Artificial Intelligence – Very Real Creations: AI as a Generator of I.P.?

With an over-expanding array of applications that rely on artificial intelligence (“AI”), we’re finding more and more ways to use them, sometimes to unexpected results. In fact, some AI applications can now even create new things in ways that are not dependent solely on choices and manipulations by human creators and operators. Yes, in today’s world, IA can now create things on its own, leaving the law to wonder what to do with that new reality. Can our legal system deal with creation of inventions or works of authorship by machines (or rather AI)?

That very question is now being asked in most jurisdictions worldwide, as we collectively try and deal with an uncomfortable realization that, maybe, we as humans are not the only ones capable of creating intangible creations that may worthwhile to protect as intellectual property (“I.P.”). Indeed, this is happening as to works like texts, images and music, and even as to what would be considered inventions, had a human been the creator. When such a creation comes about as a result of the operation of an IA program, should we acknowledge it or, instead, sweep it under the rug and hold that the humans responsible for the initial execution are the akin to the authors or inventors? We should note that this issue exists as to copyrights (as in the case of that painting) but also does for industrial designs and inventions.

A good example of that trend is the Canadian Intellectual Property Office (“CIPO”) on-going consultations as to whether we should recognize the possibility of AI acting as actual creators of other types of I.P. such as patentable inventions or works of authorship. It may be that we do what to open that door, or maybe we just want to avoid the whole mess and stick with the status quo. The jury is still out on that one… for now.

Recently, CIPO may have creaked the door opened, as it allowed the registration of copyrights to a certain painting, the authors of which are presented as a human and, yes, an IA application. To my knowledge, this is a first in Canada though it has happened elsewhere, such as in India last year as to that very painting.

So, according to Canadian copyright registration No. 1188619, the co-authors of the painting at issue are an individual named Ankit Sahni, on the one hand, and “Painting App, RAGHAV Artificial Intelligence”, on the other hand. The work of joint-authorship is thus presented on the Canadian register as resulting from the combined creative work of two entities (for lack of a better term), one of whom (which?) is a computer program.

It is not yet clear how the law can/would/will deal with this kind of factual situation, including as to what the rules are when a “thing” is named like as an author (or an inventor, if it gets to that), including who the I.P. belongs to off-hand, who can be seen as the co-author (or co-inventor) and why, whether the IA could have been named as the sole author (or inventor), etc. One could also consider to extent to which an AI application must be identified as a creator when it as involved -the same as when a human creator is involved, etc. When IA considered more than a mere tool for a human creator? As you can imagine, the potential questions abound.

Though the idea may seem simple, allowing us to consider IA as a creator or inventor does (will) lead to all sorts of consequences that we collectively would do well to think through, before proceeding.

At any rate, IA creating stuff is an inescapable reality that, one way or an other, we collectively have to deal with. Unfortunately, as every jurisdiction makes these kinds of decision without necessarily paying heed to what is being done elsewhere, we may very well end-up with an I.P. legal system that is even more messy than it currently is, as down the line some countries may allow IA as creators and some may not. As I was writing above, every jurisdiction is currently grappling with these questions.

Major Update of the Canadian Government Login Process for Businesses

The Canadian government finally seems to have realized allowing individual agencies to create and manage credentials individually, for each business that may want to interact with governmental online services, simply does not make sense, including from a cybersecurity standpoint. Starting soon, users who want to login will have to go through a whole new system.

CIPO (the Canadian Intellectual Property Office) recently started offering information and training on the upcoming changes, so as to allow businesses to make the transition, including those that may need to interact with I.P.-related services, for example as to patents, trademarks or industrial designs.

The new system being deployed by the Canadian government will do away with ISED, the former system whereby businesses could create user IDs to login and interact with governmental online services.

The new identification process will involve each business creating an ID (called the GCKey) to which authorized individual users will have to be linked. The system will also require individuals to go through identification and authentication, to make sure they are the actual individual they purport to be and that they are indeed authorized by the organization at issue. Though you may think this was already the case, it was not.

One offshoot of this new method of allowing access by users on behalf of their organization is that it will do away with the sharing of credentials. Once implemented, it will no longer be possible for all users of an organization to “share” a single user ID (account), as was so frequently until now, for purposes of accessing governmental online services.

The new system will also force all user to use 2-step verification to login into their online account, also something most large organizations have been requiring for a while now. The actual implementation of the changes start March 28.

Cybersecurity 101: Common Sense Can Make All the Difference

The Slaw blog had a good basic post yesterday morning on cybersecurity for law firms. It made me want to share some of their advice, to which I’d add a few of my own and which may apply not only to professionals but also to any type of organization.

As you may notice, a lot of this is basically common sense, as applied in the digital age:

  • Start by asking yourself what type of data your organization handles, and contemplate what problems you may have were it to fall in other hands or become unavailable;
  • Inventory all devices which your organization uses, including in particular those that connect to its systems and/or the Internet and make sure your personnel knows the dangers associated with plugging anything new (for ex., an infected USB stick);
  • Realize that anything you plug into the Internet (i.e. make accessible) may become a point of entry for eventual hackers or infections, in particular any devices that have not been fully updated (including any firmware and software running on it) – make sure all your hardware and software are regularly updated (starting with your router and computers/servers);
  • Stop allowing or using weak passwords and force everyone to use a solid password manager;
  • Better yet, have everyone in the organization access every tool that can be through Two Factor Authentication (2FA);
  • Acknowledge that employees require on-going cybersecurity training and reminders, and actually schedule it so that it does happen, at least every year,. Including as to things like:
    • The risks associated with using passwords (such as weak or reused ones);
    • Problems which may be triggered by navigating one’s browser to a malicious site or clicking on a link in an email;
    • The dangers of activating, opening or clicking on attachments;
    • The concept of social engineering and its role in many attacks;
  • Know in advance who you will call in case of an incident to investigate or remedy, and make sure your personnel knows what your game plan is;
  • Do not assume you are safe because no one would bother attacking you, as we’re all potential victims of cybersecurity incidents, as anyone can fall victim to an attack without even having been specifically targeted.

With Québec’s passing of a new personal information stature, further to Bill 64, I’d say now’s a good time to brush-up on your cybersecurity practices and safeguards!