Data and Innovation in D.C.
Testifying before the creators of the American Data Privacy and Protection Act.
On Wednesday, I testified in front of the Committee of Energy and Commerce’s subcommittee on Innovation, Data, and Commerce in the House of Representatives to discuss the American Data Privacy and Protection Act on behalf of the Emerson Collective. The 2022 act proposes that data privacy is the foundation of any AI legislation and seeks to establish federal limits for how much consumer data a range of companies and service providers can collect, use, or transfer. It also requires both transparency from companies and consent from users, giving them more control about how their information is granted and used.
For anyone who’s listened to the Technically Optimistic podcast or read these first few newsletters, you’ll know that I was excited about the session’s topic: “Safeguarding Data and Innovation: Building the Foundation for the Use of Artificial Intelligence” — especially since data and privacy are shaping up to be a big part of Season Two of the podcast.
Look, legislation is very rarely perfect, but I do agree that privacy is one of the foundational things that need to be protected as AI is developed. The ADPPA received nearly unanimous bipartisan support in the committee when it was presented in 2022, but did not make it onto the floor for a vote. Hopefully elements of it will make it into the next bill presented before Congress.
This week, I’m going to share a condensed version of my testimony. Just in case you want more, you can read the full testimony here. (Bonus: You can read and watch the fascinating testimonies of other witnesses here, too.)
Ready? Here goes:
I would like to start with a simple fact: we live in an age of rapidly increasing digital surveillance. And very few users understand the tradeoffs they make when they use their phones or the web.
Not only are applications doing more with users’ data than users expect… that usage is evolving at unprecedented speed. Within this regime, notice and consent are failing us. By now, we’re so used to seeing advisory pop-ups soliciting our consent to accept cookies that we’re more annoyed by them, instead of being informed by them.
So, in order to move forward, we first need to step back and look at the heart of the problem.
First, the “data economy” is becoming incredibly complicated. It is increasingly difficult to explain to everyday consumers how their data is being collected and used.
Amazon knows every product a customer has ever viewed, how long they dwelled on a specific page on their Kindle, as well as all their searches across all of Amazon’s retail partners. And that’s just Amazon. Users are generating lots and lots of data, and that data is being found in lots and lots of places. Don't get me wrong – users are generally delighted by personalized recommendations. But, again, users do not understand the tradeoffs they are making for those experiences.
A problem, though: The notion of data minimization comes in direct conflict with data-hungry artificial intelligence algorithms. Retailers and advertisers are gathering your personal data so they can make better predictions about how to sell you things. But in the case of AI and deep learning models, more data is essential to make AI function at all. AI developers pride themselves on models that detect patterns in data that humans can’t see – so therefore it behooves them to feed the machine as much data as they possibly can. Data collection is no longer merely a sales tactic…it’s an existential necessity.
And, for more problems? We are seeing technology trends that go even beyond capturing personal data via applications.
One trend is what we might call voluntary data surrender. Users willingly share data about themselves all the time, unaware or unconcerned about whose hands it might fall into. I’m talking about social media, of course, which, along with the prevalence of cameras on our smartphones, has caused an explosion of data to be put online, up for grabs. One could argue that there can be no expectation of privacy in a public space, whether online or not. But I argue that we’re seeing 21st-century technologies crashing into 20th-century norms and laws.
I argue that we’re seeing 21st-century technologies
crashing into 20th-century norms and laws.
AI tools are being trained on the vast data lakes found in these public spaces, and we are training them to do things like identify people from their image, on any camera, anywhere. And these tools can now do more than simply identify people: They can mimic them as well. Today’s hearing alone will generate enough recorded samples of my voice for anyone to make a convincing synthetic replica of me.
I don’t want to be alarmist, but that is only one trend. I can name more.
Notice and consent alone can’t mitigate any of this.
So what do we do?
Well, first off: We need increased efforts to promote and expand digital literacy, especially around data and privacy. Users should understand the “data economy” in which their personal information is being used and traded. And, we need to incentivize application developers to do a better job to explain to users, up front, what they are consenting to and how their data will be used.
After the initial consent process, users should have agency over how their information is flowing through software, applications, and companies. End users need access to the full life cycle of their user data. They should be given clear ways to understand the tradeoffs between what they have given away and how it benefits — or harms — them or their community. And that user should be able to both revoke consent and delete their data from the application if they so choose.
There must be an alternative to the current consent-or-die way
that most applications function.
For those who want to opt out, there should always be the opportunity to continue using an app without certain personalization features. There must be an alternative to the current consent-or-die way that most applications function.
And these are just the things we can do in a user-centric way – giving power and agency back to users. There is an entirely other class of solutions around companies and application developers that I would be happy to talk about, too.
I sincerely praise the bipartisan work of this committee in its advancement of the American Data Privacy and Protection Act, and I believe that this should be treated as the foundation for more work going forward. The problems that we can identify today are just that: the problems of today. There will almost certainly be new issues to tackle as technology continues to evolve. Setting up legislative frameworks that can adapt quickly, as new issues appear, is vitally important.
Worth the Read
Content Credentials - Created by the Content Authenticity Initiative, which is trying to create an open standard for provenance. Adobe debuted a tamper-proof “Content Credentials Icon” that, when hovered over, details who created the image, what AI software was used, etc. Companies like Microsoft, Leica, and Nikon are adopting the icon in their tools. Now, this doesn’t mean that all AI-generated images will have metadata attached, but maybe it's a step toward a world where we can start to question those images that do not.
“Generative AI & American Society Survey” - The National Opinion Research Center at the University of Chicago, along with James McCammon, has conducted a nationally representative survey to explore attitudes toward generative artificial intelligence. Apparently, 20% of Americans use generative AI tools at least once a month. However, perhaps unsurprisingly, there are still large trust issues.
“China proposes blacklist of training data for generative AI models” - The Chinese are looking to reign in, pretty quickly, how their generative AI tools will evolve. They simply want to cut out any data that advocates terrorism or violence, as well as overthrows the socialist system, damages the country's image, or undermines national unity and social stability. The New York Times notes that it’s happening simultaneously, while the US further tightens its controls on exporting semi-conductors to China.
“Britain aims for global leadership role with AI safety summit” - That being said, the UK’s AI Safety Summit agenda is starting to shape up. It is interesting to watch as the UK attempts to position itself here. Some people are skeptical. We’ll see.
“The New York City Artificial Intelligence Action Plan” - And, finally, NYC is weighing in, too, with its own action plan to understand how the city’s government should responsibly use AI. It’s also piloting a chatbot to help NYC business owners navigate operating and growing businesses. This is actually great: We should be thinking about AI at all levels of government (federal, state, and city). CNN has a good rundown.
Love this!