{"id":67947,"date":"2017-04-25T09:00:31","date_gmt":"2017-04-25T16:00:31","guid":{"rendered":"http:\/\/blogs.microsoft.com\/microsoftsecure\/?p=67947"},"modified":"2023-05-26T14:52:47","modified_gmt":"2023-05-26T21:52:47","slug":"how-future-policy-and-regulations-will-challenge-ai","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/","title":{"rendered":"How future policy and regulations will challenge AI"},"content":{"rendered":"

I recently wrote<\/a> about how radical the incorporation of artificial intelligence (AI) to cybersecurity will be. Technological revolutions are however frequently not as rapid as we think. We tend to see specific moments, from Sputnik in 1957 to the iPhone in 2007, and call them \u201cgame changing\u201d – without appreciating the intervening stages of innovation, implementation and regulation, which ultimately result in that breakthrough moment. What can we therefore expect from this iterative and less eye-catching part of AI\u2019s development, looking not just at the technological progress, but its interaction with national policy-making process?<\/p>\n

I can see two overlapping, but distinct, perspectives. The first relates to the reality that information and communication technology (ICT) and its applications develop faster than laws. In recent years, examples of social media and\/or ride hailing apps have seen this translate into the following regulatory experience:<\/p>\n

    \n
  1. Innovation<\/strong>: R&D processes arrive at one or many practical options for a technology;<\/li>\n
  2. Implementation<\/strong>: These options are applied in the real world, are refined through experience, and begin to spread through major global markets;<\/li>\n
  3. Regulation<\/strong>: Governments intervene to defend the status quo or to respond to new categories of problem, e.g. cross-border data flows;<\/li>\n
  4. Unanticipated consequences<\/strong>: Policy and technology\u2019s interaction inadvertently harms one or both, e.g. the Wassenaar\u2019s impact on cybersecurity R&D.<\/li>\n<\/ol>\n

    AI could follow a similar path. However, unlike e-commerce or the shared economy (but like nanotechnology or genetic engineering) AI actively scares people, so early regulatory interventions are likely. For example, a limited focus on using AI in certain sectors, e.g. defense or pharmaceuticals, might be positioned as more easily managed and controlled than AI\u2019s general application. However, could such a limit really be imposed, particularly in the light of potential for transformative creative leaps that AI seems to promise? I say that would be unlikely – resulting in yet more controls. Leaving aside the fourth stage of unknown unknowns of unanticipated consequences, the third phase, i.e. regulation, would almost inevitably run into trouble of its own by virtue to having to legally define something as unprecedented and mutable as AI. It seems to me, therefore, that even the basic phases of AI\u2019s interaction with regulation could be fraught with problems for innovators, implementers and regulators.<\/p>\n

    The second, more AI-specific perspective is driven by the way its capabilities will emerge, which I feel will break down into three basic stages:<\/p>\n

      \n
    1. Distinction<\/strong>: Creation of smarter sensors;<\/li>\n
    2. Direction<\/strong>: Automation of human-initiated decision-making;<\/li>\n
    3. Delegation<\/strong>: Enablement of entirely independent decision-making.<\/li>\n<\/ol>\n

      Smarter sensors will come in various forms, not least as part of the Internet of Things (IoT), and their aggregated data will have implications for privacy. 20th century \u201cdumb lenses\u201d are already being connected to systems that can pick out number plates or human faces but truly smart sensors could know almost anything about us, from what is in our fridge and on our grocery list, to where we are going and whom we will meet. It is this aggregated, networked aspect of smarter sensors that will be at the core of the first AI challenge for policy-makers. As they become discriminating enough to anticipate what we might do next, e.g. in order to offer us useful information ahead of time, they create an inadvertent panopticon<\/a> that the unscrupulous and actively criminal can exploit.<\/p>\n

      Moving past this challenge, AI will become able to support and enhance human decision-making. Human input will still be essential but it might be as limited as a \u201cgo\/no go\u201d on an AI-generated proposal. From a legal perspective, mens rea<\/a> or scope of liability<\/a> might not be wholly thrown into confusion, as a human decision-maker remains. Narrow applications in certain highly technical areas, e.g. medicine or engineering, might be practical but day-to-day users could be flummoxed if every choice had unreadable but legally essential Terms & Conditions. The policy-making response may be to use tort\/liability law, obligatory insurance for AI providers\/users, or new risk management systems to hedge the downside of AI-enhanced decision-making without losing the full utility of the technology.<\/p>\n

      Once decision-making is possible without human input, we begin to enter the realm of speculation. \u00a0However, it is important to remember that there are already high-frequency trading<\/a> (HFT) systems in financial markets that operate independent of direct human oversight, following algorithmic instructions. The suggested linkages<\/a> between \u201cflash crash\u201d events and HFT highlight, nonetheless, the problems policy-makers and regulators will face. It may be hard to foresee what even a \u201climited\u201d AI might do in certain circumstances, and the ex-ante legal liability controls mentioned above may seem insufficient to policy-makers should a system get out of control, either in the narrow sense of being out of the control of those people legally responsible for it, or in the general sense of it being out of control of anybody<\/a>.<\/p>\n

      These three stages would suggest significant challenges for policy-makers, with existing legal processes losing their applicability as AI moves further away from direct human responsibility. The law is, however adaptable, and solutions could emerge. In extremis we might, for example, be willing to add to the concept of \u201ccorporate persons\u201d with a concept of \u201cartificial persons\u201d. Would any of us feel safer if we could assign legal liability to the AIs themselves and then sue them as we do corporations and businesses? Maybe.<\/p>\n

      In summary then, the true challenges for AI\u2019s development may not exist solely in the big ticket moments of beating chess masters<\/a> or passing Turing Tests<\/a>. Instead, there will be any number of roadblocks caused by the needs of regulatory and policy processes systems still rooted in the 19th and 20th centuries. And, odd though this may sound from a technologist like me, that delay might be a good thing, given the potential transformative power of AI.<\/p>\n

       <\/p>\n","protected":false},"excerpt":{"rendered":"

      I recently wrote about how radical the incorporation of artificial intelligence (AI) to cybersecurity will be. Technological revolutions are however frequently not as rapid as we think. We tend to see specific moments, from Sputnik in 1957 to the iPhone in 2007, and call them \u201cgame changing\u201d – without appreciating the intervening stages of innovation, […]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3664,3676],"products":[],"threat-intelligence":[],"tags":[3753,3822],"coauthors":[1916],"class_list":["post-67947","post","type-post","status-publish","format-standard","hentry","content-type-news","topic-ai-and-machine-learning","topic-iot-security","tag-cybersecurity-policy","tag-microsoft-security-insights"],"yoast_head":"\nHow future policy and regulations will challenge AI | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How future policy and regulations will challenge AI | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"I recently wrote about how radical the incorporation of artificial intelligence (AI) to cybersecurity will be. Technological revolutions are however frequently not as rapid as we think. We tend to see specific moments, from Sputnik in 1957 to the iPhone in 2007, and call them \u201cgame changing\u201d – without appreciating the intervening stages of innovation, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-25T16:00:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-26T21:52:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Security Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Team\"}],\"headline\":\"How future policy and regulations will challenge AI\",\"datePublished\":\"2017-04-25T16:00:31+00:00\",\"dateModified\":\"2023-05-26T21:52:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\"},\"wordCount\":978,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"keywords\":[\"Cybersecurity policy\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\",\"name\":\"How future policy and regulations will challenge AI | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"datePublished\":\"2017-04-25T16:00:31+00:00\",\"dateModified\":\"2023-05-26T21:52:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How future policy and regulations will challenge AI\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How future policy and regulations will challenge AI | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/","og_locale":"en_US","og_type":"article","og_title":"How future policy and regulations will challenge AI | Microsoft Security Blog","og_description":"I recently wrote about how radical the incorporation of artificial intelligence (AI) to cybersecurity will be. Technological revolutions are however frequently not as rapid as we think. We tend to see specific moments, from Sputnik in 1957 to the iPhone in 2007, and call them \u201cgame changing\u201d – without appreciating the intervening stages of innovation, […]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/","og_site_name":"Microsoft Security Blog","article_published_time":"2017-04-25T16:00:31+00:00","article_modified_time":"2023-05-26T21:52:47+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png","type":"image\/png"}],"author":"Microsoft Security Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Security Team","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/","@type":"Person","@name":"Microsoft Security Team"}],"headline":"How future policy and regulations will challenge AI","datePublished":"2017-04-25T16:00:31+00:00","dateModified":"2023-05-26T21:52:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/"},"wordCount":978,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"keywords":["Cybersecurity policy","Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/","name":"How future policy and regulations will challenge AI | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"datePublished":"2017-04-25T16:00:31+00:00","dateModified":"2023-05-26T21:52:47+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/25\/how-future-policy-and-regulations-will-challenge-ai\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"How future policy and regulations will challenge AI"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/67947"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=67947"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/67947\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=67947"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=67947"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=67947"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=67947"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=67947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=67947"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=67947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}