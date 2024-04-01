Microsoft has gone all-in on AI, but Congress hasn’t. Though the tech giant’s actions suggest a deep conviction that AI is the future of computing, to the point of suggesting that future PCs need an actual AI key on the keyboard, the United States House of Representatives is setting a “strict ban” on House staff using Microsoft’s Copilot AI system, according to Axios.

The House’s Chief Administrative Officer Catherine Szpindor has said Microsoft’s Copliot is not authorized for House use at all, furthering moves made last June when the House limited how staff could use ChatGPT by only allowing some uses of the paid subscription version. Copilot is in fact a “a risk to users due to the threat of leaking House data to non-House approved cloud services,” according to a statement seen by Axios. Furthermore, Copilot is actually supposed to be removed from all Windows devices.

AI systems like the ones buzzily grabbing tech news headlines, including the Copilot systems Szpindor has banned, typically run in the cloud because they rely on vast servers to process all the complex math that makes the AI algorithms work. That means that when you use them, your prompts get whisked off over the internet to an AI system running on hundreds of computers in a warehouse somewhere, then the responses are sent back. From a cybersecurity point of view, if your prompt to an AI chatbot contains information like “here are X months of our finances, can you analyze them and predict our next quarter?” or “here’s a photo of our super-secret rebrand, can you design us a new logo in the same style?” that’s immediately an intellectual property data leak risk.

Szpindor’s main concern is the same that some companies, like Samsung, have encountered with current-generation AI systems–think Microsoft’s Copilot, OpenAI’s ChatGPT (whose technology forms the core of Copilot,) or other systems like Claude from Anthropic. Specifically, because AIs sometimes use the data users upload to them to further train the AI’s algorithms, then there’s a risk that such data could be discovered by a different user, if they’re clever enough to ask the right questions at some point in the future: this is another form of AI data leak. Data leaking from a company like Samsung could be financially disastrous, of course, but data leaking in the same way via an AI from a legal entity like Congress could impact issues at a national security level.

Szpindor’s edict will remind anyone who has ever done business with a security-conscious government office that those public sector cybersecurity and physical security measures tend to be old-fashioned. Remember, back in 2016 then-President Obama was finally allowed to update his official device from a BlackBerry to a smartphone, but still found it frustrating: “I get the thing, and they’re all like, ‘Well, Mr. President, for security reasons … it doesn’t take pictures, you can’t text, the phone doesn’t work, … you can’t play your music on it,'” he noted in an appearance on The Tonight Show. For reasons like this, Microsoft has said that it’s working on a version of its AI tools that “meet federal government security and compliance requirements” and it’ll be delivered later this year.