On Tuesday October 4, 2022, the White House Office of Science and Technology Policy (“OSTP”) released a document entitled “Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People” (the “Blueprint”) together with a companion document “From Principles to Practice: A Technical Companion to the Blueprint for an AI Bill of Rights” (the “Technical Companion”).
Non-Binding “Guidance”
OSTP included a “Legal Disclaimer” which attempts to soften the impact of the release, describing it as a “white paper.” OSTP states that the Blueprint is “non-binding and does not constitute US government policy” and “does not supersede, modify, or direct an interpretation of any existing statute, regulation, policy, or international instrument.” While the Foreword to the Blueprint states that it is intended to provide “guidance” in connection with automated systems, the Legal Disclaimer clearly states that the Blueprint “does not constitute binding guidance for the public or Federal agencies and therefore does not require compliance with the principles described herein.”
Five “Principles”
The Blueprint and Technical Companion describe five principles and associated practices “to help guide the design, use, and deployment of automated systems.” The five principles are
- Safe and Effective Systems;
- Algorithmic Discrimination Protections;
- Data Privacy;
- Notice and Explanation; and
- Human Alternatives, Consideration, and Fallback.
While these five principles often overlap, they combine concepts relevant to employment law and data privacy that are also relevant to the evolving legal landscape around the use of artificial intelligence and automated systems.
OSTP intends the Blueprint to apply broadly, demonstrated by how it defines “automated system” as “any system, software, or process that uses computation as whole or part of a system to determine outcomes, make or aid decisions, inform policy implementation, collect data or observations, or otherwise interact with individuals and/or communities.” The “Definitions” section notes that automated systems may include, but are not limited to, those derived from machine learning or artificial intelligence.
Principle 1: “Safe and Effective Systems”
The first principle, “Safe and Effective Systems,” states that automated systems should be “developed in consultation from diverse communities, stakeholders, and domain experts” and should “undergo pre-deployment testing, risk identification and mitigation, and ongoing monitoring.” The Technical Companion highlights that the National Institute of Standards and Technology (NIST) is also developing a risk management framework to better manage risks posed by Artificial Intelligence.
Principle 2: “Algorithmic Discrimination Protections”
Under the second principle, “Algorithmic Discrimination Protections,” Americans “should not face discrimination by algorithms and systems should be used and designed in an equitable way.” This principle also states that “independent evaluation and plain language reporting in the form of an algorithmic impact assessment, including disparity testing results and mitigation information, should be performed and made public whenever possible[.]” The Technical Companion describes a handful of examples, such as “a hiring tool that learned the features of a company’s employees (predominantly men) rejecting women applicants for spurious and discriminatory reasons; [and] resumes with the word ‘women’s,’ such as ‘women’s chess club captain,’ were penalized in the candidate ranking.”
Principle: 3: “Data Privacy”
The third principle, “Data Privacy,” provides that “[y]ou should be protected from abusive data practices via built-in protections and you should have agency over how data about you is used.” This principle encourages designers, developers, and deployers of automated systems to request permission and respect decisions regarding “collection, use, access, transfer, and deletion of your data[.]” The Technical Guidance cautions against companies using “surveillance software to track employee discussions about union activity.” It encourages privacy by design when designing automated systems, and champions extra protections for “sensitive domains” including “health, employment, education, criminal justice, and personal finance” related data.
Principle 4: “Notice and Explanation”
Pursuant to the fourth principle, “Notice and Explanation,” Americans “should know that an automated systems is being used, and understand how and why it contributes to outcomes that impact you.” The principle encourages clear documentation regarding how the system works, and publicly reporting summaries of the automated systems. The Technical Guidance notes that notice has “long been a standard practice, and in many cases is a legal requirement[.]” The Technical Guidance also calls attention to the Illinois Biometric Information Privacy Act, which contains a notice requirement, and a California law requiring warehouse employees to be provided with notice and explanation about use of quota systems, which are “often facilitated by algorithmic monitoring systems.”
Principle 5: “Human Alternatives, Consideration, and Fallback”
The fifth principle, “Human Alternatives, Consideration, and Fallback,” states that “[y]ou should be able to opt out, where appropriate, and have access to a person who can quickly consider and remedy problems you encounter.” The Technical Guidance provides the example of an unemployment benefits system in Colorado which required applicants to have a smartphone to verify their identity but provided no alternative option. The Technical Guidance encourages the use of brief, clear, and accessible ways to opt out of automated systems in favor of human alternatives, where doing so would be timely and effective.
Conclusion
The Blueprint represents a significant effort by the White House to guide private industry and state and local governments in developing practices and policies around the use of automated systems. While it is expressly non-binding, it will likely provide a framework for drafts of future legislation. Some jurisdictions, just as New York City, Illinois, and Maryland, have already passed laws directed at certain automated systems. The Blueprint may encourage other jurisdictions to pass laws and regulations governing the same.
Blog Editors
Authors
- Member of the Firm
- Member of the Firm