6 November 2023
Veille Cyber EN

AI and Privacy Denial

Publié par Arnaud Le Men

With availability, traceability, and integrity, confidentiality is one of the four pillars of computer security. However, with the acceleration of the opening of artificial intelligence services to the general public, confidentiality is one of the pillars that is most undermined.

How does the emergence of Artificial Intelligence impact confidentiality?

An essential principle of Artificial Intelligence technologies is algorithm learning. For an artificial intelligence algorithm to fulfill its function, it first needs to learn what it should do.

Following a learning curve principle, the algorithm multiplies and optimizes the pathways that enable it to perform its functions.

This learning phase requires massive volumes of data that serve as its training ground. The sources of information are diverse and rely on the daily use of its services, which promotes a continuous improvement of the calculation mechanisms. By injecting data into the system, users contribute to the learning databases of the algorithms.

From a cybersecurity perspective, this is where the risk lies. The offered services are extremely user-friendly, and anyone can use them to input anything.

At the beginning of 2023, Cyberhaven conducted a study on the use of ChatGPT by employees of companies. Although alarming, the result is not surprising: 2.3% of employees have already copied confidential information into the AI software developed by OpenAI.

This reality raises questions about the usage rules of the services offered, especially in their free versions.

Looking back at 4 very popular solutions:

ChatGPT – Text-generating AI developed by OpenAI (United States)

You can apparently ask it anything: from drafting a document to translating a text into any language. To use the service, you just need to log in and type your question, and the algorithm responds immediately.

Does the service use your information?

According to the information provided in the ‘terms of use,’ there are two scenarios. If the data comes from the API provided by OpenAI, then no, it does not use your information. However, if the data does not come from the API, then yes, it may use your information.

The question is as follows: which services are non-API and which ones use the API? The answer can be found on OpenAI’s blog.

In conclusion, if you use the ChatGPT service, the well-known one, the default policy allows the editor to reserve the right to use the data you input into it.

However, there is a form provided by OpenAI to request that your data injected into the ChatGPT service not be utilized.

MidJourney – Image generation AI on Discord (United States)

MidJourney is an incredible algorithm. You provide it with textual instructions that it translates into images with impressive finesse and creativity. The operating principle is relatively simple. After creating an account, you log in to Discord to give artistic creation orders (referred to as /imagine prompt) in the form of keywords. You can also input a photo that belongs to you as input. Many users, in fact, input their own photos, including ID photos, family pictures, and party photos, to be modified by the algorithm.

Does the service use your information?

Yes, without any restrictions, and this is explicitly mentioned in the article ‘Rights you give to MidJourney’ in the terms of use of the service.

So, there is no ambiguity; if you submit information to MidJourney, the data becomes the property of MidJourney.

DeepL – Language-to-Language Translation AI (Germany)

A highly popular service, with its extremely user-friendly interface, DeepL is used by thousands of people every day to translate texts into various languages.

The usage is straightforward: you simply input a text and select the desired output language.

Does the service use your information?

No and yes! The service does not retain the memory of the input texts, only if you use it in a paid Pro version. The free service, on the other hand, retains and reserves the right to utilize the injected data.

ElevenLabs – Voice Generation AI (United States)

ElevenLabs offers a voice generation service. By the end of March 2023, the service was made available to the public in a Beta version with a very simple interface.

Does the service use your information?

In its free version, yes, the injected data is retained and utilized by the service.

To conclude

Is AI a revolution, and will it become a permanent fixture in the digital landscape? Absolutely yes, it’s already the case, and it will continue to accelerate by offering more and more AI services to facilitate digital usage for both the general public and organizations. For instance, in March 2023, Microsoft announced the integration of OpenAI’s algorithms into its Azure environment and the integration of Copilot (another OpenAI solution) into the Microsoft Office 365 suite. This is an enduring trend.

However, the emergence of these new uses also comes with risks, particularly for data privacy. It is essential to remind users of best practices and raise awareness of the use of these tools:

  1. Do not upload a confidential document to be translated by an algorithm without knowing what happens to the source afterward.
  2. Do not upload photos of third parties into a tool without their consent.
  3. Do not ask an algorithm to process personal data without verifying their compatibility with GDPR and security policies.

Beyond its undeniable contribution to data processing, artificial intelligence also provides internet users with the opportunity to exercise common sense and discernment.