Key Idea 10 - people should [REDACTED] privacy [REDACTED] consent to [REDACTED] AI

Hopefully I can get away with a bit of humor in the heading of today's article, but make no mistake: I will (in some small way) address a very serious topic this week.

Before we go any further, some important disclaimers:

• I am in no way qualified to give anything resembling Legal advice, or Legal opinion
• The material that appears in this article represents my unqualified, personal opinion
• All opinions presented in this article are mine, and mine alone - they do not reflect the opinion of any of my employers, or anyone with whom I've had interactions
• I offer the opinions here only with the ambition of piquing the interest among readers on certain topics - my actual recommendation is for you to seek out information on your own, form your own opinions thereafter, and/or seek professional opinions or guidance wherever relevant or necessary

The key word in that last point is ambition because, finally, I am also perfectly aware that I might even fail at piquing your interest.

With all that out of the way, I must admit that I struggle to even articulate the idea I'd like to convey.

I think it has something to do with highlighting that people should have agency, or control, over how AI (more generally, technology that can run at scale) is used to identify and authenticate them. For instance, as when voice authentication technology is applied to audio recordings.

Today's key idea is mainly a call for people to think about their rights when it comes to their privacy, and how AI technologies may be used upon their person

Probably we should be asking the individuals themselves (i.e. obtaining their consent) if we can do this (this = voice authentication, Face ID, cookies, etc), and be clear when this is happening, and for what reason(s).

But there are serious concerns around using technology, invasively, at scale. Especially when it begins to encroach on individuals' privacy and consequently, their freedom.

On one extreme we slide down that slippery slope all the way to an Orwellian surveillance state. But I think it's also an opposite extreme if we can never be sure of who we're dealing with? At some point, in some situations, we as a society have legitimate cause to be able to confidently identify and authenticate individuals.

Think of crossing a border with your passport. Or if you need to apply for a large loan/mortgage. There are surely countless scenarios you can think of: in the event of sensitive circumstances or transactions, there arises a need to establish trust among individuals within our society.

I spent the past two months or so sharing what I considered to be important ideas on deepfakes, through the prism of voice authentication technology. While I and several of my colleagues tried to offer real world context around these technologies, the focus has still mainly been a technological one.

We argued in this series that, given the rise of deepfake voices that are indistinguishable from real voices, to the human ear, it was an opportunity to talk about the tools that are available to us today to protect us from the harms of said deepfakes.

So if we've done a good job of convincing you of the merits of voice authentication technology, I thought it appropriate to pause and highlight the need for your permission to be granted for the use of such technology.

Unfortunately, the bad guys will not ask for your permission to clone your voice when they try to use it to break into your bank account, or defraud your coworkers or family members.

Be that as it may, there are rules on the use of people's personal data, especially when it begins to enter the realm of biometric data, and those rules are there for good reason.

People should have agency, or control, to approve the use of technologies that can be invasive in terms of privacy

My personal hope for this series was to share useful information on the benefits of a technology such as voice authentication and the accompanying spoofing countermeasures (aka deepfake detection). I do think that if we are genuinely worried about the threat of audio deepfakes, then these tools have become more important than ever before.

But it's for you to decide.

Some resources

The same disclaimers I listed above apply here. This is an informal collection of resources to maybe get you started on the topic of privacy. It is by no means complete or comprehensive, and heck, this may not even be a great list. But we try.

Of course I am not affiliated with any of the below institutions or individuals in any manner, and they've probably never heard of me.

• The laws around privacy, personal data, in the information age are many and vary tremendously across geographic regions. Even in the United States, different states will have different laws around such things. When there are robust laws in place, some of the common things they will mandate are transparency towards the person over how their data will be used, and that the person consents to such use (often on a per-interaction basis). Of course, there's much more to it...
• Illinois has the Biometric Information Processing Act (BIPA), which is famously restrictive - Biometric Information Privacy Act (BIPA) | ACLU of Illinois
• California has something called Bill SB-1189 Bill Text - SB-1189 Biometric information.
• Texas seems to have statutes related to biometrics BUSINESS AND COMMERCE CODE CHAPTER 503. BIOMETRIC IDENTIFIERS
• The European Union has the General Data Protection Regulation (GDPR) – Legal Text

Finally, for perhaps lighter but nonetheless insightful and engaging reading I highly recommend the book Your Face Belongs to Us by New York Times journalist Kashmir Hill . Author Hill takes us through, yep, an Orwellian odyssey about a largescale facial recognition system that is still in use today, and asks the question on whether its use has always been fair/just/legitimate/not-creepy. The book was published just last year, I believe, so it is super current.