Written Evidence Submitted by Dr Guan H Tang et al
(GAI0077)
It is with great pleasure that we are writing to provide evidence on the ‘Governance of AI’ with a focus on measures that could make the use of AI more transparent and explainable to the public.
Transparency and explainability narratives are topical in AI governance discussions. Yet, a real possibility exists that such discussions are simultaneously under and over inclusive. The term “AI” lacks clarity and suffers from overuse. It appears that nearly everything that involves automated use of data and machines falls under the AI umbrella. This may be confusing and sometimes misleading, particularly at a regulatory level. For example, the UK 2018-2019 policy paper, AI Sector Deal, included a case study of Ocado to highlight the readiness of AI, whereas Ocado optimised the logistics management with so-called AI, which was in fact utilisation of big data. Recently, the renowned computer scientist Michael I. Jordan argued to “stop calling everything AI” in reaction to misunderstanding and overuse of the term by technologists, academicians, journalists, and venture capitalists alike.
Recognising the urgent need for the UK government to safeguard transparency and explainability in the application of AI, we present this written evidence, proposing an AI regulatory framework that offers AI a practical legal definition, identifies AI stakeholders and clarifies their liability, and provides legal doctrines most applicable for AI legal relationship. In addition, such framework promotes basic and multidisciplinary research in AI, and advocates for international consensus. Our starting point is the black box and machine learning because it is our intention to demonstrate AI’s characteristic of being mysterious and unexplainable to the public before progressing to the legal concerns of the transparent and explainable use of AI in personal data and IP, areas that are most relevant to the public, and suggesting a proactive approach to the UK AI regulatory framework.
Indeed, the UK government has come a long way to ensure the rule of law is effectively enforced and that the governance of AI is long-lasting. This evidence aims to identify works still needed to be done via a lens of representative key issues and suggests measures to be incorporated based on UK law and principles. And we also examine our objectives in comparative and competition contexts.
Our team has been thus carefully formed to deliver this written evidence, studying AI as part of a broader market regulatory context and with reliable technical benchmarks.
Dr Guan H Tang is Senior Lecturer and Director of Dual LLM in Commercial Law (London/Singapore) at QMUL. She also teaches AI Regulations and co-investigates AI and the regulatory framework with QMUL scientist Professor Greg Slabaugh and SOAS Economist Professor Hong Bo. Tang appreciates disciplinary, legislative and policy diversities and has successfully led complex projects in a multidisciplinary setting. She has been an invited speaker at 18 seminars hosted by leading institutions at national and international level in the past five years, and is Honorary Senior Fellow at the British Institute of International and Comparative Law and Visiting Professor at the China Institute of International Organisations and Global Governance.
Prof Greg Slabaugh is Professor of Computer Vision and AI at QMUL and Director of its newly formed Digital Environment Research Institute (DERI) which brings together world-leading researchers from across faculties to drive new multidisciplinary research in data science and applications of digital technologies. DERI serves as the focal point of digital, data science and AI at QMUL and includes dedicated physical space for 150 staff and wider networks in the university. Slabaugh is a Turing Fellow at the Alan Turing Institute and will serve as a Turing University Lead from July 2021.
Ms Taiwo Fakorede is on route to becoming a qualified lawyer in the UK. She graduated from Queen Mary University, where she obtained her LL.M in Laws focused on commercial and competition law. She is passionate about policymaking, commercial law, and property/intellectual property law.
Mr Brian Leung is a PhD researcher and teaching associate at QMUL. His research focus is on UK and EU copyright and internet law. Brian is also a research assistant for Prof Uma Uthersanen and Prof Gillian Davies on copyright and the public Interest, tutor for EUIPO academy, and editor-in-chief of QMLJ.
Ms Aolan Li is a PhD candidate in Law at QMUL. Her current research interests cover data protection law and information policy. Previously, she practised law as a qualified lawyer and IP consultant in Mainland China, with a focus on data processing and AI regulation.
Ms Jiahui Chen is a PhD student in Law at QMUL. Her current research interests cover AI and intellectual property law. She has interned at the Tencent Research Institute under Tencent Technology Corporation, focusing on AI law, regulation and ethics.
Mr Jude Mbonu is a part time PhD student at QMUL. His research centres on EU Copyright and Digital Platforms Regulation. He currently works with a UK based charity Trust.
Thank you very much for your time and consideration.
Yours sincerely,
Guan H Tang
On behalf of the Queen Mary University of London AI governance Research Team
[Dr Guan H Tang, Centre for Commercial Law Studies, School of Law]
[Prof Greg Slabaugh, School of Electronic Engineering and Computer Science]
[Ms Taiwo Fakorede, Centre for Commercial Law Studies, School of Law]
[Mr Brian Leung, Centre for Commercial Law Studies, School of Law]
[Ms Aolan Li, Centre for Commercial Law Studies, School of Law]
[Ms Jiahui Chen, Centre for Commercial Law Studies, School of Law]
[Mr Jude Mbonu, Centre for Commercial Law Studies, School of Law]
Written Evidence
UK Parliament Call for Evidence – AI Governance: measures that allow the use of AI to be more transparent and explainable to the public
Guan H Tang, Greg Slabaugh, Taiwo Fakorede, Brian Leung, Aolan Li, Jiahui Chen, Jude Mbonu
Queen Mary University of London
Brief Summary
Our written evidence intends to demonstrate the status quo that the concept of AI has not been well defined and thus be confused in practice, the mysterious and unexplainable characteristics of AI application, and the ineffective enforcement of current legislations. Some short-term solutions have been proposed to solve the pressing issues identified in machine learning and deep learning AI, as well as in personal data protection and copyright censorship. Moreover, we urge the UK government to consider a regulatory reform in the long run; from a reactive tactic to a proactive approach, which offers AI a practical legal definition, identifies AI stakeholders and clarifies their liability, and provides clarification for AI legal relationship based on the most applicable legal doctrines.
Opening Remarks
- AI is everywhere. Google Maps, Waze, Siri, and even unlocking an iPhone via facial recognition are examples of everyday AI programmes that the average person uses without understanding what they are and how they work. Indeed, AI is a seismic global change that the UK must respond to and lead.[1] As AI-related productivity could expand the UK economy by £620 billion in 2035[2], the rise of AI creates, amongst others, fundamental regulatory concerns, whilst effective governance or regulation of AI should adhere to the rule of law. This relates to the notion that society should accept and comprehend the norms they must follow, and discussions on AI should be communicated in ways that can engage the public. The UK government has made great efforts to ensure the rule of law is effectively enforced and that the governance of AI is long-lasting. With this in mind, our written evidence highlights legal concerns that are most relevant to the public which surround the transparency and explainable use of AI in data and intellectual property. We identify works still need to be done via a lens of representative key issues and proposes measures to be incorporated. Our starting point is the black box and machine learning because it is our intention to demonstrate AI’s characteristic of being mysterious and unexplainable to the public before progressing to the legal concerns of transparency and explainability in data and IP within AI and suggesting a proactive approach to the UK AI regulatory framework.
The term of AI
- Narratives in AI governance discussions can be simultaneously under- and over-inclusive. For example, the government in its policy paper used Ocado as a case study to highlight how AI can be optimised to facilitate the online supermarket’s logistics management, when in fact, it was more accurate to suggest Ocado was utilising big data.[3] Perhaps this is why Professor Jordan advocates society to ‘stop calling everything AI’, in order to address misconceptions of the nuanced notion of AI.[4] After all, not everything that uses automated data and machines is by default an AI. An overuse of the term ‘AI’ would only be confusing and misleading, particularly from a regulatory perspective.
- AI may be understood as a purposeful arrangement of multidisciplinary technologies piloted by computer science that enables machines to understand, analyse, learn and act at a human intelligence level and beyond. The most powerful AI systems are black box methods making predictions that cannot be explained; for example, the GPT-3 NLP model by OpenAI has 175 billion parameters, which makes understanding how it works very complicated.[5] Such characteristics of AI require a comprehensive regulatory system to allow the use of AI more transparent and explainable to the public.
Machine Learning and Deep Learning AI
- Unquestionably, the public, users of AI have the right to know how the development process, algorithms and machine learning operate. However, in today's competitive marketplace, it is increasingly difficult to educate the public due to the protection of trade secrets. Many consumers need to become more familiar with machine learning, which is a way in which the creator teaches the machine how to learn to do specific tasks. As a subgroup of AI, it is vital to consider the transparency and explainability as it is frequently used in legal and policy-making. Machine learning is only as good as the data used to educate the machine, which affects the general public. Examples of machine learning used in the UK include, Kortical used by the NHS to predict demand and supply levels, video Surveillance which recognises a person’s face, online fraud detections used by banks like Barclays, etc. Transparency of AI is required to ensure the rule of law is followed for the government to build effective legislation against how creators train the machines. The lack of transparency, which leads to consumer ignorance, can violate a range of human rights, including Article 2 of the UDHR, which guarantees individuals the right to enjoy all rights and freedoms without discrimination.[6]
- In America, they have distinguished the types of transparency the government offers to the public. These are fishbowl transparency and reasoned transparency.[7] These need to be intertwined with AI in the UK, changing the nature of fishbowl transparency to AI creators allowing the public to peer inside the machine learning or deep learning process and acquire knowledge about what the machine is doing. Furthermore, concerning reasoned transparency, corporations should be required to explain or emphasise the usefulness of certain information about the machine. For example, concerning machine learning, the creators can go through the process of training the AI as it involves many repetitions and imputing of various data.[8] Many governments and legal bodies are relying on AI for various activities. An example of this is HURIDOCS, which is a sentence classifier helping highlight documents which would be relevant to the user.[9] To maintain the rule of law, the government must create mechanisms for transparency that hold AI inventors and users to the same standards as traditional legislation or guidelines.
- In addition to the AI machines mentioned in the earlier paragraph, another product of deep learning is the introduction of deep fakes, which have led to online misinformation and impersonation. Deep fakes use deep learning AI to replace the likeness of a person with another. It involves fabricating, manufacturing and altering images and videos. It is becoming increasingly difficult to know when an AI agent is used for misinformation or disinformation. As our world is becoming more politically polarised, the appearance of doctored photos and videos reinforces preconceptions or prejudices in the viewer's mind. Hence, misinformation campaigns may benefit significantly because even if the fabricated image or video is discredited, it still causes some harm. As recently as 2022, a deep fake film of President Zelenskyy speaking to Ukrainians about the war was manufactured.[10] Although this deep fake was easy to spot, others have been more realistic making it harder for an average user to spot.[11]
- The deep learning aspect of AI means that there are specific inputs the creators have taught the machine, which can materialise as discrimination. However, despite the stated issue, in countries like Denmark and Hong Kong, the government uses facial-recognition technology (an element of deep learning machines) in their criminal justice system for predictive policing.[12] It may be evident that the UK government will be moving into this type of policing.[13]
- The question of whether humans can even comprehend deep learning materialises since we know the input data and output action or result provided by deep learning AI, but the activity in the black box is much more complex, even for computer engineers.[14] However, the complexity of machine and deep learning has become an excuse for creators to deflect responsibility for their creations. It is also a common belief that the cause of the lack of effective AI regulation is the government's difficulties establishing a breach of duty of care regarding AI. The government needs a firm stance on the question, who is responsible for the explainability and transparency owed to the public? Multiple individuals and establishments can be responsible at the same time. However, as the law currently stands, the user of an AI system like Netflix, Amazon, Volkswagen and even the everyday user is less likely to be at fault than the manufacturers. However, as technology advances, the government must provide clear guidance to users since consumers train AI through the data it inputs through usage. Companies are investing billions to secure competitive advantages, so it needs transparency on how they continue to train the AI or the types of information it inputs as users.
- Explainability in machine learning can be done by the recent term Explainable AI (XAI). XAI is a programme created to help the general public understand and interpret predictions made by deep-learned machines.[15] This is a step that corporations are actively taking to help the public understand more about AI.[16] Another corporation that is involved in educating the public is Google through its ‘Experiments with Google’ in an approachable manner.[17] If corporations and government institutions decide to use AI technology, especially machine learning or deep learning AI, they should know about the technology used and how it works (and educate the public). This is to ensure that any decisions made by the AI are fair, explainable and compliant with the guidance and legislation on ground. The personal data protection section will further discuss the right to know, as compliance with regulations such as GDPR is essential to further transparency and explainability to the public.
Personal Data Protection
- Concerning the training of AI algorithms, the UK General Data Protection Regulation (UK GDPR) requires transparency and explainability in personal data processing. The transparency principle emphasises the quality, accessibility and comprehensibility of the information. When AI is used for automated decision-making that has legal or similarly significant effects on individuals, the processing may fall under Article 22 of the UK GDPR. In that case, it is obligatory that the data subjects to be informed with meaningful information about the algorithm's logic and the process's consequences. Although the UK GDPR does not have an explicit provision, prominent scholars believe that Article 22(3), together with Articles 13(2)(f), 14(2)(g), 15(1)(h) and Recital 71 of the UK GDPR can be deemed as the right to explanation.[18] As the law requires data controllers to explain how and why that conclusion or decision has been reached in respect of the specific data subject.
- To fulfil transparency and explainability requirements in practice, data controllers and processors disclose their data processing in their privacy policies. A large amount of empirical research discovered that while data protection regulation has positive effects e.g. more websites are providing privacy policies to users. It also found that privacy policies have become more and more lengthy and difficult to read over time.[19] An inherent tension exists between providing comprehensive information and doing so in a “concise, transparent, intelligible and easily accessible form.”
- For example, the latest Meta’s privacy policy which went into effect on 26 July 2022 consists of over ten thousand words with over 100 in-text links,[20] which takes 40 minutes to 1 hour to read it through. This is problematic considering the very short average reading time users may spend on reading privacy policies. Researchers suggest that users spend an average reading time of 73 seconds on privacy policies that should have taken 29-32 minutes to read, and most users (74%) just skipped privacy policies.[21] In addition to the length, the contents of Meta’s privacy policy is fragmental and repetitive. There is an obvious gap between the law in book and law in action.
- In response, we suggest that an enforceable measure to improve the transparency and explainability in the use of AI may be to change the current text-based privacy policies to more engaging visual formats. While data controllers are the most desirable party to implement visualisation reform of privacy policies, they probably do not have enough incentives to do so or do it meaningfully. We thus recommend the government to encourage or fund projects that aim at visualising privacy policies.
Misusing AI: Censorship through Intellectual Property
- AI increasingly influences our intellectual property regime in pervasive manners. For example, AI directly and indirectly induces informal and formal censorship via copyright laws. To illustrate the problem, we highlight the following AI driven practices that may impede freedom of expression:
Example 1: AI-driven Takedown Notices and Upload Filters (Informal Censorship)
- Online intermediaries (OCSSPs) are over-removing works from their platforms.[22] This is because some copyright holders misuse AI-driven algorithmic bots to aggressively file takedown notices. At the same time, the legal status of user generated contents remains uncertain, because fair dealing exceptions in CDPA 1988 are arguably ambiguous.[23] As a result, after receiving AI-driven takedown notices, OCSSPs often find it more economical to simply take down any flagged content, rather than conducting further checks. Indeed, a significant number of legally permissible parodies were taken down from Youtube for potentially invalid reasons: some 7.9% of takedowns were not even given any reasons.[24] Similarly, Getty Images, a stock photo agency holding many background images of viral memes, is known for fiercely enforcing copyright. Their frequent and aggressive takedown notices earned the phrase ‘Getty Extortion Letters’.[25]
- Beyond AI-driven takedown notices, another concern is AI-driven blanket upload filters (c.f. Article 17 DSMD). While the UK is not implementing DSMD due to Brexit, the global nature of the internet means regional copyright regulations (e.g., EU) will still affect UK internet users. In this way, by removing safe harbour for OCSSPs, Article 17 DSMD encourages OCSSPs to incorporate AI to police copyright infringements in the form of AI-powered blanket upload filters and what potentially amounts to notice-staydown. In turn, this has a chilling effect on the freedom of expression.[26] Indeed, its copyright post-notification content moderation regime (NTD) has been found to result in many cases of false positives and false negatives.[27] While CJEU noted Article 17 is freedom of information compliant, it assumed AI-driven filtering technology appreciates contextual use. In reality, there is no sufficient evidence that this is the case. Indeed, Facebook for example has yet to release data on the accuracy of their AI-driven monitoring software.[28]
- In response, we suggest it is in the utmost interest of the UK public to be informed of the extent Article 17 DSMD impacts on their free speech on major platforms. It is also helpful to clarify the scope of fair dealing exceptions when it comes to user generated contents. In addition to not rushing to follow EU’s footsteps to remove safe harbour for OCSSPs, we note that current UK AI policies are sector-specific, which renders its execution to be ineffective. Thus, we agree with the House of Lords Liaison Committee that a multisector legislation may better address the multidisciplinary nature of AI and the internet.[29]
Example 2: AI-initiated Copyright Blocking Injunctions (Formal Censorship)
- As discussed, some copyright holders readily use AI-driven algorithmic bots to scan the internet for potentially copyright infringing works. The same happens in domain names, where AI algorithms scan the internet for allegedly copyright infringing domain names so as to block them. Currently, 1311 domain names are blocked by 31 copyright injunctions (against 179 websites).[30] Amongst these blocks, 269 sites (20% of blocks) are blocked with insufficient justification.[31] This is problematic, particularly as copyright blocking injunctions are often open-ended with no expiry date (c.f. perpetual legal power). Indeed, copyright holders can add new domain and IP addresses that are used by an infringing service without further legal review. There is also a lack of transparency since copyright holders and OCSSPs are not obligated to disclose what is blocked.
- In response, we suggest legal reforms should clarify injunction time limits and incorporate mechanisms that ensure the accuracy and reviewability of blocked domains and IP addresses. Alongside, open-ended and unsupervised injunctions should be strictly limited to specific cases. Where injunctions are rendered necessary, it should be mandatory for blocking notices to state who holds the injunction to block the specific URL requested. Decision making processes and outcomes must be transparent: this includes information on what domains and IP addresses are blocked. Blocking notices and court orders should also be publicly available. We believe these measures can better uphold public interest and inspire public confidence in the long run.
Closing Remarks
- We appreciate the government has come a long way to ensuring the rule of law is effectively enforced and that the governance of AI is long-lasting. Our written evidence has identified concerns surrounding the use of AI that relevant to the wide public in everyday life. We hope that the issues highlighted above may be addressed, on the one hand, to allow the use of AI to be more transparent and explainable to the public and, on the other hand, for the betterment of society. We also hope that the UK may take bolder steps to initiate reforms of the AI regulatory framework and to lead the development of AI regulations on the international stage. Such framework will offer a practical legal definition for AI, identify various AI stakeholders and define their liabilities, and clarifies AI legal relationships with the most suitable legal doctrines. Furthermore, we hope the UK AI regulatory framework will promote comparative and multidisciplinary research in AI, which in turn, might inspire international discussions and formulate consensus in the future.
(November 2022)
[1] Department for Business, Energy & Industrial Strategy, ‘Industrial Strategy: building a Britain fit for the
future’ (2017).
[2] Department for Digital, Culture, Media & Sport and Business, ‘Energy & Industrial Strategy’ (2017).
[3] HM Government Policy Paper, AI Sector Deal (2018).
[4] Michael I Jordan, Machine learning: Trends, perspectives, and Prospects (2015).
[5] Adadi et al., “Peeking Inside the Black-Box: A Survey on Explainable Artificial Intelligence (XAI)” (2018) 6 IEEE Access 52138
[6] Carolyn Johnson, ‘Racial bias in a medical algorithm favours white patients over sicker black patients’ (Washington Post, 2019).
[7] David Lehr, ‘Transparency and Algorithmic Governance’ (Uni of Pennsylvania Carey Law School, 2019).
[8] ibid.
[9] https://huridocs.org/.
[10] Sanya Burgess, ‘Ukraine war: Deepfake video of Zelenskyy telling Ukrainians to ‘lay down arms’ debunked’ (Sky news, 17 March 2022).
[11] Rachel Metz, ‘How a deep fake Tom Cruise on TikTok turned into a very real AI company’ (CNN Business, 6 August 2021).
[12] AccessNow, ‘Human Rights In The Age Of Artificial Intelligence’ (2018).
[13] John L.M. McDaniel and Ken G. Pease, ‘Predictive Policing and Artificial Intelligence’ (Routledge, 2021
[14] David Zarley, ‘Can humans figure out how deep learning AI thinks?’ (Freethink, 2020).
[15] Google Cloud, ‘Explainable AI’ <https://cloud.google.com/explainable-ai>.
[16] IBM, ‘<https://www.ibm.com/uk-en/watson/explainable-ai>.
[17] <https://experiments.withgoogle.com/collection/ai>.
[18] Andrew D. Selbst and Julia Powles, ‘Meaningful information and the right to explanation’ (2017) 7 International Data Privacy Law 233; Adrián Todolí-Signes, ‘Algorithms, artificial intelligence and automated decisions concerning workers and the risks of discrimination: the necessary collective governance of data protection’ (2019) 25 Transfer: European Review of Labour and Research 465.
[19] Ryan Amos and others, ‘Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset’ (Proceedings of the Web Conference 2021, New York, April 19–23, 2021).
[20] Meta, ‘Privacy Policy’ (26 July 2022).
[21] Jonathan A. Obar and Anne Oeldorf-Hirsch, ‘The biggest lie on the Internet: ignoring the privacy policies and terms of service policies of social networking services’ (2020) 23 Information, Communication & Society 128.
[22] Daphne Keller, ‘Empirical Evidence of Over-removal by internet companies’ (2021) Stanford Law CIS.
[23] Dinusha Mendis and Martin Kretschmer, ‘The Treatment of Parodies under Copyright Law: A Comparative Review of the Underlying Principles’ UKIPO (January 2013).
[24] Kristofer Erickson and Martin Kretschmer, ‘“This Video Is Unavailable”: Analysing Copyright Takedown of User-Generated Content on YouTube’ (2018) 9 Journal of IP, IT and E-Commerce Law 75.
[25] Claire Jones, ‘One Does Not Simply Post Memes without Reviewing the IP Issues’ [2017] Lexiology.
[26] Maxime Lambrecht, ‘Free Speech by Design: Algorithmic Protection of Exceptions and Limitations in the Copyright DSM Directive’ (2020) 11 JIPITEC 68.
[27] Sharon Bar-Ziv and Niva Elkin-Koren, ‘Behind the Scenes of Online Copyright Enforcement: Empirical Evidence on Notice & Takedown’ (2017) 50 Connecticut Law Review.
[28] João Quintais et al, Copyright Content Moderation in the EU: An Interdisciplinary Mapping Analysis (2022) 268.
[29] House of Lords Liaison Committee, AI in the UK: No Room for Complacency (2020).
[30] Refer to <https://wiki.451unavailable.org.uk/wiki/Main_Page> accessed 24 November 2022.
[31] Refer to <https://www.blocked.org.uk/legal-blocks/errors> accessed 24 November 2022.