Il topic of platform regulation is undoubtedly topical and the recent decision of the Authority for the protection of personal data has also demonstrated it suspend ChatGPT activity in Italy, a decision that has raised numerous controversies but which must also be evaluated in the light of the gigantic security problems posed by the integration of the platform in numerous applications.
Alarm for the evolution of generative artificial intelligence
THEalarm more authoritative was given a few days ago by Jen easterly, director of CISA, the American Cybersecurity and infrastructure Security Agency, in a speech at the Atlantic Council. Easterly defined i generative AI tools the biggest security problem that we will have to face in this century. The reason lies in the ease with which ChatGPT jailbreaking is accomplished, i.e. the ability to enter third-party codes by overcoming the platform's restrictions. THE risks they are linked to the possibility of inserting malicious code and spreading it massively; the use of sensitive company data to feed the platforms; the ability to generate extremely realistic and customized phishing campaigns for the spread of ransomware. Precisely because of these risks some companies like JPMorgan have the use of ChatGPT is prohibited.
Commenting on the risks involved in the use of generative artificial intelligence platforms and the need for a regulatory system that controls their circulation and use, Easterly referred to the problems posed by the spread of social media that took place without rules and with Zuckerberg's stated goal of “move fast and break things” and which is now destroying the mental health of our children.
La thrust of all the large groups to incorporate a generative artificial intelligence application into their platforms as quickly as possible, without any problems about the methods of use and safety and branding any call for caution as retrograde is inspired by one anti-innovation mentality it looks a lot like what happened between the end of the eighties and the beginning of the nineties when a series of entrepreneurs began to use the internet infrastructure without authorization for commercial purposes. There National Science Foundation which had developed the internet backbone to connect the computer centers of Universities and government agencies and which had restricted its use to certified users only, was forced, due to the political pressure exerted by the new companies, to open the infrastructure for commercial use in 1992.
Internet and the first concerns about its regulation
However, the internet infrastructure had not been built for those purposes and an essential requirement was missing in the project specifications, namely an intrinsic security system. Since the aim was to guarantee infrastructure resilience, access points had to be clearly identifiable and protected. With the opening for commercial purposes, the access points multiplied without controls, exponentially increasing the vulnerability. For this reason, a gigantic Cybersecurity industry has developed which is growing faster than the growth of the internet itself.
THEinternet-related industry managed in the first half of the nineties to exert a strong political pressure on Congress and the American administration creating the conditions for a radical reform of the communications system which resulted in the approval of the Telecommunications Act of 1996 and subsequent legislative interventions. The most significant aspect was the guarantee of civil and criminal immunity to the platforms preventing them from being assimilated to publishers. The industry enjoyed political and public sympathy proportional to its antipathy towards the telecommunications companies, giants that had dominated the market for a hundred years, with little willingness to innovate and serve customers.
La international spread of the internet was very rapid despite some initial hesitations. There was concern that the American services were using the infrastructure for their intelligence activities (lo Echelon scandal had already emerged in New Zealand in 1996) and it was thought that in the end everything would be brought back within the ITU (International Telecommunication Union) according to the scheme that had always characterized the world of telecommunications. L'goal of the United States however, it was that of spreading technology on a planetary scale while maintaining firm control of the infrastructure. For this reason, the American administration exerted very strong diplomatic pressure. Ira Magaziner, Clinton's right-hand man for the most complicated questions, convinced Europe to accept the American theses without discussion. Thus it was that later the was approved Safe harbor which allowed American companies to operate in Europe under the same conditions with which they worked in the United States.
Only China regulated the Internet from the beginning
Only Chinese they worried about from the beginning regulate the internet. Talking with Xiahong, the public relations manager of an internet-related startup, i two journalists from “Wired” Jeremie Barme e Sang Ye reported in extremely incisive terms the problems that would then become visible also in the West many years later: “A network that allows each individual to do what he wants with all that confused chatter good and bad, right and wrong, all mixed together, a hegemonic network that harms the rights of others. There is no doubt that Internet whether a colony: a information colony. From the moment you go online you are confronted with British hegemony. This isn't about making the internet more convenient for non-English speakers. Our ideal is to create an exclusively Chinese network”.
After at least 16 legislative and regulatory interventions, in 2000 the IX National People's Congress approved the decisions to ensure the internet security: an act with which an organic framework was defined to guide the development of the new infrastructure. I don't want to discuss the goals of the Chinese government at the time, but the awareness that Chinese had the phenomenon.
In Europe instead there was one substantial compliance against the requests of the American administration, with a minimum of depth and discussion only for the implications of the Echelon scandal. There was a report that was presented to the European Parliament and ended with an embarrassed debate in September 1998, during which, while admitting the legitimacy of mass control tools to prevent crime and terrorism, it underlined the need for greater democratic control over tools.
The EU parliament, however, was at the end of its term, and would not have had time to launch an initiative in this regard. After the European elections, the discussion on Echelon was resumed by the new parliament in early 2000 in the context of work on the protection of privacy, and this time it gave rise to a temporary commission of inquiry with the aim of ascertaining the existence and functionality of Echelon and to verify the initiatives to be adopted to protect European citizens and businesses.
The Max Schrems case
In the inertia of parliament, the decisive initiative was surprisingly taken by a young Austrian law student, Max Schrems: putting the role of electronic platforms back at the center of the discussion. Later at Snowden revelations, Schrems filed a complaint against Facebook Ireland with the Irish Data Protection Commissioner.
La complaint was inspired by the Safe Harbor treaty that the United States had signed with the European Union in 2000, and was aimed at to prevent that data collected by Facebook Ireland Ltd were transferred to Facebook Inc. in the United Statesthe. The Irish commissioner initially dismissed the case as frivolous and unfounded, but Schrems did not give up. Through several degrees of judgment and with the growing support of civil society organizations, it managed to reach the European Court of Justice, which, with a historic sentence of October 2015, invalidated the Safe Harbor treaty that the Union so painfully European had elaborated.
The European Union found itself forced to renegotiate the treaty with the United States on other bases, and within a few months it drew up a new agreement that entered into force in mid-2016. However, they had not taken into account the Schrems determination, which in the meantime had founded an organization called noyb, (acronym for none of your business), to defend one's reasons. With the support of the organization, Schrems raised aanother lawsuit against Facebook, landed again at the Court of Justice: in the sentence issued on 16 July 2020, the Court established that the European legislation hastily implemented after the cancellation of the Safe Harbor does not meet the proportionality requirements required by Union law because the surveillance based on US domestic law are not limited to what is strictly necessary.
In the meantime, the European Commission he made up for lost ground by launching numerous acts for regulate internet use, but the effectiveness of these interventions risks being limited in the absence of regulatory intervention by the US Congress. The American legislator, who has recently promoted a series of hearings and fact-finding investigations on the activities of the platforms, is aware of the problems but is also having difficulty in intervening due to the very strong opposition to a legislative intervention that regulates their activity. The main argument is that regulation holds back innovation.
The comparison between Ietf and ISO
In reality, the success of the internet does not arise from the absence of regulation but from the working method that had adopted the Internet Engineering Task Force (ietf). A working method light years away from that of the traditional telecommunications industry. David Clark, one of the pioneers of the web, in the early XNUMXs, at the height of the battle over network standards which pitted the internet community against ISO (the International Organization for Standardization) expressed it this way: "We refuse the kings, the presidents and the vote. Instead, we believe in an approximate consensus and in the work of coding”. In the IETF there are no permanent members but only participants, and there is not even a voting mechanism: the consensus building system is based on the functionality of the technical solutions.
On the other hand, precisely because of its bureaucratic characteristics, the protocol development process within the ISO was very slow and the formation of consensus more difficult, while the working method of the Internet engineering community was much faster and more effective and was based on the tacit acceptance of the principle that anyone could participate in the development, making their ideas available: in the end, the solution that worked best was adopted. Mike Padlipsky, an early member of the working group that developed the ARPANET network protocols, he summed up effectively the diversity of the two approaches qualifying that of internet community as a descriptive method and that ofISO as a prescriptive method. Maliciously adding that "while the descriptive approach taken by the internet community is suited to technology, the prescriptive model used by standards bodies such as the ISO is better suited to theology." In reality, the fundamental element that differentiated the two approaches was that the Internet was satisfied with a "best effort" model, ie without guarantees of performance, while Iso and Itu pursued a model with guaranteed quality, as requested by the telecommunications companies. Between the two models the difference is more theoretical than real, because with the growth of technology performance the quality improves to the point of making the two models indistinguishable, but in the first case the improvement is obtained with significantly lower costs.
