EHRC: The Watchdog’s Stand on AI Regulation

The EHRC, an independent public body in the UK, asserts that the government’s proposals to regulate AI are not up to par with the necessities to address human rights risks. This feedback deals a significant blow to Prime Minister Rishi Sunak, who aspires for the UK to be the epicenter of global AI safety. (Read more about Sunak’s initiative here from our London Tech Week 2023 Coverage).

The EHRC does acknowledge the myriad benefits that AI technology could bring but insists on a greater emphasis on its potential impact on equality.

More about the EHRC



The Echoes of ‘1984’ in the EHRC Concerns

As George Orwell prophesied in his novel ‘1984’, unchecked technology can pose significant threats to human rights and individual freedoms. The EHRC’s concern resonates with Orwell’s dystopian vision, calling attention to the need for robust safeguards against potential AI abuses.

The EHRC’s Call to Arms: Strengthened Oversight and Increased Funding

Baroness Kishwer Falkner, chairwoman of the EHRC, has been clear: there needs to be careful oversight to ensure that AI innovation doesn’t inadvertently exacerbate existing societal biases or introduce new forms of discrimination. To rise to this challenge, the EHRC requires a boost in capability and scale, which it cannot achieve without government funding.

EHRC: Recognizing Steps in the Right Direction

Despite their critique, the EHRC does commend the government’s ambition to develop a robust regulatory framework for AI, viewing the white paper as a step in the right direction.

The government’s AI regulatory white paper has indeed been met with mixed reactions. While some appreciate the sector-specific measures, others are questioning the gaps in the published material. Labour MP Darren Jones has asked the government to clarify its plans for ensuring safety in AI.

Are we Heading for an Orweilian AI Future?

The government maintains its commitment to developing safety measures and collaborating with international players to put protections in place. As the dialogue continues, and as the echoes of Orwell’s ‘1984’ loom in the background, all eyes will be on how the UK shapes its AI future.

What do you think of the EHRC’s stance on the AI white paper? Do you believe the proposed regulations sufficiently safeguard human rights, or is there room for improvement? Share your thoughts in the comments below.

The post EHRC Criticizes UK AI White Paper for Human Rights Shortcomings first appeared on Tech Insight.

In our data-driven world, it can sometimes seem like the rules for tech firms breach borders across the world – the more money you have to play with, it seems, the more rules you can bend. Today, at least, that isn’t the case, as Meta received a record Facebook fine for breaching rules put in place to safeguard users’ information.

Today, Hannah Murphy at the Financial Times has reported that Meta has been hit with a record €1.2bn (£1.4bn GBP) fine by a European Union regulatory board for “privacy violations”, and ordered to suspend all user data transfers to the US. As Murphy points out, it’s the most significant penalty of its kind in the bloc’s – that is to say, the continent’s – history.

Meta wants to go broader than borders

It transpires that Ireland’s Data Protection Commission, the DPC, has taken umbrage with Meta’s handling of users’ data. The regulator exists to keep organisations of its nature accountable; according to the DPC, Facebook, which handles its European operations out of Dublin, had violated rules requiring the transfers of personal data from the EU to the US without appropriate safeguards in place.

It’s significant that the DPC is figure heading for the entire EU – so often, Meta and similar corporations seem to bypass national jurisdiction – but no surprise, considering its European base of operations.

“We are . . .  disappointed to have been singled out when using the same legal mechanism as thousands of other companies looking to provide services in Europe,”
– Facebook’s Nick Clegg

The ruling follows continued pressure within Europe for regulators to keep a close eye on its citizens’ data, and where it’s being used. Previously, activists have warned that private information remains “exposed to surveillance programmes”.

Previously serving as the Leader of the Liberal Democrats and the UK’s Deputy Prime Minister, Clegg certainly raised some eyebrows when he joined the company as its president of global affairs. Yet his position within the company provides an indication of Meta’s grand ambitions, and crucially, the calibre of employees the corporation is willing to recruit, to skirt the legal line. This time, it hasn’t paid off.

Clegg, however, offered an indictment of the decision: “This decision is flawed, unjustified and sets a dangerous precedent for the countless other companies transferring data between the EU and the US.”

Facebook fine: where does Meta go from here?

The thing is, it’s easy to demonise one of the most ubiquitous companies on the planet – Facebook alone has 2.91 billion active users. Clegg’s comments potentially signal a sea change regarding how and why gargantuan corporations store “private” user data, but Meta certainly isn’t the only organisation we’ve put our faith in that ships and stores our data globally.

George Orwell once predicted a surveillance state, but he could never have predicted that such surveillance wouldn’t stem from our physical presence, but our digital footprint. Looking to the future, the DPC has issued Facebook’s EU HQ five months to “suspend any future transfer of personal data to the US,” and six months to cease processing EU citizens’ personal information in violation of the bloc’s General Data Protection Regulation.

It gives Meta a headstart: a way to either find a new loophole with which to thread the needle, or potentially plan to retreat and regroup on the other side of the Atlantic. Have they overstepped? Maybe, but for a corporation monopolising the market that’s reportedly worth $646.29 billion USD, Meta may just be fine to flex its muscles, incur the cost, and carry on regardless.

Source: Facebook owner Meta hit with record €1.2bn fine over EU-US data transfers.

Is Meta too big to fail? Tell us what you think in the comments!

It’s not all doom and gloom! Click here to read: Microsoft Pledges https://techinsight.newshub.talkabout.tech/wp-content/uploads/sites/7/2019/09/uk-technology-heatmap-3.jpg-Carbon Data Centre by 2030.

The post Meta Punished By The EU For Bad Data Practices – But Does It Care? first appeared on Tech Insight.

New Proposal Details

The new proposal being outlined by the Digital Minister, Matt Hancock, would provide a means for protecting personal data in the UK that is as stringent as the EU’s GDPR (General Data Protection Regulation). With Brexit, the need for greater levels of data protection in Britain has been made more serious, and the new bill would provide those controls. The rules include provisions including:

• • Make withdrawing consent for their personal data use simpler
  • allow for requests for data to be deleted
  • require firms to obtain “explicit” consent for processing personal data
  • Expand the definition of personal data to include IP addresses, DNA and cookies
  • let people get hold of the information organizations hold on them much more freely

The new regulations would go far beyond what already exists in the UK regarding the ‘right to be forgotten’, which makes specific constraints on what can appear in search engines. However, these new regulations, like the GDPR, would provide control over personal data that is held by a wide range of companies.

Massive Fines

Additionally, the bill would require substantial fines for violation of the new rules. Currently, the maximum fine for those who violate data protection regulations is 500,000 GBP. However, the new laws would make it possible for firms that violate data protection to be fined as much as 17 million GBP, or 4% of total global profit.

Whether the new regulations become law remains to be seen. However, it will certainly make for interesting debate around how personal and private data should be managed and protected, and some course of action must be taken in the UK, as the EU institutes the GDPR. As protection increases, the risk of those embarrassing moments being made public should reduce substantially.

Discover more insightful blogs like these check out more of Our content here. A brand of Talk About Tech.

The post UK Data Protection Shake Up Coming first appeared on Tech Insight.

OneLogin is a major player in the AMS service field. They provide password management for enterprise level clientele. The service is helpful for this client base because it provides a single sign on (SSO) cloud solution for ease and greater levels of security. Their client list is impressive – AAA, Yelp, and Dell, to name a few. Their open source tool kits are being used by more than three hundred venders and seventy software-as-a-service (SaaS) vendors worldwide.

With all this corporate access information, no wonder OneLogin is a target for high-level hacking. Yesterday the company announced that a major malicious attack had occurred on their US operations. The attacker was able to access the AWS API and create a number of instances within the infrastructure. The hacker had seven hours of uninterrupted access.

The company is still determining the extent of the breach, but in their announcement did indicate that some very major events had happened. It appears that the attacker was able to access information about the company’s users including various types of keys, and, far more concerning, was able to decrypt data that was at rest within the archives. This means that the actor was able to find access to the highest level of security, and that OneLogin had apparently left a gaping hole in their system, allowing for a breach of end to end encryption. This sort of breach indicates a substantial concern within the OneLogin system that will raise attention at the highest levels.

The company has provided a guide for securing data that has been breached, which, no doubt, was the task of a substantial part of the corporate IT world this morning. However, the guide simply provides 11 steps to recreating security for breached data, but this does not mean that the hacker, with seven hours of access, has not already obtained and decrypted whatever data was present. At the enterprise level, this is the equivalent of breaking into the CEO’s office and rifling through his desk and personal files for 7 hours. It’s not good.

This is not the first attack on OneLogin.  A previous hack had compromised a substantial amount of data, but encryption was never broken. This current attack has led some in the security world to question how to best secure high level corporate data, given the increasing level of hacker ability. Companies would be wise to be researching different methodologies (both in house and third party), and identifying deeper levels of security risk than the home page of the company offers. OneLogin is a high level security system, and such a hack should make other IT professionals question where safety is even possible at this point. As the Queen ballad reminds us, no one is safe.

The post OneLogin: Another One Bites the Dust first appeared on Tech Insight.

Apparently, the Athena malware can hijack Windows versions starting from XP to Windows 10, and everything in between. This malware also consists of an additional module called Hera, which affects PCs running Windows 8 to Windows 10.  The capabilities of Athena malware are mind blowing. Once Athena malware is set on the target system, it can decode remote configuration and task handling.  It can load or unload memories of NOD Persistence Specification DLLs. In addition, it can deliver and retrieve information to and from any directory.  These tools would give control of machines to the CIA completely and they definitely highlight the power of what technology can do. However, at the same time it also gives us a reason to pause and think of the impact of its power.  And if you think this level of government control is concerning, here is the most concerning part of all – it lets the operator configure during runtime on the system and thus cannot be detected. The malware can be delivered in a number of different ways including remotely, through a supply chain, through an asset on the ground, or with a program called Windex (which was explained in earlier WikiLeaks releases).

The Siege Technology founder said in an interview in 2014, “I feel more comfortable working on electronic warfare,” he said. “It’s a little different than bombs and nuclear weapons — that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.” The contractor sees the value of cyber warfare on this sort of scale as a way to control the on-the-ground warfare and limit damage and casualties to civilian populations.

Whether this new malware is used or not, the reality that all the Windows OS machines in the world can be pretty easily turned into CIA hand puppets is a little disconcerting. Whatever your views on net neutrality and net privacy, this new report from Wikileaks will make you pause and think. Further, such powerful tools in the hands of those who are not seeking international security could be a massive danger and risk for the world populace. The CIA justifies this, but is clearly upset by the recent disclosure.

Check out some more Malware related articles here.

The post Athena Malware: The CIA in Your PC first appeared on Tech Insight.