On June 25, the 14th Conference ‘Internet Security’ was held at the Stefan Cardinal Wyszyński University. The conference organizers included Cardinal Stefan Wyszyński University, Kozmiński University, Scientific and Academic Computer Network - National Research Institute and Scientific Center for Legal and Information Technology (NASK) with substantial support from the Sector Competence Council for Telecommunications and Cybersecurity.
The main topic of the conference were issues related to cybersecurity and hacking used on the Internet. The conference was divided into thematic panels and included a discussion regarding national cyber security, cybercrime prevention, and also involved topics related to certification, personal data protection, digital identity, disinformation and efficient incident management. One of the thematic panels was devoted to, inter alia, aspects related to the use of artificial intelligence. On that panel, social, economic and legal issues related to the use of intelligent management systems were discussed. Examples of AI algorithms use, as well as emerging threats and future challenges were also presented.
One of the significant issues elaborated on during the panel on artificial intelligence was the use and processing of metadata. The adopted Directive (EU) 2019/1024
of 20 June 2019 on open data and the re-use of public sector information, which was implemented in Poland in 2021 (The act on open data and the re-use of public sector information
), sets out the principles and possibilities for the intelligent use of public sector open data. The structure and the registry of metadata is described in the applicable ISO standards, as well as in the Ministry of Internal Affairsregulation
of 30 October 2006 on the necessary elements in the structure of electronic documents. Metadata constituting public sector information should, in principle, be treated as public sector information and, in the process of its decoding and processing, can also be classified as other categories of data and exchanged between different systems..
It is noteworthy that decoding metadata and using it with natural language may result in the occurrence of circumstances in the future, the probability of occurrence of which can be presented as a result of the analysis of input data in the used metadata systems. The use of such data may be relevant for statistics in scientific research purposes, e.g. in medicine. However, the use of various types of personal data can also raise certain risks in terms of protecting personal privacy, security and transparency in decision-making. This creates the possibility of using publicly available data for the purposes of so-called "white hacking". Therefore, it is necessary to define the areas of possible use of publicly accessible metadata sets, delineate white, gray and black hacking, and define the limits of legality of white hacking.
Important aspects related to the use of artificial intelligence were raised during the speech of a representative of ENISA (European Union Agency for Cybersecurity). The EU Agency plays an active role in the work on adapting EU’s AI ACT and draws attention to security issues of the implemented AI systems, which should be secure, transparent, and their operation identifiable. Throughout the life cycle of artificial intelligence management systems, risks in the data supply chain should be defined and identified, in order to avoid so-called data black box and bias. Significant element in the entire process is also to define the AI life cycle, as well as to map potential threats in the data processing process while using AI algorithms.
In summary, the topics and issues regarding artificial intelligence raised during the conference should be comprehensively included in the discussion on the harmonization of the EU’s AI ACT. The ongoing processes, involving the certification of AI systems, the use of technological solutions in existing ERP systems and the definition of artificial intelligence algorithms at their design stage should be presented in such a manner that they can be characterized as reliable, operating in accordance with the intended use, and also able to obtain repeatability of results. This last aspect will be very important in the AI / ADM decision making process in the public administration sector using personal data.
Written by Iwona Karkliniewska, Researcher at Foundation Moje Państwo