers the way ahead for the AI Act, a critical question arises. Should the EU establish a dedicated office to oversee and manage it? The establishment of a dedicated office for AI regulation must find a balance between oversight and innovation, efficiency and flexibility, and harmonization and autonomy.
Olimpiu Pop: While a delay in the AI Act’s implementation may allow for more thorough consideration and balancing of various interests, it also runs the risk of leaving the EU unprepared to address the rapid advancements and potential risks associated with powerful AI technology.
Shannon Lietz: The win on the AI Act is the fact that the EU is going to put some capability behind it. It’s such a powerful forward motion for us in terms of the future of what we need for humanity. We’ve really got to start to establish some of the playing rules for how this becomes beneficial to everyone.
The Stories Behind the Cybersecurity Headlines
WordPress Plugin Exposes over 600K to Attacks
This is Edwin Kwan from Sydney, Australia.
The popular WordPress plugin ” WP Fastest Cache” is found to be vulnerable to an SQL injection vulnerability. This could potentially allow attackers to read contents of the database on the website.
The plugin provides caching functionality to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search. The plugin is used by over a million websites. The SQL injection vulnerability, which is tracked as CVE-2023-6063, has a severity score of of 8.6 and affects plugin versions 1.2.1 and below. There are currently more than 600,000 websites that are using the vulnerable version and are potentially exposed to the vulnerability.
The vulnerability has been fixed in version 1.2.2. WPScan will be releasing a proof-of-concept exploit on November 27, 2023 and all users of the plugin are strongly recommended to upgrade to the latest version as soon as possible.
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/
To Regulate Or Not To Regulate AI in EU
The European AI Act felt that finally something is moving with a different speed in the EU legislative block. A consensus emerged in the previous trilogue to implement tiered rules for these new models, emphasizing stricter regulation for the most impactful ones currently developed by non-European companies.
Last Friday, this took a different turn as Germany, France, and Italy started saying, “ney.” No, there is no coincidence that Mistral and Aleph Alpha are originally from two of the above countries.
The European AI legislation is at the crossroad. Why is it good to stall the legislation? The recent stalling of the EU AI Act, particularly around the regulation of foundation models and general -purpose AI systems, could be seen as a prudent move.
Firstly, the evolving landscape of AI technology necessitates a careful, measured approach. The EU AI Act is ambitious in its scope, attempting to regulate advanced AI models like GPT-4. However, rushing into legislation without fully understanding the technological and economic implications could backfire.
There are valid economic concerns, as highlighted by the French startup Mistral and German firm, Aleph Alpha. European AI industry, still in its nascent stage and lagging behind global leaders, could be disproportionately impacted by stringent regulations. Delay allows for a more nuanced approach, ensuring that regulations do not stifle innovation or hamper the competitive advantage of European AI firms.
Furthermore, focusing on the regulation of AI applications rather than infrastructure as suggested by Mistral CEO Arthur Mensch seems more practical. This approach could lead to a regulatory framework that is both effective in managing risk and supportive of technological advancement.
On the other hand, we should keep the momentum and be done with it.
The delay in finalizing the EU AI Act is a cause for concern. The rapidly advancing field of AI, particularly with the development of models like GPT-4 possess significant challenges in terms of privacy, security, and ethical use.
The lack of a regulatory framework leaves a vacuum that could be exploited, leading to unintended and potentially harmful consequences. Moreover, the delay could be seen as a capitalization in industry lobbying, particularly from companies like Mistral AI and Aleph Alpha.
This raises questions about the EU’s commitment to prioritizing public interest and safeguarding against the risks possessed by powerful AI systems.
The argument made by German doctoral students, Anton Leicht and Dominik Herm le is particularly compelling. They suggest that strong regulation of foundation models could actually be economically beneficial for the EU, countering the narrative that regulation would impede European AI development. By ensuring a level playing field and addressing the concerns of downstream deployers, comprehensive regulation could foster a more robust and responsible AI ecosystem in Europe.
So, while a delay in the AI Act’s implementation may allow for more thorough consideration and balancing of various interests, it also runs the risk of leaving the EU unprepared to address the rapid advancements and potential risks associated with powerful AI technology.
In the meantime, on 505updates.com you can find extra opinions and resources. Olimpiu Pop from Transylvania, Romania.
– Wikipedia: https://en.wikipedia.org/wiki/Artificial_Intelligence_Act
The EU AI Act: Win, Lose, or Draw
My first point is that with the AI Act specifically from the EU, I think it’s a good thing, for a few reasons. If we look at the win lose or draw on this, even the motion towards trying to come up with legislation around AI in particular is, to help with whether or not creators are protected or engines are protected.
For this one in particular, it’s friendly towards creators where it’s mostly focused on establishing transparency requirements. Why, right? What I think of when I look at that AI Act and how it actually comes together is that it’s very much like a pseudo blockchain. Or establishing some set of provenance for when somebody creates something and they register it into an engine, how it could be then transformed. How do we really provide that transparency into where it originated and what it turned into.
The win on the AI Act is that creators win with it being generated. is The fact that the EU is going to put some capability behind it, also provides enforcement powers for that.
The lose part of this is for any creator that could then become considered an infringer where copyright kind of comes into the mix. Some of my work talking about AI and the Law. This is where I’d say Joel McMull and I have had a conversation about copyright. Infringers lose in the case of transparency because now there will be enough provenance to say that original work of art was actually what was transformed by the engines.
That transformative exercise was that original work actually licensed, was the copyright, set up properly in terms of whether or not that work could be used with this new transformed art? The question in my mind is, if we don’t get the EU AI Act, doesn’t everybody lose?
That’s really where it lands is the draw on this is we’re still in the same place without the AI Act coming forward. That’s not necessarily a great place to be because right now there’s muddiness in the waters between privacy and security and consent and just what do you do with an AI engine?
It’s such a powerful forward motion for us in terms of the future of what we need for humanity, we’ve really got to start to establish some of the playing rules for how this becomes beneficial to everyone.
– Wikipedia: https://en.wikipedia.org/wiki/Artificial_Intelligence_Act
The EU AI Act: Three Arguments Against It
This is Katy Craig in San Diego, California.
One significant concern linked to a dedicated AI regulation office is the potential for bureaucratic overhead. This could slow down decision-making and increase administrative costs, which could stifle innovation in the fast-paced AI industry. This perspective underscores the need for an efficient regulatory framework that promotes innovation while addressing potential risks.
Another argument against a dedicated office for AI regulation revolves around flexibility. AI is a dynamic field with rapid advancements. A separate office might create rigid regulations that struggle to keep up with technological changes. And flexibility is not just about keeping up, it’s also about encouraging responsible innovation. By adopting adaptable guidelines, the EU can strike a balance between effective regulation and supporting AI’s growth.
Finally, there’s the potential fragmentation of authority. While harmonizing AI regulation across the EU is essential, centralizing authority may undermine individual member states’ regulatory autonomy. Member states may have unique concerns and industries influenced by AI, making a one-size-fits-all approach impractical. Decentralizing authority can also enhance accountability at the local level as regulators can better understand regional nuances. While harmonization remains crucial, it should not overshadow the importance of localized expertise and responsiveness.
The establishment of a dedicated office for AI regulation must find a balance between oversight and innovation, efficiency and flexibility, and harmonization and autonomy. By navigating these premises carefully, the EU can create a regulatory framework that fosters responsible AI development while unlocking its transformative potential.
This is Katy Craig. Stay safe out there.
– Gov Infosecurity: https://www.govinfosecurity.com/eu-will-stand-up-office-to-enforce-ai-act-says-eu-lawmaker-a-23329
– TechCrunch: https://techcrunch.com/2023/11/14/eu-ai-act-trilogue-crunch/
This Day, November 17, in Tech History
November 17th, 1970. Douglas Engelbart receives a U. S. patent for his XY Position Indicator for a display system, more commonly known as the computer mouse. Engelbart called his device a mouse because the cord looked like a tail.
The mouse was first prototyped in 1964, but it wasn’t demoed until 1968 and was not included with a commercial computer until the Xerox 8010 Star Information System in 1981.
Apple first brought the mouse to a personal computer with the Lisa in 1983. However, the mouse did not become ubiquitous until after 1984, when Apple’s Macintosh popularized the device.
November 18, 1963. Bell Telephone offers the first electronic push button telephones to customers in Carnegie and Greensburg, Pennsylvania. Dual tone multi frequency technology, or DTMF, also known as TouchTone, was introduced on the same day in order to accommodate the new push button telephones. It is interesting to note that the star and pound keys were not introduced until five years later in 1968.
That’s your technology history for this week. For more, tune in next week and visit my website, ThisDayInTechHistory.com.