GCHQ’s AI Report Has A Clear Message

The British intelligence and security agency GCHQ has recently released their new AI and Data Ethics Framework, that describes the agency’s future use of Artificial Intelligence (AI).  GCHQ has long been known for its expertise in code breaking and stealing secrets, which is hardly ethical by conventional standards, however, the full title of the publication 'Pioneering a New National Security: The Ethics of Artificial  Intelligence', carries an important message.  

The GCHQ report has been released ahead of the British government's  Integrated Review of Security, Defence, Foreign Policy and Development, soon due for publication and comes after the public announcement of the National Cyber Force being established. 

This report is the first sign that the UK intelligence community is stepping out of the shadows to engage in public debate.

Jeremy Fleming GCHQ’s Director says that  AI could have a profound impact on the way his organisation operates, from spotting otherwise missed clues to detecting terror plots to identifying the sources of fake news and computer viruses. AI is now present in every aspect of British life. It enables our telecommunications systems, our smartphones, our banks, our National Health Service... The UK’s global leadership in AI and data science is a major part of what has made the UK a thriving cyber power, and AI stands to add billions to the British economy.”  

AI is controversial because it relies on computer algorithms to make decisions based on patterns found in data. It is used alongside human analysts in investigations. GCHQ does not say exactly how it presently uses AI software or which data it analyses, but it relies in part on monitoring people’s phone and messaging data and watching social media profiles. 

There are numerous definitions of AI but GCHQ defines it as a type of software that can learn to find complex patterns in data. As the software does so, it can provide them with new insights or forecast future trends, and use them to automate or augment business processes. In some cases, they can use them to manage quite basic, highly-repetitive activities, while in others they might tackle more sophisticated but narrowly defined challenges. 

The UK intelligence community has deliberately avoided public debate for most of its existence and GCHQ’s report is the latest evolution to a more public-facing side that will become more and more the norm in national security debate. GCHQ is ahead of other spy agencies with the emergence of the AI dynamic and GCHQ is emerging from the shadows in describing how they intend to use it. 

Whether the other major British intelligence agencies, MI5 and SIS will also step into the light remains to be seen but with  GCHQ making its case public in this way, it is likely that the other agencies will soon follow.  

Will central bodies like the British Joint Intelligence Committee also produce public reports? Other nations already produce these kind of reports. The national Foreign Intelligence Agency Of Estonia has released its own document  and the US Director of National Intelligence has also  released their own yearly Worldwide Threat Assessment  2006.

The release of the GCHQ report on AI carries its own hidden meaning for public debate on UK national security - that we should be clever enough to read between the lines of code and see the change that is coming. The agency’s report also indicated that AI could help to better identify sources of fake news or spot deep fake images, which come typically from Russia, and more quickly spot and trace malicious virus software that often emerges from China or North Korea.

AI is likely to be used comprehensively, the overarching decisions making process at GCHQ will still be made by people. It states:  “GCHQ's specialists share the same concerns voiced by many external experts around using AI to make predictions about individuals, their behaviour and motivations... AI software can help triage and prioritise across our data sources. It can suggest previously unseen patterns and learn to identify valuable behavioural indicators. But it is not yet sophisticated enough to be trusted to make independent decisions based on those outputs. “

In this case, GCHQ expects its use of  to AI to resemble the 'augmented intelligence model' in which AI software can collate information from relevant sources and flag significant conclusions for review by a human analyst, but does not automate any action as a result, using it to support the human decision-making process rather than determining it.

GCHQ:     Estonia National Intelligence Service:      CapX:      I-HLS:       Sky:    RUSI:   

Guardian:       About Intel:        Diginomica:

You Might Also Read: 

GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse:

 

« Multiple Airlines Hit By Supply Chain Attack
A New Data Management Strategy »

Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

WEBINAR: How To Build A Security Observability Strategy In AWS

WEBINAR: How To Build A Security Observability Strategy In AWS

Thursday, Apr 22, 2021 - Join this webinar to learn how to build a security observability strategy in AWS, covering cloud-native monitoring sources, guardrails, and automation capabilities.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

Security Onion Solutions

Security Onion Solutions

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

DB CyberTech

DB CyberTech

DB CyberTech provides predictive security solutions that alerts to potential data loss from databases before any loss actually occurs.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.