Artificial Intelligence. We are all familiar with it---more than most of us are consciously aware of the advancements in technology. Although generative artificial intelligence programs have only recently made their way into mainstream public conversation, this new technology has already engrained itself into the fabric of our increasingly digital society. For example, Google email services now suggest sentence endings. Photo editing programs, such as Photoshop, can remove unsightly details from your photographs, seamlessly filling in the background in their place. Most encounters with artificial intelligence in our lives are mundane and hardly inspire a second thought. Despite artificial intelligence appearing harmless, these programs are exploitable, fueling a technologically advanced wave of cybercrime that Alabama, along with the rest of the country, is scrambling to combat.
Although artificial intelligence has enabled new forms of cybercrime, the concept is as old as the internet itself. Concerns about digital attacks may feel recent, but this burden of modern society can be traced back over a century. As the world has become increasingly digitized, our two greatest assets can constantly be accessed through the internet: our data, and our money. While this is an everyday convenience for most individuals, it also presents a unique opportunity for technologically advanced criminals to target individuals beyond their geographic boundaries. This threat is particularly pertinent in Alabama, which ranked highest in the nation for average losses per cybercrime victim in 2022. The rise of computer technology brought with it an increase in computer viruses, ransomware, and other digital programs designed to access the user’s personal information, and ultimately, their bank accounts.
Cybercrime falls into two main categories: cyber-dependent crime, and cyber-enabled crime. Cyber-dependent crimes are crimes that can only be committed through the use of technology, such as ransomware. Cyber-enabled crimes include any crime that can be done offline, but can evolve rapidly through the use of technology, such as fraud and identity theft. While cyber-enabled crimes take recognizable forms, as technology advances, cyber-dependent crimes are becoming increasingly difficult to predict. When technology becomes capable of a wider array of functions, the potential to exploit that technology increases rapidly, allowing cybercrime to evolve at an exponential rate.
The most significant recent developments in cybercrime stem from the expansion of AI capabilities. AI, or artificial intelligence, simulates human intelligence, opening new doors for methods of performing tasks that previously required human involvement. Although modern discussions of AI primarily center around more complex applications of the technology, AI can be used for a myriad of beneficial and convenient purposes, including GPS guidance, digital assistants, and generative AI services, with generative AI dominating the conversation in recent months. Although certain uses of AI are relatively commonplace in modern society, with the release of ChatGPT, a publicly accessible generative AI platform, in late 2022, the conversation has shifted, with concerns rising as to the extent of AI’s capacity. Generative AI functions by drawing on existing data to respond to the user’s prompts, capable of creating images, video, and text. While most of the early conversations about the drawbacks of generative AI centered around concepts like copyright infringement, the versatility of AI allows these tools to be exploited for much more sinister purposes. While there is a wide array of legitimate uses for such technology, generative AI can also be used to create “deepfake” images. using the likeness of real people depicted in fictional scenarios. The problems associated with generative AI can feel distant from the average American, but as AI continues to grow further integrated into everyday technology, the problem has thoroughly worked itself into our homes, making cybercrime a threat that everyone should give mind to.
In response to the growing threat, government entities have leaped into action, resulting in a flurry of legislation across the country. Alabama began passing legislation in this realm in 1985 with the Alabama Computer Crimes Act. This was replaced by the Alabama Digital Crime Act in 2012, with statutes covering offenses such as computer tampering, data fraud, and phishing. This is differentiated from the recent wave of legislation, both in Alabama and across the country, that focuses on AI technologies. The high political stakes of an election year inspired 118 bills across 42 states, targeting the use of generative AI to spread misinformation pertaining to the upcoming election. Alabama is among this group, passing HB172, which creates remedies to prevent the use of AI programs to falsely depict political candidates. Alabama has also joined the fight against AI-enabled cybercrime in other areas as well, with the recent signing of HB168, a bill to encompass explicit “deepfake” generated images of children within the state’s existing child pornography laws. This expansion not only increases the severity of the offense, but also carries harsher punishments for offenders. Government action is not solely focused on restricting the use of these technologies; Alabama Governor Kay Ivey signed an executive order in February of this year to create a task force focused on addressing responsible and effective use of generative AI within state governmental agencies. This widespread and varied legislative response reflects a growing nationwide trend, in which local, state, and federal government entities are all walking a fine line between limiting cybercrime and taking advantage of technological advancements.
As legislators work to catch up with this growing wave of technological advancement, there are measures individuals and organizations can use to mitigate their risk of becoming a target of a cyber-attack. Antivirus programs, the use of strong passwords, and exercising caution are all longstanding methods of protecting from cybercrime, but these existing security measures do little to protect from generative AI and “deepfake” images. Government action can provide a deterrence against these uses of AI, as well as remedies for victims, but until legislation catches up to the problem, it is important to be mindful of your own exposure to online risk.
While legislation has presented itself as an appealing safeguard from abusive uses of AI, these bills come with their own drawbacks and concerns. On a state, national, and even international level, concerns about free speech have halted some of the zeal about legislating cybercrime. Looking beyond the realm of cybercrime, the protections guaranteed under the First Amendment of the Constitution require additional considerations for state and federal government actors seeking to pass further legislation. It is a long-established principle that any legislation hindering the exercise of free speech must be narrowly tailored, to avoid bringing protected activities within the purview of the law. This presents a challenge for lawmakers, who must ensure any restrictions imposed do not extend to legitimate internet activities. Alabama courts have offered some clarity to define this line, however. Before the days of “deepfakes,” the Alabama Court of Criminal Appeals addressed computer-morphed images, which altered photos of real children in an exploitative manner. The Court declined to apply free speech protections to images created through computer morphing, and upheld convictions for illegal activity using the software. McFadden v. State, 67 So. 3d 169 (Ala. Crim. App. 2010). This interpretation limits the application of a free speech argument against certain legislation, making such defenses only applicable when the speech is truly protected. In a constantly evolving area of the law, however, clarity is short lived. The conversation has also extended to applying free speech protection to AI programs themselves, further complicating matters. As these issues continue to be both legislated and litigated, the boundaries and First Amendment applications should become more clearly defined.
Another hot button issue with legislation relates to privacy concerns. A computer’s IP address is like a fingerprint. The IP address links the user to their online activity and can be used to link a person to any cybercrimes they may commit. Cybercrime investigations, by their very nature, lead to the interception of large amounts of personal data, which creates serious privacy concerns among internet users. These liberty interests are counterbalanced against concerns regarding the protection of money, personal information, and children. While this balance of interests complicates collaboration among lawmakers for consistent anti-cybercrime policy, legislation has progressed in individual states across the country, expanding this new body of law. These new laws draw more online activities into the umbrella of statutorily recognized cybercrime, while simultaneously increasing criminal penalties for those actions. With the increase in penalties and growing body of law governing cybercrime, if accused, finding a knowledgeable attorney to help navigate these matters is more important than ever.
If you have a Federal Criminal case, a State Criminal case, a Municipal case or a Family Law case, contact Joe Ingram or Ingram Law LLC at (205) 335-2640. Get Relief * Get Results.