Significant Security Anxieties Surrounding Chinese AI Project DeepSeek - Significant apprehensions regarding the security implications of Chinese AI technology, DeepSeek
DeepSeek, a popular AI application, has caused quite a stir in the tech world, sparking worry from security agencies, data protection advocates, and cybersecurity experts alike. Apple and Google's app stores have seen a surge in its usage, but this popularity comes with significant risks that continually raise concerns.
The collection and storage of user data by DeepSeek are at the heart of the criticism. As per DeepSeek's privacy policy, they collect "keystroke patterns or rhythms" to identify users – a method that could potentially be used to create and recognize user profiles with AI assistance. This approach has security experts concerned, particularly in security-critical areas, as detailed by the Federal Office for Information Security (BSI).
However, it's important to note that this collections method is not the same as traditional keyloggers used by hackers and spy agencies to spy on passwords and access data. DeepSeek is merely recording input patterns or rhythms within the app, not everything typed on the keyboard, as explained by cybersecurity expert Rüdiger Trost.
On the other hand, OpenAI, DeepSeek's US competitor, assures that it does not actively seek personal data or use publicly available internet data to construct user profiles. But, there's a catch. US law, including the Cloud Act, obligates American companies to grant authorities access to data stored abroad under certain circumstances.
In an investigation by Palo Alto Networks, DeepSeek was found to be easily manipulable for criminal purposes. Hackers could use DeepSeck to generate scripts for reading data from emails and word documents through the correct prompts. And, when additional prompts were used, it produced "keylogger code."
Palo Alto Networks claimed that DeepSeek lacks the security features of other AI models, making it simple for its researchers to bypass its weak security measures and create malicious content with minimal knowledge or expertise.
Regardless of these shortcomings, DeepSeek is legally bound to store all data within China, as per Chinese law. This raises concerns about data protection, as Chinese National Security Law requires cooperation with security authorities, which many interpret as a 'backdoor' for China's intelligence apparatus to access all data stored in the People's Republic.
The data protection officer of Rhineland-Palatinate is preparing an audit process against DeepSeek, and several German data protection supervisory authorities may also take action. Some European data authorities are investigating if DeepSeek's data collection policies violate GDPR. Also, authorities in Italy have already placed DeepSeek on the blacklist due to data protection concerns.
German ministries, federal authorities, and large corporations take security measures to protect against cyberattacks, including AI models, not just DeepSeek. Some companies like Siemens and BMW only allow AI application access through their own security checkpoints to keep their data safe.
In summary, the controversy surrounding DeepSeek stems from concerns about data privacy, potential misuse for criminal purposes, and the risks posed by its lack of robust security measures, particularly against manipulation.
Google's app store has also experienced an increase in DeepSeek's usage, demonstrating its widespread popularity. Despite Google's commitment to user privacy, the collection and analysis of user data by DeepSeek has sparked discussions within the tech giant.
