Sunday, October 6, 2024

The Evolution Of A Federal Generative AI Bill: What Needs To Be Done

 


One thing that I have written about extensively are the data privacy laws that not only the United States has enacted, but also other nations.  While the intention of them is to give consumers the right to know what is happening with their datasets, but to also make sure that the companies that are the stewards have deployed more than enough controls to make sure that the datasets are as protected as possible.

While this is of course a huge step forward, there is just one huge problem:  There is no uniformity amongst them.  Take for example our own 50 states.  Because of this lack of centralization, each one of them is producing their own version of a data privacy law. 

So, if a business were to conduct financial transactions with customers in all of the states, are they bound to each one?  This is a very murky area in which there no clear-cut answers, and unfortunately, will not be so for a long time to come.

Now, as Generative AI is coming into the fold of our society, it appears that each state now is producing their laws in an effort to protect consumers and their datasets, in the very same manner as they have approached data privacy laws.

One such example of this is California.  A number of years ago, they passed the CCPA. Now, they have produced their own Generative AI bill, which was designed to do the following:

*Create a comprehensive regulatory framework to govern the use of Generative AI, in all foreseeable aspects.

*Create a set of standards and best practices to ensure that the datasets the models use are not prone to security breaches.

This became known officially as Senate Bill 1047.  But believe it or not, the governor of California, Gavin Newsom, rejected the passage of this bill.  Why did he do this, you might be asking?  Well, here are his direct words:

““While well-intentioned, SB-1047 does not take into account whether an AI system is deployed in high-risk environments, or involves critical decision-making or the use of sensitive data," Newsom wrote. "Instead, the bill applies stringent standards to even the most basic functions — so long as a large system deploys it. I do not believe this is the best approach to protecting the public from real threats posed by the technology."”

(SOURCE:  https://www.darkreading.com/application-security/calif-gov-vetoes-ai-safety-bill)

Here are other reasons why he rejected this bill:

*The emphasis of it was purely on large scale Generative AI models.  There also needs to be a focus on more specialized models, which serve different purposes.

*The bill appeared to be too stringent to the governor.  His reason for this was that it could stifle innovation and ideas.  To counter this, he proposed that a much more flexible approach needs to be taken, and that each model should be taken into account on a case-by-case basis.

*The bill did not address the deployment of Generative AI in those environments that are deemed to be of high risk. 

As a result of this, the following pieces of advice were offered for consideration:

*Create a joint task force that includes a representative sample who will be involved in this process.  This will include people all the way from consumers to the private sector, to academia, and all levels of both the state and federal governments.

*The focus of Generative AI should on the size and the resources that the models use, but rather, there needs to be a huge emphasis on the risks that are borne from using AI to begin with.

*Implement a process where the any passed legislation on Generative AI can be updated as the technology evolved and advances.  Of course, as we know from the efforts in doing this for Cybersecurity, this is very tall order to fill.  In other words, the passage of any updates simply will not keep up with the pace of the rapid advances being made in Generative AI.

*It is highly recommended that any new bill that is presented to the governor for signing be modeled after the bill that the European Union (EU) recently passed.  This is known as the “EU Artificial Intelligence Act”, and is actually highly regarded as a comprehensive approach to regulating Generative AI.  More details about this can be seen at the link below:

https://artificialintelligenceact.eu/

My Thoughts On This:

This is bill that was rejected by the governor of California was officially known as the “Safe and Secure Innovation for Frontier Artificial Intelligence Models Act.”  Many people supported the passage of this bill (even Elon Musk), but there was also a fair share that rejected it as well.  It has been viewed as a good step forward, but of course, a lot of work still needs to be done on, as I have eluded to previously.

The bottom line is that creating any kind of regulatory bill on Generative AI is going to be very complicated.  For example, it is not just a few segments of American society that are impacted by Generative AI.  Rather it is the entire population and almost every business. 

Also, there are too many unknowns and variables that are involved in the actual creation of a Generative AI model, and the list here will just keep on growing.

On a very macro level, my thinking is that we simply need to have a Department of Cybersecurity created, in the very same manner that the Department of Homeland Security was right after 9/11.  But, we should not wait for a disaster to happen in Generative AI in order for this to happen.  The federal government needs to act now in order to start this effort.

Under this newly created department,  Generative AI would also fit into here as well.  This will not only lead to a centralization of the data privacy laws, but it will also lead to the same result for Generative AI.  Apart from this, we need to start simple first. 

Let us draft a bill that details a framework for all aspects of AI, such as Computer Vision, Natural Language Processing, Large Language Models, Neural Networks, Machine  Learning, etc.

The bottom line here is that Generative AI is not a field all in its own world.  It includes all of these aspects.  What impacts one area will have a cascading effort on the other as well.  Then over time, updates should be added to this framework, which although will take a very long time to accomplish, I am a huge proponent of it.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...