GUEST BLOG. Let’s start with the elephant in the room: artificial intelligence (AI). Artificial intelligence is used in almost every area of ​​life today, be it in banks, when you apply for a loan without having to speak to anyone, in call centers, in the advertising environment, where you get targeted advertising when browsing the Internet, in medical diagnostic tools , in certain computer security solutions and so on.

The use of AI is becoming more widespread and is helping many companies enormously with efficiency. We find so many everywhere that we sometimes forget their presence and the risks associated with their use.

This is a common brain phenomenon and partly why phishing attacks work. We’re so used to receiving hundreds of emails that we sometimes forget the risks involved in opening the attachments they contain.

What is artificial intelligence?

Artificial intelligence is a growing field worldwide. It enables the simulation of human intelligence using technology. For those who want to see an interesting example, I recommend checking out the chatbot by OpenAI. I was very impressed.

For example, an algorithm using AI could sort through the applications a company receives to fill a position. The advantage of using such an algorithm is that the amount of work involved in analyzing the applications is minimized, since only applications that contain all the required criteria are forwarded. So a tremendous amount of time has just been saved.

In addition, noisyGlobal AI IndexCanada compares countries based on their levels of investment, innovation, and implementation of artificial intelligence. Canada is currently ranked 4th.

As in Quebec, artificial intelligence is also growing. In fact, the “Portrait of the AI ​​in Greater Québec Cityreports nearly sixty companies currently offering an artificial intelligence solution.

Montreal is even considered “World Center for Artificial Intelligencebecause of its large concentration of organizations, experts, researchers and students in the field. That is precisely why large companies such as Google, Meta and Microsoft, which develop artificial intelligence, have settled there.

Obviously, the rapid development of technologies is accompanied by the emergence of new risks and that is why the federal government is currently addressing the question of artificial intelligence with the C-27 bill.

Federal Law C-27

Mid-June, Bill C-27, also called Act to implement the Digital Charter 2022, was introduced in the House of Commons and at the same time introduced in the first reading. The second reading of the bill began in November.

Bill C-27 seeks to reform federal privacy laws. The aim of this reform is to adapt the laws in force to technological developments. It is broken down into three new laws, of which the Artificial intelligence and data law which happens to be the first law in the country that will regulate AI.

In short, the aim is to regulate artificial intelligence systems used in trade and international and inter-provincial exchanges. It also requires that measures be taken to limit the risk of damage and skewed results that may be associated with the operation of the systems.

This point is important because although the use of artificial intelligence has many advantages, it can also create undesirable and harmful situations.

For example, imagine an algorithm that makes automated decisions, but those decisions automatically penalize certain people for unforeseen reasons, thereby causing discrimination. This can happen if the algorithm is poorly trained, and unfortunately it can take a long time to detect.

The same applies to data poisoning, a popular type of cyber attack. This attack consists of modifying the training data of an algorithm in such a way that it makes bad decisions.

This type of attack is often carried out against filters that detect malicious email. If the attacker manages to identify enough legitimate emails as malicious, the algorithm’s decision criteria will be skewed and the algorithm will give less value to the indicators that allowed it to identify an email as malicious.

By sabotaging the integrity of the training data, the attacker changes the behavior of the email classification algorithm and can hope that their malicious emails will be classified as legitimate.

An attacker might want to sabotage decision support algorithms to harm a competitor, a group of individuals, or even a nation.

Unfortunately, once data poisoning is discovered, it is often too late. In fact, identifying corrupted data is difficult. The rapid implementation of sufficient security measures enables the detection of anomalous behavior in the training data and significantly contributes to the prevention of this type of cyber attack.

Bill C-27 also provides that organizations may be directed to provide certain documents related to their artificial intelligence systems. In addition, organizations cannot use personal data obtained illegally in their artificial intelligence system if its use poses a risk of serious harm to individuals.

Innovation brings with it new cyber risks

Like it or not, artificial intelligence is likely to replace some of the workforce in the nearer future than we’d like. Labor shortages coupled with rising wages will only accelerate the adoption of replacement technologies like AI.

At the same time, companies here are still struggling to take basic cybersecurity measures. I still regularly meet business leaders who rank cybersecurity issues on the same level as simple technical issues like printer problems.

We’ve seen with Bill 25 and now with Bill C-27 that companies are catching up. Governments are also one step ahead. Is that good news?

Cybersecurity innovations are a key success factor for several reasons. First, cybersecurity threats are constantly evolving, which means organizations must be able to adapt and invent new approaches to protecting their systems and data. Second, consumers and customers increasingly value the security of their data and expect effective security measures from companies. Finally, cybersecurity innovations can also enable organizations to differentiate themselves from their competitors and position themselves as leaders in their field.

*This article was written in collaboration with Me Ariane Ohl-Berthiaume, Head of Legal Affairs at Mondata.