Privacy issues sit at the forefront of online activity, business actions, and government decisions. This is largely in response to the breaches, scandals, and personal data leaks that have eroded confidence in technology and information systems.
The National Security Telecommunications Advisory Committee's (NSTAC) Report to the President on a Cybersecurity Moonshot says that privacy is a crucial component of cybersecurity and that we must flip the narrative to restore the trust Americans place in information systems. To achieve this, by 2028, Americans need to be “guaranteed” that technological advancements will no longer threaten privacy but will instead enhance privacy assurance through the safety and security of their personal data.
One critical element in future technology advancements and online security is the increased development of artificial intelligence (AI). However, privacy principles must be considered early on in the AI development process to balance technological benefits while preserving privacy.
Privacy Considerations for AI
Let’s take a moment to explore the implications and potential repercussions of increased online AI implementation. Although it seems futuristic, when AI begins to “think” as humans do, or even in place of humans, it could threaten three central privacy principles—data accuracy, protection, and control:
- Data accuracy: For AI to produce accurate outputs, algorithms must contain large and representative data sets. Underrepresentation of certain groups in data sets can result in inaccurate outcomes and even harmful decisions. This algorithmic bias is often created unintentionally. For example, researchers have found that smart speakers fail to understand female or minority voices because the algorithms are built from databases containing primarily white male voices. With this in mind, what would happen if we trusted AI to take our 911 calls?
- Data protection: Although large data sets produce more accurate and representative results, they run a higher privacy risk if they are breached. Even seemingly anonymized personal data can easily be de-anonymized by AI. Specifically, researchers have found there is minimal anonymity in even coarse data sets, resulting in up to 95 percent reidentification. Together, this means that you could run the risk of being easily identified and have your data leaked if privacy considerations are not taken into account. Using AI also can lead to red flags when utilized to process taxes and analyze federal benefits eligibility.
- Data control: When AI starts to see and define patterns, it draws conclusions and can make decisions about you to make your online experience easier or more robust. However, when AI yields false or unfavorable results, it raises questions whether the decisions were made fairly. For example, AI used to score credit risks can unintentionally cut the credit lines of individuals who fit certain profiles. These decisions can happen without your knowledge, consent, or choice, especially if the data driving these decisions is collected without your knowledge. What's more, AI can infer further details about you, such as your political leanings, race, and religion, even if you never broadcast these details online.
The bottom line is that personal data can be used, and sometimes used against you, without any control. The good news is that developers can minimize privacy challenges in the development stage, well before production. This way, we can still realize the technological benefits of AI without infringing on individuals’ privacy. To help increase privacy, we propose adding AI to your organization’s data governance strategy and assigning resources not just to AI product development, but AI privacy, security, and monitoring. Further ways to protect privacy in AI include:
- Use good data hygiene. Only the data types necessary to create the AI should be collected, and the data should be kept secure and only maintained for as long as is necessary to accomplish the purpose.
- Use good data sets. Developers should build AI using accurate, fair, and representative data sets. Where possible, developers should build AI algorithms that will audit and ensure the quality of other algorithms.
- Give users control. Users should know when their data is being used, whether AI is being used to make decisions about them, and whether their data is being used in the creation of AI. They should also be given a choice to consent to such data use.
- Reduce algorithmic bias. Ensure that data sets are broad and inclusive when "teaching" AI. Algorithmic bias present challenges most commonly for women, minorities, and groups (e.g., individuals with vocal impairments, elderly) that comprise only a small portion of the technology workforce.