Photo of Christopher Crum

Christopher Crum

Subscribe to Christopher Crum's Posts
Contact:Read more about Christopher Crum

The Artificial Intelligence and Machine Learning (“AI/ML”) risk environment is in flux. One reason is that regulators are shifting from AI safety to AI innovation approaches, as a recent DataPhiles post examined. Another is that the privacy and cybersecurity risks such technologies pose, which this post refers to as adversarial machine learning (“AML”) risk, differ from those posed by pre-AI/ML technologies, especially considering advances in agentic AI. That newness means that courts, legislatures, and regulators are unlikely to have experience with such risk, creating the type of unknown unknowns that keep compliance departments up at night.

This post addresses that uncertainty by examining illustrative adversarial machine learning attacks from the National Institute of Standards and Technology AML taxonomy and explaining why known attacks create novel legal risk. It further explains why existing technical solutions need to be supplemented by legal risk reduction strategies. Such strategies include asking targeted questions in diligence contexts, risk-shifting contractual provisions and ensuring that AI policies address AML. Each can help organizations clarify and reduce the legal uncertainty AML threats create.Continue Reading Adversarial Machine Learning in Focus: Novel Risks, Straightforward Legal Approaches

pexels-ramaz-bluashvili-26344937-7017138

The Trump Administration’s recent AI pronouncements decry “ideological bias or engineered social agendas” as antithetical to continued American AI leadership. Executive Order 14179, repealing prior Biden Administration Executive Order 14110 on AI safety, reflects that theme and so does Vice President Vance’s speech at the February 11 Paris AI summit. “We feel very strongly,” Vance remarked, “that AI must remain free from ideological bias.” The Trump Administration’s view appears to be that overzealous regulation, likely including nondiscrimination, safety, and transparency regulation, puts American AI development at a disadvantage. The release of DeepSeek undoubtedly reinforces such concerns. As White House Press Secretary Karoline Leavitt put it, “[DeepSeek] is a wake-up call to the American AI industry.”Continue Reading Trump’s New AI Executive Order: Navigating the Conflicting Poles of AI Regulation

24_1742_12 Days of Data_Graphic_102912

As a recent DataPhiles post explored, the threat to telecommunications infrastructure and private call records posed by foreign threat actors only continues to grow. In fact, at least one U.S. government agency has urged employees to avoid using mobile communications for any work-related activity. This has led private entities to wonder how they might protect the sensitive mobile communications of officers and employees.Continue Reading New Year, New Threats: Practical Tips for Secure Communications after Salt Typhoon

24_1742_12 Days of Data_Graphic_1029

Data breaches made headlines throughout 2024, affecting governments, health care groups, and telecoms. Follow-on litigation has kept pace. Nearly 4,000 class actions involving data privacy issues are estimated to be filed in federal courts by the end of this year.

Growth in litigation meant that 2024 saw legal developments in several areas including standing to sue and web video suits. Increased attention on cybersecurity and privacy incidents unsurprisingly corresponded with active SEC enforcement and derivative suits related to inadequate data security.Continue Reading Unwrapping 2024’s Key Trends in Data Privacy Litigation