How can Congress regulate AI? Erect guardrails, ensure accountability and address monopolistic power
- Written by Anjana Susarla, Professor of Information Systems, Michigan State University
Takeaways:
A new federal agency to regulate AI sounds helpful but could become unduly influenced by the tech industry. Instead, Congress can legislate accountability.
Instead of licensing companies to release advanced AI technologies, the government could license auditors and push for companies to set up institutional review boards.
-
The government hasn’t had great success in curbing technology monopolies, but disclosure requirements and data privacy laws could help check corporate power.
OpenAI CEO Sam Altman urged lawmakers to consider regulating AI during his Senate testimony[1] on May 16, 2023. That recommendation raises the question of what comes next for Congress. The solutions Altman proposed – creating an AI regulatory agency and requiring licensing for companies – are interesting. But what the other experts on the same panel suggested is at least as important: requiring transparency on training data[2] and establishing clear frameworks for AI-related risks[3].
Another point left unsaid was that, given the economics of building large-scale AI models, the industry may be witnessing the emergence of a new type of tech monopoly.
As a researcher who studies social media and artificial intelligence[4], I believe that Altman’s suggestions have highlighted important issues but don’t provide answers in and of themselves. Regulation would be helpful, but in what form? Licensing also makes sense, but for whom? And any effort to regulate the AI industry will need to account for the companies’ economic power and political sway.
An agency to regulate AI?
Lawmakers and policymakers across the world have already begun to address some of the issues raised in Altman’s testimony. The European Union’s AI Act[5] is based on a risk model that assigns AI applications to three categories of risk: unacceptable, high risk, and low or minimal risk. This categorization recognizes that tools for social scoring by governments[6] and automated tools for hiring[7] pose different risks than those from the use of AI in spam filters, for example.
The U.S. National Institute of Standards and Technology likewise has an AI risk management framework[8] that was created with extensive input[9] from multiple stakeholders[10], including the U.S. Chamber of Commerce and the Federation of American Scientists, as well as other business and professional associations, technology companies and think tanks.
Federal agencies such as the Equal Employment Opportunity Commission[11] and the Federal Trade Commission[12] have already issued guidelines on some of the risks inherent in AI. The Consumer Product Safety Commission and other agencies have a role to play as well.
Rather than create a new agency that runs the risk of becoming compromised[13] by the technology industry it’s meant to regulate, Congress can support private and public adoption of the NIST risk management framework[14] and pass bills such as the Algorithmic Accountability Act[15]. That would have the effect of imposing accountability[16], much as the Sarbanes-Oxley Act[17] and other regulations transformed reporting requirements for companies. Congress can also adopt comprehensive laws around data privacy[18].
Regulating AI should involve collaboration among academia, industry, policy experts and international agencies. Experts have likened this approach to international organizations[19] such as the European Organization for Nuclear Research, known as CERN, and the Intergovernmental Panel on Climate Change[20]. The internet has been managed by[21] nongovernmental bodies involving nonprofits, civil society, industry and policymakers, such as the Internet Corporation for Assigned Names and Numbers[22] and the World Telecommunication Standardization Assembly[23]. Those examples provide models for industry and policymakers today.
Licensing auditors, not companies
Though OpenAI’s Altman suggested that companies could be licensed to release artificial intelligence technologies to the public, he clarified that he was referring to artificial general intelligence[24], meaning potential future AI systems with humanlike intelligence that could pose a threat to humanity. That would be akin to companies being licensed to handle other potentially dangerous technologies, like nuclear power. But licensing could have a role to play well before such a futuristic scenario comes to pass.
Algorithmic auditing would require credentialing[25], standards of practice and extensive training. Requiring accountability is not just a matter of licensing individuals but also requires companywide standards and practices.
Experts on AI fairness contend that issues of bias and fairness in AI cannot be addressed by technical methods alone but require more comprehensive risk mitigation practices such as adopting institutional review boards for AI[26]. Institutional review boards in the medical field help uphold individual rights, for example.
Academic bodies and professional societies have likewise adopted standards for responsible use of AI, whether it is authorship standards for AI-generated text[27] or standards for patient-mediated data sharing in medicine[28].
Strengthening existing statutes on consumer safety, privacy and protection while introducing norms of algorithmic accountability would help demystify complex AI systems. It’s also important to recognize that greater data accountability and transparency may impose new restrictions on organizations.
Scholars of data privacy and AI ethics have called for “technological due process[29]” and frameworks to recognize harms of predictive processes. The widespread use of AI-enabled decision-making in such fields as employment, insurance and health care calls for licensing and audit requirements[30] to ensure procedural fairness and privacy safeguards.
Requiring such accountability provisions, though, demands a robust debate[31] among AI developers, policymakers and those who are affected by broad deployment of AI. In the absence of strong algorithmic accountability practices[32], the danger is narrow audits that promote the appearance[33] of compliance.
AI monopolies?
What was also missing in Altman’s testimony is the extent of investment[34] required to train large-scale AI models, whether it is GPT-4[35], which is one of the foundations of ChatGPT[36], or text-to-image generator Stable Diffusion[37]. Only a handful of companies, such as Google, Meta, Amazon and Microsoft, are responsible for developing the world’s largest language models[38].
Given the lack of transparency in the training data used by these companies, AI ethics experts Timnit Gebru, Emily Bender and others have warned that large-scale adoption of such technologies without corresponding oversight risks amplifying machine bias at a societal scale[39].
It is also important to acknowledge that the training data for tools such as ChatGPT includes the intellectual labor of a host of people such as Wikipedia contributors, bloggers and authors of digitized books. The economic benefits from these tools, however, accrue only to the technology corporations.
Proving technology firms’ monopoly power can be difficult, as the Department of Justice’s antitrust case against Microsoft[40] demonstrated. I believe that the most feasible regulatory options for Congress to address potential algorithmic harms from AI may be to strengthen disclosure requirements for AI firms and users of AI alike, to urge comprehensive adoption of AI risk assessment frameworks, and to require processes that safeguard individual data rights and privacy.
References
- ^ his Senate testimony (techpolicy.press)
- ^ requiring transparency on training data (techpolicy.press)
- ^ establishing clear frameworks for AI-related risks (techpolicy.press)
- ^ studies social media and artificial intelligence (scholar.google.com)
- ^ European Union’s AI Act (artificialintelligenceact.eu)
- ^ social scoring by governments (www.politico.eu)
- ^ automated tools for hiring (doi.org)
- ^ AI risk management framework (www.nist.gov)
- ^ extensive input (www.responsible.ai)
- ^ multiple stakeholders (www.natlawreview.com)
- ^ Equal Employment Opportunity Commission (www.eeoc.gov)
- ^ Federal Trade Commission (www.ftc.gov)
- ^ risk of becoming compromised (direct.mit.edu)
- ^ NIST risk management framework (www.ai.gov)
- ^ Algorithmic Accountability Act (www.congress.gov)
- ^ imposing accountability (hbr.org)
- ^ the Sarbanes-Oxley Act (www.law.cornell.edu)
- ^ adopt comprehensive laws around data privacy (openyls.law.yale.edu)
- ^ international organizations (techpolicy.press)
- ^ Intergovernmental Panel on Climate Change (www.nature.com)
- ^ managed by (www.fcc.gov)
- ^ Internet Corporation for Assigned Names and Numbers (www.icann.org)
- ^ World Telecommunication Standardization Assembly (www.itu.int)
- ^ referring to artificial general intelligence (techpolicy.press)
- ^ would require credentialing (hbr.org)
- ^ adopting institutional review boards for AI (hbr.org)
- ^ authorship standards for AI-generated text (factor.niehs.nih.gov)
- ^ standards for patient-mediated data sharing in medicine (pubs.rsna.org)
- ^ technological due process (digitalcommons.law.uw.edu)
- ^ licensing and audit requirements (www.microsoft.com)
- ^ robust debate (doi.org)
- ^ absence of strong algorithmic accountability practices (doi.org)
- ^ narrow audits that promote the appearance (carrcenter.hks.harvard.edu)
- ^ extent of investment (www.wsj.com)
- ^ GPT-4 (openai.com)
- ^ ChatGPT (openai.com)
- ^ Stable Diffusion (stablediffusionweb.com)
- ^ developing the world’s largest language models (www.politico.com)
- ^ amplifying machine bias at a societal scale (doi.org)
- ^ against Microsoft (www.ftc.gov)
- ^ signing up for our newsletter series of four emails (memberservices.theconversation.com)
- ^ TheConversation.com (theconversation.com)
Authors: Anjana Susarla, Professor of Information Systems, Michigan State University