UK ICO and The Alan Turing Insitute Issue Draft Guidance on Explaining Decisions Made by AI

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI.  The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.  Among other things, the guidance sets out key principles to follow and steps to take when explaining AI-assisted decisions — including in relation to different types of AI algorithms — and the policies and procedures that organizations should consider putting in place.

The draft guidance builds upon the ICO’s previous work in this area, including its AI Auditing Framework, June 2019 Project ExplAIN interim report, and September 2017 paper ‘Big data, artificial intelligence, machine learning and data protection’.  (Previous blog posts that track this issue are available here.)  Elements of the new draft guidance touch on points that go beyond narrow GDPR requirements, such as AI ethics (see, in particular, the recommendation to provide explanations of the fairness or societal impacts of AI systems).  Other sections of the guidance are quite technical; for example, the ICO provides its own analysis of the possible uses and interpretability of eleven specific types of AI algorithms.

Organizations that develop, test or deploy AI decision-making systems should review the draft guidance and consider responding to the consultation. The consultation is open until January 24, 2020.  A final version is expected to be published later next year.

Continue Reading

New E-Privacy Proposal on the Horizon?

On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November 27.

The proposed Regulation is intended as a replacement to the existing e-Privacy Directive, which sets out specific rules for traditional telecoms companies, in particular requiring that they keep communications data confidential and free from interference (e.g., preventing wiretapping).  It also sets out rules that apply regardless of whether a company provides telecoms services, including restrictions on unsolicited direct marketing and on accessing or storing information on users’ devices (e.g., through the use of cookies and other tracking technologies).

Continue Reading

AI Update: NIST Seeks Public Comment on Taxonomy of Adversarial Machine Learning

Last month, NIST released its Draft NISTIR 8269, A Taxonomy and Terminology of Adversarial Machine Learning.

The taxonomy is intended to assist researchers and practitioners in developing a common lexicon around Adversarial Machine Learning, with the goal of setting standards and best practices for managing the security of Artificial Intelligence (“AI”) systems against attackers. Continue Reading

IoT Update: FCC Proposes New Spectrum Plan for Vehicle Safety and Unlicensed Uses

With all the current excitement around emerging high-tech autonomous vehicles and internet of things (IoT) devices, it may surprise some observers that around 20 years ago the Federal Communications Commission (FCC), at Congress’s direction, was already taking some important steps with respect to these technologies.  Most notably, the FCC set aside the 5.9 GHz band, which is a swath of highly-valued mid-band spectrum, for vehicle related communications and transportation safety features.  At that time, the FCC pursued Dedicated Short Range Communications (DSRC) as the standard to develop critical safety services, but over time, similar technologies outside of the 5.9 GHz band have developed.  More recently, a number of manufacturers and developers have been focused on a new technology called Cellular Vehicle to Everything (C-V2X), which proponents argue should be the standard going forward.

The FCC has decided to weigh in on the issues in the 5.9 GHz band in a draft notice of proposed rulemaking (NPRM) to be voted on at its December 12 Commission Open Meeting.  The 5.9 GHz band has been a political issue subject to disagreements among the FCC, Department of Transportation, and members of Congress on both sides of the aisle, regarding the best path forward, which technologies should be pursued, and whether there is enough spectrum that can safely be shared among different use cases.  Continue Reading

Certiorari Granted in Google LLC v. Oracle America, Inc.

On November 15, the Supreme Court granted certiorari in Google LLC v. Oracle America, Inc., No. 18-956. The two questions presented before the Court are (1) whether “copyright protection extends to a software interface,” and (2) whether, as the jury found, that Google’s “use of a software interface in the context of a creating a new computer program constitutes fair use.” Continue Reading

AI/IoT Update: UK’s Information Commissioner issues opinion on use of live facial recognition technology by police forces

On October 31, 2019, Elizabeth Denham, the UK’s Information Commissioner issued an Opinion and an accompanying blog urging police forces to slow down adoption of live facial recognition technology and take steps to justify its use.  The Commissioner calls on the UK government to introduce a statutory binding code of practice on the use of biometric technology such as live facial recognition technology.  The Commissioner also announced that the ICO is separately investigating the use of facial recognition by private sector organizations, and will be reporting on those findings in due course.

The Opinion follows the ICO’s investigation into the use of live facial recognition technology in trials conducted by the Metropolitan Police Service (MPS) and South Wales Police (SWP).  The ICO’s investigation was triggered by the recent UK High Court decision in R (Bridges) v The Chief Constable of South Wales (see our previous blog post here), where the court held that the use of facial recognition technology by the South Wales Police Force (“SWP”) was lawful.

The ICO had intervened in the case.  In the Opinion, the Commissioner notes that, in some areas, the High Court did not agree with the Commissioner’s submissions.  The Opinion states that the Commissioner respects and acknowledges the decision of the High Court, but does not consider that the decision should be seen as a blanket authorization to use live facial recognition in all circumstances.

Continue Reading

IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices

Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019. Continue Reading

AI/IoT Update: UK Law Commission Launches Second Consultation on Automated Vehicles

On 16 October 2019, the Law Commission of England and Wales – jointly with the Scottish Law Commission – launched a second public consultation on the regulatory framework for Highly Automated Road Passenger Services, or “HARPS”.  “HARPS” is a new term that the Law Commissions have coined for highly automated vehicles that provide road journeys to passengers without a human driver in charge.

The current consultation focuses on whether HARPS operators should be subject to a national licensing scheme, and the conditions that they should meet to obtain a license.  Specifically, the Law Commissions are seeking stakeholders’ views on whether such a scheme should be set up, how the scope of the scheme — and the term “HARPS operator” — should be defined, and the obligations that HARPS operators should be required to meet.

Continue Reading

AI and IoT Legislative Developments: Third Quarter 2019

Federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the third quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our third AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”).

Continue Reading

AI/IoT Update: Connected and Automated Vehicles Webinar Series: EU Key Developments PART 2

Earlier this month, Covington’s Brussels, Frankfurt and London offices hosted a webinar on EU regulatory developments impacting connected and automated vehicles (CAVs). The seminar attracted participants from across the globe, predominantly from tech and automotive industries. This post features an overview of the sections on CO2 pooling, transmission standards: WiFi and 5G, EV chargers and some concluding statements. Part 1 focused on topics around CAVs and data. Continue Reading

LexBlog