Thank you very much for the opportunity to appear.
I am senior counsel at McCarthy Tétrault, with a practice focused on technology, intellectual property and privacy. I'm the author of several books in the field, including an eight-volume treatise on computer, Internet and electronic commerce law. I'm here in my personal capacity.
Although my remarks will focus on AIDA, I've submitted to the clerk articles published related to CPPA and AIDA, which contain much-needed improvements. You can see that my submission is substantial.
My remarks are going to focus on AIDA, as I've mentioned. In my view, AIDA is fundamentally flawed.
Any law that is intended to regulate an emerging transformative technology like AI should meet certain basic criteria. It should protect the public from significant risks and harms and be effective in promoting and not hindering innovation. It must also be intelligible—that is, members of Parliament and the public must be able to know what is being regulated and how the law will apply. It must respect parliamentary sovereignty and the constitutional division of powers and employ an efficient and accountable regulatory framework. AIDA either fails or its impact is unknowable in every respect.
AIDA has no definition of “high-impact system”, and even with the minister's letter that was delivered, has no criteria and no guiding principles for how AI systems will be regulated. We don't know what the public will be protected from, how the regulations will affect innovation or what the administrative monetary penalties will be. We know that fines for violating the regulations can reach $10 million or 3% of gross revenues, but we have no idea what the regulations will require that will trigger the mammoth fines against both small and large businesses that operate in this country.
In short, none of the key criteria to assess AIDA are knowable. In its current form, AIDA is unintelligible.
AIDA is, in my view, an affront to parliamentary sovereignty. AIDA sets a dangerous precedent. What will be next? Fiat by regulation for quantum computing, blockchain, the climate crisis or other threats? We have no idea.
AIDA also invokes a centralized regulatory framework that leaves all regulation to ISED. This departs from the sensible, decentralized, hub and spoke pro-innovation approach being taken so far in the United Kingdom and the United States, which leverages existing agencies and their expertise and avoids overlapping regulation. It recognizes that AI systems of all types will pervade all aspects of society and that one regulatory authority alone is ill-suited to regulate them. Rather, what is needed is a regulatory framework for a centralized body that sets standards and policies, coordinates regulation within Canada and internationally, and has a mechanism for addressing areas where there are gaps, if there are any.
AIDA also paves the way for a bloated and unaccountable bureaucracy within ISED. ISED will make and enforce the regulations, and they will be administered and enforced by the AI and data commissioner, who is not accountable to Parliament like the Privacy Commissioner. The commissioner is also not subject to any express judicial oversight, even though the commissioner has the power to shut down businesses and to levy substantial fines.
Last, a major problem with AIDA is that its lack of intelligibility and guiding principles make it impossible to evaluate its impact on innovation. We need to recognize that Canada is a middle country. It is risky for Canada to be out in front of our major trading partners with a law that may not be interoperable with those of our partners and may inadvertently and unnecessarily create barriers to trade. Our AI entrepreneurs are heavily dependent on being able to access and exploit AI models like ChatGPT from the United States. We should not risk creating obstacles that inhibit adoption, the realizing of the maximum potential of AI or the continued growth of AI and the ecosystem and the high-paying jobs it will create.
AI is going to be as transformative and as important as the steam engine, electricity and the microchip in prior generations. Canadian organizations in all sectors need open access to AI systems to support adoption and innovation and to be competitive in world markets. If we fail to get this right, there could be significant long-term detrimental consequences for this country.
To go back to my first point, there is nothing in AIDA to provide comfort that these risks will be avoided. While my opening remarks, Mr. Chairman, relate to AIDA, I also have concerns about the CPPA. I would be glad to answer any questions you may have about AIDA or the CPPA.
Thank you again for the opportunity to appear.