Newsletter

open source and cybersecurity news

December 15, 2023

It's 5:05, December 15, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown: December 16, 2003. The CAN SPAM Act of 2003 is signed into United States law. Passed in an attempt to control the growing deluge of junk email, the law’s effectiveness is dubious at best. Especially considering political spam is exempt from the law.

Edwin Kwan: Apple will soon be introducing a stolen device protection feature, which is aimed at enhancing security if an iPhone is stolen, particularly in scenarios where thieves obtain the device passcode.

Katy Craig: Today, we’re diving into a significant milestone in AI regulation: the European Union’s recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences.

Olimpiu Pop: The EU AI Act, with all its ups and downs, is the first one in the world, and it will be the baseline. Can the slow legislative apparatus keep pace with the lightning speed of AI tech space?

Shannon Lietz: It’s an interesting time to be looking at AI, using AI, and trying to make sense of what it could mean for you. The question is, which use cases is it most well suited for? And are the producers of AI capabilities such as OpenAI and its competitors actually looking at which use cases should be allowed? Which ones are allowed to be adopted?

Trac Bannon: The EU is taking the global lead when it comes to AI governance. In the US, there are many discussions and hearings happening about AI policy at different levels of the government, but nothing cohesive and nothing comprehensive.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Apple Beta Testing Stolen Device Protection Feature

Apple will soon be introducing a stolen device protection feature, which is aimed at enhancing security if an iPhone is stolen, particularly in scenarios where thieves obtain the device passcode.

This is Edwin Kwan from Sydney, Australia.

The feature is currently in beta testing and relies on biometrics via Face ID or Touch ID and geolocation data. It blocks unauthorized access to Apple ID passwords, security settings, and passwords stored in the iCloud keychain. Notably, attempting to change Apple ID passwords or modify security settings away from familiar locations trigger a two-step biometric authentication process with a one-hour security delay.

Users can opt in through the settings app once the feature becomes available. It is currently in beta testing and set to roll out with iOS 17.3, which is expected for public release in January or February 2024.

Resources
– Mac Rumors: https://www.macrumors.com/2023/12/12/ios-17-3-stolen-device-protection-feature/

 

Marcel Brown
This Day, December 4, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown with your technology history for December 15th and 16th.

December 15th, 1994. Netscape Communications Corporation releases Netscape Navigator 1.0, the world’s first commercially developed web browser, although this particular version was free for non commercial use.

December 15, 1995. Developed by researchers at Digital Equipment Research Laboratories, the AltaVista search engine is launched. It was the first World Wide Web search engine to gain significant popularity. One of the most popular search engines in the early World Wide Web, Google didn’t overtake AltaVista until 2001.

AltaVista was eventually purchased by Yahoo! in 2003.

December 16, 2003. The CAN SPAM Act of 2003 is signed into United States law. Passed in an attempt to control the growing deluge of junk email, the law’s effectiveness is dubious at best. Especially considering political spam is exempt from the law.

That’s your technology history for the week. For more, tune in next week and visit my website, ThisDayInTechHistory.com.

Resources
This Day in Tech History: https://thisdayintechhistory.com/12/04

 

Katy Craig
EU AI Act: Significant Milestone in AI Regulation

Katy Craig, Contributing Journalist, It's 5:05 PodcastToday, we’re diving into a significant milestone in AI regulation: the European Union’s recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences.

This is Katy Craig in San Diego, California.

The AI Act is the world’s first comprehensive framework regulating AI use. It targets AI tools like ChatGPT and biometric surveillance, mandating strict compliance for high-risk AI systems. The Act aims to safeguard health, safety, fundamental rights, and democracy, but its broad scope also sparks debates about overreach and stifling innovation.

Some potential pitfalls?

– Innovation Stifling. One concern is that the Act could hamper AI development. Overregulation might create bureaucratic hurdles, discouraging startups and smaller companies from innovating in the AI space. This could lead to a monopolization by larger firms that can navigate these regulations more easily.

– Surveillance Overreach. While the Act restricts real-time biometric surveillance, exceptions for law enforcement could open doors to over-surveillance. Imagine a scenario reminiscent of Black Mirror’s Nosedive episode, where biometric data is used to monitor citizens every move, possibly leading to misuse in the name of public safety.

– An AI bias and discrimination. Despite its focus on fundamental rights, the Act might not fully address inherent biases in AI. This could lead to scenarios like in Metalhead from Black Mirror, where AI meant for protection ends up causing harm due to flawed programming or bias.

As we navigate this new era of AI governance, it’s crucial to balance regulation with innovation. The EU’s AI Act is a pioneering step, but it’s vital to remain vigilant about potential dystopian outcomes. Can we govern AI without stifling its potential or infringing on personal freedoms? Only time will tell. Stay tuned for more discussions on the evolving landscape of AI governance.

This is Katy Craig. Stay safe out there.

Resources
– Europa: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473

 

Tracy (Trac) Bannon
EU AI Act: Does it Leave U.S. in the Dust?

Trac Bannon, Contributing Journalist, It's 5:05 Podcast

The EU is taking the global lead when it comes to AI governance. It has taken two years to pass the comprehensive AI legal framework, the EU AI Act. While the US is often at the forefront of technical research and discovery, its approach to technology governance, particularly in AI, is fragmented and less prescriptive.

Hello, this is Trac Bannon reporting from Camp Hill, Pennsylvania.

The EU AI Act represents a comprehensive, legally binding framework that categorizes AI systems by risk and sets strict standards for their use. It is by no means perfect, though it is proactive and unified.

In the US, there are many discussions and hearings happening about AI policy at different levels of the government, but nothing cohesive and nothing comprehensive. The US seems to be focused on promoting AI innovation and leadership. This is uber important, but it is a very slippery slope to continue the forward charge without legal guardrails. The US approach is also very distributed. I am personally an advocate of distributed leadership and decentralized governance to protect us all from a single and likely unmanageable federal entity.

The EU’s delivery of this legislative framework will have direct impacts on our US decision makers. For example, the EU’s comprehensive approach could push the US away from the current sector-specific guidelines and towards a more unified set of regulations.

US companies that do business with the EU will need to comply with the EU regulations. This could mean significant changes in how AI is developed and used. The US will likely see legal and ethical issues such as data governance, bias management, model transparency, and intellectual property rights arise.

We will, no doubt, see calls for transatlantic collaboration. The key will be balancing innovation and regulation. The EU’s AI legislation may steer the US towards a more global perspective in AI development, particularly in areas where AI intersects with global issues like climate change and cybersecurity. It’s not just about local markets anymore.

The EU directive may catalyze a renewed focus on AI ethics and human rights in the US. Our focus on personal liberty, freedom, and privacy rights have set us apart for generations. That said, the US and her allies must continue to foster and lead innovation to stay ahead of our peer adversaries.

Time will tell if the EU’s AI Act will clip the wings of US AI innovation. I personally hope that the US is inspired by the EU’s leadership and accelerates accountability without treading on our inalienable rights. For the US, the balancing act will need to continue.

Something to noodle on.

Resources
– Europa: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473
– Technology Review: https://www.technologyreview.com/2023/12/11/1084942/five-things-you-need-to-know-about-the-eus-new-ai-act/
– House Oversight: https://oversight.house.gov/hearing/white-house-policy-on-ai/
– House Engery of Commerce: https://energycommerce.house.gov/events/full-committee-hearing-leveraging-agency-expertise-to-foster-american-ai-leadership-and-innovation
– Mayer Brown: https://www.mayerbrown.com/en/perspectives-events/publications/2023/12/eu-ai-act-european-parliament-and-council-reach-agreement

 

Shannon Lietz
EU AI Act: Win, Lose, or Draw?

Shannon Lietz, Contributing JournalistHi, this is Shannon Lietz reporting from San Diego, California. Unless you’ve been hiding under a rock, you’ve become aware of the EU AI Act that’s recently taken headlines. Very interesting from my perspective, considering the win, lose, or draw. It’s an interesting time to be looking at AI, using AI, and trying to make sense of what it could mean for you.

Many people are realizing lots of value, they’re cutting down their time on producing and creating. It’s a great time to be thinking about AI. The question is, which use cases is it most well suited for? And are the producers of AI capabilities such as OpenAI and its competitors actually looking at which use cases should be allowed? Which ones are allowed to be adopted? Why? What are the repercussions of those?

I think The EU Act actually brings a whole bunch of these questions to the forefront and there is some thought leadership in it. That said, we see that several companies, countries and companies are really questioning whether it’s got value, whether the EU can truly bring enough regulatory change to this discipline.

And I think That’s really an interesting question overall. Companies like OpenAI have pushed out Generative AI capabilities. They’ve really taken the world by storm. And at the cost of resilience and errors from the perspective of the buyer.

Sure, we’re all adopting it. It’s been high velocity. There’s lots of change happening. Sometimes we’re trying to catch up with what we’ve learned from just a few weeks ago.

The win perspective of the EU AI Act, likely an employee benefit. Meaning, companies are going to need to hire folks to help them to be better at the EU AI Act and what it requires. So those in cybersecurity right now, you should be actually thinking about what you’re going to do when it comes to AI.

Another win potentially, consumers over the long run , having better AI capabilities with more resilience, less quality problems. That is a good thing.

Now, the lose. Ultimately, in the long run, companies that have left a trail of debt, meaning cybersecurity challenges, haven’t licensed some of their training data, have had copyright infringement lawsuits pursued. That all basically stipulates that big AI, this notion of companies that are large and pursuing revenue change and adoption at velocity, are essentially doing so with less resilience and quality associated with that AI. Meaning They’re going to have to pay it back at some point.

And the draw , well,, we’re currently in that. We’ve talked about this a bunch in this segment on POV Fridays. The draw is consumers right now are adopting and learning and thinking about how they might innovate with AI. With a bit of a slowdown, these companies will have less velocity on change and maybe even the market won’t correct as quickly where companies are trying to pursue another EU based legislation similar to GDPR.

So my perspective is, if you’re in the middle of this trying to make sense of it, lots of folks will win, lots of folks will lose. But what will happen with AI? I believe that we’re going to continue to see some of the capabilities of AI advance, and some of the capabilities of AI being heavily enforced for regulatory compliance, so that we can get the benefit out of it in the long run.

This is Shannon Lietz reporting for the Win, Lose, or Draw from San Diego, California.

Resources
– Europa: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473

 

Olimpiu Pop
EU AI Act: A Baseline for Regulation

Olimpiu Pop, Contributing JournalistThe journey of the European AI Act started in April 2021 and it looked like smooth sailing. That came to a finish last month in the 5th trialogue when no consensus was reached on foundation models and proposed exemptions on high-risk AI systems. The opponents were Germany, the country with the biggest GDP in the EU, France, the country with the biggest ego in the EU, and Italy, the country with the best pasta in the EU and the only European country that banned ChatGPT for a period.

The EU accounts for a sixth of the global GDP, a bit more if we consider Norway, Switzerland and the UK- European countries by definition, but not members of the European bloc. But it still lags in terms of innovation, especially in the AI space. Truth be told, there is a huge gap between the academic research and the industry. So, we can think about it, and overthink it sometimes, but we fail at translating it into useful stuff.

The general feeling is that with current legislation, the previously named countries were trying to create some advantage for the companies on their turf that might have a chance to grab a piece of the AI pie.

As we are talking about politics, I will not discuss the fairness of it all, but I think Europe has a future in the tech space. As usual, it started slow. It faced some setbacks with Brexit. London was the capital of global FinTech, but now it’s growing at a steady rhythm. France, for instance, has many investments in the artificial intelligence space and the ecosystem is growing. Also, Europe became a target for global talent. Lately, the trend has reverted and people are targeting the EU.

Do we, Europeans, have a chance in the AI race? The latest news seems to think so. Mistral open-sourced the model that they claim to be the best 7 billion parameter model. Tests say so as well. Not bad for a company that started just months ago. Investors hint that as well, as Anderson Horowitz just invested 500 billion EUR into the French company.

Now, what am I wondering as a tech person and a European? Can the slow legislative apparatus keep pace with the lightning speed of AI tech space? Looking at how fast things have changed in the last year, I have big doubts. Especially as we intend to build a new AI authority to help enforce the en-route legislation. Also, we are a federation of 27 countries, each with their own agenda. On the other hand, the European bloc promised huge research funding as well to go hand-in-hand with the legislation, we are talking billions, in a period when the global financing well seems to have dried out.

All in all, the EU AI Act, with all its ups and downs, is the first one in the world, and it will be the baseline. I expect other countries to follow suit. Some will be more restrictive, others less. Will Europe be avoided by big tech companies? I don’t think so. Regardless of the quantum of the fines tech companies paid until now to the bloc, they are still here, and they’ll be here.

Olimpiu Pop stated his opinion from Transylvania, Romania, the EU. For more resources and opinions, reach out to 505updates.com.

Resources
– Europa: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473

Contributors:

Comments:

Leave the first comment

Newsletter