Source: Shutterstock

The conversation around data misuse extends further than generative AI. Consumers are arguably savvier about whom they give their information to and the permissions they grant. This is a consequence of organisational data misuse in the past – individuals are fed up with spam texts and calls. Significant data breaches also frequently make the mainstream news, and word quickly spreads, tarnishing brand reputations.

In recent years, data regulations have tightened to help protect consumers and their information. However, we are only at the start of this journey with AI. While laws are being introduced elsewhere in the world to regulate the technology, like the EU’s AI Act, the Australian government has yet to reach that stage. Saying that, in September, Canberra agreed to amend the Privacy Act to give individuals the right to greater transparency over how their personal data might be used in AI. The government has been put under pressure by business groups to prevent AI causing harm and, in June 2023, a paper was published exploring potential regulatory frameworks. However, at the moment, the onus is primarily on individual organisations to handle their AI technologies responsibly. This includes where the initial training data is sourced and how user data is stored.

Using untrustworthy public data to train algorithms does have consequences. These include so-called ‘hallucinations’, where the AI generates incorrect information presented in a manner that appears accurate. Toxicity can also be an issue, where results contain inappropriate language or biases that can be offensive or discriminatory. Air Canada was recently ordered to pay damages to a passenger for misleading advice given by its customer service chatbot, resulting in them paying nearly double for their plane tickets.

On the other hand, if an organisation uses its own customer data for AI system training, it faces a distinct set of risks. Improper handling can result in the violation of data protection regulations, leading to heavy fines or other legal action. In December 2023, researchers at Google managed to trick ChatGPT into revealing some of its training material, and OpenAI is currently facing a number of lawsuits in relation to the data used to train its chatbot. In January, another data breach exposed that the Midjourney AI image generator was trained on the works of over 16,000 artists without authorisation, which could lead to significant legal action.

Source: Shutterstock

Many core business technologies, like contact centres, utilise large volumes of data, and these are often one of the first targets in a digital transformation. Continuous modernisation of CX is essential to meet the rising expectations of customers. AI instils new levels of intelligence in the platforms used by organisations, for example, anticipating customer needs, making tailored recommendations and delivering more personalised services.

Organisations need to evaluate platforms that have processes in place to ensure they safeguard data and privacy, especially if leveraging AI. So-called ‘green flags’ include compliance with the Notifiable Data Breach (NBD) scheme and the PCI Data Security Standard (PCI-DSS). Enabling consumer trust and confidence in how their sensitive data and transaction history are leveraged and stored is essential. Adherence to relevant governance means organisations are reducing the risk of fraud and security breach by improving data security and bolstering authentication methods, to name just a couple of necessary measures.

It can be easy to get in hot water when embarking on a new venture without expert guidance, and AI journeys are no exception. Partnering with a reputable organisation which understands how the technology best fits in a business can be the difference between success and failure. With Nexon’s expertise, organisations have successfully leveraged a range of AI-powered solutions, from Agent Assist and Co-Pilot tools that streamline customer support workflows, to Predictive Web Engagement strategies that deliver personalised digital experiences and increase sales.

Nexon has forged a strategic partnership with Genesys, a global cloud leader in AI-powered experience orchestration, which prioritises ethical data sourcing and customer privacy. Genesys is committed to understanding and reducing bias in generative AI models, which it uses in its software to automatically summarise conversations for support agents and auto-generate email content for leads and prospects. This is achieved through ‘privacy by design’ principles enacted from the inception of its AI development, an emphasis on transparency into how the technology is applied and the use of tools to find and mitigate possible bias.

Genesys envisions a future where ethical considerations play a central role in all AI applications. Genesys AI brings together Conversational, Predictive and Generative AI into a single foundation to enable capabilities that make CX and EX smarter and more efficient and delivers meaningful personalised conversations (digital & voice) between people and brands.

The company’s customer-centric approach ensures that its cloud platform and AI solutions meet ongoing needs and adhere to strict data, privacy and security protocols.

Source: Shutterstock

As AI elements are introduced, they are tested rigorously to ensure they do not violate the protections that its cloud platform promises. Unlike other solutions, Genesys AI was built securely from its inception. Genesys provides users with control over AI use, providing understanding of its impact on experiences and enabling continual optimisation for better outcomes. Additionally, it provides a thorough exploration of the transformative potential of AI and how to responsibly leverage its capabilities for unparalleled customer experiences. You can read more into this subject in the white paper ‘Generative AI 101‘

Genesys has named Nexon a Partner of the Year twice in a row, thanks to its proven experience and expertise in delivering integrated digital CX solutions. This partnership solidifies the two companies’ collaborative efforts to provide organisations with innovative AI-driven solutions while upholding the highest standards of data ethics and customer privacy. Through this strategic alliance, organisations can navigate the complexities of AI technology, harnessing its transformative potential and drive growth and customer satisfaction responsibly and sustainably.

Contact Nexon today to discover how its AI expertise can drive superior customer interactions and streamline your business operations.

The post Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications appeared first on Tech Wire Asia.

The current state of the insurance industry

TechWireAsia spoke to Nikola Djokic, the Managing Director of Insurance at SAP Fioneer, about the current state of the insurance industry and the challenges it faces. “Insurance is undergoing a revolution,” he said. “The rise of the insurtech and access to data has allowed non-insurance brands to enter the market and offer insurance as part of their offering, adding value to their customers and generating new revenue. Rather than a separate vertical industry, insurance is now taking a role in several ecosystems. This all represents significant new market opportunities for insurtechs, new players and incumbents alike, but the change is rapid, and traditional insurers need to adapt quickly to take advantage of and benefit from the new world order.”

Digitalization has traditionally been hampered in insurance due to legacy systems. Often built over decades, they have created data silos and operational inefficiencies that hinder the adoption of modern technology. Insurers have struggled to integrate new digital solutions seamlessly into their existing infrastructure, leading to fragmented customer experiences and slow response times. Moreover, the risk-averse nature of the insurance industry has contributed to a reluctance to invest in digital transformation initiatives. Insurers have been cautious about migrating sensitive data to the cloud and adopting emerging technologies like AI and machine learning due to concerns about data security, regulatory compliance, and the potential for disruption to established business processes.

Mr Djokic said: “Decisions need to run from the user interface through the middle office to the back office and back again, and these have typically been disconnected. The process of assessing a customer for a policy, or a claim for a payment, traditionally required (and in many cases still requires) a lot of manual intervention.”

Third-party data has been available to facilitate these assessments, but it is rarely integrated into the core insurance solution, making it challenging to meet customer expectations for digital immediacy. “This has allowed new players – neo-insurers – unencumbered by legacy systems or processes to leapfrog ahead in niche areas,” said Mr Djokic.

Insurance penetration in Asia, standing at around two percent in developed markets and one percent in emerging markets, presents a barrier to sector expansion despite the region’s vast population of over four billion people. TechWireAsia caught up with Chirag Shah, the Managing Director of JAPAC Digital and Core Insurance at SAP Fioneer, to try and understand the growth potential of the industry in APAC.

He said: “The Asia Pacific insurance market is experiencing shifts driven by post-COVID-19 customer perceptions, particularly in healthcare. Rising awareness of the protection gap has led to increased demand for health and life insurance products, especially in emerging markets, where insurance penetration and density are lower compared to developed markets.

“Insurers must navigate challenges such as mobility, cybersecurity, and climate change while enhancing value creation within existing operations like claims and underwriting. Challenges include slowing growth, low penetration, and rising combined ratios, particularly in emerging markets.”

Insurance everywhere

Source: SAP Fioneer

“‘Insurance everywhere’ alludes to embedded insurance,” said Mr Djokic. “Delivering insurance at the point it’s needed, as part of a purchase process, circumventing the need for a consumer or business purchaser to undertake a separate set of steps to insure their car, home, electronic item, or holiday.” By making insurance products more accessible and convenient, insurers can reach a broader audience and meet the evolving needs of modern consumers. Accessibility also opens up new opportunities for insurers to partner with other industries and platforms, expanding their reach and market presence.

Mr Djokic added: “[It] has the potential to increase the level of insurance generally, which is good news not just for the industry but society as a whole, as it becomes more protected. But it also means that non-insurance companies can take market share from the traditional players, unless those players turn the situation to their advantage, and become the ones offering insurance solutions to new industries.”

Personalization with data and AI

Traditional insurance practices rely on limited data and broad assumptions, often leading to unfair assessments of risk based on general demographics. This has sparked frustration among consumers who feel penalized for careful behavior while subsidizing riskier individuals. However, emerging technologies like telematics and IoT devices are beginning to change this dynamic by allowing personalized assessments and rewards for behaviors like safe driving and healthy lifestyles.

“We have seen examples of health insurance companies monitoring exercise levels with fitness trackers and dropping premiums accordingly,” said Mr Djokic. “There is now more data accessible to the insurer to contribute to the risk assessment, be it social media or online behavioral data, credit scores or – in the case of embedded insurance – data held or gathered by the non-insurance company.

“For the first time, we’re witnessing a ‘win-win’ in the industry, where data helps the insurer reduce their risks and pass this on in the form of reduced premiums to the customer. As consumers become accustomed to this level of tailoring, it will be essential for insurers to offer personalized insurance to stay competitive.”

Increased data availability is enhanced by AI, particularly machine learning, enabling dynamic risk assessments and tailored policy generation. Predictive analysis and risk scenario modeling help insurers proactively cover emerging risks like climate change and technological advancements. Automated policy drafting and scenario simulation improve efficiency and ensure comprehensive coverage tailored to specific customer needs.

“AI can interpret data accurately and immediately to deliver real-time claims processing and payment while mitigating risks.” Said Mr Djokic. “It delivers the speed consumers and businesses now expect while protecting the insurer.”

Mr Shah added: “Insurers in Japan and Korea may leverage AI and data analytics uniquely to cater to their distinct demographics and technological landscapes. Japan’s aging population may drive insurers to develop AI solutions for personalized services and risk management tailored to older demographics. Korea’s advanced technological infrastructure may facilitate the adoption of AI-driven underwriting and pricing models to enhance customer experiences and operational efficiency.”

The future with SAP Fioneer

On the future of insurance in APAC, Mr Shah said: “Despite challenges, Asia remains an attractive insurance market, with emerging markets expected to see higher premium growth in the next two years driven by rising economic growth, increasing risk awareness post-pandemic, and digitalization of distribution channels.

“Digitally embedded insurance is expected to grow significantly by 2030, driven by increasing digital penetration and partnerships with digital ecosystems.”

Mr Djokic says that the key to taking advantage of the new opportunities in insurance is connectivity – the ability to connect a core insurance solution to, for example, a new data source or user interface. “The secret to that is open technology,” he said.

For example, SAP Fioneer’s Engagement Hub is a tool for insurers to connect in an evolving ecosystem. With bi-directional communication, the Hub links a core insurance system with diverse digital channels, letting insurers craft tailored insurance solutions and adapt to market demands. The Cloud for Insurance cloud-native platform boasts fully managed services, ecosystem integration, and an intuitive user experience, allowing users to scale, innovate, and adapt quickly.

For more information on how insurers can embrace open technology and navigate the transformative changes in the industry, download the ‘Insurance Everywhere All at Once’ whitepaper from SAP Fioneer today.

The post Insurance everywhere all at once: the digital transformation of the APAC insurance industry appeared first on Tech Wire Asia.

Incognito mode provides a semblance of privacy across widely-used web browsers, including Chrome, Safari, Firefox, and others. Marketed as a feature for browsing the web without saving your history on the device, it presents an illusion of complete privacy.

However, it’s commonly overlooked that, despite no record of activity being saved on the device, external entities — including website hosts, Internet Service Providers (ISPs), search engines, and various companies — can still monitor your online actions in incognito mode.

Legal spotlight: The Google incognito mode lawsuit

This oversight led to a lawsuit against Google for allegedly tracking users’ internet activity under the impression they were browsing privately. As a resolution, Google has agreed to either delete or anonymize billions of web browsing data records collected under its “Incognito mode”, as part of a class-action settlement proposal. This move follows allegations in a legal claim, suggesting that Google secretly monitored the internet activities of individuals who assumed privacy.

As reported by The Verge, the settlement of Brown v. Google necessitates that Google enhance its disclosure regarding data collection in Incognito mode and impose restrictions on future data gathering. Pending approval from a federal judge in California, this agreement could benefit approximately 136 million Google users who were implicated in the 2020 lawsuit. The lawsuit accused Google of illicitly tracking user activity via the private browsing feature.

GOOGLE AND THE CYBER SECURITY AGENCY OF SINGAPORE FORGE A STRATEGIC ALLIANCE

Muhammad Zulhusni | 13 February, 2024

The settlement’s value, pegged at US$5 billion, reflects the significance of the data Google is compelled to delete or prevent from gathering, dating back to December 2023 and before. Data that isn’t deleted outright will be stripped of identifying information.

Plaintiffs have heralded the settlement as a milestone in holding the “world’s largest data collector” accountable, viewing it as a vital step towards bolstering internet privacy rights.

In response, Google’s spokesperson José Castañeda expressed satisfaction over reaching a settlement for what the company views as a baseless lawsuit. Despite the plaintiffs’ valuation of the settlement at US$5 billion—the sum initially sought in damages—Castañeda pointed out that the actual compensation to the plaintiffs is nil, emphasizing the settlement’s exclusion of damages for the class. However, it allows for individual damage claims.

Google agrees to delete incognito mode data collected (Source – X)

Castañeda further clarified that Google does not link data to users in Incognito mode, and the company is ready to eliminate older, non-personalized technical data.

The agreement also mandates Google to update its privacy disclosures, a process it has already initiated on Chrome. For the next five years, Google will enable users to block third-party cookies by default in Incognito mode, thereby preventing Google from tracking their activities on third-party sites. Despite the settlement, individuals still retain the right to pursue claims for damages in California state court, with 50 claims already filed.

What incognito really means

Alright, let’s delve deeper into the specifics of what “incognito” mode actually means. We touched on it briefly earlier, noting that when you conclude a session in incognito mode, the browser doesn’t retain cookies or any traces of your visit.

GOOGLE STILL DOMINATES SEARCH ENGINES DESPITE MICROSOFT BING’S AI REVOLUTION

Aaron Raj | 13 October, 2023

Furthermore, incognito mode ensures that no data or search history from a specific session is saved on your device. This means that others who use your device can’t discover which sites you visited or what you searched for online.

To clarify, “incognito” implies concealing your identity. When you browse in incognito or private mode, you’re hiding your browsing activity from other users of the same device. However, it’s crucial to understand that your IP address and online actions are still observable to external parties.

In essence, private browsing shields your internet activities from the eyes of other users on your device, offering a layer of privacy from family and friends.

However, it’s crucial to recognize that Google Chrome’s incognito mode does not provide complete protection against tracking by websites or data collectors. As recent updates to disclaimers indicate, even in private browsing mode, websites can still accumulate data on your activities, including tracking by Google itself.

Furthermore, it’s significant to note that incognito mode may not conceal your activities from an employer or educational institution. So, if you’re trying to access websites discreetly at work or school, incognito mode might not offer the anonymity you seek.

Despite Google’s privacy policy stating that Incognito mode maintains privacy on your device, it doesn’t prevent Google from gathering data through other services, as detailed in their Privacy Policy.

Privacy vs. perception: The reality of digital anonymity

Though the concept of “incognito” suggests a level of anonymity, the reality does not fully align with the expectation of complete privacy. This gap between expectation and reality underscores a more significant issue in our digital society: the complex nature of online privacy and the oft-misunderstood mechanics behind it. Many users venture into incognito mode believing that it serves as a digital cloak, rendering their online activities invisible to all. Yet, this belief is a misconception that technology giants perhaps do not dispel clearly enough.

The truth is that incognito mode offers only a surface level of privacy protection, primarily against casual snooping on the same device. Contrary to popular belief, it is not a shield against the prying eyes of the broader internet ecosystem, including advertisers, websites, and internet service providers. This misunderstanding leads to a false sense of security, where users might engage in activities, thinking they are completely anonymous, only to leave digital footprints visible to a slew of online entities.

Moreover, the effectiveness of incognito mode—or the lack thereof—raises questions about the responsibility of tech companies in educating users about the scope of privacy their products actually offer. Is it enough to provide users with a tool that has limited privacy capabilities without making its limitations abundantly clear? This question becomes even more pertinent in light of the lawsuit against Google, suggesting a need for greater transparency and clearer communication from tech companies about what their privacy features can and cannot do.

The post Unveiling the reality of incognito mode from Google and online privacy appeared first on Tech Wire Asia.

Islamic banking operates on principles of Shariah law, emphasizing ethical, moral, and social values in all transactions. In Malaysia, a country with a significant Muslim population and a strong commitment to Islamic finance, banks like Bank Muamalat Malaysia Berhad (Bank Muamalat) are at the forefront of integrating traditional values with the latest technological advancements. This blend of tradition and innovation sets the stage for Bank Muamalat’s strategic partnership with Google Cloud, aiming to lead the digital transformation in Islamic banking.

This alliance is set to harness Google Cloud’s comprehensive suite of capabilities, including modern infrastructure, data analytics, security measures, and generative AI, to offer Malaysians personalized and inclusive digital banking services.

Amidst the banking sector’s growing recognition of artificial intelligence’s transformative potential, a study by Google Cloud underscores the industry’s increasing interest in generative AI. The research, which surveyed 350 banking executives and over 2,000 consumers, highlighted a widespread demand for generative AI technologies. A substantial 92% of executives acknowledged a “high demand” within the sector, with 95% affirming its capacity to revolutionize the industry.

These executives anticipate generative AI to significantly contribute to revenue growth through enhancements in investment research, marketing, customer segmentation, and customer acquisition and retention strategies.

GOOGLE GEMMA: AN OPEN SOURCE AI MODEL FOR EVERYONE?

Aaron Raj | 23 February, 2024

The consumer sentiment towards generative AI shows a division based on age, with younger generations more open to the technology than older age groups. Highlighted applications for AI include improved AI chatbots, expedited credit card processing, and comprehensive financial insights, indicating critical areas for enhancing adoption and perception.

Enhancing customer experience with AI

Zac Maufe, Global Head of Regulated Industries for Google Cloud, highlighted generative AI’s potential to redefine banking and investment, noting its role in boosting productivity and operational efficiency within the sector. Maufe also noted the technology’s ability to create personalized digital experiences, catering to the preferences of new banking consumers.

As generative AI evolves, it is expected to attract increased regulatory attention. Maufe advocates for a forward-looking risk management strategy to securely leverage this technology. Reflecting on the research, a trend emerges of executives planning to expand their generative AI investments, anticipating returns on their initial outlays.

Nearly half of the banking executives are exploring generative AI through proof-of-concept projects, with 35% already engaging in active pilot and testing phases. These projects primarily aim to enhance employee productivity and innovate in content creation, marketing, and software development.

Yolande Piazza of Google Cloud observed that the industry has moved beyond experimental stages with generative AI, now focusing on practical applications to improve efficiency. She believes success will favor banks that solve specific business challenges in alignment with strategic goals.

Bank Muamalat’s comprehensive cloud transformation includes adopting technologies from Mambu and Backbase, reinforcing its dedication to delivering advanced digital banking solutions that comply with Shariah principles.

Mambu announces Bank Muamalat’s partnership with Google Cloud (Source – X)

Khairul Kamarudin, Bank Muamalat’s CEO, stated the bank’s commitment to advancing Malaysia’s Islamic banking sector through digital innovation. Leveraging Google Cloud is expected to streamline IT operations and foster innovation, notably through enterprise-grade generative AI, enhancing overall banking experiences.

The bank’s strategic shift towards a cloud-based model includes migrating digital applications and databases to Google Cloud. This integration with Mambu’s digital core banking platform and Backbase’s engagement banking platform aims to introduce a suite of new Islamic financing and deposit products. This transition is poised to reduce costs, improve operational efficiency, and expedite software development, facilitating quicker deployment of banking services.

Bank Muamalat is utilizing Google Cloud’s infrastructure to enhance its Muamalat Application Platform (MAP), focusing on improving personal and home financing applications. Innovations like automated document data capture are expected to significantly reduce application times and increase the Islamic financing share in Malaysia’s banking sector.

Additionally, the bank plans to bolster its security measures using Google Cloud’s platforms, integrated with advanced threat detection capabilities. Mambu’s CEO, Fernando Zandona, acknowledged Bank Muamalat’s pioneering role in adopting cloud banking solutions in Southeast Asia, emphasizing the initiative’s endorsement by Malaysia’s regulatory authority and its potential to modernize core banking systems.

Embracing a data-driven, AI-first strategy with the help of Google Cloud

Bank Muamalat’s strategy to advance its digital banking platform involves integrating Google Cloud BigQuery and Looker with its marketing platform for comprehensive customer data analysis. This move aims to enhance the bank’s understanding of customer behaviors and preferences through data gathered from direct interactions and marketing activities. By creating detailed customer profiles, the bank intends to offer more personalized banking products, particularly to underserved segments of the Malaysian population.

Additionally, the bank plans to implement generative AI tools like Vertex AI Search and Conversation to streamline internal processes. These tools will enable staff to quickly access insights from the bank’s data, reducing the time spent on information retrieval and allowing more time for customer engagement.

GOOGLE GEMINI TO GIVE CHATGPT A RUN FOR ITS MONEY

Aaron Raj | 7 December, 2023

This approach is part of Bank Muamalat’s broader strategy to improve its banking services by leveraging data analytics and AI, without compromising the personal touch essential to Islamic banking. The initiative is designed to make banking more efficient and customer-centric, aiming to meet the evolving needs of their clientele.

Through this partnership, Bank Muamalat sets a new standard for traditional financial institutions to embrace technological innovation to better serve their customers and society.

The post Bank Muamalat embarks on AI-driven digital Islamic banking transformation with Google Cloud appeared first on Tech Wire Asia.

In an era where digital privacy is paramount, Apple is integrating PQ3 into iMessage. This announcement marks a watershed moment in messaging security, propelling iMessage to unprecedented heights of protection. As the first widely deployed messaging app to achieve Level 3 security, what does the announcement mean for iPhone users, and why should they care?

NO IMESSAGE ON ANDROID: APPLE BLOCKS THIRD-PARTY APP

Aaron Raj | 12 December, 2023

At the heart of Apple’s PQ3 integration lies a revolutionary cryptographic protocol designed to withstand the challenges posed by quantum computing. Unlike traditional encryption methods, which may be vulnerable to future quantum attacks, PQ3 provides robust protection against even the most sophisticated adversaries. Using advanced cryptographic techniques, PQ3 ensures that iMessage conversations remain secure and private, regardless of the evolving threat landscape.

“To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world,” Apple’s Security Engineering and Architecture (SEAR) team stated in a blog post a week ago.

The new state of the art in quantum-secure messaging at scale. Source: Apple.

A quantum leap in messaging security

Traditionally, messaging platforms rely on classical public key cryptography like RSA, elliptic curve signatures, and Diffie-Hellman key exchange for secure end-to-end encryption. These algorithms are based on complex mathematical problems deemed computationally intensive for conventional computers, even with Moore’s law in play. However, the advent of quantum computing poses a new challenge.

A powerful enough quantum computer could solve these mathematical problems in novel ways, potentially jeopardizing the security of end-to-end encrypted communications. While quantum computers capable of decryption aren’t yet available, well-funded attackers can prepare by exploiting cheaper data storage. They accumulate encrypted data now, planning to decrypt it later with future quantum technology—a tactic termed “harvest now, decrypt later.”

When iMessage launched in 2011, it became the first widely available messaging app with default end-to-end encryption. Over the years, Apple has continually enhanced its security features. In 2019, the iPhone maker bolstered its cryptographic protocol by transitioning from RSA to elliptic curve cryptography (ECC) and safeguarding encryption keys within the secure enclave, increasing protection against sophisticated attacks. 

“Additionally, we implemented a periodic rekey mechanism for cryptographic self-healing in case of key compromise. These advancements underwent rigorous formal verification, ensuring the robustness of our security measures,” the blog post reads. The cryptographic community has been developing post-quantum cryptography (PQC) to address the threat of future quantum computers. These new public key algorithms can run on today’s classical computers without requiring quantum technology. 

Designing PQ3

Designing PQ3 involved rebuilding the iMessage cryptographic protocol to enhance end-to-end encryption, meeting specific goals:

1. Post-quantum cryptography: PQ3 protects all communication from current and future adversaries by introducing post-quantum cryptography from the start of a conversation.
2. Mitigating key compromises: It limits the impact of critical compromises by restricting the decryption of past and future messages with a single compromised key.
3. Hybrid design: PQ3 combines new post-quantum algorithms with current elliptic curve algorithms, ensuring increased security without compromising protocol safety.
4. Amortized message size: To minimize additional overhead, PQ3 spreads message size evenly, avoiding excessive burdens from added security.
5. Formal verification: PQ3 undergoes standard verification methods to ensure robust security assurances.

According to Apple, PQ3 introduces a new post-quantum encryption key during iMessage registration, using Kyber post-quantum public keys. These keys facilitate the initial critical establishment, enabling sender devices to generate post-quantum encryption keys for the first message, even if the receiver is offline.

Furthermore, PQ3 implements a periodic post-quantum rekeying mechanism within conversations to self-heal from crucial compromise and protect future messages. This mechanism creates fresh message encryption keys, preventing adversaries from computing them from past keys.

The protocol utilizes a hybrid design, combining elliptic curve cryptography with post-quantum encryption during initial critical establishment and rekeying. Rekeying involves transmitting fresh public key material in line with encrypted messages, with the frequency of rekeying balanced to preserve user experience and server infrastructure capacity.

PQ3 continues to rely on classical cryptographic algorithms for sender authentication and essential verification to thwart potential quantum computer attacks. These attacks require contemporaneous access to a quantum computer and cannot be performed retroactively. But Apple noted that future assessments will evaluate the need for post-quantum authentication as quantum computing threats evolve.

A man uses an Apple iPhone in Beijing on September 12, 2023. (Photo by Pedro PARDO/AFP).

Why PQ3 on iMessage matters for iPhone Users

Integrating PQ3 into iMessage signifies a huge leap forward in privacy and security for iPhone users. With the exponential growth of data and the looming specter of quantum computing, traditional encryption methods face unprecedented challenges. PQ3 mitigates these risks by providing quantum-resistant protection, ensuring that your conversations remain shielded from future threats. 

PQ3’s implementation in iMessage demonstrates Apple’s interest in safeguarding user privacy and staying ahead of emerging security threats. Beyond its robust encryption capabilities, PQ3 introduces a host of additional security features designed to enhance the overall integrity of iMessage. These include secure fundamental establishment mechanisms, cryptographic self-healing protocols, and real-time threat detection capabilities. 

By incorporating these advanced security measures, Apple hopes to ensure that iMessage remains a bastion of privacy in an increasingly interconnected world.

When can iPhone users expect the update?

Support for PQ3 will begin with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. Already available in developer previews and beta releases, PQ3 will automatically elevate the security of iMessage conversations between devices that support the protocol. As Apple gains operational experience with PQ3 globally, it will gradually replace the existing protocol within all sustained conversations throughout the year.

The post Apple adds PQ3 protocol into iMessage appeared first on Tech Wire Asia.

In the shadowy field of cyber-espionage, one name has emerged as a persistent thorn in the side of US critical infrastructure: Volt Typhoon. For at least five years, this enigmatic group of Chinese hackers has covertly infiltrated critical IT networks across America, sending shockwaves through the nation’s security apparatus. Believed to be backed by the Chinese government, it operates with stealth and precision, targeting a wide array of sectors vital to the nation’s infrastructure. 

No sector is immune from its prying eyes, from communications and energy to transportation systems and water facilities. Who exactly are the members of Volt Typhoon, and what have they been doing in the heart of US critical infrastructure for half a decade? Let’s delve into the clandestine world of cyber-warfare and geopolitical maneuvering.

STATE-SPONSORED CHINESE HACKERS TARGET SOUTHEAST ASIAN GOVTS, MILITARIES: REPORT

Jamilah Lim | 17 December, 2021

What has the Volt Typhoon been doing?

In a joint advisory published on Wednesday, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and FBI revealed that the state-sponsored group of hackers from China had infiltrated networks spanning aviation, rail, mass transit, highway, maritime, pipeline, water, and sewage sectors. 

This alarming development signals a strategic shift from their usual cyber-espionage tactics to a focus on pre-positioning for potential destructive cyberattacks in times of conflict or crisis. The advisory, jointly signed by cybersecurity agencies from the UK, Australia, Canada, and New Zealand, follows a similar caution issued by FBI Director Christopher Wray just a week earlier.

I testified to Congress last week about China’s threat to our nation’s critical infrastructure. Today, with our partners, we showed part of this threat in our Volt Typhoon advisory: https://t.co/HIBQ4Ir1LS

What we’ve found to date is likely the tip of the iceberg. pic.twitter.com/VGPkzF2UaL

— Jen Easterly🛡️ (@CISAJen) February 7, 2024

Wednesday’s technical advisory revealed that Volt Typhoon has exploited vulnerabilities in routers, firewalls, and VPNs to infiltrate critical infrastructure nationwide. The Chinese hackers have adeptly utilized stolen administrator credentials to persist in these systems, some for “at least five years.” The advisory cautioned that this persistent access has empowered them to potentially disrupt vital systems, including HVAC systems and energy controls, leading to catastrophic infrastructure failures. Additionally, Volt Typhoon may have accessed surveillance systems at critical facilities, although this remains unconfirmed.

Employing living-off-the-land techniques, the hackers discreetly operated using legitimate tools already in the target system, ensuring long-term persistence while evading detection. The hackers also conducted “extensive pre-compromise reconnaissance” to avoid detection. “For example, in some instances, Volt Typhoon actors may have abstained from using compromised credentials outside of normal working hours to avoid triggering security alerts on abnormal account activities,” the advisory said.

What is the US doing about these Chinese hackers?

FBI Director Christopher Wray testifies before the House (Select) Strategic Competition Between the United States and the Chinese Communist Party Committee on Capitol Hill on January 31, 2024 in Washington, DC. Kevin Dietsch/Getty Images/AFP (Photo by Kevin Dietsch/GETTY IMAGES NORTH AMERICA/Getty Images via AFP).

The revelation of the Volt Typhoon’s infiltration has sent shockwaves through Washington, prompting urgent calls to bolster cybersecurity defenses and reevaluating diplomatic relations with Beijing. Yet, despite heightened awareness and countermeasures, the group’s persistence underscores the formidable challenge posed by state-sponsored cyberthreats.

Wray had emphasized to the House Select Committee the urgent need to address a pervasive cyberthreat from the Chinese Communist Party affecting every American. But that isn’t something new for Washington. In recent years, the US has escalated efforts to thwart criminal and state-sponsored cyber-activities. 

This time, Wray cautioned that Beijing-backed hackers are targeting business secrets to bolster the Chinese economy and obtain personal data for foreign influence endeavors. “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray added.

Wray described to the US House of Representatives committee the ways in which Volt Typhoon was “the defining threat of our generation” and said the group aims to “disrupt our military’s ability to mobilize” in the early stages of an anticipated conflict over Taiwan, which China claims as its territory.

Jen Easterly, Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, echoed that viewpoint. “This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes – all to ensure that they can incite societal panic and chaos and deter our ability [to marshal a sufficient response],” she said, according to The Guardian.

As the US grapples with the implications of Volt Typhoon’s activities, questions linger about the broader impact on international cybersecurity and the delicate balance of power in the digital age. Will the revelation of Volt Typhoon’s exploits serve as a wake-up call for greater collaboration and vigilance in the fight against cyberthreats, or will it escalate tensions in an already fraught geopolitical landscape?

One thing is clear: the saga of Volt Typhoon offers a sobering reminder of the ever-evolving nature of cyberwarfare and the need for constant vigilance in safeguarding critical infrastructure against emerging threats. As the battle for control of cyberspace intensifies, the stakes have never been higher, and the need for decisive action has never been more urgent.

The post Unveiling Volt Typhoon: the Chinese hackers within US critical infrastructure for five years appeared first on Tech Wire Asia.

In a digital age dominated by AI, Malaysian consumers increasingly lean towards AI-assisted brand interactions, with 47% expressing a preference for such interactions over human ones, surpassing the global average of 39%. However, despite this burgeoning consumer demand, Adobe’s latest State of Digital Customer Experience report reveals a significant disparity between consumer preferences and brand readiness in Malaysia.

The report underscores a consumer appetite for AI-enabled tools and services, particularly when exploring new products and services. Yet, Malaysian brands are lagging behind their global counterparts in harnessing the latest AI innovations to enhance customer experience (CX). Only 8% of Malaysian brands utilize generative AI to bolster CX initiatives, a stark contrast to the 18% globally. Moreover, just 6% of Malaysian brands are establishing upskilling initiatives to leverage generative AI, trailing behind the global average of 11%.

Adobe: most are yet to adopt the data-driven technology tools and capabilities needed to deliver personalisation at scale and keep pace with customer preferences.

While there’s a glimmer of hope as some brands in Malaysia demonstrate awareness of the organizational implications of adopting AI, with 22% briefing senior leadership, the overall progress remains sluggish. However, there’s a silver lining as Malaysian brands are poised to elevate their generative AI capabilities in the coming year, with 33% prioritizing it as their primary CX focus.

MALAYSIAN TELCO PROVIDER HAS DATA BREACH – AGAIN

Aaron Raj | 30 January, 2024

Consumers leading on AI in Malaysia

“Consumers are swiftly embracing generative AI-led experiences. While brands in Malaysia are lagging in terms of AI adoption, our findings indicate that this will soon evolve as Malaysia, as well as other Asian markets, are well poised for an accelerated uptake amid continued realization of the direct benefits that generative AI offers and its strong position as a technological hub,” Simon Dale, VP of Adobe Asia said. 

Dale added that when it comes to business strategies, most brands in Malaysia acknowledge that improving the CX is of top or significant priority. “This is driving brands to focus on evolving their digital experiences, underscored by a strategic emphasis on flexible and highly personalized interactions,” he added.

Nevertheless, bridging the gap between consumer expectations and brand initiatives poses a significant challenge. Malaysian consumers desire unified, seamless experiences across online and in-person interactions, yet most brands struggle to deliver personalized experiences at scale. Data-driven technology tools and capabilities necessary for personalization remain underutilized, impeding brands’ ability to keep pace with evolving consumer preferences. 

“More than two-thirds of consumers in Malaysia (77%) want brands to offer the same level of personalization online and in-person, and they want unified, seamless experiences in every interaction. However, meeting this expectation remains a top brand challenge,” the Adobe report reads. That’s not it. Privacy and security concerns loom large, with consumers wary of data misuse and lack of transparency in data practices. 

Despite 69% of Malaysian consumers expressing willingness to boycott brands that aren’t transparent about data use, only 26% of brands perceive this as impacting retention. This disconnect underscores the need for brands to prioritize transparency and establish robust data privacy policies.

“Consumers have emphasized that their most impactful brand experiences are relevant and personalized to their preferences. As brands continue to digitalize at full speed to meet expectations, it is crucial that they also strategically navigate data privacy and security concerns so as not to jeopardize their relationship with customers,” noted Dale.

After all, as brands delve into generative AI, consumer apprehensions about data privacy intensify. Many fear unauthorized data use and excessive data collection, highlighting the critical need for brands to implement stronger AI guardrails and internal usage policies. In conclusion, while Malaysian consumers embrace AI-driven brand interactions, Malaysian brands are struggling to keep pace, falling short in leveraging AI innovations to meet consumer expectations. 

As the digital landscape evolves, Malaysian brands must prioritize AI adoption, transparency in data practices, and robust internal policies to bridge the gap and foster trust with consumers in an increasingly AI-driven world.

The post Malaysia’s AI divide: consumers embrace, brands lag appeared first on Tech Wire Asia.

Paytm, short for “Pay Through Mobile,” began its journey with a revolutionary idea – letting users make cashless transactions through their mobile phones. But it wasn’t until the whirlwind of India’s 2017 demonetization that Paytm soared to new heights. That year, Prime Minister Narendra Modi’s bold move shook up the cash-dependent economy, compelling many individuals and countless small merchants to seek alternatives. Amid the chaos, Paytm’s wallet emerged as the straightforward solution, drawing a massive influx of users. 

Paytm emerged as a prime beneficiary of demonetization, witnessing a meteoric rise from 140 million users in October 2016 to a staggering 270 million by November 2017 following the demonetization program. The winds of change propelled Paytm to the forefront of India’s digital financial revolution. It has become a pioneering force, transforming how millions transact and engage with digital finance. 

WHY WHATSAPP SHOULD START WORRYING ABOUT PAYTM

Soumik Roy | 10 August, 2018

The platform provided a versatile and convenient solution for individuals and businesses, from small grocery purchases to utility bill payments. In short, Paytm’s success during demonetization contributed to the broader acceptance of mobile wallets in India. The platform’s simplicity and strategic marketing campaigns played a significant role in shaping the narrative around digital wallets as a reliable alternative to traditional currency.

A QR code for Paytm is pictured at a shop in New Delhi on November 8, 2021. (Photo by Sajjad HUSSAIN/AFP).

What is happening with Paytm in India now?

Founded in 2010 by Vijay Shekhar Sharma, Paytm initially gained prominence as a mobile wallet but swiftly evolved into a comprehensive financial ecosystem. Over the years, Paytm has diversified its services, expanding beyond mobile wallets to offer various financial products. The platform now provides services ranging from digital payments, mobile recharges, and bill payments to insurance, wealth management, and even digital gold investments. 

This diversification has positioned Paytm as a one-stop shop for various financial needs. By 2017, Paytm received approval from the Reserve Bank of India (RBI) to launch Paytm Payments Bank, a significant milestone in its journey. The Payments Bank allowed users to open savings accounts with zero balance requirements, seamlessly integrating banking services within the Paytm app. The bank is restricted from lending and can accept deposits of up to 200,000 Indian rupees. 

For context, Paytm Payments Bank is primarily owned by Paytm (One 97 Communications), with a 49% stake, while the remaining 51% is held by Paytm’s chief executive and founder, Vijay Shekhar Sharma. The bank serves as a crucial banking partner for Paytm, holding funds from popular digital wallets within its operations. 

All 330 million wallet accounts under the parent company are housed within Paytm Payments Bank, making it the repository for the money held in these wallets. However, It is noteworthy to know that on top of its immense success, Paytm was not short of challenges. Most recently, in a significant setback for one of India’s largest payment firms, the RBI has directed Paytm’s payments bank subsidiary to cease accepting new deposits in its accounts or popular wallets starting in March. 

So what exactly won’t be working on PayTM after 29th Feb then? 🤔 pic.twitter.com/rNJvRPAJhc

— Sunderdeep – Volklub (@volklub) February 4, 2024

According to a report by Reuters, India’s central bank said it took action because of “persistent non-compliance and continued material supervisory concerns in the bank,” which it did not specify. The restriction, effective from March 1, 2024, follows a previous limitation imposed two years ago, preventing Paytm Payments Bank from onboarding new customers.

Paytm Payments Bank was restricted from adding customers in March 2022 due to similar concerns but continued doing business with existing customers. It has been told to wind down most of its businesses this month. Moreover, local reports indicated that the banking regulator consistently raised concerns over various issues. 

Sources reveal that apprehensions regarding money laundering and substantial financial transactions, amounting to hundreds of crores of rupees, between the well-known Paytm wallet and its less prominent banking arm prompted the RBI to take action against entities overseen by Vijay Shekhar Sharma. 

It has also been disclosed that Paytm Payments Bank had numerous non-KYC (Know Your Customer) compliant accounts, with thousands of cases using a single PAN to open multiple accounts. Instances of transactions exceeding regulatory limits in minimum KYC pre-paid instruments, reaching crores of rupees, raised red flags for potential money laundering, as per sources.

What is Paytm doing about the scrutiny by the Reserve Bank of India?

Paytm’s CEO on X.com

Paytm has committed to adhere to the RBI’s directives promptly. As part of compliance, it will discontinue its association with Paytm Payments Bank and exclusively collaborate with other banks. The company anticipates a potential adverse impact on its annual earnings before interest, tax, depreciation, and amortization (EBITDA), ranging from 3 billion rupees (US$36 million) to 5 billion rupees under the worst-case scenario.

One 97 Communications (OCL), the parent of Paytm, said in an exchange filing that it would partner with other banks, not with Paytm Payments Bank (PPBL). “OCL has been working with other banks for the last two years. We will now accelerate the plans and move to other bank partners,” the company said.

“Regarding the direction on termination of the nodal account of OCL and Paytm Payments Services Limited (PPSL) by February 29, 2024, OCL and PPSL are moving the nodal account to other large commercial banks,” it added.

In a report, Bloomberg claims that India’s banking regulator is considering canceling Paytm Payments Bank’s license as early as next month, potentially impacting the growth plans of Paytm, a troubled local fintech giant. The RBI is prioritizing the protection of depositors and may take action after the February 29 deadline, sources told Bloomberg.

The post India’s Paytm is in a crisis. What do we know about the fintech giant’s turmoil? appeared first on Tech Wire Asia.

In the ever-accelerating space of AI, superpowers often grapple with the profound implications of non-allied entities gaining momentum, especially in military applications. That’s most apparent between the US and China, marked by a tit-for-tat strategy to curtail each other’s developmental strides. Just after the US added advanced computing chips to its export control arsenal, China retaliated by prohibiting certain firms from dealing with Micron Technology and imposing export restrictions on essential metals for advanced chip production. 

But that was 2023.

This week, we are witnessing the latest twist in this tech saga unfold, as reports suggest the Biden administration is now contemplating requiring US cloud service providers to unmask all foreign AI developers. The proposal mandates explicitly firms like Amazon and Google to gather, store, and scrutinize customer data, resembling the weight of stringent “know-your-customer” regulations akin to those shaping the financial sector. 

“We’re beginning the process of requiring US cloud companies to tell us every time a non-US entity uses their cloud to train a large language model,” US Commerce Secretary Gina Raimondo said at an event on January 27. Raimondo, however, did not name any countries or firms, but the maneuver is anticipated not only to intensify the technological trade war but also to signify a notable step toward the politicization of cloud provision.

CLOUD COMPETITION AND AI DRIVE IN SOUTHEAST ASIA AS US AND CHINA COMPETE FOR DOMINANCE

Muhammad Zulhusni | 14 December, 2023

For Raimondo, the aim is simple: to eradicate national security threats posed by AI development–an effort experts believe would likely focus on firms from China. If enacted, these measures would almost certainly strangle a vital pathway for Chinese firms to reach the core of data centers and servers essential for nurturing and accommodating their AI goals. 

Of AI, cloud computing, and US-China tech war

Although the US broadened chip controls in October, focusing on Chinese firms in 40+ nations, a gap remains. That is why it is paramount for the US to address how Chinese companies can still leverage chip capabilities through the cloud. From start to finish, cloud computing is inherently political, Trey Herr, director of cyber statecraft at the Atlantic Council, told Raconteur. He said that its reliance on extensive physical infrastructure tied to specific jurisdictions makes it susceptible to local politics, adding that conversations about cloud security inevitably take on political dimensions.

In October 2023, Biden mandated the US Department of Commerce mandate disclosures, aiming to uncover foreign actors deploying AI for cyber-mischief. The Commerce Department, building on stringent semiconductor restrictions for China, is now exploring the regulation of the cloud through export controls. Raimondo said the concern is Chinese firms gaining computing power via cloud giants like Amazon, Microsoft, and Google.

“We want to make sure we shut down every avenue that the Chinese could have to get access to our models or to train their models,” she said in an interview with Bloomberg last month. In short, China’s strides in AI and cutting-edge technologies are a paramount worry for the administration. After all, despite Washington’s efforts to curtail China’s progress through chip export restrictions and sanctions on Chinese firms, the nation’s tech giants continue to make substantial breakthroughs, challenging the effectiveness of US constraints.

Nevertheless, regulating such activities in the US is still being debated because cloud services, which do not involve the physical transfer of goods, fall outside export control domains. Thea Kendler, assistant secretary for export administration, mentioned the potential need for additional authority in this space during discussions with lawmakers last month.

Addressing further loopholes, the Commerce Department also plans to conduct surveys on companies developing large language models for their safety tests, as mentioned by Raimondo on Friday. However, specific details about the survey requests were not disclosed.

What are cloud players saying?

As with previous export controls, US cloud providers fear that limitations on their interactions with international customers, lacking reciprocal measures from allied nations, may put American firms at a disadvantage. However, Raimondo said that comments on the proposed rule are welcome until April 29 as the US seeks input before finalizing the regulation.

What is certain is that the cloud will persist as an arena for trade war extensions and geopolitical maneuvers. 

The post Biden’s new firewall to halt China’s AI development via US cloud firms appeared first on Tech Wire Asia.

Beyond being a global technological powerhouse, Google Cloud has become the steadfast ally of governments worldwide, ushering in an era of innovation. Google’s commitment to transforming lives, modernizing public services, and revolutionizing operations within the UK has been a dynamic reality. As the sun sets on traditional computing landscapes, Google Cloud is rising, rapidly expanding its presence in the UK and reshaping the essence of cloud computing.

One of the critical pillars of Google Cloud’s presence in the UK is its substantial investment in cutting-edge data infrastructure. Google recently announced a staggering US$1 billion investment in a new data center, a testament to its dedication to meeting the escalating demand for cloud services. This move signifies a boost for the UK’s technological infrastructure and aligns with the government’s aspirations to position the nation as a global leader in technology.

GOOGLE CLOUD CUSTOMERS CAN SWITCH SERVICE PROVIDERS FOR FREE

Aaron Raj | 16 January, 2024

“As more individuals embrace the opportunities of the digital economy and AI-driven technologies enhance productivity, creativity, health, and scientific advancements, investing in the necessary technical infrastructure becomes crucial. That’s why we’re investing $1 billion in a new UK data center in Waltham Cross, Hertfordshire—a 33-acre site creating jobs for the local community,” Debbie Weinstein, VP of Google and Managing Director of Google UK & Ireland, said in a statement last week.

Illustration of Google’s new UK data Centre in Waltham Cross, Hertfordshire. The 33-acre site will create construction and technical jobs for the local community. Source: Google

In short, this investment will provide vital computing capacity, supporting AI innovation and ensuring dependable digital services for Google Cloud customers and users in the UK and beyond. As stated on its website, the upcoming data center in the UK marks the company’s first in the country. 

Google already operates data centers in various European locations, including the Netherlands, Denmark, Finland, Belgium, and Ireland, where its European headquarters are also situated. The company boasts a workforce of over 7,000 people in Britain.

Google Cloud’s impact extends far beyond physical infrastructure. The company’s robust suite of cloud services has become integral to businesses across various sectors in the UK. From startups to enterprises, organizations are leveraging Google Cloud’s scalable and flexible solutions to drive efficiency, enhance collaboration, and accelerate innovation. 

The comprehensive nature of Google Cloud’s offerings, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), ensures that it caters to the diverse needs of the UK’s business landscape.

That said, the investment in Google’s Waltham Cross data center is part of the company’s ongoing commitment to the UK. It follows their significant assets, such as the US$1 billion acquisition of our Central Saint Giles office in 2022, the development in King’s Cross, and the launch of the Accessibility Discovery Centre, fostering accessible tech across the UK.

“Looking beyond our office spaces, we’re connecting nations through projects like the Grace Hopper subsea cable, linking the UK with the United States and Spain,” Weinstein noted. However, investments by Google extend beyond infrastructure to empower communities and individuals across the UK. In fact, since 2015, Google has reached over 500 locations in the UK, providing free digital skills training to over one million individuals.

“In 2021, we expanded the Google Digital Garage training program with a new AI-focused curriculum, ensuring more Brits can harness the opportunities presented by this transformative technology,” Weinstein concluded. 

24/7 Carbon-free energy by 2030

Google Cloud’s commitment to sustainability also aligns seamlessly with the UK’s environmental goals. The company has been at the forefront of implementing green practices in its data centers, emphasizing energy efficiency and carbon neutrality. “As a pioneer in computing infrastructure, Google’s data centers are some of the most efficient in the world. We’ve set out our ambitious goal to run all of our data centers and campuses on carbon-free energy (CFE), every hour of every day by 2030,” it said.

This aligns with the UK’s ambitious targets to reduce carbon emissions, creating a synergy beyond technological innovation. In a dynamic move, Google forged a robust partnership with ENGIE for offshore wind energy from the Moray West wind farm in Scotland, adding 100 MW to the grid and propelling its UK operations towards 90% carbon-free energy by 2025. 

Beyond that, the tech giant said it is delving into groundbreaking solutions, exploring the potential of harnessing data center heat for off-site recovery and benefiting local communities by sharing warmth with nearby homes and businesses.

The post Google is making a billion-dollar bet on its first data center in the UK appeared first on Tech Wire Asia.