What to do about AI? It’s a question on the minds of governments, private sector stakeholders, and consumers as machine intelligence continues to play an outsize role in the tech sector.

For tech consultant Katie O’Neill, author of What Matters Next: A Leader’s Guide to Making Human-Friendly Tech Decisions in a World That’s Moving Too Fast, the answer is found in regulation. It’s not a popular perspective for the business of tech, but as she told IT Brew, that doesn’t mean there’s no place for it. Just because guardrails can be onerous, doesn’t mean they’re going to stifle innovation.

“There’s a difference between acceleration as we experience it, driven by Silicon Valley and frontier models within AI…versus what I call ethical acceleration, which is going as fast as you can within the bounds of what is known to be safe and what you know is not going to exceed your understanding of consequences,” O’Neill said. “And that [is what] I don’t think we’re doing very well at present.”

Timing is everything. Indeed, regulatory decisions on the part of the EU have drawn harsh criticism from US tech firms like Meta and Google. The AI Act, a bill passed in 2021 by the EU’s legislative body the European Commission, came a year prior to ChatGPT’s debut. Dorothy Chou, Google DeepMind’s head of public policy, told CNBC that governments are “regulating on a time scale that doesn’t match the technology.”

Read the rest here.—EH

The federal government is not pushing to recover hardware that some members of USAID staff received before the agency was effectively closed in February, a perplexing decision that raises concerns about security.

Two USAID staffers currently on paid administrative leave, speaking with IT Brew on the condition of anonymity, said that their devices are still at their houses. The administration has not given clear instructions on how to return the hardware, they told IT Brew, leaving them in limbo. Complicating things is the ongoing legal wrangling over the constitutionality of the administration’s shuttering of the agency in the first place.

Without clarity, the devices remain in the sources’ homes. However, one source told IT Brew that they were told in a meeting their government-issued devices should be treated as “hot mics,” though they emphasized that it was unclear where this information came from originally.

Leaving it. As The Verge reported on Mar. 19, USAID staffers dismissed from their positions are also finding it hard to understand how they are supposed to return their hardware. Because of the sensitivity of their work and the delay in getting information, managing security on those devices is their responsibility—hardly an easy position to be put in, as Megan Stifel, Institute for Security and Technology chief strategy officer and Ransomware Task Force executive director, told The Verge.

“Unfortunately, these folks have been put [in an] unprecedented situation where they may or may not have access to the security support of the government, but yet they’re still responsible for maintaining the security of these devices wherever they’re going,” Stifel said. “So, it’s really like a catch-22.”

Read more here.—EH

When disaster strikes, it’s not just what you say, but how you say it.

That was the key message from Joe Sullivan, former CSO at Uber, Cloudflare, and Facebook, and Renee Guttmann, former CISO at Royal Caribbean Cruises, Campbell Soup Company, and the Coca-Cola Company, who detailed what a proactive incident response strategy should look like during a virtual webinar hosted on March 18 by intelligent incident response platform BreachRx.

While organizations have traditionally spent their efforts and resources on incident prevention, Sullivan argued that it’s equally important to spend time thinking about how they would combat a crisis. The ex-CSO was previously convicted for helping to cover up a 2016 data breach and was later sentenced to three years’ probation in 2023.

“By default, we spend all of our money, time, and hiring resources on prevention,” Sullivan, now the founder and CEO of a boutique technology risk-management consulting firm, said. “But at the end of the day, how we are judged as an organization is often how we handle [a] crisis.”

Teamwork makes the dream work. Security incidents are no longer a rarity for today’s organizations. When an incident arises, Sullivan said security leaders should “step back” and make sure teams in a company are coming together as needed to properly respond to the crisis. That includes everything from making decisions on when it is best to loop in the communications and legal team, to making sure employees are fed and well-rested.

“I think of our role as like a conductor of an orchestra,” Sullivan said. “If you’ve planned it out and staffed it right and trained people right, then you really shouldn’t be making the music.”

Keep reading here.—BM