Privacy-protected AI chat on its way to UiO
Do you like trying out new technology, and do you think that UiO was a bit strict when it became clear that you cannot use OpenAI's ChatGPT for work and UiO purposes? Then you can look ahead, because during the summer the IT department will launch its own artificial intelligence chatbot service, GPT UiO, which you can use and still be in compliance with the data protection act and be sure that your data is safe.
What's up?
In November 2022, OpenAI shocked the world with its new service ChatGPT. Finally, you could chat with an artificial intelligence, and actually get seemingly sensible answers. Not only that, it also worked well in Norwegian. As a tool, ChatGPT could provide good support in a number of areas, but at the same time, there are challenges associated with using OpenAI's ChatGPT. As you use it, you provide personal data through logging in and using the service. OpenAI will store all content, both the text you enter (prompts/requests/questions) and answers, in order to train and improve its models, and you may risk your content being leaked and sent to others via the service.
All content in OpenAI's ChatGPT is processed and stored in the United States. This is particularly problematic when processing personal data, in light of the GDPR (personal data protection regulation) and the Schrems II judgment. In the Schrems II ruling, it was decided that US surveillance practices caused insufficient protection for the privacy of EU/EEA residents, and thus the transfer of personal data to the US was deemed illegal.
UiO creates a secure GPT UiO, based on OpenAI's model
To avoid some of these challenges, an interdisciplinary team of legal advisers, designers and developers in the IT department is now working to create a separate, secure GPT UiO. We achieve this by our existing agreement with Microsoft providing access to the Azure OpenAI Service, where OpenAI's GPT models can be used in a privacy-friendly way through an API (application programming interface). The Azure OpenAI Service is set up to run in a data center in Europe. The agreement also ensures that the questions you enter (promts) are neither sent out of Europe nor stored on Microsoft's servers. By using the access we get through the API, we can send questions and receive answers, without you as a UiO user having to leave your own personal data with service provider Microsoft.
As all data is processed within the EU/EEA, UiO has a data processing agreement with the service provider, and neither questions nor answers are stored, risks related to privacy and information security will be minimized when using GPT UiO.
Access with UiO login in browser
In front of the API, we create a separate web interface, where UiO users can log in with their usual username and password from UiO. The web solution itself is completely self-developed by a team of developers and interaction designers in the IT department. The service has been tested on users from UiO during development to ensure that it is easy and intuitive to use. The aim is to have a first pilot ready for use during the summer, so that anyone at UiO who wishes can use the service during the autumn semester. This gives both employees and students access to the GPT models, without them having to leave data about themselves outside their own control with a third party. The chat history will only be stored on UiO's own servers.
With such a solution, we can also give students access to a version of ChatGPT that also safeguards their privacy. This is essential in order to train the students in the use of artificial intelligence tools, and give them experience with both the strengths and weaknesses of such services.
What happens next?
GPT UiO will be ready to pilot for a selection of users when the autumn semester starts. You will be notified with news stories when it is ready for login for everyone. this will happen this autumn. I
But even if we do not use OpenAI's solutions in the USA, the GPT UiO solution which is being developed now can only be used for yellow data (see UiO's storage guide). At the same time, we have to realize that the need for a similar solution that can handle red data could be of great value for research purposes. Therefore, further development will also explore the possibilities of setting up a completely local model that can run on our own servers at UiO.
Be careful what you use GPT data for
Our own GPT UiO is therefore not quite ready for use yet, so until further notice, UiO's guidelines from May this year still apply. Please note in particular that ChatGPT as it exists today cannot be used for UiO purposes (including research and teaching) and that you cannot enter text with personal data in OpenAI's ChatGPT and similar services. The term "personal data" also includes so-called de-identified personal data, such as exam answers.
Please note that we also cannot demand that students/candidates use these services in connection with teaching or other activities imposed by UiO.
So far, several guidelines have been updated with information on the use of AI in the production of text:
-
UiO's guidance for Ouriginal plagiarism control (in Norwegian only) has been updated with information on AI-generated texts and AI detectors
-
UiO's website for source use and references has been updated to emphasize even more clearly that assignments must be your own, independent work.
-
UiO's website on cheating has been updated with information that suspicions of cheating may arise if the answer is generated by ChatGPT or similar.