Privacy Mistakes that Keep Security Experts Always Cautious

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris. REUTERS/Mal Langsdon
A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris. REUTERS/Mal Langsdon
TT
20

Privacy Mistakes that Keep Security Experts Always Cautious

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris. REUTERS/Mal Langsdon
A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris. REUTERS/Mal Langsdon

When it comes to privacy, it's the little things that can lead to big mishaps.

Privacy and security are often thought of as one and the same. While they are related, privacy has become its own discipline, which means security experts need to become more familiar with the subtle types of mistakes that can lead to some dangerous privacy snafus.

- Privacy System

With General Data Protection Regulation (GDPR) going live last spring in Europe and the California privacy law becoming effective in 2020, companies should expect privacy to become more of an issue in the years ahead. Colorado and Vermont have passed privacy laws, as has Brazil, and India is well on its way to passing one of its own.

Mark Bower, general manager and chief revenue officer at Egress Software Technologies, says that first and foremost, companies have to think of privacy by design.

Privacy by design requires companies to ask the following questions: What type of data are we storing? For what business purposes? Does the data need to be encrypted? How will the data be destroyed when it becomes obsolete, and how long a period will that be? Are there compliance regulations that stipulate data destruction requirements? How will the company protect personally identifiable information for credit cards and medical information?

- Emails mishaps

1. The Accidental email: Egress Software's Bower told the Dark Readings website that many misdirected emails are sent because users type in the first couple of letters of a name and go with what pops up first. While training users to check the To: field twice before hitting "send" can help, new machine-learning and AI technologies can track patterns of who users typically send emails to and have them double check they are sending them to the right people. For salespeople or reporters in the media who deal with lots of new contacts, the system can flag that this is the first time they are connecting with this person and ask whether they really want to send that attachment.

2. Somebody forwards a corporate email to a friend, spouse, or personal account: companies need to rethink how they want to control corporate information they send to their staffs, Egress Software’s Bower adds. The emails could be about something seemingly innocuous, like holiday plans, or inside information about a new product. Either way, companies have to decide whether they're going to let people forward them to people outside of the company or restrict or block people from sending them.

3. A user adds a new person to an email string who shouldn't have access: emails can get into the wrong hands when someone adds a person to a thread to keep him in the loop, but then somebody else includes confidential information that the added person shouldn't have access to, Bower points out. Once again, people need to be trained on how to be more sensitive to email strings and who really needs to see the information being sent. Technologies that use AI and machine learning can help, he says, and they can be used to block access if it's discovered that information has been sent to somebody who does not have proper access rights.

- Sync and Share

4. A 'Sync and Share' causes a potential data breach: Chuck Holland, director of product management at Vera Security sees that companies have to rethink their BYOD policies because every time an employee syncs a mobile device, she is syncing data to her personal cloud. Similarly, and maybe worse for the employee, she could be syncing her information to the corporate network.

5. Companies don't practice good off-boarding routines: Holland says companies have to do a better job off-boarding when an employee leaves for another job or for performance reasons. Too often, companies leave old accounts open, and sensitive information could be stored on the hard drives of their computers or in emails. Companies need to understand that hackers look for those types of accounts for information they can sell or to launch widespread attacks.

6. Companies don't encrypt email and data transfers: companies should never send unencrypted data or emails over the corporate network, a BigID's official says. Specific departments that should think extra carefully about privacy and taking care of sensitive personal and corporate information include human resources, marketing, advertising, and accounting, she adds.

7. During M&As, companies use privacy as a bargaining chip: while companies take privacy into account during a merger or acquisition, very often they will use it to have the other company reduce the purchase price, BigID's Farber says. However, after the merger, instead of taking money saved and investing it in privacy and security, it will just move it to the bottom line.



Video Game Actors Are Voting on a New Contract. Here’s What It Means for AI in Gaming

A picketer holds a sign for the SAG-AFTRA video game strike at Warner Bros. Games headquarters on Aug. 1, 2024, in Burbank, Calif. (AP)
A picketer holds a sign for the SAG-AFTRA video game strike at Warner Bros. Games headquarters on Aug. 1, 2024, in Burbank, Calif. (AP)
TT
20

Video Game Actors Are Voting on a New Contract. Here’s What It Means for AI in Gaming

A picketer holds a sign for the SAG-AFTRA video game strike at Warner Bros. Games headquarters on Aug. 1, 2024, in Burbank, Calif. (AP)
A picketer holds a sign for the SAG-AFTRA video game strike at Warner Bros. Games headquarters on Aug. 1, 2024, in Burbank, Calif. (AP)

An 11-month strike by video game performers could formally end this week if members ratify a deal that delivers pay raises, control over their likenesses and artificial intelligence protections.

The agreement feels "like diamond amounts of pressure suddenly lifted," said Sarah Elmaleh, a voice actor and chair of the Screen Actors Guild-American Federation of Television and Radio Artists' interactive branch negotiating committee.

Union members have until Wednesday at 5 p.m. Pacific to vote on ratifying the tentative agreement.

Voice and body performers for video games raised concerns that unregulated use of AI could displace them and threaten their artistic autonomy.

"It’s obviously far from resolved," Elmaleh said. "But the idea that that we’re in a zone where we might have concluded this feels like a lightening and a relief."

AI concerns are especially dire in the video game industry, where human performers infuse characters with distinctive movements, shrieks, falls and plot-twisting dialogue.

"I hope and I believe that our members, when they look back on this, will say all of the sacrifices and difficulty we put ourselves through to achieve this agreement will ultimately be worth it because we do have the key elements that we need to feel confident and moving forward in this business," said Duncan Crabtree-Ireland, the SAG-AFTRA national executive director and chief negotiator.

Here’s a look at the contract currently up for vote, and what it means for the future of the video game industry.

How did the current strike play out? Video game performers went on strike last July following nearly two years of failed negotiations with major game studios, as both sides remained split over generative AI regulations.

More than 160 games signed interim agreements accepting AI provisions SAG-AFTRA was seeking, the union said, which allowed some work to continue.

The video game industry is a massive global industry, generating an estimated $187 billion in 2024, according to game market forecaster Newzoo.

"OD," and "Physint" were two games delayed due to the strike during the filming and casting stage, video game developer Hideo Kojima wrote in December. Riot Games, a video game developer, announced that same month that some new skins in "League of Legends" would have to use existing voice-overs, since new content couldn't be recorded by striking actors. Skins are cosmetic items that can change the visual appearance of a player and is sometimes equipped with new voice-overs and unique recorded lines.

The proposed contract "builds on three decades of successful partnership between the interactive entertainment industry and the union" to deliver "historic wage increases" and "industry-leading AI provisions," wrote Audrey Cooling, a spokesperson for the video game producers involved in the deal.

"We look forward to continuing to work with performers to create new and engaging entertainment experiences for billions of players throughout the world," Cooling wrote.

Video game performers had previously gone on strike in October 2016, with a tentative deal reached 11 months later. That strike helped secure a bonus compensation structure for voice actors and performance capture artists. The agreement was ratified with 90% support, with 10% of members voting.

The proposed contract secures an increase in performer compensation of just over 15% upon ratification and an additional 3% increase each year of the three-year contract.

How would AI use change in video games? AI concerns have taken center stage as industries across various sectors attempt to keep up with the fast-evolving technology. It’s a fight that Hollywood writers and actors undertook during the historic film and TV strikes that forced the industry to a stop in 2023.

"In the last few years, it’s become obvious that we are at an inflection point where rules of the road have to be set for AI, and if they aren’t, the consequences are potentially very serious," Crabtree-Ireland said. "I think that really made this negotiation extra important for all of us."

SAG-AFTRA leaders have billed the issues behind the labor dispute — and AI in particular — as an existential crisis for performers. Game voice actors and motion capture artists’ likenesses, they say, could be replicated by AI and used without their consent and without fair compensation.

The proposed contract delineates clear restrictions on when and how video game companies can create digital replicas, which use AI to generate new performances that weren't recorded by an actor.

Employers must obtain written permission from a performer to create a digital replica — consent which must be granted during the performer’s lifetime and is valid after death unless otherwise limited, the contract states. The time spent creating a digital replica will be compensated as the same amount of work time it would have required for a new performance.

The agreement also requires the employer to provide the performer with a usage report that details how the replica was used and calculates the expected compensation.

Elmaleh, who has been voice acting since 2010 and had to turn down projects throughout the strike, said securing these gains required voice actors bring vulnerability and openness to the bargaining table.

"We talked a lot about the personal, the way it affects our displacement as workers and just the sustainability of our careers," Elmaleh said. "Our work involves your inner child. It’s being very vulnerable, it’s being playful."

What’s next for the video game industry? The tentative agreement centers on consent, compensation and transparency, which union leaders say are key elements needed for the industry to keep progressing.

As the contract is considered by union members, Elmaleh and Crabtree-Ireland said further work needs to be done to ensure the provisions are as broad as necessary.

"Even though there’s a deal that’s been made now, and we’ve locked in a lot of really crucial protections and guardrails, the things that we haven’t been able to achieve yet, we’re going to be continuing to fight for them," Crabtree-Ireland said. "Every time these contracts expire is our chance to improve upon them."

Elmaleh said she hopes both the video game companies and performers can soon work collaboratively to develop guidelines on AI as the technology evolves — a process she said should start well the proposed contract would expire in October 2028.

Leading negotiations has felt like a full-time job for Elmaleh, who took on the role in a volunteer capacity. As the efforts die down, she said she anxiously anticipates returning to video game acting in a landscape that is safer for performers.

Voice acting "is core to who I am. It’s why I fought so hard for this. I wouldn’t do this if I didn’t love what I do so much. I think it’s so special and worthy of protection," she said.