AI is the creation of something new by computers using the thinking of the human mind. It is the creation of machines that can think like humans, take decisions, and interpret the data provided to it accurately. AI uses data of gigantic proportions to train algorithms. More the data, better the results.
The input of such high-level data in AI to generate results has led to a very complex and integral link between AI, data breaches and intellectual property (IP). Since AI systems input already existing data to generate output to develop their intelligence, it leaves the intellectual property of every individual and organisation at a very vulnerable spot, especially now when AI has permeated every thinkable sphere of the world – business, tech, education, medicine, marketing, communication, and arts.
Advertisement
The AI systems are data hungry systems. When there is so much data involved, data breach is a natural phenomenon. The data breach opens the risk of IP and related infringement. The AI systems obtain data from various sources. These sources can be predefined databases that contain data in a structured form, knowledge bases containing large amount of information, historical data, real time data such as stock markets and more.
Problem of Authorisation
The burning issue with all the databases is whether the data within these have been authorised by the owners of such data to be used by the AI systems. The data contained in these databases, being used by the AI systems without the permission and authorisation of the owners, constitutes as data breach.
Advertisement
For example, ChatGPT developed by OpenAI, is a chatbot which inputs data to develop from various sources such as books, news articles, journals, and other human origin data to generate responses. ChatGPT has been accused of various data breach as it uses unauthorised data to train itself. A class action lawsuit was filed by George R. R. Martin known for writing a popular book called Game of Thrones (“GOT”) series, along with seventeen other authors who blamed that OpenAI illegally copied the copyrighted works of the authors to train ChatGPT.
In fact, recently a rapper, Pras, also found himself in a tough situation when his trial attorney used an artificial intelligence program to prepare a closing argument that as per Pras was detrimental to his case and led to him being sentenced to prison. Pras had to resort to filing a fresh motion for a new trial. The owner of the artificial intelligence program has defended the program by saying that human input is also paramount. A fiery debate on proprietary rights in AI is also brewing as there can be implications of AI using data owned by a third party without a license and creating derivative works which could have a separate ownership too thereby attracting infringement provisions.
Further, AI systems such as ‘Stable Diffusion’ developed by Stability.AI, ‘Midjourney’ and others also generate images and graphics. These systems contain almost six billion unauthorised tagged images compiled from the web randomly, which includes a substantial number of trademarked and copyrighted material leading to a very high value data breach to the original owners of the images and graphics.
Along with this, the AI systems are a major threat to the trade secrets of an organisation. The weak security measures for data protection leads to unwarranted data collection by the AI systems. Every brand and organisation survive on customer loyalty which has been built over the years. The customer loyalty is because of the goodwill and reputation which is linked to the IP of the organisation.
Advertisement
The Danger Of Leak
The potential threat of the leakage of the trade secrets of an organisation, such as information concerning the manufacturing process, advertising and branding strategies, designs and drawings of logos or computer programs and other commercial information such as list of customers and suppliers, by the AI systems can give an unfair competitive advantage to similar organisations who may bask in on the success and R&D of the organisation to build their own IP and strategies.
Due to the high level of data being fed into the AI systems, which may be beyond the comprehension of the human brain and the creators of AI, AI has become the easiest way for breach of data of IP and poses a threat to the safety and security of the public at large. For example, OpenAI, owner of ChatGPT, confirmed a bug in the chatbot’s source code may have caused a data leak.
Advertisement
According to OpenAI, a vulnerability in the Redis open-source library used by ChatGPT meant that “some users” were able to see “titles from another active user’s chat history”. The company also admitted that the bug may have caused the “unintentional visibility of payment-related information” for premium ChatGPT users that were active between 1-10am PST on March 20, 2023.
This meant that the names, email addresses, payment addresses, credit card type and last four digits of the payment card number of active users may have been visible to other users during this period. Each passing second, AI is becoming more advanced in terms of analysing human behaviour, patterns, like and preferences, and to a certain extent even the thoughts and emotions of humans.
Advertisement
The confidential and personal information being rotated and extracted by AI is without the consent of the public at large and similarly, consent is not being taken by the developers of AI as well. As AI is tracking the movements and activities of human at every second basis, this data is being misused by many individuals and organisations as leakage and availability of data is at an all level high. Confidential information of companies, government and individuals are at a greater risk of being leaked and being made publicly available at the hands of the varied AI systems.
Need To Adapt
Advertisement
The provisions and rules of Information Technology Act of various countries across the globe should incorporate such potential data breach risks within their Act. The provisions being added should be incorporated keeping a broader view as the data through AI is very fluid and is beyond transborder restrictions of any kind. Such provisions will at least keep a check on the ethical use of AI and provide relief to persons affected by it.
To further strengthen defences, encryption of data, federation of data wherein data can be protected under one head, at a unified system and anonymization technique should be done to boost data protection. Organisations and Individuals should also strictly monitor their data and set out clear data usage policies, so that in case of any data breach, they can state their policies clearly in the courts. To curb the impact of data breach on IP, and the potential infringement and exposure of IP, IP laws should be developed further with a broadened view.
Stricter policies and provisions should be included which give clarity to ‘authorisation of use’ and ‘licence rights’. Further, all IP agreements should include clauses wherein the rights and obligations of third parties with respect to the IP data should be clearly mentioned and the protection the third parties need to take to protect their IP.
In conclusion, AI’s potential and easy accessibility of data requires dedicated attention for protection from any data breach. The risks of the AI systems should be mitigated to develop a well-protected future, wherein nobody faces loses due to the high volume of data and its potential breach.
(Author is an experienced IPR lawyer. Views expressed here are personal)