I was recently in Washington at the invitation of IBM’s security division. Every year, this IT giant brings together expert collaborators from all over the world to take stock of IT developments.
I had the chance to visit the IBM X-Force Cyber Range, an immersive simulation center that lets you experience highly realistic cybersecurity breach scenarios. This new capability enables experts in the field to respond more effectively to data breach incidents, which are multiplying at an alarming rate and causing ever greater losses in both public and private organizations around the world.
We were in the very heart of Washington, right next to the Capitol, so discussions quickly turned to the threats posed by AI in relation to disinformation, as half of the world’s democracies will be going through elections in 2024. These threats are so real that, at the beginning of the year, the head of European diplomacy, Josep Borell, described disinformation as one of the most significant threats that democracies must now face, due in particular to the lightning progress of artificial intelligence.
Mr. Borell’s concerns are echoed in Canada and Quebec. In early February, Montreal professor Yoshua Bengio – recognized as one of the world’s leading authorities on artificial intelligence – called on Canada’s elected representatives to adopt without delay the regulatory safeguards essential to prevent AI from being used by malicious actors. According to him, elected officials must understand that they are now engaged in a race against time due to the speed at which AI is developing… and potentially harmful applications.
At the end of the workshops I attended in Washington, D.C., there was a sense of uneasiness about the imminence of major data breach attempts and the emergence of major misinformation campaigns. The calm before the storm, as it were. Hackers also know how to misuse AI to the detriment of the common good. Taylor Swift’s and President Joe Biden’s recent misadventures with deep fakes are perfect examples.
Given the acceleration in the development of AI-based applications, the impact of which we are only just beginning to measure in some cases, I, like a majority of my colleagues present in Washington, greatly fear that possible abuses designed to distort the results of popular votes will occur during the many elections to be held in 2024. Indeed, a series of deep fakes cleverly deployed on the eve of a vote could well influence voters’ choices. Voters have neither the time nor the means to verify the veracity of certain content disseminated on social networks or relayed by media outlets in complete ignorance of the facts.
My trip to Washington put me firmly in the center of the rising tide, enabling me to see clearly for the first time the extent of the gulf that separates Canada from America – and from Europe – when it comes to mastering the issues surrounding AI. We have no choice but to act swiftly and vigorously to develop a framework for AI and data security that will finally define what is acceptable. We need to ensure, as far as possible, the integrity of the democratic, social, industrial and commercial processes that govern our society. This is all the more imperative given the upcoming federal, municipal, and Quebec elections between now and 2026.
I sincerely believe we have no choice but to treat cybersecurity as an ongoing evolutionary process that is integral to every development project, to avoid obsolescence. We must never lose sight of the fact that, between the time the criteria for a cybersecurity call for tenders are set and the implementation of the chosen IT solution, the reality will never be the same, due to the relentless and rapid progress of AI. Paradoxical as it may seem, we need to guard against the dangers of AI, while at the same time taking advantage of the benefits it can bring, if we are to remain relevant in all spheres of our economic and social activity. The best way to do this is to immediately establish an ongoing dialogue between cybersecurity and digital industry experts, public office holders, and other cybersecurity stakeholders to define and accelerate the adoption of best practices.