Tech Insight : What’s Involved In a ‘Pen-Test’?
If you’d like to know what a ‘Pen Test’ is and the sorts of things you can expect from one, this article will give you a helpful overview.
Pen Tests
Put simply, pen testing is short for “penetration testing” and in a virtual situation (we’ll concentrate mostly on virtual in this article) acts like a security health check for computer systems and networks. Just as a person may go to the doctor for regular check-ups (if you can get an appointment!) to catch any health issues early, businesses and organisations use pen testing to find and fix potential weaknesses in their digital defences before bad actors can exploit them.
Physical pen tests essentially refers to experts creating simulated attacks that mimic criminals’ actions to gain (unauthorised) physical access to things such as sensitive equipment, data centres or sensitive information. Examples of how this is done could include testing barriers, doors and locks, fences, alarm system, or conducting tests involving security guards and other employees to try and gain access.
Why Are Pen Tests Needed?
The main reason why pen tests are needed is due to the increaslingly high levels of cybercrime and the wide variety of cyber threats that businesses face daily. Within this broader context, there are a number of other reasons why businesses need pen testing. For example, these include:
– Helping businesses to discover the kinds of weaknesses and vulnerabilities in their computer systems, networks, applications, and other digital assets that may be unknown (as yet) to the business but could potentially be exploited by cybercriminals.
– As a way of proactively assessing defences to identify potential entry points before malicious hackers find them, thereby staying one step ahead of cyber criminals.
– To comply with specific data protection and security regulations and standards, and to demonstrate a commitment to safeguarding sensitive data.
– To protect customer data by helping to prevent data breaches. Many businesses handle sensitive customer data (e.g. personal details and financial data) and a successful cyberattack could lead to a data breach, compromising customers’ trust and resulting in legal, financial, and reputational repercussions.
– Cyberattacks can lead to significant financial losses, including costs associated with data recovery, system restoration, legal actions, and potential damage to a company’s reputation. Pen tests, therefore, can help prevent these losses by mitigating security risks.
– Businesses may have valuable intellectual property such as trade secrets or proprietary information that needs protection and pen testing helps ensure that unauthorised access to this such sensitive data is minimised.
– For businesses that collaborate with third-party vendors or partners who might have access to their systems, pen tests can help assess the security of these partners and identify potential risks to the business and value-chain.
– Demonstrating a commitment to security by conducting regular pen tests can enhance a company’s reputation and build trust with customers, clients, and stakeholders.
– Pen tests can also help businesses evaluate their incident response procedures. By Identifying and addressing any security gaps, businesses and organisations make changes that can enable them to respond more effectively to any real cybersecurity incidents.
Regular Testing Is Needed
Since cybersecurity is an ongoing process, conducting regular pen tests allows businesses to continuously improve their security measures and adapt to new threats and technologies.
What Kinds Of Cyber-Attacks / Cybercrime Can Pen Tests Help Protect Against?
The types of cyber-attacks regular pen testing can reduce the risk of include:
– Malware Attacks, by assessing the effectiveness of defences against malware, such as viruses, ransomware, and trojans. Testers can try to infiltrate systems with various types of malware to evaluate how well the organisation can detect and prevent such threats.
– Phishing and Social Engineering, by simulating these attacks to check if employees are susceptible to social engineering techniques. These tests help businesses and organisations to educate their staff about potential risks and reinforce security awareness.
– Brute Force and Password Attacks. For example, testers can attempt to crack passwords using brute force or other password-guessing methods to assess the strength of authentication mechanisms and password policies.
– SQL Injection, by identifying any vulnerabilities in web applications that cyber criminals could try to use to target databases.
– DDoS (Distributed Denial of Service) Attacks. In this case, pen tests can evaluate how well an organisation’s network and infrastructure can withstand DDoS attacks, which aim to overwhelm systems and disrupt services.
– Man-in-the-Middle (MITM) Attacks. Here testers can attempt to intercept and manipulate data between two parties to assess the effectiveness of encryption and network security measures.
– Privilege Escalation, by helping to identify any vulnerabilities that may allow attackers to gain unauthorised access to higher levels of privileges within a system, which could potentially leading to more extensive compromises.
– Zero-Day Exploits. Since these are attacks target previously unknown vulnerabilities with companies having no time (i.e. ‘zero days’) to do anything about them, pen tests can be used to possibly identify similar types of vulnerabilities to zero-day exploits.
– Insider Threat, by helping to assess how well a business / organisation is protected against internal threats posed by employees or contractors with malicious intent or simply making accidental but dangerous mistakes.
– Data Breaches. Pen tests help to identify security weaknesses and prevent unauthorised access to sensitive data, reducing the risk of data breaches and safeguarding customer information. Reducing the risk of data breaches can save businesses a lot of expensive damage.
– IoT (Internet of Things) Vulnerabilities. With the increasing use of IoT devices, pen tests can evaluate the security of these interconnected devices and their potential impact on the overall network.
Who Carries Out Pen Testing?
Penetration testing is typically carried out by skilled cybersecurity professionals known as “penetration testers”, “ethical hackers” or “security consultants.” These are experts in the field of cybersecurity and have in-depth knowledge of various attack techniques and security best practices.
There are essentially two primary categories of professionals who conduct penetration testing:
1. Internal Penetration Testers. These are cybersecurity specialists employed directly by the organisation or business they are testing. They work as part of the organisation’s security team and have a good understanding of the company’s systems, networks, and applications. Internal penetration testers are familiar with the organisation’s security policies and protocols and may focus on assessing specific internal threats and risks.
2. External Penetration Testers. As the name suggests, external penetration testers are independent third-party experts or cybersecurity firms hired-in by businesses and organisations to conduct (hopefully) unbiased assessments. They are outsiders with no prior knowledge of the company’s infrastructure, mimicking the perspective of an external attacker. The advantage of external testers is that they can bring a fresh and objective view to the evaluation, helping to identify potential blind spots that internal teams might overlook.
In some cases, a combination of both internal and external testers may be the best way to conduct comprehensive assessments.
Recent Advances In Pen Testing
This year, penetration testing has seen several notable advancements aimed at improving the accuracy and effectiveness of assessing cybersecurity defences. For example, four notable trends are:
– Realistic Simulation Scenarios. Pen testers are increasingly focusing on mimicking real-life cyberattack scenarios to gain a better understanding of an organisation’s vulnerabilities. This approach encompasses technological weaknesses and human factors like employee behaviour, providing a clearer picture of potential risks.
– Automated Testing Tools. Automated penetration testing tools have become essential in streamlining vulnerability detection. They can efficiently scan networks for known flaws and misconfigurations while keeping up to date with emerging threats, reducing manual workloads for security teams.
– Social Engineering Testing. With cybercriminals employing psychological manipulation, social engineering testing has become vital. This approach identifies weaknesses in employee awareness and response strategies against targeted attacks, helping raise organisational preparedness.
– Machine Learning and AI Integration. Inevitably, pen testing incorporating machine learning and artificial intelligence is being adopted to achieve more sophisticated vulnerability detection and response capabilities. This includes identifying unusual patterns in network traffic, adapting to emerging threats, and simulating potential future attacks.
Drawbacks of Pen Testing
There are, of course, some drawbacks to pen testing. The include, for example:
– Limited Scope. Pen tests focus on specific areas, potentially missing vulnerabilities elsewhere.
– Point-in-Time Assessment. They provide a snapshot and may not address emerging threats (hence the need to keep conducting them).
– Disruption and False Positives. Testing can cause disruptions and lead to false alarms which can be stressful and waste time and resources.
– Cost and Resource Intensive. Pen testing can be expensive and requires skilled professionals.
– Lack of Real-World Impact. It could be true to say that some controlled tests may not fully replicate actual attacks and, therefore, may lack real-world value.
– Human Error and Subjectivity. It’s possible that in some cases, tester expertise can influence results.
– Overconfidence in Security. Successful tests can lead to unwarranted confidence which can lead to businesses making themselves vulnerable by essentially letting their guard down to an extent.
– Legal and Ethical Considerations: Unauthorised testing can have legal repercussions! I.e. pen testing requires authorisation from the business – they must be asked first.
Examples Of Virtual and Physical Pen Tests Your Business Could Use
Here are summarised examples of the kinds of virtual and physical pen tests that could be used (by cybersecurity professionals) on your business.
In a virtual penetration test, cybersecurity experts simulate cyberattacks on an organisation’s digital infrastructure without physically accessing their premises. Examples of virtual pen tests include:
– A Network Vulnerability Assessment. This is where testers use automated tools and manual analysis to identify weaknesses in the organisation’s network, such as open ports, misconfigurations, and outdated software.
– Web Application Testing. In this stage, security professionals assess web applications for vulnerabilities like SQL injection, cross-site scripting (XSS), and insecure authentication mechanisms.
– Phishing Simulation. Here ethical hackers send bogus phishing emails to employees, testing their susceptibility to social engineering and identifying areas where security awareness training is needed.
In a physical penetration test, experts try to gain unauthorised access to the organisation’s physical premises and sensitive areas. Examples of physical pen tests include:
– Social Engineering. In the physical scenario, testers use various techniques to manipulate employees, such as tailgating (following authorised personnel into secure areas) or pretexting (posing as legitimate individuals to extract sensitive information).
– Physical Access Control Testing. This is where security professionals assess the effectiveness of physical security measures like access badges, CCTV surveillance, and door locks.
– Dumpster Diving. Although an American term, this means testers examining the physical waste (going through the bins) to find discarded sensitive information that could be exploited by attackers.
Report
Companies typically receive a detailed report at the end of a penetration test. The report outlines the findings, vulnerabilities, and weaknesses identified during the testing process. It provides a comprehensive overview of the organisation’s security posture, detailing potential entry points and areas that need improvement.
What Does This Mean For Your Business?
Regardless of whether the testing is carried out internally or by external professionals (which can sometimes be expensive) the goal of penetration testing is a worthwhile one – to identify vulnerabilities and weaknesses in the digital infrastructure of a business, thereby helping businesses to bolster their security defences before attackers get there first.
Both virtual and physical penetration tests provide valuable insights into security weaknesses and in doing so, can help a business strengthen its overall cybersecurity posture. Combining both approaches can, of course, create a more comprehensive assessment of a business or organisation’s resilience against cyber threats.
Even though, as highlighted above, pen testing can have its drawbacks, it’s always better to be prepared and, if a business knows more about its weaknesses, it at least has the opportunity to reduce known risks and avoid some of the very painful consequences, e.g. legal, financial, and reputational of data breaches and other potentially devastating attacks.
Featured Article : Tech Travel Trends
In this article, we take a look at a few examples of nascent travel and delivery options in action.
Many New And Innovative Options
With so many innovative technologically advanced (and green) transport, travel, and delivery products and systems now being used in the real world, let’s update ourselves on what’s happening and what the near future could soon look like … coming soon to a city near you.
Vertical Take-Off Urban Air Taxi Test Successful
A full-scale, remote controlled prototype of Bristol-based startup Vertical Aerospace’s vertical take-off VX4 air taxi recently completed its first untethered flight successfully. The aircraft, which is intended for use as a minimal noise and zero operating emissions taxi can transport up to four passengers, over distances of up to 100 miles and achieve a cruising speed of 150 miles per hour. The VX4 can also be used as a medivac (medical evacuation) or cargo plane. The company says the VX4 air taxi, which is battery-powered and has electric motors mounted on movable nacelles is capable of flying from London’s Heathrow Airport to Canary Wharf in just 13 seconds!
Back in May, Vertical Aerospace reported that South Korea’s leading mobility firm Kakao Mobility had pre-ordered up to 50 of the VX4 aircraft. Kakao Mobility runs South Korea’s most popular taxi-hailing app, Kakao T, providing taxi-hailing, designated driver booking, parking space search, and Kakao Navi app. Stephen Fitzpatrick, Vertical’s Founder and CEO, said: “With its over 30 million registered users, Kakao Mobility is the go-to choice to ‘hail a ride’ and with our partnership, we look forward to people across South Korea being able to fly in a VX4 in the years to come.”
Europe’s First Driverless Robots Take To The Road In Lithuania
A collaboration between Estonia-based startup Clevon and Lithuanian delivery platform LastMile has seen Europe’s first small fleet of (three) driverless robots take to public roads in Estonia’s capital city of Vilnius. The battery powered delivery robots, known as Autonomous Robot Carriers (ARCs), look a little like a cross between a golf buggy and a tiny truck and are already being used to deliver groceries from the IKI supermarket store on Mindaugas Street to shoppers in the city centre. The ARCs have different size and lockable compartments for smaller and larger online grocery orders and the fleet can deliver seven customer orders in a single run. The many benefits of the ARCs include zero CO2 emissions, reducing ‘last-mile’ labour costs by 80-90 per cent, while their small size means they can quickly (and safely) navigate city centre streets – great for historic cities with old-town (i.e. small) street areas.
First Biometric Check-In Tunnel Opens at St Pancras For Eurostar
The first-ever biometric ‘Smartcheck’ corridor for train travel has opened Eurostar’s London terminal in St Pancras station. The contactless check-in tunnel, developed by UK tech firm iProov, acts as a replacement for ticket gates and manual border checks and uses a facial verification checkpoint, enabling passengers to walk straight through the tunnel rather than queue and wait. The SmartCheck solution behind iProov’s tunnel incorporates iProov’s Biometric Solution Suite with Biometric checkpoint, coupled with Entrust’s Identity Verification as a Service (IDVaaS) technology for identity orchestration and digital travel credential (DTC) management.
Andrew Bud (founder and CEO of iProov) said of the new high-tech tunnel: “The rollout of SmartCheck in Eurostar’s Business Premier check-in at London St Pancras is significant because it clearly demonstrates how facial biometric technology can be used to manage border control in a smarter and more efficient way, to benefit both organisations and passengers at scale. By creating a biometric corridor, we are moving security checks away from the station, saving precious time and space at the border, streamlining the boarding process to one that’s far faster, more convenient, less crowded and stressful, yet even more secure.”
Popular Dutch e-Bike Maker’s Bankruptcy
As in any market, it’s not all good news for all the players, even if they have funding and innovative products.
Dutch e-bike startup VanMoof, one of the most heavily funded e-bike startups in the world, has shocked owners by being declared bankrupt after 14 years. A tweet from one of the company’s founders, Taco Carlier, apologised to customers and employees, saying that the company had tried to secure investment and a buy-out from other companies but had failed to do both. The company had been making a loss on its e-bikes for years which some financial commentators have blamed on the high price of the bikes (2,000 euros each) and high costs to maintain and repair bikes while they were under warranty. Due to the need for custom parts and specialised software to operate the bikes, customers now find themselves in uncertain territory and it’s been reported that many customers have threatened to sue.
VanMoof, however, is one of many players in the growing e-bike market which was valued at SD 37.47 billion in 2022 and has been projected to grow from USD 43.32 billion this year to USD 119.72 billion by 2030.
What Does This Mean For Your Business?
The promised future of driverless, electric vehicles such as the air taxi (soon to be operating in South Korea) and driverless trains in the UK (Thameslink ATO system), as well driverless delivery vehicles is now beginning in earnest. Many startups and more well-known established companies (e.g. Amazon) have trialled drones and driverless systems that have the benefits of zero-emissions (electric, battery powered), beating crowds and congestion while offering the efficiencies of robots and we are now starting to see them being approved and used on public roads and in the airspace above.
There are now exciting opportunities for many businesses in growing new markets related to these vehicles and in using them to add value, cut costs, and improve services in existing industries. Reducing congestion and emissions, while improving customer experiences, and offering them new and exciting and travel options (vertical taxis) and delivery options is definitely on the map. With a climate emergency, a growing population and advances in technology, reliance of fossil fuels (and a legacy of old transport and delivery ideas) is starting to be replaced gradually with a variety of new, greener, and more efficient alternatives that also offer commercial benefits to their operators.
Transport systems are now changing due to investment and large R&D spends and many innovative startups with products years in the making are now finally coming home to roost. The hope is that the changes will pay off environmentally, commercially, plus make travel and delivery more effective and give customers better experiences that match the expectations of this technically advanced future.
Doubtless, all of these concerns will require investment in managing all the data and security!
Sustainability-in-Tech : Hydropanels Produce Pure Drinking Water From The Air
Hydropanels are an innovative and sustainable way to extract clean, reliable drinking water from the air off-grid.
How Hydropanels Work
Hydropanels (such as those made by Arizona-based SOURCE®) work by using a solar panel to power fans that pull pure water vapour out of the air and the warmed air inside the panel turns the water vapour into liquid water. The pure collected water is then mineralized by the system for health and taste and the self-contained system circulates the water and keeps it clean. The water gathered by the hydropanels can be plumbed directly into a home to create a sustainable water supply.
How Much Water Do They Produce?
SOURCE®’s figures say that each of its R3 Hydropanels can produce the equivalent of approximately 180 standard bottles of water per month (with at least one panel for every two people living in the home recommended) and its systems can be configured to meet any water volume demand, e.g. from a single-family household to whole communities and everything in between. In addition to the R3 hydropanel, the company also makes a commercial version for worksites, schools, and hospitality, including hotels, venues, and restaurants.
Helping To Reduce Plastic
SOURCE® says that its system can help to reduce plastic waste because the water produced by a single hydropanel can eliminate the need for 54,000 single-use plastic water bottles over its 15-year lifespan.
Anywhere
One of advantages of hydropanels is that they can provide an inexhaustible supply of water anywhere, such as for communities (or businesses) in remote areas not connected to municipal water. An example on the SOURCE® website highlights how colonias (the unincorporated communities mostly in border counties in Texas) could be helped by the use of hydropanels.
Backed By Bill Gates and Blackrock
In March 2022, it was reported that Bill Gates and investment management company Blackrock were some of the high-profile investors supplying funding to SOURCE® global.
What Does This Mean For Your Organisation?
These hydropanels are an example of how existing green energy ideas and new technology can be combined in a way that can help solve one of the world’s challenges – getting drinking water supplies to areas that don’t have it (such as 800,000 villages in India). The fact that the system is able to provide a potentially endless supply of pure water in any volume simply from the air, with no need to be connected to any large water infrastructure (pipe networks, cleaning, and pumping stations) makes it sustainable, green, and a very efficient way to solve a major problem. This could provide benefits around the world for communities and businesses.
Desalination plants and other similar ideas are tied to coastal areas yet the hydropanel system can be deployed anywhere, giving it much wider global scope. The fact that it can save on plastic waste by eliminating the need for bottled water is another big bonus at a time when plastic waste and microplastics are polluting existing water sources around the world. It’s also worth noting, therefore, that water produced from the air should also be free of microplastics making it purer than most of the water the developed world drinks at the moment.
Tech Trivia : Did You Know? This Week in History …
How Bright Is Your Toothpaste?
The Oppenheimer blockbuster launched with an IMDB rating of 9.0, so it appears lots of people liked it.
Whilst the film made mention of many of the pioneers in physics who helped during the Manhattan project, it could perhaps have made more than at least a passing reference to Marie Curie. After all, her contribution towards nuclear physics literally killed her and she died in the month of July, way back in 1934, as a result of radioactive exposure. This was hardly a surprise given what little people knew about the effects of radiation at the turn of the last century. In fact it was her that literally coined the phrase “radioactivity”.
Obviously, it’s a bad idea to handle radium. Yet people did in those days and with gusto, because it glows in the dark. In fact people used it from everything to wristwatch-dials to brushing their teeth with it, with devastating results! As an aside, Marie’s notebooks are still too contaminated to be considered safe to handle even now.
Not only was she the first woman ever to get a Nobel prize, she was the first person to get it twice and the only person to win a Nobel Prize in two different scientific fields and the first woman to become a professor at the lauded Sorbonne in Paris – simply unheard of in those days.
To get an idea of the kinds of lengths she went to, she used to manually process pitchblende (the ore where radium comes from). There’s about 1 gram of radium for every seven tons of the ore and the cost of radium went from circa £400 per gram in 1903 to circa £20,000 per gram in 1918 when people believed it cured cancer (rather than causing it).
Nuclear physics has come along a long way since people cheerfully drank radium-laced cocktails and hopefully we’ll shortly see the advent of scalable clean energy coming from fusion reactors being developed – there’s a lot of investment and excitement in this space right now. With luck, the power requirements for the burgeoning tech industry could be met (alongside those of other sectors) because with AI and everything else, data-requirements are definitely exploding right now, even if the reactors don’t.
Tech Tip – How To Make A Windows PC Startup Faster
Just a few clicks and changes in the task manager can save you time by making your Windows PC startup faster. Here’s how:
Press Ctrl + Shift + Esc to bring up the task manager.
Click on the ‘Startup’ tab.
Click on ‘Startup Impact’ to see which apps are slowing things the most.
Right click and select ‘disable’ for anything you went to prevent for starting every time you start up your PC. Make sure it’s nothing important first though!
Featured Article : AI Fears Prompt Hollywood Actors To Strike
The Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA), the US actors’ union with 160,000 members has gone on strike mainly over fears that AI will reduce earnings and damage their profession.
New Agreement Needed
One of the Union’s main roles is negotiating terms between actors and the studios, and the last agreement expired on 30 June (and was extended to 12 July), meaning negotiations were needed which have led to a disagreement and the strike. This is the first time the actors and writers have been on strike at the same time since 1960, when Ronald Reagan was president of the Screen Actors Guild.
Reasons
In addition to negotiating ‘residuals’, the payments performers receive for repeat showings of films or TV shows (which has been complicated by streaming), who owns their likeness if reproduced by AI has now become a serious issue and a major sticking point.
The Screen Actors Guild union’s membership isn’t only actors in film and TV shows, it’s also made up video game performers, radio presenters, models, YouTube influencers, and more, and although the union is in the US, its reach, influence, and acts of solidarity with its members are global, meaning the strike is causing major disruption to the whole industry.
How Could AI Negatively Affect Actors And The Profession?
A recent proposal by The AMPTP (Alliance of Motion Picture and Television Producers), which represents studio bosses reportedly suggested that background performers could simply be scanned and paid one day’s pay, while their scanned image is then owned by film companies who can use the person’s image or likeness (reproduced with AI) for unlimited projects in the future without the performer’s consent and without compensation. It has been noted that this proposal resembles the plot of an episode of Charlie Brooker’s Black Mirror (a Netflix Sci-Fi series). As the SAG-AFTRA union president Fran Drescher said in a recent press conference, the fear from performers is, “We are all going to be in jeopardy of being replaced by machines.”
Stars Out
The SAG-AFTRA union has many well-known celebrities, many of whom have come out very publicly in support of the strike, for example, Meryl Streep, Charlize Theron, Jamie Lee Curtis, Olivia Wilde, Ewan McGregor, and George Clooney who said that change was required for “our industry to survive”. The fact that SAG-AFTRA has some very famous members is a source of power and leverage in the argument.
Equity In The UK
Comments by Liam Budd, of UK acting union Equity, have shed more light on the extent to which AI could threaten the pay and jobs of actors and performers. Mr Budd recently outlined how AI is being used for automated audiobooks, synthesised voiceover work, digital avatars for corporate videos, and how AI deepfakes are being used in films, all which have led to “fear circulating” amongst the Equity members.
Writers’ Concerns
The trade union representing writers for TV, film, theatre, books and video games in the UK, The Writers’ Guild of Great Britain (WGGB) has also expressed concerns about the encroachment of AI, such as:
– AI developers using writers’ work without permission, infringing writers’ copyright.
– AI tools don’t clearly show where AI has been used to create content.
– Increased AI will reduce the number of job opportunities for writers and reduce the level of writers’ pay.
– The contributions made by the creative industry to the UK economy and national identity could be diluted by AI.
That said, on the point about whether AI could replace writers, the WGGB says “AI systems are not yet sophisticated enough to produce works which accurately mimic the standard of writing produced by professional writers” and “the WGGB does not believe that AI will be able to replicate the originality, authenticity, enthusiasm and humanity that professional writers put into their storytelling.” The union does, however, accept that AI systems could be able to mimic writes’ work in the future.
What have The Studios Said?
The Alliance of Motion Picture and Television Producers’ union (AMPTP), which represents the studios and their interests, issued a statement highlighting the positive aspects of its proposal such as “historic pay and residual increases, substantially higher caps on pension and health contribution” and saying that “A strike is certainly not the outcome we hoped for as studios cannot operate without the performers that bring our TV shows and films to life.”
With regards to AI and using images and likeness of actors, the AMPTP has said that it has proposed measures to protect actors’ digital likenesses which include securing an actor’s consent to create and use a digital likeness or to digitally alter their performance, and that the use of digital replicas will be restricted to the specific motion picture for which the actor is employed. Also, it says any additional use would require that actor’s consent and further negotiation.
What Does The Strike Mean For The Entertainment Industry?
In summary, the results of calling the strike means:
– All production under the SAG-AFTRA TV and film contract being halted immediately, thereby bringing projects to a standstill both in the U.S. and around the globe.
– In the UK, with solidarity from the Equity union (and those who have joint cards), many members will stop work and be reluctant to accept work that would have been offered to striking colleagues. Also, co-productions of films and TV shows (US/UK) will be put on hold.
– Actors will no longer be able to promote shows and films they have already made, and this will extend to use of social media for promotion.
– Chat shows may be short of high-profile celebrities for the time being.
Ownership of Likeness
Ways in which famous actors normally protect their image in likeness, in addition to protection offered by union deals, can include:
– Right of Publicity – the main legal doctrine that celebrities use to control the commercial use of their name, image, voice, or persona.
– Trademark Law – registering their name, image, or signature as trademarks.
– Contract Law – when entering contracts with studios or other entities, actors may have contracts often include detailed provisions about how and when their image can be used.
– Copyright Law – to protect creative works that feature a person’s image.
– Defamation Law – to stop someone falsely uses a celebrity’s image in a way that harms their reputation.
– Privacy Law – used (in some jurisdictions) to protect against intrusive or misleading uses of a person’s image.
However, the rapid evolution of AI and AI tools has led to a blurring of the lines around ownership. For example, when an AI image generator like DALL-E has a likeness added to it to make an image, the new image is in public domain, free to use by anyone, and not protected by copyright law.
This, and the many arguments of the acting and writers’ unions point to the need for new regulations that address these many evolving issues.
What Does This Mean For Your Business?
The actors argue that AI gives studios the chance to slash costs and are clearly afraid that AI could be used replace them and their skills, could reduce pay, could lead to fewer acting jobs and job losses, could damage their industry, and devalue their profession and status. They also argue that there are serious issues to be addressed around the use of image and likeness and over matters of consent for the use of these and ownership. For the studios, film and program makers, plus their customers, the strike is likely to be costly, disruptive and damaging. Unfortunately, although AI can be used to help enhance film and programme making, the nature of the business lends itself well to automation. For example, actors images, voices and places can all be easily copied by AI tools (although still not perfectly), and generative AI tools can even be used to write scripts (albeit poorly according to Charlie Brooker, writer of Black Mirror). Of course, this is all part of negotiation between unions and studios that also covers other matters, e.g. the effects of streaming. However, it highlights much of the fear around AI and what many see as the alarming pace of development and the need for new regulation to keep up, how automation by AI could destroy jobs and for some, and even how AI could pose a threat to humanity itself.
It also highlights how generative AI tools are blurring hitherto clearer legal boundaries and how quickly AI can disrupt businesses and industries creating both opportunities and threats for those in them. Many will watch with interest how the dispute unfolds and how similar issues will affect/are affecting related industries going forward e.g., music and art.