Trump Signs John S. McCain National Defense Authorization Act, Provides Funds for Artificial Intelligence Technologies

By signing into law the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (H.R.5515; Public Law No: 115-232; Aug. 13, 2018), the Trump Administration has established a strategy for major new national defense and national security-related initiatives involving artificial intelligence (AI) technologies.  Some of the law’s $717 billion spending authorization for fiscal year 2019 includes proposed funding to assess the current state of AI and deploy AI across the Department of Defense (DOD).  The law also recognizes that fundamental AI research is still needed within the tech-heavy military services.  The law encourages coordination between DOD activities and private industry at a time when some Silicon Valley companies are being pressured by their employees to stop engaging with DOD and other government agencies in AI.

In Section 238 of the law, the Secretary of Defense is to lead “Joint Artificial Intelligence Research, Development, and Transition Activities” to include developing a set of activities within the DOD involving efforts to develop, mature, and transition AI technologies into operational use.  In Section 1051 of the law, an independent “National Security Commission on Artificial Intelligence” is to be established within the Executive Branch to review advances in AI and associated technologies, with a focus on machine learning (ML).

The Commission’s mandate is to review methods and means necessary to advance the development of AI and associated technologies by the US to comprehensively address US national security and defense needs.  The Commission is to review the competitiveness of the US in AI/ML and associated technologies.

“Artificial Intelligence” is defined broadly in Sec. 238 to include the following: (1) any artificial system that performs tasks under varying and unpredictable circumstances without significant human oversight, or that can learn from experience and improve performance when exposed to data sets; (2) an artificial system developed in computer software, physical hardware, or other context that solves tasks requiring human-like perception, cognition, planning, learning, communication, or physical action; (3) an artificial system designed to think or act like a human, including cognitive architectures and neural networks; (4) a set of techniques, including machine learning, that is designed to approximate a cognitive task; and (5) an artificial system designed to act rationally, including an intelligent software agent or embodied robot that achieves goals using perception, planning, reasoning, learning, communicating, decision making, and acting.  Section 1051 has a similar definition.

The law does not overlook the need for governance of AI development activities, and requires regular meetings of appropriate DOD officials to integrate the functional activities of organizations and elements with respect to AI; ensure there are efficient and effective AI capabilities throughout the DOD; and develop and continuously improve research, innovation, policy, joint processes, and procedures to facilitate the development, acquisition, integration, advancement, oversight, and sustainment of AI throughout the DOD.  The DOD is also tasked with studying AI to make recommendations for legislative action relating to the technology, including recommendations to more effectively fund and organize the DOD in areas of AI.

For further details, please see this earlier post.

Advanced Driver Monitoring Systems and the Law: Artificial Intelligence for the Road

Artificial intelligence technologies are expected to usher in a future where fully autonomous vehicles take people to their destinations without direct driver interaction.  During the transition from driver to driverless cars, roads will be filled with highly autonomous vehicles (HAVs) in which drivers behind the wheel are required to take control of vehicle operations at a moment’s notice. This is where AI-based advanced driver monitoring systems (DMS) play a role: ensuring HAV drivers are paying attention.  As big automakers incorporate advanced DMS into more passenger cars, policymakers will seek to ensure that these systems meet acceptable performance and safety standards as well as address issues such as privacy and cybersecurity related to use cases for the technology.  In this post, the technology behind advanced DMS is summarized followed by a brief summary of current governance efforts aimed at the technology.

The term “driver monitoring system,” also sometimes called “driver attention monitor” or “driver vigilance monitoring,” refers to a holistic system for analyzing driver behavior.  The principal goal of advanced DMS (as is the case for “older” DMS) is to return a warning or stimulation to alert and refocus the driver’s attention on the driving task.  In HAVs, advanced DMS is used to prepare the driver to re-take control of the vehicle under specified conditions or circumstances.

In operation, the technology detects behavior patterns indicative of the driver’s level of attention, fatigue, micro-sleep, cognitive load, and other physiological states. But the same technology can also be used for driving/driver experience personalization, such as customizing digital assistant interactions, music selection, route selection, and in-cabin environment settings.

Older DMS was adopted around 2006 with the introduction of electronic stability control, blind spot detection, forward collision warning, and lane departure warning technologies, among others, which indirectly monitor a driver by monitoring a driver’s vehicle performance relative to its environment.  Some of these systems were packaged with names like “drowsy driver monitoring,” “attention assist,” and others.

Advanced DMS technology began appearing in US commercial passenger vehicles starting in 2017.  Advanced DMS is expected to be used in SAE Levels 2 through Level 4 HAVs.  DMS in any form may not be needed for safety purposes once fully autonomous Level 5 is achieved, but the technology will likely continue to be used for personalization purposes even in Level 5 vehicles (which are reportedly not expected to be seen on US roadways until 2025 or later).

Advanced DMS generally tracks a driver’s head and hand positions, as well as the driver’s gaze (i.e., where the driver is looking), but it could also assess feet positions and posture relative to the driver’s seatback.  Cameras and touch sensors provide the necessary interface.  Advanced DMS may also utilize a driver’s voice using far-field speaker array technology and may assess emotion and mood (from facial expressions) and possibly other physiological states using various proximate and remote sensors.  Data from these sensors may be combined with signals from steering angle sensors, lane assist cameras, RADAR, LIDAR, and other sensor signals already available.

Once sensor signal data are collected, machine learning and deep neural networks may process the data.  Computer vision models (deep neural nets), for example, may be used for face/object detection within the vehicle.  Machine learning natural language processing models may be used to assess a driver’s spoken words.  Digital conversational assistant technology may be used to perform speech to text.  Knowledge bases may provide information to allow advanced DMS to take appropriate actions.  In short, much of the same AI tech used in existing human-machine interface (HMI) applications today can be employed inside passenger vehicles as part of advanced DMS.

From a regulatory perspective, in 2016, 20 states had introduced some sort of autonomous vehicle legislation.  In 2017, that number had jumped to 33 states.  No state laws, however, currently mandate the use of advanced DMS.

At the US federal government level, the US National Transportation Safety Board (NTSB), an independent agency that investigates transportation-related accidents, reported that overreliance on the semi-autonomous (Level 2) features of an all-electric vehicle and prolonged driver disengagement from the driving task contributed to a fatal crash in Florida in 2016.  In its report, the NTSB suggested the adoption of more effective monitoring of driver inattention commensurate with the capability level of the automated driving system.  Although the NTSB’s report does not rise to the level of a regulatory mandate for advanced DMS (the National Highway Transportation Safety Administration (NHTSA) sets transportation regulations), and applicable statutory language prohibits the admission into evidence or use of any part of an NTSB report related to an accident in a civil action for damages resulting from a matter mentioned in the report, the Board’s conclusions regarding probable cause and recommendations regarding preventing future accidents likely play a role in decisions by carmakers about deploying advanced DMS.

As for the NHTSA itself, while it has not yet promulgated advanced DMS regulations, it did publish an Automated Driving Systems, Vision 2.0: A Vision for Safety, report in September 2017.  While the document is clear that its intent is to provide only voluntary guidance, it calls for the incorporation of HMI systems for driver engagement monitoring, considerations of ways to communicate driving-related information as part of HMI, and encourages applying voluntary guidance from other “relevant organizations” to HAVs.

At the federal legislative level, H.R. 3388, the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act (SELF DRIVE Act) of 2017, contains provisions that would require the Department of Transportation (DOT) to produce a Safety Priority Plan that identifies elements of autonomous vehicles that may require standards.  More specifically, the bill would require NHTSA to identify elements that may require performance standards including HMI, sensors, and actuators, and consider process and procedure standards for software and cybersecurity as necessary.

In Europe, the European New Car Assessment Programme (Euro NCAP), Europe’s vehicle safety ratings and testing body, published its Roadmap 2025: Pursuit of Vision Zero, in September 2017.  In it, the safety testing organization addressed how its voluntary vehicle safety rating system is to be applied to HAVs in Europe.  In particular, the Euro NCAP identifies DMS as a “primary safety feature” standard beginning in 2020 and stated that the technology would need to be included in any new on-road vehicle if the manufacturer wanted to achieve a 5-star safety rating.  Manufacturers are already incorporating advanced DMS in passenger vehicles in response to the Euro NCAP’s position.

Aside from safety standards, advanced DMS may also be subject to federal and state statutory and common laws in the areas of product liability, contract, and privacy laws.  Privacy laws, in particular, will likely need to be considered by those employing advanced DMS in passenger vehicles due to the collection and use of driver and passenger biometric information by DMS.

Legislators, Stockholders, Civil Right Groups, and a CEO Seek Limits on AI Face Recognition Technology

Following the tragic killings of journalists and staff inside the Capital Gazette offices in Annapolis, Maryland, in late June, local police acknowledged that the alleged shooter’s identity was determined using a facial recognition technology widely deployed by Maryland law enforcement personnel.  According to DataWorks Plus, the company contracted to support the Maryland Image Repository System (MIRS) used by Anne Arundel County Police in its investigation, its technology uses face templates derived from facial landmark points extracted from image face data to digitally compare faces to a large database of known faces.  More recent technology, relying on artificial intelligence models, have led to even better and faster image and video analysis used by federal and state law enforcement for facial recognition purposes.  AI-based models can process images and video captured by personal smartphones, laptops, home or business surveillance cameras, drones, and government surveillance cameras, including body-worn cameras used by law enforcement personnel, making it much easier to remotely identify and track objects and people in near-real time.

Recently, facial recognition use cases have led to privacy and civil liberties groups to speak out about potential abuses, with a growing vocal backlash aimed at body-worn cameras and facial recognition technology used in law enforcement surveillance.  Much of the concern centers around the lack of transparency in the use of the technology, potential issues of bias, and the effectiveness of the technology itself.  This has spurred state legislators in several states to seek to impose oversight, transparency, accountability, and other limitations on the tech’s uses.  Some within the tech industry itself have even gone so far as to place self-imposed limits on uses of their software for face data collection and surveillance activities.

Maryland and California are examples of two states whose legislators have targeted law enforcement’s use of facial recognition in surveillance.  In California, state legislators took a recent step toward regulating the technology when SB-1186 was passed by its Senate on May 25, 2018.  In remarks accompanying the bill, legislators concluded that “decisions about whether to use ‘surveillance technology’ for data collection and how to use and store the information collected should not be made by the agencies that would operate the technology, but by the elected bodies that are directly accountable to the residents in their communities who should also have opportunities to review the decision of whether or not to use surveillance technologies.”

If enacted, the California law would require, beginning July 1, 2019, law enforcement to submit a proposed Surveillance Use Policy to an elected governing body, made available to the public, to obtain approval for the use of specific surveillance technologies and the information collected by those technologies.  “Surveillance technology” is defined in the bill to include any electronic device or system with the capacity to monitor and collect audio, visual, locational, thermal, or similar information on any individual or group. This includes, drones with cameras or monitoring capabilities, automated license plate recognition systems, closed-circuit cameras/televisions, International Mobile Subscriber Identity (IMSI) trackers, global positioning system (GPS) technology, software designed to monitor social media services or forecast criminal activity or criminality, radio frequency identification (RFID) technology, body-worn cameras, biometric identification hardware or software, and facial recognition hardware or software.

The bill would prohibit a law enforcement agency from selling, sharing, or transferring information gathered by surveillance technology, except to another law enforcement agency. The bill would provide that any person could bring an action for injunctive relief to prevent a violation of the law and, if successful, could recover reasonable attorney’s fees and costs.  The bill would also establish procedures to ensure that the collection, use, maintenance, sharing, and dissemination of information or data collected with surveillance technology is consistent with respect for individual privacy and civil liberties, and that any approved policy be publicly available on the approved agency’s Internet web site.

With the relatively slow pace of legislative action, at least compared to the speed at which face recognition technology is advancing, some within the tech community have taken matters into their own hands.  Brian Brakeen, for example, CEO of Miami-based facial recognition software company Kairos, recently decided that his company’s AI software will not be made available to any government, “be it America or another nation’s.”  In a TechCrunch opinion published June 24, 2018, Brakeen said, “Whether or not you believe government surveillance is okay using commercial facial recognition in law enforcement is irresponsible and dangerous” because it “opens the door for gross misconduct by the morally corrupt.”  His position is rooted in the knowledge of how advanced AI models like his are created: “[Facial recognition] software is only as smart as the information it’s fed; if that’s predominantly images of, for example, African Americans that are ‘suspect,’ it could quickly learn to simply classify the black man as a categorized threat.”

Kairos is not alone in calling for limits.  A coalition of organizations against facial recognition surveillance published a letter on May 22, 2018, to Amazon’s CEO, Jeff Bezos, in which the signatories demanded that “Amazon stop powering a government surveillance infrastructure that poses a grave threat to customers and communities across the country. Amazon should not be in the business of providing surveillance systems like Rekognition to the government.”  The organizations–civil liberties, academic, religious, and others–alleged that “Amazon Rekognition is primed for abuse in the hands of governments. This product poses a grave threat to communities,” they wrote, “including people of color and immigrants….”

Amazon’s Rekognition system, first announced in late 2016., is a cloud-based platform for performing image and video analysis without the user needing a background in machine learning, a type of AI.  Among its many uses today, Rekognition reportedly allows a user to conduct near real-time automated face recognition, analysis, and face comparisons (assessing the likelihood that faces in different images are the same person), using machine learning models.

A few weeks after the coalition letter dropped, another group, this one a collection of individual and organizational Amazon shareholders, issued a similar letter to Bezos.  In it, the shareholders alleged that “[w]hile Rekognition may be intended to enhance some law enforcement activities, we are deeply concerned it may ultimately violate civil and human rights.”  Several Microsoft employees took a similar stand against Microsoft’s role in its software used by government agencies.

As long as questions surrounding transparency, accountability, and fairness in the use of face recognition technology in law enforcement continue to be raised, tech companies, legislators, and stakeholders will likely continue to react in ways that address immediate concerns.  This may prove effective in the short-term, but no one today can say what AI-based facial detection and recognition technologies will look like in the future or to what extent the technology will be used by law enforcement personnel.

At the Intersection of AI, Face Swapping, Deep Fakes, Right of Publicity, and Litigation

Websites like GitHub, Reddit and others offer developers and hobbyists dozens of repositories containing artificial intelligence deep learning models, instructions for their use, and forums for learning how to “face swap,” a technique used to automatically replace a face of a person in a video with that of a different person. Older versions of face swapping, primarily used on images, have been around for years in the form of entertaining apps that offered results with unremarkable quality (think cut and paste at its lowest, and photoshop editing at a higher level). With the latest AI models, however, including deep neural networks, a video with a face-swapped actor–so-called “deep fake” videos–may appear so seamless and uncanny as to fool even the closest of inspections, and the quality is apparently getting better.

With only subtle clues to suggest an actor in one of these videos is fake, the developers behind them have become the target of criticism, though much of the criticism has also been leveled generally at the AI tech industry, for creating new AI tools with few restrictions on potential uses beyond their original intent.  These concerns have now reached the halls of New York’s state legislative body.

New York lawmakers are responding to the deep fake controversy, albeit in a narrow way, by proposing to make it illegal to use “digital replicas” of individuals without permission, a move that would indirectly regulate AI deep learning models. New York Assembly Bill No. A08155 (introduced in 2017, amended Jun. 5, 2018) is aimed at modernizing New York’s right of publicity law (N.Y. Civ. Rights Law §§ 50 and 50-1)–one of the nation’s oldest publicity rights laws that does not provide post-mortem publicity rights–though it may do little to curb the broader proliferation of face swapped and deep fake videos. In fact, only a relatively small slice of primarily famous New York actors, artists, athletes, and their heirs and estates would benefit from the proposed law’s digital replicas provision.

If enacted, New York’s right of publicity law would be amended to address computer-generated or electronic reproductions of a living or deceased individual’s likeness or voice that “realistically depicts” the likeness or voice of the individual being portrayed (“realistic” is undefined). Use of a digital replica would be a violation of the law if done without the consent of the individual, if the use is in a scripted audiovisual or audio work (e.g., movie or sound recording), or in a live performance of a dramatic work, that is intended to and creates the clear impression that the individual represented by the digital replica is performing the activity for which he or she is known, in the role of a fictional character.

It would also be a violation of the law to use a digital replica of a person in a performance of a musical work that is intended to and creates the clear impression that the individual represented by the digital replica is performing the activity for which he or she is known, in such musical work.

Moreover, it would be a violation to use a digital replica of a person in an audiovisual work that is intended to and creates the clear impression that an athlete represented by the digital replica is engaging in an athletic activity for which he or she is known.

The bill would exclude, based on First Amendment principles, a person’s right to control their persona in cases of parody, satire, commentary, and criticism; political, public interest, or newsworthy situations, including a documentary, regardless of the degree of fictionalization in the work; or in the case of de minimis or incidental uses.

In the case of deep fake digital replicas, the bill would make it a violation to use a digital replica in a pornographic work if done without the consent of the individual if the use is in an audiovisual pornographic work in a manner that is intended to and creates the impression that the individual represented by the digital replica is performing.

Similar to the safe harbor provisions in other statutes, the New York law would provide limited immunity to any medium used for advertising including, but not limited to, newspapers, magazines, radio and television networks and stations, cable television systems, billboards, and transit advertising, that make unauthorized use of an individual’s persona for the purpose of advertising or trade, unless it is established that the owner or employee had knowledge of the unauthorized use, through presence or inclusion, of the individual’s persona in such advertisement or publication.

Moreover, the law would provide a private right of action for an injured party to sue for an injunction and to seek damages. Statutory damages in the amount of $750 would be available, or compensatory damages, which could be significantly higher.  The finder of fact (judge or jury) could also award significant “exemplary damages,” which could be substantial, to send a message to others not to violate the law.

So far, AI tech developers have largely avoided direct legislative or regulatory action targeting their AI technologies, in part because some have taken steps to self-regulate, which may be necessary to avoid the confines of command and control-style state or federal regulatory schemes that would impose standards, restrictions, requirements, and the right to sue to collect damages and collect attorneys’ fees. Tech companies efforts at self-regulating, however, have been limited to expressing carefully-crafted AI policies for themselves and their employees, as well as taking a public stance on issues of bias, ethics, and civil rights impacts from AI machine learning. Despite those efforts, more laws like New York’s may be introduced at the state level if AI technologies are used in ways that have questionable utility or social benefits.

For more about the intersection of right of publicity laws and regulating AI technology, please see an earlier post on this website, available here.

Obama, Trump, and the Regulation of Artificial Intelligence

Near the end of his second term, President Obama announced a series of workshops and government working groups tasked with “Preparing for the Future of Artificial Intelligence.” Then, just weeks before the 2016 presidential general election, the Obama administration published two reports including one titled “The National Artificial Intelligence Research and Development Plan.” In it, Obama laid out seven strategies for AI-related R&D, including making long-term investments in AI research to enable the United States to remain a world leader in AI, developing effective methods for human-AI interaction, and ensuring the safety, security, and trustworthiness of AI systems. The Obama AI plan also included strategies for developing shared and high-quality public datasets and environments for AI training and testing, creating standards and benchmarks for evaluating AI technologies, and understanding the national AI research workforce needs. His plan also recognized the need for collaboration among researchers to address the ethical, legal, and societal implications of AI, topics that still resonate today.

Two years after Obama’s AI announcement, the Trump administration in May 2018 convened an Artificial Intelligence Summit at the White House and then published an “Artificial Intelligence for the American People” fact sheet highlighting President Trump’s AI priorities. The fact sheet highlights the President’s goal of funding fundamental AI R&D, including in the areas of computing infrastructure, machine learning, and autonomous systems. Trump’s AI priorities also include a focus on developing workforce training in AI, seeking a strategic military advantage in AI, and leveraging AI technology to improve efficiency in delivering government services. The Trump fact sheet makes no mention of Obama’s AI plan.

Despite some general overlap and commonality between Obama’s and Trump’s AI goals and strategies, such as funding for AI, workforce training, and maintaining the United States’ global leadership in AI, one difference stands out in stark contrast: regulating AI technology. While Obama’s AI strategy did not expressly call for regulating AI, it nonetheless recognized a need for setting regulatory policy for AI-enabled products. To that end, Obama recommended drawing on appropriate technical expertise at the senior level of government and recruiting the necessary AI technical talent as necessary to ensure that there are sufficient technical seats at the table in regulatory policy discussions.

Trump, on the other hand, has rolled back regulations across the board in a number of different governmental areas and, in the case of AI, has stated that he would seek to “remove regulatory barriers” to AI innovation to foster new American industries and deployment of AI-powered technologies. With the Trump administration’s express concerns about China’s plan to dominate high tech, including AI, by 2025, as well as Congressional efforts at targeted AI legislation slowed in various committees, any substantive federal action toward regulating AI appears to be a long way off. That should be good news to many in the US tech industry who have long resisted efforts to regulate AI technologies and the AI industry.

California Jury to Decide if Facebook’s Deep Learning Facial Recognition Creates Regulated Biometric Information

Following a recent decision issued by Judge James Donato of the U.S. District Court for the Northern District of California, a jury to be convened in San Francisco in July will decide whether a Facebook artificial intelligence technology creates regulated “biometric information” under Illinois’ Biometric Information Privacy Act (BIPA).  In some respects, the jury’s decision could reflect general sentiment toward AI during a time when vocal opponents of AI have been widely covered in the media.  The outcome could also affect how US companies, already impacted by Europe’s General Data Protection Regulation (GDPR), view their use of AI technologies to collect and process user-supplied data. For lawyers, the case could highlight effective litigation tactics in highly complex AI cases where black box algorithms are often unexplainable and lack transparency, even to their own developers.

What’s At Stake? What Does BIPA Cover?

Uniquely personal biometric identifiers, such as a person’s face and fingerprints, are often seen as needing heightened protection from hackers due to the fact that, unlike a stolen password that one can reset, a person cannot change their face or fingerprints if someone makes off with digital versions and uses them to steal the person’s identity or gain access to the person’s biometrically-protected accounts, devices, and secure locations. The now 10-year old BIPA (740 ILCS 14/1 (2008)) was enacted to ensure users are made aware of instances when their biometric information is being collected, stored, and used, and to give users the option to opt out. The law imposes requirements on companies and penalties for non-compliance, including liquidated and actual damages. At issue here, the law addresses “a scan” of a person’s “face geometry,” though it falls short of explicitly defining those terms.

Facebook users voluntarily upload to their Facebook accounts digital images depicting them, their friends, and/or family members. Some of those images are automatically processed by an AI technology to identify the people in the images. Plaintiffs–here, putative class action individuals–argue that Facebook’s facial recognition feature involves a “scan” of a person’s “face geometry” such that it collects and stores biometric data in violation of BIPA.

Summary of the Court’s Recent Decision

In denying the parties’ cross-motions for summary judgment and allowing the case to go to trial, Judge Donato found that the Plaintiffs and Facebook “offer[ed] strongly conflicting interpretations of how the [Facebook] software processes human faces.” See In Re Facebook Biometric Information Privacy Litigation, slip op. (Dkt. 302), No. 3:15-cv-03747-JD (N.D. Cal. May 14, 2018). The Plaintiffs, he wrote, argued that “the technology necessarily collects scans of face geometry because it uses human facial regions to process, characterize, and ultimately recognize face images.” On the other hand, “Facebook…says the technology has no express dependency on human facial features at all.”

Addressing Facebook’s interpretation of BIPA, Judge Donato considered the threshold question of what BIPA’s drafters meant by a “scan” in “scan of face geometry.” He rejected Facebook’s suggestion that BIPA relates to an express measurement of human facial features such as “a measurement of the distance between a person’s eyes, nose, and ears.” In doing so, he relied on extrinsic evidence in the form of dictionary definitions, specifically Merriam-Webster’s 11th, for an ordinary meaning of “to scan” (i.e., to “examine” by “observation or checking,” or “systematically . . . in order to obtain data especially for display or storage”) and “geometry” (in everyday use, means simply a “configuration,” which in turn denotes a “relative arrangement of parts or elements”).  “[N]one of these definitions,” the Judge concluded, “demands actual or express measurements of spatial quantities like distance, depth, or angles.”

The Jury Could Face a Complex AI Issue

Digital images contain a numerical representation of what is shown in the image, specifically the color (or grayscale), transparency, and other information associated with each pixel of the image. An application running on a computer can render the image on a display device by reading the file data to identify what color or grayscale level each pixel should display. When one scans a physical image or takes a digital photo with a smartphone, they are systematically generating this pixel-level data. Digital image data may be saved to a file having a particular format designated by a file extension (e.g., .GIF, .JPG, .PNG, etc.).

A deep convolutional neural network–a type of AI–can be used to further process a digital image file’s data to extract features from the data. In a way, the network replicates a human cognitive process of manually examining a photograph. For instance, when we examine a face in a photo, we take note of features and attributes, like a nose and lip shape and their contours as well as eye color and hair. Those and other features may help us recall from memory whose face we are looking at even if we have never seen the image before.

A deep neural network, once it is fully trained using many different face images, essentially works in a similar manner. After processing image file data to extract and “recognize” features, the network uses the features to classify the image by associating it with an identity, assuming it has “seen” the face before (in which case it may compare the extracted features to a template image of the face, preferably several images of the face). Thus, a digital image file may contain a numerical representation of what is shown in the image, and a deep neural network creates a numerical representation of features shown in the digital image to perform classification.  A question for the jury, then, may involve deciding if the processing of uploaded digital images using a deep convolutional neural network involves “a scan” of “a person’s face geometry.” This question will challenge the parties and their lawyers to assist the jury to understand digital image files and the nuances of AI technology.

For Litigators, How to Tackle AI and Potential AI Bias?

The particulars of advanced AI have not been central to a major federal jury case to date.  Thus, the Facebook case offers an opportunity to evaluate a jury’s reaction to a particular AI technology.

In its summary judgment brief, Facebook submitted expert testimony that its AI “learned for itself what features of an image’s pixel values are most useful for the purposes of characterizing and distinguishing images of human faces” and it “combines and weights different combinations of different aspects of the entire face image’s pixel value.” This description did not persuade Judge Donato to conclude that an AI with “learning” capabilities escapes BIPA’s reach, at least not as a matter of law.  Whether it will be persuasive to a jury is an open question.

It is possible some potential jurors may have preconceived notions about AI, given the hype surrounding use cases for the technology.  Indeed, outside the courthouse, AI’s potential dark side and adverse impacts on society have been widely reported. Computer vision-enabled attack drones, military AI systems, jobs being taken over by AI-powered robots, algorithmic harm due to machine learning bias, and artificial general intelligence (AGI) taking over the world appear regularly in the media.  If bias for and against AI is not properly managed, the jury’s final decision might be viewed by some as a referendum on AI.

For litigators handling AI cases in the future, the outcome of the Facebook case could provide a roadmap for effective trial strategies involving highly complex AI systems that defy simple description.  That is not to say that the outcome will create a new paradigm for litigating tech. After all, many trials involve technical experts who try to explain complex technologies in a way that is impactful on a jury. For example, complex technology is often the central dispute in cases involving intellectual property, medical malpractice, finance, and others.  But those cases usually don’t involve technologies that “learn” for themselves.

How Will the Outcome Affect User Data Collection?

The public is becoming more aware that tech companies are enticing users to their platforms and apps as a way to generate user-supplied data. While the Facebook case itself may not usher in a wave of new laws and regulations or even self-policing by the tech industry aimed at curtailing user data collection, a sizeable damages award from the jury could have a measured chilling effect. Indeed, some companies may be more transparent about their data collection and provide improved notice and opt-out mechanisms.

In Your Face Artificial Intelligence: Regulating the Collection and Use of Face Data (Part I)

Of all the personal information individuals agree to provide companies when they interact with online or app services, perhaps none is more personal and intimate than a person’s facial features and their moment-by-moment emotional states. And while it may seem that face detection, face recognition, and affect analysis (emotional assessments based on facial features) are technologies only sophisticated and well-intentioned tech companies with armies of data scientists and stack engineers are competent to use, the reality is that advances in machine learning, microprocessor technology, and the availability of large datasets containing face data have lowered entrance barriers to conducting robust face detection, face recognition, and affect analysis to levels never seen before.

In fact, anyone with a bit of programming knowledge can incorporate open-source algorithms and publicly available image data, train a model, create an app, and start collecting face data from app users. At the most basic entry point, all one really needs is a video camera with built-in face detection algorithms and access to tagged images of a person to start conducting facial recognition. And several commercial API’s exist making it relatively easy to tap into facial coding databases for use in assessing other’s emotional states from face data. If you’re not persuaded by the relative ease at which face data can be captured and used, just drop by any college (or high school) hackathon and see creative face data tech in action.

In this post, the uses of face data are considered, along with a brief summary of the concerns raised about collecting and using face and emotional data. Part II will explore options for face data governance, which include the possibility of new or stronger laws and regulations and policies that a self-regulating industry and individual stakeholders could develop.

The many uses of our faces

Today’s mobile and fixed cameras and AI-based face detection and recognition software enable real-time controlled access to facilities and devices. The same technology allows users to identify fugitive and missing persons in surveillance videos, private citizens interacting with police, and unknown persons of interest in online images.

The technology provides a means for conducting and verifying commercial transactions using face biometric information, tracking people automatically while in public view, and extracting physical traits from images and videos to supplement individual demographic, psychographic, and behavioristic profiles.

Face software and facial coding techniques and models are also making it easier for market researchers, educators, robot developers, and autonomous vehicle safety designers to assess emotional states of people in human-machine interactions.

These and other use cases are possible in part because of advances in camera technology, the proliferation of cameras (think smart phones, CCTVs, traffic cameras, laptop cameras, etc.) and social media platforms, where millions of images and videos are created and uploaded by users every day. Increased computer processing power has led to advances in face recognition and affect-based machine learning research and improved the ability of complex models to execute faster. As a result, face data is relatively easy to collect, process, and use.

One can easily image the many ways face data might be abused, and some of the abuses have already been reported. Face data and machine learning models have been improperly used to create pornography, for example, and to track individuals in stores and other public locations without notice and without seeking permission. Models based on face data have been reportedly developed for no apparent purpose other than for predictive classification of beauty and sexual orientation.

Face recognition models are also subject to errors. Misidentification, for example, is a weakness of face recognition and affect-based models. In fact, despite improvements, face recognition is not perfect. This can translate into false positive identifications. Obviously, tragic consequences can occur if the police or government agencies make decisions based on a false positive (or false negative) identity of a person.

Face data models have been shown to perform more accurately on persons with lighter skin color. And affect models, while raising fewer concerns compared to face recognition due mainly to the slower rate of adoption of the technology, may misinterpret emotions if culture, geography, gender, and other factors are not accounted for in training data.

Of course, instances of reported abuse, bias, and data breaches overshadow the many unreported positive uses and machine learning applications of face data. But as is often the case, problems tend to catch the eyes of policymakers, regulators, and legislators, though overreaction to hyped problems can result in a patchwork of regulations and standards that go beyond addressing the underlying concerns and cause unintended effects, such as possibly stifling innovation and reducing competitiveness.

Moreover, reactionary regulation doesn’t play well with fast-moving disruptive tech, such as face recognition and affective computing, where the law seems to always be in catch-up mode. Compounding the governance problem is the notion that regulators and legislators are not crystal ball readers who can see into the future. Indeed, future uses of face data technologies may be hard to imagine today.

Even so, what matters to many is what governments and companies are doing with still images and videos, and specifically how face data extracted from media are being used, sometimes without consent. These concerns raise questions of transparency, privacy laws, terms of service and privacy policy agreements, data ownership, ethics, and data breaches, among others. They also implicate issues of whether and when federal and state governments should tighten existing regulations and impose new regulations where gaps exist in face data governance.

With recent data breaches making headlines and policymakers and stakeholders gathering in 2018 to examine AI’s impacts, there is no better time than now to revisit the need for stronger laws and to develop new technical- and ethical-based standards and guidelines applicable to face data. The next post will explore these issues.

Regulating Artificial Intelligence Technologies by Consensus

As artificial intelligence technologies continue to transform industries, several prominent voices in the technology community are calling for regulating AI to get ahead of what they see as AI’s actual and potential social and economic impacts. These calls for action follow reports of machine learning classification bias, instances of open source AI tools being misused, lack of transparency in AI algorithms, privacy and data security issues, and forecasts of workforce impacts as AI technologies spread.

Those advocating for strong state or federal legislative action around AI, however, may be disappointed by the rate at which policymakers in the US are tackling sensitive issues. But they may be even more disappointed by recent legislative efforts suggesting that AI technologies will not be regulated in the traditional sense, but instead may be governed through a process of consensus building without targeted and enforceable standards. This form of technological governance–often called “soft law”–is not new. In some industries, soft law governance has evolved and taken over the more traditional command and control “hard law” governance approach.

Certain transformative technologies like AI evolve faster than policymaker’s ability to keep up and as a result, at least in the US, AI’s future may not be tied to traditional legislative lawmaking, notice and rulemaking, and regulation by multiple government agencies whose missions include overseeing specific industry activities. According to those who have studied this trend, the hard law approach is gradually dying when it comes to certain tech, with the exception of technologies in highly-regulated segments such as autonomous vehicles (e.g., safety regulations) and fintech (e.g., regulatory oversight of distributed ledger tech and cryptocurrencies). Instead, an industry-led self-regulatory multistakeholder process is emerging whereby participants, including government policymakers, come up with consensus-based standards and processes that form a framework for regulating industry activities.

This process is already apparent when it comes to AI. Organizations like the IEEE have produced consensus-style standards for ethical considerations in the design and development of AI systems, and private companies are publishing their views on how they and others can self-regulate their activities, products, and services in the AI space. That is not to say that policymakers will play no role in the governance of AI. The US Congress and New York City, for example, are considering or in the process of implementing multistakeholder task forces for tackling the future of AI, workforce and education issues, and harms caused by machine learning algorithms.

A multistakeholder approach to regulating AI technologies is less likely to stifle innovation and competitiveness compared to a hard law prescriptive approach, which could involve numerous regulatory requirements, inflexible standards, and civil penalties for violations. But some view hard law governance as providing a measure of predictability that consensus approaches cannot duplicate. If multistakeholder governance is in AI’s future, stakeholders will need to develop and adopt meaningful standards and the industry will need to demonstrate a willingness to be held accountable in ways that go beyond simply appeasing vocal opponents and assuaging negative public sentiment toward AI. If they don’t, legislators may feel pressure to take a more hard law tact with AI technologies.

Industry Focus: The Rise of Data-Driven Health Tech Innovation

Artificial intelligence-based healthcare technologies have contributed to improved drug discoveries, tumor identification, diagnosis, risk assessments, electronic health records (EHR), and mental health tools, among others. Thanks in large part to AI and the availability of health-related data, health tech is one of the fastest growing segments of healthcare and one of the reasons why the sector ranks highest on many lists.

According to a 2016 workforce study by Georgetown University, the healthcare industry experienced the largest employment growth among all industries since December 2007, netting 2.3 million jobs (about an 8% increase). Fourteen percent of all US workers work in healthcare, making it the country’s largest employment center. According to the latest government figures, the US spends the most on healthcare per person ($10,348) than any other country. In fact, healthcare spending is nearly 18 percent of the US gross domestic product (GDP), a figure that is expected to increase. The healthcare IT segment is expected to grow at a CAGR greater than 10% through 2019. The number of US patents issued in 2017 for AI-infused healthcare-related inventions rose more than 40% compared to 2016.

Investment in health tech has led to the development of some impressive AI-based tools. Researchers at a major university medical center, for example, invented a way to use AI to identify from open source data the emergence of health-related events around the world. The machine learning system they’d created extracted useful information and classified it according to disease-specific taxonomies. At the time of its development ten years ago, the “supervised” and “unsupervised” natural language processing models were leaps ahead of what others were using at the time and earned the inventors national recognition. More recently, medical researchers have created a myriad of new technologies from innovative uses of machine learning technologies.

What most of the above and other health tech innovations today have in common is what drives much of the health tech sector: lots of data. Big data sets, especially labeled data, are needed by AI technologists to train and test machine learning algorithms that produce models capable of “learning” what to look for in new data. And there is no better place to find big data sets than in the healthcare sector. According to an article last year in the New England Journal of Medicine, by 2012 as much as 30% of the world’s stored data was being generated in the healthcare industry.

Traditional healthcare companies are finding value in data-driven AI. Biopharmaceutical company Roche’s recent announcement that it is acquiring software firm Flatiron Health Inc. for $1.9 billion illustrates the value of being able to access health-related data. Flatiron, led by former Google employees, makes software for real-time acquisition and analysis of oncology-specific EHR data and other structured and unstructured hospital-generated data for diagnostic and research purposes. Roche plans to leverage Flatiron’s algorithms–and all of its data–to enhance Roche’s ability to personalize healthcare strategies by way of accelerating the development of new cancer treatments. In a world powered by AI, where data is key to building new products that attract new customers, Roche is now tapped into one of the largest sources of labeled data.

Companies not traditionally in healthcare are also seeing opportunities in health-related data. Google’s AI-focused research division, for example, recently reported in Nature a promising use of so-called deep learning algorithms (a computation network structured to mimic how neurons fire in the brain) to make cardiovascular risk predictions from retinal image data. After training their model, Google scientists said they were able to identify and quantify risk factors in retinal images and generate patient-specific risk predictions.

The growth of available healthcare data and the infusion of AI health tech in the healthcare industry will challenge companies to evolve. Health tech holds the promise of better and more efficient research, manufacturing, and distribution of healthcare products and services, though some have also raised concerns about who will benefit most from these advances, bias in data sets, anonymizing data for privacy reasons, and other legal issues that go beyond healthcare, issues that will need to be addressed.

To be successful, tomorrow’s healthcare leaders may be those who have access to data that drives innovation in the health tech segment. This may explain why, according to a recent survey, healthcare CIOs whose companies plan spending increases in 2018 indicated that their investments will likely be directed first toward AI and related technologies.

“AI vs. Lawyers” – Interesting Result, Bad Headline

The recent clickbait headline “AI vs. Lawyers: The Ultimate Showdown” might lead some to believe that an artificial intelligence system and a lawyer were dueling adversaries or parties on opposite sides of a legal dispute (notwithstanding that an “intelligent” machine has not, as far as US jurisprudence is concerned, been recognized as having machine rights or standing in state or federal courts).

Follow the link, however, and you end up at LawGeex’s report titled “Comparing the Performance of Artificial Intelligence to Human Lawyers in the Review of Standard Business Contracts.” The 37-page report details a straightforward, but still impressive, comparison of the accuracy of machine learning models and lawyers in the course of performing a common legal task.

Specifically, LawGeex set out to consider, in what they call a “landmark” study, whether an AI-based model or skilled lawyers are better at issue spotting while reviewing Non-Disclosure Agreements (NDAs).

Issue spotting is a task that paralegals, associate attorneys, and partners at law firms and corporate legal departments regularly perform. It’s a skill learned early in one’s legal career and involves applying knowledge of legal concepts and issues to identify, in textual materials such as contract documents or court opinions, specific and relevant facts, reasoning, conclusions, and applicable laws or legal principles of concern. Issue spotting in the context of contract review may simply involve locating a provision of interest, such as a definition of “confidentiality” or an arbitration requirement in the document.

Legal tech tool using machine learning algorithms have proliferated in the last couple of years. Many involve combinations of AI technologies and typically required processing thousands of documents (often “labeled” by category or type of document) to create a model that “learns” what to look for in the next document that it processes. In the LawGeex’s study, for example, its model was trained on thousands of NDA documents. Following training, it processed five new NDAs selected by a team of advisors while 20 experienced contract attorneys were given the same five documents and four hours to review.

The results were unsurprising: LawGeex’s trained model was able to spot provisions, from a pre-determined set of 30 provisions, at a reported accuracy of 94% compared to an average of 85% for the lawyers (the highest-performing lawyer, LawGeex noted, had an accuracy of 94%, equaling the software).

Notwithstanding the AI vs. lawyers headline, LawGeek’s test results raise the question of whether the task of legal issue spotting in NDA documents has been effectively automated (assuming a mid-nineties accuracy is acceptable). And do machine learning advances like these generally portend other common tasks lawyers perform someday being performed by intelligent machines?

Maybe. But no matter how sophisticated AI tech becomes, algorithms will still require human input. And algorithms are a long way from being able to handle a client’s sometimes complex objectives, unexpected tactics opposing lawyers might deploy in adversarial situations, common sense, and other inputs that factor into a lawyer’s context-based legal reasoning and analysis duties. No AI tech is currently able to handle all that. Not yet anyway.