FTC Warns AI Companies About Changing Policies to Leverage User Data

The Federal Trade Commission is warning AI companies against secretly changing their security and privacy policies in hopes of leveraging the data they collect from customers to feed models they use to develop their products and services.
Surreptitiously amending terms of service without notifying customers is not unusual in the business world and AI companies' insatiable need for data makes them vulnerable to looking at the massive amounts of information they collect from consumers and businesses to fuel their innovation, the FTC's Office of Technology and The Division of Privacy and Identity Protection wrote in a column this week.
The agency equated these companies' need for huge amounts of new data to the decades-long need to find new oil deposits.
Changing the terms of service so they can use the data for their models might seem like a good answer to some of these organizations, but the FTC will crack down - and has in the past - on companies that do this without giving users the proper notice.
Concerns about the security and privacy of the data used to train large-language models and to use the rapidly expanding universe of tools like OpenAI's ChatGPT and Google's Gemini has been at the forefront over the past year as innovation of and the market around generative AI has exploded.
The worries have ranged from data leaking from AI models to threat groups using generative AI tools to improve their malicious activities.
Menlo Security in a report this week outlined how common it's become for people and companies using generative AI platforms to expose sensitive or proprietary corporate data.
Microsoft and OpenAI detailed how state-sponsored cybercriminal gangs are leveraging such tools in their attacks.
There are numerous examples of data of AI technology users being exposed.
An attack on OpenAI in March 2023 compromised the personal and payment information of 1.2% of ChatGPT Plus subscribers and cybersecurity firm Group-IB reported three months later it found as many as 100,000 compromised ChatGPT user accounts for sale on the dark web.
Wiz researchers in September reported that Microsoft's AI team accidentally exposed 38 terabytes of private data while publishing open source training data on GitHub.
The need to protect such data is critical and the FTC wants to ensure that AI companies understand what's expected of them.
Keeping an Eye on AI. This isn't the first time the agency has put AI companies on notice.
Last month, the FTC noted model-as-a-service companies - those who develop and host AI models that become available to third parties through an API or end-user interface - face the same pressures of continuously ingesting new data that dog all AI organizations and that they needed to abide by their terms of service and privacy policies.
The incentive to develop new or customer-specific models or to refine existing ones by ingesting more new data can conflict with companies' obligations to protect users' data.


This Cyber News was published on securityboulevard.com. Publication date: Thu, 15 Feb 2024 16:13:04 +0000


Cyber News related to FTC Warns AI Companies About Changing Policies to Leverage User Data

Data broker's "staggering" sale of sensitive info exposed in unsealed FTC filing - One of the world's largest mobile data brokers, Kochava, has lost its battle to stop the Federal Trade Commission from revealing what the FTC has alleged is a disturbing, widespread pattern of unfair use and sale of sensitive data without consent ...
1 year ago Arstechnica.com
FTC Warns AI Companies About Changing Policies to Leverage User Data - The Federal Trade Commission is warning AI companies against secretly changing their security and privacy policies in hopes of leveraging the data they collect from customers to feed models they use to develop their products and services. ...
10 months ago Securityboulevard.com
FTC Bans Online Mental Health Firm From Sharing Certain Data - The Federal Trade Commission has proposed restricting a mental telehealth service firm from sharing consumer data and requiring it to pay a $7 million penalty to settle allegations that the firm used online tracking tools to unlawfully disclose ...
8 months ago Bankinfosecurity.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Hip Hip Hooray For Hipster Antitrust - The wheels of justice grind slowly, so many of the actions the FTC has brought are still pending. In tandem with the Department of Justice, it is suing over fake apartment listings, blocking noncompete clauses, targeting fake online reviews, and ...
10 months ago Eff.org
FTC Bars X-Mode from Selling Sensitive Location Data - Phone app location data brokers are a growing menace to our privacy and safety. Now the app tracks your every move and sends it to a broker, which then sells your location data to the highest bidder, from advertisers to police. The FTC's complaint ...
11 months ago Eff.org
Create Highly Secure Applications in Mule 4 - Accessibility Control/Access Management Use Anypoint Access Management to create your Anypoint Platform account or configure a federated External Identity. Environment Management Anypoint Platform enables you to create and manage separate deployment ...
10 months ago Feeds.dzone.com
FTC fires 'shot across the bow' at automakers over connected-car data privacy - The Federal Trade Commission warned auto manufacturers on Tuesday that it is closely watching their data collection and sales activities, citing several recent enforcement actions which it suggested could apply to the industry's practice of sharing ...
7 months ago Therecord.media
How MailChimp's Security Breach Caused By Social Engineering Proves That Every Company Should Be Precise with Their Security Policies - A recent security breach at the popular email marketing service MailChimp suggests that the company has fallen victim to a social engineering attack. With the latest incident, there’s an important lesson for all companies—no matter how robust ...
1 year ago Grahamcluley.com
FTC bans Rite Aid from using facial recognition surveillance for five years - Pharmacy chain Rite Aid is getting a timeout from AI facial recognition surveillance tech thanks to federal regulators. The U.S. Federal Trade Commission today announced a settlement with Rite Aid stating the chain recklessly deployed AI biometric ...
1 year ago Venturebeat.com
FTC investigation shuts down suspected antivirus scam The Register - A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC. Restoro and Reimage - both headquartered in Cyprus and, based on the ...
9 months ago Go.theregister.com
FTC wins first settlement banning sale of location data The Register - Infosec in brief The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data. In its complaint, the FTC accused X-Mode, which sold its assets to ...
11 months ago Go.theregister.com
Blackbaud Enhances Security Measures Following FTC Settlement - Blackbaud, a major player in U.S. donor data management, recently settled with the Federal Trade Commission after facing scrutiny for a ransomware attack in May 2020. This attack led to a substantial data breach affecting millions of individuals. The ...
10 months ago Cysecurity.news
Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach - The cloud software company, Blackbaud, has come under fire from authorities for its major cybersecurity failings, stemming from a devastating ransomware attack in 2020. The attack exposed data from numerous educational institutions and non-profits ...
10 months ago Cysecurity.news
Avast settles claims of customer data peddling for $17M The Register - Avast has agreed to cough up $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties. The US regulator filed [PDF] a lengthy complaint against Avast regarding its use and alleged misuse of customer ...
9 months ago Go.theregister.com
Americans lost record $10 billion to fraud in 2023, FTC warns - The U.S. Federal Trade Commission says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. To put this into context, Chainalysis says ransomware gangs also had a record year, ...
10 months ago Bleepingcomputer.com
How the FTC Can Make the Internet Safe for Chatbots - No points for guessing the subject of the first question the Wall Street Journal asked FTC Chair Lina Khan: of course it was about AI. Between the hype, the lawmaking, the saber-rattling, the trillion-dollar market caps, and the predictions of ...
5 months ago Eff.org
BetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC Says - Many current and former BetterHelp customers have begun receiving refund eligibility notices spanning from a $7.8 million settlement reached with the online therapy provider last year over allegations that it shared sensitive health data with ...
7 months ago Securityweek.com
Protect Your Data: Why Data Is More Valuable Than You Realize - Data is more valuable than you realize, and protecting it should always be a top priority. Data privacy has never been more important, and organizations need to understand the risks of data exposure and implement measures to protect against data ...
1 year ago Welivesecurity.com
FTC soliciting contest submissions to help tackle voice cloning technology - The Federal Trade Commission is now accepting submissions for a contest designed to spur development of products and policies to protect consumers from the malicious use of voice cloning technology, which has been fueled by the advance of ...
11 months ago Therecord.media
FTC issues ban on location data and bars information brokers from duties - Following an investigation into the unauthorized use and sale of geolocation data by two companies, the Federal Trade Commission in the United States has officially banned the collection and exploitation of such data by companies moving forward. In ...
10 months ago Cybersecurity-insiders.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
1 year ago Securityweek.com
FTC bans data broker from selling Americans' location data - Today, the U.S. Federal Trade Commission banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. Under the order released today, the first time data brokers were barred ...
11 months ago Bleepingcomputer.com
FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
10 months ago Bleepingcomputer.com
Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)