Radovan's Blog

Central Brain of Humanity

There seems to be a lot of misunderstanding regarding GenAI. Overall, benefits of GenAI are vastly overrated, while the limitations are not clearly understood. Let me digress a bit.

Back in 1980s, Czechoslovak television broadcasted an excellent sci-fi series "Návštěvníci" (Visitors). The series starts in year 2484, in an utopia supported by Central Brain of Humanity (CML - Centrální Mozek Lidstva). Central Brain of Humanity is a supercomputer, capable of superhuman intelligence. Its insights have brought peace, prosperity and safety to the humans of 25th-century Earth.

It looks to me that the general public thinks GenAI is some kind of Central Brain of Humanity. Quite surprisingly, even many people with technological backgrounds seem to think about GenAI in a similar way. However, current GenAI is lightyears away from human intelligence, let alone superhuman intelligence. GenAI does not really think. Certainly, it can talk, paint, create music, and do a lot of other impressive things. Yet, it cannot really think.

Large Language Models (LLMs) that are at the core of the mainstream GenAI systems are just sophisticated language processors. The LLMs do not understand what an "orange" is. They do not understand that it can refer to both fruit and color. They really understand nothing. All they do is to relate the word "orange" to other words, mostly words that it has seen during its training. Certainly, if you ask LLM to explain what an "orange" is, it will (correctly) describe it as fruit, color and tree. However, this answer is not based on understanding. It is based on content of dictionaries and encyclopediae that the LLM processed during the training. It does not describe "orange" as fruit, color and tree because it understands these concepts. It describes it in this way because it has seen these words used together during its training.

LLMs are repeating what they have seen. AI critics like to joke that LLM is just a glorified autocorrect. That statement is not entirely wrong. LLMs are excellent at talking, which makes an impression. Unfortunately, they are much worse at doing, such as providing insights, information or knowledge. Would you rather rely on an grumpy old expert with deep understanding of the subject matter, or a gentle smooth-talking performer who has no idea what he is talking about? I guess the answer is very clear. General public is going to choose the dim-witted smooth operator every time. This is the danger of GenAI.

Current AI is no Central Brain of Humanity. It is quite limited, biased, hallucinating language processor with very limited transparency, and significant environmental impact. However, the LLMs can still be useful, when used correctly. The problem is that it is very difficult to use them correctly. The key is in understanding the limitations of the technology, and resisting its influences to lead you astray from robust knowledge and facts. However, this is much harder to do than it seems. Many people are going to learn this the hard way. Even more people are not going to learn that at all, to the detriment of us all.

Broken US Personal Data Protection Is Likely To Hit Europe Hard

Personal data protection is a big thing, particularly in Europe. However, it is under a serious threat right now. In the US, the data protection is enforced by the Department of Commerce (DoC) and Federal Trade Commission (FTC). Existing data protection structures are being heavily affected by current US administration. The data privacy framework (DPF) that ensures adequate level of data protection in the US is endangered. Given the speed at which Trump administration is going, there is no telling what exactly happens and when it happens. It may happen any day. It may even have happened already. Once the DPF is gone or crippled, European Commission will be forced to react, suspending or repealing adequacy decision for data transfer to US [EU 2023/1795 Article 3(5)]. In that case, personal data transfer to US would not be legal any more, not in the same way it is legal now. The details are difficult to predict. However, it is very likely that this is going to dramatically complicate everything. Once the adequacy decision is suspended or repealed, it is not clear whether data protection could be secured by contractual means. European companies must be prepared for the possibility that transfer or personal data to US would not be GDPR compliant.

Almost every meaningful interaction with almost any service involves personal data. If transfer of personal data is not legal, this could render use of such service completely illegal. As many European companies rely on US technology, the consequences could be devastating. It is quite clear that this is the time for European companies to migrate away from US technology.

What should European companies do?

  1. Do not panic. Not yet. There is still some time. Create plans. Get prepared.
  2. Immediately stop any new deployments of US technology. Stop all purchasing activities involving US technology. Put it all on hold. Data migration is always difficult. The only easy migration is the one that you do not have to do at all. Therefore, stop all projects before you put any data into the systems.
  3. Create inventory of all your software and cloud services, or update it if you already have one. Make sure you know zone of control for every service, particularly whether it is US company or European company running it. Also note location of data. Many US companies have European datacenters.
  4. Identify which software and services are critical for your organization. Prioritize the list. Things may easily get very tough, you will not be able to migrate all the services at once. You will need to focus on important ones first.
  5. Backup data from all the services, starting with critical services. Do it now. Do not wait. Do not rely on backup mechanisms provided by the service operator, such backups may be gone tomorrow. Store backups in a trustworthy place, ideally on your own premises. If that is not possible, store the backup in a different zone of control than the provider resides in. E.g. store backups of US services on European servers which are under control of European company.
  6. Look for alternative services, at least for the critical services run by US companies. Try the alternatives. Do not just read about them, try them. Even if it does not look good at the first sight, still give it a try. You are not looking for a perfect replacement. You are looking for something that is good enough to keep your business afloat.
  7. Once the alternatives are identified, create an "exit and migration plan". Migration is never going to be easy. You will need to customize the new system, migrate the data, adjust processes, rework integration points, re-train users. Consider possibility that one alternative service may replace several existing services, at least temporarily.
  8. If you still have time, migrate some of the services, to check whether the plan works. Choose smaller, non-critical services. Selecting a service where the migration makes economic sense (saves money) is a smart move.
  9. When the time comes, execute the plans.

NOTE: It is control that really matters, not location. It does not really matter if the data are stored in European data centers, if they are controlled by US company that is subject to US legislation. In current situation, US legislation, and especially its enforcement, is more than unpredictable. This creates a huge risk. However, if data are located in European data centers, it may give you some extra time to migrate - at least from a legal point of view.

What alternative services should you choose? That is a very difficult question. European IT services are not as numerous, widespread or advanced as US services. However, there is one important thing to consider. Open source is secret strength of Europe. There are several good open source alternatives for US services. In particular:

This list is by no means complete. In fact, it is just a couple of projects that I know from personal experience. Look around, you are certainly going to find much more options.

Do not be afraid to go for on-premise software if needed. Open source software is usually not difficult to deploy on-premise, on in similar self-hosted environments. E.g. our company (Evolveum) is self-hosting pretty much all the software that we need to do business.

This is all going to be quite hard, for everybody. Dependencies on cloud services are extremely heavy. There are no good solutions for eliminating heavy dependencies. Creating such dependencies without appropriate exit strategy was not a wise decision in the first place. Now it is time to pay the dues. This problem is recognized by some regulations already (e.g. EU 2022/2554 (DORA) Article 28(8)). Prepare everything in advance, that is the best thing you can do now.

However, it is not all bad. Preparedness can be a major competitive advantage. Your competitors may be knocked out, paralyzed by the migration, or crushed by subsequent GDPR fines. If you are well prepared, you may get out of this crisis, stronger than ever. It is all about your approach, your commitment and your persistence.

Ten Years of Evolveum

Ten years ago we have established Evolveum, a company dedicated to open source identity management. I took this opportunity to write down the story of our early days, as a series of Evolveum blog posts:

See all posts
Mastodon