The Department for Work and Pensions has issued guidance outlawing civil servants from using ChatGPT in their work or accessing the artificial intelligence tool on any government-issued devices.
The DWP this week made some small, but significant tweaks to its Acceptable Use Policy guidance – which sets out responsibilities and limitations for anyone accessing the department’s technology or data systems.
The rules are applicable to “all DWP employees, agents, contractors, consultants, suppliers and business partners”, and cover the use of “all DWP equipment and information [including] all information systems, hardware, software and channels of communication, including voice- telephony, social media, video, email, instant messaging, internet and intranet”.
Among the amendments made to the policy this week are instructions about the use of different types of AI programs – including a clear and specific ban on the use of OpenAI’s ChatGPT platform and any other such tool openly available online.
“Users must not attempt to access public AI applications – such as ChatGPT – when undertaking DWP business, or on DWP-approved devices,” the guidance says.
The department’s ban on the popular large language model application comes less than three weeks after the Cabinet Office and its subsidiary unit the Central Digital and Data Office published the Generative AI Framework for HMG.
The guidance acknowledges that civil servants may wish to use ChatGPT – or other LLMs, such as Google Bard. But, with individual departments and agencies retaining responsibility for their own IT and data security policies, the cross-government framework states that any official wishing to access an LLM service “must make sure you’re acting in line with the policies of your organisation”.
It is understood that the DWP’s decision to implement its own policies to prevent the use of public AI has been informed by the department’s caution concerning the volume and sensitivity of personal data handled by the organisation – which manages payments to more than 20 million citizens.
The department is still experimenting with the use of artificial intelligence tools in its operations, however, and another update added to the Acceptable Use Policy states that “where accessible, users can use approved private AI applications that sit within DWP systems”.
The DWP is currently experimenting with a potential internal tool based on Microsoft Copilot – a technology which the software vendor describes as “an AI-powered digital assistant that aims to provide personalised assistance to users for a range of tasks and activities [and] combines the power of large language models” with a user’s own data, CSW's sister publication PublicTechnology understands.
The department’s explorations of this kind of technology form part of a wider “lighthouse programme” intended to enable the exploration of sophisticated AI tech “in a safe and governed environment”.
In response to PublicTechnology’s enquiries about the DWP’s decision to prohibit its staff from using ChatGPT and other external AI tools, a government spokesperson said: “The government is committed to seize the potential of AI, and support the experimentation of cutting edge technologies which will boost efficiency and improve public services. We are actively exploring how we can use AI to better support on delivering our services, and our policies will continue to evolve to reflect this approach.”
Messaging rules
Elsewhere in the DWP’s IT guidance, the document advises officials that the “DWP allows personal use of its IT resources in an employee’s own time” – but there are a wide range of limitations, including a ban on the use of any personal webmail accounts, or the download of any applications or non-work-related files.
The recent updates also provided additional detail concerning the use of non-corporate communications channels (NCCCs), including personal email accounts, as well as messaging services like WhatsApp.
The DWP advice reinforces government-wide guidelines issued last year that any information classified at Secret or Top Secret should never be sent via non-government accounts.
“DWP customers should never be contacted via NCCCs,” the DWP guidance adds. “Official Sensitive or other ‘significant information’ must only be communicated through NCCCs in exceptional circumstances and only with an approved security policy exception. Significant information is information that materially impacts the direction of a piece of work or that gives evidence of a material change to a situation. Where such exceptions are granted, records of official business carried out via an NCCC must be transferred onto corporate systems (e.g., SharePoint) as soon as is practicably possible. Logistical or other non-significant information can be accessed through NCCCs with due regard to an individual’s security responsibilities.”
Published in April last year, the Cabinet Office’s updated government-wide guidance on the use of personal accounts came following several high-profile and controversial instances of ministers or senior officials using webmail and WhatsApp to communicate on official matters, including the response to the coronavirus pandemic and immigration policy. The introduction of the new and stricter guidelines marked the first time in a decade that the policy on NCCCs had been updated.