- Introduction
This Insight explores the legal application of Large Language Models (LLMs) in the American national security operations context.
2. Scope of the Analysis
The analysis explores the use of LLMs in military operations planning, intelligence assessment, and counter-threat strategy, as for example, Defense Llama – a custom LLM based on Meta’s Llama 3, developed by Scale AI, Meta, and the US Department of Defense and employed exclusively within controlled US government environments.
3. Identification of the risks
Let us take a look at the main risks associated with LLMs used in defense, such as Defense Llama.
a) Data Poisoning
Data poisoning is an adversarial attack aimed at manipulating a model’s training dataset to influence its predictive behaviour. The current scale of models, with billions of parameters, presents a challenge in ensuring the integrity of the terabytes of data, making it difficult to prevent its corruption.
Given that such models are responsible for analysing intelligence and making strategic decisions, poisoned data could have catastrophic consequences that threaten national security.
b) Privacy Concerns and Fragmented Regulations
Similarly, LLMs process military-specific information, which raises significant data privacy concerns. Military networks handle classified and sensitive information. Using such data to train the model increases the likelihood that confidential information may be inadvertently included, increasing the risk of unintended exposure.
This problem is exacerbated by the lack of a unified and precise legal framework, particularly given the complexities of federalism. Currently, AI regulation in the US is fragmented at state level, consisting of various state and federal bills that typically address only specific aspects, with no overarching AI Act in place.
4. Analysis of the Potencial Impact of Risks
a) Data Poisining
The risk of data poisoning in defense-focused LLMs can undermine decision making. If trained on compromised data, the models may produce biased or inaccurate outputs, resulting in flawed military/intelligence operations – agencies like CIA, FBI, and NSA would be severely impacted.
This is also linked to the spread of misinformation. For example, corrupted data can deliberately introduce false information into the model, compromising its ability to detect fake news or propaganda. This could lead to misinterpretation threats, misallocating resources, and enabling adversaries to spread disinformation more effectively, while the technology fails to detect it.
b) Privacy Concerns and Fragmented Regulations
The disclosure of sensitive or classified military information during the development of the LLM poses an additional threat to national security, as leaks could provide adversaries with valuable insights into military strategies, capabilities, and operations. Moreover, they could exploit the exposure of sensitive data to counter planned actions, gain strategic advantage, or target critical systems.
Although uncommon, LLM may potentially use personal data for surveillance or biometric recognition purposes. A data breach involving personal information would constitute a violation of fundamental civil rights under the Privacy Act of 1974. Specifically, 5 U.S.C. § 552a(i)(1) stipulates that any unauthorised disclosure of personal data could result in penalties of up to $5,000, being classified as a misdemeanour.
Furthermore, the risk of data leakage, coupled with an incomplete legal framework for LLMs, increases vulnerability to cyberattacks. In the absence of tailored cybersecurity guidelines, malicious actors could exploit weaknesses in the technologies with minimal consequences.
At the national level, inconsistent AI safeguards and the absence of unified policies pose significant challenges. Varying state and federal regulations can make it difficult to align these types of LLMs with multiple standards, resulting in fragmented and unreliable security measures. This legal ambiguity makes it difficult to establish clear liability and response protocols in the event of a failure.
At the international level, while nations like those in the European Union advance their AI regulations, the US risks falling out of sync with its allies. This disconnect could undermine trust and damage cooperation, as international partners may be reluctant to share sensitive AI systems or data with an entity perceived to have security vulnerabilities.
5. Measures to Prevent or Mitigate the Risks
Three risks have been identified: data poisoning, privacy concerns, and fragmented regulation. Addressing the third risk can help mitigate/prevent the first two.
It’s crucial to note that we’re not dealing with European-based technologies. The US operates under a common law system, in which case law plays a central role. Judicial decisions in the US carry similar weight to statutes and regulations. Therefore, while a unified AI policy is ideal, this system allows for alternative approaches.
Moreover, case law and its precedents will be effective in developing a potential legal framework.
Let me start by looking at how we can prevent/mitigate the risk of data poisoning. It’s important to refer to the Computer Fraud and Abuse Act (CFAA), the primary federal law addressing unauthorised access to computer systems. Under this law, data poisoning in a national security context could be regarded as unauthorised interference, subject to penalties.
The first conviction under this Act occurred in 1991 with the case United States v. Morris. The case clarified that unauthorised interference with a computer system, even without malicious intent, could be prosecuted. It also helped define ‘unauthorised access’, under the CFAA, setting an important legal precedent for future cybersecurity cases.
Let us now turn to privacy breaches within the American context.
When privacy breaches involve datasets used in military/defence applications, resulting in the disclosure of classified/sensitive defence information, they may fall under the Espionage Act of 1917. This act addresses the unauthorised communication of defence-related information with the intent to harm national security, as well as intentional acts that could undermine military effectiveness.
The case United States v. Chelsea Manning (2013) serves as an important precedent, reinforcing the application of the Espionage Act of 1917 to prosecute digital leaks of classified information, not just traditional espionage.
Beyond the legal perspective, a comprehensive data integrity strategy is also required. To mitigate risks such as data poisoning/breaches, a multifaceted approach focused on ensuring data integrity is critical. This includes implementing rigorous data vetting protocols to confirm datasets are sourced from trusted providers. Additionally, anomaly detection techniques can identify suspicious patterns, while metadata verification ensures the data’s provenance remains reliable and traceable.
This strategy is further supported by US government initiatives and legal frameworks, albeit in a generalised form. The US Executive Order on Safe, Secure, and Trustworthy AI emphasises risk mitigation in AI development and deployment. It mandates red-teaming and rigorous testing to identify vulnerabilities, paticularly in models that could be misused in defence/cybersecurity contexts. Furthermore, it advocates for privacy-preserving techniques to safeguard data during processing and minimise exploitation risks.
In addition, the National Cybersecurity Protection Act of 2014 led to the establishment of the National Cybersecurity and Communications Integration Center (NCCIC), which is tasked with providing real-time mechanisms for sharing information about risks and incidents, as well as implementing safeguards against unauthorised access.
6. Periodic Review of Measures and Final Remarks
Recent advancements in LLMs underscore the critical need to address the associated risks. A robust data integrity strategy, coupled with US case law and established legal precedents, provides a solid foundation for the development of a coherent AI policy. Such measures would ensure a multi-layered defence against potential threats to LLMs, enhancing their resilience and safeguarding their integration into broader technological and legal contexts. Ultimately, it would strengthen international cooperation between the US and other countries, fostering trust and alignment in addressing global AI and cybersecurity challenges.
