GCHQ’s AI Report Has A Clear Message

The British intelligence and security agency GCHQ has recently released their new AI and Data Ethics Framework, that describes the agency’s future use of Artificial Intelligence (AI).  GCHQ has long been known for its expertise in code breaking and stealing secrets, which is hardly ethical by conventional standards, however, the full title of the publication 'Pioneering a New National Security: The Ethics of Artificial  Intelligence', carries an important message.  

The GCHQ report has been released ahead of the British government's  Integrated Review of Security, Defence, Foreign Policy and Development, soon due for publication and comes after the public announcement of the National Cyber Force being established. 

This report is the first sign that the UK intelligence community is stepping out of the shadows to engage in public debate.

Jeremy Fleming GCHQ’s Director says that  AI could have a profound impact on the way his organisation operates, from spotting otherwise missed clues to detecting terror plots to identifying the sources of fake news and computer viruses. AI is now present in every aspect of British life. It enables our telecommunications systems, our smartphones, our banks, our National Health Service... The UK’s global leadership in AI and data science is a major part of what has made the UK a thriving cyber power, and AI stands to add billions to the British economy.”  

AI is controversial because it relies on computer algorithms to make decisions based on patterns found in data. It is used alongside human analysts in investigations. GCHQ does not say exactly how it presently uses AI software or which data it analyses, but it relies in part on monitoring people’s phone and messaging data and watching social media profiles. 

There are numerous definitions of AI but GCHQ defines it as a type of software that can learn to find complex patterns in data. As the software does so, it can provide them with new insights or forecast future trends, and use them to automate or augment business processes. In some cases, they can use them to manage quite basic, highly-repetitive activities, while in others they might tackle more sophisticated but narrowly defined challenges. 

The UK intelligence community has deliberately avoided public debate for most of its existence and GCHQ’s report is the latest evolution to a more public-facing side that will become more and more the norm in national security debate. GCHQ is ahead of other spy agencies with the emergence of the AI dynamic and GCHQ is emerging from the shadows in describing how they intend to use it. 

Whether the other major British intelligence agencies, MI5 and SIS will also step into the light remains to be seen but with  GCHQ making its case public in this way, it is likely that the other agencies will soon follow.  

Will central bodies like the British Joint Intelligence Committee also produce public reports? Other nations already produce these kind of reports. The national Foreign Intelligence Agency Of Estonia has released its own document  and the US Director of National Intelligence has also  released their own yearly Worldwide Threat Assessment  2006.

The release of the GCHQ report on AI carries its own hidden meaning for public debate on UK national security - that we should be clever enough to read between the lines of code and see the change that is coming. The agency’s report also indicated that AI could help to better identify sources of fake news or spot deep fake images, which come typically from Russia, and more quickly spot and trace malicious virus software that often emerges from China or North Korea.

AI is likely to be used comprehensively, the overarching decisions making process at GCHQ will still be made by people. It states:  “GCHQ's specialists share the same concerns voiced by many external experts around using AI to make predictions about individuals, their behaviour and motivations... AI software can help triage and prioritise across our data sources. It can suggest previously unseen patterns and learn to identify valuable behavioural indicators. But it is not yet sophisticated enough to be trusted to make independent decisions based on those outputs. “

In this case, GCHQ expects its use of  to AI to resemble the 'augmented intelligence model' in which AI software can collate information from relevant sources and flag significant conclusions for review by a human analyst, but does not automate any action as a result, using it to support the human decision-making process rather than determining it.

GCHQ:     Estonia National Intelligence Service:      CapX:      I-HLS:       Sky:    RUSI:   

Guardian:       About Intel:        Diginomica:

You Might Also Read: 

GCHQ Deploys AI To Stop Human Trafficking & Child Sex Abuse:

 

« Multiple Airlines Hit By Supply Chain Attack
A New Data Management Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Security Compass

Security Compass

Security Compass, the Security by Design Company, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

Web3fied

Web3fied

Web3fied is a seed stage company building the future of decentralized digital identity and credentials management.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.