Article by Tiago Sequeira Mousinho for RHmagazine by IIRH.
Practical reality is (much) more creative than the author of this text. Therefore, for reasons of ease of exposition, we propose (1.) to outline some school cases (whose similarity to reality is mere coincidence, as some film classics tell us), followed by (2.) some concepts and purposes that are relevant here and, finally, (3.) some proposed solutions.
So let’s see:
1. Let’s start with some examples…
Abel, known at work for his mastery of new technologies, used some photographs and audios he had of Bela, a work colleague, without her permission, to create videos with a very suggestive content. To do this, during his lunch break and in his employer’s canteen, he used an application (‘app’ or ‘software’) on his smartphone to create these videos which, according to him, were a mere ‘joke’.
Xavier, a worker known for managing customer accounts in an ‘almost automatic’ way, received a request in his email inbox during his first hour on the job to send a list of customers who had requested a price review in the last three months. Xavier noticed that the request ended with ‘can you please get on with this task?’, a typical phrase from his line manager, but he didn’t confirm that the email address, although apparently the same, only had a different character. In fact, he promptly sent this list to a stranger, claiming that he was following an express and direct order from his superior.
Mário, a talented computer scientist who was on notice until the date of termination of his employment contract, decided to hack into the computer system of his (still) employer company ‘XPTO’ to make some ‘tickets’ requesting computer assistance, in order to access his colleagues’ computers and thus have a legitimate record of access. He also simulated some audios on professional Whatsapp to reinforce this legitimacy. In effect, he extracted all the commercially sensitive information and managed to conceal the whole extraction phenomenon.
Now what?
2. Deepfakes: What is it? What is it for?
This already ‘traditional’ view of what a ‘deepfake’ is can go even further, applying not only to videos, but also to sounds, or even to someone’s writing, replacing that person (almost) in their entirety – giving the appearance of being real.
In these terms, we’re talking about a manipulation – through technological, digital means and sometimes using artificial intelligence – of Being or reality, in order to create an appearance in someone else – making it possible to create an effect or result, making it possible to obtain a behaviour (action or omission).
behaviour (action or omission) of the person who is the object of this manipulation process.
While it is true that a YouTube video simulating Donald Trump or even Barack Obama is the subject of study, admiration and even humour… it is also true that the facilitation and dissemination of this type of technology and, in some cases, the use of artificial intelligence, can prove to be very harmful and, in some cases, fatal, e.g. to a person’s dignity and image (or good name), to their ‘incrimination’, or to the protection of intangible assets, such as a trader’s business secrets.
The risks will be no different in the workplace and during working hours – whether for the protection of workers from possible scenarios of moral or sexual harassment, or the disciplinary repression of these offences, or for the protection of employer companies from certain phenomena of attack and disorganisation (unfair competition), violation of business secrets, or even industrial espionage.
3. How to react? What to do? (Some proposals)
In the labour context, it should be emphasised that employers have a duty to make the workplace and working environment safe, both physically and psychologically. In fact, in order to avoid constraints, contingencies and risks, they can use their regulatory and disciplinary powers. They can also provide training and culturalisation on issues that could affect the workplace: in this case, the invasion by deepfakes. In addition to these acts of a more legal nature, we can think of others of a material nature, such as strengthening the company’s digital space, investing in more robust technological mechanisms capable of dealing with new threats, whether internal or external.
Algumas empresas, além-fronteiras, passaram a definir programas de formação e de cultura sobre os riscos das novas tecnologias, apostando na proteção no meio digital e na cibersegurança. Outras, apostam em políticas de uso da conta de e-mail profissional, ou do uso dos smartphones e Iphones durante o tempo e no local de trabalho, assim como o uso das redes sociais e dos aplicativos na empresa. Mais recentemente, fala-se de um fenómeno de e-discovery laboral, que no fundo, vem inovar em matéria de prova digital e de registo eletrónico de informação – para, precisamente, dar resposta ao complexo problema de recolha de prova e arquivo.
Se é verdade que a criatividade e a inovação podem constituir ameaças, nalguns contextos, não deixa de ser igualmente verdade que estas duas noções podem (i) prevenir, por um lado, ou (ii) dar uma resposta executória. Compete-nos, pois claro, dedicar alguma atenção aos futuros desenvolvimentos.