Comment by dmix
1 day ago
The article says
> [ChatGPT] is blocked for other Department of Homeland Security staff. Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” adding that the use was “short-term and limited.”
He had a special exemption to use it as head of Cyber and still got flagged by cybersecurity checks. So obviously they don't think it's safe to use broadly.
They already have a deal with OpenAI to build a government focused one https://openai.com/global-affairs/introducing-chatgpt-gov/
> So obviously they don't think it's safe to use broadly.
More likely, everything gets added to the list because there shouldn't be false positives, it's worth investigating to make sure there isn't an adjacent gap in the security systems.
You are uploading information to the chat system every time you use it. Doubly true if you’re having it analyze or work with documents.
I presume pulling this data out is simple if you’re, say, China.
There really no security to investigate. Without a private instance, it’s an absolute non-starter for anything classified.
> presume pulling this data out is simple if you’re, say, China
Why would you presume that?
1 reply →
Somehow I think that the weak link in our government security is at the top - the President, his cabinet, and various heads of agencies. Because nobody questions what they're allowed to do, and so they're exempt from various common-sense security protocols. We already saw some pretty egregious security breaches from Pete Hegseth.
That's also the case in businesses. No one denies the CEO a security exemption.
Why would you? He’s literally the only person ostensibly in charge of the direction of the company. Destroying the company through a security exemption or a bad business deal - both are the leader making a poor decision due directly to his seat of power.
Give sound advice of course, but ultimately it’s the exec’s decision make.
4 replies →
I have never worked in a company where an obviously incorrect CEO-demanded security exemption (like this one) would have been allowed to pass. Professionalism, boards (with a mandatory employee member/representative, after some size) and ethics exist.
30 years in about 8 software companies, Northern Europe. Often startups. Between 4 to 600 people. When they grow large the work often turns boring, so it's time to find something smaller again.
7 replies →
Been there. The CEO of an internet security company was the one who clicked on the wrong email attachment and turned a virus loose.
I mean, I don't know if he had a security exemption, or if anyone who clicked on it would have infected us. But he was the weak link, at least in that instance.
Hah no, weak links are everywhere at all levels. The stories just don't generate revenue for news companies.
A fish rots from the head back.
whether he is personally and directly responsible for this specific incident, his leadership absolutely sets the tone for the rest of the federal government.
[flagged]
It goes back long before the current regime. People may remember a certain cabinet secretary who ran her own exchange server in the basement.
It’s always fascinating how massive corruption is “whatabout”’d because someone years ago did something stupid.
2 replies →
Humans generally find "food safety expert sickens guests with tuna salad he left out overnight on warm countertop" to be a far more damning charge than "fire safety expert sickens ... warm countertop".
Dig up a live mic catching Hillary calling the IOC a bunch of self-serving scum just as Obama was begging them to award the 2016 Olympics to Chicago, and we might call it comparable.