惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

Privacy International News Feed

Humanless Resources? Uncovering AI recruitment software When algorithms go to war PI’s submission to the UN Working Group on the Use of Mercenaries Collateral Damage: Claude Mythos and the Privacy Risks of AI Key highlights of our 2026 results by season World Food Programme expand Palantir partnership Time to address the human rights implications of AI in the military domain Bad Vibes: AI coding tools and privacy issues How New EU Access to Documents Rules Can Reduce Transparency and Shield Big Tech Privacy International’s submission to the UN High Commissioner for Human Rights on the protection of human rights defenders in the digital age Collateral Damage: Grok AI and the Human Cost of Generative AI Dual-use tech: the BAE Systems example Dual-use tech: the Lockheed Martin example Voter Disenfranchisement: A Privacy Issue What is digital fingerprinting: Is my device ever truly anonymous? Moving Goalposts: Football, Facial Recognition and the Expansion of Surveillance Dangerous data The ILO Convention on decent work in the platform economy Challenging the militarisation of tech: a visual explainer Are IP addresses personal data? PI seeks to inform inquiry of UK Joint Committee on Human Rights on human rights and AI Transparency and explainability for algorithmic decisions at work Our key achievements from 2025 Joint Statement on New Finnish Social Welfare Laws’ Human Rights Implications Privacy International’s remarks at the side event of the 61st Session of the UN Human Rights Council on the Human Rights Impacts of Using Artificial Intelligence in Countering Terrorism What does it mean when Big Tech goes to war? Privacy International & Women on Web - Securing Reproductive Justice: A Guide to Digital Privacy for Sexual and Reproductive Justice Activists
From Big Oil to Big Algorithm: Public Money in Private Models
tech-admin · 2026-05-05 · via Privacy International News Feed

Between the UK government’s announcement that it will commit £1b to AI-related infrastructure, the EU’s launch of ‘InvestAI’ to mobilise EUR200b of investment in AI and the US Pentagon offering $200M contracts to AI companies like Anthropic (then OpenAI), Google and xAI, we are seeing a rapidly growing fervour among national governments to reap the perceived promises of artificial intelligence (AI). This government buy-in of AI in the form of massive investments and regulatory capture recalls previous trends of governments buying into and subsidising the oil and gas industry, the tobacco industry and the coal industry, often at the detriment of its own citizens. So, are we to wonder: is AI the new oil?

While some have previously responded to AI as regulators (e.g., the EU and the EU AI Act), the pro-regulation tides are shifting under threat by the AI race. The US and increasingly the UK are responding as customers and business partners, and the EU is caught in the middle of falling behind home-grown AI development at the risk of relying on AI developed on U.S. soil, while also juggling its commitments and cultural identity of regulating the harms of AI. These ‘GovTech’ relationships are still in their nascent stages, and only time can tell how they will play out in practice. However, it is precisely at the genesis of this GovTech era that we should scrutinise the potential risks and harms to privacy that government uses of AI could create.

In this article, we will discuss what we know so far about the state of GovTech and the larger concerns of what we don’t know. We conclude with precautions about the lack of transparency and lack of standardised deployment guidelines for governments utilising AI, with a mind for the geopolitical influences behind this GovTech advancement and the collectivised market power of the top companies dominating the AI market.

The current state of play: what we know so far

The UK’s plans for AI, as articulated in its AI Opportunities Action Plan, are aimed at driving economic growth in the country and the performance of public services (e.g., providing administrative tools for civil servants). This plan covers a wide range of departments and emphasises the government’s urgency to:

  • Invest in computing and data infrastructure and talent;
  • Have the public sector ‘pilot and scale’ AI services across various sectors of the economy; and
  • Have the government be ‘the best state partner to those building frontier AI’ (i.e., build homegrown AI).

The UK government has already been quick to build relationships with third-party vendours, such as signing a deal with OpenAI and establishing a Memorandum of Understanding between the Department for Science, Innovation and Technology (DSIT) and Anthropic - both to enhance public services. This comes as the government has already been developing an internal arsenal of AI tools, such as:

  • The i.ai incubator, which has built in-house AI tools like ‘Extract’ for urban planning recommendations, ‘Minute’ for transcribing meetings, and ‘Consult’ for sorting and categorising consultation submissions
  • The ‘Humphrey’ suite of tools including ‘Consult’, which is powered by GPT 4o Consult
  • The establishment of the Justice AI Unit for the Ministry of Justice

DSIT categorises these AI products into two uses: productivity tools (like ‘Consult’) and policy tools (like ‘Extract’). Many of these tools are built in-house, but this could include some use of existing APIs (application programming interface) from third-party providers such as OpenAI. Representatives from DSIT describe these partnerships with vendours as ‘collaborations’ and not as ‘procurement’, as they intend to scale up the tool rather than use it as it is off the shelf.

In the EU, we are observing an interesting movement in its regulatory appetite. As one of the earliest entities to initiate legislation around AI, the EU has since shifted into a deregulatory and ‘pro-innovation’ approach. At the AI Action Summit in February 2025, European Commission President Ursula von der Leyen announced the launch of InvestAI, an initiative to mobilise 200 billion euros for investment into AI, particularly the financing of four AI ‘gigafactories’ in the EU for training complex AI models. This suggests the EU’s growing inclination towards ‘homegrown’ sovereign AI rather than the risk of relying on U.S.-grown Big Tech. Already the Commission has announced seven AI Factories worth 10 billion euro, which is apparently the largest public investment in AI in the world, ‘and will unlock over ten times more private investment’.

It remains to be seen how these AI investments - and national AI strategies that member-states like France plan to release - will manifest in practice alongside the phased enforcement of the EU AI Act. This could be a promising scenario to assess how technology can be developed when policy has been prescribed alongside it rather than after it.

The American playing field offers some insights into the GovTech wave as well, especially as pertains to third-party vendours. The U.S. government has been quick to pour investments into top AI players like OpenAI, Anthropic, xAI/Grok, Google, Scale AI and Microsoft.

The U.S. General Services Administration (GSA) announced the launch of USAi in August 2025, ‘a secure platform designed to let employees experiment with popular AI models made by OpenAI, Anthropic, Google and Meta’. The stated purpose of USAi is to allow government employees to voluntarily experiment with an approved suite of AI tools to make their workflows more efficient. According to the USAi website, one agreement with them allows access to multiple AI providers that they have vetted against federal requirements, ‘replacing the need for separate contracts, security reviews, and compliance checks with each vendor’.

The US Federal Government already has requirements for data processing as outlined by the National Institute of Standards and Technology (NIST) in their Federal Information Processing Standards (FIPS) framework, though it remains unclear how these new agreements coalesce with those existing obligations.

Claude, Gemini and ChatGPT were also added to the GSA’s Multiple Award Schedule (MAS) Programme, which:

  • For sellers (e.g., AI companies): Allows them to submit an offer as a contractor so that they can sell their products/services at a pre-negotiated price.
  • For buyers (e.g., federal, state, local, tribal governments): Allows them access to the whole range of approved commercial products/services with ‘fair and reasonable pricing’ and regulatory compliance completed.

In effect, being an MAS contractor acts as a seal of approval for federal buyers looking to adopt the technology so that the buyer does not have to go through any federal compliance checks themselves and can procure straight from the MAS list. Interestingly, OpenAI and Anthropic had announced they would sell their services to the government for as low as $1, which:

  1. Entrenches them as models for use within the government; and
  2. Gives them an advantage to beat out smaller AI companies who could not afford to sell at such a low price.

Doing this cements companies into the governments’ ecosystem in ways similar to how IBM, Oracle and Microsoft have done previously in government. By becoming the incumbent system, particularly if proprietary features are added, it makes migration to alternatives challenging and problematic.

Recent geopolitical intertwining between the U.S. and the UK adds some interesting texture to the developing GovTech space, too. U.S. President Donald Trump’s state visit to the UK in September culminated in a Memorandum of Understanding between the U.S. and the UK for a ‘Technology Prosperity Deal’. The MOU affirms both countries’ ‘common desire to enhance cooperation in science and technology matters that support initiatives of mutual interest that produce tangible benefits to their citizens’. This union between the UK and U.S. perhaps represents an urgency, or at least unified agreement, to advance a pro-deployment rhetoric over heavy-handed over-regulation. Among other provisions, the MOU intends to:

  • Establish joint Flagship Research programs between U.S. and UK departments for AI-enabled science in joint priority areas, such as biotechnology;
  • Advance ‘pro-innovation’ AI policy frameworks and efforts to support AI technology adoption;
  • Promote U.S. and UK AI exports to offer the full stack of chips, data centers, and models;
  • Explore opportunities for collaboration in building secure AI infrastructure and supporting AI hardware innovation;
  • Develop the workforce of the future and ensure U.S. and UK citizens benefit from the opportunities of AI across the supply chain;
  • Advance the partnership between the U.S. Center for AI Standards and Innovation and the UK AI Security Institute towards a shared mission to promote secure AI innovation, including through working towards best practices in standards development for AI models and exchanging talent between the Institutes.

The argument made for deploying AI in the civil service is that it could help cut down on public spending and boost efficiency by better streamlining tedious administrative tasks. However, UK shadow science secretary Alan Mak cautioned that economic mismanagement could preclude any promised benefits. If a council website deploys an AI chatbot to service constituents who opt to speak with a human agent anyway, is the procurement and deployment of that chatbot a responsible use of taxpayers’ funds?

In parallel to these GovAI initiatives, there is a rapid and largely opaque race within military and defence administrations. The recent fall out between Anthropic and the US Department of War has illustrated how the same frontier models are deployed for war and can raise serious concerns around control and accountability. Yet, despite this technological convergence, policy initiatives aimed at regulating for civilian public services often deliberately exclude military and defence uses—most notably under the EU AI Act. This largely artificial institutional separation is not only problematic from a regulatory perpective; it also entrenches the militarisation of technology by masking how AI developed under logics of conflict, secrecy, and exceptionalism can spill over into civilian governance, normalising intrusive practices and undermining citizens’ rights, accountability, and democratic oversight.

What we don’t know, and the privacy risks and implications to citizens

Given the current state of play, what we’re concerned about is how little we actually know about how these AI tools work and what their long-term impact will be to citizens, especially as governments have access to troves of sensitive personal data in order to further develop and fine tune the technology. How are government AI models storing and processing data about public servants, citizens and/or residents of a country, whether in experimental sandboxes or beyond?

There are merits to streamlining tedious administrative tasks, but there are still big questions that must be answered around data privacy, transparency and automated decision-making if the government is about to promote and embed wide-spread agentic AI use for civil services.

Data privacy

On the data privacy front, several questions arise:

  • How will personal data, including sensitive data, be processed and used by the AI tools deployed? What data protection safeguards will be in place to prevent data leakage?
  • When involving third-party vendours, what are the contractual safeguards governments and AI companies have around data processing arrangements?
  • What are the data protection safeguards governing fine-tuning?

Data protection in the govAI context is especially important when we consider how highly sensitive, and sometimes secret, government data might be that could end up being processed by a black box algorithm - e.g., where an employee or colleague lives, any confidential documents that appear in meeting notes, etc.

To understand the data privacy concerns embedded in AI, we first provide a quick explainer about how AI is developed and fine-tuned. Recall that large language models (LLMs) are advanced machine learning models, such as chatbots or AI assistants, designed to understand and generate content like a human being. LLMs are trained on huge troves of data in order to learn complex patterns in language to perform a wide variety of tasks, such as delivering chatbot responses, predicting text in email-writing, or summarising textual or verbal material.