Daily Tech Digest - February 09, 2024

India’s data protection law: Reimagining a new era of innovation led digital markets

E-commerce platforms would have to make changes in their user interfaces of websites and apps, with clearer communication with users for consent, processing, erasing or grievance addressal. Moreover, the e-commerce platforms will have to completely erase all personal data when the user refutes the continuity of consent or when the purpose intended is served. The platforms will also have to now carry out a verifiable parental consent mechanism to provide services to children below 18 years of age but cannot track or carry out behavioural monitoring of the child, unless exempted separately by the government. This is a complex subject, as many e-commerce platforms already follow due checks for ensuring parental control below a certain age. Moreover, payments in e-commerce for principals below 18 years of age would anyway require guardianship of a parent or legal guardian, as per mandated by RBI . E-commerce players, however, will still need to adopt the additional obligations. For AI systems, which are now becoming increasingly integral to the operations of e-commerce platforms, this means a shift towards more transparent and ethical data usage practices. 

Key strategies for ISO 27001 compliance adoption

ISO 27001 fundamentally breaks down to: “What information security risks do we face? How should we best manage them?”Just as the chicken may come before the egg, note that what should happen in this case is that you identify the risks first and then select the controls that help to manage those risks. You definitely don’t have to apply all of the controls, and nearly all organisations treat some, validly, as non-applicable in their Statement of Applicability. For example, businesses where all employees work remotely simply don’t have the full range of risks that can benefit from mitigation by the physical controls. When it comes to performance evaluation, it’s largely a case of working through the relevant clauses and controls and agreeing how good a job the organisation is doing trying to meet the associated requirements. The ones that are selected for monitoring, measurement and evaluation will depend on the type and size of the organisation and its business objectives. These are basically key performance indicators (KPIs) for information security and might include supplier evaluations and documented events, incidents, and vulnerabilities.

Breach Roundup: US Bans AI Robocalls

Telecom regulators voted unanimously Thursday to make AI-generated robocalls illegal under the 1991 Telephone Consumer Protection Act, which prohibits robocalls from using "artificial" voices. The new rule allows the FCC to order telephone carriers not to facilitate illegal robocalls and empowers individual consumers or organizations to file lawsuits against violators. The decision comes amid concerns that AI could be used to disseminate misinformation about the election. A robocall featuring a deepfake of President Joe Biden urging voters in New Hampshire to stay home on primary day caused controversy in January. The New Hampshire attorney general on Tuesday said he had identified the source of the calls as Texas-based Life Corporation and its owner, Walter Monk. State Attorney General John M. Formella said the calls had been routed through a provider called Lingo Telecom, also based in Texas. New Hampshire issued a cease-and-desist order to Life Corporation, and the FCC sent a cease-and-desist letter to Lingo Telecom. "Bad actors are using AI-generated voices in unsolicited robocalls to extort vulnerable family members, imitate celebrities and misinform voters," FCC Chairwoman Jessica Rosenworcel said in a statement.

Stifling Creativity in the Name of Data

Pitt challenges the notion that data and creativity are mutually exclusive. Builders should base decisions on both metrics and imaginative thinking. Focus obsessively on either, and you lose sight of the problem you aim to solve. "Data can contribute to developer improvement," Pitt concludes, "but developers should not solely rely on it." By the same token, visionaries in the throes of invention must temper flights of fancy with reality checks. Synthesis of human and machine intelligence unlocks maximum potential. But for Pitt, the human mind still reigns supreme when it comes to pushing boundaries and bringing new ideas to life. Software development draws its lifeblood from creative problem solvers who feel intrinsically rewarded by shipping inventive products. Data should inform and empower that mission, not impose limits or demand validation at every turn. The analytics will have their say, but imagination must lead the way. That balance, elusive as it may be, unlocks sustainable innovation as technology’s tides continue rising.

How Generative AI Will Change The Jobs Of Teachers

As generative AI reshapes the world of education, teachers will find their role evolving further away from being providers of knowledge and towards becoming learning facilitators. Perhaps the most significant shift in the role of educators will be an increased focus on nurturing skills such as critical thinking, creativity, and emotional intelligence. These skills will be paramount in a future where our worth is increasingly measured by our ability to perform tasks that machines cannot do or are not as proficient in. Beyond academic teaching, educators play a critical role in safeguarding the welfare of their students, a responsibility that extends far beyond the confines of traditional teaching. This involves not only protecting students from physical harm but also supporting their emotional and mental health, ensuring a safe and inclusive learning environment that fosters resilience and respect. The human touch provided by teachers becomes an indispensable pillar of education, emphasizing the irreplaceable value of empathy and understanding in nurturing well-rounded, emotionally secure individuals. Teachers will, of course, also have a very important role to play in making sure their students are able to use generative AI itself.

5 ways CIOs can help gen AI achieve its lightbulb moment

Being realistic means understanding the pros and cons and sharing this information with customers, employees, and peers in the C-suite. They’ll also appreciate your candor. Make an authoritative warts-and-all list so they can be clearly explained and understood. As AI advisors have pointed out, some downsides include the black box problem, AI’s vulnerability to misguided human arguments, hallucinations, and the list goes on. ... a corporate use policy and associated training can help educate employees on some risks and pitfalls of the technology, and provide rules and recommendations to get the most out of the tech, and, therefore, the most business value without putting the organization at risk. In developing your policy, be sure to include all relevant stakeholders, consider how gen AI is used today within your organization and how it may be used in the future, and share broadly across the organization. You’ll want to make the policy a living document and update it on a suitable cadence as needed. Having this policy in place can help to protect against a number of risks concerning contracts, cybersecurity, data privacy, deceptive trade practice, discrimination, disinformation, ethics, IP, and validation.

Why companies are leaving the cloud

The cloud had no way of delivering on the hype of 2010 to 2015 that gushed about lower costs, better agility, and better innovation. Well, two out of three is not bad, right? The cost of the cloud is where things usually go off the rails. The cloud is still the most convenient platform for building and deploying new systems, such as generative AI, and it also has the latest and greatest of pretty much everything. However, when enterprises run workloads and data sets using traditional infrastructure patterns, such as business applications that process and store data the same way they did when on-premises, there is a negative cost impact to using a public cloud. In other words, those who attempted to use the cloud as a simple host for their workloads and took no steps to optimize those workloads for their new location had much larger bills than expected. Moreover, they didn’t gain any real advantage by leveraging a public cloud for those specific workloads. The cloud is a good fit for modern applications that leverage a group of services, such as serverless, containers, or clustering. However, that doesn’t describe most enterprise applications.

The EU’s Artificial Intelligence Act, explained

In terms of data governance and protection, the EU Artificial Intelligence Act aligns with existing EU data protection laws, including the General Data Protection Regulation (GDPR), to ensure the ethical handling of personal data in AI systems. This includes provisions for data quality, security and privacy, ensuring that AI systems process data in a manner that respects user privacy and data protection rights. The act also provides specific guidelines for biometric identification, stressing the importance of safeguarding personal privacy and security, particularly in the handling of sensitive biometric data. Additionally, it categorizes certain AI systems as high-risk, necessitating stringent compliance and oversight to mitigate potential harms and risks associated with their use. The act establishes specific criteria for identifying and regulating high-risk AI systems. These criteria focus on AI applications that have significant implications for individuals’ rights and safety, like those used in critical infrastructure, employment and essential public services. The regulation mandates strict compliance standards and certification requirements for these systems, ensuring they meet high levels of safety, transparency and accountability. 

US creates advisory group to consider AI regulation

The consortium “will ensure America is at the front of the pack” in setting AI safety standards while encouraging innovation, US Secretary of Commerce Gina Raimondo said in a statement. “Together we can confront these challenges to develop the measurements and standards we need to maintain America’s competitive edge and develop AI responsibly.” In addition to the announcement of the new consortium, the Biden administration this week named Elizabeth Kelly, a former economic policy adviser to the president, as director of the newly formed US Artificial Intelligence Safety Institute (USAISI), an organization within NIST that will house AISIC. It’s unclear whether the coalition’s work will lead to regulations or new laws. While President Joe Biden issued an Oct. 30 executive order on AI safety, the timeline for the consortium’s work is up in the air. Furthermore, if Biden loses the presidential election later this year, momentum for AI regulations could stall. However, Biden’s recent executive order suggests some regulation is needed. “Harnessing AI for good and realizing its myriad benefits requires mitigating its substantial risks,” the executive order says. 

Chinese Hackers Preparing 'Destructive Attacks,' CISA Warns

The report says that Chinese hackers have exfiltrated diagrams and documentation related to operational technology, including SCADA systems, relays and switchgear - data "crucial for understanding and potentially impacting critical infrastructure systems," CISA said. Volt Typhoon actors in some cases had the capability to access camera surveillance systems at critical infrastructure facilities, it also said. The U.S. government and the Five Eyes intelligence-sharing alliance first publicly disclosed the existence of Volt Typhoon in May after cyber defenders had detected activity in Guam and the United States. The Pacific island is just hours away from Taiwan via airplane and is the site of two major American military bases. Microsoft, which also divulged the existence of Volt Typhoon in May, said the group has been active since mid-2021. ... "The information that we are releasing with this advisory is reflecting a strategic shift in PRC malicious cyber activity," Goldstein said. CISA has observed Chinese hacking groups moving away from espionage campaigns toward "prepositioning for future disruptive or destructive attacks," he added.

Quote for the day:

"All you need is ignorance and confidence and the success is sure." -- Mark Twain

No comments:

Post a Comment