Cyber Scene #83 - AI Abounding: Worldwide Regulation, Home and Abroad
Cyber Scene #83 -
AI Abounding: Worldwide Regulation, Home and Abroad
In the cyber world, ubiquitous AI is expanding in leaps and bounds from Peoria to Beijing. Even as technological developments run up against state, national or regional constraints, we may find that the economic outcome, challenging as it could be to some tech sectors, is likely to survive and thrive. Cybersecurity and particularly the new tech applications of AI are in fact concerning for offense and defense purposes, but not likely because of estrangement from China or a perception of an increase in US protectionism.
This Cyber Scene will focus on regulatory initiatives in the US, the EU and China. Regulatory intervention can impact developments. It can be applied both in new ways and trigger constraints to some extent, ideally, without building inaccessible barriers. To share or not to share--that is the question.
One perspective raises the question of how much more, or less, regulation is needed. The Washington Post's Cristiano Lima on 24 August reported on a legal case presented to, and dismissed, by a federal judge. A Republican National Committee (RNC) lawsuit alleged that "…Google's email spam filters illegally suppressed their missives, dealing the campaign group a crushing blow in a lengthy battle that has riled conservative lawmakers in Washington." This is one of many current judicial perspectives on cyber regulation including the following one.
At the state level, New York City has successfully banned the use of government-owned devices for TikTok, as reported by the New York Time's Sapna Maheshwari. This decision was repeated in a "wave of states and federal agencies banning TikTok from government-owned devices" following US Cyber Command's determination that the app "…posed a security threat to the city's technical networks." The TikTok app is owned by ByteDance, a Chinese company. Montana has also passed a recent bill eliminating TikTok across the entire state. This is being challenged by TikTok before the bill becomes effective on January 1, 2024.These are merely examples of many issues that arise at the local, state, national or international level.
As the world surges in widespread applications of AI, a serious demand for regulation is also arising. The Times' Ian Prasad Philbrick reported on 24 August that those asking for governmental regulation for AI technology include tech experts, lawmakers and even executives of top AI companies. And they want it fast. He points out that demand for quick decisions comes from Microsoft's president, Brad Smith, Senate Majority Leader Chuck Schumer (D-NY), and Senator Mike Rounds (R-SD). However, time is not on their side: "…history suggests that comprehensive federal regulation of advanced AI systems probably won't happen soon. Congress and federal agencies have often taken decades to enact rules governing revolutionary technologies, from electricity to cars." Dewey Murdick, the lead for Georgetown University's Center for Security and Emerging Technology, believes, as relayed by Times' Philbrick, that while many want fast action, it is hard to regulate technology that is evolving as quickly as AI. Murdick admits: "I have no idea where we'll be in two years."
Neither dismissed nor accepted yet, AI regulation is being considered by the Federal Election Commission (FEC) but is in limbo as of this writing, as presented by the Post's Cristiano Lima and David DiMolfetta. One question dividing the FEC is whether it has the authority to make new AI rules. Still working on this, the FEC is now going to listen to an advocacy group, Public Citizen, which proposes banning "…candidates and political parties from intentionally misrepresenting their opponents in ads through the use of AI." This may be resolved shortly but may lead to additional AI regulatory issues.
One significant issue is that of the UK's regulation regarding end-to-end encryption. The Post's Trisha Thadani and David DiMolfetta explains that the bill does not ban end-to-end encryption and also does not require services to weaken encryption. The report captures the conflicts not only between the UK's pursuing end-to-end encryption and Silicon Valley but also among US tech companies. The issues look to this new law as a safety bill that by US tech firms is seen "…to imperil the security of popular messaging apps, jeopardize the privacy of users around the world and drive at least one app to leave the UK all together." The "Online Safety Bill" will be voted on for the third time in September. The requirement would include mandating companies to report illegal activity of their services, but since messaging apps such as WhatsApp are end-to-end encrypted, the companies do not have access to allow for the reporting. Then the companies with so-called "back doors to encryption" could be "…seized by malicious actors and hostile states." Apple considers it "a serious threat to privacy." Elon Musk, owner of Twitter (now known as "X") thinks that his company should encrypt direct messages on its platform. The UK maintains that the bill does not ban end-to-end encryption nor require services to weaken encryption. These issues are a taste of several additional contentious ones that remain to be resolved.
Meanwhile, on 25 August, the European Union's Digital Services Act (DSA) and the Digital Markets Act will begin a phased-in approach over the coming months to introduce a priori fixes to problems such as the spread of disinformation or antitrust rule violations by setting "…clear rules that online platforms must follow," according to the 24 August Economist. Businesses with more than 45 million users in the EU will have extra rules to follow. These would include "very large online platforms (VLOPS) such as Facebook and Google, but also Wikipedia and an EU encyclopedia (sic)." The article goes on to address additional changes focused on making platforms safer and better, but implementation will be key. The article cites the General Data Protection Regulation (GDPR), which this readership may remember, as having been largely successful, but projects that "…tech giants may resist doing the same with DSA" due to the expense.
Looking to Asia, a historic discussion of "XI's Age of Stagnation" by Foreign Affairs' Ian Johnson (Senior Fellow at the Council on Foreign Affairs and Pulitzer Prize winner) provides a lengthy and fascinating discussion of how China began "the great walling-off of China" lately. The new version of centralization in China differs from the adaptive authoritarianism from the past. He compares China to the Cold War construction of the Berlin Wall. Those of you in cybersecurity are aware of the progressively autocratic and centralized business environment in China.
Important to many of you, the Wall Street Journal's Chief China correspondent and Pulitzer finalist Lingling Wei and Stella Yfan Xie delve into the end of China's 40-year economic boom. They provide data to support this demise, particularly due to a significant change in nature of Xi's version of authoritarianism and note particularly the failure of achieving ways to buoy up the economy. They devote special mention to the country's semiconductor industry; it was expected to reduce dependence on the West, but now China's production is not as advanced as Taiwan's; the former's chips are not as sophisticated as those of the Taiwan Semiconductor Manufacturing Company, which is moving some production to Arizona. Back in the USA, despite regulation, things are different.
Even if keeping enemies closer worked for Sun Tzu, today China is moving to an expansive cyber and political wall which is enclosing China. Instead of a thousand flowers growing, China is cultivating its own garden within an authoritarian brick and mortar tech wall.
How critical is this for AI, cybersecurity, and downhome economics? According to Economics Nobel Prize winner, Princeton professor and Times columnist Paul Krugman, China's broad technological and financial crisis should not be a problem. He maintains that what China experiences today is akin to the US in 2008, but he maintains that the likely impact on the US is negligible. As a respected economist, he has data to prove it.
As, in part, a reaction to China's withdrawal and North Korea's solidified uncooperativeness, the US is moving forward to connect with Asians of like mind including technology issues. On the Public Broadcast Service (PBS) on 18 August, President Biden, flanked by South Korea's President Yoon and Japan's Prime Minister Kisheda at a rare Camp David Summit, offered a tripartite news conference on how this joining together of disparate Asian countries was a step forward.
On Capitol Hill, there is perhaps a glimpse of bipartisanship. Representative Don Bacon (R-NB) on the House Armed Services Committee was notified by the FBI that the Chinese Communist Party (CCP) hacked into his personal and campaign emails from May 15 to June 16, 2023. The vulnerability was in the Microsoft software. He pointed out that this hack was not due to "user error." Rep. Bacon adds: "There were other victims in this cyber operation. The Communist government in China are not our friends and are very active in conducting cyber espionage. I'll work overtime to ensure Taiwan gets every $ of the $19B in weapons backlog." Meanwhile, given that the hacks included the Departments of Commerce and State, as well as human rights advocates and think tanks, concern on the Hill has increased. These departments and elected officials or staff have no access to security measures unique to Microsoft, which supported them.
The Post's Joseph Menn goes on to say that the breach had alarmed experts because "…it was unclear how the government could have prevented it while relying exclusively on Microsoft for cloud, email and authentication." On the other side of the aisle as well as the other side of Capitol Hill, Sen. Ron Wyden (D-OR) asked the Department of Justice (DOJ) and Federal Trade Commission (FTC) to investigate whether Microsoft was in violation of laws, or of FTC's "…20-year-old decree requiring better security after the breach of what was then its single sign-on tool, Passport, for authentication." Sen. Wyden also urged the Department of Homeland Security (DHS) to have its Cyber Safety Review Board, which is 2 years old, work on the Microsoft cloud breach. It agreed to do so while DHS also deferred to FBI.
Despite the retreat from Western and Chinese cyber cooperation, this direction points to undertones of new alliances at the international level (Japan and South Korea were not good friends) as well as possible domestic bipartisanship and whole-of-government engagement. Cyber Scene will try to help inform this readership, but time, and this readership's cyber talent, will eventually take the lead.