On 12 September 2019, the Committee of Ministers of the Council of Europe announced that an Ad hoc Committee on Artificial Intelligence (CAHAI) will be set up to consider the feasibility of a legal framework for the development, design and application of Artificial intelligence (AI). On the same day, the United Kingdom’s data protection supervisory authority, the Information Commissioner’s Office (ICO), released the latest in its series of blogs on developing its framework for auditing AI. The blog (here), published on 12 September 2019, focuses on privacy attacks on AI models. With interest in the development of an AI legal framework increasing, what does the ICO consider to be the data security risks associated with AI?
Continue Reading Artificial intelligence: ICO considers security risks and the need for a new legal framework

It can be a violation of the federal Computer Fraud and Abuse Act (“CFAA”) to “access[] a protected computer without authorization.” The CFAA clearly applies when criminals with no connection to a company try to force their way into information systems.  But in a recent decision a divided panel of the Ninth Circuit found the CFAA can apply even when someone uses a password willingly shared by an authorized user.

In this criminal case, the defendant, David Nosal, had left his employment at Korn/Ferry. Nosal was seeking confidential information on the Korn/Ferry computer system to use at a venture he had started to compete with his previous employer.  Nosal asked his former executive assistant to stay at Korn/Ferry so she could provide access to the systems, and other former employees he was working with borrowed her password to the system and used it to download trade secrets.
Continue Reading Ninth Circuit Rules that CFAA Imposes Criminal Penalties when Terminated Users Try To Access Systems With Borrowed Passwords