During the Tallinn Digital Summit 2018, I participated in a breakout session on Safty and Security in the age of artificial intelligencealong with four ministers and three other specialists in the area. Below is what I highlighted:
I have recently worked on a number of implementations of cyber security laws in organisations. I would like to briefly explain the need for a legal foundation that enforce safe development of AI systems and, above all, the need for it to be in line with previous cyber security legislation and methods.
Within corporations and other organisations, current risk management regarding IT systems is primarily based on two different points of view. The first is the risks regarding the organisation itself which needs to be managed in order to securely continue with operations. The second is the individual perspective which is regulated by privacy laws, like for example the Data Protection Act. Here, the risks and potential repercussions of mismanagement of personal data are analysed. Within organisations that handle a large amount of sensitive personal information and within government bodies, current legislation requires an independent Data Protection Officer who ensures compliance with existing legal requirements.
From a societal point of view, we have a different legislation which focuses on activities of importance to Europe for example. An example of this is the NIS-Directive which aims to ensure the reliability and security of network and information services which are essential to everyday activities.
The problem is that currently we lack a comprehensive legal framework to protect society – and the rest of the world – against organisations which are irresponsible in their development of artificial intelligence. Furthermore, there are no acknowledged standards, methods or indeed precedents within the area. As a result, as long as the integrity of the management of personal data is maintained, there are currently no restrictions, other than ethical, on any irresponsible development of artificial intelligence.
To manage the gap between regulation and the capability of the new systems, it will be essential to introduce processes within the organisations which focus on the management of risks associated with artificial intelligence. However, there is no need to reinvent the wheel. Current cyber security methods and guidelines can be complemented by our current knowledge of research within artificial intelligence. Notably, potential risks are far more wide-ranging than cybersecurity and have a large impact on fairness, ethics, transparency and accountability.
To manage these risks, I have four suggestions:
The first is to define the fundamental principles that should guide the development of artificial systems from a security, fairness, ethics, transparency and accountability point of view.
The second is to legislate against the irresponsible development of artificial intelligence. This legislation can be similar to the Data Protection Act, but with a focus on the protection of society as opposed to the protection of the individual.
The third is to define a model for the safe development of artificial systems which the legislation can refer to. Such a model could be used to determine whether right tests have been performed and to ensure that correct principles for system architecture and design have been adhered to. I really want to emphasize that such a model should not deviate from but rather complement existing models and processes for secure development like for example Microsoft’s Security Development Lifecycle or Privacy by Design. Any large deviation from existing frameworks may not only jeopardise the ability of the organisations to implement them but may also be prohibitively expensive.
The fourth is that developers of artificial intelligence systems need to have a process for independent verification. An example could be an independent representative who verifies that the organisation complies with the legislation, an AI Protection Officer with a similar position as the current Data Protection Officer.
Finally, I want to re-emphasise that all legislation within the area must mirror existing legislation and methods for secure development. Otherwise we will not get the results we are aiming for.
The breakout session Safety and security in the age of artificall intelligence had the following participators:
The seven keys, the new bestseller from Åsa Schwarz, is about to become an international TV- series if everything goes in accordance with the plans of Yellow Bird. This well-known production company, which has earlier produced mega successes such as the Millennium Series based on the books of Stieg Larsson, has now secured the rights on the title and is currently starting up the project.
– It is almost too good to be true, says the thrilled author.
The seven keys, published this August in both Sweden and Denmark by publisher House of Independents, has quickly become a success in both countries. Åsa Schwarz is hoping that more countries will follow and a TV-series would be a truly grand development. Her thriller has received a great deal of attention, not only due to a captivating mystery, but also because of the thrilling reality behind the story.
The story starts out in Stockholm where Rebecka, one of seven IT-professionals in the world who holds a key to the Internet, wakes up with a gun to her head, threatened by someone who wants her key. Her children sleeping in the room next door. When the key-holders are, one after another, victims of an attack Rebecka understands she has to go underground to solve the mystery.
– It’s an incredibly fascinating and unexplored setting. That the keys exist in reality as a means to secure the internet traffic, makes it even more exciting. Almost everything depends on the internet functioning, but we are grossly unprepared if something goes wrong, says Marianne Gray, the producer for the project planned to be a TV-series with eight or ten episodes.
Yellow Bird is a Swedish production company focused on the broad international market as shown by the earlier adaptation of The Headhunters by Jo Nesbø and the Millennium Series by Stieg Larsson.
– This series absolutely has international potential, and is not entirely in Swedish. Today we find that content must not necessarily be in English to be of interest to international buyers. ”Local- language” is popular now internationally, says Emelie Franc, associate producer.
-The internet is a global phenomenon so a story like this will naturally raise international interest, adds Emelie Franc.
The author herself can see that the story has potential to work well in a visual format.
– It’s a fast-paced thriller, very much like an action film. I didn’t write the book with an adaptation in mind, but I could visualize every scene very clearly when I wrote it, says Åsa Schwarz. In 2017, Åsa was selected the Security Profile of the year in Sweden.
House of Independents through its literary agency Hoi Agency negotiated the rights. Hoi Agency represents a number of authors connected to the publishing house with regard to foreign book rights as well as associated rights such as film and television.
Lars Rambe, Managing Director of House of Independents, is pleased and proud over the agreement with Yellow Bird which was put into place very quickly.
– Sales of literary and other associated rights are a natural part of our business today. With our broad catalogue of titles there are many good stories to work with and present. A collaboration with a well renowned production company such as Yellow Bird shows that we are on the right track. Furthermore, The seven keys is the perfect book to start with. It doesn’t get much more exciting than this, says Lars Rambe.
With the agreement in place, the producers are excited to get going.
– We are naturally just at the starting point as we recently have acquired these rights. The next step is to find a script writer. We are really keen to get this project started, says Marianne Gray.
Contact Yellow Bird:
+46 70 871 79 24
+46 73 897 72 88
During the last few days there have been a number of blog reviews of The Seven Keys. This makes me happy every time around. Here is a selection:
”Finally catching one’s breath after the story’s breakneck speed, one is struck by the author’s afterword, which really had me thinking in light of the numerous IT scandals of late. Maybe time for politicans and the general public to wake up!”
”5 points out of 5.
I warmly recommend this book. A really frightening, fast-paced thriller, full of believable characters. No dull stretches; the plot develops page by page. This is an incredibly exciting, top-notch, rather different thriller, and with a plot that may turn out to be for real. Read it!”
”This book is thrillingly exciting and offers some interesting insights into our everyday IT security. Can anything be hacked? Our cars, our lawn mowers, our pacemakers? Not to mention our mobiles, our iPads, and our laptops? Is there any integrity at all on the Internet?”
”This is an easy-to-read, well-written, exciting thriller. The short chapters contribute to the fast pacing. Totally in my taste.”
”In light of all the recent IT scandals, The Seven Keys is both topical and thought-provoking. It is far more than just ‘entertainment’! Also, I believe that the thoughts put forth by the author in her afterword are very sensible. We should indeed think a lot more about digital security and be a lot more source critical as pertains to what we read, and share, on the Internet!”
— Fru E:s böcker
”Then there is this thing for which I love the author and the book a bit extra. On two occasions (to which I reacted) the author openly questions the norm of gender roles. To turn the norm around and write ‘male police officer’ instead of ‘police woman’, which is the common way of distinguishing between police officers of different sexes, and to pen in the prejudice that dads out and about with their babies are homosexual nannies, not just dads (since they are supposed to be the bread-winners), is simply fantastic.
This is definitely a winner from the first page to the last.”
— Annas fotnoter
”The main strength of The Seven Keys is how very realistic the novel is. There actually are seven persons around the world who’ve got a key each to the Internet (and one of them is a Swedish woman), and if a nation or a terrorist organisation would get hold of those keys and take over the Internet, the consequences would be disastrous. Our society is dependent on the Internet for food supplies, logistics, healthcare, information, and communication. It is a breathtaking thought that the most important functions of society are so dependent on the Internet that if it would malfunction for any major period of time, we would face very serious problems.”
Review in a Swedish magazine about popular fiction, DAST:
A REAL PAGE-TURNER
Rebecka Reté is an IT security consultant, just like Åsa Schwarz herself, and as she is awakened by a gun to her head in the middle of the night in her flat in Stockholm, a couple of masked men try to force her to hand over a key for which she must be prepared to sacrifice her life. The key is in her safe and together with six other keys around the world it gives one access to the root – the very foundation – of the Internet. Rebecka is one of seven key holders and to get into the root zone and change or activate various Internet functions, one has to have at least five of the keys.
The intrusion into Rebecka’s home sets off a chain of events which quickly develops and forces her to make use of her IT and hacker know-how in order to protect herself and her family, while at the same time, together with others, trying to find out who is out to ge the seven keys and why. In an afterword, Åsa lists ten points exposing our and our societies’ vulnerability. ”Ten points,” she states, ”which, if they were implemented, I am convinced would make our country safer, more secure, and more robust.”
Besides being an IT security consultant, Åsa Schwarz is a seasoned author. She has written a fast-paced thriller where no one is what they appear to be and where you can trust no one. The novel is, in spite of its subject, an exciting page-turner!
Read it – and do not skip the afterword!
— Ulf Broberg
The Seven Keys was reviewed in daily newspaper Hallandsposten:
INTERNET UNDER ATTACK IN THRILLER
Author Åsa Schwarz has a B. A. in computer and systems sciences and works as an IT security consultant. Thus, when she writes a thriller about hackers, we may rest assured that she knows what she is writing about.
The Seven Keys is a frightening, very fast-paced thriller. It centres around a world-wide attack targeting the seven people who hold the keys to the Internet. Once a quarter these seven persons meet in Washington to uppdate the system making traffic on the Internet possible. This is of vital importance for the Internet – and thus modern society – to function.
One of the key holders is Swedish Rebecka. She succeeds in escaping her attackers and go into hiding. Eventually she gets in touch with two other key holders who have also managed to stay alive. Now the hunt for the cyber terrorist begins. The clues are pointing every which way – to Chinese intelligence services, to neo-Nazi organisations, and to the NSA. Who is friend and who is foe? Whom can you trust?
At the same time, Rebecka is facing other, more personal problems. On her husbands computer she finds evidence of him being unfaithful. He has brought the children to a safe house, but how safe is it really? The enemy seems to be continually one step ahead.
There is no dearth of conflict in this thriller. When one believes the very worst to have happened and relaxes a bit, there is the next punch in the face. This is all incredibly exciting and one’s brain has to struggle to figure out possible solutions to the mystery. The plot is so well constructed that only bits and pieces of the truth seep through and the turning points keep one on edge all the time.
An extra plus for Rebecka not being the Lisbeth Salander type, but about forty and a married mother of two, who has, to be sure, been a hacker in her youth but who didn’t suffer a difficult upbringing and who doesn’t hate society. She only wants to do her best to stop the keys to the Internet from ending up in the wrong hands.
One of the real-life seven key holders actually is Swedish. There is a short documentary about her on YouTube (in Swedish). Watch it!
— Annika Bengtsson
My hacker thriller The Seven Keys is being released today. When I wrote the afterword last spring, I knew that the message was an important one. I wanted it to be heard, somehow. Our society is fragile and rests on digital infrastructure which is far from secure.
Our government bodies, county councils, municipalities, and many of our companies are vulnerable. Sweden and many other countries could easily be the target of massive Internet blackouts and would then be at a standstill. Copious amount of information may end up in the wrong hands. Yet few seemed interested or able to understand the magnitude.
Then came the summer of the Swedish Transport Agency. Two government ministers and the board had to resign. Director general Maria Ågren was convicted of careless handling of secret intelligence. Suddenly everyone was talking about cyber security in Sweden. Thus, here is an easily accessible thriller with a very important message: we have to get the digital security upgraded. When you’ve read The Seven Keys, ask the political party you’ll vote for in the next election what they’re going to do to strengthen cyber security in your country.
The Seven Keys is today – 21 August, 2017 – released simultaenously in Sweden and Denmark. It is available in hardcover, as an audio book, and as an ebook.
You may now read my thriller short story CENTR, dealing with the power over the Internet. This is a short story, a work of fiction, but it was inspired by one of the most burning questions in the history of the Internet, today more burning than ever.
The United States of America has agreed to release control of ICANN, which handles the address register of all top domains. In other words, the address register is for example needed for directing internet traffic to the right country. In order to release control, the United States of America has posed certain conditions, to be fulfilled before September 2015. The question is… what happens if these conditions are not fulfilled?
I wrote the short story in the spring of 2015, on commission from .SE, in order for it to be mailed to the members of Centr, the European organisation for top domains, before a conference at Sheraton Stockholm Hotel, 1st – 3d of June, 2015.
I own the copyright and the short story might be distributed freely, provided that no changes are made.
Click HERE to download the story as a PDF file.