Artificial Intelligence (AI) is no longer the future – it is already in use in our homes, cars, and, often, our pockets. As the technology continues to expand its role in our lives, an important question has emerged: what level of trust can—and should—we place in AI systems?
That is the very question that the EU Commission has set out to answer with its newly proposed EU Artificial Intelligence Act. “On artificial intelligence, trust is a must, not a nice to have,” said Margrethe Vestager, the Executive Vice President of the European Commission for A Europe Fit for the Digital Age. “With these landmark rules, the EU is spearheading the development of new global norms to make sure AI can be trusted.”
While we can all agree with Margrethe, the new regulation alone will not solve the problem. For any law to have absolute power and durability, it takes a team of trustworthy people to enforce the rules and drive greater technology awareness. Within organizations, leading the enforcement and education will ultimately fall onto the Chief Information Security Officer (CISO).
Traditionally, a CISO evaluates business opportunities against security risks that can potentially compromise long-term financial rewards. With the rise of new technology and its subsequent regulations, the role of the CISO is expanding to ensure company compliance with regulations like GDPR and education of employees on personal data requirements to keep everyone safe.
Questioning the technology status quo
With concerns rising from consumers and citizens and the increasing need for more ethics and trust, we need to put limits to ensure sound and fair use of AI technologies. The new EU Artificial Intelligence Act is beneficial because it will dictate the rules and force companies to examine the societal implications of rapid technology adoption.
We must find a balance between technology benefits and risks. With the emergence of AI-enabled applications, traditional surveillance is transforming into smart video with new use cases that transcend what we consider surveillance today. Unfortunately, under the pretext of protection, camera operators risk exposing everyone within sight. We tend to overlook what data is collected or if it is secure for the greater good.
Any technology use and innovation must be transparent and explainable.
In 2020, amidst the COVID-19 disruption, France launched its contact tracing application, but its adoption was incredibly low because most citizens questioned the technology used and how the data was collected and stored. It forced the French government to rethink its approach and launch a new, “enriched” version of the application.
Stories like this one are not unique. Remember what happened when the Coronavirus caused the UK government to eliminate teacher-predicted grades and switch to using an algorithm based on schools’ past performance? Or the Apple Card, which favored men over women because of a lack of gender data?
We must take a 360° approach when using any technology. To fully leverage AI, we need to look at the infrastructure in place, the algorithms involved, the quality of the data we have, who has access, and security protocols. The approach must include greater transparency on the data used and education for the people impacted by the technology.
Whether the focus is new methods of working, new technologies, or some other type of change, the story is always the same. It takes time and effort but, in the end, building trust is the only way to launch and sustain a successful digital transformation.
CISOs and artificial intelligence
The role of the CISO is evolving at a fast pace. Regulations are constantly changing the way business is executed. Twenty years ago, the job was basically to manage the firewall and secure the perimeter. You didn’t have to know much about what you were protecting if you knew which technology solutions would do the best job of keeping the bad guys out of your business.
The world today is drastically different. Digital technologies have infused every part of business and decision-making processes, raising the level of risk and, therefore, the importance of the CISO role. We see unexpected coupling, like CISO and legal, because both positions intersect on data governance. The CISO supports business growth and ensures operations and data are secure using all technologies available at our fingertips.
The future CISO role will guide an organization through a rapid transformation and continuous marketplace disruption. As we look for the most meaningful ways to make data-based business decisions, AI, machine learning, and robotic process automation will inevitably be a part of this process. The EU Artificial Intelligence Act lays the foundation for a sustainable digital economy, and the CISO will institute this data-driven future on trust.