Author: Albert Jehoshua Rapha, Diponegoro University
Artificial intelligence (AI) technology has experienced exponential advancement and widespread deployment globally since its initial exploration in 1950. With this pace of change, policy adaptation is needed in the Asia Pacific to secure the resilience of online platforms to cyber threats. AI is now one of many technologies that power ‘critical infrastructure’ — health systems, surveillance networks and payment systems — many of which underpin the real economy.
AI involves the programming of computers to undertake tasks accomplished by human intelligence — the ability to make predictions, reason, grasp visual or auditory information and cooperate with humans and machines. AI is powered by machine learning, a field of research in which algorithms are trained on historical data to predict output values. This enables software, like search engines or spam filters, to become more accurate without being explicitly programmed.
Asia Pacific governments are already taking the essential steps to establish a clear vision for AI development. Australia orchestrated an AI roadmap and AI Action Plan aimed at leading the development of trusted, secure and responsible AI in 2019. Emerging economies like Indonesia, the Philippines and Thailand have also published national guidelines to improve state AI capabilities.
Governments are eager to harness the potential of AI, while devising a people-centric approach to governing the new technology so that AI can promote more inclusive growth in society. Within the right regulatory and policymaking framework, AI will enhance the quality of public services, increase the effectiveness of service delivery and improve the accuracy of state policymaking.
Developed economies like Singapore and Japan have spearheaded the use of AI in reports like Smart Nation Singapore and ‘Society 5.0‘, respectively. State governments in Australia have used AI, in some cases since the late 1990s, to assist with data-driven decision making. The New South Wales state government deploys AI in optimising the public transport system, automatic number plate recognition and as a pre-emptive policing tool.
AI relies heavily on data generated by public use of online applications, services and utilities, so cyber resilience should be a prerequisite before embracing this technology. Securing high-standard personal data protection should be a government priority in order to foster trust in AI-based government services and avert the misuse of personal data by governments and corporations.
Still, data protection and consent-based models for user privacy rightly aimed at increasing the transparency of AI run the risk of crimping algorithms reliant on the real-time collection data — reducing the accuracy of machine learning insights and the quality of service provision.
At present there is a significant gap between the AI ambitions of Asia Pacific countries and the cyber resilience of the technology they are deploying. The latest Estonian National Cyber Security Index report shows that Asia Pacific countries lag behind in terms of their preparedness to meet and resolve cyber incidents.
The shortfall can be attributed to the uneven development of standards for the protection of personal data. Most emerging economies are less willing or able to stipulate data protection regulations because they are, in some forms, a tax on data-intensive industries. They may also lack the administrative capacity to enforce privacy and data-protection measures, including the procurement of cloud-computing and data-storage mechanisms to protect sensitive information.
This explains why countries — including Indonesia, India and Vietnam — still score poorly compared to developed countries like Singapore, Australia and Japan. But obtaining a high overall rating is no guarantee of successfully defending against cyber threats.
Malaysia received a score of 100 per cent on the ‘protection of personal data’ metric while suffering an alleged illegal data trade in which the personal details of 4 million Malaysians were stolen from the government’s myIDENTITY website in 2021. Singapore ranked second to Malaysia, yet it experienced a 43 per cent spike in cybercrime between 2020 and 2021.
The situation in emerging economies reflects the absence of any regional standards and best practice for the regulation of AI. In Indonesia, personal data administered by Indonesian government agencies at the national to local level remain prone to leaks. Indonesia is still grappling with a draft Bill on the Protection of Private Personal Data despite its responsibilities as G20 president to promote more secure data protection amid rapid worldwide digital transformation.
Yet the difficulty Indonesia faces in hammering out an agreement on personal data protection reflects the patchwork of regulations and standards within the Asia Pacific itself. In response, APEC agreed on an updated APEC Cross-Border Privacy Rules (CBPR) System in 2015 as a voluntary way in which participants could recognise CBPR-certified firms as having comparable data standards to their own data protection laws, exempting these firms from further compliance steps.
This and other flexible approaches to data governance will minimise the compliance costs of moving data across multiple jurisdictions to be used for machine learning and AI technology. Alongside domestic steps to increase the cyber resilience of online platforms, a more harmonised regional position on data protection will allow more countries to share in the commercial benefits. It will also help authorities credibly commit to securing the privacy of their citizens when they collect, process and use personal data for digital-led innovation in public services and national security.
This is why authorities across the Asia Pacific region must devise a form of comprehensive regional cooperation on AI development like the kind established by EU Member States in 2018. This includes touting cyber resilience as crucial to the future development of AI in the Asia Pacific.
Albert Jehoshua Rapha is Research Affiliate at the Centre for Policy Studies and Development Management (PK2MP), Diponegoro University.
The post Asia Pacific cybercrime threatens to crimp AI first appeared on News JU.