Good morning [%first_name |Dear Reader%],

It won’t be news to you, but we’re going to say it anyway, ChatGPT is the flavour of the season. 

The web-based chatbot application—owned by San Francisco-based artificial intelligence firm OpenAI and thrown open to the public last November—has been viral for a few weeks now. Ask, and ChatGPT will write you school essays, love letters, office email responses, and even software code. At a level so believable that New York City’s Department of Education has banned access to it on its network and devices. 

It’s also already being seen as a potential competitor to Google Search. And Microsoft, an early investor in OpenAI, is in the process of writing the company a check of US$10 billion. 

It’s not without its issues, though, as my colleague Olina wrote in her excellent edtech newsletter Ed Set Go this Monday. Because for every handful of factual generic answers, it also delivers a few elaborate and sometimes hilariously wrong answers—with utter confidence.  

One of the things ChatGPT is kind of decent at is writing code. But that means it’s now being used by hackers on the dark web to write malware. Cybersecurity firm CheckPoint has already flagged this in its report.

Now, steadily increasing cybersecurity risks have been a reality for a few years, and I suppose adding an AI to the mix is just a natural escalation we should have expected. But it also underscores the critical need for agile policymaking in the space. 

Something, as we’ll see in Anushka’s and Vanita’s piece today, India just isn’t getting right.

The Union government isn’t legislating on cybersecurity, and Telangana is stuck in line

By Anushka Jain and Vanita Bhatnagar

The lead piece of the very first edition of this newsletter last November spoke about how a Union-level cybersecurity policy for India has been stuck in the draft stage for a long, long time. And the lack of one has had a profoundly negative impact on India’s response to cybercrimes and attacks.

The current legal regime continues to follow a fragmented and piecemeal approach to cyber regulation. Essentially a mix of the Information Technology Act, 2000, contract law, Computer Emergency Response Team (CERT-In) directions, and various other sectoral cybersecurity regulations—like the Reserve Bank of India’s (RBI) cybersecurity framework for banks and payment system operators.

This has, naturally, resulted in much confusion, with cybercrimes being prosecuted under oftentime ambiguous or archaic statutes.