Skip to main content

Health-ISAC Hacking Healthcare 3-6-2024

|

This week, Hacking Healthcare™ a speech given by the U.S. Department of Justice’s (DOJ) Deputy Attorney General Lisa Monaco, which outlined the DOJ’s new policy to address AI-enabled or AI-augmented cybercrimes. We break down what was said, highlight a few outstanding questions, consider the policy’s potential effectiveness, and ponder its potential global impact.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

PDF Version:

Text Version:

Welcome back to Hacking Healthcare™.

DOJ Signals Intent to Treat AI Use in Malicious Acts as Aggravating Factor in Sentencing

AI is understandably a hot topic of conversation, with government and industry figures even referring to it as the “steam engine of the fourth industrial revolution.”[i] Within cybersecurity circles, optimism over how AI might aid network defenders has generally been overshadowed by concerns over its deployment by malicious actors. A recent talk by Deputy Attorney General Lisa Monaco spoke to both sides of that conversation and provided an interesting view into how the current Department of Justice is thinking about prosecuting AI-aided or -enabled cyberattacks.

Speaking at the University of Oxford on February 14th, Monaco said she is “laser-focused on what may well be the most transformational technology we’ve confronted yet: artificial intelligence, and what it portends for our core mission.”[ii]

Identifying AI as a double-edged sword, Monaco outlined the good it may do by noting its “potential to be an indispensable tool to help identify, disrupt, and deter criminals, terrorists, and hostile nation-states from doing us harm.” However, she also acknowledged that AI is “accelerating risks to our collective security,” including its ability to “amplify existing biases and discriminatory practices, … [accelerate] the spread of disinformation and repression … [and] lower the barriers to entry for criminals.”[iii]

A New Legal Regime for AI?

One aspect of Monaco’s talk was to liken AI to the legal evolution around cyber more generally and to support the notion that while new governance approaches and laws for AI will be needed, a strong legal foundation already exists. Her speech essentially reiterated that many of the concerns over how AI might be used in malicious acts are not inherently new and thus could be addressed with existing laws. Monaco highlighted that “[d]iscrimination using AI is still discrimination. Price fixing using AI is still price fixing. Identity theft using AI is still identity theft.”[iv] In these terms, and noting that, “like a firearm, AI can also enhance the danger of a crime,” the DOJ appears to view AI as more of an element that may exacerbate malicious crimes and activities.

As such, Monaco made it clear that where AI amplifies offenses, the DOJ may seek to impose more significant sentencing, saying:

“Going forward, where Department of Justice prosecutors can seek stiffer sentences for offenses made significantly more dangerous by the misuse of AI — they will.  And if we determine that existing sentencing enhancements don’t adequately address the harms caused by misuse of AI, we will seek reforms to those enhancements to close that gap.”[v] In her mind, “This approach will deepen accountability and exert deterrence. And it reflects the principle that our laws can and must remain responsive to the moment.”[vi]

Action & Analysis
**Included with Health-ISAC Membership**

Upcoming International Hearings/Meetings

EU

  • European Parliament – Committee on the Environment, Public Health and Food Safety (3/11)

US

  • No relevant meetings at this time

Rest of World

  • Health-ISAC APAC Summit (3/19 – 3/21)

[i] World Economic Forum: Davos 2024. Generative AI: Steam Engine of the Fourth Industrial Revolution?

[ii] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-university-oxford-promise-and

[iii] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-university-oxford-promise-and

[iv] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-university-oxford-promise-and

[v] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-university-oxford-promise-and

[vi] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-university-oxford-promise-and

[vii] https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-university-oxford-promise-and

This site is registered on Toolset.com as a development site.