Skip to content

Latest commit

 

History

History
266 lines (140 loc) · 30.4 KB

tuesday.md

File metadata and controls

266 lines (140 loc) · 30.4 KB
Raw

Data for Policy 2019 - Tuesday, 11 June 2019

11:15 – 12:15 Parallel Session 1

Session 1b (G01): Ethics Chair: Quentin Palfrey (@qpalfrey), Harvard University, US (@futureofprivacy)

[34] "Empowering People with Informed Consent"; Anirban Basu - University of Sussex, UK, Stephen Marsh - UOIT, Canada, Tessa Darbyshire* - DDB Remedy, UK, Natasha Dwyer - Victoria University, Australia, and Hector Miller-Bakewell - University of Oxford, UK.

  • Nobody in London has ever read the term and conditions. Privacy policies are often inaccessibly complex, hardly ever read and then rarely understood by most users. Can you consider this consent?

  • How informed is a user when they agree to a privacy policy? Come on, we did gave you a privacy policy...

  • This work seeks to develop tools that empowers users to grant true informed consent

  • Stakeholders: legislators and researchers, service providers, users. Making this usable is very difficult.

  • MozFest findings (open source community) - biased due to their prior knowledge. Enforcement from a trusted third party, empowering users to make their own decisions. Users are super lazy, if it adds extra time to our day, we don't care. But there is a lot of things people care about when they look these agreements closely. They find agreements excessive, vague and exclusive. Comapnies don't know they are making some of its customers feel this way.

  • Challenge for organizsations. Crystal clear from legal perspective to something that is not only leagl but means something to participants.

  • New Trust model: Transparency, inclusion, dialogue. the last part is the hardest.

  • Opportunities. public commitement to privacy, opportunities for incluison, use plain English, challenge the business internally to work more with the open source community, make privacy feel like an interaction.

  • Tools from open sources. Usableprivacy.org. terms of service didn't read. many others. Trusted third party: ToS / stickers, automatic tagging using machine learning.

  • Ploisis a viz tool to understanding this.

  • Parsing and summarizing. privacy policies is specialised and not understandable. Wilson annotation scheme.

  • Process: replacing a set of docs you dont understand by a number you dont understand doesnt help.

  • Future: Which third parties count as trusted third parties? how granular should trust cues be? (pass or fail?, ribbon diagrams), which users want to be more informed and which consumers want to ignore this info and trust no questions asked?

[76] "Automate with caution"; Fabrizio Scrollini (@fscrollini) - ILDA, Uruguay (@idatosabiertos).

  • People in the Global South have stuff to say too <- Fabrizio's bias/COI

  • AI in the public realm looks like a rich market with a lot of options. Definitions of what AI means are not clear, less for the lay man/woman in LatAm. The same happenned with Open Data

  • AI: what's in a word. A simple way to consider it a constellation of methods incluidng ML, NLP, perception and reasoning. In a nutshell, some kind of automation.

  • AI in practice: automation of processess, chatbots in public services, detection of salient behaviours (eg fraud), mapping territory, prediction of population behaviour in disasters or events

  • What do we mean by bad practice? We are starting to see the people behind the algorithms. It may not be even sofisticated algos. Many times AI programmers are people with low wages. We've seen some AI failure cases already (e.g., cutting healthcare)

  • What's so special about the public sector? It has to be accountable, follow the law, abide by human rights and legal principles. The public sector must be able to explain its decisions. Official info has legal consequences on individuals. It's not just online advertising... risks are a lot higher.

  • Examples in the field: Montevideo's example for predicting crime. They started using an algo developed in the US and ended the agreement with the US company because they couldn't audit the algo. They developed their own algo in Uruguay for this.

  • Fail case in Argentina: Salta's case for predicting teen pregnancy. Identifying mostly poor women. A failure at a lot of levels. The experiment was dismissed thanks to the public buzz and open discussion about it.

  • Success case in Argentina: Dymaxion Labs to identify the use of the territory using satellite images.

  • Five dimensions must be addressed in the public sector in Latin America: need, infrastructure, ethical and regulatory framework, accountability, and evaluation. We need to discuss about all of this. We shouldn't be experimenting with humans without these rules being developped yet.

  • Map showing that the Global South is mainly not exactly ready to move this forward. A lot of discussion must happen.

  • With low resources, we must prioritize. There is a human right framework that is fairly good in the region, but not applied all the time.

  • If we are to automate with caution. we must think and discuss all these dimensions very well. Only three countries have some initiative like this in the region for now

  • A couple of session questions: you do all this work and then what? Tessa: trying to work with the companies so they don't work against their customers. Fabrizio: There are some international fora. Connecting the policy makers with higher up politicians. "watch dogs" can also be a solution to this.

13:30 – 14:30 Keynote Lecture 1 "Ethics of AI and Autonomous Decision Making" – supported by UCL Digital Ethics Forum Christoph Luetge (@chluetge), Technical University of Munich, Germany Chair: C. Leigh Anderson, University of Washington (@UW)

  • Opportunities of AI: 1) telemedicine. Rural depopulation and hence rural services. uneven distribution of physicinas, 2) Care robots: major problem of ageing society. shortage on qualified healthcare personnel. Solution robots specifically designed for care tasks. Even more humanes? studies show that it is more humane to have robots assisting people in daily routine. it's better to have human beings intearcting in other ways. 3) AI / big data. improved decisions based on more and better info. oslo reduced street lighting energy consumption by 62% using big data. predictive crime mapping 4) IoT: optimazation of physical end for comfort and productivity. reduction of costs, time gain. improved decision making 5) Smart grid: major problem, globally increasing energy demand. 6) autonomous driving: ethical problem of cars: high fatality rates. 90/95% of car accidents caused by humann error. autnonomous cars as solution to reduce car accidents. in germany this would mean ultimately saving around 3000 lives /year

  • More examples of opportunities of AI from health care sector. paradigm shift in healthcare, through increasing availability of data and fast advancement of analytics techniques. ai applications in cardiology for early detection, teratment and outcome prediction. Cancer: identify precancerous stages. NCI, 2019 AI better at identifying precancer than human expert reviewer. Reproductive health education: chatbot in Pakistan for women to ask questions regarding reproductive health. a means to address a taboo subject and empower women in Pakistan. has helped in emergency cases to get medical attention

  • Challenges of AI: 1) technical challenges. dependence on the accuracy, danger of technical errors. Loss of people's autonomous decisions. increased vulnerability against cyber attacks, danger of cyber wars. privacy and danger of data misuse. Digital literacy / education in digital literacy often lacking. it varies from country to country. Lack of digital literacy is a problem in Germany.

  • More challenges of AI: Fakes and manipulations. deepfakes / software to generate or edit video material creating a fake video of a politician speech. DeepMasterPrints, generate fake finger prints to unlock devices. Social media bots. Automated blackmailing, intelligent hacking attacks. Specific examples: twitter blocks accounts that were doing nothing wrong based on algos due to some keywords. it was unlocked the next day, but still. Hiring software used by Amazon 2014-2017: discrimination against women. Airbnb smart pricing algos may widen ethnic gap

  • Social challenges: may devalue human skills. reducing human responsibility, ....

  • Public opinion: 1) what do people think about AI? 41% support in the US, 22% strongly oppose 2) Most prioritized governmental challenges: ai assisted surveillance violating privacy and civil liberties, to spread fake online content, cyber attacks, protection of data privacy. Important challenges for over 50% of raters and for the next 10 years in the US 3) Most trusted stakeholders: university researchers and the US military. Least trusted is Facebook. No orgs for which the average respondent had a fair amount of confidence. Conclusion: We need more trust. (based on data from Zhang and Dafoe, US, 2019)

  • Trustworthy AI. Development, deployment and use should respect fundamental rights and applicable regulation, as well as core principles and values ensuring an ethical purpose. should be technically robust and reliable. foster public's trust in AI, society needs a widely accesible and reliable mechanism of redress for harms inflicted.

  • Initiatives proposing principles on AI (OECD adopted these in May 2019). AI should be fair, transparent and accountable. IEEE Ethically aligned design. General principles: human rights, well being, data agency, effectiveneess, transparency, acountabilty, awareness of misuse, competence. Ethics certification program for autonomous and intelligent systems (ECPAIS).

  • Usual point when you get to this point of the discussion is: "But of course China will take over and then any ethics and agreements are off the table" FALSE. There are regulations about rights in China as of 2019. Cybersecutrity Law, consumer rights protection act, 9th ammendment of criminal law. Privacy is not a concept in China. Decisions by National people's congress. No unified frameork yet. The concepts are in the agenda and evolving as generations evolve (some decades ago it was common that parents read their children mail, today reading children email is not well viewed anymore).

  • Further examples. UK digital competition expert panel. San Francisco Board of Supervisors ban of facial recognition by police. France + Canada Panel on AI

  • GDPR. Right to the protection of personal data is not an absolute right. right to data portability allowing people to freely trade their data. World wide this varies, Europe could learn from each other.

  • AI4People European initiative will release a paper in a month with ethics principles. Beneficence, non/maleficence, autonomy, justice, explicability - no new principles, but very important. AI4People has a human-centered approach.

  • Technical methods to implement the core principles for AI. documenting decisons, explanation, traceability and auditability. Non tehcnical methods> regulation, standardization, accountability governance, codes of conduct, education and awareness, etc

  • Second European approach: First Ethics committee for autonomous driving. Germany. The liability when the car drives alone is for the company that manufactures the car and runs the algos. In the event of unavoidable accident situations, any distinction based on personal features is strictly prohibited. It is also prohibitd to offset victims against one another. General programming to reduce the number of personal injuries may be justifiable. Those parties involved in the generation of mobility risks must not sacrifice non-involved parties. Rule 9

  • The autonomous driving example has some lessons to teach us. Autonomous driving rules need to get standardized across countries.

  • A business ethics and regulation perspective. How ethics and regulation fit into a competitive market for AI? Conditions of competiions: sufficient among tech companies? direct competition? mobile devices, hunt of user data. Indirect: google vs microsoft and ibm in the run for bigdata analysis. alternatives to amazon. is there real competition there?

  • Other examples of discussions of ethics in business: 1) Uber/Lyft. Differing perceptions in parts of Europe and other regions. Public discussion often uses ethical arguments (working conditions, wage level, tax evacion of drivers) - is it just cab drivers lobbying against uber and lyft? 2) Releasing an autonomous car before competitiros even if driving software has not been adequately tested. Bending data protection rules in order to gather more data than competitors. Being sloppy with data security in order to get an advantage.

  • Creating shared value (Porter and Kramer 2011) this is sometimes better than regulation. having policies and operating practices that enhance the competitiveness of a company while advancing the economic and social conditions at the same times within the community where it operates.

  • Doing good by doing well. Long/term calculations needed. consider systematically the interests of others who may be relevant for the company's future. reputation and penalty reduction through risk management through early warning.

  • actively taking on ethical responsibilty without changes in law has become both a necessity and an advantage in competition for many companies in raising profits, in innovation capability, in better risk management. several references.

  • Jean Tirole Nobel Prize 2014 on digital markets and regulation. We neeed a participative antitrust in which the industry or other parties propose possible regulation, and the antitrust authorities respond to it (Tirole 2018).

  • Political and scientific initiatives: expert groups IEEE, AI HLEG, AI4People

  • Trust in AI is key. more research, more data to assess algos impact, rethink the human/machine collaboration instead of AI replacing humans, guidelines and frameworks for ethical AI. Tools for companines to follow ethical frameworks and establish trust. Focus on meeting societal acceptance.

  • Q: how all of this gets to government? A: well, we still have to have that convo. we've been working on it a lot, but we have to keep working on it and have a lot of conversations still for this to get to government

  • A: There is a lot of nuance that goes into privacy and the use of data. It is not the same that the gob uses, for example, it is not the same to use Alexa's data for a service than to use its data to solve a crime. We may get to Alexa data to solve the crime, but not otherwise. We need to be more creative and think hard about nuances.

  • Q: What are your thought about algo transparency and the interplay with intellectual property? A: Transparency is the wrong concept. Making the code transparent may not help. Most expert groups say that we need to get to something like explicability instead of transparency. Transparency does not achieve much. We would need to understand why the algo came up with a given decision, and that usually cant be done just with the code. Explicability (to be defined) is a better concept than transparency.

14:35 – 15:35 Parallel Session 2

Session 2d (MQ 101): Data-Driven Policy Chair: Jack Tindale (@JackTindale), Policy Connect (@Policy_Connect)

"Policy Priority Inference: A Computational Approach for the Discovery, Evaluation and Prescription of Development Strategies"; Omar Guerrero* (@guerrero_oa) - UCL & The Alan Turing Institute, UK (@turinginst), and Gonzalo Castañeda - CIDE, Mexico.

  • How to reach the sustainable development goals? how do you prioritize your resources? Tool for the govs to reach certain indicators. How do we do it? it can be very complex.

  • Mental model behind the tool. Policy prioritisation. Gob wants to ameliorate education so outcomes improve, but you can also have plain corruption. It's never 1 to 1. There are inputs (resources) and outcomes. we will focus only on outcomes, not enough data for the inputs yet. But of course there are interactions of education (ed) with health and infrastructre as transportation. So the Ed can improve due to public policies which obscure the one policy we want to study in Ed. and the network of confounders is huge.

  • Tool, agent-driven. time series. with development indicators (country specific), network (socioecon context), development goals (multidim targets) <- inputs.

  • Example. Retrospective policy priorities + Prospective policy priorities - Casta#eda, chavez and guerrero 2018. Priorities change if you want to imitate other countries, well... context matter - the paper shows how.

  • quantifying policy coherence. are gov policy priorites coherent with its goals? Index: -1 inchoerent to 1 coherent. Guerrero & Casta#eda 2018, the index for Mexico looks incoherent, but has success cases. The index works in the real world.

  • More about this work in here

Session 2b (G01): Sustainability 1 Chair: Derek Wyatt, UK

[43] "Using data for risk management policy – introducing the data-oriented approach into policy-making in Japan on food safety, drug safety, earthquake disaster prevention, and climate change"; Yasushi Sato* - Niigata University, Keiko Matsuo - Japan Science and Technology Agency, and Noel Kikuchi - National Graduate Institute for Policy Studies.

  • Scientific advice was important.

  • Why data-oriented approach under utilized in risk management policy making?

  • working models: data-oriented approach vs mechanism-oriented approach. There is not a dichotomy but they are different.

  • Examples from other fields of data-oriented approaches. Food safety QSAR quantitative structure activity relationsips. Drug safety, real world data and pharmacometrics. Earthquake, statistical sismology and various geological data. Climate change: mechanism-oriented and data-oriented approaches are effectively used in complementary ways obtaining local scale climate from global models and local policy making.

  • Data availability and model dependability (and challenges) different depending on each field. Regulation of vital risks such as drug safety and food safety is high in imperative for certitude and sensitiviy for litigation and high for the data availability and model dependability. Climate change and earthquake, responses to chronic risks, are both low in these dimensions.

  • More interdisciplinary is being observed in the data-oriented approach in climate change.

  • Conclusions. each policy field can learn from other fileds in endeavoring to incorporate the data-oriented approach into risk management policy- making. In the field of climate change, the data oriented and mech oriented approaches have been integrated in relatively matured ways. as the data oriented approach is incorporated into the process of policy making, mechanisms for collaboration among diverse types of scientists and policy makers as well as communication with the public, is needed.

  • the distinction between data-oriented approach and model-oriented approach is not always clear cut.

  • how do we implement these science-based knowledge into action for climate change? adaptation has been important for climate change in the last 15 years. In Japan, this is true in the last few years, mostly in the last year. To implement the policies trust and downscaling the info to local places from trusted sources. How do you enforce mitigation, though?

[122] "WHO’s transformation changing generation and use of health data to drive impact of policy actions"; Doo Hee You*, Tina Purnat and Samira Asma - World Health Organization, Switzerland (@WHO).

  • Data analytics and delivery for impact: What has been done by WHO in the flow of the data process to make the max impact on policy making actions:
  1. what has been done by UN and WHO general programme of work. #globalgoals SDGs and health related goals have put a demand on production of reliable health data, much of which WHO is a custodian of. 17 indicators, poverty hunger, health quality of education, gender equality, jobs, etc. For the countries to informs their policy making with best evidence, they neeed stronger and coordinated info systems for health. see UN and SDG website. WHO looks into de public health data.

  • WHO director general 2019-2023 goal is to ensure: a billion more people have universal health coverage. a billion more people are protected from health emergencies and a further billion are living with better health and wellbeing.

  • 46 targets and indicators including all meta data and data collected in the WHO website. those targets will be used to calculate the advance towards the goals. overarching goal, measured by healthy life expectancy (HALE). all of this globally.

  • Why WHO reforms? to empower member states and catalyze change so that data and health info are used systematically and effectively to set measurable goals, drive continuous helath improvement and impact policy and program change. Process: regional consultations, online consultation and mission briefings. Feedback: reduce reporting burden on countries, disaggregate data to report on inequalities (to better target interventions), support country capacity and sustainable systems

  • WHO is filling data gaps (provide tools for surveys, health info systems), modernizing data flow and delivering for impact.

  • Some high income countries such as Canada or Australia, Western Europe are not reporting data because likely the statistics reported are not a problem for them. The local under report keeps the whole approach to have global figures. likely they are autosufficient. on the other hand there are countries that the capacity is not available. WHO is trying to address both ends of the spectrum.

  • Modernize data flow. until now it is done through email with excel or a link when the data is very big. the workflow right now is old and has a lot of room for improvement.

  • Delivery for impact. Innovative concept and commitment. Frequent follow up and evaluation for country policy dialogue partnering. Developing an innovative process the way it uses data in its work and governance. it is the first UN agency and one of the oldest that tries such a major comprehensive change.

  • Future. There's a need for better operation and health data utilization. WHO seeks to achieve impact in countries, bringing the work of WHO closer to the country's stats office. being more agile in response to change. satisfy member states demand on higher transparency of WHO's work and actions such as sharing the code.

  • Do you have suggestions about this process? write to [email protected]

  • Q: What incentives are you giving to self suficient countries? A: This is a very difficult problem

16:00 – 17:00 Parallel Session 3 Session 3c (G02): Data Practices, Lessons and Challenges Chair: Bilal Gokpinar, University College London

[24] "Managing Personalization-Privacy Paradox of Digital Services: A Systematic Literature Review"; Ming-Wei Hsu*, Glenn Parry, Alex Kharlamov - University of the West England, UK.

  • tensions arise when using data for personalisation. privacy, control over access to personal info. privacy paradox, people say they are concerned about privacy but, in practice, they share all of their data for free. personalisation -> better customer experience.

  • how do we find balance in the personalisation/privacy pardox? firms need personal info to provide personalised services, consumers express that they have privacy concerns, in seeking to create a personalised service to gain customers, firms may lose customers

  • Systematic literature review to approach this paradox based on 45 papers. See paper submitted to DAta for Policy, uploaded in Zenodo, for details on methods and detailes description of findings.

Session 3a (JBR): Privacy 1 Chair: Anil Bharath, Imperial College London (@imperialcollege)

"Data protection issues in cross-border interoperability of EHRs systems withing the European Union"; Giorgia Bincoletto (@GiorgiaBinco) - University of Bologna and University of Luxembourg, Italy (@uni_lu_FDEF & @unibomagazine).

  • EHR = electronic health record.

  1. policy context. EU 2011 directive: patients rights in cross border healthcare. EU policies for the digital single market goes to the transformation of health and care policy. areas of action: enabling EU citizens to access and share their health data securely across member states. barrier: lack of interoperability.

  2. cross-border interoperability of ehr systems. what is it? hability of a system A and a system B to communicate and share info wo any effort for all generated data (eg clinical data, med history, patient details, labs, prescriptions). it implies many levels: technical, semantic, organizational and legal levels. urgent need of open exchange formats and harmonised standrds on health data quality, data reliability, privacy and security.

  3. new recs of the EU commission released feb 2019. European electronic health record exchange format. principles for access and the exchange, set of technical specs and process and best practices. high importance to privacy and data protection concerns, for instance principles of data protection and confidentiality and a citizen-centric approach by design. The evolution of this is in private hands of those that develp EHR systems

  4. data protection concerns and obligations. huge amount of data and multiple processing. special category of data, health data. various data protection principles and rights. organisational level concerns and obligations: different data controllers and processors, legal grounds and explicit consent, info to the patient, the purpose limitation of the further processing, time accuracy principle, documentation and accountabiliity. technical level: data minimisation adn pseudonymisation, time limitations to the storage, the access mechanisms, the security tools and standars, data protection by design and by default

  5. The progress to achieve interoperability stays with each state, but it is a priority in the dev of the national and regional EHR. EHR systems should be designed ex ante to ensure complicance with data protection rules.

[85] "Towards Citizens’ Control Over Data? Exploring Contradictory Trends in the Emerging Regulatory Environment of Personal Data"; Arne Hintz (@arne_hz) - Cardiff University, UK (@cardiffuni).

  • Broad strokes of policy trends from Data Justice Lab, exploring social justice in an age of datafication.

  • Policy frameworks for digital platforms moving from openness to inclusion. The explotation use of data has gone too far (eg cambridge analytica), personal data should be respected and used appropriately.

  • Data policies project. investigates trends in policy change, citizen-oriented policy frameworks, focus on UK and EU: national law and regional regulations like gdpr.

  • Methods. document analysis: review of academic lit, stakeholder statements, interviews with stakeholders (ie, government, business, and civil society)

  • People's control over data? user empowerment: information rights (like right to explanation), access rights and data portability, consent requirements. Protections and restrictions of explotation of peoples data: purpose limitation, restrictions to profiling and automated decision making. data collection: data retention, communications interception, internet connection records, age verification, data sharing... all are expanding.

  • On one hand we must increase control and user empowermentt vs increase in institutional data collection and sharing. This is not only happenning in the EU, this is also happenning in Australia, for instance.

  • components of citizen-oriented data policy. Regulate data collection vs regulate uses: restricting collection remains crucial. User empowerment vs legal restrictions. fully informed user is unrealistic scenario, cant be core of data policy as research has repeatedly shown (eg consent fallacy, consent is disempowering rather than empowering - digital resignation). Types of data regulated: inferred vs derived data. focus on personal data is not enough. inferred data will be increasingly the focus of data policy. Individual vs collective data: models for collective data control.

  • towards democratic auditing: civic particpation in the scoring society. current research is just starting. will talk about it next year.

[98] “The role of technology in governance: the example of Privacy Enhancing Technologies”; Natasha McCarthy* (@ntshmccrthy) and Franck Fourniol - The Royal Society, UK (@RoyalSociety).

  • based a reports published recently that are available in the Roya Society's webpage.

  • tensions: benefits and risks in data use. 4 tensions: making use of data vs respecting spheres of privacy. providing ways to exercise reasonable control over data vs encouraging data sharing for private and public benefit. incentivising innovative uses of data vs ensuring that such data can be traded and transferred in mutually beneficial ways. promoting and distributing the benefits of data use fairly across society vs ensuring acceptable levels of risk for individuals and communities.

  • Role of PETs in addressing tensions. there was no tech that could address and manage all of these tensions. it's quite context-dependent. many combined may be needed. More in the report. there may be different stages of the process and reasons of why how to manage these tensions. 5 different techs (incomplete, but these are the one reported because they seem most interested coming from different fields like crypto people or stats people, etc).

  • Addressing tension 2: personal data stores, apps that provide individuals with access and control over the data they generate, covered by the first talk in this session (didn't attend, there are no notes of it here).

  • Addressing Tension 1 + 2: homomorphic encryption and trusted execution environments (secure hardware).

  • Addressing Tension 3: secure multi party computation. computing on combined data with no need for a trusted third party nor revealing own private input.

  • Addressing Tension 1 + 4. differential privacy. releasing the output of an analysis without revealing if a specific individual/entity is in the input - math definition of privacy, allows you to reason mathematically on how much privacy you want at different levels.

  • a lot more use cases in the report.

  • Limitations: current technical constraints, and general limits in PETs delivering ethical use of data. There are costs using PETs. different levels of readiness.

  • Enabling appropriate uptake and development of PETs. How far can PETs deliver ethical use of data? This is not the silver bullet. setting a privacy budget is a governance decision. the time and energy costs of PETs encourage extra scrutiny. should we be collecting or using the data at all? Many ethical questions arise beyond privacy risks (eg, is the purpose of data use socially beneficial?, is it fair?, has the data been collect appropriately?)

  • Enabling appropriate uptake and development of PETS. The Royal Society identified three areas. See the report for more.