Artificial intelligence: Legislation must mirror existing legislation and methods for cybersecurity

During the Tallinn Digital Summit 2018, I participated in a breakout session on Safty and Security in the age of artificial intelligencealong with four ministers and three other specialists in the area. Below is what I highlighted:

Skärmavbild 2018-10-17 kl. 14.36.45I have recently worked on a number of implementations of cyber security laws in organisations. I would like to briefly explain the need for a legal foundation that enforce safe development of AI systems and, above all, the need for it to be in line with previous cyber security legislation and methods.

Within corporations and other organisations, current risk management regarding IT systems is primarily based on two different points of view. The first is the risks regarding the organisation itself which needs to be managed in order to securely continue with operations. The second is the individual perspective which is regulated by privacy laws, like for example the Data Protection Act. Here, the risks and potential repercussions of mismanagement of personal data are analysed. Within organisations that handle a large amount of sensitive personal information and within government bodies, current legislation requires an independent Data Protection Officer who ensures compliance with existing legal requirements.

From a societal point of view, we have a different legislation which focuses on activities of importance to Europe for example. An example of this is the NIS-Directive which aims to ensure the reliability and security of network and information services which are essential to everyday activities.

The problem is that currently we lack a comprehensive legal framework to protect society – and the rest of the world – against organisations which are irresponsible in their development of artificial intelligence. Furthermore, there are no acknowledged standards, methods or indeed precedents within the area. As a result, as long as the integrity of the management of personal data is maintained, there are currently no restrictions, other than ethical, on any irresponsible development of artificial intelligence.

To manage the gap between regulation and the capability of the new systems, it will be essential to introduce processes within the organisations which focus on the management of risks associated with artificial intelligence. However, there is no need to reinvent the wheel. Current cyber security methods and guidelines can be complemented by our current knowledge of research within artificial intelligence. Notably, potential risks are far more wide-ranging than cybersecurity and have a large impact on fairness, ethics, transparency and accountability.

To manage these risks, I have four suggestions:

The first is to define the fundamental principles that should guide the development of artificial systems from a security, fairness, ethics, transparency and accountability point of view.

The second is to legislate against the irresponsible development of artificial intelligence. This legislation can be similar to the Data Protection Act, but with a focus on the protection of society as opposed to the protection of the individual.

The third is to define a model for the safe development of artificial systems which the legislation can refer to. Such a model could be used to determine whether right tests have been performed and to ensure that correct principles for system architecture and design have been adhered to. I really want to emphasize that such a model should not deviate from but rather complement existing models and processes for secure development like for example Microsoft’s Security Development Lifecycle or Privacy by Design. Any large deviation from existing frameworks may not only jeopardise the ability of the organisations to implement them but may also be prohibitively expensive.

The fourth is that developers of artificial intelligence systems need to have a process for independent verification. An example could be an independent representative who verifies that the organisation complies with the legislation, an AI Protection Officer with a similar position as the current Data Protection Officer.

Finally, I want to re-emphasise that all legislation within the area must mirror existing legislation and methods for secure development. Otherwise we will not get the results we are aiming for.

Åsa Schwarz

The breakout session Safety and security in the age of artificall intelligence had the following participators:

Skärmavbild 2018-10-17 kl. 09.27.42

Read CENTR – a short story about the power over the Internet!

Centr englishYou may now read my thriller short story CENTR, dealing with the power over the Internet. This is a short story, a work of fiction, but it was inspired by one of the most burning questions in the history of the Internet, today more burning than ever.

The United States of America has agreed to release control of ICANN, which handles the address register of all top domains. In other words, the address register is for example needed for directing internet traffic to the right country. In order to release control, the United States of America has posed certain conditions, to be fulfilled before September 2015. The question is… what happens if these conditions are not fulfilled?

I wrote the short story in the spring of 2015, on commission from .SE, in order for it to be mailed to the members of Centr, the European organisation for top domains, before a conference at Sheraton Stockholm Hotel, 1st – 3d of June, 2015.
I own the copyright and the short story might be distributed freely, provided that no changes are made.

Click HERE to download the story as a PDF file.


Pressrelease: Knowit is strengthening its security venture

Published: 27 March, 2013, at

Knowit is strengthening its venture in IT and information security. For this reason, Åsa Schwarz has been employed as sales manager of Knowit’s specialist company in the field, Knowit Secure. Her task is to position Knowit as the leading supplier of outsourced security.

– The demand for IT and information security is growing, as the situation for all companies becoming more complex, with outsourcing, cloud services and social media. At the same time, cybercrime is becoming more organized and goal-oriented, says Åsa Schwarz.

Knowit is growing quickly in the area. In one and a half years, Knowit Secure has gone from zero to twenty-five employees. The goal is to have thirty employees by the end of the year.

– Our goal is to become the Swedish leaders in the field. Åsa will help us on the way, with her unique competence in security, marketing and sales, says Tomas Rimming, CEO at Knowit Secure.

– Knowit has already become one of the sharpest security consultants, says Åsa Schwarz. It will be fun to see what we can achieve together in the future.

Åsa Schwarz has long experience of IT security and has founded both business fields and companies in the area. She also works as a columnist for Computer Sweden and has published four works of fiction, translated into seventeen languages.