The Weekly Cybers #55
AI doesn’t work, AI makes you dumb, AI for HR is high-risk, the US says don’t worry about AI safety, and Apple fights a UK backdoor order.
Welcome to a very crowded week
There’s a lot of artificial intelligence (AI) this week, and not all of it is good.
Apparently AI can make you dumber, and participants in a Treasury trial were far more likely to find AI to be of little use once they’d actually tried using it for real work.
A parliamentary committee says using AI for HR is high-risk, but the US reckons we’re too worried about AI safety and should focus instead on tech industry growth.
Meanwhile a battle is emerging between Apple and the UK government over access to encrypted data. Will the Crypto Wars ever end?
And there’s an update on Australia’s age assurance technology trial, and much more. Read on!
Australia signs AI declaration, but not US or UK
International diplomacy on AI took a step forward this week at the two-day AI Action Summit in Paris.
A majority of the nations taking part, including most of the world’s richest nations, affirmed that their main priorities include ensuring that AI is “open, inclusive, transparent, ethical, safe, secure and trustworthy”, encouraging deployment that “positively shapes the future of work and labour markets”, and making AI “sustainable for people and the planet”.
The Statement on Inclusive and Sustainable Artificial Intelligence for People and the Planet was signed by 61 nations and international organisations, including Australia and New Zealand.
The US and UK did not sign the declaration, however.
US vice president JD Vance said too much regulation could “kill a transformative industry just as it's taking off”, and that AI was “an opportunity that the Trump administration will not squander”. Pro-growth policies should have priority over safety, he said.
The UK’s reasons were almost the complete opposite, with a government spokesperson saying: “We felt the declaration didn’t provide enough practical clarity on global governance, nor sufficiently address harder questions around national security and the challenge AI poses to it.”
UK demands Apple backdoor, Apple refuses
The UK government has ordered Apple to create a backdoor into its customers’ encrypted iCloud data storage, using the controversial powers in the Investigatory Powers Act.
Apparently last month Apple received a “technical capability notice”, which requires Apple to build in such a capability.
The focus is Apple’s iCloud Advanced Data Protection system, which encrypts data with keys held only by the user, as opposed to keys which are also held by Apple, so Apple is unable to decrypt the data even if it wanted to.
One commentator doesn’t like this framing, however, saying it’s not a backdoor but that it’s “just to ensure that existing access methods remain available… as they were with iCloud up until November 2022”.
My comment on that would be that he’s limiting the meaning of the term “backdoor” to a technical one about encryption, rather than a broader term meaning “access to communications that the user would expect to be private”.
The UK is not alone
It’s worth noting that the Australian government has broadly similar powers, also called a technical capability notice (TCN), which were introduced via the so-called Assistance and Access Act at the end of 2018.
For all we know, Australia may have already made such a demand of Apple, because the TCN system operates under a veil of secrecy.
Have governments already lost the Crypto Wars?
All that said, an interesting piece at Seriously Risky Business suggests that governments are losing the Crypto Wars, quoting Ciaran Martin, the former head of the UK’s National Cyber Security Centre (NCSC).
Martin doesn’t mean that governments, “especially the UK’s, and to some extent Australia and the EU),” have stopped fighting battles to gain access to encrypted communications. “I just mean it’s clear they can’t win them. They’ve lost."
It’s interesting argument, well worth reading in full.
BONUS LINKS: I’ve written at length about the development of Australia’s anti-encryption laws for the Carnegie Endowment for International Peace in The Encryption Debate in Australia (May 2019) and The Encryption Debate in Australia: 2021 Update (March 2011).
Using AI for HR is “high risk”, says Reps inquiry
A parliamentary committee has recommended that the use of AI in human resources (HR) contexts be classified as high-risk, with any use only coming after “meaningful consultation and transparency” with staff.
This and many other recommendations were made in the House of Reps Standing Committee on Employment, Education and Training report The Future of Work, the result of its inquiry into the digital transformation of workplaces.
The high-risk category would apply to employment-related purposes “including recruitment, referral, hiring, remuneration, promotion, training, apprenticeship, transfer or termination”.
Whether anything is ever done with this report remains to be seen.
Treasury trials Microsoft Copilot, not impressed
The Australian Centre for Evaluation (ACE) tested Microsoft Copilot, the company’s AI system, for Treasury. As The Mandarin reports, it showed at best mixed results, “with users finding it unreliable, inefficient, and prone to generating fictional content”.
“One of the most blistering findings is that trial participants who reckoned the technology was of little to use soared from 6% before the trial to 59% after the trial, an almost tenfold increase.”
For more damning quotes, see ACE’s full evaluation.
Update on the age assurance technology trial
Australia’s Age Assurance Technology Trial has published its second newsletter, which details what’s been done so far. And so far they’ve been planning.
“We have previously published our Project Plan (PDF) and an Initial Impartiality Report (PDF). We aim to make documents public as soon as practical, and the philosophy of the trial is to be transparent by default.”
An important new document is the 88-page Evaluation Proposal, which makes clear what is and isn’t being tested, and which demonstrates how well this is being run. ISO 17065 Accreditation for laboratory testing and all that good stuff.
The next step will be to complete a more extensive Practice Statement, “the basis for the detailed design of the trial process for each method being considered”.
In other words, no actual testing has been done yet. Nor have specific accuracy targets been set by the government, at least that I know of. But this trial will determine what accuracy levels can be achieved by the technology being put forward.
I’ve only skimmed the documents so far. I’ll try to find time for some actual analysis in the coming weeks. None of this will happen quickly.
IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Also in the news
- Australia has joined the US and UK in sanctioning Russia-based Zservers, a bulletproof hosting services provider, for its role in supporting the LockBit ransomware attacks, including the 2022 attack on Medibank. Your writer is amused that several mastheads referred to these three countries as AUKUS members, although this has nothing to do with AUKUS.
- NBN Co’s full-fibre upgrades have reached a record high, with “more than 217,000” premises upgraded in the second half of 2024.
- The Scams Prevention Framework Bill was passed. As previously reported, Treasury has issued a guidebook on how it will work. Not everyone is happy.
- The Health Legislation Amendment (Modernising My Health Record — Sharing by Default) Bill was passed. This basically means that providers of prescribed healthcare services, mostly diagnostic scans and pathology tests, will have to promptly upload data to the My Health Record (MHR) system if they want to get their money from Medicare — unless the patient has said they don’t want this to happen. If you’ve previously said no to MHR, this will not change.
- The Oversight Legislation Amendment (Robodebt Royal Commission Response and Other Measures) Bill was passed. It’s a lot of technical stuff about oversight and investigations.
- Centre Alliance MP Rebekha Sharkie introduced the Interactive Gambling Amendment (Know Your Losses Activity Statement) Bill. This would change the current requirement to give gamblers a monthly wins-losses statement to providing running totals in real-time.
- One of Australia’s highest-profile AI experts, UNSW’s Professor Toby Walsh, says that while some tech leaders think AI could outsmart us and wipe out humanity. “I’m a professor of AI – and I’m not worried”.
Elsewhere
- Using AI reduces your critical thinking skills, according to research by Microsoft in their paper (PDF), “The Impact of Generative AI on Critical Thinking: Self-Reported Reductions in Cognitive Effort and Confidence Effects From a Survey of Knowledge Workers”.
- Via The Conversation, “Hate speech on X was consistently 50% higher for at least eight months after tech billionaire Elon Musk bought the social media platform, new research has found.”
- This one is elsewhen rather than elsewhere. A great little feature on how Google Maps was created in Australia some 20 years ago.
Inquiries of note
- From Treasury, “The government will ban the use of adverse predictive genetic testing results in life insurance. We invite views on design issues for the measure.” Submissions close 12 March.
What’s next?
Parliament is now taking a break. Both houses return for three days of sittings on Tuesday 25 March, then the Senate only returns for two weeks starting Monday 7 April. Unless the election is called, which now seems likely.
The 2025 federal election could be as early as 22 March and as late as 17 May, assuming Albanese goes for a simultaneous half-Senate and House of Representatives election, which is the usual pattern.
It's possible for the House of Reps elections to be delayed until as late as 27 September, but it's a courageous PM who tries to run two federal elections in one year.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.