Skip to main content

IT News

Apr 25
Love0

Tech Insight : ‘Networkless’ Attacks?

By Blog, News No Comments

In this article, we look at why and how networkless attacks (which target cloud apps and identities) have created new opportunities for attackers and new risks for businesses, plus what your business can do to mitigate these risks.

The Move To SaaS and Cloud 

In the rapidly evolving digital landscape, one of the key drivers enabling attackers to compromise an organistaion without needing to touch the endpoint or conventional networked systems and services is the increased reliance on cloud-based services and software-as-a-service (SaaS) applications (to drive efficiency and innovation). This shift, while beneficial, has also created new cybersecurity challenges for businesses, primarily due to the decentralisation of ‘digital identities’ and the interconnected nature of cloud services.

The SaaS Revolution and Its Impact on Security 

The proliferation of SaaS applications is a direct result of the digital transformation that has reshaped the business world. For example, companies can now be using hundreds (if not thousands) of cloud applications to perform daily operations, from customer relationship management to financial operations. This shift is driven by the convenience and scalability of SaaS solutions, however it comes with inherent security risks.

The new risk that businesses are facing is that each application potentially serves as an entry point for malicious actors, and the interconnectivity between these apps can allow a breach in one service to cascade through to others.

Why Digital Identities Are The New Security Battleground 

As the traditional network perimeter dissolves, digital identities become the new security frontier. Put simply, a digital identity can be a user account created for services that someone in the business has signed up for using a username/email and password. More broadly, it can also mean other personal data used to identify and authenticate users online.

These digital identities, which provide access to a myriad of cloud applications, are now central targets for attackers. Securing them has become increasingly complex due to the sheer number of them that businesses may be using and their dispersion across various cloud platforms, each with its own security environment. This decentralisation not only makes consistent security policies harder to enforce but also increases the complexity of monitoring these identities for potential breaches.

How Attackers Are Exploiting Vulnerabilities in Cloud Identities 

Attackers have adapted to this new environment by developing sophisticated techniques to exploit vulnerabilities in cloud identities without ever touching the physical endpoints or traditional networked systems.

Examples of techniques include AiTM (Adversary in The Middle) phishing, SAMLjacking, and Oktajacking, all of which exploit weaknesses in the authentication processes and session management of cloud services.

AiTM phishing involves intercepting and manipulating real-time data during a session to steal credentials or manipulate transactions. SAMLjacking and Oktajacking focus on manipulating Single Sign-On (SSO) processes to gain unauthorised access.

Security stats now increasingly reveal that attackers are deliberately targeting cloud services as a way into organisations. For example, CrowdStrike figures show that 3 out of 4 attacks last year were malware-free (malware used to be one of the main threats) and that the targeting of cloud services has increased 110 per cent. This helps to illustrate why cloud identities are the new digital perimeter and that Cloud apps and identities (because of the shift to cloud services) now give attackers the same result as old-style attacks without them having to try and breach a network perimeter via the endpoint.

The Security Gap in Identity Management 

Despite advances in cybersecurity, it’s clear to see why many businesses are now vulnerable to identity-based attacks. Traditional security measures like endpoint detection and response (EDR) systems and firewalls, for example, are less effective in a cloud-centric world where applications are accessed primarily through web browsers. This gap is exacerbated by the reactive nature of many security strategies, which focus on mitigating threats after they have been detected rather than preventing them proactively.

What Does This Mean for Your Business? 

For UK businesses, their move to the cloud and the usage of a wide range and complicated combination of SaaS apps, digital identities, and the interconnection and decentralisation of these have meant that they are now vulnerable to networkless attack techniques, perhaps without realising it until now. The shift to cloud computing has not only expanded the attack surface but also highlighted the inadequacies of traditional security models in protecting digital identities. This means that UK businesses must now take a much closer look at the security of these identities as part of their overall cybersecurity strategy.

To mitigate the risks associated with networkless attacks, businesses should perhaps consider adopting a zero-trust security model, which assumes that threats could be internal or external and verifies each identity and device continuously, regardless of their location. Additionally, enhancing visibility across all cloud services and implementing advanced security measures like multi-factor authentication (MFA), behavioral analytics, and more sophisticated identity and access management (IAM) solutions could help.

In short, as these networkless attacks continue to evolve, UK businesses must be proactive with security, stay vigilant and adapt their security strategies. By understanding the vulnerabilities associated with digital identities and cloud services, and implementing security measures accordingly, businesses can safeguard their assets in the cloud era.

Apr 25
Love0

Tech News : Microsoft Deepfakes Too Dangerous For Release

By Blog, News No Comments

Microsoft says its new VASA-1 AI framework for generating lifelike talking faces of virtual characters is so good that it could easily be misused for impersonating humans and, therefore, Microsoft says it has “no plans” to release any aspect of it until it can be sure it can be used responsibly.

What’s The Problem? 

2024 is an election year in at least 64 countries (including the US, UK, India, and South Africa) and the risk of AI being misused to spread misinformation has grown dramatically.  In the US, for example, the Senate Committee on the Judiciary, Subcommittee on Privacy, Technology, and the Law has held a hearing titled “Oversight of AI: Election Deepfakes”. There is also now widespread recognition of the threats posed by deepfakes and proactive measures are being taken by governments and private sectors to safeguard electoral integrity. AI companies are keenly aware of the risks and have been taking their own measures. For example, Google’s Gemini has been restricted in the kinds of election-related questions that its AI chatbot will return responses to.

Google has also recently (in a blog post) addressed India’s AI concerns as regards its potential impact (deepfakes and misinformation) on what is the world’s largest election. None of the main AI companies have, therefore, wanted to simply release their latest updated generative AI without being seen to test them and include what safeguards they can against misuse. Also, none of the main AI companies are keen to be publicly singled-out as enabling electoral interference.

VASA-1 

Microsoft says its VASA-1 AI can produce lifelike audio-driven talking faces, generated in real-time, all from a single static portrait photo and a speech audio clip.

How Good Is It? 

Microsoft says that its premier model, VASA-1, is “capable of not only producing lip movements that are exquisitely synchronised with the audio, but also capturing a large spectrum of facial nuances and natural head motions that contribute to the perception of authenticity and liveliness.” 

The “core innovations” of VASA-1 include “a holistic facial dynamics and head movement generation model that works in a face latent space, and the development of such an expressive and disentangled face latent space using videos”. 

See some demos of VASA-1 in action here: https://www.microsoft.com/en-us/research/project/vasa-1/

Key Benefits

Microsoft says some of the key benefits of the VASA-1 model that set it apart are:

– Realism and liveliness. The model can produce convincing lip-audio synchronisation, and a large spectrum of expressive facial nuances and natural head motions. It can also handle arbitrary-length audio and stably output seamless talking face videos.

– Controllability of generation. Microsoft says its diffusion model accepts optional signals as conditions, such as main eye gaze direction and head distance, and emotion offsets.

– Out-of-distribution generalisation. In other words, the model can handle photo and audio inputs that weren’t present in its training set, e.g., artistic photos, singing audios, and non-English speech.

– Power of disentanglement. VASA-1’s latent representation disentangles appearance, 3D head pose, and facial dynamics, enabling separate attribute control and editing of the generated content.

– Real-time efficiency. Microsoft says VASA-1 generates video frames of 512×512 size at 45fps in the offline batch processing mode and can support up to 40fps in the online streaming mode with a preceding latency of only 170ms, evaluated on a desktop PC with a single NVIDIA RTX 4090 GPU.

Not Yet 

However, Microsoft says it is holding back the release of VASA-1 pending the addressing of privacy and usage issues, stating that: “we have no plans to release an online demo, API, product, additional implementation details, or any related offerings until we are certain that the technology will be used responsibly and in accordance with proper regulations”. 

What Does This Mean For Your Business?

Given what VASA-1 can do, you’d think Microsoft would be itching to get VASA-1 out there, monetised, and competing with the likes of Google’s Gemini family of models. However, as with Gemini and other generative AI, it may not be fully ready and may have some issues – as Gemini did when it received widespread criticism and had to be worked-on to correct ‘historical inaccuracies’ and woke outputs.

This is also, crucially, an important and busy electoral year globally with governments nervous, trying to introduce legislation and safeguards, and keeping a close eye on AI companies and their products’ potential to cause damaging deepfake and misinformation/disinformation and electoral interference issues, as well as their potential for use in cybercrime. As such, AI companies are queuing up to be seen to be acting as responsibly and ethically as possible, claiming to be holding back and testing every aspect of their products that could be misused – at the same time basically avoiding the eyes of governments and regulators, and potentially bad publicity and penalties.

As some have pointed out, however, it would be difficult for anyone to regulate who uses certain AI models for the right or wrong reasons and that some very sophisticated open source models can be made from source code found on GitHub by those who are determined. All that said, it shouldn’t be forgotten that VASA-1 appears to be very advanced and could offer many benefits and useful value-adding applications, e.g. for personalising emails and other business mass-communication. It remains to be seen how long Microsoft is prepared to wait before making VASA-1 generally available.

Apr 25
Love0

Tech News : Amazon Launches Amazon Live FAST Shopping Channel

By Blog, News No Comments

Previously available on desktop, mobile and Fire TV, Amazon has now extended the reach of its “Amazon Live” FAST free ad-supported, interactive TV “shoppable” channel by launching it on Prime Video and Freevee, for US customers.

What Is Freevee? 

For those who aren’t familiar with Freevee, it’s an Amazon-owned, ad-supported, premium, free streaming service that offers a 24/7 variety of TV shows, movies, and original content. It was previously known as IMDb TV. Freevee can be watched via an app on Amazon devices like Fire TV and Echo Show, smart TVs from brands like LG and Samsung, streaming media players including Roku and Apple TV. It can also be watched on gaming consoles (Xbox and PlayStation), mobile devices with Android and iOS apps, and directly through web browsers on PCs and laptops.

Amazon Live 

Amazon Live was originally launched on February 7, 2019. It’s a live streaming service where influencers and brands can promote and demonstrate products available on Amazon in real-time, similar to a digital shopping channel. The platform allows viewers to interact with hosts through a live chat feature and directly purchase products featured in the streams.

How Popular Is It? 

Amazon says that in 2023, more than 1 billion customers in the US and India watched Amazon Live streams across desktop, mobile, and Fire TV.

Easy To Buy 

Amazon also says that one of Amazon Live’s most unique benefits is how customers can “easily add items to their shopping cart and complete their purchases in just a few clicks without ever leaving what they’re watching”. 

Now On Prime And Freevee 

Wayne Purboo, vice president of Amazon Shopping Videos, announced the launch of Prime and Freevee saying “We are excited to bring customers more ways to shop with their favorite Amazon Live creators and brands on our premium streaming services”. Mr Purboo described the reason for (and the benefit of) extending the reach of Amazon Live Fast saying: “With the new ‘Amazon Live’ FAST Channel on Prime Video and Freevee, we’re making shoppable entertainment more accessible, interactive, and engaging than ever before.” 

How It Works 

With Amazon Live FAST, while watching the FAST Channel, customers can open the Amazon Shopping app on their phone, and type “shop the show” into the search bar. This enables them to be instantly directed to a shopping carousel highlighting the featured products they see on TV in real-time.

Why?

Amazon says that with 75 per cent of adults in the US looking at a mobile device while watching TV, the “shop the show” technology means customers are given a seamless, interactive, and convenient “shopping experience”. In other words, it’s incredibly easy to buy on impluse!

Creator and Brands 

Amazon Live FAST on Prime Video and Freevee will feature customers’ most-watched and most-loved content and will also provide an opportunity for creators and brands. Amazon says its creators “bring their unique style, expertise, gossip, and authenticity to each stream, making the experience even more engaging and entertaining.” 

The experience that Amazon is trying to create for customers can be summed up by Paige DeSorbo, described as a TV personality, fashion tastemaker (and co-host of Giggly Squad) who says: “Watching Amazon Live is like shopping with a friend who is also a personal stylist.” 

What Does This Mean For Your Business? 

Amazon’s launch of Amazon Live FAST on its two premium channels, Prime Video and Freevee, is a move designed to extend a successful format of live streaming and ad-supported content. This move should help Amazon to capture an even larger portion of the digital advertising market while boosting user engagement across its platforms.

For content creators, this could open up new opportunities for real-time audience engagement, which could significantly enhance interaction and visibility. Also, the direct integration of streaming with purchasing options, making it incredibly easy for customers to buy on impulse, offers a lucrative new channel for monetisation through advertising revenue shares and increased sales conversions. Creators can also benefit from Amazon’s vast customer base, potentially expanding their reach well beyond traditional or social media channels.

For competitors, Amazon’s entry into the FAST channel market is a heightening of competition, challenging established players in live streaming and ad-supported content like YouTube, Twitch (an American interactive video live-streaming service), and other streaming services. These competitors may now face increased pressure to innovate and improve their offerings in terms of content quality, user experience, and pricing models to retain and grow their user bases. Also, Amazon’s extensive data capabilities and its seamless integration with its retail and advertising businesses mean it’s now an immensely powerful contender for attracting ad spends.

This could result in the shifting of advertising money away from traditional TV and other digital platforms, compelling content creators and competitors alike to adapt to these rapidly changing market dynamics. Amazon’s strategy not only aims to diversify and enrich its content offerings but also to further integrate its ecosystem, making it a comprehensive hub for entertainment, shopping, and social interaction (no need to go anywhere else), which could reshape the landscape of digital streaming and advertising.

Apr 25
Love0

An Apple Byte : China Orders Removal Of Popular Messaging Apps From iPhone App Store

By Blog, News No Comments

It’s been reported that the Chinese government has ordered Apple to remove popular messaging apps including Meta’s WhatsApp, Telegram, and Signal from its iPhone app store in China, due to national security concerns.

Some reports indicate that the Chinese Communist Party (CCP) may not be happy that the apps are outside of their control and are pro-democracy media, plus contain political content (such as criticism of the Chinese president and government).

Also, this is likely to be part of the ongoing poor relations, trade wars, and tit-for-tat responses between China and the US. For example, the US is currently in the process of trying to ban the Chinese company Bytedance’s hugely popular TikTok app in the US due to the company’s alleged links to the Chinese Communist Party and, therefore, the possible threat to US national security.

Apr 25
Love0

Security Stop Press : Google’s Cookie Replacement Plans Fall Short Says Regulator

By Blog, News No Comments

It’s been reported (WSJ) that an internal report by the UK’s privacy regulator, the Information Commissioner’s Office (ICO), has said that Google’s proposed replacements for cookies fall short in terms of protecting consumer privacy.

The ICO’s draft report reportedly says that Google’s proposed technology, known as the ‘Privacy Sandbox,’ leaves gaps that could be exploited by advertisers, potentially undermining privacy and identifying users who should be kept anonymous.

The WSJ reports that the ICO now wants Google to make changes and share its concerns with UK’s competition regulator, the Competition and Markets Authority (CMA).

Apr 25
Love0

Sustainability-in-Tech : Ultra-Fast Charging Sodium Battery Developed

By Blog, News No Comments

Research by a team of doctoral candidates, supported by the National Research Foundation of Korea, has resulted in the development of an ultrahigh-energy density and fast-rechargeable hybrid sodium-ion battery.

Why? 

As highlighted in the published research paper, there is now an increasing demand for low-cost electrochemical energy storage devices with high energy-density for prolonged operation on a single charge and fast-chargeable power density. These are needed to meet a wide range of applications from mobile electronic devices to electric vehicles.

Sodium-Ion Batteries 

Sodium is approximately 1000 times more abundant than lithium, making sodium-ion batteries (SIBs) potentially more sustainable. Also, since Sodium can be sourced from seawater and other abundant minerals, this reduces the environmental impact associated with mining (a significant issue with lithium sourcing). This could also mean lower costs in producing SIBs – they are a more cost-effective solution than lithium-ion batteries.

Challenges 

However, as noted by the researchers, SIBs have “slow redox-reaction kinetics,” which results in poor rechargeability due to their low power density, although they provide a relatively high energy density.  However, another sodium-ion battery option, sodium-ion capacitors (SICs), have high power density due to charge storage via fast surface ion adsorptions but extremely low energy density.

A Hybrid

Bearing in mind the strengths and limitations of both SIBs and SICs, the researchers’ answer was to develop a hybrid version of the two with newly developed anode and cathode materials. The researchers described these new materials as “a low-crystallinity multivalence iron sulfide-embedded S-doped carbon/graphene (FS/C/G) anode and a ZIF-derived porous carbon (ZDPC) cathode of 3D porous N-rich graphitic carbon frameworks.” 

The Result 

The result was the development of a high-performance hybrid sodium-ion energy storage device (a battery) which surpasses the energy density of commercial lithium-ion batteries and has the characteristics of supercapacitors’ power density. In other words, a high-energy, high-power hybrid sodium-ion battery that can charge in just a couple of seconds.

Applications 

Clearly, this development could have a number of applications, not least for EVs. The development of a high-energy, high-power hybrid sodium-ion battery could be particularly advantageous in addressing the cost, environmental, and safety concerns associated with current lithium-ion batteries in EVs.

What Does This Mean For Your Business? 

This sounds like a breakthrough in overcoming the main limitations of sodium-ion batteries. Although it’s one piece of research, the combination of adding new materials to the anode and cathode with a hybrid of SICs and SIBs appears to have created a potentially cheaper, more environmentally friendly, and better performing replacement for lithium-ion batteries.

More research and investment will be needed to fully explore and develop the idea, but it is a promising development in terms of its potential to provide a boost to the flagging EV market. The fact that this new battery can charge in seconds and offers high energy density for prolonged operation means it could tackle challenges like range-anxiety and reduce worries about the availability of an effective charging network in the UK. A cheaper battery may also mean lower prices for EVs which could also provide a boost to the market. This breakthrough (although it needs more exploration) could prove to be a big leap forward that could have a positive impact on many industries as well as helping to reduce environmental damage (no need for lithium mining).

That said, it could be not-so-welcome news for countries that have recently discovered potentially lucrative large lithium deposits, e.g. the US (at the McDermitt Caldera), Iran (Qahavand Plain), Nigeria, and India (the Reasi district of Jammu and Kashmir).

Apr 25
Love0

Tech Tip – Enable Clipboard History for Easy Access to Multiple Clipboard Items

By Blog, News No Comments

If you frequently copy and paste various items, Windows Clipboard History is an invaluable tool that saves multiple clipboard items for later use, allowing you to access a history of copied text, images, or files. Here’s how to use it:

– Press Win + V to open the clipboard history panel. If it’s your first time using it, you may need to enable Clipboard History by clicking the ‘Turn on’ button that appears in the panel / type ‘Clipboard Settings’ into the start menu and toggle the ‘Clipboard history’ switch to ‘on’.

– Once enabled, each item you copy will be saved in the clipboard history, and you can access and paste older items by pressing Win + V and clicking on the item you want to use.

Apr 17
Love0

Featured Article : A Big Stink About Ink

By Blog, News No Comments

After trying to dismiss a lawsuit from HP customers angry at a firmware update (meaning that their HP printers wouldn’t work with third-party ink cartridges), we look at how HP is answering the arguments within the antitrust ink cartridge lawsuit and what the implications could be for customers.

The Lawsuit

Back in January, printing premier HP was sued in a Federal court in Chicago by 11 consumers (a class action lawsuit) who claimed that their HP printers wouldn’t accept replacement ink cartridges made by other manufacturers, thereby forcing them to pay artificially high prices for HP-branded cartridges. The lawsuit accused HP of violating US and state antitrust laws in a bid to monopolise the market for replacement ink.

The plaintiffs allege that they weren’t told that automatic software updates (firmware updates between late 2022 and early 2023) from HP would disable some printers unless HP-branded ink was used and that faced with non-functional printers, they were then forced to purchase more expensive HP-branded ink that they would not otherwise have purchased.

Damages

The plaintiffs, in this case, are seeking damages of greater than $5 million from HP, which include the cost of their useless third-party cartridges (the ones that won’t work in their printers because of the firmware update) as well as an injunction to disable the part of the firmware updates that prevent the usage of third-party ink.

Trying To Get IT Dismissed

HP’s lawyers recently attempted to have all 79 causes of action in the lawsuit dismissed on the grounds that the central premise of the Plaintiffs’ case was wrong, i.e. that HP failed to disclose to consumers that their printers were equipped with “dynamic security” measures designed to prevent the use of third-party printer cartridges that copy HP’s security chips, thereby locking them into an aftermarket where they were overcharged.

HP argued that it goes to great lengths to disclose that its printers are intended to work only with cartridges that “have an HP chip, and that they may not work with third-party cartridges that do not have an HP chip.” HP also argued that “this information is displayed in clear terms on the printer box, on HP’s website, and in many other materials.” It also highlighted that “many third-party cartridges are not affected by dynamic security. HP does not block cartridges that reuse HP security chips, and there are many such options available for sale. Nor does HP conceal its use of dynamic security.”

HP’s lawyers additionally argued that the plaintiffs also didn’t allege that they didn’t authorise firmware updates in their printers and that many plaintiffs also claim that they purchased HP-branded ink cartridges after receiving the software or firmware updates, and that their printers began to again function properly.

In short, HP’s lawyers attempted to find a long list of reasons to have the lawsuit dismissed.

Previously

These types of allegations against HP have gone on for some time now. For example, back in 2019, HP agreed to resolve related consumer claims in a California case, for a $1.5 million payment, without admitting any wrongdoing (as part of the settlement). However, just last year (in California) a judge said that HP must at least face some claims that it designed some all-in-one printers to stop scanning and faxing when the machine was low on ink, thereby forcing consumers to buy cartridges.

The Backdrop

All these antitrust printing arguments are taking place at a time when HP has been through a long period of shrinking revenues, mainly due to enterprise customers affected by the uncertain economic environment, holding off on their hardware purchases a bit longer.

Instant In Subscription & All-in-One service

Following a strategy re-think, two solutions that HP has devised to help it through these difficult times are its ‘Instant Ink’ services and its All-in-One service, both of which see it focusing on a subscription model going forward.

HP’s Instant Ink service is a subscription-based model that is beneficial for users who want to avoid the inconvenience of running out of ink and dealing with last-minute replacements. It also helps in managing printing costs more predictably. With Instant Ink (for a monthly fee, on an agreed plan), the HP printer’s ability to monitor ink levels means that before users’ ink runs low, HP sends replacement cartridges directly to the doorstep. HP claimed to have 13 million sign-ups to the service back in the beginning of March.

As the name suggests, The All-in-One service, which launched in the US last month, includes not just the ink but hardware as well, i.e. the HP Envy or HP OfficeJet models. This is also a two-year subscription contract, based on a printed page plan, with cancellation fees (to raise the barriers to exit).

In addition to trying to reduce its costs, HP’s CEO, Enrique Lores, speaking recently at the Morgan Stanley Technology, Media and Telecom conference outlined HP’s strategy since the 2019 rethink as trying to “protect supplies revenue by upping subscription services, selling hardware loaded with ink, smart models, and charging more for printers when a customer isn’t committing to HP ink.”

AI Apps Too

HP is also hoping that AI will boost PC sales and has indicated that alongside its PCs, it’s developing new AI applications to run on top of its installed base of more than 200 million commercial devices.

Printing Declining Anyway

Despite HP’s court battles over printer ink and its move to a subscription-based model, for many businesses, the need (and demand) for printers and ink has declined in recent years. This has been due to factors like the greater proliferation of digital tools and technologies, advancements in cloud computing and software-as-a-service (SaaS) platforms and businesses are moving towards greener practices (despite printer companies trying to produce more sustainable/greener ink). Also, the need to reduce costs has favoured digital storage over printed documents, alongside a disruption in global supply chains (e.g. for paper), plus the effects of the pandemic also meant a lowering of demand for printers and ink.

What Does This Mean For Your Business?

Having to constantly renew expensive ink cartridges or running out of ink at the wrong time have long been a significant cost and source of frustration to many businesses. In recent years, however, many businesses, for many of the reasons above, have updated to becoming more reliant on the cloud and digital solutions rather than printed documents. HP itself has had to change its strategy in 2019, moving customers to a subscription model for its ink and hardware in order to weather difficult economic times and falling demand.

This court case around HP’s attempt to curtail consumers’ adoption of cheaper third-party ink cartridges in favour of more expensive HP ones is likely to be unwelcome and reputationally damaging for HP at a time where it needs to protect its position in the marketplace. For competitors, HP’s dominance being challenged is good news and could provide a beneficial commercial outcome for them if events go the wrong way for HP.

For business customers who still need a printer, the ability to have trouble-free operation with their printers and to be able to benefit from the choice of using different, lower-priced print cartridge alternatives are likely to be valuable. Most of us will understand the frustration that printer ink problems can cause.

Looking ahead for HP, its cost-cutting and its shift to a subscription model for its ink/printer products, plus the promise of developing AI apps for its large installed base of commercial devices are ways it hopes to turn around the declining revenues of challenges of recent years. The company has a trusted business brand and the hope for HP is that their valuable brand won’t be tarnished too much by the outcome of the lawsuit that’s currently making the headlines.

Apr 17
Love0

Tech Insight : Stop Your Data Being Used To Train AI

By Blog, News No Comments

In this insight, we look at the process of AI training, the potential pitfalls of misused data, and what measures can be taken to protect your personal and business data from being used to train AI.

Data – For AI Training 

AI training, at its core, involves feeding large datasets to algorithms, thereby enabling them to learn and make ‘intelligent’ decisions. These datasets are often culled from user-generated content across various platforms. Understanding the source and nature of this data is crucial for recognising the implications of its use.

Data, therefore, is the lifeblood of AI models and the quality, quantity, and variety of data directly influences an AI model’s performance. For example, language models require vast amounts of text data to understand and generate human-like responses, while image recognition models need diverse visual data to improve accuracy.

One of the most contentious ways that generative AI companies have allegedly used in recent years, resulting in many lawsuits, to gather enough training data is by the scraping/automatic collection of online content/data. High-profile examples include:

– A class action lawsuit filed in the Northern District of California accused OpenAI and Microsoft of scraping personal data from internet users, alleging violations of privacy, intellectual property, and anti-hacking laws. The plaintiffs claimed that this practice violates the Computer Fraud and Abuse Act (CFAA).

– Google was accused in a class-action lawsuit of misusing large amounts of personal information and copyrighted material to train its AI systems, thereby raising issues about the boundaries of data use and copyright infringement in the context of AI training.

– A Stability AI, Midjourney, and DeviantArt class action lawsuit claiming that AI companies used copyrighted images to train their AI systems without permission.

– Back in February 2023, Getty Images sued Stability AI alleging that it had copied 12 million images to train its AI model without permission or compensation.

– Last December, The New York Times sued OpenAI and Microsoft, alleging that they used millions of its articles without permission/consent (and without payment) to help train chatbots.

In many of these cases, the legal argument to allow such use has been “fair use” and “transformative outputs.” For example, the AI companies know that under US law, the “fair use” doctrine allows limited use of copyrighted material without permission or payment, especially for purposes like criticism, comment, news reporting, teaching, scholarship, or research.

What About Your Data? Could It Be Used AI Training … And How? 

When it comes to your personal and business data, many of the big AI companies have already scraped the web, so whatever you’ve posted is probably already in their systems. There are also many other ways that your data could end up being part of AI training data through several channels. For example:

– Online Activity. When you browse websites, search engines, and social media, companies collect your data to personalise services and train AI to predict user-behaviour.

– Device usage. Smartphones, wearables and smart home devices collect data about your daily activities, locations, health statistics, and preferences, all of which is useful for training AI in areas like health monitoring, personal assistance, and device-optimisation.

– Service Interactions. Interacting with customer service chatbots or voice assistants provides conversational data that helps train AI to understand and generate human-like responses.

– Content creation. Uploading videos, writing reviews, or other content creation on platforms can provide data for AI to learn about content preferences and creation styles.

– Transactional Data. Purchases, financial transactions, and browsing products online give insights into consumer behaviour, used by AI to enhance recommendation engines and advertising algorithms.

All these methods, therefore, which could involve your data, help AI systems learn and adapt to provide more personalised and efficient services.

The Risks of Data Misuse 

There are, of course, risks in having your data used/misused by AI. These risks include:

– Privacy and security concerns. The primary risk of using data in AI training is the potential for significant privacy breaches. Sensitive information, if not adequately protected, can be exposed or misused, leading to serious consequences for individuals and businesses alike.

– Bias and ethical implications. Another critical concern is the propagation of bias through AI systems. If AI is trained on biased or unrepresentative data, it can lead to unfair or prejudiced outcomes, which is especially problematic in sectors like recruitment, law enforcement, and credit scoring.

Checking 

For some people, their creative artwork/images have been used to train AI and this is a particular issue. The website https://haveibeentrained.com/, for example, is an online tool that uses clip-retrieval to search the largest public text-to-image datasets. In this way, links to images that artists want to opt-out from being used to train generative AI systems can be removed.

What Proactive Measures Can You Take To Protect Your Data? 

Bearing in mind the significant privacy risk posed by AI, there are a number of proactive measures you can take to stop your data from being used to train AI. For example:

Opt-Out Options and User Consent 

Many of the services you use from the big tech companies provide mechanisms for users to opt-out of data sharing. Familiarising yourself with these options and understanding how to activate them is essential for maintaining control over your data. Examples include:

If you store your files in Adobe’s Creative Cloud, to opt out of having them used for training, for a personal account, go to the Content analysis section, and click the toggle to turn it off.

If you’re a Google Gemini (AI) user, to prevent your conversations being used, open Gemini in a browser, click on Activity, and select the Turn Off drop-down menu.

If you’re a ChatGPT account holder and are logged in through a web browser, select ChatGPT, Settings, Data Controls, and then turn off Chat History & Training.

For the Squarespace website building tool, to block AI bots, open Settings (in your account), find Crawlers, and turn off Artificial Intelligence Crawlers.

These are just a few examples and it will be a case of going through each of the main services you use and trying to find the opt-out (perhaps using Google to help as you go). However, it’s worth noting that some are either very difficult to find or simply aren’t available for certain types of account. Overall, this can be quite a time-consuming process.

Enhanced Data Management Practices 

Businesses should implement strict data management policies that govern the collection, storage, and use of data. These policies can help ensure that data is handled ethically and in compliance with relevant data protection laws and shielded from AI use for training.

Leveraging Technology for Data Security 

Advanced technological solutions, such as encryption and secure data storage systems, may also be able to play a critical role in protecting data from unauthorised access and breaches that could lead to it finding its way into the hands of AI companies for training.

What Does This Mean for Your Business? 

For businesses today, the pervasive use of data by AI underscores the dual imperatives of protection and vigilance. The reality is that many AI companies have likely already collected extensive swathes of public internet data, including potentially from your own business activities, which poses a distinct challenge. This means that data posted online (either deliberately or inadvertently) may already be part of training sets used to enhance AI capabilities.

That said, businesses can still do things and still hold significant power to influence future data usage and secure existing data. For example, businesses can take proactive steps by regularly reviewing the privacy policies and settings of the digital platforms they use. This includes social media, cloud storage, business software, and any platform where data is stored or shared. Although navigating these settings can be complex, finding and activating opt-out features may be necessary for maintaining control over how your data is used.

Businesses may also wish to educate their employees about data sharing and privacy settings. Training sessions can help employees understand the importance of data-privacy and the steps they can take to ensure data is not inadvertently shared or used for AI training without consent.

Developing and enforcing robust data management policies is essential anyway and this not only complies with data protection regulations but also limits unnecessary data exposure that could be exploited by AI systems. These policies should govern how data is collected, stored, and shared, ensuring that data handling within the company is done ethically and responsibly.

Deploying advanced technological solutions such as encryption, secure access management, and data loss prevention tools can also significantly reduce the risk of unauthorised data access. This is particularly relevant in preventing breaches that could see sensitive information being used to train AI (without your knowledge). While it is challenging to completely control all data that may already be within AI training datasets, businesses can still exert some significant influence over their current data handling and future engagements.

Finally, with ongoing AI legal battles and new regulations, staying informed about your rights and the latest developments in data privacy law could be prudent. This knowledge could help businesses advocate for their interests and respond more adeptly to changes in the legal landscape that affect how their data can be used.

Close Menu