US Federal Trade Commission Investigating OpenAI
The US Federal Trade Commission (FTC) has opened an investigation into OpenAI’s ChatGPT. According to the civil investigative demand sent to OpenAI, the FTC is seeking information about personal data: what information it collects, its data retention practices, and methods for individuals to opt out of having their data collected or request that their data be deleted; how personal information is kept out of training data; policies and procedures regarding potentially false or misleading AI-generated statements about people; and information about OpenAI’s data security practices and security incidents.
The FTC is not alone in looking at AI privacy and security issues. In 2008, financial markets globally melted down in large part because computer models that created financial derivative packages were labelled as “low risk” but it turned out that many should have been labelled “no one can tell what this model is really doing but these could be low risk, we hope they are.” The SEC put regulations in place that such models must have defined governance and transparency policies and had to be audited. More recently, the SEC is looking at claims in financial filings by companies that claim their product uses AI in some unique way (such as in many cybersecurity products), or by companies that identify a risk and point to their use of AI-based products as mitigation. Ask any vendor of products or tools making claims of using AI to demonstrate results of audits/inspection of claimed use of AI/ML.
While LLM/Generative AI (GenAI) is incredibly powerful, and something we're all keeping an eye on, we also need to fully understand what it does with data we feed it as well as how it is continuing to train and build its model. You should already be developing guidance for users regarding entering proprietary or sensitive data into GenAI systems, make decisions on what data is in a session versus retained based on provider documentation, not hearsay or speculation. As GenAI is showing up in more places, rapidly, get ahead of it by starting to investigate how it changes the results you get, much like we have done in the past.
An interesting line of inquiry by the FTC. Sure, I can see questions concerning copyright and authorized licensing, but an inquiry on personal data using the Consumer Protection Act? Perhaps if this country had a federal privacy law as opposed to the current patchwork of state privacy laws the line of investigation would be welcomed.
ChatGPT is being singled out because it’s the one people know at the tip of their tongue. So many of these platforms are currently in use, and I think we will need to see some regulation around this. Just in the “AI Art” space itself, this is tricky: when is it original content, when is it slightly modified, and how does this impact copyright? There is a lawsuit around software licensing in GPL and other licensing models with code in GitHub, which GitHub CoPilot uses to provide suggestions. That lawsuit may also have implications here—something to watch. Now, I need to take this comment, run it through ChatGPT, and ensure it will be spicy and catchy. Maybe we can create one just for this. SpicyGPT, but don’t Google that because it may be unsafe for work.
Read more in
JD Supra: OpenAI – FTC Opens an Investigation
Washington Post: FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy