White House to Force Companies to Share Artificial-Intelligence Data

https://prospect.org/economy/2023-10-31-white-house-companies-artificial-intelligence-data/



“To realize the promise of AI and avoid the risk, we need to govern this technology.” With that statement, Joe Biden signed an executive order on Monday outlining the federal government’s approach to regulating artificial intelligence. The executive order’s breadth reflects how the White House recognizes that the use of artificial intelligence across the economy is not a tech sector marketing pitch. Instead, the document acknowledges that artificial intelligence’s adoption could leverage immense benefits for the public and productivity gains in the economy, while it’s just as possible that unchecked AI tools could exacerbate already-existing concerns over cybersecurity, data privacy, discrimination, and the exploitation of consumers. That balancing act—how to maximize the promise of the technology while minimizing the risk—is at the heart of the administration’s strategy.

The biggest impediment to such an approach is actually knowing what the tech companies have in mind. So the administration turned to a novel application of existing law to make sure that the AI era doesn’t feature the usual move-fast-and-break-things ethos of Silicon Valley, where forgiveness is sought instead of permission. Using powers under the Defense Production Act, the government will require any company building an AI model that has “national security, national economic security, or national public health and safety” implications to notify the federal government and give up the results of all risk assessments and safety tests. That’s broad enough to encompass virtually any large-scale AI model.

Those assessments, known as “red-teaming,” involve tests to identify flaws and vulnerabilities in AI models. They are usually closely guarded corporate secrets. The Prospect wrote last month about how autonomous-vehicle companies operating in California refused to release safety information to the public via public records requests. The state Department of Motor Vehicles has subsequently suspended one company, Cruise, from operating on California roads, after it withheld video of a pedestrian crash. Under this executive order, within 90 days, risk and safety information will have to be presented to the federal government in advance. It firmly designates who holds the regulatory power for AI, and subordinates the tech companies to the regulators. Tech companies were not told in advance about this provision, according to published reports.

The National Institute of Standards and Technology (NIST), located within the Commerce Department, will establish standards AI systems must reach before being publicly released. That includes standards for red-team testing and availability for so-called “testbeds” to support the practices. The standard-setting also includes expansions of NIST’s existing risk management and software development guidelines, as well as guidance for how to audit AI capabilities. A relatively obscure agency, NIST will take on new significance with this responsibility. NIST has 270 days to develop these standards, in coordination with the Secretary of Commerce and the Departments of Energy and Homeland Security.

snip