AI bias mirrors human bias; both stem from our language and lived experiences, Joanna Bryson mentioned in her keynote AI, Corporate Responsibility, and Democratic Legitimacy at GOTO Copenhagen. Ethics and AI are inseparable, but AI changes affordances, making harmful actions easier to carry out. The EU regulations apply to AI, since digital products are products. The ultimate goal is accountability: companies must ensure transparency, and laws should favor using the simplest AI that gets the job done.
Human implicit bias and AI bias are the same, as Bryson outlined in the Science article Semantics Derived Automatically from Language Corpora Contain Human-Like Biases. Generative AI outputs are a kind of transcription of the human outputs used to train the systems, and implicit biases are embedded in our language and in everything we say, she said. Bryson and her co-authors also found that implicit biases correspond to people’s lived experiences.
Ethics can be affected by technology, including AI technology, Bryson explained:
There are no discrete ethical matters for AI. AI is a part of how we all do everything all the time now.
Affordances can shift when you use AI and digital tools. Affordances, even when used for good purposes, can make harmful actions faster and more efficient, Bryson mentioned.
Several regulations exist in the EU regarding artificial intelligence. The General Data Protection Regulation (GDPR) is the basis on which all other EU digital regulations are based, Bryson noted. It’s the starting point for stating what is okay to retain and what is not. You have an obligation in the EU to let people know how fully algorithmic decisions about themselves are made.
The Digital Services Act covers areas like recommenders, targeted advertising, and profiling. It concerns whether powerful systems are being used for unlawful purposes, such as preferential treatment of particular partners, accepting money, or steering election outcomes, Bryson said.
The Digital Markets Act is about regulating only certain, very large companies that produce some AI, not about AI itself. The AI Act is the most boring of the four acts, Bryson argued:
The AI Act says that if you’re building a system that could alter people’s lives, then you’d better do decent DevOps. You’d better be able to show that you followed best practice and things like that.
The new EU Product Liability Directive states that digital products are products. This implies that all kinds of EU regulations now apply to AI just like they would to any other sector, Bryson explained:
You have an obligation to do due diligence. The digital sector didn’t used to be mature, but now it’s coming of age.
When you build something with AI, you are responsible for what you build, Bryson argued. If you can’t tell if the outputs are okay, then you’d better not deliver the product.
Transparency is about showing people that you’ve done what you needed to do. For AI products, transparency isn’t in itself the goal; it’s a means. Accountability is the goal, Bryson claimed:
The real goal is to keep improving our society. The way we improve is through accountability to each other, and continuing to do good practices. Transparency is how we see whether or not you’ve done that good practice.
The Digital Services Act and the AI Act both have audits, but no one is going to audit what each neuron in a neural network is doing, as these are process audits, Bryson said. She gave examples of things that those audits check:
Did you actually go through the best practices? What were the tests? How did you know something was ready for release?
Knowing whether or not your system is operating correctly is essential, Bryson argued. The law should favor using the simplest kind of AI that does the job, she concludes.
InfoQ interviewed Joanna Bryson about AI ethics and the responsibility of designers.
InfoQ: Can you give an example of an ethical issue with AI systems?
Joanna Bryson: In the European AI Act, one of the things that was considered was which technology should be forbidden in Europe. The original draft literally said, "No face recognition except when there’s terrorism or kidnapping". But there’s kidnapping every day, unfortunately. The vast majority of kidnappings are done by parents who didn’t agree with a custody decision.
The idea is not that we surveil everyone all the time, but rather to use cameras for surveilling public spaces, which only monitor people who have either opted in, or whom a judge has opted in, like terrorists and kidnapped children. But how would we know those cameras are only being used to monitor that small number of targeted people? And how hard would it be for someone to co-opt that infrastructure and use it for something that we, as a union, had agreed shouldn’t happen?
InfoQ: What’s your view on the responsibility of the designers of AI systems?
Bryson: Some people are trying to put too much responsibility on the programmers. They have this idea that software engineers are professionals like doctors who need to be licensed, and who have some kind of individual one-to-one obligation in how they design AI systems.
I agree that we’re professionals. However, there’s no one-to-one correlation suggesting that a particular programmer should have reported a specific issue or problem. If you see something, then you may have a moral obligation to be a whistleblower. But the liability and obligations ultimately lie in the hands of the entire company that developed the software.
You have liabilities to ensure that your customers get the experience that they signed up for. If you include other people’s AI software in your products, you need contracts with the company that created that software so that if anything goes wrong, you can pass the damage obligations back to them.
This is similar to the automotive industry; if a car has a design defect, then customers can sue the manufacturer. If it turns out it was because of something in the supply chain, the manufacturer still has the responsibility to check it out. Depending on your contractual arrangements with your suppliers and their solvency, you may or may not be able to push damages back through the supply chain if that’s where the fault lay.