Data Security and Privacy Concerns Increase as AI Advances; ChatGPT Produces More Than Just Outputs
Sara Magdalena Goldberger, CIPP/E, CIPM Global Lead Privacy, GRC, Cybersecurity
Privacy | Data Management | AI Governance | |Risk management | Privacy Governance | Functional CISO
The security of data used to train and run ChatGPT and AI, as well as potential privacy consequences if the data is handled improperly or is intercepted by bad actors, are among the main concerns surrounding these technologies.
Although Limited Memory/Generative AI has been around for a while, and recently we have seen remarkable progress in this area. One AI has gained prominence: #ChatGPT, a free chatbot developed by #OpenAI and made publicly available in November 2022. The abbreviation ChatGPT refers for "generative pretrained transformer." It is an AI chatbot created and trained to hold "natural" conversations using textual (documents and words) and reinforcement (human feedback) learning data. Simply enter a written prompt or query into ChatGPT, and it will react. Users get the impression that there is a conversation between two people. As the AI develops and learns, there have been several iterations of ChatGPT since its initial public release.
However, grave data security issues and legal ambiguity lurk in the otherwise fanciful vision of potential.
There are four main types of AI:
#Reactive and #Limited Memory/Generative AI fall under the “Narrow AI” umbrella, which is the type of AI that exists today. Limited Memory/Generative AI systems can only carry out the "narrow" tasks that have been assigned to them in their programming. Theory of Mind and Self-Aware AI, which are still in development, will be able to learn, perceive, and behave like humans.
The first two types of AI are discussed here:
Reactive AI:
The word "AI" refers to the initial algorithms that were just reactionary. Machines with reactive AI do not have memory-based capabilities, hence they are unable to learn from earlier experiences or data. These models were developed by mathematicians to process massive volumes of data that seemed to defy logic and yield statistical compilations. There are just a few input combinations for which reactive AI is useful. #Reactive #AI does not have a bank of stored scenarios from which it can draw to create its outputs, in contrast to humans who base their decisions on prior experiences.
Limited?Memory/Generative AI:
#Limited #Memory #Generative AI algorithms were created to mimic the receptors and connections found in the human brain. Meaning that AI computers could take in and store "training data" enhancing their results over time. Consider chat boxes, Siri and Alexa, Netflix recommendations, etc. All modern AI systems use and store enormous quantities of training data for potential future problem-solving.
ChatGPT and other market rivals (Amazon #Bedrock, Google's #Bard AI, and DeepMind's #Chinchilla AI) are still regarded as Limited Memory/Generative AI machines, while being significantly more advanced than their forerunners. However, as developers continue to enhance the AI and release new generations, the Limited Memory/Generative AI capabilities feel less and less "narrow."
Data Privacy and Security Issues
The security of data used to train and run ChatGPT and AI, as well as the potential privacy consequences if such data is exploited, are two of the main issues surrounding these technologies. In addition to manually entering data into the system, ChatGPT collects data from the internet. Importing information from other websites without their permission or knowledge is known as #data #scraping. If the data is useful for the user's query or prompt, it can then be accessed by any user.
By its very nature, ChatGPT stores large amounts of #PII as well as other sensitive data, including as a user's social media activity, browser history, credit scores, health information, company secrets, and financial information.
领英推荐
Additionally, because of the enormous amount of data it stores, ChatGPT itself turns into a desirable target for #hackers, which, if not well protected, might result in severe #data #breaches and #privacy #violations. A hacker could use ChatGPT's data pool to create more personalized and convincing #phishing messages or to carry out automated assaults against targets. Additionally, the AI chatbot can write computer code simply by being spoken to, making it simpler for malicious individuals without much coding experience to launch computer network attacks.
There are several broad protections in place in ChatGPT to stop the AI from being used in harmful ways. For example, the AI won't produce code for a user who requests that it "write code for a ransomware application." However, like with anything, cybercriminals are quick in picking up on how to get around ChatGPT's weak security measures. The quickest way is to phrase the request differently and steer clear of dangerous trigger words.
But Who Is Responsible?
ChatGPT’s Terms of Use actually increase users' worries about data security and privacy rather than address them.
In ChatGPT’s Terms of Use, users give permission to use any input for learning purposes and enhancing ChatGPT. Given the nature of generative AI, granting a licence to use input for training and learning isn’t excessive; rather, it is required for AI to get better over time. However, the content is susceptible to unauthorized access and use, data breaches and #cyberattacks if it is not adequately secured.
Additionally, users are completely and legally liable for any content they enter into ChatGPT, according to Section 3 of the Terms of Use. As a result, even though users have no control over how their input data is used or stored, or even insights of how it will be used, users are nevertheless responsible if any content entered into the system infringes on the rights of others, including their intellectual property or privacy rights.
Even if the user is not at fault, ChatGPT's #indemnity clause requires the user to take responsibility for any claims or losses (including settlement expenses and legal fees) that may result from their usage of the chatbot.
This means that individual users are financially accountable for such charges and expenses if OpenAI/ChatGPT is sued as a result of the individual's use of the chatbot. It is unclear whether such an indemnification clause would be upheld, but it is obvious that ChatGPT's Terms of Use impose substantial financial and legal obligations on its users.
Conclusion
This enormous technological breakthrough generates legal uncertainty and hazards, which may result in the emergence of a new regulatory environment in the months and years to come.
Even though ChatGPT and other AI tools have a lot of potential, it is vital to approach with caution as generative AI is increasingly interwoven into our professional, social, and private life.
Companies need to be mindful of data security and privacy risks posed, as well as the legal responsibility users automatically take on by using AI systems.
Businesses must adopt a proactive strategy and make an investment in strong, reliable data and cybersecurity solutions, such as encryption, access controls (e.g., #MFA), and monitoring tools to protect their data, in order to reduce and mitigate the dangers mentioned above. Businesses must also obtain the required consents and approvals in compliance with relevant data privacy legislation like the GDPR and CCPA. Companies must also establish clear privacy policies.
For the time being, companies may take advantage of ChatGPT and other generative AI machines while safeguarding themselves from potential hostile actors and limiting legal responsibility by putting the right safeguards in place.