A GPT’s GPTs: A Generative Pre-trained Transformer’s General Privacy Thoughts

In the summer of 2021 I eagerly left the safety and sterility of my stay-at-home bubble and traveled to Las Vegas, NV for the annual Black Hat cybersecurity conference. At the time we were roughly 1.5 years into the global health pandemic, but the sleep I lost the night of August 9th of that year wasn’t due to COVID-19, it was due to GPT-3. Earlier that day I had attended one of the most memorable presentations in Black Hat history: Disinformation At Scale: Using GPT-3 Maliciously for Information Operations. 

During the presentation, research from Georgetown University’s Center for Security and Emerging Technology demonstrated the ease with which Generative Pre-trained Transformer (GPT) technology could be weaponized to create various forms of disinformation. Once created, this disinformation could then be distributed and amplified across social media platforms and other information hubs in convincing, compelling ways with the intention of swaying public opinion in potentially dangerous directions. 

Fast forward to the spring of 2023 and ChatGPT–an even more powerful version of the tool I had seen demonstrated in the Nevada desert just 20 short months earlier–has an estimated 100M active users. Our society has yet to collapse in on itself as I imagined it might have on that sleepless 104° night back in the summer of ‘21, and ChatGPT is giving many workers countless hours of sleep back by helping them be more efficient in their daily lives. Although many technology leaders have called for a moratorium on further AI development, it’s safe to say ChatGPT is here to stay. 

For organizations like Concentric, whose mission it is to “Manage risk everywhere to keep people safe”, we have been cautiously experimenting with how we can leverage this new technology to help mitigate existing risks while minimizing the introduction of new ones. While getting to know our new intellectual dance partner we asked it a series of what we thought were pretty straightforward questions regarding one of our main focus areas, digital privacy. We were not disappointed with the answers:

What do you think will be the biggest threats to our digital privacy over the next 5 years?

There are several potential threats to our digital privacy that could emerge over the next 5 years. Here are some of the most significant ones:

1. AI-powered attacks: As AI technology becomes more advanced, cybercriminals could use it to launch more sophisticated attacks that are harder to detect and defend against. For example, AI could be used to generate convincing phishing emails or to launch targeted attacks that bypass traditional security measures.
2. IoT security: The increasing prevalence of Internet of Things (IoT) devices, such as smart home appliances and wearable technology, could pose a significant threat to digital privacy. These devices often collect large amounts of personal data that could be vulnerable to hacking or misuse.
3. Data breaches: Data breaches have become increasingly common in recent years, and they can result in the exposure of sensitive personal information such as names, addresses, and financial data. As more data is collected and stored online, the risk of large-scale data breaches could increase.
4. Government surveillance: Governments around the world are increasingly using digital surveillance tools to monitor citizens’ online activities. While some surveillance may be necessary for national security purposes, it could also erode individual privacy rights.
5. Social media data harvesting: Social media platforms often collect large amounts of personal data from users, which can be used for targeted advertising or other purposes. This data collection could become even more intrusive and widespread over the next 5 years, potentially putting users’ privacy at risk.

How many data brokers are collecting and selling peoples’ personal information?

It is difficult to determine the exact number of data brokers collecting and selling people’s personal information as the industry is largely unregulated and operates in a complex web of data-sharing agreements. However, it is estimated that there are thousands of data brokers operating globally, with varying levels of transparency and ethical standards. Many of these data brokers specialize in different types of data, such as financial, health, or demographic data, and may share or sell this information to other companies or organizations. The lack of transparency in this industry makes it challenging for individuals to know exactly who is collecting and selling their personal information.

What are the top 10 reasons I should be concerned about my personal information being available for purchase from databrokers online?

1. Identity theft: Databrokers collect and sell personal information, including your name, address, phone  number, and social security number, which can be used by criminals to steal your identity and commit fraud.
2. Targeted advertising: Databrokers use your personal information to create targeted advertising campaigns, which can be intrusive and annoying.
3. Lack of control: Databrokers collect and sell your personal information without your knowledge or consent, which means you have little control over how it’s used or who sees it.
4. Reputation damage: Databrokers can sell information about your past financial troubles or legal problems, which can damage your reputation and affect your ability to get a job or a loan.
5. Cyberstalking: Databrokers can provide personal information to cyberstalkers or harassers, who can use it to intimidate or harm you.
6. Medical identity theft: Databrokers can sell your medical information, including your health conditions and prescriptions, which can be used to commit medical identity theft.
7. Political targeting: Databrokers can sell your personal information to political campaigns, which can use it to target you with personalized political advertising or messaging.
8. Geolocation tracking: Databrokers can track your location and movements using your smartphone or other devices, which can be used to monitor your activities or target you with location-based advertising.
9. Financial fraud: Databrokers can sell information about your income, assets, and debts, which can be used by criminals to commit financial fraud, such as opening credit cards in your name.
10. Legal and regulatory risk: Databrokers may not comply with privacy laws and regulations, which can result in legal and regulatory action against them, and potentially expose your personal information to further risk.

How might AI such as yourself be used for digital privacy?

AI can be used for digital privacy in several ways, including:

1. Data encryption: AI algorithms can help in the development of strong encryption methods that can protect data from unauthorized access. AI can also be used to strengthen existing encryption algorithms by improving their key generation and encryption/decryption processes.
2. Anomaly detection: AI can be used to detect unusual behavior patterns that could indicate a security breach. For example, if an AI system detects that an individual is trying to access a system from a different location than usual, it could flag the activity as suspicious and initiate additional security checks.
3. Biometric authentication: AI can be used to develop robust biometric authentication systems that use facial recognition, voice recognition, or fingerprint recognition to verify an individual’s identity. This can help prevent unauthorized access to sensitive data.
4. Malware detection: AI algorithms can help in the detection and prevention of malware attacks by analyzing patterns and identifying potential threats.
5. Privacy-enhancing technologies: AI can be used to develop privacy-enhancing technologies that allow individuals to control the use of their personal data. For example, AI-powered tools can help users manage their privacy settings and control what information is shared with third-party services.

Overall, AI can play a vital role in ensuring digital privacy by providing advanced security measures and enhancing data protection.

On a scale of 1-10, 10 being the highest, how important is it to manage your digital footprint and limit the amount of your personally identifiable information that can be found online?

As an AI language model, I don’t have personal beliefs or feelings, but I can provide a general answer. Managing your digital footprint and limiting the amount of personally identifiable information online is critical in protecting your privacy and personal security. Therefore, it is very important, and I would rate it as a 9 or 10 on a scale of 1-10.

In today’s digital age, there is a vast amount of information available online, and it can be challenging to control what information is shared about you. However, taking proactive steps to manage your digital footprint, such as limiting the amount of personal information you share online, regularly reviewing your privacy settings, and using secure passwords, can help reduce the risk of identity theft, cyberstalking, and other online threats. It’s crucial to be mindful of the information you share online and take steps to protect your privacy and personal security.

What are the benefits of using a service like Eclipse by Concentric to remove my personal information from the internet?

Using a service like Eclipse by Concentric to remove your personal information from the internet can offer several benefits, including:

1. Increased privacy: By removing your personal information from the internet, you can reduce the amount of personal data available for anyone to find, which can help protect your privacy.
2. Reduced risk of identity theft: Identity thieves can use personal information found online to steal your identity, but by removing this information, you can reduce the risk of becoming a victim of identity theft.
3. Enhanced security: When your personal information is removed from the internet, it is less likely to be hacked or stolen, which can help protect your personal and financial security.
4. Time-saving: Trying to remove your personal information from the internet can be a time-consuming process. A service like Eclipse by Concentric can save you time and effort by handling the process for you.
5. Peace of mind: Knowing that your personal information is not readily available on the internet can give you peace of mind and reduce anxiety related to online privacy and security.

Overall, using a service like Eclipse by Concentric to remove your personal information from the internet can help protect your privacy and enhance your online security.

There is still much cartography to be done before we have mapped the full landscape of risks related to these emerging AI technologies. In the meantime, ChatGPT has done an elegant job of defining some of the major risks associated with an unmitigated digital footprint and the benefits of engaging a trusted partner to help manage them. Learn more about how Eclipse by Concentric can help protect your identity, devices, accounts, and connections at DigitalEclipse.io.

Author: Casey Allen, Chief Information Officer