TechLetters #176 Disinformation in European Elections was overhyped (again). ChatGPT used in information operations. Router bricking. Microsoft Recall security and privacy
European elections concluded yesterday, and despite the fears, no significant disinformation operations or activities occurred. Sure, there were some activities, but they had little to no impact. In other words, this risk was overhyped. A similar event happened prior to the previous EU elections in 2019. I’m not saying that nothing happened, it’s just that the effects weren’t there. And don’t confuse “disinformation” with “something we disagree with but is valid political outreach”.
Security
OpenAI found and terminated low-impact uses of ChatGPT for influence/information operations. What stands out is the absolutely unimpressive uses of AI in such ops. But the uses of the tool may obviously expand. So what was found? 5 operations. Russia generated fake social media profiles and content to influence geopolitical opinions. “used our models to generate comments in English, French, German, Italian and Polish”. China created pro-China narratives to shape global perceptions. “generate texts in languages including Chinese, English, Japanese and Korean”. Iran spread anti-Western propaganda and supported Iranian interests through deceptive AI-generated content. Israeli firm disseminated false narratives to sway public opinion towards specific political agendas. “content posted by these various operations focused on a wide range of issues, including Russia’s invasion of Ukraine, the conflict in Gaza, the Indian elections, politics in Europe and the United States, and criticisms of the Chinese government by Chinese dissidents and foreign governments”
Router bricking. Over 600,000 ActionTec routers of an ISP were rendered inoperable in october 2023 by a trojan due to a destructive firmware update. Required a replacement of 600,000 devices… The previous such event was the military cyberattack vs Ukraine/Viasat.
Privacy
Google's privacy incidents database leaked. It's difficult to see how this could have been done but we at least have evidence of functioning privacy engineering and management program in at least one big company. Almost none of the reported incidents seem to stand out, and all those that made sense were resolved. By the way, all EU data protection authorities have lists of data breaches that are being reported. That's lots of incidents. You're also nearly never hearing about this - and for good reasons. There's no point in disclosing them all.
Issues with Microsoft Windows Recall. An “AI” eature that constantly makes screenshots of the screen. It's based on OCR to recognise and transcribe text. It is always on and works by default. To disable it run this command in a terminal: Set-ItemProperty HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WindowsAI\DisableAIDataAnalysis -Name Value -Value 1
After criticism, Microsoft will give choice to users about enabling pervasive, always-on screenshot taking. There are also some more security and privacy changes. Feel free to remain cautious.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: