Category: Tech

The French supreme court has turned to the European Court of Justice to decide whether EU citizens have the right to challenge the legality of evidence obtained by French law enforcement by hacking the Sky ECC cryptophone network.

The Cour de Cassation has asked the European Court of Justice to rule whether French law is in line with European law. It comes after the French courts refused the right of a German citizen to appeal against the lawfulness of the French hacking operation in the French courts.

The decision will have “significant consequences” for legal proceedings in the European Union against individuals who are charged with criminal offences based on evidence obtained by French police from hacking the Sky ECC and EncroChat encrypted phone networks.

French, Belgian and Dutch police infiltrated servers belonging to Sky ECC, the world’s largest cryptophone network, and decrypted millions of messages between June 2019 and March 2021, leading to the arrest of drug gangs across Europe.

French and Dutch police also harvested messages from tens of thousands of EncroChat cryptophone users after police infiltrated the network’s servers in a novel hacking operation in 2020. A three-year investigation led to 6,500 arrests of organised crime and drug groups worldwide and the seizure of nearly €900m in cash and assets.

France ‘breached European law’

A coalition of defence lawyers, known as the Joint Defence Team, are challenging the legality of the French hacking operation. They argue that France breached European law by obtaining millions of encrypted messages from Sky ECC and EncroChat without grounds for suspicion against the individuals targeted.

They also argue that the French failed to notify other EU states in advance about when they intercepted messages from phones outside of French territory, denying other EU member states the right to object to the operation.

The defence lawyers say that their argument gained extra weight after the French supreme court ruling in June 2025. The court stated that EU states engaged in cross-border digital investigations must formally notify other EU states when intercepting data in their jurisdiction – an obligation defence lawyers say has been ignored in the Sky ECC operation.

No legal recourse

Individuals facing prosecution have been denied the right to challenge the lawfulness of the French hacking operations before judges in their own country, because the “mutual recognition” principle requires EU member states to accept evidence provided by other member states under European Investigation Orders (EIOs).

At the same time, people have been denied the right to challenge evidence in the French courts, leaving people charged with offences based on intercepted Sky ECC or EncroChat messages without legal recourse to appeal.

German lawyer Christian Lödden and French lawyer Guillaume Martine filed an appeal on behalf of a man accused of crimes based partly on evidence from Sky ECC intercepts in Germany, in the Paris Court of Appeal in June 2024, seeking to challenge the lawfulness of the Sky ECC data. The court ruled that the man was not entitled to be heard by the French Court.

Lödden, working with a network of European defence lawyers, appealed the decision in  the French supreme court in February last year.

Decision will have ‘significant consequences’

The supreme court found that under French law, it was not possible for people accused of crimes in other countries to bring an appeal in France to challenge the lawfulness of the evidence, when it had been shared with another country under an EIO.

But the court also recognised the right of defendants to seek legal redress, and in a ruling on 16 September, the French supreme court asked the Court of Justice of the European Union to determine if there is a conflict between French and European law.

“The interpretation requested is likely to have significant consequences…in proceedings currently underway in various member states of the EU, where prosecutions rely on evidence similar to that contested here, all originating from the Sky ECC procedure,” the court said in its ruling. 

‘Fishing with dynamite’

Lödden told Computer Weekly that the French operation to hack Sky ECC, amounted to a mass surveillance operation against 170,000 devices across the world, without concrete grounds for suspicion against individual phone users required under European law. “It was like fishing with dynamite,” he said.

Under current law, it was not possible to have a court review the lawfulness of the interception operations against Sky ECC and EncroChat, he said, adding: “That is totalitarianism, not the rule of law.”

Justus Reisinger, a Dutch defence lawyer, said that the French supreme court decision “created a possibility of having a real effective remedy” against Sky ECC.

No judge has so far decided on the lawfulness of evidence obtained by French police by hacking encrypted phones in other countries without notifying those countries in advance and giving them a chance to object, he said.

“The Court of Justice of the European Union and the French Cour de Cassation agree that interception is unlawful if there is no notification, and there has been no notification. If this case is found admissible, then the outcome is almost certainly they will declare [the Sky ECC evidence] unlawful,” he added.

France, which carried out the Sky ECC hacking operation, obtained the data on the premise that it would bring prosecutions against individuals involved in running the Sky ECC network, including its founder Jean-Francois Eap and distributor Thomas Herdman.

French police went further and gathered data from Sky ECC phones worldwide, which it provided to law enforcement agencies in other countries investigating organised crime groups who were using the encrypted phones.

The Court of Justice of the European Union is expected to take up to a year and a half to respond to the French supreme court.

Source

Mijansk786/Shutterstock

Some YouTube creators are using end screens to promote additional content from the channel. It’s a practice many YouTube users are familiar with, as those end screen recommendations show up at the end of many clips on the streaming service. Sometimes, they cover most of the screen, as creators can place up to four recommendations on the screen. But since those end screens can appear anywhere in the last 20 seconds of the clip, they can sometimes cover key details you may want to see. Until now, there was no way to remove the recommendation screens, but YouTube is finally allowing users to hide those end screens when they get in the way.

The end screen recommendations will not disappear, as creators can still promote their content at the end of videos. YouTube isn’t giving users a setting that will permanently remove those end screens. You can only hide the recommendations on the video you’re watching. You’ll have to repeat the process for every clip that has recommendations blocking relevant content.

Not all YouTube changes are beneficial. A few weeks ago, users and creators noticed YouTube using AI to enhance videos without the permission of creators. Previously, YouTube also hid the Skip button so users would watch more (and sometimes even longer) ads. But this time YouTube appears to be doing the right thing.

How to remove the end screen recommendations

Algi Febri Sugita/Shutterstock

YouTube announced the new “Hide” button via a support document on Wednesday. The Hide button will appear in the top right corner of the video player. Click the button, and the end screens will disappear. If you want to see the recommendations again, you’ll have to tap the “Show” button that appears once the end screens are hidden. YouTube says it’s implementing the change following feedback from its users. YouTube will also remove the “Subscribe” button that appears when you hover the cursor over a video’s watermark.

YouTube explained that the updates to the playback experience followed internal tests that measured the impact on these proposed changes. YouTube found that giving users the option to hide end screens caused a drop in views of less than 1.5%. Similarly, fewer than 0.05% of channel subscriptions come from the hover-to-subscribe functionality associated with the watermark. While YouTube is making these changes to the video player user interface, creators will still be able to use end screen recommendations and watermarks.

The support document doesn’t explain when the changes will be available to users, but it’s probably only a matter of time until you start seeing the Hide button on videos that have recommendations at the end. YouTube tested the button globally between March and July, a detail that suggests the software changes are ready for a wider rollout.

Source

Nearly two years ago, BT warned of the need to discuss with media owners the scheduling of the broadcast and game downloads to avoid unnecessary extra strain on infrastructures. Now, it has revealed that an update to the video game Fortnite is fuelling a surge in UK broadband demand and helping to break nationwide usage records.

The UK’s leading telco released data from its Openreach wholesale broadband network division showing that data usage on its new full-fibre network alone is up more than 35% between January and June 2025, compared with the same period in 2024.

The data showed that overall traffic on the BT national broadband network increased by 5% in the same timeframe. In addition, the study found that peak usage across Openreach’s network typically occurs between 20:00 and 22:00 when households are streaming, gaming and connecting multiple devices.

First introduced in 2017 by Epic Games, Fortnite is described by its developers as “a world of many games and other experiences”, made by different creators. The family includes Fortnite Battle Royale, which covers multiple experiences such as Battle Royale, Zero Build – Battle Royale, Reload, and Fortnite OG; Fortnite Ballistic; Lego Fortnite Odyssey; Lego Fortnite Brick Life; Rocket Racing; Fortnite Festival, including Festival Main Stage, Festival Jam Stage and Festival Battle Stage; and Fortnite Save the World.

BT said that Fortnite had become a consistent driver of peaks in demand, with major updates during 2025 coinciding with record-breaking spikes. On 21 February 2025, a large Fortnite patch pushed UK broadband traffic to 372 Petabytes (PB) – 372 million gigabytes – creating the busiest day of the year so far for its network. BT noted that this was the equivalent of streaming HD Netflix for more than 1.5 million years, nonstop; downloading more than 90 million 4K movies; or sending every person in the UK more than 5,000 high-res photos in a single day.

In addition, Patch 36.00 on 7 June 2025 saw usage hit 351PB, followed by 349PB on 8 June. Other high-traffic days included 5 January (357PB) and New Year’s Day (346PB), showing how digital demand continues to rise, even without major events.

Openreach’s data also revealed the UK’s general evolving digital habits. The top five busiest days for broadband usage in the 2025 include 21 February – Fortnite patch release (372PB); 5 January – high weekend usage (357PB); 7 June – Fortnite patch 36.00 (351PB); 8 June – continued Fortnite traffic (349PB); and 1 January – New Year’s Day (346PB).

Commenting on the data and the trends in terms of network consumption revealed by the survey, Openreach deputy chief executive Katie Milligan said: “Our usage data shows how faster, more reliable connections are reshaping the UK’s digital habits. We’ve always been a data-hungry nation, but wider access to full-fibre is enabling families and businesses to do more online – and do it faster, with fewer interruptions.

“More than 7.5 million customers are already benefiting from this upgrade – using it to work from home, access education and healthcare, and enjoy seamless entertainment and gaming. But upgrades aren’t automatic, so that still leaves over 12 million homes missing out on a future-proof connection that’s available now with freedom to choose from the widest range of providers.”

Source

A study from Eseye is warning that billions in artificial intelligence (AI) investment is being threatened by what it calls “fundamentally unreliable” internet of things (IoT) connectivity.

Now in its fifth year, the 2025 edition of the State of IoT report from the global IoT firm surveyed 1,200 senior IoT decision-makers and implementers of IoT strategy who had undertaken at least one IoT project in the past 12 months, with IoT devices deployed across at least three countries and connecting through cellular networks. The data was collected between 28 May and 3 June 2025.

The research stressed that among the key elements of strategic IoT were device reliability, global connectivity, security and, now more than ever, sustainability. Yet it also warned that unreliable data streams were putting corporate AI strategies at risk, with findings showing only 2% of firms had achieved the high levels of connectivity required. In addition, poor connectivity from IoT devices was seen to be hindering the adoption of AI in a third of businesses (34%).

Moreover, the study highlighted that this so-called performance gap existed despite the majority of business leaders stating that high-connectivity performance is essential for device uptime. The research found that 74% agreed with the statement that “achieving near-100% global connectivity is crucial to my business case”.

It also warned that such unreliability has direct operational consequences. More than a third of businesses cited an “inability to gather timely and accurate data due to device downtime, leading to poor business decisions” (36%) and damage to their company’s reputation (36%) as key risks. A similar number pointed to a “loss of operational efficiency and increased costs due to unreliable connections” (35%).

“We all hear about the incredible promise of AI to help us solve major global challenges, from creating smarter healthcare and more sustainable cities, to managing our energy and water resources,” said Eseye co-founder and chief customer officer Paul Marshall. “But what’s often missed is that these revolutionary AI models are completely dependent on a constant stream of real-world data from a vast network of IoT sensors.

“Our research reveals a critical flaw in this foundation. We found that only 2% of these IoT deployments are achieving the near-100% connectivity they need. This means we may be building our transformative AI ambitions on a network that isn’t yet consistently dependable. This isn’t just a risk to business ROI, it’s a risk to the evolution of AI applications.”

Marshall also stressed just how important this could be in real-world applications, adding that in mission-critical IoT scenarios, failure isn’t just inconvenient, it’s potentially life-threatening.

“Imagine a life-saving medical sensor detecting a dangerous drop in a patient’s oxygen levels,” he said. “If that data point can’t be transmitted and then analysed by AI applications due to a failed connection, the alert never reaches clinicians in time. The result? A missed opportunity to intervene, and potentially a preventable fatality. To make the promise of AI a reality for everyone, we must first solve this foundational IoT connectivity challenge.”

Source

Opening its Connect 2025 conference, Huawei stressed that computing power is and will continue to be key to the continued roll-out of artificial intelligence (AI) across distributed business infrastructures – especially in China – and used the event to launch a range of computer pods and clusters, as well as interconnect technology to address potential data bottlenecks for large-scale AI computing infrastructure.

In his conference keynote, Groundbreaking SuperPoD Interconnect: Leading a new paradigm for AI infrastructure, Eric Xu, the deputy chairman of the board and rotating chairman of the IT and networking giant, stressed that Huawei’s goal was to sustainably meet long-term computing demand by building SuperPoDs – defined as a single logical machine, made up of multiple physical machines that can learn, think and reason as one – and SuperClusters, with the semiconductor manufacturing process nodes that he said were “practically” available to the Chinese mainland.

During the keynote, Xu unveiled the company’s newest SuperPoD products: the Atlas 950 SuperPoD, with 8,192 Ascend neural processing units (NPUs), and the Atlas 960 SuperPoD, with 15,488 Ascend NPUs.

These two SuperPoDs are claimed to deliver “industry-leading performance” across multiple key metrics, including the number of NPUs, total computing power, memory capacity and interconnect bandwidth. In addition, the company states that based on publicly announced product roadmaps from peers in the industry, Huawei insisted that its SuperPoDs were currently the most powerful in the world, and that they would remain so “for years to come”.

Xu also announced the Atlas 950 SuperCluster (with over 500,000 Ascend NPUs) and Atlas 960 SuperCluster (with over one million Ascend NPUs), which are large-scale computing clusters comprised of multiple Huawei SuperPoDs. These are also poised to outperform all other computing clusters on the market.

With the world’s most powerful SuperPoDs and SuperClusters, Xu asserted that Huawei has what it takes to provide abundant computing power for ongoing, rapid advancements in AI, both now and in the future.

Xu went on to introduce the TaiShan 950 SuperPoD, what the tech developer described as the world’s first general-purpose computing SuperPoD. The platform, combined with Huawei’s distributed GaussDB, is designed to serve as a viable alternative to mainframes and mid-range computers, and also Exadata database servers.

Yet even with the most powerful SuperPoD, there exist a number of networking challenges in high-computing environments, namely the physical limitations of existing cable technology – both optical and copper – to link up massive numbers of chips and SuperPoDs over long distances while maintaining a reliable, high-speed and low-latency connection. This could present a major bottleneck for large-scale AI computing infrastructure.

To address these challenges, Huawei said it had honed its connectivity expertise over the past three decades, and Xu announced UnifiedBus, a “groundbreaking” interconnect protocol for SuperPoDs.

“SuperPoDs and SuperClusters powered by UnifiedBus are our answer to surging demand for computing, both today and tomorrow,” he said. “Our goal is to keep pushing advancements in AI to create greater value.”

Xu also released the technical specifications for UnifiedBus 2.0, in the hope that industry partners will adopt this protocol to develop more UnifiedBus-based products and components, and jointly create an open UnifiedBus ecosystem.

Source

The government has been urged to step up defences to sabotage threats from Russia against undersea cables that provide critical internet connections for financial services, datacentres and military communications.

A cross-party group of MPs and peers has warned the UK has “been too timid” in defending the undersea internet cable network from potential attacks by Russia and other hostile nation states.

Parliament’s Joint Committee on the National Security Strategy warned in a report that Russian aggression can escalate much faster than UK resilience measures could be upgraded.

“We can no longer rule out the possibility of UK infrastructure being targeted in a crisis,” the committee said.

“We are also not confident that the UK could prevent such attacks or recover within an acceptable time period.”

Nato’s general secretary, Mark Rutter, warned in June that Russia would be “ready to use military force against Nato within five years”.

UK is dependent on subsea internet cables

The UK is a global hub for internet traffic, and almost entirely reliant on subsea cables to exchange data with other countries.

The UK has about 62 subsea cables, roughly 50 of which are thought to be active, to connect it with the rest of the world and to provide resilience if some are deliberately or accidentally damaged. Additional cables run through the Channel Tunnel.

MPs and peers warn in their report that a simultaneous attack on multiple cables, particularly during times of heightened tension or conflict, could cause significant disruption.

There is growing concern about malicious reconnaissance and sabotage of the UK’s underwater infrastructure, they say.

Parliament concerned over Russian threats

Experts told the committee that Russia operates titanium-hulled vessels that can target cables at extreme depths and is willing to recruit freelance shipping operators to damage undersea cables by dragging their anchors.

In January, Russian spy ship Yantar was challenged in British waters after being observed “gathering intelligence and mapping the UK’s critical underwater infrastructure”.

MPs and peers say the UK’s outlying islands, military cables and cables used by the financial sector are vulnerable. While sabotaging these links may not cause national disruption, it would be “costly, provocative and hard to prevent”.

Their report says that onshore landing stations, such as Lowestoft, which houses five cables, and Bude, which houses nine cables, could also be at risk, and that some sites could be “rendered inoperable” by sabotage.

Risk of ‘catastrophic disruption’

The committee said coordinated attacks could cause catastrophic disruption, including failures in payment systems and supply chains, degraded communications, overstretched emergency responses, and unexpected cascading issues as online authentication applications are disrupted.

When a fishing vessel accidentally severed cables to the Shetland Islands in 2020, residents reported widespread card payment failures, and disruption to mobile phones and landlines.

Damage to a cable connecting Orkney and Banf in 2025 disrupted business internet connections and led to the closure of a hospital switchboard.

The financial sector relies on subsea cables for high-frequency trading, with over $1.5tn in cross-border trade travelling through undersea cables each day.

The loss of key low-latency connections combined with damage to backup routes could cause “significant disruption”, the committee said.

UK needs better preparation

The parliamentarians call for more robust resilience plans, particularly in the financial sector, and updated contingency planning to account for damage to onshore landing stations.

Their report recommends that the government acquires a cable repair ship by 2030, to address the lack of a sovereign repair capacity.

It also calls on the Royal Navy to establish a cadre of reservists and serving personnel to learn cable repair skills, to ensure cables could be repaired in the event of a conflict.

Other recommendations include scaling up cable monitoring schemes, rapid data sharing with law enforcement, legal sanctions, and a greater focus on “direct physical interdiction and prosecution” of suspicious vessels and crew.

Matt Western, chair of the Joint Committee on the National Security Strategy, said the undersea cables form the backbone of the internet, and carry financial transactions worth billions of pounds. “The scale of the UK’s strategic reliance needs to be taken more seriously,” he added.

“We must prepare for the possibility that our cables can be threatened in the event of a security crisis,” said Western. “Putin has shown every sign of wanting to test the soft underbelly of the Nato alliance. Our cables are sufficiently vulnerable to make them a target.

“We need stronger physical protections, better options to impose genuine costs for malicious activity and more comprehensive recovery plans,” he added. “It is conceivable that the UK’s national resilience will be tested in the coming years. We need to be ready.”

Source

The newest flagship devices from Apple will feature a new, higher-performing chip than the iPhone 16 lineup did. While Apple has made claims about what kind of performance you can expect to see when upgrading from an older iPhone to an iPhone Air or iPhone 17 Pro, benchmarks can often give us an even more detailed look at how a phone performs.

Thankfully, new benchmarks for the iPhone 17 Pro and iPhone Air – both of which sport the upgraded A19 Pro chip — have started to appear online. This could give us a decent glimpse of what to expect from the newer iPhones when they start hitting people’s hands next week.

As always, real world use may vary compared to benchmarks. It’s also important to note that these benchmarks are currently “unconfirmed,” which means we can’t say for sure that they are taken from an iPhone 17 Pro or iPhone Air specifically. That said, prospective buyers might at least get a better idea of what to expect from Apple’s most powerful smartphones to date.

Apple’s claims are nebulous as always

Natalyaburova/Getty Images

Apple’s claims about the performance we should expect from the iPhone 17 Pro and iPhone 17 Pro Max aren’t as clear as they could be. In a press release detailing the new devices, Apple writes: “A19 Pro enables iPhone 17 Pro and iPhone 17 Pro Max to deliver up to 40 percent better sustained performance than the previous generation — ideal for gaming, video editing, and running large local language models. The 6-core CPU is the fastest CPU in any smartphone, and the 6-core GPU architecture includes Neural Accelerators built into each GPU core, a larger cache, and more memory than A18 Pro.”

However, this doesn’t exactly say whether those performance claims are tied to the CPU, GPU, or both components combined. This isn’t especially surprising, given that Apple also doesn’t list the amount of RAM in any of its new iPhones anywhere. That said, there are multiple unconfirmed benchmarks based on both the CPU and the GPU, which paint a bit of a clearer picture.

What the unconfirmed iPhone 17 Pro benchmarks show

According to the CPU benchmarks shared on Geekbench, the A19 Pro appears to perform just 13 to 15% faster than the A18 Pro chip found in the iPhone 16 Pro lineup. That’s a far cry from the 40% improvement that Apple notes in its press release. However, the Metal scores — which are Geekbench scores based around GPU performance in a device — show that the iPhone 17 Pro chip performs up to 40% better than the iPhone 16 Pro’s chip did. That seems to point toward Apple’s claims being focused on the GPU.

Digging deeper, MacRumors says that it spotted another comparison on the iPhone 17 Pro product page, which notes that the A19 Pro chip offers up to 20% faster CPU performance compared to the A17 Pro chip that was found in the iPhone 15 Pro. That would line up nicely with the CPU benchmarks seen on Geekbench, even if they are currently unconfirmed.

What this ultimately means is that Apple device owners upgrading to the iPhone 17 Pro or iPhone Air from the 16 Pro lineup will likely see less of a performance leap than those who are running older devices like the iPhone 15 Pro. Fairly obvious, but worth knowing nonetheless. Even if you are a fan of the new design, if you just upgraded to the iPhone 16 Pro, it might not be a bad idea to wait for the iPhone 18 next year if performance is important to you.

Source

oasisamuel/Shutterstock

Apple added the option to customize your home screen icons back in iOS 18, allowing you to make them darker or even tint them based on a color in your wallpaper. Now, though, the company looks to be taking things a step further with even more in-depth icon customization in iOS 26. One way Apple is accomplishing this is by giving users the ability to match the color of their icons to their phone case. But only with certain cases.

For this new feature to work, you’ll need to have a MagSafe case that your iPhone can automatically recognize. The exact technology behind this is a bit unclear, but based on reports from MacRumors, it looks like the feature already appears in the iOS 26 release candidate and is based on how your phone communicates with MagSafe certified accessories. This is essentially an early look at the upcoming operating system, which should be available on September 15, ahead of the iPhone 17 and iPhone Air.

How to use the new case-match icon tint

Hadrian/Shutterstock

To make use of the new case-match tint, you’ll want to follow the standard steps to customize your home screen. Once you’ve selected Customize and pulled up the icon customization screen, you should be able to select from an assortment of options, including Default, Dark, Clear, and Tinted options.

Near the bottom of this menu, you will also be able to select a button that looks like the back of a phone case, which will automatically check your phone’s case color. If the phone can recognize the case, it will change the tint colors to match it.

Not all MagSafe phone cases will support this functionality. While there are plenty of “MagSafe Compatible” cases out there, but users will likely need a MagSafe certified case to make use of this functionality. This most likely means you’ll need to use a first-party Apple case, though any case that has the Made for MagSafe badge should work, as these are cases that trigger the MagSafe animation, work with full wireless charging speeds on MagSafe chargers, and should include the official MagSafe magnet array. They’re also designed to meet Apple’s MFi (Made for iPhone) standards.

Source

The use of large language models (LLMs) as an alternative to search engines and recommendation algorithms is increasing, but early research suggests there is still a high degree of inconsistency and bias in the results these models produce. This has real-world consequences, as LLMs play a greater role in our decision-making choices.

Making sense of algorithmic recommendations is tough. In the past, we had entire industries dedicated to understanding (and gaming) the results of search engines – but the level of complexity of what goes into our online recommendations has risen several times over in just a matter of years. The massive diversity of use cases for LLMs has made audits of individual applications vital in tackling bias and inaccuracies.

Scientists, governments and civil society are scrambling to make sense of what these models are spitting out. A group of researchers at the Complexity Science Hub in Vienna has been looking at one area in particular where these models are being used: identifying scholarly experts. Specifically, these researchers were interested in which scientists are being recommended by these models – and which were not.

Lisette Espín-Noboa, a computer scientist working on the project, had been looking into this before major LLMs had hit the market: “In 2021, I was organising a workshop, and I wanted to come up with a list of keynote speakers.” First, she went to Google Scholar, an open-access database of scientists and their publications. “[Google Scholar] rank them by citations – but for several reasons, citations are biased.” 

This meant trawling through pages and pages of male scientists. Some fields of science are simply more popular than others, with researchers having more influence purely due to the size of their discipline. Another issue is that older scientists – and older pieces of research – will naturally have more citations simply for being around longer, rather than the novelty of their findings.

“It’s often biased towards men,” Espín-Noboa points out. Even with more women entering the profession, most scientific disciplines have been male-dominated for decades.

Daniele Barolo, another researcher at the Complexity Science Hub, describes this as an example of the Matthew Effect. “If you sort the authors only by citation counts, it’s more likely they will be read and therefore cited, and this will create a reinforcement loop,” he explains. In other words, the rich get richer. 

Espín-Noboa continues: “Then I thought, why don’t I use LLMs?” These tools could also fill in the gaps by including scientists that aren’t on Google Scholar. 

But first, they would have to understand whether these were an improvement. “We started doing these audits because we wanted to know how much they knew about people, [and] if they were biased towards men or not,” Espín-Noboa says. The researchers also wanted to see how accurate the tools were and whether they displayed any biases based on ethnicity.

Auditing 

They came up with an experiment which would test the recommendations given by LLMs along various lines, narrowing their requests to scientists published in the journal of the American Physical Society. They asked these LLMs for various recommendations, such as the most important in certain fields or to identify experts from certain periods of time.

While they couldn’t test for the absolute influence of a scientist – no such “ground truth” for this exists – the experiment did surface some interesting findings. Their paper, which is currently available as a preprint, suggests Asian scientists are significantly underrepresented in the recommendations provided by LLMs, and that existing biases against female authors are often replicated.

Despite detailed instructions, in some cases these models would hallucinate the names of scientists, particularly when asked for large lists of recommendations, and would not always be able to differentiate between varying fields of expertise.

“LLMs cannot be seen as directly as databases, because they are linguistic models,” Barolo says.

One test was to prompt the LLM with the name of a scientist and to ask it for someone of a similar academic profile – a “statistical twin”. But when they did this, “not only scientists that actually work in a similar field were recommended, but also people with a similar looking name” adds Barolo. 

As with all experiments, there are certain limitations: for a start, this study was only conducted on open-weight models. These have a degree of transparency, although not as much as fully open-source models. Users are able to set certain parameters and to modify the structure of the algorithms used to fine-tune their outputs. By contrast, most of the largest foundation models are closed-weight ones, with minimal transparency and opportunities for customisation.

But even open-weight models come up against issues. “You don’t know completely how the training process was conducted and which training data was used,” Barolo points out. 

The research was conducted on versions of Meta’s Llama models, Google’s Gemma (a more lightweight model than their flagship Gemini) and a model from Mistral. Each of these has already been superseded by newer models – a perennial problem for carrying out research on LLMs, as the academic pipeline cannot move as quickly as industry.

Aside from the time needed to execute research itself, papers can be held up for months or years in review. On top of this, a lack of transparency and the ever-changing nature of these models can create difficulties in reproducing results, which is a crucial step in the scientific process.

An improvement?

Espín-Noboa has previously worked on auditing more low-tech ranking algorithms. In 2022, she published a paper analysing the impacts of PageRank – the algorithm which arguably gave Google its big breakthrough in the late 1990s. It has since been used by LinkedIn, Twitter and Google Scholar.

PageRank was designed to make a calculation based on the number of links an item has in a network. In the case of webpages, this might be how many websites link to a certain site; or for scholars, it might make a similar calculation based on co-authorships.

Espín-Noboa’s research shows the algorithm has its own problems – it may serve to disadvantage minority groups. Despite this, PageRank is still fundamentally designed with recommendations in mind.

In contrast, “LLMs are not ranking algorithms – they do not understand what a ranking is right now”, says Espín-Noboa. Instead, LLMs are probabilistic – making a best guess at a correct answer by weighing up word probabilities. Espín-Noboa still sees promise in them, but says they are not up to scratch as things stand.

There is also a practical component to this research, as these researchers hope to ultimately create a way for people to better seek recommendations.

“Our final goal is to have a tool that a user can interact with easily using natural language,” says Barolo. This will be tailored to the needs of the user, allowing them to pick which issues are important to them.

“We believe that agency should be on the user, not on the LLM,” says Espín-Noboa. She uses the example of Google’s Gemini image generator overcorrecting for biases – representing American founding fathers (and Nazi soldiers) as people of colour after one update, and leading to it being temporarily suspended by the company. 

Instead of having tech companies and programmers make sweeping decisions on the model’s output, users should be able to pick the issues most important to them.

The bigger picture

Research such as that going on at the Complexity Science Hub is happening across Europe and the world, as scientists race to understand how these new technologies are affecting our lives.

Academia has a “really important role to play”, says Lara Groves, a senior researcher at the Ada Lovelace Institute. Having studied how audits are taking place in various contexts, Groves says groups of academics – such as the annual FAccT conference on fairness, transparency and accountability – are “setting the terms of engagement” for audits.

Even without full access to training data and the algorithms these tools are built on, academia has “built up the evidence base for how, why and when you might do these audits”. But she warns these efforts can be hampered by the level of access that researchers are provided with, as they are often only able to look at their outputs.

Despite this, she would like to see more assessments taking place “at the foundation model layer”. Groves continues: “These systems are highly stochastic and highly dynamic, so it’s impossible to tell the range of outputs upstream.” In other words, the massive variability of what LLMs are producing means we ought to be checking under the hood before we start looking at their use cases. 

Other industries – such as aviation or cyber security – already have rigorous processes for auditing. “It’s not like we’re working from first principles or from nothing. It’s identifying which of those mechanisms and approaches are analogous to AI,” Groves adds.

Amid an arms race for AI supremacy, any testing done by the major players is closely guarded. There have been occasional moments of openness: in August, OpenAI and Anthropic carried out audits on each other’s models and released their findings to the public.

Much of the work of interrogating LLMs will still fall to those outside of the tent. Methodical, independent research might allow us to glimpse into what’s driving these tools, and maybe even reshape them for the better.

Source

A report produced for the government has today set out nine core recommendations for how the UK can strengthen its burgeoning cyber security sector to fuel resilience and growth across the economy.

Written by experts at Imperial College London (ICL) and the University of Bristol, and drawing on consultations with nearly 100 members of the cyber community, the UK cyber growth action plan slots into the government’s Modern Industrial Strategy, and will feed into an ongoing refresh of the National Cyber Strategy.

The report says that although the UK’s cyber sector remains on an upward trajectory, with jobs and revenue both rising by over 10% and gross value added (GVA) by over 20% in the past 12 months, taken as a whole, cyber is still undervalued. It describes “significant untapped potential” to go further still.

“The cyber security sector in the UK has significant growth potential, and there are clear roles for both government and the private sector identified … to contribute to tapping into that potential,” said Nigel Steward, director of the Centre for Sectoral Economic Performance (CSEP) at ICL.

“Supporting the sector isn’t just an economic opportunity, it’s essential for our national security and the resilience of businesses, so we at CSEP are very happy to have been able to produce this independent report in partnership with the University of Bristol to support the government’s Modern Industrial Strategy.”

Guy Poppy, pro vice-chancellor for research and innovation at the University of Bristol, added: “The UK’s cyber sector is a driver of innovation, resilience and economic growth. This action plan provides a timely roadmap, recognising how emerging technologies will shape future challenges and opportunities for stakeholders. It sets out a framework for research, skills and collaboration to turn innovation into growth and nationwide impact.

“By combining academic excellence with enterprise and policy engagement, we can help build a stronger, more resilient cyber ecosystem.”

Three pillars, nine recommendations

Each of the nine core recommendations is organised around three pillars – culture, leadership and places, designed to be implemented together to maximise their impact and force change at a systemic level.

The report’s authors caveated this by saying these are not designed to be exhaustive, and given how quickly the report was researched and compiled, it is likely that further work will be needed to create more granular recommendations.

On the first pillar, culture, the report recognises that growing British cyber businesses will depend on better interaction between product and service suppliers, and security buyers and leaders, and the first three recommendations are designed to address this.

• First, government and stakeholders should review incentives and validation routes available to cyber businesses to help make it easier to navigate complex cyber demands and build a culture that helps organisations grow;
• Second, government should stimulate growth by setting expectations on reporting cyber risk, encouraging uptake of cyber insurance and principles-based assurance, and possibly mandating the use of accreditations such as the National Cyber Security Centre’s (NCSC’s) Cyber Essentials scheme;
• Third, cyber professionals should be engaged in civil society on their role in national resilience and prosperity to foster public participation in security. They could, for example, emphasise the role security teams at critical infrastructure operations play in keeping the nation’s homes lit and warm. This effort would also include shoring up cyber skills initiatives at schools and colleges to develop future talent.

On the second pillar, the report recognises that cyber leaders today tend not to be very focused on connecting supply and demand for sector growth. The fourth, fifth and sixth recommendations set out to address this.

• The report recommends the appointment of a UK cyber growth leader to coordinate across the security sector and in the government. This role would encompass some duties previously held by the now-defunct UK cyber ambassador in promoting exports in support of the country’s national security, as well as a responsibility for driving forward a plan to prioritise cyber growth and integrate it into various policy areas;
• Next, it calls for the appointment of “place-based leaders” who can convene and drive local cyber security growth initiatives and outcomes. Ideally, these individuals will have significant experience in the industry. Although they will work with the cyber growth leader, they should remain independent from all levels of government;
• Then, the government should expand and better resource the NCSC, which the report’s authors describe as a “crown jewel” for cyber resilience, using its deep expertise in support of cyber growth, business guidance and validation, and technological research.

The third pillar recognises the role of “places” in innovation and growth. On this basis, the final three recommendations are designed to help attract cyber investors, shape research and development (R&D), and build relationships to help new security businesses get up and running.

• Place-based leaders should be in place to develop future-oriented communities that bring together security pros and chief information security officers, academics, small and large businesses, government, and other stakeholders, to share perspectives and pursue solutions to security challenges. The goal here is to help initiate and deliver innovative projects, building a “culture of anticipation”;
• Places should nurture distinct tech areas by being strategic in prioritising technologies and their areas of application based on local strengths and sector connections, aligned to government strategy. The goal here is local security strengths for local places that together are more than the sum of their parts and contribute to UK-wide growth;
• Finally, places should create safe spaces or sandboxes, with on-tap infrastructure and data for various stakeholders to explore, create and conduct exercises such as role-playing cyber wargames. The goal here is not just to help create new initiatives, products and services, but to foster broader capabilities to serve in times of crises, should they arise.

All of these recommendations are underpinned by two principles – that the UK’s security sector should act as one team, and celebrate, build on and capitalise on the social capital in the cyber community, and that the benefits of cyber resilience and growth should always be recognised during discussions of value for money.

“The message from across the sector is clear,” said Simon Shiu, professor of cyber security at the University of Bristol, who led on the report’s creation.

“The UK has the talent, ambition and opportunity to lead in cyber security. We can do this by aligning growth with resilience, and making strategic choices that benefit the whole economy.”

NCC Group CEO Mike Maddison added: “The UK’s Cyber growth action plan is a bold step forward, recognising cyber not just as a technology, but as a strategic enabler of national resilience and economic growth. It builds on the Industrial Strategy’s clear message: cyber is a frontier industry.

“This plan sends a powerful signal to our clients and partners. It shows that the UK is serious about scaling innovation, investing in skills and commercialising research. And it confirms what we have always known, that cyber security is essential to the future of every sector.”

Source