Industry Committee on Oct. 26th, 2023

Thank you very much for that question.

There are a range of ways in which the AIDA could be improved to facilitate truly responsible AI governance.

The idea of a sandbox is an interesting model. One of the big problems with the ways artificial intelligence tools are currently developed is that they are created and tossed out into the wild, and then we see what happens. A sandbox, to the extent that it would be able to mitigate that kind of risk, is a really interesting concept. I would note that there's absolutely nothing in the current bill that actually fosters the creation of such a sandbox at this time.

Of course, that's only one of the many gaping holes in the truly skeletal structure of AIDA, which, even with some of the potential amendments that have now been floated, still has a long way to go in order to be the effective bill that people across Canada deserve. That is why many of us have actually called for a reset of that bill, rather than a revision. It is so fundamentally flawed that it's hard to imagine how you're going to make it something that truly respects Canadians' rights and truly reassures Canadians that artificial intelligence is a tool that can be used across all sectors of our economy as it is envisioned to be used, safely and with respect for their privacy rights.

We've heard a little bit about reticence risks. I would counter reticence risks, which is a business concept, with social licence. Members of the public are deeply concerned that their information is being collected and used in ways that they don't understand, often without their consent—something the CPPA would facilitate—and for purposes that they disagree with fundamentally.

If we allow our AI act to take that data, collect it in that way, and leverage it in tools that, again, members of the public find difficult to trust, we are not fostering a vibrant innovation economy in Canada; we are fostering a distrustful society that will not believe their government has their back, and we will be genuinely reticent as citizens to use these technologies in a way that we would like to, if we take seriously the idea that this technology has immense potential to improve our world, used responsibly.

I think there's reason for concern based on the load that the commissioner is facing, realistically. We've had a situation for the last number of years with the Privacy Commissioner where findings sometimes run between 12 and 18 months because there simply haven't been the resources to deal with issues.

If this gets interpreted aggressively by organizations to say, “Well, it's impractical to obtain consent, so let's just run off and ask the commissioner”, I think there's a concern that there will be delays, which businesses aren't going to be happy with, but there's also the question of whether this is going to get the sort of study that's necessary.

I'd be curious to hear what some of my colleagues on the panel think.

I think it's positive that the disclosure does need to be made to the commissioner when this happens. However, I think we need to question how much oversight the commissioner can exercise.

Again, this is a point where an interaction between the CPPA and AIDA.... What kinds of research for statistical purposes might organizations make? It might well be to train AI models. We now know from research that when data is used to train an AI, AI systems can retain that data. I believe the technical name is “imprinting”. If you use ChatGPT and you use it hard, you can probably get an AI system to spit that data back, and that's a big problem.

The mere disclosure to the commissioner that this is happening, without some kind of analysis of what the risks are.... This is why I keep coming back to this data protection impact assessment point. It's so important that this weighing occurs. What are the relevant risks?

We want to incentivize research, of course, but let's remember that Cambridge Analytica was a research organization. It was a research disclosure of data that was the beginning of that terrible privacy scandal. That safeguard alone is not enough. I think we need more.

I'm very interested in research. I'm at an academic institution. I want to promote that. It's a very pro-social thing, and there is a real anti-commons problem with trying to get individual consent every time, but the safeguards need to be stronger.

Yes, I think that's right.

Professor Scassa has done a lot of study on that and she is probably ideally suited to comment.

I think you answered the question yourself. It does indeed open the door to very broad interpretation, which I think is a source of concern.

One example would be Clearview AI scraping publicly available information. They scrape photographs of individuals from publicly accessible websites. Then they create biometric face prints of those individuals in order to create their facial recognition database. We all accept.... It's broadly understood in the privacy community that biometric data is sensitive information.

A picture of you receiving an award at a public event or giving a speech as a member of Parliament, for example, is turned into biometric data that populates a facial recognition database. I think it goes from being an innocent photograph to sensitive biometric data very quickly. That's just one example.

Mr. Chair, directly responding to your question, article 9 of the European Union's GDPR is very instructive in this regard, because it says that the processing of personal data that reveals sensitive characteristics is subject to the heightened protections for sensitive data. So, the data may be anodyne at the beginning, but as I tell my privacy law students, what I buy at Loblaws can be very revealing of my health, if I'm buying lots of potato chips and not a lot of fresh fruit. That can become health information through processing and through the correlation of my data on my shopping habits with large-scale statistical studies.

I think that's a very important point that you've raised about protecting what the processing reveals.

Thank you for that question.

I think it's been mentioned already today, but I will repeat it. Merely looking at high-impact systems, however they are defined—and right now that's unclear in the current amendments—is not enough to fully mitigate the risks of AI, particularly the collective risks to communities and groups. That kind of risk, furthermore, is not covered under the current definition of “harm” in the bill, which is focused strictly on individuals and quantitative forms of harm. In looking at how you can restructure that better, you could look at the European act, but I would refer you to something closer to home.

The Toronto Police Service recently did an extensive public consultation and developed rules on artificial intelligence for use by their service. They adopted a tiered approach, where there are some systems that are deemed low-risk, but require an assessment in order to determine that they are so. There are some systems that are deemed medium-risk, and there are different sets of precautions and safeguards in order to ensure that those risks are appropriately analyzed and mitigated prior to the technology being used. There are also systems that are considered high-risk, which have the highest level of protections and safeguards. Then there are systems that are considered beyond the pale. Some systems are considered so risky that it is not appropriate to use them in a country governed by the Charter of Rights and Freedoms and where democratic freedoms are valued.

That's a much more tiered and nuanced approach requiring assessments at different stages, and then proportionate safeguards and restrictions, depending on the level of risk, can be much more finely tuned and much more responsive to the genuine concerns that members of the public have about ways that AI systems can be used for them or against them in violation of their beliefs and values.