U.S. Targets Firms on Cyber Risk --- Administration wants software developers liable for products that lack protections

"WASHINGTON -- The Biden administration said it would pursue laws to establish liability for software companies that sell technology that lacks cybersecurity protections, concluding that market forces alone aren't sufficient to guard consumers and the nation.

Free markets and a reliance on voluntary security frameworks have imposed "inadequate costs" on companies that offer insecure products or services, according to a national cybersecurity strategy released Thursday. It says the administration would work with Congress and the private sector to create liability for software vendors, sketching out in broad terms what such legislation should entail.

"We must begin to shift the liability onto those entities that fail to take reasonable precautions to secure their software while recognizing that even the most advanced software security programs cannot prevent all vulnerabilities," says the 35-page strategy, an interagency product that was written by the office of the national cyber director, which is part of the executive office of the president. Thursday's strategy also advocates developing a more expansive framework of cybersecurity regulations to protect the nation's critical infrastructure -- a categorization that includes energy operators, hospitals and banks, among others.

Any legislation supported by the administration should prevent software makers from avoiding liability by contract and create higher standards for software in specific high-risk situations, the strategy says. The administration would work to develop an evolving safe harbor framework -- borrowing from current best practices for secure software -- to shield companies from liability, it adds.

Such a push on software liability, if successful, would pivot national cybersecurity policy in the U.S. after several Democratic and Republican administrations favored an approach that largely relied on software vendors and other businesses to voluntarily manage their own cybersecurity. President Biden, in a signed cover letter, said the strategy "takes on the systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organizations."

Major software companies "can and should shoulder a bigger share of the cyber risk," Kemba Walden, acting national cyber director, said during a media briefing. Hacks of widely used software can be devastating and far reaching, officials and experts have said, such as an alleged Chinese cyberattack on Microsoft email software in 2021 that rendered hundreds of thousands of mostly small businesses and organizations vulnerable to intrusion.

For more than a decade lawmakers in both parties have sought to create certain cybersecurity requirements on companies, but legislative efforts have typically crumbled in the face of opposition from business interests, which often argued such requirements would be onerous and costly, as well as stifle innovation.

"Makers of enterprise software take seriously their responsibilities to customers and the public, and continuously work to evolve the security of their products to meet new threats," Victoria Espinel, president of BSA | The Software Alliance, a trade group, said in a statement about the strategy. Ms. Espinel said the document offered a "thoughtful path" for industry and government collaboration.

A senior administration official said the liability push was a "long-term process" that could take many years to develop. "We don't anticipate this is something where we are going to see a new law on the books within the next year," the official said.

The strategy offers a sober assessment of mounting security risks associated with the accelerating integration of digital and physical realities into every facet of daily life, business and commerce that has defined the 21st century -- a trend it says has made the problem of insecure technology an urgent national priority.

In addition to making a forceful call for expanded liability, the plan reiterates several priorities that have frequently been listed by various senior cybersecurity officials, such as urging more collaboration and threat-intelligence sharing with the private sector, forging international partnerships to develop cyber norms, and modernizing federal technology." [1]

 

1. U.S. News: U.S. Targets Firms on Cyber Risk --- Administration wants software developers liable for products that lack protections
Volz, Dustin.  Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 03 Mar 2023: A.6.   
  

„Apple“ blokuoja programos atnaujinimą, naudojantį „ChatGPT“

„Remiantis pranešimais, kuriuos Apple išsiuntė programėlės gamintojui, „Apple Inc.“ atidėjo el. pašto programėlės atnaujinimo su dirbtiniu intelektu valdomų kalbos įrankių patvirtinimą dėl susirūpinimo, kad jis gali sukurti vaikams netinkamo turinio. Programinės įrangos kūrėjas nesutinka su Apple sprendimu.

 

     Ginčas rodo didelį susirūpinimą dėl to, ar kalbą generuojančios dirbtinio intelekto priemonės, tokios, kaip „ChatGPT“, yra paruoštos plačiai naudoti.

 

     „Apple“ praėjusią savaitę ėmėsi veiksmų blokuoti el. pašto programos „BlueMail“ atnaujinimą, nes nerimauja, kad naujoji AI funkcija programoje gali rodyti netinkamą turinį, teigia Benas Volachas, „BlueMail“ kūrėjo „Blix Inc.“ įkūrėjas ir „The Wall Street J.“ peržiūrimi dokumentai.

 

     Naujoji BlueMail AI funkcija naudoja naujausią OpenAI ChatGPT pokalbių robotą, padedantį automatizuoti el. laiškų rašymą, naudojant ankstesnių el. laiškų ir kalendoriaus įvykių turinį. „ChatGPT“ leidžia vartotojams bendrauti su dirbtiniu intelektu iš pažiūros žmogiškais būdais ir gali pažangiai rašyti ilgomis formomis įvairiomis temomis.

 

     „Jūsų programoje yra dirbtinio intelekto sugeneruoto turinio, tačiau šiuo metu, atrodo, nėra turinio filtravimo“, – praėjusią savaitę „Apple“ programų peržiūros komanda pranešė žurnalo peržiūrėtam kūrėjui skirtame pranešime.

 

     Programų peržiūros komanda teigė, kad kadangi programa gali sukurti turinį, netinkamą visoms auditorijoms, „BlueMail“ turėtų padidinti amžiaus apribojimą iki 17 metų ir vyresnių arba įtraukti turinio filtravimą, rodo dokumentai. P. Volachas sako, kad turi turinio filtravimo galimybes. Programos apribojimas šiuo metu nustatytas 4 metų ir vyresniems naudotojams. „Apple“ amžiaus apribojimas 17 metų ir vyresniems yra skirtas programų kategorijoms, kuriose gali būti viskas – nuo įžeidžiančios kalbos iki seksualinio turinio ir užuominų į narkotikus. P. Volachas teigia, kad šis prašymas yra nesąžiningas ir kad kitos programėlės su panašiomis AI funkcijomis be amžiaus apribojimų jau leidžiamos Apple vartotojams.

 

     „Apple“ labai apsunkina naujovių diegimą jos vartotojams“, – sakė ponas Volachas.

 

     „Apple“ atstovas sakė, kad kūrėjai gali užginčyti atmetimą per App Review Board apeliacinį procesą ir kad ji tiria Blix skundą.

 

     Vadinamasis generatyvusis AI tapo viena iš labiausiai stebimų besivystančių technologijų per dešimtmečius, kurią pirmiausia pradėjo „ChatGPT“, „OpenAI“ sukurtas pokalbių robotas.

 

     Ši technologija greitai sukėlė ginčus. Išleidus „Microsoft Corp.“ paieškos variklį „Bing“, maitinamą „ChatGPT“, pirmieji bandytojai susirūpino pokalbių roboto sugeneruotais atsakymais, įskaitant neteisingą informaciją, taip pat iš pažiūros kvailus ir piktus atsakymus. „Microsoft“, investavusi milijardus į OpenAI, gynė „Bing“ atnaujinimą, kaip nebaigtą darbą.

 

     „Apple“ jau seniai teigė, kad turi atidžiai kuruoti ir peržiūrėti, kokią programinę įrangą galima pasiekti „iPhone“ ir „iPad“ per „App Store“, kad jos produktai būtų privatūs ir saugūs.

 

     „Microsoft“ neseniai išleido atnaujintą „Bing“ išmaniųjų telefonų programos versiją su „ChatGPT“ funkcija „Apple App Store“ ir „Google“ „Android Play Store“. „Bing“ yra įtrauktas į „iPhone App Store“ su 17 metų ir vyresnių amžiaus apribojimu, kurio „Apple“ prašo „BlueMail“, o „Bing“ „Google Play“ parduotuvėje neturi amžiaus apribojimų. „Bing“ programėlėje „App Store“ jau buvo taikomas 17 metų ir vyresnių amžiaus apribojimas, nes programėlė gali rasti turinį suaugusiesiems, sakė „Microsoft“ atstovas.

 

     „BlueMail“ „Apple“ atmetė, praėjus savaitei po to, kai bendrovė pateikė programos atnaujinimą peržiūrėti. P. Volachas sakė, kad „Apple“ kiekvieną dieną naudojo bandomąją atnaujintos programėlės versiją, kol gavo atsakymą. „BlueMail“ sugebėjo atnaujinti savo „Android BlueMail“ programą „Google Play“ programėlių parduotuvėje be jokių užklausų dėl amžiaus apribojimo ar tolesnio turinio filtravimo, sakė P. Volachas.

 

     P. Volachas sako, kad „Apple“ nesąžiningai taikosi į „BlueMail“. Programoje yra turinio filtravimas, o taikant didesnį amžiaus apribojimą programai gali būti apribotas platinimas potencialiems naujiems vartotojams, sakė jis. P. Volachas taip pat sakė, kad daugelis kitų programų, reklamuojančių į „ChatGPT“ panašią funkciją, pateiktą „Apple App Store“, neturi amžiaus apribojimų.

 

     „Mes norime sąžiningumo“, – sakė ponas Volachas. „Jei iš mūsų reikalaujama būti 17 metų ir vyresni, tai turėtų daryti ir kiti.

 

     Ponas Volachas turėjo ginčytiną istoriją su „Apple“. 2019 m. „Apple“ paskelbė apie programinės įrangos funkciją „Prisijungti naudojant „Apple“, kuri leidžia vartotojams prisijungti prie programos nepateikiant asmeninės informacijos, pvz., el. pašto adreso. Blix anksčiau buvo užpatentavęs panašią funkciją. Netrukus po to, kai buvo paskelbta apie „Apple“ prisijungimo funkciją, „Apple“ pašalino „BlueMail“ programą iš savo „Mac“ programų parduotuvės. Tuo metu „Apple“ teigė, kad „BlueMail“ programa buvo pašalinta dėl saugumo problemų. P. Volachas sakė, kad niekada nebuvo saugumo problemų ir kad „Apple“ galiausiai patvirtino programą po daugelio mėnesių.

 

     Anksčiau „Apple“ kartais aptikdavo problemą, susijusią su programa, dėl kurios bendrovė pradėjo taikyti naują taisyklę plačiau. Pradinis nenuoseklumas, taikant „App Store“ politiką – ypač naujas taisykles, egzistuoja. Tai nėra neįprasta, sakė Phillipas Shoemakeris, buvęs Apple App Store peržiūros komandos vyresnysis direktorius, palikęs 2016 m.

 

     Yra šimtai asmenų, peržiūrinčių kiekvieną programą, ir „ne visi mato tą patį“, – sakė J. Shoemaker. "Kai kurie peržiūri programas greičiau, nei kiti, ir jiems gali trūkti dalykų. Nenuoseklumas gali būti dėl įvairių priežasčių."

 

     2011 m. pristatydama „Siri“ balso asistentą, „Apple“ buvo ankstyvoji AI technologijų dalis. Remiantis žurnale peržiūrėtais vidaus dokumentais, praėjusį mėnesį vykusioje vidinėje AI konferencijoje, skirtoje įmonės darbuotojams, sesijos buvo skirtos tokioms sritims, kaip kompiuterinis regėjimas, sveikatos priežiūra ir privatumas.

 

     Vasario mėn. per ketvirtinį uždarbių konferencinį pokalbį „Apple“ vadovas Timas Cookas sakė, kad dirbtinis intelektas yra „svarbiausias mūsų dėmesys“, atkreipdamas dėmesį į tokias AI funkcijas, kaip avarijų aptikimas." [1]

 

1.  Apple Blocks Update of App Using ChatGPT
Tilley, Aaron.  Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 03 Mar 2023: B.1.

Apple Blocks Update of App Using ChatGPT

"Apple Inc. has delayed the approval of an email-app update with AI-powered language tools over concerns that it could generate inappropriate content for children, according to communications Apple sent to the app maker. The software developer disagrees with Apple's decision.

The dispute shows the broad concerns about whether language-generating artificial-intelligence tools, such as ChatGPT, are ready for widespread use.

Apple took steps last week to block an update of email app BlueMail because of concerns that a new AI feature in the app could show inappropriate content, according to Ben Volach, co-founder of BlueMail developer Blix Inc., and documents viewed by The Wall Street Journal.

BlueMail's new AI feature uses OpenAI's latest ChatGPT chatbot to help automate the writing of emails using the contents of prior emails and calendar events. ChatGPT allows users to converse with an AI in seemingly humanlike ways and is capable of advanced long-form writing on a variety of topics.

"Your app includes AI-generated content but does not appear to include content filtering at this time," Apple's app-review team said last week in a message to the developer reviewed by the Journal.

The app-review team said that because the app could produce content not appropriate for all audiences, BlueMail should move up its age restriction to 17 and older, or include content filtering, the documents show. Mr. Volach says it has content-filtering capabilities. The app's restriction is currently set for users 4 years old and older. Apple's age restriction for 17 and older is for categories of apps that may include everything from offensive language to sexual content and references to drugs. Mr. Volach says that this request is unfair and that other apps with similar AI functions without age restrictions are already allowed for Apple users.

"Apple is making it really hard for us to bring innovation to our users," said Mr. Volach.

An Apple spokesman said that developers can challenge a rejection through its App Review Board appeal process and that it is investigating Blix's complaint.

So-called generative AI has emerged as one of the most closely watched developing technologies in decades, primarily kicked off by ChatGPT, a chatbot created by OpenAI.

The technology has quickly generated controversy. Following the release of Microsoft Corp.'s Bing search engine powered by ChatGPT, early testers grew concerned with responses generated by the chatbot, including incorrect information as well as seemingly unhinged and angry responses. Microsoft, which has invested billions in OpenAI, defended the Bing upgrade as a work in progress.

Apple has long said it must carefully curate and review what software can be accessed on the iPhone and iPad through its App Store to keep its products private and secure.

Microsoft recently released an updated version of its Bing smartphone app with the ChatGPT functionality to Apple's App Store and Google's Android Play Store. Bing is listed in the iPhone App Store with the 17-and-older age restriction that Apple is asking of BlueMail, while Bing on the Google Play store has no age restrictions. Bing in the App Store already had a 17-and-up age restriction because of the app's ability to find adult content, a Microsoft spokesman said.

For BlueMail, Apple's rejection came a week after the company submitted the app upgrade for review. Mr. Volach said Apple used a test version of the upgraded app every day before he got a response. BlueMail was able to update its Android BlueMail app on the Google Play app store without any requests for age restriction or further content filtering, Mr. Volach said.

Mr. Volach says Apple is unfairly targeting BlueMail. The app has content filtering, and placing a higher age restriction on the app could limit distribution to potential new users, he said. Mr. Volach also said many other apps that advertise a ChatGPT-like feature listed on Apple's App Store don't have age restrictions.

"We want fairness," said Mr. Volach. "If we're required to be 17-plus, then others should also have to."

Mr. Volach has had a contentious history with Apple. In 2019, Apple announced a software feature called "Sign in with Apple," which allows users to sign into an app without having to give away personal information such as email. Blix had patented a similar feature earlier. Soon after Apple's sign-in feature was announced, Apple removed the BlueMail app from its Mac app store. At the time, Apple said the removal of the BlueMail app was due to security concerns. Mr. Volach said that there was never a security issue and that Apple eventually ended up approving the app many months later.

In the past, Apple has at times discovered an issue with an app that leads the company to apply a new rule more broadly. Initial inconsistency in applying App Store policies -- especially new policies -- isn't uncommon, said Phillip Shoemaker, former senior director of the App Store review team at Apple, who left in 2016.

There are hundreds of individuals reviewing each app, and "not everyone sees the same thing," Mr. Shoemaker said. "Some are viewing apps faster than others and could be missing things. The inconsistency could be for a variety of reasons."

Apple was an early entrant in bringing AI technology mainstream with the introduction of the Siri voice assistant in 2011. But to date, Apple appears to have stayed out of the fray of generative AI. At an internal AI conference for company employees last month, sessions were focused on areas such as computer vision, healthcare and privacy, according to internal documents viewed by the Journal.

In February, on the quarterly earnings conference call, Apple Chief Executive Tim Cook said AI "is a major focus of ours," pointing out AI-enabled features such as crash detection." [1]

 

1.  Apple Blocks Update of App Using ChatGPT
Tilley, Aaron.  Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 03 Mar 2023: B.1.