Local Government Generative AI Policy Tips

Current laws and regulations also contribute to ensuring data privacy and security in governments that leverage AI. Governments have since realized the need to protect sensitive information through the implementation of various measures. International cooperation also contributes to resolving global challenges that are related to data privacy and security in the context of an AI-driven government. Countries need to collaborate to ensure common standards and best practices that protect citizens’ data across different user spaces.

A secure cloud fabric can also help government agencies to optimize their data management practices by enabling them to easily move data between different cloud environments, regardless of whether they are hosted on public or private clouds. This can help agencies to take advantage of the unique capabilities of different cloud providers, while still maintaining a unified view of their data. With these capabilities, they are able to create massive data lakes and ingest data sources from many different sources.

Outsourced & Automated: How AI Companies Have Taken Over Government Decision-Making

A fourth major attack surface is the rapid artificial intelligence-fication of traditionally human-based tasks. Although some of these applications are within apps and services where attacks would not have serious societal consequences, attacks on other applications could prove very dangerous. Self-driving vehicles and trucks rely heavily on AI to drive safely, and attacks could expose millions to danger on a daily basis. Automated identity screening and customs kiosks at airports that are built and operated by private companies also rely on AI, and attacks could jeopardize the safety of the skies and national borders. If this data is hacked or compromised, every application developed using this data would be potentially compromised.

(i)  The initial means, instructions, and guidance issued pursuant to subsections 10.1(a)-(h) of this section shall not apply to AI when it is used as a component of a national security system, which shall be addressed by the proposed National Security Memorandum described in subsection 4.8 of this order. (iv)   take such steps as are necessary and appropriate, consistent with applicable law, to support and advance the near-term actions and long-term strategy identified through the RFI process, including issuing new or updated guidance or RFIs or consulting other agencies or the Federal Privacy Council. (G)  identification of uses of AI to promote workplace efficiency and satisfaction in the health and human services sector, including reducing administrative burdens. (ii)   After principles and best practices are developed pursuant to subsection (b)(i) of this section, the heads of agencies shall consider, in consultation with the Secretary of Labor, encouraging the adoption of these guidelines in their programs to the extent appropriate for each program and consistent with applicable law.

Using AI and Generative AI for cloud-based modernization of federal agencies

OCR data entry tools can process large document dumps in minutes, which would otherwise take hours to complete with legacy systems. For example, Georgia Government Transparency and Campaign Finance Commission successfully digitized campaign finance disclosure forms via OCR. We will also discuss some challenges and setbacks critical to deploying AI in government. In this technology-intensive world, individuals, businesses, and governments use  Artificial Intelligence (AI) to automate their workflows and minimize redundant tasks.

We co-build the future of collaboration with over 4,000 open source project contributors who’ve provided over 30,000 code improvements towards our shared product vision, which is translated into 20 languages. In addition, to strengthen cybersecurity, the EO directs that within 180 days, the Secretary of Defense and Homeland Security develop plans and conduct pilot projects deploying AI capabilities to identify and fix vulnerabilities in the US government systems. Reports on results and lessons learned are required to be submitted to the US President within 270 days. However, it also has requirements that extend towards US Government contractors who work with these agencies and departments. Released on October 30th, 2023, the EO provides extensive directives that set the course for the federal government’s efforts to regulate the development and use of Artificial Intelligence in the US. Generative AI is impactful; it’s changing how the average office worker synthesizes information and creates content, and it’s not going away anytime soon, which means, local governments, just like their private sector counterparts, need policies and procedures for its safe, responsible and efficacious adoption.

IBM’s continued commitment to offer innovative security solutions that can help clients face contemporary challenges is the foundation for our recent progress. This includes the recent expansion of the IBM Cloud Security and Compliance Center—a suite of modernized cloud security and compliance solutions—to help enterprises mitigate risk and protect data across their hybrid, multicloud environments and workloads. The new IBM Cloud Security and Compliance Center Data Security Broker solution provides a transparent layer of data encryption with format preserving encryption and anonymization technology to protect sensitive data used in business applications and AI workloads. However, in certain cases, it will be necessary to intervene earlier in the AI value chain, at the stages where decisions are made to develop and deploy highly capable systems. To tackle AI-generated misinformation, model outputs should include watermarks, ensuring citizens can determine when they are presented with AI-generated content. To reduce the chance of bioterrorism attacks, access that could identify novel pathogens may need to be restricted to vetted researchers.

• The rapid evolution in AI technology has led to a huge boom in business opportunities and new jobs — early reports suggest AI could contribute nearly $16 trillion to the global economy by 2030.
• The DoD has already stated that the foundation for its AI efforts “includes shared data, reusable tools, frameworks, libraries, and standards…”39  The initial DoD AI applications, which focus on extracting information from aerial images and video, illustrate why sharing datasets is attractive.
• (e)  To improve transparency for agencies’ use of AI, the Director of OMB shall, on an annual basis, issue instructions to agencies for the collection, reporting, and publication of agency AI use cases, pursuant to section 7225(a) of the Advancing American AI Act.
• At the same time, irresponsible use could exacerbate societal harms such as fraud, discrimination, bias, and disinformation; displace and disempower workers; stifle competition; and pose risks to national security.
• (ii)  facilitate continued availability of visa appointments in sufficient volume for applicants with expertise in AI or other critical and emerging technologies.

To name a few common cases, data points may be mislabeled, corrupted, or inherently flawed. They may arise through completely natural processes such as human error and sensor failure. Because datasets can contain millions of data points, it is easy to overlook mistakes that exist in the dataset that may affect downstream AI systems and leave them open to attack.

U.S. Department of State

It would be unwise to assume that the private companies are taking, or are even capable of taking, the necessary steps to mitigate AI security vulnerabilities. Further, each law enforcement organization alone will probably not have enough market power to demand stringent security protections, while the military does. Military applications of AI are expected to be a critical component of the next major war. The U.S. Department of Defense has recently made the integration of artificial intelligence and machine learning into the military a high priority with its creation of the Joint Artificial Intelligence Center (JAIC). Although the adoption of AI by federal government is growing—a February 2020 report found that nearly half of the 142 federal agencies studied had “experimented with AI and related machine learning tools”—many of the AI tools procured by government agencies have proven to be deeply flawed.

It is unclear exactly how much data is collected each year, but in a recent interview with Government Technology Insider, Scott Anderson, Federal Solutions Architect, Verizon Business Group, said the federal government can easily collect a petabyte of data within three days. While this data can be incredibly valuable for making informed decisions and protecting national security, it also presents significant challenges in terms of management and protection against cyberattacks. The Secretary shall undertake this work using existing solutions where possible, and shall develop these tools and AI testbeds to be capable of assessing near-term extrapolations of AI systems’ capabilities. At a minimum, the Secretary shall develop tools to evaluate AI capabilities to generate outputs that may represent nuclear, nonproliferation, biological, chemical, critical infrastructure, and energy-security threats or hazards. The Secretary shall do this work solely for the purposes of guarding against these threats, and shall also develop model guardrails that reduce such risks.

To reduce risk, models may need to be intentionally developed so as to lack certain dangerous capabilities—for example, by removing certain data from the training data—and to be sufficiently controllable. For the riskiest systems—such as those that could cause catastrophic damage if misused—we might need a “safety case” regime, where companies make an affirmative case to a regulator that these systems do not pose unacceptable risks to society. Much like in other safety-critical industries, such as pharmaceuticals, aviation, and nuclear power, it should be the companies’ responsibility to prove their products are safe enough, for example, via a broad range of safety evaluations. The role of regulators should be to probe the evidence presented to them and determine what risks are acceptable. Flipping the script—disallowing only those models that have been proved unsafe by the regulator—appears inappropriate, as the risks are high and industry has far more technical expertise than the regulator.

• However, starting small, focusing on citizen needs, and communicating benefits and limitations clearly can help agencies overcome barriers.
• Stakeholders must determine how AI attacks are likely to be used against their AI system, and then craft response plans for mitigating their effect.
• We recently introduced the IBM Connected Trade Platform, designed to power the digitization of trade and supply chain financing and help organizations to transition from a fragmented to a data-driven supply chain.
• The committees shall include the Advanced Aviation Advisory Committee, the Transforming Transportation Advisory Committee, and the Intelligent Transportation Systems Program Advisory Committee.

7 Eykholt, Kevin, et al. “Robust physical-world attacks on deep learning visual classification.” Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1 Eykholt, Kevin, et al. “Robust physical-world attacks on deep learning visual classification.” Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. Given the reality of how data is shared and repurposed, shared dependencies—and therefore vulnerabilities—among systems will be widespread for better or worse.

As a result, if this application was deemed easy to attack, an AI system may not be well suited to this particular application. Compliance programs will accomplish these goals by encouraging stakeholders to adopt a set of best practices in securing their systems and making them more robust against AI attacks. These best practices manage the entire lifecycle of AI systems in the face of AI attacks. In the planning stage, they will force stakeholders to consider attack risks and surfaces when planning and deploying AI systems. In the implementation stage, they will encourage adoption of IT-reforms that will make attacks more difficult to execute. In the mitigation stage for addressing attacks that will inevitably occur, they will require the deployment of previously created attack response plans.

Read more about Secure and Compliant AI for Governments here.