AI / ChatGPT: Privacy Solutions For Your Business
People seem to be on one side of the fence or the other: On one side, ChatGPT has transformed their business and made life easier; on the other, it’s a privacy nightmare, spurring European governments to at least discuss reigning in the technology. But there are solutions where you not only can keep company data safe, but also take advantage of chat AI in order to help your business thrive.
The Privacy Problems
There are 2 major privacy concerns when it comes to ChatGPT: inbound privacy, and outbound privacy. While I won’t go too much into detail about the problems with inbound privacy, I will mention this: ChatGPT is so good at its job because it’s scraped information from all across the web, and often in places it had no business being in.
That’s not really anything you can really affect (though I suppose if 90% of OpenAI users agreed to stop using OpenAI for this reason, the company would have to reconsider their data collection methods— but that’s not very likely).
The 2nd major problem will be discussed in this article: outbound privacy. Anytime we put in a prompt, that data isn’t private — it’s sent to the OpenAI company to use as they wish. Doesn’t sound terrible until you realize that OpenAI’s Privacy Policy isn’t any better (and, in fact, may be worse!) than that of Google, Microsoft, Apple, Netflix, and other big tech companies.
The Privacy Solutions
So then do we just not use these tools altogether?
I don’t think we need to go to that extreme. But here are a few solutions your company can use to ensure your data is kept safe.
Strip Sensitive Data
So, unfortunately, this requires work on your part.
Just treat the LLM as a contract employee whom you somewhat trust. For example. Let’s say I have the following code:
// NOTE!!!! THIS IS BADLY WRITTEN CODE!!!! NEVER STORE YOUR CREDENTIALS IN
// THE CODE!!! USE ENVIRONMENT VARIABLES INSTEAD!!!! THIS IS FOR DEMONSTRATION
// PURPOSES ONLY!!!!
const apiKey = '9f7b3e58ca64dfd5eb1e5ded0da87bfabfd6591ee46872f774945be1d218159726';
const clientId = 'abcdefg1234567890';
const clientSecret = 'supersecretstuffgo';
const apiUrl = 'https://api.service.example.com/endpoint';
axios.get(apiUrl, {headers: {apiKey, clientId, clientSecret}});Now, if you just hired on a contract employee, chances are you’re not going to give them this code snippet.
But let’s say you’re encountering a problem with the request, and you figure OpenAI might have a few ideas for a solution. You just copy and paste the code sample into the engine, hit send, and OpenAI spots out a couple solutions.
Did you really simply ask ChatGPT how to solve the problem?
No: while asking ChatGPT your question you also added to its training data set. So your API credentials are now on the server. Any employee can now use your API credentials and you can’t do anything about it. Ouch. (yet another reason to not store your secrets in source code!)
Instead, strip out the credentials. I always use this rule:
If you’re not comfortable posting it on StackOverflow, don’t paste it in ChatGPT.
Using the code sample below is A LOT more secure. No, the engine won’t chastise you for not using your real credentials. It will simply use it in explanations in your answer.
const apiKey = 'MY_API_KEY';
const clientId = 'CLIENT_ID';
const clientSecret = 'CLIENT_SECRET';
const apiUrl = 'https://api.service.example.com/endpoint';
axios.get(apiUrl, {headers: {apiKey, clientId, clientSecret}});In fact, it’s best to strip out the data, and THEN send it to the LLM engine. While I tried 2 LLM engines (open-assistant.io and chatsonic.com) I found that neither of them sent data as you typed (and didn’t find any evidence that OpenAI did, either), but it doesn’t hurt to be safe.
Stripping the data is something all employees need to do if they want to maintain the privacy of their company and customers.
Use an In-House Solution
I would actually HIGHLY recommend this if you’re worried about employees not using the LLM securely.
Large companies use in-house servers for our wikis, code bases, and email…why not an LLM engine? 🤷🏻♂️
This would also benefit your company because you can train the data set on your code/documents/whatever so that it’s customized for your organization.
But be careful, not all LLMs are created equal. Before you run out and download LLaMa, be aware that it’s not available for commercial use. I just don’t want the open source police coming after you.
Currently Dolly2 seems to be the only LLM available for commercial use.
But it’s also very easy to deploy once you hook it up to a simple chat engine like Rocket Chat.
Once you have the LLM in place and a chat front-end up, you’re ready to go for an in-house solution!
If this sounds like you’d like to do it, but are unsure how to get started, I’d love to chat with you to get your business set up with a solution. Schedule a 1-hour consultation to begin the process.
Do a Third-Party Audit
This is probably a bit of a stretch, but is a solution in a pinch.
If an employee raises a concern that sensitive data has been leaked to an LLM service it would be prudent to ask the 3rd party to remove it, and, probably wiser still, to remove it yourself.
It’s unlikely that the service will agree to this, but it’s worth a shot. If you’re Joe’s Computer Repair in Baton Rouge, LA, it’s unlikely OpenAI is going to admit your request. But if you’re Google and ask a small startup to do an audit to make sure their sensitive data is deleted, that’s more likely to happen.
Like I said, it’s unlikely to succeed, but it’s worth a shot.
AI Is a Tool, But Must be Used Wisely
LLMs are a great tool that has allowed for teams to fix issues, generate new ideas, and get things done. Let’s not stop using them.
However, let’s be wise about how they’re used.
With these privacy solutions in place your organization is bound to come up on top. Just remember that nothing you type into an OpenAI or other LLM service is private. But if you take the time to strip out sensitive info or host your own LLM engine, your customers and clients will appreciate you more than they already do! 🤗
📢 Comment below: What’s your favorite LLM platform? Do you have ways of maintaining privacy while ensuring you can use LLMs to their full potential?
👉 Share this article with 3 of your friends or colleagues. On Twitter, LinkedIn or Mastodon. Be sure to tag me in the post. Helps me know if my content is still relevant.
💓 Subscribe to DamnGoodTech on Ko-Fi for as little as $7/mo. Get articles 3 days early and get a shout-out on each article! That’s like hiring a team lead for your software organization for way less than minimum wage. 🙏🏻 Special thanks to James N, Lucy R, and Steve O for your support.
💼 Hire me as a Tech Creation Lead on your team. I have over 10 years development experience and would love to help your team reach their full potential. Head on over to https://damngood.tech/pages/schedule.html to schedule a free consultation.
