Can we really trust AI with our secrets?
For some time now, a question had been nagging me. Not about Shakespeare, quantum physics or football’s offside rule. About ChatGPT itself.
So, the other day, I decided it was time to put the accused on the witness stand.
So I asked:
“Data security today is a myth. Names, addresses, phone numbers, shopping habits and personal preferences have become a multi-trillion-dollar business worldwide. Consumer data is routinely bought, sold, and exchanged. Under these circumstances, what assurance do I have that the personal information and confidences I share with you will not one day be exploited by your owners, who are, after all, a large commercial enterprise?”
It was one of those questions that deserves either a very awkward silence or a very polished corporate assurance. Instead, ChatGPT did something rather unexpected. It essentially replied:
Don’t trust us blindly. Understand the risks. Then decide for yourself.
That may well be the most refreshingly honest answer any digital platform has ever given; humans seldom do.
For nearly thirty years we have all been participating in what might politely be called the Great Digital Confidence Trick. We are told to use strong passwords. Change them regularly. Avoid suspicious links. Install antivirus software. Enable two-factor authentication. Read privacy policies that nobody outside the legal department has ever finished reading.
Follow all this advice, we are assured, and your digital life will be reasonably secure.
Then, every few weeks, another household name announces that the personal data of several million customers has been “potentially compromised.” The word potentially has become one of the great masterpieces of corporate understatement. Sometimes it is hackers. Sometimes ransomware. Sometimes an employee who shouldn’t have had access. Sometimes a contractor who shouldn’t have had the data. And sometimes, rather awkwardly, the company itself discovers interesting commercial uses for information customers never imagined they were providing.
Whether the leak occurs through a cyberattack or a boardroom decision, the outcome is remarkably similar. Our data develops an active social life without consulting us. Now, if organisations with billion-dollar cybersecurity budgets cannot promise absolute safety, and some are themselves accused of monetising customer information in imaginative ways, what exactly are the rest of us relying on? Hope and a prayer?
The truth is, every online purchase, every search, every loyalty card, every location ping, every app we install and every website we visit contributes another tiny tile to a giant mosaic of who we are. Individually these pieces appear harmless. Collectively they know where we shop, what we read, whom we vote for, how much we earn, where we travel, what worries us, what excites us and, increasingly, what we are likely to do next Tuesday afternoon. Entire industries have been built on assembling these fragments. Most of us contribute enthusiastically, often in exchange for a discount coupon worth ₹150. Artificial intelligence, however, changes the game.
Google mostly watched us. But AI encourages us to talk. Now that is a very different relationship.
We discuss business strategies, unfinished manuscripts, legal disputes, family disagreements, financial dilemmas, health anxieties, career decisions, brilliant ideas that may not be quite as brilliant the following morning, and occasionally our deepest existential crises before breakfast. The conversation feels surprisingly natural. The interface is warm, patient, encouraging and, irritatingly often, quite useful. Before long, many people find themselves telling an AI things they would hesitate to mention to a neighbour, a colleague or, in some cases, their spouse.
Which inevitably raises an uncomfortable question. If AI knows so much about us, what stops all that knowledge from becoming just another commercial product? The answer, unfortunately for both evangelists and doom merchants, is neither simple nor dramatic.
Companies building AI systems generally state that they do not sell users’ personal information. Their revenues come largely from subscriptions, enterprise services and APIs rather than advertising built around individual users. They invest heavily in encryption, access controls, monitoring and security. Many allow users to opt out of conversations being used for model improvement. Enterprise customers typically receive even stronger contractual privacy protections.
All of that is reassuring, even if none of it is a guarantee.
Then again, similar assurances have been offered by banks, insurance companies, hospitals, telecom operators, airlines, retailers, universities or government departments about our data privacy. They all tell us our information is perfectly safe. Yet somehow our phone numbers acquire remarkable popularity among telemarketers we have never met.
The uncomfortable truth is that no responsible technology company can honestly promise that misuse, cyberattack or legal disclosure will never occur. Any company making that promise probably deserves more suspicion, not less. Security is not a destination. It is a probability. A moving target. A continuous attempt to stay one step ahead of people who have made it their full-time profession to stay two steps ahead. Perhaps our greatest mistake has been demanding certainty where certainty simply does not exist.
We cheerfully hand dozens of mobile apps permission to track our location, contacts, photographs, microphones, browsing history and shopping habits. Then become deeply disturbed because an AI remembers what we were discussing five minutes ago. There is perhaps a tiny inconsistency there.
None of this suggests we should become complacent. Quite the opposite. Conversational AI makes digital common sense more important than ever. Passwords, banking credentials, government identity numbers, confidential business information and highly sensitive personal details deserve exactly the same caution they always have. Just because an AI feels like an intelligent colleague does not mean it should become the world’s most sophisticated confession box. Trust in the digital age cannot rest on faith. It has to rest on transparency, technical safeguards, legal accountability, independent oversight and informed choice. Companies must earn trust continuously rather than advertise it.
Users, meanwhile, have to accept that privacy can no longer be outsourced entirely to technology companies. Unfortunately, technology companies have also ensured that refusing to surrender our data is often about as practical as refusing airport security. Most of us click “Accept All Cookies” not because we have read the options, but because we would like to reach the website before retirement.
The irony is delicious. We spend endless hours worrying that artificial intelligence may become too intelligent. Perhaps the more immediate concern is that we have become rather careless with our own intelligence.
My conversation with ChatGPT did not convince me the privacy problem has been solved. Far from it. It merely convinced me of something more modest and, I suspect, more useful. Healthy scepticism is not cynicism. We need neither blind faith nor permanent paranoia. We need informed trust. It may not sound as comforting as an iron-clad guarantee.
But in a world where absolute digital security probably belongs in the same category as calorie-free gulab jamuns, it is about as honest an answer as any of us are likely to get.
Disclaimer
Views expressed above are the author’s own.