Machine learning and AI

Will a Digital Bill of Rights solve machine learning and privacy issues?

Susan Morrow
November 30, 2021 by
Susan Morrow

AI-enabled systems now touch our daily lives, from image recognition to deciding if we like butter or not. Like a sleepwalking child, humanity seems to be blithely entering the age of the machine without true recourse or balance of needs. Humankind's obsession with technology may be our downfall if we allow it to become our data overlord.

To help redress this balance, a new digital bit of rights is forwarded. But is a bill of rights enough to preserve privacy in an AI-enabled world?

Learn Cybersecurity Data Science

Learn Cybersecurity Data Science

Build your skills using machine learning and other cutting-edge tools to perform various cybersecurity tasks.

The trouble with the all-seeing algorithm

But algorithms are nothing new. The concept of computing a group of variables and their possible inter-relationships to deliver output to solve a puzzle goes back to at least the ninth century. The algorithm has become an evocative word to describe technological advances in the 21st century. However, the application of the algorithm in tech and, in combination with intelligent information systems, is new. The trouble is algorithms come about because people define them. And people are naturally biased. 

Research in behavioral economics and evolutionary anthropology has repeatedly evidenced this human bias towards bias. In the book "Nudge: improving decisions about health, wealth and happiness," the authors conclude that "Hundreds of studies confirm that human forecasts are flawed and biased." If a human being is involved in designing and developing the initial algorithm within a system used for prediction, bias is almost inevitable. Humans just can't help themselves.

Modern algorithms in computing systems are typically based on machine learning (ML). An appropriate machine learning algorithm in these systems is based on different learning models, namely: supervised, unsupervised or semi-supervised. The data to train these algorithms is typically personal, often sensitive.

Two examples of algorithmic faux pas in action

Human beings build algorithms, and algorithms consume human data. The output from this is often less than perfect. Biased decisions and flawed profiling lead to a multitude of data faux pas. Just two examples show the scope of the issues inherent in machine learning-based algorithms that impact human beings:

Exam outcomes: in 2020, an algorithmic debacle ensued in the UK's education sector. The Covid pandemic meant that students could not attend school and were unprepared for the UK GCSE, AS and A level exams. The UK government decided to use an algorithm to score students rather than the normal examination process. The result was a public outcry as around 40% of students received grades lower than predicted. One of the key issues with the algorithm was that it seemed to show bias against working-class children. 

Workers' rights: the misuse of data processing algorithms is an area that is covered by regulations such as the EU's GDPR. In a recent case involving algorithmic profiling, Deliveroo was fined $3 million after their algorithm was found to discriminate against workers. In a similar case, Foodinho was fined $3.1 million for using algorithms that violated workers' rights.

Unfettered algorithmic interpretation of data leads to bias and privacy violations. A digital bill of rights has been proposed in a recent move to redress this.

What is the Digital Bill of Rights?

Aspen Digital launched the Data Stewardship for Good Initiative to collaborate between the Global Inclusive Growth Partnership (GIGP), the Aspen Institute and the Mastercard Center for Inclusive Growth. This initiative is broken into several parts, the first part of which looks at the effects of algorithmic bias on historically excluded communities. 

The paper outlining the first part of the initiative, "Power and Progress in Algorithmic Bias," describes algorithmic bias as "a repeatable error that creates unfair outcomes for certain groups and often manifests within large-scale technology systems." The paper forms the basis for submitting a digital bill of rights that will underpin the ethical use of algorithmic-based technologies. 

The seven tenets of the digital bill of rights, as outlined in this first paper, are as follows:

  1. Clear, transparent and accessible information
  2. Offerings designed to be inclusive and avoid inappropriate bias
  3. Not be subjected to automated algorithmic decision-making related to life-changing effects on consumers' financial status, employment, health or education
  4. Easily correct inaccurate or incomplete information used by automated decision-making systems when creating user profiles
  5. With minimal data collection, privacy is limited only to information necessary to provide goods or services sought
  6. Know when and how personal data is being gathered and used
  7. Influence algorithmic impact assessments and audits

These tenets are backed by practical implementation guidance on achieving algorithm governance and removing bias. These tenets overlap with principles such as privacy by design and privacy regulations like GDPR.

Privacy and algorithms: A black box of tricks

When an algorithm makes decisions about you, they better be well-informed and accurate; otherwise, biases and mistakes slip in. This means that personal data must be collected and interpreted correctly. This fundamental algorithmic behavior creates an imbalance in terms of privacy. 

To understand the implications of AI-enabled algorithms on privacy, you need to detangle the inherent issues of algorithms with their use of personal data. Privacy, it must be noted, is not about hiding information but controlling its use. The GDPR, for example, specifically pulls out "automated decisions" used during profiling as an area that requires privacy regulation. Specifically, GDPR, Article 22 says this:

"The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her."

This Article 22 clause is important because of a machine learning algorithm's inherent black box nature. The need to expand decision-making outside of that black box is crucial to privacy matters. Transparency is the biggest hurdle in resolving the privacy conundrum of algorithmic profiling. The digital bill of rights first tenet, "Clear, transparent, and accessible information," is a laudable goal. However, the very nature of AI-enabled neural network-based algorithms means that this is not achievable directly — you need quality data to make accurate decisions. However, the digital bill of rights is important in creating a foundation to build better algorithms that are inherently privacy respectful. One area that might help offer transparency is the emerging area of explainable AI.

What about explainable AI?

Explainable AI is being developed by companies like IBM and SRI International. Explainable AI is being hailed as a way to look inside the ML black box to build better, more trustable and transparent algorithms. AI explainability can also be a double-edged sword in terms of privacy. As a policy briefing paper by The Royal Society on explainable AI states:

"In areas including healthcare and finance, for example, an AI system might be analyzing sensitive personal data in order to make a decision or recommendation. In considering the type of explainability that might be desirable in these cases, organizations using AI will need to take into account the extent to which different forms of transparency might result in the release of sensitive insights about individuals, or potentially expose vulnerable groups to harm."

This double-edged sword of AI explainability brings us to the essence of what privacy is — privacy is holistic, touching aspects of data across the entire lifecycle from collection to processing. This is where the digital bill of rights comes in. The seven tenets of the bill cover some of the most important aspects of privacy, capturing the negative aspects of digital data before it gets eaten up into an algorithm, whether that be a black box or explainable.

Learn Cybersecurity Data Science

Learn Cybersecurity Data Science

Build your skills using machine learning and other cutting-edge tools to perform various cybersecurity tasks.

Privacy begins at the beginning

The point is privacy begins before the data even hits the algorithm. How you collect data, what you collect and the decision made using these data are as important as the algorithm that crunches these data. The digital bill of rights is based on three pillars: 

  • Fairness
  • Accountability
  • Transparency

These three aspects of digital data must be enshrined in all parts of a system. Meeting the balance of algorithmic accuracy and precision against privacy will not go away; however, a digital bill of rights has an important part in the governance of the algorithms that will dominate our digital interactions in the coming years. The first paper in this digital bill of rights series attests "the challenge is how to make algorithmic systems support human values."



Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.