Rajnish: Anindya welcome to the podcast and thanks for coming over.

Anindya: Thanks Rajnish and greetings to you and your listeners on world Energy Environment Week. I'm delighted to share my thoughts on the subject, but I would like to just place a key caveat that this should not be construed to be the views of Shell. Thank you.

Rajnish: My first question to you Anindya. How do you think a carbon price can help abate emissions?

Anindya: Yeah, that's a great question Rajneesh and there is a short answer and a slightly more evolved answer, so let me attempt both. The short answer is that greenhouse gas emissions carbon emissions have an externality, and the cost is borne by the society, and not necessarily by the emitter. Carbon pricing strives to place a cost on the emitter and thereby putting the sort of cost where the burden is. But if you sort of dig up a little deeper, the whole carbon pricing policy intervention is a clear nudge that Governments can give to various players across the economy on what they need to do. And there's various aspects that we should explore in this context, first is the competitive disadvantage of the first movers. There are companies right now who are contemplating climate action, but they find that such action involves costs which brings in a competitive disadvantage to them vis a vis with their competitors and therefore they do think twice before implementing major programs. A carbon pricing across a sector will ensure that all sector players are having the same level playing field and start taking the same steps and ideally this moves into an economy wide coverage, so I think that's very important to make sure that the early movers don't get disadvantaged. Secondly, there is a policy outlook signalling that this is very important. Companies right now are struggling to see what the pricing, carbon pricing or any compliance framework will look like in the coming years and decades. So, if the government can clearly indicate that this is going to be the carbon pricing methodology that the government will adopt and how it will progressively change over time, companies will be in a position to make the right technology choices back to green technology and make their investments that are well tested against such a carbon pricing regime. On the case on this case, also another aspect we need to talk about is resource mobilization. So carbon pricing of course also yields resources for the government whether it's a carbon tax or a market based mechanism like the ETS and the government, then can direct some of this to supporting new technologies. Green technologies that are not proven, for example, if it wants to support offshore wind or biofuels but also maybe use it to address the needs of just transition, so there are going to be sections of society which will be burdened by higher cost of the energy transition and some of this will be available for that. Another aspect I think we should also consider when talking about carbon pricing is globally various countries are adopting carbon pricing where there's tax or emissions traded systems and to make sure that there are no carbon leakages these countries are likely to impose a border adjustment mechanism as Europe is considering. So, if Indian companies have to operate or export into these markets then they'll have to demonstrate that they have carbon pricing domestically. So that's very important for Indian companies to achieve, I mean India has a huge trade with Europe for example of 36 or $37 billion and the part of that will get impacted by this. And the other advantage of integrating to global markets is that Indian players will have access to much deeper and wider markets for carbon offsets. For example, they are on the buy side or sell side.

Rajnish: So Anindya I agree with you, I think carbon prices are the talk of the day. Now the big question basically, which is there when you look in the case of India is should India go for a carbon tax or should it go for an emission based or a market based trading mechanism? What do you think are the pros and cons to the two and you refer to that while you're answering the earlier question?

Anindya: Yes, indeed, these are the two popular models which various countries have experimented with over the last several years. So, the advantage for India is that India can certainly benefit from the experiences of these countries and get sort of rich learnings out of it. Carbon tax in terms of implementation is perhaps much less complex, though politically less acceptable because it's it will be very transparently seen to be adding to the cost to the customers or taxpayers, as the case may be also, it needs to sit within the existing taxation framework and jurisdictional sensitivities, and I know Ernst & Young has already presented an analysis on how this can be done. As for emissions trading, there is a possibility that the existing market-based mechanisms for energy efficiency, which is the path scheme and the eCerts and the renewable energy, which is the RPO and RECs, could be brought under a carbon framework which could then be expanded to a functional emissions trading scheme. However, the complexities of the market design that address the needs of a progressive decarbonization without causing market failure needs to be carefully considered.

Rajnish: I agree with you Anindya, I think carbon taxes are easier and as you gave there are pros and cons to each of the approach. Now, given that we have a blank piece of paper in India as of this point of time, what would be your advice to our clients as to how they should think about this and go ahead?

Anindya: Indeed, that's a very important I think question to consider for countries so companies at this point in time as various regulatory changes are likely to happen in the coming future. Well, one can never be certain as to when a compliance framework for carbon will emerge in India, but we have seen a compliance framework in energy efficiency and renewable energy that was successfully implemented. We are also hearing of an RPO type framework for green hydrogen progressive Indian companies are already beginning their decarbonization journeys by implementing internal carbon pricing. CDP's annual report mentions 31 companies already having an internal common price or companies are signing up to the SBTI's or making commitments under RE 100 EP 100 EV 100 type commitments. But to ensure a sustainable future and a social license to operate, companies will need to transparently share their plans to adhere to carbon budgets available so as to achieve the climate action goals agreed by the international community such companies will withstand any shocks that could credibly arise from external carbon pricing, whether through taxes or market-based mechanism.

Back to podcast

Podcast transcript: Cybersecurity in the age of Generative AI: Solving the ethical dilemma

10 min | 05 July 2023

In conversation with:

Prashant Choudhary
EY India Cybersecurity Partner

Pallavi: Hello, this is Pallavi Janakiraman, welcoming you to a new episode of EY India Insights podcast series on ‘Generative AI unplugged’. In today's episode, we explore the ethical dilemma of Generative AI in cybersecurity as that focuses on the delicate balance between privacy and production.

Joining us is a distinguished guest, Prashant Choudhary, Cybersecurity Partner at EY India. He comes with a wealth of experience in delivering cybersecurity solutions to financial services clients across the globe. He is also a client service partner for leading GCCs and financial sector clients at EY India. Welcome to our podcast, Prashant.

Prashant: Thank you, Pallavi, and what an exciting topic! If I look back to November 2022, when OpenAI launched its chatbot Chat GPT, it took the world by storm almost overnight. And today, if I had to give an analogy, we are seeing a very basic version of Generative AI and its capabilities, which is like looking at a Nokia candy phone with absolutely no idea of the feature phone it might evolve into. So, we should not judge Generative AI and its capabilities by what it is able to do today. We should base our conversations on what it can become and do in the days to come.

Pallavi: Like other AI models, Generative AI depends on data to work at its best. To train Generative AI in cybersecurity, the data it will need will be of people from the organizations that have to be protected. Will this not create privacy issues?

Prashant: Of course, there are privacy challenges. While some challenges have been discovered, many more are still coming out as more and more use cases pop up. And it is pervasive across all Generative AIs –Chat GPT, BERT, DALL-E, Midjourney, and so on. The whole model is that you use training data and then the AI comes out with whatever output it is supposed to give. It will give (output) on the basis of the data that was used to train the model. In this business, the source of data is the internet and there is a lot of web scraping involved, which brings the data to train these base models or the Large Language Models (LLMs).

The biggest question is that the data that is available on the internet belongs to a lot of people. While some data is available with proper consent and authorization and can be used for these purposes, some of the data is there because nobody even thought that when I am making a website and putting in details about my business and about myself, somebody will scrape it and use it to train LLM. That aspect itself is still under consideration.

If you go by our privacy regulations, the GDPR (General Data Protection Regulation), or even other leading regulations across the globe, there is always this element involved – if you are using my data, you need to have a legal basis.

Now, the question is what is the legal basis to scrape the data on my website or any other data source which I have, and then use it to train your Generative AI? The second question is of copyright infringement, because my data could be copyrighted. How are you ensuring that that infringement is not being violated? Then there are other concerns such as bias, public safety, and so much sensitive information which goes into train these LLMs. As we peel the onion, when it comes to privacy and Generative AI, there is a long way to go.

Pallavi: Based on our previous question, do you think generating synthetic data could be the solution to dealing with copyright and privacy issues?

Prashant: Synthetic data is a very interesting conversation to address all the copyright, legal, and other concerns when it comes to training LLMs. There are multiple interpretations of synthetic data, but for this conversation, I am assuming that synthetic data is basically when you generate a data using a computer and then you use that to train the LLM. While in first it appears to be a good method because this data will be cheap, it is scalable, and you can generate infinite variants, the challenge is that computer-generated data or synthetic data will always carry the reflections of the algorithm with which it was generated. When you use this data to train the LLM, it will get trained basis the input data. The LLM, hence, may or may not reflect the true state when it comes to its training. Hence, we go back to the point that we can use synthetic data, but we will have to go back and look at how exactly this synthetic data itself was generated.

There are also other conversations taking place such as anonymized or tokenized versions of Personally Identifiable Information (PII) and other information. In that approach, you still scrape the data, but you find out what is personally identifiable information or the other information that falls into the sensitive data set. Then you just replace that with anonymous labels so that exact individuals cannot be identified. If that takes care of PII, privacy, and some other issues, you use this to train your LLM.

Pallavi: Lawmakers across the world are looking at regulations and regulatory bodies to keep Generative AI from going astray or being misused by rogue actors. Could you give us an outline of what is happening around the world in this area?

Prashant: When it comes to regulations for LLMs or Generative AI, one action that is making headlines these days is our management’s decision to reach out to most of the key governments and heads of government and persuade them to put robust regulation to control Generative AIs. In fact, there was another interesting call which came from quite a few influential people that said that we should pause all development in Generative AI technology till the time we really get a handle on how to control this technology for the benefit of human usage.

I would say that the broad spectrum of input coming in is that we need to look at this technology very seriously and that we need to put guardrails around it. Across the globe, there are nascent stages of regulatory inputs are coming in. For instance, (in the US) NIST (National Institute of Standards and Technology) has come out with the AI Risk Management Framework; the European Parliament is pushing for the EU Artificial Intelligence Act; the European Union Agency for Cybersecurity is talking about cybersecurity for AI; the US Securities and Exchange Commission (SEC) is talking about AI, cybersecurity, and risk management. So, a lot of regulations are coming in. The worry is that we should not overregulate it. We should also not under-regulate it. It would be an act of fine balance.

The other point is that this technology is pervasive. It would make sense if there can be a consistent regulation across the globe.

Pallavi: Thank you, Prashant, for providing all these valuable insights on cybersecurity issues. It is clear that as Generative AI evolves, we must navigate the delicate balance between privacy and production to ensure its responsible and secure implementation in cybersecurity domain.

Prashant: Thank you, Pallavi. It was fabulous interacting with you today, and let's do it again in the days to come. Thank you.

Pallavi: And on that note, we come to end of this episode. We hope you found our discussion on Generative AI in cybersecurity insightful. To know more about Generative AI, visit our website and do leave us some suggestions on topics of Generative AI that you would like us to explore. Thanks for tuning in. Goodbye.

Back to podcast

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

EY | Assurance | Consulting | Strategy and Transactions | Tax

About EY

EY is a global leader in assurance, consulting, strategy and transactions, and tax services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EYG/OC/FEA no.

ED MMYY

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Topics

General

People

Back to podcast

Podcast transcript: Cybersecurity in the age of Generative AI: Solving the ethical dilemma

10 min | 05 July 2023

Back to podcast

Welcome to EY.com

Topics

General

People

Trending

Back to podcast

Podcast transcript: Cybersecurity in the age of Generative AI: Solving the ethical dilemma

10 min | 05 July 2023

Back to podcast