If you’ve ever been concerned about the privacy aspects of AI, you may be very surprised to learn that conversations you have with Google’s new Gemini AI apps are “retained for up to 3 years” by default.

Up To Three Years 

With Google now launching its Gemini Advanced chatbot as part of its ‘Google One AI Premium plan’ subscription, and with its Ultra, Pro, and Nano LLMs now forming the backbone of its AI services, Google’s Gemini Apps Privacy Hub was updated last week. The main support document on the Hub which states how Google collects data from users of its Gemini chatbot apps for the web, Android and iOS made interesting reading.

One particular section that has been causing concern and has attracted some unwelcome publicity is the “How long is reviewed data retained?” section. This states that “Gemini Apps conversations that have been reviewed by human reviewers…. are not deleted when you delete your Gemini Apps activity because they are kept separately and are not connected to your Google Account. Instead, they are retained for up to 3 years”. Google clarifies this in its feedback at the foot of the support page saying, “Reviewed feedback, associated conversations, and related data are retained for up to 3 years, disconnected from your Google Account”. It may be of some comfort to know, therefore, that the conversations aren’t linked to an identifier Google account.

Why Human Reviewers? 

Google says its “trained” human reviewers check conversations to see if Gemini Apps’ responses are “low-quality, inaccurate, or harmful” and that “trained evaluators” can “suggest higher-quality responses”. This oversight can then be used “create a better dataset” for Google’s generative machine-learning models to learn from so its “models can produce improved responses in the future.” Google’s point is that human reviewers ensure a kind of quality control both in responses and how and what the models learn in order to make Google’s Gemini-based apps “safer, more helpful, and work better for all users.” Google also makes the point that the human reviewers may also be required by law (in some cases).

That said, some users may be alarmed that their private conversations are being looked at by unknown humans. Google’s answer to that is the advice: “Don’t enter anything you wouldn’t want a human reviewer to see or Google to use” and “don’t enter info you consider confidential or data you don’t want to be used to improve Google products, services, and machine-learning technologies.” 

Why Retain Conversations For 3 Years? 

Apart from improving performance and quality, other reasons why Google may retain data for years could include:

– The retained conversations act as a valuable dataset for machine learning models, thereby helping with continuous improvement of the AI’s understanding, language processing abilities, and response generation, ensuring that the chatbot becomes more efficient and effective in handling a wide range of queries over time. For services using AI chatbots as part of their customer support, retained conversations could allow for the review of customer interactions which could help in assessing the quality of support provided, understanding customer needs and trends, and identifying areas for service improvement.

– Depending on the jurisdiction and the industry, there may be legal requirements to retain communication records for a certain period, i.e. compliance and being able to settle disputes.

– To help monitor for (and prevent) abusive behaviour, and to detect potential security threats.

– Research and development to help advance the field of AI, natural language processing, and machine learning, which could contribute to innovations, more sophisticated AI models, and better overall technology offerings.

Switching off Gemini Apps Activity 

Google does say, however, that users can control what’s shared with reviewers by turning off Gemini Apps Activity. This will mean that any future conversations won’t be sent for human review or used to improve its generative machine-learning models, although conversations will be saved with the account for up to 72 hours (to allow Google to provide the service and process any feedback).

Also, even if you turn off the setting or delete your Gemini Apps activity, other settings including Web & App Activity or Location History “may continue to save location and other data as part of your use of other Google services.”

There’s also the complication that Gemini Apps is integrated and used with other Google services (which Gemini Advanced – formerly Bard, has been designed for integration), and “they will save and use your data” (as outlined by their policies and Google’s overall Privacy Policy).

In other words, there is a way you can turn it off but just how fully turned off that may be is not clear due to links and integration with Google’s other services.

What About Competitors? 

When looking at Gemini’s competitors, retention of conversations for a period of time by default (in non-enterprise accounts) is not unusual. For example:

– OpenAI saves all ChatGPT content for 30 days whether its conversation history feature is switched off or not (unless the subscription is an enterprise-level plan, which has a custom data retention policy).

– Looking at Microsoft and the use of Copilot, the details are more difficult to find but details about using Copilot in Teams it appears that the farthest Copilot can process is 30 days – indicating a possibly similar retention time to ChatGPT.

How Models Are Trained

How AI models are trained, what they are trained on and whether there has been consent and or payment for usage of that data is still an ongoing argument with major AI providers facing multiple legal challenges. This indicates how there is still a lack of understanding, clarity and transparency around how generative AI models learn.

What About Your Smart Speaker? 

Although we may have private conversations with a generative AI chatbot, many of us may forget that we may have many more private conversations with our smart speaker in the room listening, which also retains conversations. For example, Amazon’s Alexa retains recorded conversations for an indefinite period although it does provide users with control over their voice recordings. For example, users have the option to review, listen to, and delete them either individually or all at once through the Alexa app or Amazon’s website. Users also have the option to set up automatic deletion of recordings after a certain period, such as 3 or 18 months – but 18 months may still sound an alarming amount of time to have a private conversation stored in distant cloud data centres anyway.

What Does This Mean For Your Business? 

Retaining private conversations for what sounds like a long period of time (3 years) and having unknown human reviewers look at those private conversations are likely to be the alarming parts of Google’s privacy information about how its Gemini chatbot is trained and maintained.

The fact that it’s a default (i.e. it’s up to the user to find out about it and turn off the feature), with a 72-hour retention period afterwards and no guarantee that conversations still won’t be shared due to Google’s interrelated and integrated products may also not feel right to many. The fact too that our only real defence is not to share anything at all faintly personal or private with a chatbot, which may not be that easy given that many users need to provide information to get the right quality response may also be jarring.

It seems that for enterprise users, more control over conversations is available but it seems like businesses need to ensure clear guidelines are in place for staff about exactly what kind of information they can share with chatbots in the course of their work. Overall, this story is another indicator of how there appears to be a general lack of clarity and transparency about how chatbots are trained in this new field and the balance of power still appears to be more in the hands of tech companies providing the AI. With many legal cases on the horizon about how chatbots are trained, we may expect to see more updates to AI privacy policies soon. In the meantime, we can only hope that AI companies are true to their guidelines and anonymise and aggregate data to protect user privacy and comply with existing data protection laws such as GDPR in Europe or CCPA in California.

In this insight, we look at what blockchain identifiers are, their roles, users, and relevance to businesses, plus how they could work with the domain name system.

What Are Blockchain Identifiers? 

Blockchain, the technology behind cryptocurrencies, is the decentralised, secure, incorruptible ledger system that enables transparent and tamper-proof transactions. Its value is in providing enhanced security, efficiency, and trust in digital operations

Blockchain identifiers are the unique codes used within blockchain technology to securely identify and authenticate transactions, assets, or participants.

What Do They Look Like? 

Since blockchain identifiers are generated using cryptographic algorithms and each is designed to be unique, they look like long strings of code. For example:

Bitcoin addresses, which serve as blockchain identifiers for wallet locations look like ‘1BoatSLRHtKNngkdXEeobR76b53LETtpyT’.

Ethereum addresses which also act as blockchain identifiers, look like ‘0x323b5d4c32345ced77393b3530b1eed0f346429d’.

Who Uses Them? 

Blockchain identifiers are employed by a wide range of users, including cryptocurrency holders (as shown in the examples above), businesses leveraging blockchain for supply chain management, and developers creating decentralised applications (dApps). These identifiers are essential for anyone involved in the blockchain ecosystem because they ensure the integrity and traceability of transactions.

Blockchain Identifiers And Domains? 

Domain names (part of the DNS system) are, of course, designed to be human-readable addresses that map to the strings of IP address numbers underneath, thereby allowing users to easily find websites without needing to memorise complex strings of numbers. As shown in the examples above, however, blockchain identifiers are long stings of code and not designed to be human-readable, but both domain names and blockchain identifiers broadly serve as tools to navigate and secure the digital world (although they operate in different layers for different purposes).

Since they have this similar purpose, the convergence of blockchain identifiers and domain names is an idea that’s beginning to take shape, offering enhanced security and user control over online identities.

DNS 

The Domain Name System (DNS) is a foundational technology that has shaped how we interact with the internet, making it accessible and navigable through human-readable domain names. This system is crucial for the digital identities of entities worldwide, enabling a seamless connection across diverse devices and platforms, from computers and smartphones to the Internet of Things (IoT). The universality and uniqueness provided by DNS are vital for keeping the internet’s vast network of devices connected and functioning.

An Evolution With Blockchain? 

However, the emergence of blockchain technology introduces a potential evolution for digital identification and transactions. Blockchain, for example, offers a secure, decentralised ledger system, enhancing transparency, integrity, and resistance to tampering. Its application has extended beyond cryptocurrencies to address some of the limitations of traditional DNS, particularly in terms of security and memorability of identifiers.

Examples

Startups like Ethereum Name Services (ENS) and Unstoppable Domains, for example, are bridging the gap between blockchain’s secure, decentralised nature and the user-friendly accessibility of DNS. They create “blockchain identifiers,” effectively linking memorable, human-readable names with the complex, cryptographic addresses of blockchain wallets. This integration retains the DNS’s ease of use while significantly improving security, reducing the risk of fraud, and enhancing user control over digital identities.

Could Be More Secure 

Replacing the centralised control of DNS with blockchain’s decentralised model could mitigate vulnerabilities in the current system, e.g. DNS spoofing and attacks on central registries. Blockchain-based domain names could also resist censorship and provide a more secure, user-owned online identity that is less susceptible to fraud and downtime.

Also, using blockchain could remove the need for management by entities like ICANN and registrars, and remove the need for renewal fees, expirations, or deletions.

Challenges 

Despite blockchain technology’s benefits, it’s important to note that blockchain identifiers have many challenges and potential shortcomings in comparison with the DNS system, including:

– Scalability issues, i.e. blockchain networks can struggle with high transaction volumes, leading to slower confirmation times and increased costs.

– Integrating blockchain identifiers with existing web infrastructure could be very complex, requiring significant technical effort and adaptation of current systems.

– The current user experience of managing blockchain identifiers can be complex and unfriendly, especially for non-technical users.

– Despite the security of blockchain, high-profile hacks and thefts in the cryptocurrency space have led to concerns over the security of blockchain-based systems.

– The association of blockchain with volatile cryptocurrencies may have eroded confidence in blockchain identifiers as a stable and reliable system for domain management.

– The lack of widespread understanding of blockchain technology among the public could hinder trust and adoption.

– Blockchain-based domain names could conflict with existing DNS names, leading to confusion and potential security risks.

– The decentralised nature of blockchain could make it challenging to resolve disputes over name ownership or to enforce naming conventions, increasing the risk of name collisions.

– Without a centralised authority to enforce trademark rights, blockchain identifiers could lead to increased incidents of squatting and trademark infringement.

Not Replacing DNS, But Bridging A Gap

Therefore, some commentators have pointed out that instead of replacing DNS, blockchain technology and crypto wallets can be supported by DNS, e.g. users registering .eth domain names with ENS, while .art DNS domains provide the platform to integrate crypto technology. Blockchain technology could, therefore, be used by domain registries and registrars to bridge a gap, thereby improving the security and integration of the Internet.

What Does This Mean For Your Businesses? 

UK businesses are familiar with domain names and perhaps, to extent to the fact that there’s an underlying DNS system to the Internet. Blockchain technology, however, is still relatively new to many, and its image may have been tarnished by association with volatile cryptocurrencies. That said, businesses leveraging blockchain for supply chain management, and developers creating decentralised applications (dApps), as well as any businesses who’ve dabbled in/are involved with cryptocurrency may already be familiar with blockchain identifiers. Broadly speaking, blockchain identifiers offer the benefits of enhanced security, decentralisation, and transparency in managing digital identities and transactions.

Some think they promise a more secure and user-controlled alternative to traditional DNS, potentially mitigating vulnerabilities like spoofing and centralised control. However, currently, due to their challenges, they are more of a bridge to gaps in the DNS system than a viable replacement. For example, the challenges to blockchain identifiers replacing the current DNS/domain system include problems with technical scalability, integration complexities, and the need for broader user understanding and confidence. Also, the decentralised nature of blockchain could lead to name collisions and trademark issues.

That said, although blockchain technology is still evolving and has its challenges, it does have important benefits that have meant it has been adopted in many different industries and fields, and blockchain identifiers have proved to be vital to the integrity and traceability of transactions.

The US The Federal Communications Commission (FCC) has announced that robocalls using AI-generated voices are now illegal.

What Are Robocalls And Why Make Them Illegal?

A robocall is a call made using voice cloning technology with an AI-generated voice, i.e. it is a telemarketing call that uses an automatic telephone-dialling system and an artificial or prerecorded voice message.

This type of call is now common practice in scams targeting consumers, hence the move by the FCC to make such calls illegal.

Escalation As Voice Cloning Technology More Available

These types of calls have escalated in recent years as this technology has improved and become widely available. The FCC says it’s reached the point where the calls now have the potential to effectively confuse consumers with misinformation by imitating the voices of celebrities, political candidates, and close family members.

How Changing The Law Will Help

The FCC’s Chairwoman Jessica Rosenworcel, has explained how making such calls illegal will help saying: “Bad actors are using AI-generated voices in unsolicited robocalls to extort vulnerable family members, imitate celebrities, and misinform voters. We’re putting the fraudsters behind these robocalls on notice.” She also said the move will mean that: “State Attorneys General will now have new tools to crack down on these scams and ensure the public is protected from fraud and misinformation.”

What Will It Mean For Telemarketers?

The law used by the FCC to make these robocalls illegal is the Telephone Consumer Protection Act which is broadly used to restrict the making of telemarketing calls and the use of automatic telephone dialling systems and artificial or prerecorded voice messages. The updated FCC rules, as part of this act, will mean:

– Telemarketers need to obtain prior express written consent from consumers before robocalling them using AI-generated voices.

– The FCC civil enforcement authority can fine robocallers and take steps to block calls from telephone carriers facilitating illegal robocalls.

– Individual consumers or an organisation can bring a lawsuit against robocallers in court.

– State Attorneys General have their own enforcement tools which may be tied to robocall definitions under the TCPA.

Countrywide

The fact that a coalition of 26 State Attorneys General (more than half of the nation’s AGs) recently wrote to the FCC supporting this approach means that the FCC will have partnerships with law enforcement agencies in states across the country to identify and eliminate illegal robocalls.

Worry In An Election Year

The move by the FFC is timely in terms of closing avenues for the spread of political misinformation. For example, in January, an estimated 5,000 to 25,000 deepfake robocalls impersonating President Joe Biden were made to New Hampshire voters urging them not to vote in the Primary.

What Does This Mean For Your Business?

Advances in AI voice cloning technology and its wide availability have given phone scammers and deep-fakers a powerful tool that can be used to spread misinformation and scam consumers. In light of what happened in New Hampshire, the FCC wants to clamp down on any possible routes for the use of deepfakes to spread political misinformation as well as protecting consumers from scams.

The prevalence of these types of calls makes it more difficult for legitimate telemarketers (who are likely to be pleased by the action taken by the FCC). The fact that 26 State Attorneys General covering half the country support the FCC’s law change gives the move power and reach, but whether it will be an effective deterrent for determined scammers in what may become a very messy election remains to be seen. Also, the telephone is just one route as voters and consumers can be targeted with misinformation in many other ways, perhaps more widely and effectively, e.g. through social media and shared deepfake videos. That said, the law change is at least a step in the right direction.

Google has rebranded its Bard chatbot as Gemini, the name of its new powerful AI model family, and launched a $20 per month ‘Gemini Advanced’ subscription service.

Gemini Advanced 

To compete with the likes of ChatGPT, Google has launched its own monthly Chatbot subscription service for the same price but with some extras thrown in. Google recently launched Gemini, its “newest and most capable” large language model (LLM) family, available as Ultra, Pro, and Nano. The highly advanced and multimodal AI model was designed to be integrated into its existing ‘Bard’ chatbot.

Rebrand and Subscription Plan 

Google has therefore now rebranded Bard as ‘Gemini Advanced’ after the AI Ultra 1.0 model that now powers it, and released a $19.99 per month subscription to the chatbot. The subscription plan which includes Gemini Advanced has been named the ‘Google One AI Premium Plan.’ Google says the plan includes:

– The Gemini Advanced chatbot (based on its Ultra 1.0 model).

– The benefits of the existing Google One Premium plan, such as 2TB of storage (usually $9.99 per month).

– Available soon for AI Premium subscribers – the ability to use Gemini in Gmail, Docs, Slides, Sheets and more (formerly known as Duet AI).

– A two-month trial at no cost.

Where And How? 

Gemini Advanced is available today in more than 150 countries and territories (including the UK) in English, and Google says it will expand it to more languages over time. It also makes the point that Gemini Pro is already available in 40 languages and more than 230 countries and territories, so it’s likely that Gemini Advanced will be available to the same geographic degree.

Competition 

Although Google is a little late to the party with Gemini Advanced, it has been a way to tidy up and clarify its offering by re-branding and using Bard at the front end and its latest powerful Gemini at the back end.

Gemini Advanced offers Google a way to monetise the AI that it’s been investing in for years and compete with OpenAI’s ChatGPT and Microsoft’s Copilot subscription. However, it has more in common with Copilot in terms of being designed to integrate with an existing suite of products whereas OpenIA’s ChatGPT is a standalone offering. That said, OpenAI has worked closely in partnership with Microsoft to develop its AI and while Google’s AI has been developed by its DeepMind labs, former OpenAI staff members have also worked at DeepMind at certain stages.

Gemini Advanced is, therefore, essentially positioned to compete with OpenAI’s ChatGPT Plus, and Microsoft’s Copilot Pro, all at $20 per month.

What Does This Mean For Your Business?

With ChatGPT Plus, Microsoft’s Copilot Pro, and Google’s Gemini Advanced now available at the same subscription price, businesses have a choice in terms of selecting the AI tools that align most closely with their strategic goals and operational needs. With businesses very likely to be already using Microsoft and Google products daily, plus many using ChatGPT it’s likely to be a case of weighing up the features, capabilities, and limitations of each AI service against their specific requirements to get the best fit for enhancing productivity and innovation.

Many small business owners may be asking themselves whether extra value can be obtained from yet another monthly subscription from something that many people perceive to be a similar product that hasn’t been around as long (and perhaps not trained as much) as ChatGPT. That said, some may have used ChatGPT long enough to have noticed its limitations as well as its strengths and may feel ready to try a competing product that promises to have a powerful backend and could help them leverage the power of other Google products. There’s also the temptation/sweetener of the first 2 months free with Gemini Advanced and a large amount storage which would normally cost $9.99 per month anyway.

Whereas just at the end of 2022 there was only ChatGPT, businesses now have a choice between three similarly positioned AI products, giving some idea of the rapid growth and monetisation in this new competitive market. Businesses may, therefore, now start deciding which AI subscription – ChatGPT Plus, Microsoft’s Copilot Pro, or Google’s Gemini Advanced – best aligns with their goals, operational needs, and existing software ecosystems. This choice may hinge on taking a closer look at each platform’s unique features and capabilities, cost-effectiveness, data privacy standards, and compatibility with the company’s values and long-term innovation potential. For big tech companies, the AI competition is hotting up and we can expect more rapid change to come.

Apple iPhone users are being urged to use a new feature called ‘Stolen Device Protection’ which was rolled out in a recent update to iOS.

As the new feature’s name suggests, it can help prevent someone who has stolen your device and knows your passcode from making critical changes to your account or device. It means that certain actions will have additional security requirements when your iPhone is away from familiar locations, such as your home or workplace.

The feature protects by including factors like a security delay and the need to authenticate Face ID or Touch ID before certain actions can be taken on a device.

The opt-in Stolen Device Protection feature can be turned on in Settings but requires the use of two-factor authentication for your Apple ID and setting up or enabling the following on your iPhone: a device passcode; Face ID or Touch ID; Find My; and Significant Locations.

UK Consumer champion Which? has reported that a scam mobile advert linked to a site mimicking the legitimate Lyca Mobile site was able to bypass the Google Ads verification check to reach the top of Google’s search listing.

Which? reported that scammers got around Google’s ad verification check by claiming to be “Vodafone Finance Management”, a subsidiary of Vodafone on Companies.

The scam ads, which appeared at the top of Google for three days in late January linked to a copycat website designed to steal card details (a phishing website).

A spokesperson for Vodafone told Which? they had “reported the issue to Google for immediate resolution and to stop it happening again.” Also, a spokesperson for Lyca Mobile told Which? that they “welcome moves by Google and others to crack down on this type of activity to protect both consumers and brands from malicious actors.”