Department of Defence staff accessed artificial intelligence (AI) chatbot ChatGPT’s servers thousands of times without department approval since the service was launched, documents reveal.
Defence has since restricted access to the web domain of ChatGPT’s owner, OpenAI, to prevent data or privacy breaches from its use.
A freedom of information request lodged by Crikey found that Department of Defence devices (including computers and smartphones) had connected to webpages with the OpenAI.com domain 5630 times between December 1 2022 and June 30 2023.
OpenAI.com hosts the company’s AI products, including ChatGPT, which first launched on November 30 2022; text-to-image generator DALLE-2; GPT-4; and OpenAI’s other webpages.
The documents note that each connection involved defence users “accessing the domain through the online web interface”, appearing to exclude connections through third-party services or through OpenAI’s smartphone apps.
The department’s accredited decision-maker David Evans also provided additional information about its ChatGPT policy in a letter accompanying the document released via the FOI request.
He wrote that the department has not approved access to OpenAI’s products and has limited access to “online AI services such as Chat GPT [sic]” on defence devices: “This is to prevent a loss of control of classified or privacy information.”
Evans and the released defence document both state that the 5630 requests include instances of connections to OpenAI’s servers made before the department’s decision to restrict access.
The department acknowledged receipt but did not respond to Crikey’s media request asking it to specify which connections were made before the restriction, when the controls were put into place, and what, if any, were the “legitimate business or operational requirements” listed for allowing access despite the restrictions.
There is no government-wide advice for federal departments regarding the use of generative AI products such as ChatGPT. Earlier this year, the Digital Transformation Agency said public service experimentation with the services was “not discouraged” but warned that a full evaluation of potential risks should be carried out. The Home Affairs Department has experimented with using ChatGPT, but another FOI revealed that it had not kept a record of its input into the OpenAI product.
Greens Senator for NSW and digital rights spokesman David Shoebridge said the large number of connections showed the “horse had already bolted” before defence had acted.
“This again highlights the lack of any credible government-wide policy to address security concerns with these emerging technologies,” he told Crikey in an email.
Shoebridge called for new policy and regulation for the use of generative AI in government before more information is uploaded to these services: “Defence holds bucketloads of classified information and yet a platform with well-known privacy concerns is being used without refined security controls. This is truly disturbing.”