Security News Microsoft engages in damage limitation at congressional hearing (13.6.2024): Safety takes priority over AI

[Gandalf_The_Grey]

Content source

https://borncity.com/win/2024/06/16/microsoft-engages-in-damage-limitation-at-congressional-hearing-13-6-2024-safety-takes-priority-over-ai/

Microsoft has had little to laugh about when it comes to security in recent months. The security disasters and the lack of a security culture have fallen on Redmond's shoulders in the form of veritable security incidents. In a hearing held by a US Congressional Homeland Security Committee on June 13, 2024, it became clear that Microsoft was responsible for a cascade of cybersecurity breaches that degenerated into cyber incidents. Microsoft's President, Brad Smith, tried to limit the damage. The statement to Congress: Microsoft's CEO, Satya Nadella, has taken personal responsibility for cyber security at the company. And security would take priority over AI in future – a remarkable statement, given that just a short time ago it was "the end of the world if a customer wasn't fully up and running with Microsoft's AI by three".".

...

A few weeks later, Microsoft presented its Copilot+PC approach with the AI function Recall, which was actually due to be rolled out next week. The Recall function was described by security experts as a "setback for cyber security for 10 years" because it records everything the user does and makes it searchable. I had a few posts on the blog about this (see links at the end of the article Copilot+AI: Recall, a security disaster – AI-assisted theft).

Microsoft engages in damage limitation at congressional hearing (13.6.2024): Safety takes priority over AI

[German]Microsoft has had little to laugh about when it comes to security in recent months. The security disasters and the lack of a security culture have fallen on Redmond's shoulders in the form of veritable security incidents. In a hearing held by a US Congressional Homeland Security...

borncity.com

 

[Marko :)]

When Microsoft came public with Recall, they pretty much said;

Screw it! We already collect a lot of data and our users don't really care about us spying on them. So we don't see a reason why we couldn't collect a bit more.

and thought everyone will be okay with it.

People may be ok with it if it was coming from a reputable company, not Microsoft which is definitely everything, but a reputable company.

 

[kailyn]

The security disasters and the lack of a security culture

Security is not software, it is a process (of which software is only a very small aspect), and it is cultural from the home to the workplace all the way up to the global level.

People may be ok with it if it was coming from a reputable company, not Microsoft which is definitely everything, but a reputable company.

It does not matter. Regardless of anyone trying to do AI with privacy in mind, millions of entities will use AI without regard to users and their privacy. User privacy in the digital space ended decades ago. That Genei was let out of the bottle in the 1990s and cannot be put back into it.

I bet in the end many more users will want the benefits of AI such as Recall despite the risks to privacy and security. Right now the outcry is mainly from activists. Consumers, as a group, always have an overall preference for convenience. The more convenient, the more consumers are willing to look past risks.