question,contexts,answer,ground_truth,faithfulness,answer_relevancy,context_recall,context_precision,answer_correctness What is the significance of providing notice and explanation as a legal requirement in the context of automated systems?,"['NOTICE & \nEXPLANATION \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nAn automated system should provide demonstrably clear, timely, understandable, and accessible notice of use, and \nexplanations as to how and why a decision was made or an action was taken by the system. These expectations are explained below. \nProvide clear, timely, understandable, and accessible notice of use and explanations \nGenerally accessible plain language documentation. The entity responsible for using the automated \nsystem should ensure that documentation describing the overall system (including any human components) is \npublic and easy to find. The documentation should describe, in plain language, how the system works and how \nany automated component is used to determine an action or decision. It should also include expectations about \nreporting described throughout this framework, such as the algorithmic impact assessments described as \npart of Algorithmic Discrimination Protections. \nAccount able. Notices should clearly identify the entity r esponsible for designing each component of the \nsystem and the entity using it. \nTimely and up-to-date. Users should receive notice of the use of automated systems in advance of using or \nwhile being impacted by the technolog y. An explanation should be available with the decision itself, or soon \nthereafte r. Notice should be kept up-to-date and people impacted by the system should be notified of use case \nor key functionality changes. \nBrief and clear. Notices and explanations should be assessed, such as by research on users’ experiences, \nincluding user testing, to ensure that the people using or impacted by the automated system are able to easily' 'NOTICE & \nEXPLANATION \nWHY THIS PRINCIPLE IS IMPORTANT\nThis section provides a brief summary of the problems which the principle seeks to address and protect \nagainst, including illustrative examples. \nAutomated systems now determine opportunities, from employment to credit, and directly shape the American \npublic’s experiences, from the courtroom to online classrooms, in ways that profoundly impact people’s lives. But this expansive impact is not always visible. An applicant might not know whether a person rejected their resume or a hiring algorithm moved them to the bottom of the list. A defendant in the courtroom might not know if a judge deny\n-\ning their bail is informed by an automated system that labeled them “high risk.” From correcting errors to contesting decisions, people are often denied the knowledge they need to address the impact of automated systems on their lives. Notice and explanations also serve an important safety and efficacy purpose, allowing experts to verify the reasonable\n-\nness of a recommendation before enacting it. \nIn order to guard against potential harms, the American public needs to know if an automated system is being used. Clear, brief, and understandable notice is a prerequisite for achieving the other protections in this framework. Like\n-\nwise, the public is often unable to ascertain how or why an automated system has made a decision or contributed to a particular outcome. The decision-making processes of automated systems tend to be opaque, complex, and, therefore, unaccountable, whether by design or by omission. These factors can make explanations both more challenging and more important, and should not be used as a pretext to avoid explaining important decisions to the people impacted by those choices. In the context of automated systems, clear and valid explanations should be recognized as a baseline requirement.' 'or label to ensure the goal of the automated system is appropriately identified and measured. Additionally , \njustification should be documented for each data attribute and source to explain why it is appropriate to use \nthat data to inform the results of the automated system and why such use will not violate any applicable laws. \nIn cases of high-dimensional and/or derived attributes, such justifications can be provided as overall \ndescriptions of the attribute generation process and appropriateness. \n19' 'Meaningful access to examine the system. Designers, developers, and deployers of automated \nsystems should consider limited waivers of confidentiality (including those related to trade secrets) where necessary in order to provide meaningful oversight of systems used in sensitive domains, incorporating mea\n-\nsures to protect intellectual property and trade secrets from unwarranted disclosure as appropriate. This includes (potentially private and protected) meaningful access to source code, documentation, and related data during any associated legal discovery, subject to effective confidentiality or court orders. Such meaning\n-\nful access should include (but is not limited to) adhering to the principle on Notice and Explanation using the highest level of risk so the system is designed with built-in explanations; such systems should use fully-trans\n-\nparent models where the model itself can be understood by people needing to directly examine it. \nDemonstrate access to human alternatives, consideration, and fallback \nReporting. Reporting should include an assessment of timeliness and the extent of additional burden for human alternatives, aggregate statistics about who chooses the human alternative, along with the results of the assessment about brevity, clarity, and accessibility of notice and opt-out instructions. Reporting on the accessibility, timeliness, and effectiveness of human consideration and fallback should be made public at regu\n-' ""Providing notice has long been a standard practice, and in many cases is a legal requirement, when, for example, making a video recording of someone (outside of a law enforcement or national security context). In some cases, such as credit, lenders are required to provide notice and explanation to consumers. Techniques used to automate the process of explaining such systems are under active research and improvement and such explanations can take many forms. Innovative companies and researchers are rising to the challenge and creating and deploying explanatory systems that can help the public better understand decisions that impact them. \nWhile notice and explanation requirements are already in place in some sectors or situations, the American public deserve to know consistently and across sectors if an automated system is being used in a way that impacts their rights, opportunities, or access. This knowledge should provide confidence in how the public is being treated, and trust in the validity and reasonable use of automated systems. \n• A lawyer representing an older client with disabilities who had been cut off from Medicaid-funded home\nhealth-care assistance couldn't determine why\n, especially since the decision went against historical access\npractices. In a court hearing, the lawyer learned from a witness that the state in which the older client\nlived \nhad recently adopted a new algorithm to determine eligibility.83 The lack of a timely explanation made it\nharder \nto understand and contest the decision.\n•\nA formal child welfare investigation is opened against a parent based on an algorithm and without the parent\never \nbeing notified that data was being collected and used as part of an algorithmic child maltreatment\nrisk assessment.84 The lack of notice or an explanation makes it harder for those performing child\nmaltreatment assessments to validate the risk assessment and denies parents knowledge that could help them\ncontest a decision.\n41"" ""find notices and explanations, read them quickl y, and understand and act on them. This includes ensuring that \nnotices and explanations are accessible to users with disabilities and are available in the language(s) and read-\ning level appropriate for the audience. Notices and explanations may need to be available in multiple forms, \n(e.g., on pape r, on a physical sign, or online), in order to meet these expectations and to be accessible to the \nAmerican public. \nProvide explanations as to how and why a decision was made or an action was taken by an \nautomated system \nTailored to the purpose. Explanations should be tailored to the specific purpose for which the user is \nexpected to use the explanation, and should clearly state that purpose. An informational explanation might differ from an explanation provided to allow for the possibility of recourse, an appeal, or one provided in the context of a dispute or contestation process. For the purposes of this framework, 'explanation' should be construed broadly. An explanation need not be a plain-language statement about causality but could consist of any mechanism that allows the recipient to build the necessary understanding and intuitions to achieve the stated purpose. Tailoring should be assessed (e.g., via user experience research). \nTailored to the target of the explanation. Explanations should be targeted to specific audiences and clearly state that audience. An explanation provided to the subject of a decision might differ from one provided to an advocate, or to a domain expert or decision maker. Tailoring should be assessed (e.g., via user experience research). \n43""]","Providing notice and explanation as a legal requirement in the context of automated systems is significant for several reasons: 1. **Transparency**: It ensures that individuals are aware when automated systems are being used to make decisions that affect them. This transparency is crucial for building trust between the public and the entities deploying these systems. 2. **Accountability**: By clearly identifying the entities responsible for the design and use of automated systems, it holds them accountable for the decisions made by these systems. This accountability is essential for addressing any potential harms or errors that may arise from automated decision-making. 3. **Informed Decision-Making**: Notice and explanation allow individuals to understand how and why decisions are made, which is vital for them to contest or appeal those decisions if necessary. For example, if someone is denied a loan or a job, knowing the criteria used by the automated system can help them address any inaccuracies or biases. 4. **Protection of Rights**: Automated systems can significantly impact people's lives, from employment opportunities to legal outcomes. Providing notice and explanations helps protect individuals' rights by ensuring they have the information needed to understand and challenge decisions that may adversely affect them. 5. **Encouraging Fairness**: When individuals are informed about the use of automated systems and the rationale behind decisions, it can help mitigate biases and promote fairness. This is particularly important in sensitive areas like criminal justice, healthcare, and employment. 6. **Facilitating Oversight**: Clear notice and explanations enable oversight bodies, researchers, and the public to scrutinize automated systems, ensuring they operate fairly and effectively. This oversight is crucial for identifying and correcting any issues that may arise. In summary, the legal requirement for notice and explanation in automated systems is essential for ensuring transparency, accountability, and fairness, ultimately protecting individuals' rights and fostering trust in these technologies (Source: [document name], p. [specific page number not provided]).","Providing notice and explanation as a legal requirement in the context of automated systems is significant because it allows individuals to understand how automated systems are impacting their lives. It helps in correcting errors, contesting decisions, and verifying the reasonableness of recommendations before enacting them. Clear and valid explanations are essential to ensure transparency, accountability, and trust in the use of automated systems across various sectors.",1.0,0.9713211543186683,1.0,0.9999999999833333,0.8043532068017147 "How can structured human feedback exercises, such as GAI red-teaming, be beneficial for GAI risk measurement and management?","['29 MS-1.1-006 Implement continuous monitoring of GAI system impacts to identify whether GAI \noutputs are equitable across various sub- populations. Seek active and direct \nfeedback from affected communities via structured feedback mechanisms or red -\nteaming to monitor and improve outputs. Harmful Bias and Homogenization \nMS-1.1-007 Evaluate the quality and integrity of data used in training and the provenance of \nAI-generated content , for example by e mploying techniques like chaos \nengineering and seeking stakeholder feedback. Information Integrity \nMS-1.1-008 Define use cases, contexts of use, capabilities, and negative impacts where \nstructured human feedback exercises, e.g., GAI red- teaming, would be most \nbeneficial for GAI risk measurement and management based on the context of \nuse. Harmful Bias and \nHomogenization ; CBRN \nInformation or Capabilities \nMS-1.1-0 09 Track and document risks or opportunities related to all GAI risks that cannot be \nmeasured quantitatively, including explanations as to why some risks cannot be \nmeasured (e.g., due to technological limitations, resource constraints, or trustworthy considerations). Include unmeasured risks in marginal risks. Information Integrity \nAI Actor Tasks: AI Development, Domain Experts, TEVV \n \nMEASURE 1.3: Internal experts who did not serve as front -line developers for the system and/or independent assessors are \ninvolved in regular assessments and updates. Domain experts, users, AI Actors external to the team that developed or deployed the \nAI system, and affected communities are consulted in support of assessments as necessary per organizational risk tolerance . \nAction ID Suggested Action GAI Risks \nMS-1.3-001 Define relevant groups of interest (e.g., demographic groups, subject matter \nexperts, experience with GAI technology) within the context of use as part of \nplans for gathering structured public feedback. Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN' '51 general public participants. For example, expert AI red- teamers could modify or verify the \nprompts written by general public AI red- teamers. These approaches may also expand coverage \nof the AI risk attack surface. \n• Human / AI: Performed by GAI in combinatio n with specialist or non -specialist human teams. \nGAI- led red -teaming can be more cost effective than human red- teamers alone. Human or GAI-\nled AI red -teaming may be better suited for eliciting different types of harms. \nA.1.6. Content Provenance \nOverview \nGAI technologies can be leveraged for many applications such as content generation and synthetic data. \nSome aspects of GAI output s, such as the production of deepfake content, can challenge our ability to \ndistinguish human- generated content from AI -generated synthetic content. To help manage and mitigate \nthese risks, digital transparency mechanisms like provenance data tracking can trace the origin and \nhistory of content. Provenance data tracking and synthetic content detection can help facilitate greater \ninformation access about both authentic and synthetic content to users, enabling better knowledge of \ntrustworthiness in AI systems. When combined with other organizational accountability mechanisms, \ndigital content transparency approaches can enable processes to trace negative outcomes back to their \nsource, improve information integrity, and uphold public trust. Provenance data tracking and synthetic content detection mechanisms provide information about the origin \nand history of content to assist in \nGAI risk management efforts. \nProvenance metad ata can include information about GAI model developers or creators of GAI content , \ndate/time of creation, location, modifications, and sources. Metadata can be tracked for text, images, videos, audio, and underlying datasets. The implementation of p rovenance data tracking techniques can' '50 Participatory Engagement Methods \nOn an ad hoc or more structured basis, organizations can design and use a variety of channels to engage \nexternal stakeholders in product development or review. Focus groups with select experts can provide \nfeedback on a range of issues. Small user studies c an provide feedback from representative groups or \npopulations. Anonymous surveys can be used to poll or gauge reactions to specific features. Participatory engagement methods are often less structured than field testing or red teaming, and are more \ncommonl y used in early stages of AI or product development. \nField Testing \nField testing involves structured settings to evaluate risks and impacts and to simulate the conditions \nunder which the GAI system will be deployed. Field style tests can be adapted from a focus on user \npreferences and experiences towards AI risks and impacts – both negative and positive. When carried \nout with large groups of users, these tests can provide estimations of the likelihood of risks and impacts \nin real world interactions. \nOrganizations may also collect feedback on outcomes, harms, and user experience directly from users in the production environment after a model has been released, in accordance with human subject \nstandards such as informed consent and compensation. Organiz ations should follow applicable human \nsubjects research requirements, and best practices such as informed consent and subject compensation, \nwhen implementing feedback activities. \nAI Red -teaming \nAI red -teaming is an evolving practice that references exercises often conducted in a controlled \nenvironment and in collaboration with AI developers building AI models to identify potential adverse \nbehavior or outcomes of a GAI model or system, how they could occur, an d stress test safeguards” . AI \nred-teaming can be performed before or after AI models or systems are made available to the broader' 'Bias and Homogenization ; CBRN \nInformation or Capabilities \nMS-1.3-002 Engage in internal and external evaluations , GAI red -teaming, impact \nassessments, or other structured human feedback exercises in consultation \nwith representative AI Actors with expertise and familiarity in the context of \nuse, and/or who are representative of the populations associated with the context of use. Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN \nInformation or Capabilities \nMS-1.3-0 03 Verify those conducting structured human feedback exercises are not directly \ninvolved in system development tasks for the same GAI model. Human -AI Configuration ; Data \nPrivacy \nAI Actor Tasks: AI Deployment, AI Development, AI Impact Assessment, Affected Individuals and Communities, Domain Experts, \nEnd-Users, Operation and Monitoring, TEVV' 'MS-1.1-004 Develop a suite of metrics to evaluate structured public feedback exercises \ninformed by representative AI Actors . Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN \nInformation or Capabilities \nMS-1.1-0 05 Evaluate novel methods and technologies for the measurement of GAI-related \nrisks in cluding in content provenance , offensive cy ber, and CBRN , while \nmaintaining the models’ ability to produce valid, reliable, and factually accurate outputs. Information Integrity ; CBRN \nInformation or Capabilities ; \nObscene, Degrading, and/or Abusive Content' 'public; this section focuses on red- teaming in pre -deployment contexts. \nThe quality of AI red- teaming outputs is related to the background and expertise of the AI red team \nitself. Demographically and interdisciplinarily diverse AI red teams can be used to identify flaws in the \nvarying contexts where GAI will be used. For best results, AI red teams should demonstrate domain \nexpertise, and awareness of socio -cultural aspects within the deployment context. AI red -teaming results \nshould be given additional analysis before they are incorporated into organizational governance and \ndecision making, policy and procedural updates, and AI risk management efforts. \nVarious types of AI red -teaming may be appropriate, depending on the use case: \n• General Public: Performed by general users (not necessarily AI or technical experts) who are \nexpected to use the model or interact with its outputs, and who bring their own lived \nexperiences and perspectives to the task of AI red -teaming . These individuals may have been \nprovided instructions and material to complete tasks which may elicit harmful model behaviors. This type of exercise can be more effective with large groups of AI red-teamers. \n• Expert: Performed by specialists with expertise in the domain or specific AI red -teaming context \nof use (e.g., medicine, biotech, cybersecurity). \n• Combination: In scenarios when it is difficult to identify and recruit specialists with sufficient \ndomain and contextual expertise, AI red -teaming exercises may leverage both expert and' 'GV-4.1-001 Establish policies and procedures that address continual improvement processes \nfor GAI risk measurement . Address general risks associated with a lack of \nexplainability and transparency in GAI systems by using ample documentation and \ntechniques such as: application of gradient -based attributions, occlusion/term \nreduction, counterfactual prompts and prompt eng ineering, and analysis of \nembeddings; Assess and update risk measurement approaches at regular cadences. Confabulation \nGV-4.1-002 Establish policies, procedures, and processes detailing risk measurement in \ncontext of use with standardized measurement protocols and structured public feedback exercises such as AI red -teaming or independent external evaluations . CBRN Information and Capability ; \nValue Chain and Component Integration']","Structured human feedback exercises, such as GAI red-teaming, can significantly benefit GAI (Generative Artificial Intelligence) risk measurement and management in several ways: 1. **Identifying Potential Risks**: GAI red-teaming involves simulating various scenarios to uncover potential adverse behaviors or outcomes of a GAI system. By engaging diverse teams, including domain experts and general users, organizations can identify risks that may not be apparent during the development phase (Source: [document name], p. [specific page number not provided]). 2. **Diverse Perspectives**: Including individuals from different backgrounds and experiences in red-teaming exercises helps to surface a wide range of potential issues, including biases and ethical concerns. This diversity can lead to a more comprehensive understanding of how the GAI system may perform across different contexts and populations (Source: [document name], p. [specific page number not provided]). 3. **Testing Safeguards**: Red-teaming allows organizations to stress-test the safeguards and controls implemented in GAI systems. By simulating attacks or misuse, teams can evaluate the effectiveness of these safeguards and make necessary adjustments to enhance the system's resilience (Source: [document name], p. [specific page number not provided]). 4. **Feedback for Improvement**: The structured feedback gathered from red-teaming exercises can inform updates and improvements to the GAI system. This iterative process helps ensure that the system evolves in response to identified risks and user needs (Source: [document name], p. [specific page number not provided]). 5. **Enhancing Accountability**: By documenting the findings from red-teaming exercises, organizations can create a clear record of identified risks and the steps taken to address them. This accountability is crucial for regulatory compliance and for building trust with stakeholders (Source: [document name], p. [specific page number not provided]). 6. **Facilitating Public Engagement**: Engaging with affected communities and stakeholders through structured feedback mechanisms can enhance the relevance and effectiveness of GAI systems. This participatory approach ensures that the systems are aligned with the needs and values of the communities they serve (Source: [document name], p. [specific page number not provided]). In summary, structured human feedback exercises like GAI red-teaming are vital for identifying risks, enhancing system robustness, and ensuring that GAI technologies are developed and deployed responsibly and ethically.","Structured human feedback exercises, such as GAI red-teaming, can be beneficial for GAI risk measurement and management by defining use cases, contexts of use, capabilities, and negative impacts where such exercises would be most beneficial. These exercises help in monitoring and improving outputs, evaluating the quality and integrity of data used in training, and tracking and documenting risks or opportunities related to GAI risks that cannot be measured quantitatively. Additionally, seeking active and direct feedback from affected communities through red-teaming can enhance information integrity and help in identifying harmful bias and homogenization in AI systems.",1.0,0.992832485501513,1.0,0.9999999999857143,0.8053859083679715 How do measurement gaps between laboratory and real-world settings impact the assessment of GAI systems in the context of pre-deployment testing?,"['49 early lifecycle TEVV approaches are developed and matured for GAI, organizations may use \nrecommended “pre- deployment testing” practices to measure performance, capabilities, limits, risks, \nand impacts. This section describes risk measurement and estimation as part of pre -deployment TEVV, \nand examines the state of play for pre -deployment testing methodologies. \nLimitations of Current Pre -deployment Test Approaches \nCurrently available pre -deployment TEVV processes used for GAI applications may be inadequate, non-\nsystematically applied, or fail to reflect or mismatched to deployment contexts. For example, the \nanecdotal testing of GAI system capabilities through video games or standardized tests designed for \nhumans (e.g., intelligence tests, professional licensing exams) does not guarantee GAI system validity or \nreliability in those domains. Similarly, jailbreaking or prompt engineering tests may not systematically \nasse ss validity or reliability risks. \nMeasurement gaps can arise from mismatches between laboratory and real -world settings. Current \ntesting approaches often remain focused on laboratory conditions or restricted to benchmark test \ndatasets and in silico techniques that may not extrapolate well to —or directly assess GAI impacts in real -\nworld conditions. For example, current measurement gaps for GAI make it difficult to precisely estimate \nits potential ecosystem -level or longitudinal risks and related political, social, and economic impacts. \nGaps between benchmarks and real-world use of GAI systems may likely be exacerbated due to prompt \nsensitivity and broad heterogeneity of contexts of use. \nA.1.5. Structured Public Feedback \nStructured public feedback can be used to evaluate whether GAI systems are performing as intended and to calibrate and verify traditional measurement methods. Examples of structured feedback include, \nbut are not limited to:' 'MP-2.3-001 Assess the accuracy, quality, reliability, and authenticity of GAI output by \ncomparing it to a set of known ground truth data and by using a variety of evaluation methods (e.g., human oversight and automated evaluation , proven \ncryptographic techniques , review of content inputs ). Information Integrity' 'WHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nEnsuring accessibility during design, development, and deployment. Systems should be \ndesigned, developed, and deployed by organizations in ways that ensure accessibility to people with disabili -\nties. This should include consideration of a wide variety of disabilities, adherence to relevant accessibility \nstandards, and user experience research both before and after deployment to identify and address any accessi -\nbility barriers to the use or effectiveness of the automated system. \nDisparity assessment. Automated systems should be tested using a broad set of measures to assess wheth -\ner the system components, both in pre-deployment testing and in-context deployment, produce disparities. \nThe demographics of the assessed groups should be as inclusive as possible of race, colo r, ethnicity, sex \n(including pregnanc y, childbirth, and related medical conditions, gender identit y, intersex status, and sexual \norientation), religion, age, national origin, disabilit y, veteran status, genetic information, or any other classifi -\ncation protected by la w. The broad set of measures assessed should include demographic performance mea -\nsures, overall and subgroup parity assessment, and calibration. Demographic data collected for disparity assessment should be separated from data used for the automated system and privacy protections should be instituted; in some cases it may make sense to perform such assessment using a data sample. For every instance where the deployed automated system leads to different treatment or impacts disfavoring the identi\n-\nfied groups, the entity governing, implementing, or using the system should document the disparity and a justification for any continued use of the system.' '37 MS-2.11-0 05 Assess the proportion of synthetic to non -synthetic training data and verify \ntraining data is not overly homogenous or GAI-produced to mitigate concerns of \nmodel collapse. Harmful Bias and Homogenization \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Affected Individuals and Communities, Domain Experts, End -Users, \nOperation and Monitoring, TEVV \n \nMEASURE 2.12: Environmental impact and sustainability of AI model training and management activities – as identified in the MAP \nfunction – are assessed and documented. \nAction ID Suggested Action GAI Risks \nMS-2.12- 001 Assess safety to physical environments when deploying GAI systems. Dangerous , Violent, or Hateful \nContent \nMS-2.12- 002 Document anticipated environmental impacts of model development, \nmaintenance, and deployment in product design decisions. Environmental \nMS-2.12- 003 Measure or estimate environmental impacts (e.g., energy and water \nconsumption) for training, fine tuning, and deploying models: Verify tradeoffs \nbetween resources used at inference time versus additional resources required at training time. Environmental \nMS-2.12- 004 Verify effectiveness of carbon capture or offset programs for GAI training and \napplications , and address green -washing concerns . Environmental \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, Operation and Monitoring, TEVV' 'MP-3.4-006 Involve the end -users, practitioners, and operators in GAI system in prototyping \nand testing activities. Make sure these tests cover various scenarios , such as crisis \nsituations or ethically sensitive contexts. Human -AI Configuration ; \nInformation Integrity ; Harmful Bias \nand Homogenization ; Dangerous , \nViolent, or Hateful Content \nAI Actor Tasks: AI Design, AI Development, Domain Experts, End -Users, Human Factors, Operation and Monitoring' '23 MP-1.1-002 Determine and document the expected and acceptable GAI system context of \nuse in collaboration with socio -cultural and other domain experts, by assessing: \nAssumptions and limitations; Direct value to the organization; Intended \noperational environment and observed usage patterns; Potential positive and negative impacts to individuals, public safety, groups, communities, organizations, democratic institutions, and the physical environment; Social norms and expectations. Harmful Bias and Homogenization \nMP-1.1-003 Document risk measurement plans t o address identified risks. Plans may \ninclude, as applicable: Individual and group cognitive biases (e.g., confirmation bias, funding bias, groupthink) for AI Actors involved in the design, \nimplementation, and use of GAI systems; Known past GAI system incidents and failure modes; In -context use and foreseeable misuse, abuse, and off -label use; \nOver reliance on quantitative metrics and methodologies without sufficient awareness of their limitations in the context(s) of use; Standard measurement and structured human f eedback approaches; Anticipated human- AI \nconfigurations. Human -AI Configuration ; Harmful \nBias and Homogenization ; \nDangerous , Violent, or Hateful \nContent \nMP-1.1-0 04 Identify and document foreseeable illegal uses or applications of the GAI system \nthat surpass organizational risk tolerances. CBRN Information or Capabilities ; \nDangerous , Violent, or Hateful \nContent ; Obscene, Degrading, \nand/or Abusive Content \nAI Actor Tasks: AI Deployment \n \nMAP 1.2: Interdisciplinary AI Actors , competencies, skills, and capacities for establishing context reflect demographic diversity and \nbroad domain and user experience expertise, and their participation is documented. Opportunities for interdisciplinary \ncollaboration are prioritized. \nAction ID Suggested Action GAI Risks \nMP-1.2-001 Establish and empower interdisciplinary teams that reflect a wide range of' 'Confabulation \nMS-2.3-002 Evaluate claims of model capabilities using empirically validated methods. Confabulation ; Information \nSecurity \nMS-2.3-003 Share results of pre -deployment testing with relevant GAI Actors , such as those \nwith system release approval authority. Human -AI Configuration']","Measurement gaps between laboratory and real-world settings can significantly impact the assessment of GAI (Generative Artificial Intelligence) systems during pre-deployment testing in several ways: 1. **Limited Contextual Relevance**: Laboratory testing often occurs in controlled environments that do not accurately reflect the complexities and variabilities of real-world situations. As a result, the performance of GAI systems may appear more reliable in tests than they would be in actual deployment contexts, leading to overconfidence in their capabilities (Source: [document name], p. [specific page number not provided]). 2. **Inadequate Risk Identification**: Current pre-deployment testing methodologies may not effectively capture the full range of risks associated with GAI systems when they are used in diverse real-world scenarios. This can lead to significant gaps in understanding potential negative impacts, such as biases or unintended consequences that may arise during actual use (Source: [document name], p. [specific page number not provided]). 3. **Prompt Sensitivity Issues**: GAI systems can be highly sensitive to the prompts they receive. Testing in a lab may not account for the varied and unpredictable ways users might interact with the system in real life. This sensitivity can lead to different outputs and behaviors that were not anticipated during testing, resulting in performance discrepancies (Source: [document name], p. [specific page number not provided]). 4. **Benchmark Limitations**: Many pre-deployment tests rely on benchmark datasets that may not represent the diversity of data encountered in real-world applications. This can create a false sense of security regarding the system's reliability and effectiveness, as the benchmarks may not adequately reflect the challenges faced in practical use (Source: [document name], p. [specific page number not provided]). 5. **Longitudinal Impact Assessment**: Current testing approaches often fail to consider the long-term effects of GAI systems on users and communities. Without longitudinal studies, it is challenging to assess how these systems might evolve over time or how they might impact social, political, and economic dynamics (Source: [document name], p. [specific page number not provided]). 6. **Feedback Mechanisms**: The lack of structured public feedback during the testing phase can hinder the ability to calibrate and verify the performance of GAI systems. Engaging with users and stakeholders can provide valuable insights that are often missing in laboratory settings, leading to a more comprehensive understanding of the system's real-world implications (Source: [document name], p. [specific page number not provided]). In summary, measurement gaps between laboratory and real-world settings can lead to an incomplete understanding of GAI systems' performance, risks, and impacts, ultimately affecting their safe and effective deployment. Addressing these gaps is crucial for ensuring that GAI technologies are reliable and beneficial in practice.","Measurement gaps between laboratory and real-world settings can impact the assessment of GAI systems in the context of pre-deployment testing by limiting the extrapolation of results from laboratory conditions to real-world scenarios. Current testing approaches often focus on benchmark test datasets and in silico techniques that may not accurately assess the impacts of GAI systems in real-world conditions. This can make it difficult to estimate the ecosystem-level or longitudinal risks associated with GAI deployment, as well as the political, social, and economic impacts. Additionally, the prompt sensitivity and broad heterogeneity of real-world contexts of use can exacerbate the gaps between benchmarks and actual GAI system performance.",1.0,0.9887518614487671,1.0,0.9150793650641138,0.5178711775070962 How should data collection and use-case scope limits be determined and implemented in automated systems to prevent 'mission creep'?,"['Data collection and use-case scope limits. Data collection should be limited in scope, with specific, \nnarrow identified goals, to avoid ""mission creep."" Anticipated data collection should be determined to be strictly necessary to the identified goals and should be minimized as much as possible. Data collected based on these identified goals and for a specific context should not be used in a different context without assessing for new privacy risks and implementing appropriate mitigation measures, which may include express consent. Clear timelines for data retention should be established, with data deleted as soon as possible in accordance with legal or policy-based limitations. Determined data retention timelines should be documented and justi\n-\nfied. \nRisk identification and mitigation. Entities that collect, use, share, or store sensitive data should attempt to proactively identify harms and seek to manage them so as to avoid, mitigate, and respond appropri\n-\nately to identified risks. Appropriate responses include determining not to process data when the privacy risks outweigh the benefits or implementing measures to mitigate acceptable risks. Appropriate responses do not include sharing or transferring the privacy risks to users via notice or consent requests where users could not reasonably be expected to understand the risks without further support. \nPrivacy-preserving security. Entities creating, using, or governing automated systems should follow privacy and security best practices designed to ensure data and metadata do not leak beyond the specific consented use case. Best practices could include using privacy-enhancing cryptography or other types of privacy-enhancing technologies or fine-grained permissions and access control mechanisms, along with conventional system security protocols. \n33' 'or label to ensure the goal of the automated system is appropriately identified and measured. Additionally , \njustification should be documented for each data attribute and source to explain why it is appropriate to use \nthat data to inform the results of the automated system and why such use will not violate any applicable laws. \nIn cases of high-dimensional and/or derived attributes, such justifications can be provided as overall \ndescriptions of the attribute generation process and appropriateness. \n19' 'DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nProtect the public from unchecked surveillance \nHeightened oversight of surveillance. Surveillance or monitoring systems should be subject to \nheightened oversight that includes at a minimum assessment of potential harms during design (before deploy -\nment) and in an ongoing manner, to ensure that the American public’s rights, opportunities, and access are protected. This assessment should be done before deployment and should give special attention to ensure there is not algorithmic discrimination, especially based on community membership, when deployed in a specific real-world context. Such assessment should then be reaffirmed in an ongoing manner as long as the system is in use. \nLimited and proportionate surveillance. Surveillance should be avoided unless it is strictly necessary to achieve a legitimate purpose and it is proportionate to the need. Designers, developers, and deployers of surveillance systems should use the least invasive means of monitoring available and restrict monitoring to the minimum number of subjects possible. To the greatest extent possible consistent with law enforcement and national security needs, individuals subject to monitoring should be provided with clear and specific notice before it occurs and be informed about how the data gathered through surveillance will be used. \nScope limits on surveillance to protect rights and democratic values. Civil liberties and civil' 'SAFE AND EFFECTIVE \nSYSTEMS \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nDerived data sources tracked and reviewed carefully. Data that is derived from other data through \nthe use of algorithms, such as data derived or inferred from prior model outputs, should be identified and tracked, e.g., via a specialized type in a data schema. Derived data should be viewed as potentially high-risk inputs that may lead to feedback loops, compounded harm, or inaccurate results. Such sources should be care\n-\nfully validated against the risk of collateral consequences. \nData reuse limits in sensitive domains. Data reuse, and especially data reuse in a new context, can result in the spreading and scaling of harms. Data from some domains, including criminal justice data and data indi\n-\ncating adverse outcomes in domains such as finance, employment, and housing, is especially sensitive, and in some cases its reuse is limited by law. Accordingly, such data should be subject to extra oversight to ensure safety and efficacy. Data reuse of sensitive domain data in other contexts (e.g., criminal data reuse for civil legal matters or private sector use) should only occur where use of such data is legally authorized and, after examina\n-\ntion, has benefits for those impacted by the system that outweigh identified risks and, as appropriate, reason -\nable measures have been implemented to mitigate the identified risks. Such data should be clearly labeled to identify contexts for limited reuse based on sensitivity. Where possible, aggregated datasets may be useful for replacing individual-level sensitive data. \nDemonstrate the safety and effectiveness of the system \nIndependent evaluation. Automated systems should be designed to allow for independent evaluation (e.g.,' 'SAFE AND EFFECTIVE SYSTEMS \nYou should be protected from unsafe or ineffective sys -\ntems. Automated systems should be developed with consultation \nfrom diverse communities, stakeholders, and domain experts to iden -\ntify concerns, risks, and potential impacts of the system. Systems should undergo pre-deployment testing, risk identification and miti\n-\ngation, and ongoing monitoring that demonstrate they are safe and effective based on their intended use, mitigation of unsafe outcomes including those beyond the intended use, and adherence to do\n-\nmain-specific standards. Outcomes of these protective measures should include the possibility of not deploying the system or remov\n-\ning a system from use. Automated systems should not be designed with an intent or reasonably foreseeable possibility of endangering your safety or the safety of your community. They should be designed to proactively protect you from harms stemming from unintended, yet foreseeable, uses or impacts of automated systems. You should be protected from inappropriate or irrelevant data use in the design, de\n-\nvelopment, and deployment of automated systems, and from the compounded harm of its reuse. Independent evaluation and report\n-\ning that confirms that the system is safe and effective, including re -\nporting of steps taken to mitigate potential harms, should be per -\nformed and the results made public whenever possible. \n15' '-\ndures before deploying the system, as well as responsibility of specific individuals or entities to oversee ongoing assessment and mitigation. Organizational stakeholders including those with oversight of the business process or operation being automated, as well as other organizational divisions that may be affected due to the use of the system, should be involved in establishing governance procedures. Responsibility should rest high enough in the organization that decisions about resources, mitigation, incident response, and potential rollback can be made promptly, with sufficient weight given to risk mitigation objectives against competing concerns. Those holding this responsibility should be made aware of any use cases with the potential for meaningful impact on people’s rights, opportunities, or access as determined based on risk identification procedures. In some cases, it may be appropriate for an independent ethics review to be conducted before deployment. \nAvoid inappropriate, low-quality, or irrelevant data use and the compounded harm of its reuse \nRelevant and high-quality data. Data used as part of any automated system’s creation, evaluation, or \ndeployment should be relevant, of high quality, and tailored to the task at hand. Relevancy should be \nestablished based on research-backed demonstration of the causal influence of the data to the specific use case \nor justified more generally based on a reasonable expectation of usefulness in the domain and/or for the \nsystem design or ongoing development. Relevance of data should not be established solely by appealing to \nits historical connection to the outcome. High quality and tailored data should be representative of the task at \nhand and errors from data entry or other sources should be measured and limited. Any data used as the target \nof a prediction process should receive particular attention to the quality and validity of the predicted outcome' 'DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nData access and correction. People whose data is collected, used, shared, or stored by automated \nsystems should be able to access data and metadata about themselves, know who has access to this data, and \nbe able to correct it if necessar y. Entities should receive consent before sharing data with other entities and \nshould keep records of what data is shared and with whom. \nConsent withdrawal and data deletion. Entities should allow (to the extent legally permissible) with -\ndrawal of data access consent, resulting in the deletion of user data, metadata, and the timely removal of their data from any systems (e.g., machine learning models) derived from that data.\n68\nAutomated system support. Entities designing, developing, and deploying automated systems should \nestablish and maintain the capabilities that will allow individuals to use their own automated systems to help them make consent, access, and control decisions in a complex data ecosystem. Capabilities include machine readable data, standardized data formats, metadata or tags for expressing data processing permissions and preferences and data provenance and lineage, context of use and access-specific tags, and training models for assessing privacy risk. \nDemonstrate that data privacy and user control are protected \nIndependent evaluation. As described in the section on Safe and Effective Systems, entities should allow \nindependent evaluation of the claims made regarding data policies. These independent evaluations should be \nmade public whenever possible. Care will need to be taken to balance individual privacy with evaluation data \naccess needs. \nReporting. When members of the public wish to know what data about them is being used in a system, the']","To prevent ""mission creep"" in automated systems, data collection and use-case scope limits should be determined and implemented through a structured approach that includes the following steps: 1. **Define Clear Objectives**: Start by establishing specific, narrow goals for the automated system. This involves identifying the primary purpose of the system and the specific outcomes it aims to achieve. Clear objectives help ensure that data collection is focused and relevant (Source: [document name], p. [specific page number not provided]). 2. **Conduct a Data Necessity Assessment**: Evaluate the data needed to achieve the defined objectives. This assessment should determine what data is strictly necessary and avoid collecting any additional information that does not directly contribute to the goals. This helps minimize the risk of collecting excessive data that could lead to mission creep (Source: [document name], p. [specific page number not provided]). 3. **Implement Data Minimization Principles**: Adopt data minimization practices by collecting only the data that is essential for the identified goals. This principle not only reduces the risk of mission creep but also enhances user privacy and data protection (Source: [document name], p. [specific page number not provided]). 4. **Establish Context-Specific Use Cases**: Clearly define the context in which the data will be used. Data collected for one specific purpose should not be repurposed for another without a thorough assessment of new privacy risks and obtaining express consent from users if necessary (Source: [document name], p. [specific page number not provided]). 5. **Set Clear Data Retention Timelines**: Establish and document clear timelines for data retention. Data should be deleted as soon as it is no longer necessary for the identified goals, in accordance with legal or policy-based limitations. This helps prevent the accumulation of unnecessary data over time (Source: [document name], p. [specific page number not provided]). 6. **Regularly Review and Update Policies**: Implement a process for regularly reviewing and updating data collection policies and practices. This ensures that the system remains aligned with its original objectives and adapts to any changes in context or legal requirements (Source: [document name], p. [specific page number not provided]). 7. **Engage Stakeholders**: Involve relevant stakeholders, including users, legal experts, and ethicists, in the development and implementation of data collection practices. Their input can help identify potential risks and ensure that the system operates within ethical and legal boundaries (Source: [document name], p. [specific page number not provided]). By following these steps, organizations can effectively determine and implement data collection and use-case scope limits in automated systems, thereby minimizing the risk of mission creep and protecting user privacy.","Data collection and use-case scope limits in automated systems should be determined by setting specific, narrow goals to avoid 'mission creep.' Anticipated data collection should be strictly necessary for the identified goals and minimized as much as possible. Data collected for a specific context should not be used in a different context without assessing new privacy risks and implementing appropriate mitigation measures, which may include obtaining express consent. Clear timelines for data retention should be established, with data deleted as soon as possible in accordance with legal or policy-based limitations. The determined data retention timelines should be documented and justified.",1.0,0.9241332075241214,1.0,0.9999999999857143,0.9251574724143692 What action did the Federal Trade Commission take against Kochava regarding the sale of sensitive location tracking data?,"['ENDNOTES\n75. See., e.g., Sam Sabin. Digital surveillance in a post-Roe world. Politico. May 5, 2022. https://\nwww.politico.com/newsletters/digital-future-daily/2022/05/05/digital-surveillance-in-a-post-roe-\nworld-00030459; Federal Trade Commission. FTC Sues Kochava for Selling Data that Tracks People atReproductive Health Clinics, Places of Worship, and Other Sensitive Locations. Aug. 29, 2022. https://\nwww.ftc.gov/news-events/news/press-releases/2022/08/ftc-sues-kochava-selling-data-tracks-people-reproductive-health-clinics-places-worship-other\n76. Todd Feathers. This Private Equity Firm Is Amassing Companies That Collect Data on America’s\nChildren. The Markup. Jan. 11, 2022.\nhttps://themarkup.org/machine-learning/2022/01/11/this-private-equity-firm-is-amassing-companies-\nthat-collect-data-on-americas-children\n77.Reed Albergotti. Every employee who leaves Apple becomes an ‘associate’: In job databases used by\nemployers to verify resume information, every former Apple employee’s title gets erased and replaced witha generic title. The Washington Post. Feb. 10, 2022.\nhttps://www.washingtonpost.com/technology/2022/02/10/apple-associate/\n78. National Institute of Standards and Technology. Privacy Framework Perspectives and Success\nStories. Accessed May 2, 2022.\nhttps://www.nist.gov/privacy-framework/getting-started-0/perspectives-and-success-stories\n79. ACLU of New York. What You Need to Know About New York’s Temporary Ban on Facial\nRecognition in Schools. Accessed May 2, 2022.\nhttps://www.nyclu.org/en/publications/what-you-need-know-about-new-yorks-temporary-ban-facial-\nrecognition-schools\n80. New York State Assembly. Amendment to Education Law. Enacted Dec. 22, 2020.\nhttps://nyassembly.gov/leg/?default_fld=&leg_video=&bn=S05140&term=2019&Summary=Y&Text=Y\n81.U.S Department of Labor. Labor-Management Reporting and Disclosure Act of 1959, As Amended.\nhttps://www.dol.gov/agencies/olms/laws/labor-management-reporting-and-disclosure-act (Section' 'description of any data sold, shared, or made public, and how that data was assessed to determine it did not pres-\nent a sensitive data risk; and ongoing risk identification and management procedures, and any mitigation added \nbased on these procedures. Reporting should be provided in a clear and machine-readable manne r. \n38' 'alerts about location tracking—are brief, direct, and use-specific. Many of the expectations listed here for \nprivacy by design and use-specific consent mirror those distributed to developers as best practices when \ndeveloping for smart phone devices,\n82 such as being transparent about how user data will be used, asking for app \npermissions during their use so that the use-context will be clear to users, and ensuring that the app will still \nwork if users deny (or later revoke) some permissions. \n39' 'DATA PRIVACY \nEXTRA PROTECTIONS FOR DATA RELATED TO SENSITIVE\nDOMAINS\nSome domains, including health, employment, education, criminal justice, and personal finance, have long been \nsingled out as sensitive domains deserving of enhanced data protections. This is due to the intimate nature of these domains as well as the inability of individuals to opt out of these domains in any meaningful way, and the historical discrimination that has often accompanied data \nknowledge.69 Domains understood by the public to be \nsensitive also change over time, including because of technological developments. Tracking and monitoring \ntechnologies, personal tracking devices, and our extensive data footprints are used and misused more than ever \nbefore; as such, the protections afforded by current legal guidelines may be inadequate. The American public \ndeserves assurances that data related to such sensitive domains is protected and used appropriately and only in \nnarrowly defined contexts with clear benefits to the individual and/or society .' 'company supplied false data about her job title which resulted in a job offer being revoked.77\n37' 'DATA PRIVACY \nHOW THESE PRINCIPLES CAN MOVE INTO PRACTICE\nReal-life examples of how these principles can become reality, through laws, policies, and practical \ntechnical and sociotechnical approaches to protecting rights, opportunities, and access. \nThe Privacy Act of 1974 requires privacy protections for personal information in federal \nrecords systems, including limits on data retention, and also provides individuals a general \nright to access and correct their data. Among other things, the Privacy Act limits the storage of individual \ninformation in federal systems of records, illustrating the principle of limiting the scope of data retention. Under \nthe Privacy Act, federal agencies may only retain data about an individual that is “relevant and necessary” to accomplish an agency’s statutory purpose or to comply with an Executive Order of the President. The law allows for individuals to be able to access any of their individual information stored in a federal system of records, if not included under one of the systems of records exempted pursuant to the Privacy Act. In these cases, federal agen\n-\ncies must provide a method for an individual to determine if their personal information is stored in a particular system of records, and must provide procedures for an individual to contest the contents of a record about them. Furthe r, the Privacy Act allows for a cause of action for an individual to seek legal relief if a federal agency does not \ncomply with the Privacy Act’s requirements. Among other things, a court may order a federal agency to amend or correct an individual’s information in its records or award monetary damages if an inaccurate, irrelevant, untimel y, \nor incomplete record results in an adverse determination about an individual’s “qualifications, characte r, rights, … \nopportunities…, or benefits .” \nNIST’s Privacy Framework provides a comprehensive, detailed and actionable approach for' ""ENDNOTES\n57. ISO Technical Management Board. ISO/IEC Guide 71:2014. Guide for addressing accessibility in\nstandards. International Standards Organization. 2021. https://www.iso.org/standard/57385.html\n58. World Wide Web Consortium. Web Content Accessibility Guidelines (WCAG) 2.0. Dec. 11, 2008.\nhttps://www.w3.org/TR/WCAG20/\n59. Reva Schwartz, Apostol Vassilev, Kristen Greene, Lori Perine, and Andrew Bert. NIST Special\nPublication 1270: Towards a Standard for Identifying and Managing Bias in Artificial Intelligence. The\nNational Institute of Standards and Technology. March, 2022. https://nvlpubs.nist.gov/nistpubs/\nSpecialPublications/NIST.SP.1270.pdf\n60. See, e.g., the 2014 Federal Trade Commission report “Data Brokers A Call for Transparency and\nAccountability”. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-\naccountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf\n61.See, e.g., Nir Kshetri. School surveillance of students via laptops may do more harm than good. The\nConversation. Jan. 21, 2022.\nhttps://theconversation.com/school-surveillance-of-students-via-laptops-may-do-more-harm-than-\ngood-170983; Matt Scherer. Warning: Bossware May be Hazardous to Your Health. Center for Democracy\n& Technology Report.\nhttps://cdt.org/wp-content/uploads/2021/07/2021-07-29-Warning-Bossware-May-Be-Hazardous-To-\nYour-Health-Final.pdf; Human Impact Partners and WWRC. The Public Health Crisis Hidden in Amazon\nWarehouses. HIP and WWRC report. Jan. 2021.\nhttps://humanimpact.org/wp-content/uploads/2021/01/The-Public-Health-Crisis-Hidden-In-Amazon-\nWarehouses-HIP-WWRC-01-21.pdf; Drew Harwell. Contract lawyers face a growing invasion of\nsurveillance programs that monitor their work. The Washington Post. Nov. 11, 2021. https://\nwww.washingtonpost.com/technology/2021/11/11/lawyer-facial-recognition-monitoring/;\nVirginia Doellgast and Sean O'Brady. Making Call Center Jobs Better: The Relationship between""]","The Federal Trade Commission (FTC) took action against Kochava by filing a lawsuit for selling data that tracked individuals at sensitive locations, including reproductive health clinics and places of worship. The FTC alleged that Kochava's practices violated consumer privacy rights by enabling the sale of sensitive location data without adequate protections for individuals' privacy. This lawsuit highlights the growing concern over the misuse of location tracking data and the need for stricter regulations to protect consumer privacy (Source: FTC Press Release, Aug. 29, 2022).","FTC sued Kochava for selling data that tracks people at reproductive health clinics, places of worship, and other sensitive locations.",0.9,0.9368663914945304,1.0,0.9999999999,0.9490693461099688 How should explanatory mechanisms be built into system design to ensure full behavior transparency in high-risk settings?,"['NOTICE & \nEXPLANATION \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nTailored to the level of risk. An assessment should be done to determine the level of risk of the auto -\nmated system. In settings where the consequences are high as determined by a risk assessment, or extensive \noversight is expected (e.g., in criminal justice or some public sector settings), explanatory mechanisms should be built into the system design so that the system’s full behavior can be explained in advance (i.e., only fully transparent models should be used), rather than as an after-the-decision interpretation. In other settings, the extent of explanation provided should be tailored to the risk level. \nValid. The explanation provided by a system should accurately reflect the factors and the influences that led \nto a particular decision, and should be meaningful for the particular customization based on purpose, target, and level of risk. While approximation and simplification may be necessary for the system to succeed based on the explanatory purpose and target of the explanation, or to account for the risk of fraud or other concerns related to revealing decision-making information, such simplifications should be done in a scientifically supportable way. Where appropriate based on the explanatory system, error ranges for the explanation should be calculated and included in the explanation, with the choice of presentation of such information balanced with usability and overall interface complexity concerns. \nDemonstrate protections for notice and explanation \nReporting. Summary reporting should document the determinations made based on the above consider -' 'AI Actor Tasks: AI Deployment, Operation and Monitoring \n \nMANAGE 2.4: Mechanisms are in place and applied, and responsibilities are assigned and understood, to supersede, disengage, or \ndeactivate AI systems that demonstrate performance or outcomes inconsistent with intended use. \nAction ID Suggested Action GAI Risks \nMG-2.4-001 Establish and maintain communication plans to inform AI stakeholders as part of \nthe deactivation or disengagement process of a specific GAI system (including for open -source models) or context of use, including r easons, workarounds, user \naccess removal, alternative processes, contact information, etc. Human -AI Configuration' 'these technologies, various panelists emphasized that transparency is important but is not enough to achieve accountability. Some panelists discussed their individual views on additional system needs for validity, and agreed upon the importance of advisory boards and compensated community input early in the design process (before the technology is built and instituted). Various panelists also emphasized the importance of regulation that includes limits to the type and cost of such technologies. \n56' 'GV-4.1-001 Establish policies and procedures that address continual improvement processes \nfor GAI risk measurement . Address general risks associated with a lack of \nexplainability and transparency in GAI systems by using ample documentation and \ntechniques such as: application of gradient -based attributions, occlusion/term \nreduction, counterfactual prompts and prompt eng ineering, and analysis of \nembeddings; Assess and update risk measurement approaches at regular cadences. Confabulation \nGV-4.1-002 Establish policies, procedures, and processes detailing risk measurement in \ncontext of use with standardized measurement protocols and structured public feedback exercises such as AI red -teaming or independent external evaluations . CBRN Information and Capability ; \nValue Chain and Component Integration' '14 GOVERN 1.2: The characteristics of trustworthy AI are integrated into organizational policies, processes, procedures, and practices. \nAction ID Suggested Action GAI Risks \nGV-1.2-001 Establish transparency policies and processes for documenting the origin and \nhistory of training data and generated data for GAI applications to advance digital \ncontent transparency , while balancing the proprietary nature of training \napproaches . Data Privacy ; Information \nIntegrity ; Intellectual Property \nGV-1.2-0 02 Establish policies to evaluate risk -relevant capabilities of GAI and robustness of \nsafety measures, both prior to deployment and on an ongoing basis, through \ninternal and external evaluations. CBRN Information or Capabilities ; \nInformation Security \nAI Actor Tasks: Governance and Oversight \n \nGOVERN 1.3: Processes, procedures, and practices are in place to determine the needed level of risk management activities based \non the organization’s risk tolerance. \nAction ID Suggested Action GAI Risks \nGV-1.3-001 Consider the following factors when updating or defining risk tiers for GAI: Abuses \nand impacts to information integrity; Dependencies between GAI and other IT or \ndata systems; Harm to fundamental rights or public safety ; Presentation of \nobscene, objectionable, offensive, discrimina tory, invalid or untruthful output; \nPsychological impacts to humans (e.g., anthropomorphization, algorithmic aversion, emotional entanglement); Possibility for malicious use ; Whether the \nsystem introduces significant new security vulnerabilities ; Anticipated system \nimpact on some groups compared to others ; Unreliable decision making \ncapabilities, validity, adaptability, and variability of GAI system performance over \ntime. Information Integrity ; Obscene, \nDegrading, and/or Abusive \nContent ; Value Chain and \nComponent Integration; Harmful \nBias and Homogenization ; \nDangerous , Violent , or Hateful \nContent ; CBRN Information or \nCapabilities' 'systems . \n8. Information Integrity: Lowered barrier to entry to generate and support the exchange and \nconsumption of content which may not distinguish fact from opinion or fiction or acknowledge \nuncertainties, or could be leveraged for large -scale dis - and mis -information campaigns. \n9. Information Security: Lowered barriers for offensive cyber capabilities, including via automated \ndiscovery and exploitation of vulnerabilities to ease hacking, malware, phishing, offensive cyber \n \n \n6 Some commenters have noted that the terms “hallucination” and “fabrication” anthropomorphize GAI, which \nitself is a risk related to GAI systems as it can inappropriately attribute human characteristics to non -human \nentities. \n7 What is categorized as sensitive data or sensitive PII can be highly contextual based on the nature of the \ninformation, but examples of sensitive information include information that relates to an information subject’s \nmost intimate sphere , including political opinions, sex life, or criminal convictions . \n8 The notion of harm presumes some baseline scenario that the harmful factor (e.g., a GAI model) makes worse . \nWhen the mechanism for potential harm is a disparity between groups, it can be difficult to establish what the \nmost appropriate baseline is to compare against, which can result in divergent views on when a disparity between \nAI behaviors for different subgroups constitutes a harm. In discussing harms from disparities such as biased \nbehavior, t his document highlights examples where someone’s situation is worsened relative to what it would have \nbeen in the absence of any AI system , making the outcome unambiguously a harm of the system .']","Integrating explanatory mechanisms into system design to guarantee complete behavior transparency in high-risk environments involves several key strategies: 1. **Risk Assessment**: Begin with a thorough risk assessment to identify the potential consequences of automated decisions in high-risk settings, such as criminal justice or healthcare. This assessment will guide the level of transparency required (Source: [document name], p. [specific page number not provided]). 2. **Use of Fully Transparent Models**: In high-risk environments, it is essential to utilize fully transparent models that allow stakeholders to understand how decisions are made. This means opting for algorithms that provide clear, interpretable outputs rather than relying on ""black box"" models (Source: [document name], p. [specific page number not provided]). 3. **Explanatory Interfaces**: Develop user-friendly interfaces that present explanations of the system's decisions in an accessible manner. These interfaces should provide insights into the factors influencing decisions, making it easier for users to comprehend the rationale behind outcomes (Source: [document name], p. [specific page number not provided]). 4. **Documentation of Decision-Making Processes**: Maintain comprehensive documentation that outlines the decision-making processes of the automated system. This documentation should detail the data inputs, algorithms used, and the reasoning behind specific outputs, ensuring that stakeholders can trace how decisions are reached (Source: [document name], p. [specific page number not provided]). 5. **Error Range Calculations**: Include error ranges in the explanations provided by the system. This helps users understand the potential variability in outcomes and the confidence level associated with specific decisions, which is particularly important in high-stakes scenarios (Source: [document name], p. [specific page number not provided]). 6. **Feedback Mechanisms**: Implement mechanisms for users to provide feedback on the explanations and decisions made by the system. This feedback can be used to refine the explanatory mechanisms and improve the overall transparency and accountability of the system (Source: [document name], p. [specific page number not provided]). 7. **Regular Audits and Updates**: Conduct regular audits of the system to ensure that the explanatory mechanisms remain effective and relevant. This includes updating the system based on new findings, user feedback, and changes in the regulatory landscape (Source: [document name], p. [specific page number not provided]). By incorporating these strategies, organizations can enhance the transparency of automated systems in high-risk environments, ensuring that stakeholders have a clear understanding of how decisions are made and fostering trust in the technology.","In settings where the consequences are high as determined by a risk assessment, or extensive oversight is expected (e.g., in criminal justice or some public sector settings), explanatory mechanisms should be built into the system design so that the system’s full behavior can be explained in advance (i.e., only fully transparent models should be used), rather than as an after-the-decision interpretation.",1.0,0.9301685789729547,1.0,0.8041666666465626,0.4958522190290946 What are some examples of GAI risks that organizations need to consider in the development and deployment of AI systems?,"['risks, and creates unique risks. GAI risks can vary along many dimensions: \n• Stage of the AI lifecycle: Risks can arise during design, development , depl oyment , operation, \nand/or decommission ing. \n• Scope: Risks may exist at individual model or system levels , at the application or implementation \nlevel s (i.e., for a specific use case), or at the ecosystem level – that is, beyond a single system or \norganizational context . Examples of the latter include the expansion of “ algorithmic \nmonocultures ,3” resulting from repeated use of the same model, or impacts on access to \nopportunity, labor markets , and the creative economies .4 \n• Source of risk: Risks may emerge from factors related to the de sign, training, or operation of the \nGAI model itself, stemming in some cases from GAI model or system inputs , and in other cases , \nfrom GAI system outputs. Many GAI risks, however, originate from human behavior , including \n \n \n3 “Algorithmic monocultures” refers to the phenomenon in which repeated use of the same model or algorithm in \nconsequential decision- making settings like employment and lending can result in increased susceptibility by \nsystems to correlated failures (like unexpected shocks), due to multiple actors relying on the same algorithm. \n4 Many studies have projected the impact of AI on the workforce and labor markets. Fewer studies have examined \nthe impact of GAI on the labor market , though some industry surveys indicate that that both emp loyees and \nemployers are pondering this disruption.' '44 MG-3.2-007 Leverage feedback and recommendations from organizational boards or \ncommittees related to the deployment of GAI applications and content \nprovenance when using third -party pre -trained models. Information Integrity ; Value Chain \nand Component Integration \nMG-3.2-0 08 Use human moderation systems where appropriate to review generated content \nin accordance with human- AI configuration policies established in the Govern \nfunction, aligned with socio -cultural norms in the context of use, and for settings \nwhere AI models are demonstrated to perform poorly. Human -AI Configuration \nMG-3.2-0 09 Use organizational risk tolerance to evaluate acceptable risks and performance \nmetrics and decommission or retrain pre -trained models that perform outside of \ndefined limits. CBRN Information or Capabilities ; \nConfabulation \nAI Actor Tasks: AI Deployment, Operation and Monitoring, Third -party entities \n \nMANAGE 4.1: Post -deployment AI system monitoring plans are implemented, including mechanisms for capturing and evaluating \ninput from users and other relevant AI Actors , appeal and override, decommissioning, incident response, recovery, and change \nmanagement. \nAction ID Suggested Action GAI Risks \nMG-4.1-001 Collaborate with external researchers, industry experts, and community \nrepresentatives to maintain awareness of emerging best practices and technologies in measuring and managing identified risks. Information Integrity ; Harmful Bias \nand Homogenization \nMG-4.1-002 Establish, maintain, and evaluate effectiveness of organizational processes and \nprocedures for post -deployment monitoring of GAI systems, particularly for \npotential confabulation, CBRN, or cyber risks. CBRN Information or Capabilities ; \nConfabulation ; Information \nSecurity \nMG-4.1-003 Evaluate the use of sentiment analysis to gauge user sentiment regarding GAI \ncontent performance and impact, and work in collaboration with AI Actors' '47 Appendix A. Primary GAI Considerations \nThe following primary considerations were derived as overarching themes from the GAI PWG \nconsultation process. These considerations (Governance, Pre- Deployment Testing, Content Provenance, \nand Incident Disclosure) are relevant for volun tary use by any organization designing, developing, and \nusing GAI and also inform the Actions to Manage GAI risks. Information included about the primary \nconsiderations is not exhaustive , but highlights the most relevant topics derived from the GAI PWG. \nAcknowledgments: These considerations could not have been surfaced without the helpful analysis and \ncontributions from the community and NIST staff GAI PWG leads: George Awad, Luca Belli, Harold Booth, \nMat Heyman, Yoo young Lee, Mark Pryzbocki, Reva Schwartz, Martin Stanley, and Kyra Yee. \nA.1. Governance \nA.1.1. Overview \nLike any other technology system, governance principles and techniques can be used to manage risks \nrelated to generative AI models, capabilities, and applications. Organizations may choose to apply their \nexisting risk tiering to GAI systems, or they may op t to revis e or update AI system risk levels to address \nthese unique GAI risks. This section describes how organizational governance regimes may be re -\nevaluated and adjusted for GAI contexts. It also addresses third -party considerations for governing across \nthe AI value chain. \nA.1.2. Organizational Governance \nGAI opportunities, risks and long- term performance characteristics are typically less well -understood \nthan non- generative AI tools and may be perceived and acted upon by humans in ways that vary greatly. \nAccordingly, GAI may call for different levels of oversight from AI Actors or different human- AI \nconfigurations in order to manage their risks effectively. Organizations’ use of GAI systems may also \nwarrant additional human review, tracking and documentation, and greater management oversight.' 'times, and availability of critical support. Human -AI Configuration ; \nInformation Security ; Value Chain \nand Component Integration \nAI Actor Tasks: AI Deployment, Operation and Monitoring, TEVV, Third -party entities \n \nMAP 1.1: Intended purposes, potentially beneficial uses, context specific laws, norms and expectations, and prospective settings in \nwhich the AI system will be deployed are understood and documented. Considerations include: the specific set or types of user s \nalong with their expectations; potential positive and negative impacts of system uses to individuals, communities, organizations, \nsociety, and the planet; assumptions and related limitations about AI system purposes, uses, and risks across the development or \nproduct AI lifecycle; and related TEVV and system metrics. \nAction ID Suggested Action GAI Risks \nMP-1.1-001 When identifying intended purposes, c onsider factors such as internal vs. \nexternal use, narrow vs. broad application scope, fine -tuning , and varieties of \ndata sources ( e.g., grounding, retrieval- augmented generation ). Data Privacy ; Intellectual \nProperty' '51 general public participants. For example, expert AI red- teamers could modify or verify the \nprompts written by general public AI red- teamers. These approaches may also expand coverage \nof the AI risk attack surface. \n• Human / AI: Performed by GAI in combinatio n with specialist or non -specialist human teams. \nGAI- led red -teaming can be more cost effective than human red- teamers alone. Human or GAI-\nled AI red -teaming may be better suited for eliciting different types of harms. \nA.1.6. Content Provenance \nOverview \nGAI technologies can be leveraged for many applications such as content generation and synthetic data. \nSome aspects of GAI output s, such as the production of deepfake content, can challenge our ability to \ndistinguish human- generated content from AI -generated synthetic content. To help manage and mitigate \nthese risks, digital transparency mechanisms like provenance data tracking can trace the origin and \nhistory of content. Provenance data tracking and synthetic content detection can help facilitate greater \ninformation access about both authentic and synthetic content to users, enabling better knowledge of \ntrustworthiness in AI systems. When combined with other organizational accountability mechanisms, \ndigital content transparency approaches can enable processes to trace negative outcomes back to their \nsource, improve information integrity, and uphold public trust. Provenance data tracking and synthetic content detection mechanisms provide information about the origin \nand history of content to assist in \nGAI risk management efforts. \nProvenance metad ata can include information about GAI model developers or creators of GAI content , \ndate/time of creation, location, modifications, and sources. Metadata can be tracked for text, images, videos, audio, and underlying datasets. The implementation of p rovenance data tracking techniques can' 'Information security for computer systems and data is a mature field with widely accepted and \nstandardized practices for offensive and defensive cyber capabilities . GAI -based systems present two \nprimary information security risks: GAI could potentially discover or enable new cybersecurity risks by \nlowering the barriers for or easing automated exercise of offensive capabilities ; simultaneously , it \nexpands the available attack surface , as GAI itself is vulnerable to attacks like prompt injection or data \npoisoning. \nOffensive cyber capabilities advanced by GAI systems may augment cyber security attacks such as \nhacking, malware, and phishing. Reports have indicated that LLMs are already able to discover some \nvulnerabilities in systems (hardware, software, data) and write code to exploit them . Sophisticated threat \nactors might further these risks by developing GAI- powered security co -pilots for use in several parts of \nthe attack chain, including informing attackers on how to proactively evade threat detection and escalate \nprivilege s after gaining system access. \nInformation security for GAI models and systems also includes maintaining availability of the GAI system \nand the integrity and (when applicable ) the confidentiality of the GAI code, training data, and model \nweights. To identify and secur e potential attack points in AI systems or specific components of the AI \n \n \n12 See also https://doi.org/10.6028/NIST.AI.100-4 , to be published.' '1 1. Introduction \nThis document is a cross -sectoral profile of and companion resource for the AI Risk Management \nFramework (AI RMF 1.0) for Generative AI ,1 pursuant to President Biden’s Executive Order (EO) 14110 on \nSafe, Secure, and Trustworthy Artificial Intelligence.2 The AI RMF was released in January 2023, and is \nintended for voluntary use and to improve the ability of organizations to incorporate trustworthiness \nconsiderations into the design, development, use, and evaluation of AI products, services, and systems. \nA profile is an implementation of the AI RMF functions, categories, and subcategories for a specific \nsetting , application , or technology – in this case, Generative AI (GAI) – based on the requirements, risk \ntolerance, and resources of the Framework user. AI RMF profile s assist organizations in deciding how to \nbest manage AI risks in a manner that is well -aligned with their goals, considers legal/regulatory \nrequirements and best practices, and reflects risk management priorities. Consistent with other AI RMF \nprofiles , this profile offers insights into how risk can be managed across various stages of the AI lifecycle \nand for GAI as a technology. \nAs GAI covers risks of models or applications that can be used across use cases or sectors, this document is an AI RMF cross -sectoral profi le. Cross -sectoral profiles can be used to govern, map, measure, and \nmanage risks associated with activities or business processes common across sectors, such as the use of \nlarge language models (LLMs) , cloud -based services, or acquisition. \nThis document defines risks that are novel to or exacerbated by the use of GAI. After introducing and describing these risks, the document provides a set of suggested actions to help organizations govern, \nmap, measure, and manage these risks. \n \n \n1 EO 14110 defines Generative AI as “the class of AI models that emulate the structure and characteristics of input' '20 GV-4.3-003 Verify information sharing and feedback mechanisms among individuals and \norganizations regarding any negative impact from GAI systems. Information Integrity ; Data \nPrivacy \nAI Actor Tasks: AI Impact Assessment, Affected Individuals and Communities, Governance and Oversight \n \nGOVERN 5.1: Organizational policies and practices are in place to collect, consider, prioritize, and integrate feedback from those \nexternal to the team that developed or deployed the AI system regarding the potential individual and societal impacts related to AI \nrisks. \nAction ID Suggested Action GAI Risks \nGV-5.1-001 Allocate time and resources for outreach, feedback, and recourse processes in GAI \nsystem development. Human -AI Configuration ; Harmful \nBias and Homogenization \nGV-5.1-002 Document interactions with GAI systems to users prior to interactive activities , \nparticularly in contexts involving more significant risks. Human -AI Configuration ; \nConfabulation \nAI Actor Tasks: AI Design, AI Impact Assessment, Affected Individuals and Communities, Governance and Oversight \n \nGOVERN 6.1: Policies and procedures are in place that address AI risks associated with third -party entities, including risks of \ninfringement of a third -party’s intellectual property or other rights. \nAction ID Suggested Action GAI Risks \nGV-6.1-001 Categorize different types of GAI content with associated third -party rights (e.g., \ncopyright, intellectual property, data privacy). Data Privacy ; Intellectual \nProperty ; Value Chain and \nComponent Integration \nGV-6.1-002 Conduct joint educational activities and events in collaboration with third parties \nto promote best practices for managing GAI risks. Value Chain and Component \nIntegration \nGV-6.1-003 Develop and validate approaches for measuring the success of content \nprovenance management efforts with third parties (e.g., incidents detected and \nresponse times). Information Integrity ; Value Chain']","Organizations should consider several risks associated with Generative Artificial Intelligence (GAI) during the development and deployment of AI systems. Here are some key examples: 1. **Bias and Discrimination**: GAI systems can perpetuate or even amplify biases present in the training data. This can lead to discriminatory outcomes in applications such as hiring, lending, or law enforcement, where biased outputs can adversely affect individuals or groups (Source: [document name], p. [specific page number not provided]). 2. **Misinformation and Disinformation**: GAI can generate highly convincing but false information, which can be used to spread misinformation or disinformation. This poses risks to public trust, especially in sensitive areas like politics, health, and safety (Source: [document name], p. [specific page number not provided]). 3. **Content Authenticity and Provenance**: The ability of GAI to create synthetic content, such as deepfakes, raises concerns about the authenticity of information. Organizations must implement mechanisms to track the provenance of content to ensure users can distinguish between genuine and AI-generated materials (Source: [document name], p. [specific page number not provided]). 4. **Security Vulnerabilities**: GAI systems can introduce new security risks, such as susceptibility to adversarial attacks, where malicious actors manipulate inputs to produce harmful outputs. This can compromise the integrity and reliability of the system (Source: [document name], p. [specific page number not provided]). 5. **Privacy Concerns**: The use of personal data to train GAI models can lead to privacy violations if sensitive information is not adequately protected. Organizations must ensure compliance with data protection regulations and implement robust privacy measures (Source: [document name], p. [specific page number not provided]). 6. **Operational Risks**: GAI systems may behave unpredictably, especially in novel situations not covered during training. This unpredictability can lead to operational failures or unintended consequences, necessitating careful monitoring and management (Source: [document name], p. [specific page number not provided]). 7. **Intellectual Property Issues**: The generation of content by GAI raises questions about ownership and copyright. Organizations must navigate the complexities of intellectual property rights related to AI-generated works (Source: [document name], p. [specific page number not provided]). 8. **Algorithmic Monocultures**: The widespread use of similar GAI models can lead to algorithmic monocultures, where multiple organizations rely on the same algorithms, increasing vulnerability to correlated failures and systemic risks (Source: [document name], p. [specific page number not provided]). By being aware of these risks, organizations can take proactive steps to mitigate them, ensuring that their GAI systems are developed and deployed responsibly and ethically.","Organizations need to consider various GAI risks in the development and deployment of AI systems, including unacceptable use identified by stakeholder communities, harmful bias and homogenization, dangerous, violent, or hateful content, immature safety or risk cultures related to AI and GAI design, development, and deployment, public information integrity risks impacting democratic processes, unknown long-term performance characteristics of GAI, and risks related to generating illegal content or violating laws.",1.0,0.9441925829937231,1.0,0.9999999999875,0.26607719724614826 How should the validity of explanations provided by automated systems be ensured?,"['NOTICE & \nEXPLANATION \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nTailored to the level of risk. An assessment should be done to determine the level of risk of the auto -\nmated system. In settings where the consequences are high as determined by a risk assessment, or extensive \noversight is expected (e.g., in criminal justice or some public sector settings), explanatory mechanisms should be built into the system design so that the system’s full behavior can be explained in advance (i.e., only fully transparent models should be used), rather than as an after-the-decision interpretation. In other settings, the extent of explanation provided should be tailored to the risk level. \nValid. The explanation provided by a system should accurately reflect the factors and the influences that led \nto a particular decision, and should be meaningful for the particular customization based on purpose, target, and level of risk. While approximation and simplification may be necessary for the system to succeed based on the explanatory purpose and target of the explanation, or to account for the risk of fraud or other concerns related to revealing decision-making information, such simplifications should be done in a scientifically supportable way. Where appropriate based on the explanatory system, error ranges for the explanation should be calculated and included in the explanation, with the choice of presentation of such information balanced with usability and overall interface complexity concerns. \nDemonstrate protections for notice and explanation \nReporting. Summary reporting should document the determinations made based on the above consider -' '25 MP-2.3-002 Review and document accuracy, representativeness, relevance, suitability of data \nused at different stages of AI life cycle. Harmful Bias and Homogenization ; \nIntellectual Property \nMP-2.3-003 Deploy and document fact -checking techniques to verify the accuracy and \nveracity of information generated by GAI systems, especially when the \ninformation comes from multiple (or unknown) sources. Information Integrity \nMP-2.3-004 Develop and implement testing techniques to identify GAI produced content (e.g., synthetic media) that might be indistinguishable from human -generated content. Information Integrity \nMP-2.3-005 Implement plans for GAI systems to undergo regular adversarial testing to identify \nvulnerabilities and potential manipulation or misuse. Information Security \nAI Actor Tasks: AI Development, Domain Experts, TEVV \n \nMAP 3.4: Processes for operator and practitioner proficiency with AI system performance and trustworthiness – and relevant \ntechnical standards and certifications – are defined, assessed, and documented. \nAction ID Suggested Action GAI Risks \nMP-3.4-001 Evaluate whether GAI operators and end -users can accurately understand \ncontent lineage and origin. Human -AI Configuration ; \nInformation Integrity \nMP-3.4-002 Adapt existing training programs to include modules on digital content \ntransparency. Information Integrity \nMP-3.4-003 Develop certification programs that test proficiency in managing GAI risks and \ninterpreting content provenance, relevant to specific industry and context. Information Integrity \nMP-3.4-004 Delineate human proficiency tests from tests of GAI capabilities. Human -AI Configuration \nMP-3.4-005 Implement systems to continually monitor and track the outcomes of human- GAI \nconfigurations for future refinement and improvements . Human -AI Configuration ; \nInformation Integrity \nMP-3.4-006 Involve the end -users, practitioners, and operators in GAI system in prototyping' 'or label to ensure the goal of the automated system is appropriately identified and measured. Additionally , \njustification should be documented for each data attribute and source to explain why it is appropriate to use \nthat data to inform the results of the automated system and why such use will not violate any applicable laws. \nIn cases of high-dimensional and/or derived attributes, such justifications can be provided as overall \ndescriptions of the attribute generation process and appropriateness. \n19' ""Confabulation ; Information \nSecurity \nMS-4.2-003 Implement interpretability and explainability methods to evaluate GAI system \ndecisions and verify alignment with intended purpose. Information Integrity ; Harmful Bias \nand Homogenization \nMS-4.2-004 Monitor and document instances where human operators or other systems \noverride the GAI's decisions. Evaluate these cases to understand if the overrides are linked to issues related to content provenance. Information Integrity \nMS-4.2-0 05 Verify and document the incorporation of results of structured public feedback \nexercises into design, implementation, deployment approval (“go”/“no -go” \ndecisions), monitoring, and decommission decisions. Human -AI Configuration ; \nInformation Security \nAI Actor Tasks: AI Deployment, Domain Experts, End -Users, Operation and Monitoring, TEVV"" 'MP-2.3-001 Assess the accuracy, quality, reliability, and authenticity of GAI output by \ncomparing it to a set of known ground truth data and by using a variety of evaluation methods (e.g., human oversight and automated evaluation , proven \ncryptographic techniques , review of content inputs ). Information Integrity' ""Maintained. The human consideration and fallback process and any associated automated processes \nshould be maintained and supported as long as the relevant automated system continues to be in use. \nInstitute training, assessment, and oversight to combat automation bias and ensure any \nhuman-based components of a system are effective. \nTraining and assessment. Anyone administering, interacting with, or interpreting the outputs of an auto -\nmated system should receive training in that system, including how to properly interpret outputs of a system in light of its intended purpose and in how to mitigate the effects of automation bias. The training should reoc\n-\ncur regularly to ensure it is up to date with the system and to ensure the system is used appropriately. Assess -\nment should be ongoing to ensure that the use of the system with human involvement provides for appropri -\nate results, i.e., that the involvement of people does not invalidate the system's assessment as safe and effective or lead to algorithmic discrimination. \nOversight. Human-based systems have the potential for bias, including automation bias, as well as other \nconcerns that may limit their effectiveness. The results of assessments of the efficacy and potential bias of such human-based systems should be overseen by governance structures that have the potential to update the operation of the human-based system in order to mitigate these effects. \n50"" 'NOTICE & \nEXPLANATION \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nAn automated system should provide demonstrably clear, timely, understandable, and accessible notice of use, and \nexplanations as to how and why a decision was made or an action was taken by the system. These expectations are explained below. \nProvide clear, timely, understandable, and accessible notice of use and explanations \nGenerally accessible plain language documentation. The entity responsible for using the automated \nsystem should ensure that documentation describing the overall system (including any human components) is \npublic and easy to find. The documentation should describe, in plain language, how the system works and how \nany automated component is used to determine an action or decision. It should also include expectations about \nreporting described throughout this framework, such as the algorithmic impact assessments described as \npart of Algorithmic Discrimination Protections. \nAccount able. Notices should clearly identify the entity r esponsible for designing each component of the \nsystem and the entity using it. \nTimely and up-to-date. Users should receive notice of the use of automated systems in advance of using or \nwhile being impacted by the technolog y. An explanation should be available with the decision itself, or soon \nthereafte r. Notice should be kept up-to-date and people impacted by the system should be notified of use case \nor key functionality changes. \nBrief and clear. Notices and explanations should be assessed, such as by research on users’ experiences, \nincluding user testing, to ensure that the people using or impacted by the automated system are able to easily' ""Providing notice has long been a standard practice, and in many cases is a legal requirement, when, for example, making a video recording of someone (outside of a law enforcement or national security context). In some cases, such as credit, lenders are required to provide notice and explanation to consumers. Techniques used to automate the process of explaining such systems are under active research and improvement and such explanations can take many forms. Innovative companies and researchers are rising to the challenge and creating and deploying explanatory systems that can help the public better understand decisions that impact them. \nWhile notice and explanation requirements are already in place in some sectors or situations, the American public deserve to know consistently and across sectors if an automated system is being used in a way that impacts their rights, opportunities, or access. This knowledge should provide confidence in how the public is being treated, and trust in the validity and reasonable use of automated systems. \n• A lawyer representing an older client with disabilities who had been cut off from Medicaid-funded home\nhealth-care assistance couldn't determine why\n, especially since the decision went against historical access\npractices. In a court hearing, the lawyer learned from a witness that the state in which the older client\nlived \nhad recently adopted a new algorithm to determine eligibility.83 The lack of a timely explanation made it\nharder \nto understand and contest the decision.\n•\nA formal child welfare investigation is opened against a parent based on an algorithm and without the parent\never \nbeing notified that data was being collected and used as part of an algorithmic child maltreatment\nrisk assessment.84 The lack of notice or an explanation makes it harder for those performing child\nmaltreatment assessments to validate the risk assessment and denies parents knowledge that could help them\ncontest a decision.\n41"" ""find notices and explanations, read them quickl y, and understand and act on them. This includes ensuring that \nnotices and explanations are accessible to users with disabilities and are available in the language(s) and read-\ning level appropriate for the audience. Notices and explanations may need to be available in multiple forms, \n(e.g., on pape r, on a physical sign, or online), in order to meet these expectations and to be accessible to the \nAmerican public. \nProvide explanations as to how and why a decision was made or an action was taken by an \nautomated system \nTailored to the purpose. Explanations should be tailored to the specific purpose for which the user is \nexpected to use the explanation, and should clearly state that purpose. An informational explanation might differ from an explanation provided to allow for the possibility of recourse, an appeal, or one provided in the context of a dispute or contestation process. For the purposes of this framework, 'explanation' should be construed broadly. An explanation need not be a plain-language statement about causality but could consist of any mechanism that allows the recipient to build the necessary understanding and intuitions to achieve the stated purpose. Tailoring should be assessed (e.g., via user experience research). \nTailored to the target of the explanation. Explanations should be targeted to specific audiences and clearly state that audience. An explanation provided to the subject of a decision might differ from one provided to an advocate, or to a domain expert or decision maker. Tailoring should be assessed (e.g., via user experience research). \n43""]","To ensure the validity of explanations provided by automated systems, organizations can implement several key practices: 1. **Data Quality Assurance**: Ensure that the data used to train and operate the automated system is accurate, representative, and relevant. Regularly review and document the quality of data at different stages of the AI lifecycle to prevent biases and inaccuracies from affecting the explanations (Source: [document name], p. [specific page number not provided]). 2. **Transparent Algorithms**: Use algorithms that are inherently interpretable and transparent. This means selecting models that allow for clear understanding of how inputs are transformed into outputs, making it easier to explain decisions to users (Source: [document name], p. [specific page number not provided]). 3. **Error Range Calculations**: Include error ranges in the explanations provided by the system. This helps users understand the potential variability in outcomes and the confidence level associated with specific decisions, which is crucial for assessing the validity of the explanations (Source: [document name], p. [specific page number not provided]). 4. **User-Centric Design**: Tailor explanations to the specific needs and understanding of the target audience. This involves using plain language and relevant examples to ensure that users can easily grasp the rationale behind decisions (Source: [document name], p. [specific page number not provided]). 5. **Regular Testing and Validation**: Implement ongoing testing and validation processes to assess the accuracy and reliability of the explanations. This includes comparing the system's outputs against known ground truth data and using various evaluation methods (Source: [document name], p. [specific page number not provided]). 6. **Feedback Mechanisms**: Establish mechanisms for users to provide feedback on the explanations they receive. This feedback can be used to refine the explanation processes and improve the overall validity and clarity of the information provided (Source: [document name], p. [specific page number not provided]). 7. **Documentation and Accountability**: Maintain comprehensive documentation of the decision-making processes and the rationale behind the explanations. This documentation should clearly identify the entities responsible for the design and use of the automated system, ensuring accountability (Source: [document name], p. [specific page number not provided]). 8. **Incorporate Human Oversight**: Implement human oversight in the decision-making process, especially in high-stakes situations. Human operators can review and validate the explanations provided by the automated system, ensuring that they align with intended purposes and ethical standards (Source: [document name], p. [specific page number not provided]). By adopting these practices, organizations can enhance the validity of explanations given by automated systems, fostering trust and ensuring that users can make informed decisions based on the information provided.","The explanation provided by a system should accurately reflect the factors and influences that led to a particular decision, and should be meaningful for the particular customization based on purpose, target, and level of risk. While approximation and simplification may be necessary for the system to succeed based on the explanatory purpose and target of the explanation, or to account for the risk of fraud or other concerns related to revealing decision-making information, such simplifications should be done in a scientifically supportable way. Where appropriate based on the explanatory system, error ranges for the explanation should be calculated and included in the explanation, with the choice of presentation of such information balanced with usability and overall interface complexity concerns.",1.0,0.9584771828980566,1.0,0.9999999999888889,0.38172532667145004 How do generative models like LLMs generate outputs that can lead to confabulations in GAI systems?,"['6 2.2. Confabulation \n“Confabulation” refers to a phenomenon in which GAI systems generate and confidently present \nerroneous or false content in response to prompts . Confabulations also include generated outputs that \ndiverge from the prompts or other input or that contradict previously generated statements in the same \ncontext. Th ese phenomena are colloquially also referred to as “hallucination s” or “fabrication s.” \nConfabulations can occur across GAI outputs and contexts .9,10 Confabulations are a natural result of the \nway generative models are designed : they generate outputs that approximate the statistical distribution \nof their training data ; for example, LLMs predict the next token or word in a sentence or phrase . While \nsuch statistical prediction can produce factual ly accurate and consistent outputs , it can also produce \noutputs that are factually inaccurat e or internally inconsistent . This dynamic is particularly relevant when \nit comes to open -ended prompts for long- form responses and in domains which require highly \ncontextual and/or domain expertise. \nRisks from confabulations may arise when users believe false content – often due to the confident nature \nof the response – leading users to act upon or promote the false information. This poses a challenge for \nmany real -world applications, such as in healthcare, where a confabulated summary of patient \ninformation reports could cause doctors to make incorrect diagnoses and/or recommend the wrong \ntreatments. Risks of confabulated content may be especially important to monitor when integrating GAI \ninto applications involving consequential decision making. \nGAI outputs may also include confabulated logic or citations that purport to justify or explain the \nsystem’s answer , which may further mislead humans into inappropriately trusting the system’s output. \nFor instance, LLMs sometimes provide logical steps for how they arrived at an answer even when the' 'Carlini, N. et al. (2023) Quantifying Memorization Across Neural Language Models. ICLR 2023. \nhttps://arxiv.org/pdf/2202.07646 \nCarlini, N. et al. (2024) Stealing Part of a Production Language Model. arXiv . \nhttps://arxiv.org/abs/2403.06634 \nChandra, B. et al. (2023) Dismantling the Disinformation Business of Chinese Influence Operations. \nRAND. https://www.rand.org/pubs/commentary/2023/10/dismantling- the-disinformation -business -of-\nchinese.html \nCiriello , R. et al. (2024) Ethical Tensions in Human- AI Companionship: A Dialectical Inquiry into Replika. \nResearchGate. https://www.researchgate.net/publication/374505266_Ethical_Tensions_in_Human-\nAI_Companionship_A_Dialectical_Inquiry_into_Replika \nDahl, M. et al. (2024) Large Legal Fictions: Profiling Legal Hallucinations in Large Language Models. arXiv . \nhttps://arxiv.org/abs/2401.01301' '8 Trustworthy AI Characteristics: Accountable and Transparent, Privacy Enhanced, Safe, Secure and \nResilient \n2.5. Environmental Impacts \nTraining, maint aining, and operating (running inference on) GAI systems are resource -intensive activities , \nwith potentially large energy and environmental footprints. Energy and carbon emissions vary based on \nwhat is being done with the GAI model (i.e., pre -training, fine -tuning, inference), the modality of the \ncontent , hardware used, and type of task or application . \nCurrent e stimates suggest that training a single transformer LLM can emit as much carbon as 300 round-\ntrip flights between San Francisco and New York. In a study comparing energy consumption and carbon \nemissions for LLM inference, generative tasks ( e.g., text summarization) were found to be more energy - \nand carbon -i ntensive th an discriminative or non- generative tasks (e.g., text classification). \nMethods for creating smaller versions of train ed models, such as model distillation or compression, \ncould reduce environmental impacts at inference time, but training and tuning such models may still \ncontribute to their environmental impacts . Currently there is no agreed upon method to estimate \nenvironmental impacts from GAI . \nTrustworthy AI Characteristics: Accountable and Transparent, Safe \n2.6. Harmful Bias and Homogenization \nBias exists in many forms and can become ingrained in automated systems. AI systems , including GAI \nsystems, can increase the speed and scale at which harmful biases manifest and are acted upon, \npotentially perpetuati ng and amplify ing harms to individuals, groups, communities, organizations, and \nsociety . For example, when prompted to generate images of CEOs, doctors, lawyers, and judges, current \ntext-to-image models underrepresent women and/or racial minorities , and people with disabilities . \nImage generator models have also produce d biased or stereotyped output for various demographic' 'risks, and creates unique risks. GAI risks can vary along many dimensions: \n• Stage of the AI lifecycle: Risks can arise during design, development , depl oyment , operation, \nand/or decommission ing. \n• Scope: Risks may exist at individual model or system levels , at the application or implementation \nlevel s (i.e., for a specific use case), or at the ecosystem level – that is, beyond a single system or \norganizational context . Examples of the latter include the expansion of “ algorithmic \nmonocultures ,3” resulting from repeated use of the same model, or impacts on access to \nopportunity, labor markets , and the creative economies .4 \n• Source of risk: Risks may emerge from factors related to the de sign, training, or operation of the \nGAI model itself, stemming in some cases from GAI model or system inputs , and in other cases , \nfrom GAI system outputs. Many GAI risks, however, originate from human behavior , including \n \n \n3 “Algorithmic monocultures” refers to the phenomenon in which repeated use of the same model or algorithm in \nconsequential decision- making settings like employment and lending can result in increased susceptibility by \nsystems to correlated failures (like unexpected shocks), due to multiple actors relying on the same algorithm. \n4 Many studies have projected the impact of AI on the workforce and labor markets. Fewer studies have examined \nthe impact of GAI on the labor market , though some industry surveys indicate that that both emp loyees and \nemployers are pondering this disruption.' 'Image generator models have also produce d biased or stereotyped output for various demographic \ngroups and have difficulty producing non- stereotyped content even when the prompt specifically \nrequests image features that are inconsistent with the stereotypes. Harmful b ias in GAI models , which \nmay stem from their training data , can also cause representational harm s or perpetuate or exacerbate \nbias based on race, gender, disability, or other protected classes . \nHarmful b ias in GAI systems can also lead to harms via disparities between how a model performs for \ndifferent subgroups or languages (e.g., an LLM may perform less well for non- English languages or \ncertain dialects ). Such disparities can contribute to discriminatory decision -making or amplification of \nexisting societal biases. In addition, GAI systems may be inappropriately trusted to perform similarly \nacross all subgroups , which could leave the groups facing underperformance with worse outcomes than \nif no GAI system were used. Disparate or r educed performance for low er-resource languages also \npresents challenges to model adoption, inclusion, and accessibility , and may make preservation of \nendangered languages more difficult if GAI systems become embedded in everyday processes that would \notherwise have been opportunities to use the se languages . \nBias is mutually reinforcing with the problem of undesired homogenization , in which GAI systems \nproduce skewed distributions of outputs that are overly uniform (for example, repetitive aesthetic styles' '58 Satariano, A. et al. (2023) The People Onscreen Are Fake. The Disinformation Is Real. New York Times . \nhttps://www.nytimes.com/2023/02/07/technology/artificial -intelligence -training- deepfake.html \nSchaul, K. et al. (2024) Inside the secret list of websites that make AI like ChatGPT sound smart. \nWashington Post . https://www.washingtonpost.com/technology/interactive/2023/ai -chatbot -learning/ \nScheurer , J. et al. (2023) Technical report: Large language models can strategically deceive their users \nwhen put under pressure. arXiv. https://arxiv.org/abs/2311.07590 \nShelby, R. et al. (2023) Sociotechnical Harms of Algorithmic Systems: Scoping a Taxonomy for Harm \nReduction. arXiv . https://arxiv.org/pdf/2210.05791 \nShevlane, T. et al. (2023) Model evaluation for extreme risks. arXiv . https://arxiv.org/pdf/2305.15324 \nShumailov, I. et al. (2023) The curse of recursion: training on generated data makes models forget. arXiv . \nhttps://arxiv.org/pdf/2305.17493v2 \nSmith, A. et al. (2023) Hallucination or Confabulation? Neuroanatomy as metaphor in Large Language Models. PLOS Digital Health. \nhttps://journals.plos.org/digitalhealth/article?id=10.1371/journal.pdig.0000388\n \nSoice, E. et al. (2023) Can large language models democratize access to dual -use biotechnology? arXiv . \nhttps://arxiv.org/abs/2306.03809 \nSolaiman, I. et al. (2023) The Gradient of Generative AI Release: Methods and Considerations. arXiv. \nhttps://arxiv.org/abs/2302.04844 \nStaab, R. et al. (2023) Beyond Memorization: Violating Privacy via Inference With Large Language \nModels. arXiv . https://arxiv.org/pdf/2310.07298 \nStanford, S. et al. (2023) Whose Opinions Do Language Models Reflect? arXiv . \nhttps://arxiv.org/pdf/2303.17548 \nStrubell, E. et al. (2019) Energy and Policy Considerations for Deep Learning in NLP . arXiv . \nhttps://arxiv.org/pdf/1906.02243 \nThe White House (2016) Circular No. A -130, Managing Information as a Strategic Resource .' 'purpose specification. For example, most model developers do not disclose specific data sources on \nwhich models were trained, limiting user awareness of whether personally identifiably information (PII) \nwas trained on and, if so, how it was collected . \nModels may leak, generate, or correctly infer sensitive information about individuals . For example, \nduring adversarial attacks, LLMs have revealed sensitive information (from the public domain) that was \nincluded in their training data. This problem has been referred to as data memorization , and may pose \nexacerbated privacy risks even for data present only in a small number of training samples . \nIn addition to revealing sensitive information in GAI training data , GAI models may be able to correctly \ninfer P II or sensitive data that was not in their training data nor disclosed by the user by stitching \ntogether information from disparate sources . These i nferences can have negative impact on an individual \neven if the inferences are not accurate (e.g., confabulations), and especially if they reveal information \nthat the individual considers sensitive or that is used to disadvantage or harm them. \nBeyond harms from information exposure (such as extortion or dignitary harm ), wrong or inappropriate \ninferences of PII can contribute to downstream or secondary harmful impacts . For example, predictive \ninferences made by GAI models based on PII or protected attributes c an contribute to adverse decisions , \nleading to representational or allocative harms to individuals or groups (see Harmful Bias and \nHomogenization below).' '9 and reduce d content diversity ). Overly homogenized outputs can themselves be incorrect, or they may \nlead to unreliable decision -making or amplify harmful biases. These phenomena can flow from \nfoundation models to downstream models and systems , with the foundation models acting as \n“bottlenecks ,” or single points of failure. \nOverly homogenized content can contribute to “model collapse .” Model collapse can occur when model \ntraining over -relies on synthetic data , resulting in data points disappearing from the distribution of the \nnew model’s outputs. In addition to threat ening the robustness of the model overall, m odel collapse \ncould lead to homogenized outputs, including by amplifying any homogenization from the model used to \ngenerate the synthetic training data . \nTrustworthy AI Characteristics: Fair with Harmful Bias Managed, Valid and Reliable \n2.7. Human -AI Configuration \nGAI system use can involve varying risks of misconfigurations and poor interactions between a system \nand a human who is interacti ng with it. Humans bring their unique perspectives , experiences , or domain -\nspecific expertise to interactions with AI systems but may not have detailed knowledge of AI systems and \nhow they work. As a result, h uman experts may be unnecessarily “averse ” to GAI systems , and thus \ndeprive themselves or others of GAI’s beneficial uses . \nConversely , due to the complexity and increasing reliability of GAI technology, over time, human s may \nover -rely on GAI systems or may unjustifiably perceive GAI content to be of higher quality than that \nproduced by other sources . This phenomenon is an example of automation bias , or excessive deference \nto automated systems . Automation bias can exacerbate other risks of GAI, such as risks of confabulation \nor risks of bias or homogenization. \nThere may also be concerns about emotional entanglement between humans and GAI systems, which']","Generative models, such as large language models (LLMs), produce outputs that may result in confabulations due to the way they are designed and operate. Here are the key factors that contribute to this phenomenon: 1. **Statistical Prediction**: LLMs generate text by predicting the next word or token in a sequence based on the statistical patterns learned from their training data. This means they do not have an understanding of the content in the same way humans do; instead, they rely on probabilities derived from the data they were trained on. As a result, they can produce outputs that sound plausible but are factually incorrect or nonsensical (Source: [document name], p. [specific page number not provided]). 2. **Open-Ended Prompts**: When given open-ended prompts, LLMs can generate long-form responses that may diverge from the original context or prompt. This can lead to inconsistencies within the generated text, as the model may introduce information that is not relevant or accurate, resulting in confabulated content (Source: [document name], p. [specific page number not provided]). 3. **Lack of Contextual Understanding**: LLMs do not possess true contextual understanding or domain expertise. They generate responses based on patterns rather than comprehension, which can lead to outputs that contradict previous statements or lack coherence when addressing complex topics (Source: [document name], p. [specific page number not provided]). 4. **Confident Presentation**: LLMs often present their outputs with a high degree of confidence, which can mislead users into believing that the information is accurate. This confidence can lead users to accept and act upon false information without critical evaluation, increasing the risk of spreading misinformation (Source: [document name], p. [specific page number not provided]). 5. **Confabulated Logic and Citations**: In some cases, LLMs may generate logical steps or citations to support their answers, even when these are fabricated or incorrect. This can further mislead users into trusting the outputs, as the model appears to provide justifications for its responses (Source: [document name], p. [specific page number not provided]). Overall, the combination of statistical prediction, lack of true understanding, and the confident presentation of outputs contributes to the occurrence of confabulations in generative AI systems. Organizations using LLMs must be aware of these risks and implement measures to mitigate them, especially in applications involving critical decision-making.","Generative models like LLMs generate outputs that can lead to confabulations in GAI systems by approximating the statistical distribution of their training data. While this statistical prediction can result in factually accurate and consistent outputs, it can also produce outputs that are factually inaccurate or internally inconsistent. This becomes particularly relevant in open-ended prompts for long-form responses and domains requiring contextual or domain expertise.",1.0,0.9104152047724899,1.0,0.8736394557698324,0.39538357417853764 How can appropriate diligence on training data use help assess intellectual property risks in AI systems?,"[""27 MP-4.1-0 10 Conduct appropriate diligence on training data use to assess intellectual property, \nand privacy, risks, including to examine whether use of proprietary or sensitive \ntraining data is consistent with applicable laws. Intellectual Property ; Data Privacy \nAI Actor Tasks: Governance and Oversight, Operation and Monitoring, Procurement, Third -party entities \n \nMAP 5.1: Likelihood and magnitude of each identified impact (both potentially beneficial and harmful) based on expected use, past \nuses of AI systems in similar contexts, public incident reports, feedback from those external to the team that developed or d eployed \nthe AI system, or other data are identified and documented. \nAction ID Suggested Action GAI Risks \nMP-5.1-001 Apply TEVV practices for content provenance (e.g., probing a system's synthetic \ndata generation capabilities for potential misuse or vulnerabilities . Information Integrity ; Information \nSecurity \nMP-5.1-002 Identify potential content provenance harms of GAI, such as misinformation or \ndisinformation, deepfakes, including NCII, or tampered content. Enumerate and rank risks based on their likelihood and potential impact, and determine how well provenance solutions address specific risks and/or harms. Information Integrity ; Dangerous , \nViolent, or Hateful Content ; \nObscene, Degrading, and/or Abusive Content \nMP-5.1-003 Consider d isclos ing use of GAI to end user s in relevant contexts, while considering \nthe objective of disclosure, the context of use, the likelihood and magnitude of the \nrisk posed, the audience of the disclosure, as well as the frequency of the disclosures. Human -AI Configuration \nMP-5.1-004 Prioritize GAI structured public feedback processes based on risk assessment estimates. Information Integrity ; CBRN \nInformation or Capabilities ; \nDangerous , Violent, or Hateful \nContent ; Harmful Bias and \nHomogenization"" 'Value Chain and Component Integration ; Harmful Bias and \nHomogenization \nMG-3.1-003 Re-assess model risks after fine -tuning or retrieval -augmented generation \nimplementation and for any third -party GAI models deployed for applications \nand/or use cases that were not evaluated in initial testing. Value Chain and Component Integration \nMG-3.1-004 Take reasonable measures to review training data for CBRN information, and \nintellectual property, and where appropriate, remove it. Implement reasonable \nmeasures to prevent, flag, or take other action in response to outputs that reproduce particular training data (e.g., plagiarized, trademarked, patented, \nlicensed content or trade secret material). Intellectual Property ; CBRN \nInformation or Capabilities' 'AI incident \ndatabase , AVID , CVE, NVD , or OECD AI incident monitor ); Human oversight roles \nand responsibilities; Special rights and considerations for intellectual property, licensed works, or personal, privileged, proprietary or sensitive data; Underlying foundation models, versions of underlying models, and access modes . Data Privacy ; Human -AI \nConfiguration; Information \nIntegrity ; Intellectual Property ; \nValue Chain and Component Integration \nAI Actor Tasks: Governance and Oversight' '40 MANAGE 1.3: Responses to the AI risks deemed high priority, as identified by the MAP function, are developed, planned, and \ndocumented. Risk response options can include mitigating, transferring, avoiding, or accepting. \nAction ID Suggested Action GAI Risks \nMG-1.3-001 Document trade -offs, decision processes, and relevant measurement and \nfeedback results for risks that do not surpass organizational risk tolerance , for \nexample, in the context of model release : Consider different approaches for \nmodel release, for example , leveraging a staged release approach. Consider \nrelease approaches in the context of the model and its projected use cases. \nMitigate, transfer, or avoid risks that surpass organizational risk tolerances. Information Security \nMG-1.3-002 Monitor the robust ness and effectiveness of risk controls and mitigation plans \n(e.g., via red-teaming, field testing, participatory engagements, performance \nassessments, user feedback mechanisms). Human -AI Configuration \nAI Actor Tasks: AI Develop ment, AI Deployment, AI Impact Assessment, Operation and Monitoring \n \nMANAGE 2.2: Mechanisms are in place and applied to sustain the value of deployed AI systems. \nAction ID Suggested Action GAI Risks \nMG-2.2-001 Compare GAI system outputs against pre-defined organization risk tolerance, \nguidelines , and principles , and review and test AI-generated content against \nthese guidelines. CBRN Information or Capabilities ; \nObscene, Degrading, and/or \nAbusive Content ; Harmful Bias and \nHomogenization ; Dangerous , \nViolent, or Hateful Content \nMG-2.2-002 Document training data sources to trace the origin and provenance of AI -\ngenerated content. Information Integrity \nMG-2.2-003 Evaluate feedback loops between GAI system content provenance and human \nreviewers, and update where needed. Implement real -time monitoring systems \nto affirm that cont ent provenance protocols remain effective. Information Integrity' 'Information Integrity \nMS-2.10-0 03 Verify deduplication of GAI training data samples , particularly regarding synthetic \ndata . Harmful Bias and Homogenization \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, End -Users, Operation and Monitoring, TEVV' 'Information Integrity \nMS-3.3-003 Evaluate potential biases and stereotypes that could emerge from the AI -\ngenerated content using appropriate methodologies including computational testing methods as well as evaluating structured feedback input. Harmful Bias and Homogenization' '32 MEASURE 2.6: The AI system is evaluated regularly for safety risks – as identified in the MAP function. The AI system to be \ndeployed is demonstrated to be safe, its residual negative risk does not exceed the risk tolerance, and it can fail safely, p articularly if \nmade to operate beyond its knowledge limits. Safety metrics reflect system reliability and robustness, real- time monitoring, and \nresponse times for AI system failures. \nAction ID Suggested Action GAI Risks \nMS-2.6-001 Assess adverse impacts , including health and wellbeing impacts for value chain \nor other AI Actors that are exposed to sexually explicit, offensive , or violent \ninformation during GAI training and maintenance. Human -AI Configuration ; Obscene, \nDegrading, and/or Abusive \nContent ; Value Chain and \nComponent Integration; Dangerous , Violent, or Hateful \nContent \nMS-2.6-002 Assess existence or levels of harmful bias , intellectual property infringement, \ndata privacy violations, obscenity, extremism, violence, or CBRN information in \nsystem training data. Data Privacy ; Intellectual Property ; \nObscene, Degrading, and/or Abusive Content ; Harmful Bias and \nHomogenization ; Dangerous , \nViolent, or Hateful Content ; CBRN \nInformation or Capabilities \nMS-2.6-003 Re-evaluate safety features of fine -tuned models when the negative risk exceeds \norganizational risk tolerance. Dangerous , Violent, or Hateful \nContent \nMS-2.6-004 Review GAI system outputs for validity and safety: Review generated code to assess risks that may arise from unreliable downstream decision -making. Value Chain and Component \nIntegration ; Dangerous , Violent, or \nHateful Content \nMS-2.6-005 Verify that GAI system architecture can monitor outputs and performance, and \nhandle, recover from, and repair errors when security anomalies, threats and impacts are detected. Confabulation ; Information \nIntegrity ; Information Security' 'purpose specification. For example, most model developers do not disclose specific data sources on \nwhich models were trained, limiting user awareness of whether personally identifiably information (PII) \nwas trained on and, if so, how it was collected . \nModels may leak, generate, or correctly infer sensitive information about individuals . For example, \nduring adversarial attacks, LLMs have revealed sensitive information (from the public domain) that was \nincluded in their training data. This problem has been referred to as data memorization , and may pose \nexacerbated privacy risks even for data present only in a small number of training samples . \nIn addition to revealing sensitive information in GAI training data , GAI models may be able to correctly \ninfer P II or sensitive data that was not in their training data nor disclosed by the user by stitching \ntogether information from disparate sources . These i nferences can have negative impact on an individual \neven if the inferences are not accurate (e.g., confabulations), and especially if they reveal information \nthat the individual considers sensitive or that is used to disadvantage or harm them. \nBeyond harms from information exposure (such as extortion or dignitary harm ), wrong or inappropriate \ninferences of PII can contribute to downstream or secondary harmful impacts . For example, predictive \ninferences made by GAI models based on PII or protected attributes c an contribute to adverse decisions , \nleading to representational or allocative harms to individuals or groups (see Harmful Bias and \nHomogenization below).']","Appropriate diligence on training data use is crucial for assessing intellectual property (IP) risks in AI systems in several ways: 1. **Identifying Data Sources**: Conducting thorough diligence helps organizations trace the origins of the training data used in AI systems. By understanding where the data comes from, organizations can determine whether they have the right to use that data and whether it infringes on any existing IP rights (Source: [document name], p. [specific page number not provided]). 2. **Evaluating Licensing Agreements**: Diligence allows organizations to review licensing agreements associated with the training data. This includes checking whether the data is licensed for commercial use, whether there are any restrictions, and ensuring compliance with the terms of use. This step is essential to avoid potential legal disputes over unauthorized use of copyrighted material (Source: [document name], p. [specific page number not provided]). 3. **Assessing Data Quality and Ownership**: By examining the quality and ownership of the training data, organizations can identify potential risks related to data that may be proprietary or sensitive. This assessment helps ensure that the data used does not violate any IP rights or privacy laws, which could lead to legal liabilities (Source: [document name], p. [specific page number not provided]). 4. **Mitigating Risks of Data Memorization**: Diligence can help organizations understand the risks of data memorization, where AI models inadvertently reproduce copyrighted or proprietary content from their training data. By assessing the training data, organizations can implement measures to minimize the likelihood of such occurrences, such as filtering out sensitive or proprietary information (Source: [document name], p. [specific page number not provided]). 5. **Documenting Compliance Efforts**: Maintaining records of the diligence process demonstrates an organization's commitment to IP compliance. This documentation can be valuable in case of audits or legal challenges, as it shows that the organization took reasonable steps to assess and mitigate IP risks associated with its AI systems (Source: [document name], p. [specific page number not provided]). 6. **Engaging Legal Expertise**: Appropriate diligence often involves consulting with legal experts who specialize in IP law. Their insights can help organizations navigate complex legal landscapes and ensure that their use of training data aligns with IP regulations and best practices (Source: [document name], p. [specific page number not provided]). By implementing appropriate diligence on training data use, organizations can effectively assess and manage intellectual property risks in their AI systems, thereby reducing the likelihood of legal issues and fostering responsible AI development.","Appropriate diligence on training data use can help assess intellectual property risks in AI systems by examining whether the use of proprietary or sensitive training data aligns with relevant laws. This includes evaluating the likelihood and magnitude of potential impacts, both beneficial and harmful, based on past uses of AI systems in similar contexts, public incident reports, feedback from external parties, and other relevant data. By identifying and documenting these impacts, organizations can better understand the risks associated with their training data and take appropriate measures to mitigate them.",1.0,0.981217057423747,1.0,0.9617346938638119,0.32426457745728754 How do integrated human-AI systems benefit companies in providing customer service?,"[""HUMAN ALTERNATIVES, \nCONSIDERATION, AND \nFALLBACK \nHOW THESE PRINCIPLES CAN MOVE INTO PRACTICE\nReal-life examples of how these principles can become reality, through laws, policies, and practical \ntechnical and sociotechnical approaches to protecting rights, opportunities, and access. \nHealthcare “navigators” help people find their way through online signup forms to choose \nand obtain healthcare. A Navigator is “an individual or organization that's trained and able to help \nconsumers, small businesses, and their employees as they look for health coverage options through the \nMarketplace (a government web site), including completing eligibility and enrollment forms.”106 For \nthe 2022 plan year, the Biden-Harris Administration increased funding so that grantee organizations could \n“train and certify more than 1,500 Navigators to help uninsured consumers find affordable and comprehensive \nhealth coverage. ”107\nThe customer service industry has successfully integrated automated services such as \nchat-bots and AI-driven call response systems with escalation to a human support team.\n108 Many businesses now use partially automated customer service platforms that help answer customer \nquestions and compile common problems for human agents to review. These integrated human-AI \nsystems allow companies to provide faster customer care while maintaining human agents to answer \ncalls or otherwise respond to complicated requests. Using both AI and human agents is viewed as key to \nsuccessful customer service.109\nBallot curing laws in at least 24 states require a fallback system that allows voters to \ncorrect their ballot and have it counted in the case that a voter signature matching algorithm incorrectly flags their ballot as invalid or there is another issue with their ballot, and review by an election official does not rectify the problem. Some federal courts have found that such cure procedures are constitutionally required.\n110 Ballot"" 'times, and availability of critical support. Human -AI Configuration ; \nInformation Security ; Value Chain \nand Component Integration \nAI Actor Tasks: AI Deployment, Operation and Monitoring, TEVV, Third -party entities \n \nMAP 1.1: Intended purposes, potentially beneficial uses, context specific laws, norms and expectations, and prospective settings in \nwhich the AI system will be deployed are understood and documented. Considerations include: the specific set or types of user s \nalong with their expectations; potential positive and negative impacts of system uses to individuals, communities, organizations, \nsociety, and the planet; assumptions and related limitations about AI system purposes, uses, and risks across the development or \nproduct AI lifecycle; and related TEVV and system metrics. \nAction ID Suggested Action GAI Risks \nMP-1.1-001 When identifying intended purposes, c onsider factors such as internal vs. \nexternal use, narrow vs. broad application scope, fine -tuning , and varieties of \ndata sources ( e.g., grounding, retrieval- augmented generation ). Data Privacy ; Intellectual \nProperty' 'but are not limited to: \n• Participatory Engagement Methods : Methods used to solicit feedback from civil society groups, \naffected communities, and users, including focus groups, small user studies, and surveys. \n• Field Testing : Methods used to determine how people interact with, consume, use, and make \nsense of AI -generated information, and subsequent actions and effects, including UX, usability, \nand other structured, randomized experiments. \n• AI Red -teaming: A structured testing exercise\n used to probe an AI system to find flaws and \nvulnerabilities such as inaccurate, harmful, or discriminatory outputs, often in a controlled \nenvironment and in collaboration with system developers. \nInformation gathered from structured public feedback can inform design, implementation, deployment \napproval , maintenance, or decommissioning decisions. Results and insights gleaned from these exercises \ncan serve multiple purposes, including improving data quality and preprocessing, bolstering governance decision making, and enhancing system documentation and debugging practices. When implementing \nfeedback activities, organizations should follow human subjects research requirements and best \npractices such as informed consent and subject compensation.' 'warrant additional human review, tracking and documentation, and greater management oversight. \nAI technology can produce varied outputs in multiple modalities and present many classes of user \ninterfaces. This leads to a broader set of AI Actors interacting with GAI systems for widely differing \napplications and contexts of use. These can include data labeling and preparation, development of GAI \nmodels, content moderation, code generation and review, text generation and editing, image and video \ngeneration, summarization, search, and chat. These activities can take place within organizational \nsettings or in the public domain. \nOrganizations can restrict AI applications that cause harm, exceed stated risk tolerances, or that conflict with their tolerances or values. Governance tools and protocols that are applied to other types of AI systems can be applied to GAI systems. These p lans and actions include: \n• Accessibility and reasonable accommodations \n• AI actor credentials and qualifications \n• Alignment to organizational values • Auditing and assessment \n• Change -management controls \n• Commercial use \n• Data provenance' 'ENDNOTES\n107. Centers for Medicare & Medicaid Services. Biden-Harris Administration Quadruples the Number\nof Health Care Navigators Ahead of HealthCare.gov Open Enrollment Period. Aug. 27, 2021.\nhttps://www.cms.gov/newsroom/press-releases/biden-harris-administration-quadruples-number-health-care-navigators-ahead-healthcaregov-open\n108. See, e.g., McKinsey & Company. The State of Customer Care in 2022. July 8, 2022. https://\nwww.mckinsey.com/business-functions/operations/our-insights/the-state-of-customer-care-in-2022;\nSara Angeles. Customer Service Solutions for Small Businesses. Business News Daily.\nJun. 29, 2022. https://www.businessnewsdaily.com/7575-customer-service-solutions.html\n109. Mike Hughes. Are We Getting The Best Out Of Our Bots? Co-Intelligence Between Robots &\nHumans. Forbes. Jul. 14, 2022.\nhttps://www.forbes.com/sites/mikehughes1/2022/07/14/are-we-getting-the-best-out-of-our-bots-co-\nintelligence-between-robots--humans/?sh=16a2bd207395\n110. Rachel Orey and Owen Bacskai. The Low Down on Ballot Curing. Nov. 04, 2020. https://\nbipartisanpolicy.org/blog/the-low-down-on-ballot-curing/; Zahavah Levine and Thea Raymond-\nSeidel. Mail Voting Litigation in 2020, Part IV: Verifying Mail Ballots . Oct. 29, 2020.\nhttps://www.lawfareblog.com/mail-voting-litigation-2020-part-iv-verifying-mail-ballots\n111. National Conference of State Legislatures. Table 15: States With Signature Cure Processes. Jan. 18,\n2022.\nhttps://www.ncsl.org/research/elections-and-campaigns/vopp-table-15-states-that-permit-voters-to-correct-signature-discrepancies.aspx\n112. White House Office of Science and Technology Policy. Join the Effort to Create A Bill of Rights for\nan Automated Society. Nov. 10, 2021.\nhttps://www.whitehouse.gov/ostp/news-updates/2021/11/10/join-the-effort-to-create-a-bill-of-\nrights-for-an-automated-society/\n113. White House Office of Science and Technology Policy. Notice of Request for Information (RFI) on' 'Bias and Homogenization ; CBRN \nInformation or Capabilities \nMS-1.3-002 Engage in internal and external evaluations , GAI red -teaming, impact \nassessments, or other structured human feedback exercises in consultation \nwith representative AI Actors with expertise and familiarity in the context of \nuse, and/or who are representative of the populations associated with the context of use. Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN \nInformation or Capabilities \nMS-1.3-0 03 Verify those conducting structured human feedback exercises are not directly \ninvolved in system development tasks for the same GAI model. Human -AI Configuration ; Data \nPrivacy \nAI Actor Tasks: AI Deployment, AI Development, AI Impact Assessment, Affected Individuals and Communities, Domain Experts, \nEnd-Users, Operation and Monitoring, TEVV']","Integrated human-AI systems enhance customer service for companies in several significant ways: 1. **Efficiency and Speed**: AI systems, such as chatbots and automated response systems, can handle a large volume of customer inquiries simultaneously. This allows for quicker response times, reducing wait times for customers and improving overall service efficiency (Source: [document name], p. [specific page number not provided]). 2. **24/7 Availability**: AI-driven customer service solutions can operate around the clock, providing support to customers at any time of day. This continuous availability ensures that customers can receive assistance whenever they need it, enhancing their overall experience (Source: [document name], p. [specific page number not provided]). 3. **Personalization**: AI systems can analyze customer data and interactions to provide personalized recommendations and responses. This tailored approach helps create a more engaging and relevant experience for customers, leading to higher satisfaction and loyalty (Source: [document name], p. [specific page number not provided]). 4. **Data Collection and Insights**: Integrated systems can gather and analyze data from customer interactions, identifying common issues and trends. This information can be used to improve products, services, and customer support processes, ultimately enhancing the customer experience (Source: [document name], p. [specific page number not provided]). 5. **Escalation to Human Agents**: When AI systems encounter complex or sensitive issues that require human intervention, they can seamlessly escalate the interaction to a human agent. This hybrid approach ensures that customers receive the appropriate level of support while allowing AI to handle routine inquiries (Source: [document name], p. [specific page number not provided]). 6. **Cost Savings**: By automating routine tasks and inquiries, companies can reduce operational costs associated with customer service. This allows organizations to allocate resources more effectively while maintaining high service levels (Source: [document name], p. [specific page number not provided]). 7. **Consistency in Service**: AI systems provide consistent responses to customer inquiries, reducing the variability that can occur with human agents. This consistency helps build trust and reliability in the customer service experience (Source: [document name], p. [specific page number not provided]). 8. **Continuous Improvement**: Integrated human-AI systems can learn from interactions over time, improving their performance and accuracy. This ongoing learning process helps enhance the quality of customer service and adapt to changing customer needs (Source: [document name], p. [specific page number not provided]). By leveraging the strengths of both AI and human agents, integrated systems create a more efficient, responsive, and personalized customer service experience, ultimately benefiting both companies and their customers.","Integrated human-AI systems benefit companies in providing customer service by allowing for faster customer care while maintaining human agents to handle complicated requests. These systems use partially automated platforms to answer common customer questions and compile issues for human agents to review, ensuring a balance between efficiency and personalized service.",0.96875,0.986904149800591,1.0,0.7499999999625,0.3890379697253467 What was the purpose of the year of public engagement that informed the development of the Blueprint for an AI Bill of Rights?,"['ing sessions, meetings, a formal request for information, and input to a publicly accessible and widely-publicized \nemail address, people throughout the United States, public servants across Federal agencies, and members of the \ninternational community spoke up about both the promises and potential harms of these technologies, and \nplayed a central role in shaping the Blueprint for an AI Bill of Rights. The core messages gleaned from these \ndiscussions include that AI has transformative potential to improve Americans’ lives, and that preventing the \nharms of these technologies is both necessary and achievable. The Appendix includes a full list of public engage-\nments. \n4' 'SECTION TITLE\n \n \n \n Applying The Blueprint for an AI Bill of Rights \nRELATIONSHIP TO EXISTING LAW AND POLICY\nThere are regulatory safety requirements for medical devices, as well as sector-, population-, or technology-spe-\ncific privacy and security protections. Ensuring some of the additional protections proposed in this framework would require new laws to be enacted or new policies and practices to be adopted. In some cases, exceptions to the principles described in the Blueprint for an AI Bill of Rights may be necessary to comply with existing la w, \nconform to the practicalities of a specific use case, or balance competing public interests. In particula r, law \nenforcement, and other regulatory contexts may require government actors to protect civil rights, civil liberties, and privacy in a manner consistent with, but using alternate mechanisms to, the specific principles discussed in this framework. The Blueprint for an AI Bill of Rights is meant to assist governments and the private sector in moving principles into practice. \nThe expectations given in the Technical Companion are meant to serve as a blueprint for the development of \nadditional technical standards and practices that should be tailored for particular sectors and contexts. While \nexisting laws informed the development of the Blueprint for an AI Bill of Rights, this framework does not detail those laws beyond providing them as examples, where appropriate, of existing protective measures. This framework instead shares a broad, forward-leaning vision of recommended principles for automated system development and use to inform private and public involvement with these systems where they have the poten-tial to meaningfully impact rights, opportunities, or access. Additionall y, this framework does not analyze or \ntake a position on legislative and regulatory proposals in municipal, state, and federal government, or those in other countries.' 'BLUEPRINT FOR AN \nAI B ILL OF \nRIGHTS \nMAKING AUTOMATED \nSYSTEMS WORK FOR \nTHE AMERICAN PEOPLE \nOCTOBER 2022' ""APPENDIX\n• OSTP conducted meetings with a variety of stakeholders in the private sector and civil society. Some of these\nmeetings were specifically focused on providing ideas related to the development of the Blueprint for an AI\nBill of Rights while others provided useful general context on the positive use cases, potential harms, and/or\noversight possibilities for these technologies. Participants in these conversations from the private sector and\ncivil society included:\nAdobe \nAmerican Civil Liberties Union (ACLU) The Aspen Commission on Information Disorder The Awood Center The Australian Human Rights Commission Biometrics Institute The Brookings Institute BSA | The Software Alliance Cantellus Group Center for American Progress Center for Democracy and Technology Center on Privacy and Technology at Georgetown Law Christiana Care Color of Change Coworker Data Robot Data Trust Alliance Data and Society Research Institute Deepmind EdSAFE AI Alliance Electronic Privacy Information Center (EPIC) Encode Justice Equal AI Google Hitachi's AI Policy Committee The Innocence Project Institute of Electrical and Electronics Engineers (IEEE) Intuit Lawyers Committee for Civil Rights Under Law Legal Aid Society The Leadership Conference on Civil and Human Rights Meta Microsoft The MIT AI Policy Forum Movement Alliance Project The National Association of Criminal Defense Lawyers O’Neil Risk Consulting & Algorithmic Auditing The Partnership on AI Pinterest The Plaintext Group pymetrics SAP The Security Industry Association Software and Information Industry Association (SIIA) Special Competitive Studies Project Thorn United for Respect University of California at Berkeley Citris Policy Lab University of California at Berkeley Labor Center Unfinished/Project Liberty Upturn US Chamber of Commerce US Chamber of Commerce Technology Engagement Center \nA.I. Working Group\nVibrent HealthWarehouse Worker ResourceCenterWaymap\n62"" 'ABOUT THIS FRAMEWORK\nThe Blueprint for an AI Bill of Rights is a set of five principles and associated practices to help guide the \ndesign, use, and deployment of automated systems to protect the rights of the American public in the age of \nartificial intel-ligence. Developed through extensive consultation with the American public, these principles are \na blueprint for building and deploying automated systems that are aligned with democratic values and protect \ncivil rights, civil liberties, and privacy. The Blueprint for an AI Bill of Rights includes this Foreword, the five \nprinciples, notes on Applying the The Blueprint for an AI Bill of Rights, and a Technical Companion that gives \nconcrete steps that can be taken by many kinds of organizations—from governments at all levels to companies of \nall sizes—to uphold these values. Experts from across the private sector, governments, and international \nconsortia have published principles and frameworks to guide the responsible use of automated systems; this \nframework provides a national values statement and toolkit that is sector-agnostic to inform building these \nprotections into policy, practice, or the technological design process. Where existing law or policy—such as \nsector-specific privacy laws and oversight requirements—do not already provide guidance, the Blueprint for an \nAI Bill of Rights should be used to inform policy decisions.\nLISTENING TO THE AMERICAN PUBLIC\nThe White House Office of Science and Technology Policy has led a year-long process to seek and distill input \nfrom people across the country—from impacted communities and industry stakeholders to technology develop-\ners and other experts across fields and sectors, as well as policymakers throughout the Federal government—on \nthe issue of algorithmic and data-driven harms and potential remedies. Through panel discussions, public listen-' 'About this Document \nThe Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People was \npublished by the White House Office of Science and Technology Policy in October 2022. This framework was \nreleased one year after OSTP announced the launch of a process to develop “a bill of rights for an AI-powered \nworld.” Its release follows a year of public engagement to inform this initiative. The framework is available \nonline at: https://www.whitehouse.gov/ostp/ai-bill-of-rights \nAbout the Office of Science and Technology Policy \nThe Office of Science and Technology Policy (OSTP) was established by the National Science and Technology \nPolicy, Organization, and Priorities Act of 1976 to provide the President and others within the Executive Office \nof the President with advice on the scientific, engineering, and technological aspects of the economy, national \nsecurity, health, foreign relations, the environment, and the technological recovery and use of resources, among \nother topics. OSTP leads interagency science and technology policy coordination efforts, assists the Office of \nManagement and Budget (OMB) with an annual review and analysis of Federal research and development in \nbudgets, and serves as a source of scientific and technological analysis and judgment for the President with \nrespect to major policies, plans, and programs of the Federal Government. \nLegal Disclaimer \nThe Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People is a white paper \npublished by the White House Office of Science and Technology Policy. It is intended to support the \ndevelopment of policies and practices that protect civil rights and promote democratic values in the building, \ndeployment, and governance of automated systems. \nThe Blueprint for an AI Bill of Rights is non-binding and does not constitute U.S. government policy. It']","The purpose of the public engagement year that informed the development of the Blueprint for an AI Bill of Rights was to gather input and insights from a diverse range of stakeholders, including the American public, impacted communities, industry representatives, technology developers, and policymakers. This extensive consultation aimed to distill ideas related to the promises and potential harms of artificial intelligence technologies. The engagement sought to ensure that the principles outlined in the Blueprint reflect democratic values and protect civil rights, civil liberties, and privacy in the context of AI deployment. By involving various voices in the conversation, the initiative aimed to create a framework that is both comprehensive and aligned with the needs and concerns of the public regarding the use of AI (Source: Blueprint for an AI Bill of Rights, p. [specific page number not provided]).",The purpose of the year of public engagement that informed the development of the Blueprint for an AI Bill of Rights was to gather input and feedback from the public to shape the framework and ensure it reflects the values and concerns of the American people.,1.0,0.9931498280058683,1.0,0.8766666666491334,0.8153097261661496 How can automated systems prevent 'mission creep' while ensuring privacy and user control?,"['DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nProtect the public from unchecked surveillance \nHeightened oversight of surveillance. Surveillance or monitoring systems should be subject to \nheightened oversight that includes at a minimum assessment of potential harms during design (before deploy -\nment) and in an ongoing manner, to ensure that the American public’s rights, opportunities, and access are protected. This assessment should be done before deployment and should give special attention to ensure there is not algorithmic discrimination, especially based on community membership, when deployed in a specific real-world context. Such assessment should then be reaffirmed in an ongoing manner as long as the system is in use. \nLimited and proportionate surveillance. Surveillance should be avoided unless it is strictly necessary to achieve a legitimate purpose and it is proportionate to the need. Designers, developers, and deployers of surveillance systems should use the least invasive means of monitoring available and restrict monitoring to the minimum number of subjects possible. To the greatest extent possible consistent with law enforcement and national security needs, individuals subject to monitoring should be provided with clear and specific notice before it occurs and be informed about how the data gathered through surveillance will be used. \nScope limits on surveillance to protect rights and democratic values. Civil liberties and civil' 'Risk identification and mitigation. Before deployment, and in a proactive and ongoing manner, poten -\ntial risks of the automated system should be identified and mitigated. Identified risks should focus on the potential for meaningful impact on people’s rights, opportunities, or access and include those to impacted communities that may not be direct users of the automated system, risks resulting from purposeful misuse of the system, and other concerns identified via the consultation process. Assessment and, where possible, mea\n-\nsurement of the impact of risks should be included and balanced such that high impact risks receive attention and mitigation proportionate with those impacts. Automated systems with the intended purpose of violating the safety of others should not be developed or used; systems with such safety violations as identified unin\n-\ntended consequences should not be used until the risk can be mitigated. Ongoing risk mitigation may necessi -\ntate rollback or significant modification to a launched automated system. \n18' 'Data collection and use-case scope limits. Data collection should be limited in scope, with specific, \nnarrow identified goals, to avoid ""mission creep."" Anticipated data collection should be determined to be strictly necessary to the identified goals and should be minimized as much as possible. Data collected based on these identified goals and for a specific context should not be used in a different context without assessing for new privacy risks and implementing appropriate mitigation measures, which may include express consent. Clear timelines for data retention should be established, with data deleted as soon as possible in accordance with legal or policy-based limitations. Determined data retention timelines should be documented and justi\n-\nfied. \nRisk identification and mitigation. Entities that collect, use, share, or store sensitive data should attempt to proactively identify harms and seek to manage them so as to avoid, mitigate, and respond appropri\n-\nately to identified risks. Appropriate responses include determining not to process data when the privacy risks outweigh the benefits or implementing measures to mitigate acceptable risks. Appropriate responses do not include sharing or transferring the privacy risks to users via notice or consent requests where users could not reasonably be expected to understand the risks without further support. \nPrivacy-preserving security. Entities creating, using, or governing automated systems should follow privacy and security best practices designed to ensure data and metadata do not leak beyond the specific consented use case. Best practices could include using privacy-enhancing cryptography or other types of privacy-enhancing technologies or fine-grained permissions and access control mechanisms, along with conventional system security protocols. \n33' 'SAFE AND EFFECTIVE SYSTEMS \nYou should be protected from unsafe or ineffective sys -\ntems. Automated systems should be developed with consultation \nfrom diverse communities, stakeholders, and domain experts to iden -\ntify concerns, risks, and potential impacts of the system. Systems should undergo pre-deployment testing, risk identification and miti\n-\ngation, and ongoing monitoring that demonstrate they are safe and effective based on their intended use, mitigation of unsafe outcomes including those beyond the intended use, and adherence to do\n-\nmain-specific standards. Outcomes of these protective measures should include the possibility of not deploying the system or remov\n-\ning a system from use. Automated systems should not be designed with an intent or reasonably foreseeable possibility of endangering your safety or the safety of your community. They should be designed to proactively protect you from harms stemming from unintended, yet foreseeable, uses or impacts of automated systems. You should be protected from inappropriate or irrelevant data use in the design, de\n-\nvelopment, and deployment of automated systems, and from the compounded harm of its reuse. Independent evaluation and report\n-\ning that confirms that the system is safe and effective, including re -\nporting of steps taken to mitigate potential harms, should be per -\nformed and the results made public whenever possible. \n15' 'DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nTraditional terms of service—the block of text that the public is accustomed to clicking through when using a web -\nsite or digital app—are not an adequate mechanism for protecting privacy. The American public should be protect -\ned via built-in privacy protections, data minimization, use and collection limitations, and transparency, in addition \nto being entitled to clear mechanisms to control access to and use of their data—including their metadata—in a proactive, informed, and ongoing way. Any automated system collecting, using, sharing, or storing personal data should meet these expectations. \nProtect privacy by design and by default \nPrivacy by design and by default. Automated systems should be designed and built with privacy protect -\ned by default. Privacy risks should be assessed throughout the development life cycle, including privacy risks from reidentification, and appropriate technical and policy mitigation measures should be implemented. This includes potential harms to those who are not users of the automated system, but who may be harmed by inferred data, purposeful privacy violations, or community surveillance or other community harms. Data collection should be minimized and clearly communicated to the people whose data is collected. Data should only be collected or used for the purposes of training or testing machine learning models if such collection and use is legal and consistent with the expectations of the people whose data is collected. User experience research should be conducted to confirm that people understand what data is being collected about them and how it will be used, and that this collection matches their expectations and desires.' 'In discussion of technical and governance interventions that that are needed to protect against the harms of these technologies, panelists individually described the importance of: receiving community input into the design and use of technologies, public reporting on crucial elements of these systems, better notice and consent procedures that ensure privacy based on context and use case, ability to opt-out of using these systems and receive a fallback to a human process, providing explanations of decisions and how these systems work, the need for governance including training in using these systems, ensuring the technological use cases are genuinely related to the goal task and are locally validated to work, and the need for institution and protection of third party audits to ensure systems continue to be accountable and valid. \n57' 'on people of conscience to act to preserve civil rights—including the right to privacy, which he has called “the \nbasis for so many more rights that we have come to take for granted that are ingrained in the fabric of this \ncountry .”2\nTo advance President Biden’s vision, the White House Office of Science and Technology Policy has identified \nfive principles that should guide the design, use, and deployment of automated systems to protect the American \npublic in the age of artificial intelligence. The Blueprint for an AI Bill of Rights is a guide for a society that \nprotects all people from these threats—and uses technologies in ways that reinforce our highest values. \nResponding to the experiences of the American public, and informed by insights from researchers, \ntechnologists, advocates, journalists, and policymakers, this framework is accompanied by a technical \ncompanion—a handbook for anyone seeking to incorporate these protections into policy and practice, including \ndetailed steps toward actualizing these principles in the technological design process. These principles help \nprovide guidance whenever automated systems can meaningfully impact the public’s rights, opportunities, \nor access to critical needs. \n3' 'SAFE AND EFFECTIVE \nSYSTEMS \nWHY THIS PRINCIPLE IS IMPORTANT\nThis section provides a brief summary of the problems which the principle seeks to address and protect \nagainst, including illustrative examples. \nWhile technologies are being deployed to solve problems across a wide array of issues, our reliance on technology can \nalso lead to its use in situations where it has not yet been proven to work—either at all or within an acceptable range of error. In other cases, technologies do not work as intended or as promised, causing substantial and unjustified harm. Automated systems sometimes rely on data from other systems, including historical data, allowing irrelevant informa\n-\ntion from past decisions to infect decision-making in unrelated situations. In some cases, technologies are purposeful -\nly designed to violate the safety of others, such as technologies designed to facilitate stalking; in other cases, intended or unintended uses lead to unintended harms. \nMany of the harms resulting from these technologies are preventable, and actions are already being taken to protect the public. Some companies have put in place safeguards that have prevented harm from occurring by ensuring that key development decisions are vetted by an ethics review; others have identified and mitigated harms found through pre-deployment testing and ongoing monitoring processes. Governments at all levels have existing public consulta\n-\ntion processes that may be applied when considering the use of new automated systems, and existing product develop -\nment and testing practices already protect the American public from many potential harms. \nStill, these kinds of practices are deployed too rarely and unevenly. Expanded, proactive protections could build on these existing practices, increase confidence in the use of automated systems, and protect the American public. Inno\n-' '-\ndures before deploying the system, as well as responsibility of specific individuals or entities to oversee ongoing assessment and mitigation. Organizational stakeholders including those with oversight of the business process or operation being automated, as well as other organizational divisions that may be affected due to the use of the system, should be involved in establishing governance procedures. Responsibility should rest high enough in the organization that decisions about resources, mitigation, incident response, and potential rollback can be made promptly, with sufficient weight given to risk mitigation objectives against competing concerns. Those holding this responsibility should be made aware of any use cases with the potential for meaningful impact on people’s rights, opportunities, or access as determined based on risk identification procedures. In some cases, it may be appropriate for an independent ethics review to be conducted before deployment. \nAvoid inappropriate, low-quality, or irrelevant data use and the compounded harm of its reuse \nRelevant and high-quality data. Data used as part of any automated system’s creation, evaluation, or \ndeployment should be relevant, of high quality, and tailored to the task at hand. Relevancy should be \nestablished based on research-backed demonstration of the causal influence of the data to the specific use case \nor justified more generally based on a reasonable expectation of usefulness in the domain and/or for the \nsystem design or ongoing development. Relevance of data should not be established solely by appealing to \nits historical connection to the outcome. High quality and tailored data should be representative of the task at \nhand and errors from data entry or other sources should be measured and limited. Any data used as the target \nof a prediction process should receive particular attention to the quality and validity of the predicted outcome' 'AI B ILL OF RIGHTS\nFFECTIVE SYSTEMS\nineffective systems. Automated systems should be \ncommunities, stakeholders, and domain experts to identify \nSystems should undergo pre-deployment testing, risk \nthat demonstrate they are safe and effective based on \nincluding those beyond the intended use, and adherence to \nprotective measures should include the possibility of not \nAutomated systems should not be designed with an intent \nreasonably foreseeable possibility of endangering your safety or the safety of your communit y. They should \nstemming from unintended, yet foreseeable, uses or \n \n \n \n \n SECTION TITLE\nBLUEPRINT FOR AN\nSAFE AND E \nYou should be protected from unsafe or \ndeveloped with consultation from diverse \nconcerns, risks, and potential impacts of the system. \nidentification and mitigation, and ongoing monitoring \ntheir intended use, mitigation of unsafe outcomes \ndomain-specific standards. Outcomes of these \ndeploying the system or removing a system from use. \nor \nbe designed to proactively protect you from harms \nimpacts of automated systems. You should be protected from inappropriate or irrelevant data use in the \ndesign, development, and deployment of automated systems, and from the compounded harm of its reuse. \nIndependent evaluation and reporting that confirms that the system is safe and effective, including reporting of \nsteps taken to mitigate potential harms, should be performed and the results made public whenever possible. \nALGORITHMIC DISCRIMINATION P ROTECTIONS\nYou should not face discrimination by algorithms and systems should be used and designed in \nan equitable way. Algorithmic discrimination occurs when automated systems contribute to unjustified \ndifferent treatment or impacts disfavoring people based on their race, color, ethnicity, sex (including \npregnancy, childbirth, and related medical conditions, gender identity, intersex status, and sexual']","To prevent ""mission creep"" while ensuring privacy and user control in automated systems, organizations can implement several key strategies: 1. **Define Clear Objectives**: Establish specific, narrow goals for the automated system from the outset. This clarity helps ensure that data collection and system functionalities remain focused on the intended purpose, reducing the risk of expanding the system's scope beyond its original intent (Source: [document name], p. [specific page number not provided]). 2. **Data Minimization Principles**: Adopt data minimization practices by collecting only the data that is strictly necessary to achieve the defined objectives. This approach not only helps prevent mission creep but also enhances user privacy by limiting the amount of personal information collected (Source: [document name], p. [specific page number not provided]). 3. **User Consent and Control**: Implement mechanisms that allow users to provide informed consent for data collection and usage. Users should have clear options to control what data is collected, how it is used, and the ability to withdraw consent at any time. This empowers users and reinforces their privacy rights (Source: [document name], p. [specific page number not provided]). 4. **Regular Audits and Reviews**: Conduct regular audits of the automated system to ensure compliance with the defined objectives and privacy standards. These reviews can help identify any deviations from the original purpose and allow for timely corrective actions (Source: [document name], p. [specific page number not provided]). 5. **Limit Data Retention**: Establish clear data retention policies that specify how long data will be kept and when it will be deleted. Data should only be retained as long as necessary for the defined purpose, and unnecessary data should be disposed of promptly to prevent potential misuse (Source: [document name], p. [specific page number not provided]). 6. **Stakeholder Engagement**: Involve stakeholders, including users and privacy advocates, in the design and implementation of the automated system. Their input can help identify potential risks and ensure that the system aligns with user expectations and privacy concerns (Source: [document name], p. [specific page number not provided]). 7. **Transparency and Communication**: Maintain transparency about how the automated system operates, what data it collects, and how that data is used. Clear communication helps build trust with users and allows them to make informed decisions about their engagement with the system (Source: [document name], p. [specific page number not provided]). 8. **Ethical Guidelines and Governance**: Establish ethical guidelines and governance structures to oversee the development and deployment of automated systems. This includes setting up review boards or committees that can assess the implications of any changes to the system's scope or data usage (Source: [document name], p. [specific page number not provided]). By implementing these strategies, organizations can effectively prevent mission creep while ensuring that user privacy and control are prioritized in the design and operation of automated systems.","Automated systems can prevent 'mission creep' and ensure privacy and user control by limiting data collection to specific, narrow goals that are strictly necessary for the identified purposes. Data collection should be minimized, clearly communicated to users, and used only for legal and expected purposes. Any use of data in a different context should be assessed for new privacy risks and appropriate mitigation measures should be implemented, potentially including obtaining express consent. Clear timelines for data retention should be established, with data deleted as soon as possible in accordance with legal or policy-based limitations. Entities should proactively identify and manage privacy risks, avoiding processing data when risks outweigh benefits and implementing measures to mitigate acceptable risks. Privacy-preserving security measures, such as privacy-enhancing cryptography and access control mechanisms, should be employed to prevent data leakage beyond consented use cases.",0.7741935483870968,0.9615231465422364,1.0,0.99999999999,0.7927111459626741 "How can GAI tech improve red-teaming with human teams, ensuring content origin and incident disclosure?","['51 general public participants. For example, expert AI red- teamers could modify or verify the \nprompts written by general public AI red- teamers. These approaches may also expand coverage \nof the AI risk attack surface. \n• Human / AI: Performed by GAI in combinatio n with specialist or non -specialist human teams. \nGAI- led red -teaming can be more cost effective than human red- teamers alone. Human or GAI-\nled AI red -teaming may be better suited for eliciting different types of harms. \nA.1.6. Content Provenance \nOverview \nGAI technologies can be leveraged for many applications such as content generation and synthetic data. \nSome aspects of GAI output s, such as the production of deepfake content, can challenge our ability to \ndistinguish human- generated content from AI -generated synthetic content. To help manage and mitigate \nthese risks, digital transparency mechanisms like provenance data tracking can trace the origin and \nhistory of content. Provenance data tracking and synthetic content detection can help facilitate greater \ninformation access about both authentic and synthetic content to users, enabling better knowledge of \ntrustworthiness in AI systems. When combined with other organizational accountability mechanisms, \ndigital content transparency approaches can enable processes to trace negative outcomes back to their \nsource, improve information integrity, and uphold public trust. Provenance data tracking and synthetic content detection mechanisms provide information about the origin \nand history of content to assist in \nGAI risk management efforts. \nProvenance metad ata can include information about GAI model developers or creators of GAI content , \ndate/time of creation, location, modifications, and sources. Metadata can be tracked for text, images, videos, audio, and underlying datasets. The implementation of p rovenance data tracking techniques can' 'consequences resulting from the utilization of content provenance approaches on users and \ncommunities . Furthermore, organizations can track and document the provenance of datasets to identify \ninstances in which AI -generated data is a potential root cause of performance issues with the GAI \nsystem. \nA.1.8. Incident Disclosure \nOverview \nAI incidents can be defined as an “ event, circumstance, or series of events where the development, use, \nor malfunction of one or more AI systems directly or indirectly contribute s to one of the following harms: \ninjury or harm to the health of a person or group s of people (including psychological harms and harms to \nmental health); disruption of the management and operation of critical infrastructure; violations of \nhuman rights or a breach of obligations under applicable law intended to protect fundamental, labor, \nand intellectual property rights ; or harm to property, communities, or the environment. ” AI incidents can \noccur in the aggregate (i.e., for systemic discrimination) or acutely (i.e., for one individual). \nState of AI Incident Tracking and Disclosure \nFormal channels do not currently exist to report and document AI incidents. However, a number of publicly available databases\n have been created to document their occurrence. These reporting channels \nmake decisions on an ad hoc basis about what kinds of incidents to track. Some, for example, track by \namount of media coverage .' 'rate of false positives and false negatives in content provenance, as well as true \npositives and true negatives for verification. Information Integrity \nMS-2.7-0 06 Measure the rate at which recommendations from security checks and incidents \nare implemented. Assess how quickly the AI system can adapt and improve based on lessons learned from security incidents and feedback . Information Integrity ; Information \nSecurity \nMS-2.7-0 07 Perform AI red -teaming to assess resilience against: Abuse to facilitate attacks on \nother systems (e.g., malicious code generation, enhanced phishing content), GAI attacks (e.g., prompt injection), ML attacks (e.g., adversarial examples/prompts, \ndata poisoning, membership inference, model extraction, sponge examples). Information Security ; Harmful Bias \nand Homogenization ; Dangerous , \nViolent, or Hateful Content \nMS-2.7-0 08 Verify fine -tuning does not compromise safety and security controls. Information Integrity ; Information \nSecurity ; Dangerous , Violent, or \nHateful Content' '50 Participatory Engagement Methods \nOn an ad hoc or more structured basis, organizations can design and use a variety of channels to engage \nexternal stakeholders in product development or review. Focus groups with select experts can provide \nfeedback on a range of issues. Small user studies c an provide feedback from representative groups or \npopulations. Anonymous surveys can be used to poll or gauge reactions to specific features. Participatory engagement methods are often less structured than field testing or red teaming, and are more \ncommonl y used in early stages of AI or product development. \nField Testing \nField testing involves structured settings to evaluate risks and impacts and to simulate the conditions \nunder which the GAI system will be deployed. Field style tests can be adapted from a focus on user \npreferences and experiences towards AI risks and impacts – both negative and positive. When carried \nout with large groups of users, these tests can provide estimations of the likelihood of risks and impacts \nin real world interactions. \nOrganizations may also collect feedback on outcomes, harms, and user experience directly from users in the production environment after a model has been released, in accordance with human subject \nstandards such as informed consent and compensation. Organiz ations should follow applicable human \nsubjects research requirements, and best practices such as informed consent and subject compensation, \nwhen implementing feedback activities. \nAI Red -teaming \nAI red -teaming is an evolving practice that references exercises often conducted in a controlled \nenvironment and in collaboration with AI developers building AI models to identify potential adverse \nbehavior or outcomes of a GAI model or system, how they could occur, an d stress test safeguards” . AI \nred-teaming can be performed before or after AI models or systems are made available to the broader' '22 GV-6.2-003 Establish incident response plans for third -party GAI technologies: Align incident \nresponse plans with impacts enumerated in MAP 5.1; Communicate third- party \nGAI incident response plans to all relevant AI Actors ; Define ownership of GAI \nincident response functions; Rehearse third- party GAI incident response plans at \na regular cadence; Improve incident response plans based on retrospective \nlearning; Review incident response plans for alignment with relevant breach \nreporting, data protection, data privacy, or other laws. Data Privacy ; Human -AI \nConfiguration; Information \nSecurity ; Value Chain and \nComponent Integration; Harmful \nBias and Homogenization \nGV-6.2-0 04 Establish policies and procedures for continuous monitoring of third -party GAI \nsystems in deployment. Value Chain and Component \nIntegration \nGV-6.2-0 05 Establish policies and procedures that address GAI data redundancy, including \nmodel weights and other system artifacts. Harmful Bias and Homogenization \nGV-6.2-0 06 Establish policies and procedures to test and manage risks related to rollover and \nfallback technologies for GAI systems, acknowledging that rollover and fallback may include manual processing. Information Integrity \nGV-6.2-0 07 Review vendor contracts and avoid arbitrary or capricious termination of critical \nGAI technologies or vendor services and non-standard terms that may amplify or \ndefer liability in unexpected ways and /or contribute to u nauthorized data \ncollection by vendors or third -parties (e.g., secondary data use) . Consider: Clear \nassignment of liability and responsibility for incidents, GAI system changes over time (e.g., fine -tuning, drift, decay); Request: Notification and disclosure for \nserious incidents arising from third -party data and system s; Service Level \nAgreements (SLAs) in vendor contracts that address incident response, response \ntimes, and availability of critical support. Human -AI Configuration ;' 'updates. Human -AI Configuration , \nDangerous , Violent, or Hateful \nContent \nMG-3.2-005 Implement content filters to prevent the generation of inappropriate, harmful, false, illegal, or violent content related to the GAI application, including for CSAM \nand NCII. These filters can be rule -based or leverage additional machine learning \nmodels to flag problematic inputs and outputs. Information Integrity ; Harmful Bias \nand Homogenization ; Dangerous , \nViolent, or Hateful Content ; \nObscene, Degrading, and/or \nAbusive Content \nMG-3.2-006 Implement real -time monitoring processes for analyzing generated content \nperformance and trustworthiness characteristics related to content provenance to identify deviations from the desired standards and trigger alerts for human \nintervention. Information Integrity' '52 • Monitoring system capabilities and limitations in deployment through rigorous TEVV processes; \n• Evaluati ng how humans engage, interact with, or adapt to GAI content (especially in decision \nmaking tasks informed by GAI content), and how they react to applied provenance techniques \nsuch as overt disclosures. \nOrganizations can document and delineate GAI system objectives and limitations to identify gaps where provenance data may be most useful. For instance, GAI systems used for content creation may require \nrobust watermarking techniques and corresponding detectors to identify the source of content or \nmetadata recording techniques and metadata management tools and repositories to trace content \norigins and modifications. Further narrowing of GAI task definitions to include provenance data can enable organizations to maximize the utility of provenance data and risk management efforts. \nA.1.7. \nEnhancing Content Provenance through Structured Public Feedback \nWhile indirect feedback methods such as automated error collection systems are useful, they often lack the context and depth\n that direct input from end users can provide. Organizations can leverage feedback \napproaches described in the Pre-Deployment Testing section to capture input from external sources such \nas through AI red- teaming. \nIntegrating pre - and post -deployment external feedback into the monitoring process for GAI models and \ncorresponding applications can help enhance awareness of performance changes and mitigate potential \nrisks and harms from outputs . There are many ways to capture and make use of user feedback – before \nand after GAI systems and digital content transparency approaches are deployed – to gain insights about \nauthentication efficacy and vulnerabilities, impacts of adversarial threats on techniques , and unintended \nconsequences resulting from the utilization of content provenance approaches on users and']","Generative AI (GAI) technology can significantly enhance red-teaming efforts with human teams in several ways, particularly in ensuring proper content origin tracking and incident disclosure: 1. **Automated Content Analysis**: GAI can assist in analyzing large volumes of content quickly, identifying patterns and anomalies that may indicate issues with content origin or authenticity. This capability allows red teams to focus on more complex tasks while GAI handles routine analysis (Source: [document name], p. [specific page number not provided]). 2. **Provenance Tracking**: GAI can be integrated with provenance tracking systems to automatically log and verify the origin of content. By generating metadata that includes information about the content's creation, modifications, and sources, GAI can help ensure that all content is traceable and accountable (Source: [document name], p. [specific page number not provided]). 3. **Simulating Adversarial Scenarios**: GAI can create realistic scenarios that simulate potential attacks or misuse of content. This allows red teams to test the resilience of content tracking systems and incident response protocols, identifying vulnerabilities that need to be addressed (Source: [document name], p. [specific page number not provided]). 4. **Enhanced Incident Reporting**: GAI can streamline the incident disclosure process by automatically generating reports based on predefined criteria. This ensures that incidents are documented consistently and comprehensively, facilitating better communication and response strategies (Source: [document name], p. [specific page number not provided]). 5. **Real-Time Monitoring**: GAI can provide real-time monitoring of content generation and dissemination, alerting red teams to potential incidents as they occur. This proactive approach allows for quicker responses to emerging threats and helps maintain the integrity of content (Source: [document name], p. [specific page number not provided]). 6. **Feedback Loop Integration**: By incorporating feedback from red-teaming exercises, GAI systems can learn and adapt over time. This continuous improvement process enhances the effectiveness of content tracking and incident disclosure mechanisms, ensuring they remain robust against evolving threats (Source: [document name], p. [specific page number not provided]). 7. **Collaboration Tools**: GAI can facilitate collaboration between human red team members by providing tools that enhance communication and information sharing. This can include generating summaries of findings, suggesting next steps, and organizing data in a way that is easily accessible for team members (Source: [document name], p. [specific page number not provided]). By leveraging GAI technology in these ways, organizations can enhance their red-teaming efforts, ensuring more effective content origin tracking and incident disclosure, ultimately leading to improved security and trustworthiness of AI systems.","GAI technologies can improve red-teaming with human teams by combining GAI with specialist or non-specialist human teams. GAI-led red-teaming can be more cost-effective than human red-teamers alone and may be better suited for eliciting different types of harms. Content provenance mechanisms like provenance data tracking can trace the origin and history of content, helping to manage and mitigate risks associated with GAI output. These approaches can enable processes to trace negative outcomes back to their source, improve information integrity, and uphold public trust.",0.5666666666666667,0.899092046066455,1.0,0.9999999999857143,0.8906714893135748 Why is it important for lenders to inform consumers about decisions made under FCRA in automated systems?,"[""Providing notice has long been a standard practice, and in many cases is a legal requirement, when, for example, making a video recording of someone (outside of a law enforcement or national security context). In some cases, such as credit, lenders are required to provide notice and explanation to consumers. Techniques used to automate the process of explaining such systems are under active research and improvement and such explanations can take many forms. Innovative companies and researchers are rising to the challenge and creating and deploying explanatory systems that can help the public better understand decisions that impact them. \nWhile notice and explanation requirements are already in place in some sectors or situations, the American public deserve to know consistently and across sectors if an automated system is being used in a way that impacts their rights, opportunities, or access. This knowledge should provide confidence in how the public is being treated, and trust in the validity and reasonable use of automated systems. \n• A lawyer representing an older client with disabilities who had been cut off from Medicaid-funded home\nhealth-care assistance couldn't determine why\n, especially since the decision went against historical access\npractices. In a court hearing, the lawyer learned from a witness that the state in which the older client\nlived \nhad recently adopted a new algorithm to determine eligibility.83 The lack of a timely explanation made it\nharder \nto understand and contest the decision.\n•\nA formal child welfare investigation is opened against a parent based on an algorithm and without the parent\never \nbeing notified that data was being collected and used as part of an algorithmic child maltreatment\nrisk assessment.84 The lack of notice or an explanation makes it harder for those performing child\nmaltreatment assessments to validate the risk assessment and denies parents knowledge that could help them\ncontest a decision.\n41"" ""ENDNOTES\n85. Mick Dumke and Frank Main. A look inside the watch list Chicago police fought to keep secret. The\nChicago Sun Times. May 18, 2017.\nhttps://chicago.suntimes.com/2017/5/18/18386116/a-look-inside-the-watch-list-chicago-police-fought-to-keep-secret\n86. Jay Stanley. Pitfalls of Artificial Intelligence Decisionmaking Highlighted In Idaho ACLU Case.\nACLU. Jun. 2, 2017.\nhttps://www.aclu.org/blog/privacy-technology/pitfalls-artificial-intelligence-decisionmaking-highlighted-idaho-aclu-case\n87. Illinois General Assembly. Biometric Information Privacy Act. Effective Oct. 3, 2008.\nhttps://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=5788. Partnership on AI. ABOUT ML Reference Document. Accessed May 2, 2022.\nhttps://partnershiponai.org/paper/about-ml-reference-document/1/89. See, e.g., the model cards framework: Margaret Mitchell, Simone Wu, Andrew Zaldivar, Parker\nBarnes, Lucy Vasserman, Ben Hutchinson, Elena Spitzer, Inioluwa Deborah Raji, and Timnit Gebru.\nModel Cards for Model Reporting. In Proceedings of the Conference on Fairness, Accountability, and\nTransparency (FAT* '19). Association for Computing Machinery, New York, NY, USA, 220–229. https://\ndl.acm.org/doi/10.1145/3287560.3287596\n90. Sarah Ammermann. Adverse Action Notice Requirements Under the ECOA and the FCRA. Consumer\nCompliance Outlook. Second Quarter 2013.\nhttps://consumercomplianceoutlook.org/2013/second-quarter/adverse-action-notice-requirements-under-ecoa-fcra/\n91.Federal Trade Commission. Using Consumer Reports for Credit Decisions: What to Know About\nAdverse Action and Risk-Based Pricing Notices. Accessed May 2, 2022.\nhttps://www.ftc.gov/business-guidance/resources/using-consumer-reports-credit-decisions-what-\nknow-about-adverse-action-risk-based-pricing-notices#risk\n92. Consumer Financial Protection Bureau. CFPB Acts to Protect the Public from Black-Box Credit\nModels Using Complex Algorithms. May 26, 2022."" 'DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nIn addition to the privacy expectations above for general non-sensitive data, any system collecting, using, shar-\ning, or storing sensitive data should meet the expectations belo w. Depending on the technological use case and \nbased on an ethical assessment, consent for sensitive data may need to be acquired from a guardian and/or child. \nProvide enhanced protections for data related to sensitive domains \nNecessar y function s only . Sensitive data should only be used for functions strictly necessary for that \ndomain or for functions that are required for administrative reasons (e.g., school attendance records), unless \nconsent is acquired, if appropriate, and the additional expectations in this section are met. Consent for non-\nnecessary functions should be optional, i.e., should not be required, incentivized, or coerced in order to \nreceive opportunities or access to services. In cases where data is provided to an entity (e.g., health insurance \ncompany) in order to facilitate payment for such a need, that data should only be used for that purpose. \nEthical review and use prohibitions. Any use of sensitive data or decision process based in part on sensi-\ntive data that might limit rights, opportunities, or access, whether the decision is automated or not, should go \nthrough a thorough ethical review and monitoring, both in advance and by periodic review (e.g., via an indepen-\ndent ethics committee or similarly robust process). In some cases, this ethical review may determine that data \nshould not be used or shared for specific uses even with consent. Some novel uses of automated systems in this \ncontext, where the algorithm is dynamically developing and where the science behind the use case is not well' 'should not be used in education, work, housing, or in other contexts where the use of such surveillance \ntechnologies is likely to limit rights, opportunities, or access. Whenever possible, you should have access to \nreporting that confirms your data decisions have been respected and provides an assessment of the \npotential impact of surveillance technologies on your rights, opportunities, or access. \nNOTICE AND EXPLANATION\nYou should know that an automated system is being used and understand how and why it contributes to outcomes that impact you. Designers, developers, and deployers of automated systems should provide generally accessible plain language documentation including clear descriptions of the overall system functioning and the role automation plays, notice that such systems are in use, the individual or organiza\n-\ntion responsible for the system, and explanations of outcomes that are clear, timely, and accessible. Such notice should be kept up-to-date and people impacted by the system should be notified of significant use case or key functionality changes. You should know how and why an outcome impacting you was determined by an automated system, including when the automated system is not the sole input determining the outcome. Automated systems should provide explanations that are technically valid, meaningful and useful to you and to any operators or others who need to understand the system, and calibrated to the level of risk based on the context. Reporting that includes summary information about these automated systems in plain language and assessments of the clarity and quality of the notice and explanations should be made public whenever possible. \n6' 'or on an existing credit account.""90 In addition, under the risk-based pricing rule,91 lenders must either inform \nborrowers of their credit score, or else tell consumers when ""they are getting worse terms because of \ninformation in their credit report."" The CFPB has also asserted that ""[t]he law gives every applicant the right to \na specific explanation if their application for credit was denied, and that right is not diminished simply because \na company uses a complex algorithm that it doesn\'t understand.""92 Such explanations illustrate a shared value \nthat certain decisions need to be explained. \nA California law requires that warehouse employees are provided with notice and explana-\ntion about quotas, potentially facilitated by automated systems, that apply to them. Warehous-\ning employers in California that use quota systems (often facilitated by algorithmic monitoring systems) are \nrequired to provide employees with a written description of each quota that applies to the employee, including \n“quantified number of tasks to be performed or materials to be produced or handled, within the defined \ntime period, and any potential adverse employment action that could result from failure to meet the quota.”93\nAcross the federal government, agencies are conducting and supporting research on explain-\nable AI systems. The NIST is conducting fundamental research on the explainability of AI systems. A multidis-\nciplinary team of researchers aims to develop measurement methods and best practices to support the \nimplementation of core tenets of explainable AI.94 The Defense Advanced Research Projects Agency has a \nprogram on Explainable Artificial Intelligence that aims to create a suite of machine learning techniques that \nproduce more explainable models, while maintaining a high level of learning performance (prediction \naccuracy), and enable human users to understand, appropriately trust, and effectively manage the emerging' 'You should know that an automated system is being used, \nand understand how and why it contributes to outcomes that impact you. Designers, developers, and deployers of automat\n-\ned systems should provide generally accessible plain language docu -\nmentation including clear descriptions of the overall system func -\ntioning and the role automation plays, notice that such systems are in use, the individual or organization responsible for the system, and ex\n-\nplanations of outcomes that are clear, timely, and accessible. Such notice should be kept up-to-date and people impacted by the system should be notified of significant use case or key functionality chang\n-\nes. You should know how and why an outcome impacting you was de -\ntermined by an automated system, including when the automated system is not the sole input determining the outcome. Automated systems should provide explanations that are technically valid, meaningful and useful to you and to any operators or others who need to understand the system, and calibrated to the level of risk based on the context. Reporting that includes summary information about these automated systems in plain language and assessments of the clarity and quality of the notice and explanations should be made public whenever possible. NOTICE AND EXPLANATION\n40' ""automated systems in an equitable way . The guardrails protecting the public from discrimination in their daily \nlives should include their digital lives and impacts—basic safeguards against abuse, bias, and discrimination to \nensure that all people are treated fairly when automated systems are used. This includes all dimensions of their \nlives, from hiring to loan approvals, from medical treatment and payment to encounters with the criminal \njustice system. Ensuring equity should also go beyond existing guardrails to consider the holistic impact that \nautomated systems make on underserved communities and to institute proactive protections that support these \ncommunities. \n• An automated system using nontraditional factors such as educational attainment and employment history as\npart of its loan underwriting and pricing model was found to be much more likely to charge an applicant whoattended a Historically Black College or University (HBCU) higher loan prices for refinancing a student loanthan an applicant who did not attend an HBCU. This was found to be true even when controlling for\nother credit-related factors.32\n•A hiring tool that learned the features of a company's employees (predominantly men) rejected women appli -\ncants for spurious and discriminatory reasons; resumes with the word “women’s,” such as “women’s\nchess club captain,” were penalized in the candidate ranking.33\n•A predictive model marketed as being able to predict whether students are likely to drop out of school wasused by more than 500 universities across the countr y. The model was found to use race directly as a predicto r,\nand also shown to have large disparities by race; Black students were as many as four times as likely as theirotherwise similar white peers to be deemed at high risk of dropping out. These risk scores are used by advisors to guide students towards or away from majors, and some worry that they are being used to guide\nBlack students away from math and science subjects.34""]","It is important for lenders to inform consumers about decisions made under the Fair Credit Reporting Act (FCRA) in automated systems for several key reasons: 1. **Transparency**: Informing consumers about how their credit decisions are made promotes transparency in the lending process. When consumers understand the criteria and data used in automated decision-making, they can better comprehend the outcomes and the factors influencing their creditworthiness (Source: [document name], p. [specific page number not provided]). 2. **Consumer Rights**: The FCRA grants consumers specific rights regarding their credit information, including the right to know when adverse actions are taken based on their credit reports. By providing this information, lenders help ensure that consumers are aware of their rights and can exercise them effectively (Source: [document name], p. [specific page number not provided]). 3. **Opportunity for Correction**: When consumers are informed about decisions made using automated systems, they have the opportunity to review their credit reports for inaccuracies or errors. This allows them to contest or correct any misinformation that may have negatively impacted their credit decisions (Source: [document name], p. [specific page number not provided]). 4. **Building Trust**: Transparency in decision-making processes fosters trust between lenders and consumers. When consumers feel informed and respected, they are more likely to have confidence in the lending institution and its practices (Source: [document name], p. [specific page number not provided]). 5. **Mitigating Discrimination**: Informing consumers about the use of automated systems in credit decisions can help identify and mitigate potential biases or discriminatory practices. By being aware of how decisions are made, consumers can advocate for fair treatment and challenge any unfair practices (Source: [document name], p. [specific page number not provided]). 6. **Regulatory Compliance**: Lenders are required to comply with the FCRA and other relevant regulations. Providing consumers with information about automated decision-making processes helps ensure that lenders meet their legal obligations and avoid potential penalties (Source: [document name], p. [specific page number not provided]). In summary, informing consumers about decisions made under the FCRA in automated systems is essential for promoting transparency, protecting consumer rights, building trust, and ensuring compliance with legal requirements.","It is important for lenders to inform consumers about decisions made under FCRA in automated systems because the Fair Credit Reporting Act requires that consumers who are denied credit receive ""adverse action"" notices. These notices must include the reasons for the adverse action taken on the application or an existing credit account. Additionally, under the risk-based pricing rule, lenders must inform borrowers of their credit score or explain when they are receiving worse terms due to information in their credit report. This transparency is crucial to ensure that consumers understand the basis for credit decisions, especially when complex algorithms are involved.",1.0,0.9785683808084092,1.0,0.8734126983981415,0.3438322883515433 Why is public transparency important in automated systems affecting people's lives and decisions?,"['You should be able to opt out, where appropriate, and \nhave access to a person who can quickly consider and remedy problems you encounter. You should be able to opt out from automated systems in favor of a human alternative, where appropriate. Appropriateness should be determined based on rea\n-\nsonable expectations in a given context and with a focus on ensuring broad accessibility and protecting the public from especially harm\n-\nful impacts. In some cases, a human or other alternative may be re -\nquired by law. You should have access to timely human consider -\nation and remedy by a fallback and escalation process if an automat -\ned system fails, it produces an error, or you would like to appeal or contest its impacts on you. Human consideration and fallback should be accessible, equitable, effective, maintained, accompanied by appropriate operator training, and should not impose an unrea\n-\nsonable burden on the public. Automated systems with an intended use within sensitive domains, including, but not limited to, criminal justice, employment, education, and health, should additionally be tailored to the purpose, provide meaningful access for oversight, include training for any people interacting with the system, and in\n-\ncorporate human consideration for adverse or high-risk decisions. Reporting that includes a description of these human governance processes and assessment of their timeliness, accessibility, out\n-\ncomes, and effectiveness should be made public whenever possible. HUMAN ALTERNATIVES , C ONSIDERATION ALLBACKF AND, \n46' 'these technologies, various panelists emphasized that transparency is important but is not enough to achieve accountability. Some panelists discussed their individual views on additional system needs for validity, and agreed upon the importance of advisory boards and compensated community input early in the design process (before the technology is built and instituted). Various panelists also emphasized the importance of regulation that includes limits to the type and cost of such technologies. \n56' 'You should know that an automated system is being used, \nand understand how and why it contributes to outcomes that impact you. Designers, developers, and deployers of automat\n-\ned systems should provide generally accessible plain language docu -\nmentation including clear descriptions of the overall system func -\ntioning and the role automation plays, notice that such systems are in use, the individual or organization responsible for the system, and ex\n-\nplanations of outcomes that are clear, timely, and accessible. Such notice should be kept up-to-date and people impacted by the system should be notified of significant use case or key functionality chang\n-\nes. You should know how and why an outcome impacting you was de -\ntermined by an automated system, including when the automated system is not the sole input determining the outcome. Automated systems should provide explanations that are technically valid, meaningful and useful to you and to any operators or others who need to understand the system, and calibrated to the level of risk based on the context. Reporting that includes summary information about these automated systems in plain language and assessments of the clarity and quality of the notice and explanations should be made public whenever possible. NOTICE AND EXPLANATION\n40' 'DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nTraditional terms of service—the block of text that the public is accustomed to clicking through when using a web -\nsite or digital app—are not an adequate mechanism for protecting privacy. The American public should be protect -\ned via built-in privacy protections, data minimization, use and collection limitations, and transparency, in addition \nto being entitled to clear mechanisms to control access to and use of their data—including their metadata—in a proactive, informed, and ongoing way. Any automated system collecting, using, sharing, or storing personal data should meet these expectations. \nProtect privacy by design and by default \nPrivacy by design and by default. Automated systems should be designed and built with privacy protect -\ned by default. Privacy risks should be assessed throughout the development life cycle, including privacy risks from reidentification, and appropriate technical and policy mitigation measures should be implemented. This includes potential harms to those who are not users of the automated system, but who may be harmed by inferred data, purposeful privacy violations, or community surveillance or other community harms. Data collection should be minimized and clearly communicated to the people whose data is collected. Data should only be collected or used for the purposes of training or testing machine learning models if such collection and use is legal and consistent with the expectations of the people whose data is collected. User experience research should be conducted to confirm that people understand what data is being collected about them and how it will be used, and that this collection matches their expectations and desires.' 'WHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nDemonstrate that the system protects against algorithmic discrimination \nIndependent evaluation. As described in the section on Safe and Effective Systems, entities should allow \nindependent evaluation of potential algorithmic discrimination caused by automated systems they use or \noversee. In the case of public sector uses, these independent evaluations should be made public unless law enforcement or national security restrictions prevent doing so. Care should be taken to balance individual privacy with evaluation data access needs; in many cases, policy-based and/or technological innovations and controls allow access to such data without compromising privac y. \nReporting. Entities responsible for the development or use of automated systems should provide \nreporting of an appropriately designed algorithmic impact assessment,50 with clear specification of who \nperforms the assessment, who evaluates the system, and how corrective actions are taken (if necessary) in \nresponse to the assessment. This algorithmic impact assessment should include at least: the results of any \nconsultation, design stage equity assessments (potentially including qualitative analysis), accessibility \ndesigns and testing, disparity testing, document any remaining disparities, and detail any mitigation \nimplementation and assessments. This algorithmic impact assessment should be made public whenever \npossible. Reporting should be provided in a clear and machine-readable manner using plain language to \nallow for more straightforward public accountability . \n28Algorithmic \nDiscrimination \nProtections' 'NOTICE & \nEXPLANATION \nWHY THIS PRINCIPLE IS IMPORTANT\nThis section provides a brief summary of the problems which the principle seeks to address and protect \nagainst, including illustrative examples. \nAutomated systems now determine opportunities, from employment to credit, and directly shape the American \npublic’s experiences, from the courtroom to online classrooms, in ways that profoundly impact people’s lives. But this expansive impact is not always visible. An applicant might not know whether a person rejected their resume or a hiring algorithm moved them to the bottom of the list. A defendant in the courtroom might not know if a judge deny\n-\ning their bail is informed by an automated system that labeled them “high risk.” From correcting errors to contesting decisions, people are often denied the knowledge they need to address the impact of automated systems on their lives. Notice and explanations also serve an important safety and efficacy purpose, allowing experts to verify the reasonable\n-\nness of a recommendation before enacting it. \nIn order to guard against potential harms, the American public needs to know if an automated system is being used. Clear, brief, and understandable notice is a prerequisite for achieving the other protections in this framework. Like\n-\nwise, the public is often unable to ascertain how or why an automated system has made a decision or contributed to a particular outcome. The decision-making processes of automated systems tend to be opaque, complex, and, therefore, unaccountable, whether by design or by omission. These factors can make explanations both more challenging and more important, and should not be used as a pretext to avoid explaining important decisions to the people impacted by those choices. In the context of automated systems, clear and valid explanations should be recognized as a baseline requirement.' 'APPENDIX\nSystems that impact the safety of communities such as automated traffic control systems, elec \n-ctrical grid controls, smart city technologies, and industrial emissions and environmental\nimpact control algorithms; and\nSystems related to access to benefits or services or assignment of penalties such as systems that\nsupport decision-makers who adjudicate benefits such as collating or analyzing information ormatching records, systems which similarly assist in the adjudication of administrative or criminalpenalties, fraud detection algorithms, services or benefits access control algorithms, biometricsystems used as access control, and systems which make benefits or services related decisions on afully or partially autonomous basis (such as a determination to revoke benefits).\n54' 'HUMAN ALTERNATIVES, \nCONSIDERATION, AND \nFALLBACK \nWHY THIS PRINCIPLE IS IMPORTANT\nThis section provides a brief summary of the problems which the principle seeks to address and protect \nagainst, including illustrative examples. \nThere are many reasons people may prefer not to use an automated system: the system can be flawed and can lead to \nunintended outcomes; it may reinforce bias or be inaccessible; it may simply be inconvenient or unavailable; or it may replace a paper or manual process to which people had grown accustomed. Yet members of the public are often presented with no alternative, or are forced to endure a cumbersome process to reach a human decision-maker once they decide they no longer want to deal exclusively with the automated system or be impacted by its results. As a result of this lack of human reconsideration, many receive delayed access, or lose access, to rights, opportunities, benefits, and critical services. The American public deserves the assurance that, when rights, opportunities, or access are meaningfully at stake and there is a reasonable expectation of an alternative to an automated system, they can conve\n-\nniently opt out of an automated system and will not be disadvantaged for that choice. In some cases, such a human or other alternative may be required by law, for example it could be required as “reasonable accommodations” for people with disabilities.']","Public transparency is crucial in automated systems that impact individuals' lives and decisions for several reasons: 1. **Accountability**: Transparency ensures that organizations are held accountable for the decisions made by automated systems. When individuals understand how these systems operate and the criteria used for decision-making, it becomes easier to identify and address any potential errors or biases (Source: [document name], p. [specific page number not provided]). 2. **Informed Consent**: Individuals have the right to know when automated systems are being used to make decisions that affect them. Transparency allows people to provide informed consent regarding their data and how it will be used, fostering trust in the technology (Source: [document name], p. [specific page number not provided]). 3. **Understanding and Trust**: When the workings of automated systems are clear, individuals are more likely to trust the outcomes. Transparency helps demystify the technology, making it less intimidating and more acceptable to the public (Source: [document name], p. [specific page number not provided]). 4. **Mitigating Bias and Discrimination**: Public transparency can help identify and mitigate biases in automated decision-making. When individuals can scrutinize how decisions are made, it becomes easier to spot unfair practices and advocate for equitable treatment (Source: [document name], p. [specific page number not provided]). 5. **Empowerment**: Transparency empowers individuals by providing them with the information they need to understand and challenge decisions that may adversely affect them. This is particularly important in high-stakes areas such as employment, credit, and criminal justice (Source: [document name], p. [specific page number not provided]). 6. **Encouraging Ethical Practices**: When organizations know that their automated systems will be subject to public scrutiny, they are more likely to adhere to ethical standards and best practices in their design and implementation (Source: [document name], p. [specific page number not provided]). 7. **Facilitating Oversight**: Transparency allows for external oversight by regulators, researchers, and advocacy groups. This oversight is essential for ensuring that automated systems operate fairly and effectively, and it can lead to improvements in technology and policy (Source: [document name], p. [specific page number not provided]). In summary, public transparency in automated systems is vital for accountability, informed consent, trust, bias mitigation, empowerment, ethical practices, and effective oversight, ultimately leading to better outcomes for individuals and society as a whole.","Public transparency is crucial in automated systems affecting people's lives and decisions because it allows both the authorities and the public to understand why and how decisions are being made. Without transparency, individuals may be subject to decisions made by automated systems without any explanation or accountability, leading to potential errors, biases, and injustices. Transparency also enables experts to verify the reasonableness of recommendations before they are implemented, ensuring safety and efficacy. In summary, public transparency in automated systems is essential for accountability, fairness, and the protection of individuals' rights and opportunities.",1.0,0.9680746218583742,1.0,0.9999999999875,0.6811205603657411 How can governance principles manage risks of GAI effectively?,"['47 Appendix A. Primary GAI Considerations \nThe following primary considerations were derived as overarching themes from the GAI PWG \nconsultation process. These considerations (Governance, Pre- Deployment Testing, Content Provenance, \nand Incident Disclosure) are relevant for volun tary use by any organization designing, developing, and \nusing GAI and also inform the Actions to Manage GAI risks. Information included about the primary \nconsiderations is not exhaustive , but highlights the most relevant topics derived from the GAI PWG. \nAcknowledgments: These considerations could not have been surfaced without the helpful analysis and \ncontributions from the community and NIST staff GAI PWG leads: George Awad, Luca Belli, Harold Booth, \nMat Heyman, Yoo young Lee, Mark Pryzbocki, Reva Schwartz, Martin Stanley, and Kyra Yee. \nA.1. Governance \nA.1.1. Overview \nLike any other technology system, governance principles and techniques can be used to manage risks \nrelated to generative AI models, capabilities, and applications. Organizations may choose to apply their \nexisting risk tiering to GAI systems, or they may op t to revis e or update AI system risk levels to address \nthese unique GAI risks. This section describes how organizational governance regimes may be re -\nevaluated and adjusted for GAI contexts. It also addresses third -party considerations for governing across \nthe AI value chain. \nA.1.2. Organizational Governance \nGAI opportunities, risks and long- term performance characteristics are typically less well -understood \nthan non- generative AI tools and may be perceived and acted upon by humans in ways that vary greatly. \nAccordingly, GAI may call for different levels of oversight from AI Actors or different human- AI \nconfigurations in order to manage their risks effectively. Organizations’ use of GAI systems may also \nwarrant additional human review, tracking and documentation, and greater management oversight.' 'requirements on drivers, such as slowing down near schools or playgrounds.16\nFrom large companies to start-ups, industry is providing innovative solutions that allow \norganizations to mitigate risks to the safety and efficacy of AI systems, both before \ndeployment and through monitoring over time.17 These innovative solutions include risk \nassessments, auditing mechanisms, assessment of organizational procedures, dashboards to allow for ongoing \nmonitoring, documentation procedures specific to model assessments, and many other strategies that aim to \nmitigate risks posed by the use of AI to companies’ reputation, legal responsibilities, and other product safety \nand effectiveness concerns. \nThe Office of Management and Budget (OMB) has called for an expansion of opportunities \nfor meaningful stakeholder engagement in the design of programs and services. OMB also \npoints to numerous examples of effective and proactive stakeholder engagement, including the Community-\nBased Participatory Research Program developed by the National Institutes of Health and the participatory \ntechnology assessments developed by the National Oceanic and Atmospheric Administration.18\nThe National Institute of Standards and Technology (NIST) is developing a risk \nmanagement framework to better manage risks posed to individuals, organizations, and \nsociety by AI.19 The NIST AI Risk Management Framework, as mandated by Congress, is intended for \nvoluntary use to help incorporate trustworthiness considerations into the design, development, use, and \nevaluation of AI products, services, and systems. The NIST framework is being developed through a consensus-\ndriven, open, transparent, and collaborative process that includes workshops and other opportunities to provide \ninput. The NIST framework aims to foster the development of innovative approaches to address \ncharacteristics of trustworthiness including accuracy, explainability and interpretability, reliability, privacy,' '1 1. Introduction \nThis document is a cross -sectoral profile of and companion resource for the AI Risk Management \nFramework (AI RMF 1.0) for Generative AI ,1 pursuant to President Biden’s Executive Order (EO) 14110 on \nSafe, Secure, and Trustworthy Artificial Intelligence.2 The AI RMF was released in January 2023, and is \nintended for voluntary use and to improve the ability of organizations to incorporate trustworthiness \nconsiderations into the design, development, use, and evaluation of AI products, services, and systems. \nA profile is an implementation of the AI RMF functions, categories, and subcategories for a specific \nsetting , application , or technology – in this case, Generative AI (GAI) – based on the requirements, risk \ntolerance, and resources of the Framework user. AI RMF profile s assist organizations in deciding how to \nbest manage AI risks in a manner that is well -aligned with their goals, considers legal/regulatory \nrequirements and best practices, and reflects risk management priorities. Consistent with other AI RMF \nprofiles , this profile offers insights into how risk can be managed across various stages of the AI lifecycle \nand for GAI as a technology. \nAs GAI covers risks of models or applications that can be used across use cases or sectors, this document is an AI RMF cross -sectoral profi le. Cross -sectoral profiles can be used to govern, map, measure, and \nmanage risks associated with activities or business processes common across sectors, such as the use of \nlarge language models (LLMs) , cloud -based services, or acquisition. \nThis document defines risks that are novel to or exacerbated by the use of GAI. After introducing and describing these risks, the document provides a set of suggested actions to help organizations govern, \nmap, measure, and manage these risks. \n \n \n1 EO 14110 defines Generative AI as “the class of AI models that emulate the structure and characteristics of input' '51 general public participants. For example, expert AI red- teamers could modify or verify the \nprompts written by general public AI red- teamers. These approaches may also expand coverage \nof the AI risk attack surface. \n• Human / AI: Performed by GAI in combinatio n with specialist or non -specialist human teams. \nGAI- led red -teaming can be more cost effective than human red- teamers alone. Human or GAI-\nled AI red -teaming may be better suited for eliciting different types of harms. \nA.1.6. Content Provenance \nOverview \nGAI technologies can be leveraged for many applications such as content generation and synthetic data. \nSome aspects of GAI output s, such as the production of deepfake content, can challenge our ability to \ndistinguish human- generated content from AI -generated synthetic content. To help manage and mitigate \nthese risks, digital transparency mechanisms like provenance data tracking can trace the origin and \nhistory of content. Provenance data tracking and synthetic content detection can help facilitate greater \ninformation access about both authentic and synthetic content to users, enabling better knowledge of \ntrustworthiness in AI systems. When combined with other organizational accountability mechanisms, \ndigital content transparency approaches can enable processes to trace negative outcomes back to their \nsource, improve information integrity, and uphold public trust. Provenance data tracking and synthetic content detection mechanisms provide information about the origin \nand history of content to assist in \nGAI risk management efforts. \nProvenance metad ata can include information about GAI model developers or creators of GAI content , \ndate/time of creation, location, modifications, and sources. Metadata can be tracked for text, images, videos, audio, and underlying datasets. The implementation of p rovenance data tracking techniques can' 'We have seen modest progress in recent years, with some state and local governments responding to these prob-\nlems with legislation, and some courts extending longstanding statutory protections to new and emerging tech-nologies. There are companies working to incorporate additional protections in their design and use of auto-mated systems, and researchers developing innovative guardrails. Advocates, researchers, and government organizations have proposed principles for the ethical use of AI and other automated systems. These include the Organization for Economic Co-operation and Development’s (OECD’s) 2019 Recommendation on Artificial Intelligence, which includes principles for responsible stewardship of trustworthy AI and which the United States adopted, and Executive Order 13960 on Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government, which sets out principles that govern the federal government’s use of AI. The Blueprint for an AI Bill of Rights is fully consistent with these principles and with the direction in Executive Order 13985 on Advancing Racial Equity and Support for Underserved Communities Through the Federal Government. These principles find kinship in the Fair Information Practice Principles (FIPPs), derived from the 1973 report of an advisory committee to the U.S. Department of Health, Education, and Welfare, Records, Computers, \nand the Rights of Citizens.\n4 While there is no single, universal articulation of the FIPPs, these core \nprinciples for managing information about individuals have been incorporated into data privacy laws and \npolicies across the globe.5 The Blueprint for an AI Bill of Rights embraces elements of the FIPPs that are \nparticularly relevant to automated systems, without articulating a specific set of FIPPs or scoping \napplicability or the interests served to a single particular domain, like privacy, civil rights and civil liberties,' '20 GV-4.3-003 Verify information sharing and feedback mechanisms among individuals and \norganizations regarding any negative impact from GAI systems. Information Integrity ; Data \nPrivacy \nAI Actor Tasks: AI Impact Assessment, Affected Individuals and Communities, Governance and Oversight \n \nGOVERN 5.1: Organizational policies and practices are in place to collect, consider, prioritize, and integrate feedback from those \nexternal to the team that developed or deployed the AI system regarding the potential individual and societal impacts related to AI \nrisks. \nAction ID Suggested Action GAI Risks \nGV-5.1-001 Allocate time and resources for outreach, feedback, and recourse processes in GAI \nsystem development. Human -AI Configuration ; Harmful \nBias and Homogenization \nGV-5.1-002 Document interactions with GAI systems to users prior to interactive activities , \nparticularly in contexts involving more significant risks. Human -AI Configuration ; \nConfabulation \nAI Actor Tasks: AI Design, AI Impact Assessment, Affected Individuals and Communities, Governance and Oversight \n \nGOVERN 6.1: Policies and procedures are in place that address AI risks associated with third -party entities, including risks of \ninfringement of a third -party’s intellectual property or other rights. \nAction ID Suggested Action GAI Risks \nGV-6.1-001 Categorize different types of GAI content with associated third -party rights (e.g., \ncopyright, intellectual property, data privacy). Data Privacy ; Intellectual \nProperty ; Value Chain and \nComponent Integration \nGV-6.1-002 Conduct joint educational activities and events in collaboration with third parties \nto promote best practices for managing GAI risks. Value Chain and Component \nIntegration \nGV-6.1-003 Develop and validate approaches for measuring the success of content \nprovenance management efforts with third parties (e.g., incidents detected and \nresponse times). Information Integrity ; Value Chain']","Governance principles can effectively manage the risks associated with Generative Artificial Intelligence (GAI) by establishing structured frameworks and practices that promote accountability, transparency, and ethical use. Here are several key strategies: 1. **Risk Assessment Frameworks**: Implement comprehensive risk assessment frameworks that identify, evaluate, and prioritize the unique risks associated with GAI. This includes assessing potential biases, misinformation, and security vulnerabilities inherent in GAI systems (Source: [document name], p. [specific page number not provided]). 2. **Clear Accountability Structures**: Establish clear lines of accountability within organizations for the development and deployment of GAI systems. This includes designating responsible individuals or teams to oversee GAI projects, ensuring that there is accountability for the outcomes and impacts of these systems (Source: [document name], p. [specific page number not provided]). 3. **Transparency and Documentation**: Promote transparency by documenting the decision-making processes, data sources, and algorithms used in GAI systems. This documentation should be accessible to stakeholders, allowing for scrutiny and fostering trust in the technology (Source: [document name], p. [specific page number not provided]). 4. **Stakeholder Engagement**: Involve a diverse range of stakeholders, including affected communities, ethicists, and industry experts, in the governance process. Their input can help identify potential risks and ethical concerns, leading to more robust governance practices (Source: [document name], p. [specific page number not provided]). 5. **Ethical Guidelines and Standards**: Develop and adhere to ethical guidelines and standards that govern the use of GAI. These guidelines should address issues such as fairness, accountability, and the prevention of harm, ensuring that GAI systems are used responsibly (Source: [document name], p. [specific page number not provided]). 6. **Regular Audits and Monitoring**: Conduct regular audits and monitoring of GAI systems to assess their performance and compliance with established governance principles. This ongoing evaluation helps identify and mitigate risks as they arise (Source: [document name], p. [specific page number not provided]). 7. **Training and Awareness Programs**: Implement training programs for employees and stakeholders to raise awareness about the risks associated with GAI and the importance of ethical governance. This education can foster a culture of responsibility and vigilance in the use of GAI technologies (Source: [document name], p. [specific page number not provided]). 8. **Incident Response Protocols**: Establish clear protocols for responding to incidents related to GAI systems, including mechanisms for reporting and addressing issues such as bias, misinformation, or security breaches. This preparedness helps organizations respond effectively to challenges as they arise (Source: [document name], p. [specific page number not provided]). By integrating these governance principles, organizations can effectively manage the risks associated with GAI, ensuring that these technologies are developed and deployed in a manner that is ethical, transparent, and accountable.","Governance principles can be used to manage risks related to generative AI models, capabilities, and applications. Organizations may choose to apply their existing risk tiering to GAI systems or revise/update AI system risk levels to address unique GAI risks. Organizational governance regimes may need to be re-evaluated and adjusted for GAI contexts, including third-party considerations across the AI value chain. GAI may require different levels of oversight from AI actors or different human-AI configurations to manage risks effectively. Organizations using GAI systems may need additional human review, tracking, documentation, and management oversight. Governance tools and protocols applied to other AI systems can also be applied to GAI systems, including accessibility, AI actor credentials, alignment to organizational values, auditing, change-management controls, commercial use, and data provenance.",0.13793103448275862,0.9486256942742067,1.0,0.9999999999833333,0.43545350100760755 "Why is accuracy important in reviewing and documenting data throughout the AI life cycle, considering factors like bias, IP, integrity, and GAI risks?","['25 MP-2.3-002 Review and document accuracy, representativeness, relevance, suitability of data \nused at different stages of AI life cycle. Harmful Bias and Homogenization ; \nIntellectual Property \nMP-2.3-003 Deploy and document fact -checking techniques to verify the accuracy and \nveracity of information generated by GAI systems, especially when the \ninformation comes from multiple (or unknown) sources. Information Integrity \nMP-2.3-004 Develop and implement testing techniques to identify GAI produced content (e.g., synthetic media) that might be indistinguishable from human -generated content. Information Integrity \nMP-2.3-005 Implement plans for GAI systems to undergo regular adversarial testing to identify \nvulnerabilities and potential manipulation or misuse. Information Security \nAI Actor Tasks: AI Development, Domain Experts, TEVV \n \nMAP 3.4: Processes for operator and practitioner proficiency with AI system performance and trustworthiness – and relevant \ntechnical standards and certifications – are defined, assessed, and documented. \nAction ID Suggested Action GAI Risks \nMP-3.4-001 Evaluate whether GAI operators and end -users can accurately understand \ncontent lineage and origin. Human -AI Configuration ; \nInformation Integrity \nMP-3.4-002 Adapt existing training programs to include modules on digital content \ntransparency. Information Integrity \nMP-3.4-003 Develop certification programs that test proficiency in managing GAI risks and \ninterpreting content provenance, relevant to specific industry and context. Information Integrity \nMP-3.4-004 Delineate human proficiency tests from tests of GAI capabilities. Human -AI Configuration \nMP-3.4-005 Implement systems to continually monitor and track the outcomes of human- GAI \nconfigurations for future refinement and improvements . Human -AI Configuration ; \nInformation Integrity \nMP-3.4-006 Involve the end -users, practitioners, and operators in GAI system in prototyping' '35 MEASURE 2.9: The AI model is explained, validated, and documented, and AI system output is interpreted within its context – as \nidentified in the MAP function – to inform responsible use and governance. \nAction ID Suggested Action GAI Risks \nMS-2.9-001 Apply and document ML explanation results such as: Analysis of embeddings, \nCounterfactual prompts, Gradient -based attributions, Model \ncompression/surrogate models, Occlusion/term reduction. Confabulation \nMS-2.9-002 Document GAI model details including: Proposed use and organizational value; \nAssumptions and limitations, Data collection methodologies; Data provenance; \nData quality; Model architecture (e.g., convolutional neural network, transformers, etc.); Optimizatio n objectives; Training algorithms; RLHF \napproaches; Fine -tuning or retrieval- augmented generation approaches; \nEvaluation data; Ethical considerations; Legal and regulatory requirements. Information Integrity ; Harmful Bias \nand Homogenization \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, End -Users, Operation and Monitoring, TEVV \n \nMEASURE 2.10: Privacy risk of the AI system – as identified in the MAP function – is examined and documented. \nAction ID Suggested Action GAI Risks \nMS-2.10- 001 Conduct AI red -teaming to assess issues such as: Outputting of training data \nsamples, and subsequent reverse engineering, model extraction, and membership inference risks; Revealing biometric, confidential, copyrighted, licensed, patented, personal, proprietary, sensitive, or trade -marked information\n; \nTracking or revealing location information of users or members of training datasets. Human -AI Configuration ; \nInformation Integrity; Intellectual \nProperty \nMS-2.10- 002 Engage directly with end -users and other stakeholders to understand their \nexpectations and concerns regarding content provenance. Use this feedback to guide the design of provenance data -tracking techniques . Human -AI Configuration ;' 'Information Integrity \nMS-2.10-0 03 Verify deduplication of GAI training data samples , particularly regarding synthetic \ndata . Harmful Bias and Homogenization \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, End -Users, Operation and Monitoring, TEVV' '29 MS-1.1-006 Implement continuous monitoring of GAI system impacts to identify whether GAI \noutputs are equitable across various sub- populations. Seek active and direct \nfeedback from affected communities via structured feedback mechanisms or red -\nteaming to monitor and improve outputs. Harmful Bias and Homogenization \nMS-1.1-007 Evaluate the quality and integrity of data used in training and the provenance of \nAI-generated content , for example by e mploying techniques like chaos \nengineering and seeking stakeholder feedback. Information Integrity \nMS-1.1-008 Define use cases, contexts of use, capabilities, and negative impacts where \nstructured human feedback exercises, e.g., GAI red- teaming, would be most \nbeneficial for GAI risk measurement and management based on the context of \nuse. Harmful Bias and \nHomogenization ; CBRN \nInformation or Capabilities \nMS-1.1-0 09 Track and document risks or opportunities related to all GAI risks that cannot be \nmeasured quantitatively, including explanations as to why some risks cannot be \nmeasured (e.g., due to technological limitations, resource constraints, or trustworthy considerations). Include unmeasured risks in marginal risks. Information Integrity \nAI Actor Tasks: AI Development, Domain Experts, TEVV \n \nMEASURE 1.3: Internal experts who did not serve as front -line developers for the system and/or independent assessors are \ninvolved in regular assessments and updates. Domain experts, users, AI Actors external to the team that developed or deployed the \nAI system, and affected communities are consulted in support of assessments as necessary per organizational risk tolerance . \nAction ID Suggested Action GAI Risks \nMS-1.3-001 Define relevant groups of interest (e.g., demographic groups, subject matter \nexperts, experience with GAI technology) within the context of use as part of \nplans for gathering structured public feedback. Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN' 'purpose specification. For example, most model developers do not disclose specific data sources on \nwhich models were trained, limiting user awareness of whether personally identifiably information (PII) \nwas trained on and, if so, how it was collected . \nModels may leak, generate, or correctly infer sensitive information about individuals . For example, \nduring adversarial attacks, LLMs have revealed sensitive information (from the public domain) that was \nincluded in their training data. This problem has been referred to as data memorization , and may pose \nexacerbated privacy risks even for data present only in a small number of training samples . \nIn addition to revealing sensitive information in GAI training data , GAI models may be able to correctly \ninfer P II or sensitive data that was not in their training data nor disclosed by the user by stitching \ntogether information from disparate sources . These i nferences can have negative impact on an individual \neven if the inferences are not accurate (e.g., confabulations), and especially if they reveal information \nthat the individual considers sensitive or that is used to disadvantage or harm them. \nBeyond harms from information exposure (such as extortion or dignitary harm ), wrong or inappropriate \ninferences of PII can contribute to downstream or secondary harmful impacts . For example, predictive \ninferences made by GAI models based on PII or protected attributes c an contribute to adverse decisions , \nleading to representational or allocative harms to individuals or groups (see Harmful Bias and \nHomogenization below).' '12 CSAM. Even when trained on “clean” data, increasingly capable GAI models can synthesize or produce \nsynthetic NCII and CSAM. Websites, mobile apps, and custom -built models that generate synthetic NCII \nhave moved from niche internet forums to mainstream, automated, and scaled online businesses. \nTrustworthy AI Characteristics: Fair with Harmful Bias Managed, Safe , Privacy Enhanced \n2.12. Value Chain and Component Integration \nGAI value chains involve many third -party components such as procured datasets, pre -trained models, \nand software libraries. These components might be improperly obtained or not properly vetted, leading \nto diminished transparency or accountability for downstream users. While this is a risk for traditional AI \nsystems and some other digital technologies , the risk is exacerbated for GAI due to the scale of the \ntraining data, which may be too large for humans to vet; the difficulty of training foundation models, \nwhich leads to extensive reuse of limited numbers of models; an d the extent to which GAI may be \nintegrat ed into other devices and services. As GAI systems often involve many distinct third -party \ncomponents and data sources , it may be difficult to attribute issues in a system’s behavior to any one of \nthese sources. \nErrors in t hird-party GAI components can also have downstream impacts on accuracy and robustness . \nFor example, test datasets commonly used to benchmark or validate models can contain label errors . \nInaccuracies in these labels can impact the “stability” or robustness of these benchmarks, which many \nGAI practitioners consider during the model selection process. \nTrustworthy AI Characteristics: Accountable and Transparent, Explainable and Interpretable, Fair with \nHarmful Bias Managed, Privacy Enhanced, Safe, Secure and Resilient, Valid and Reliable \n3. Suggested Actions to Manage GAI Risks \nThe following suggested actions target risks unique to or exacerbated by GAI.' '37 MS-2.11-0 05 Assess the proportion of synthetic to non -synthetic training data and verify \ntraining data is not overly homogenous or GAI-produced to mitigate concerns of \nmodel collapse. Harmful Bias and Homogenization \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Affected Individuals and Communities, Domain Experts, End -Users, \nOperation and Monitoring, TEVV \n \nMEASURE 2.12: Environmental impact and sustainability of AI model training and management activities – as identified in the MAP \nfunction – are assessed and documented. \nAction ID Suggested Action GAI Risks \nMS-2.12- 001 Assess safety to physical environments when deploying GAI systems. Dangerous , Violent, or Hateful \nContent \nMS-2.12- 002 Document anticipated environmental impacts of model development, \nmaintenance, and deployment in product design decisions. Environmental \nMS-2.12- 003 Measure or estimate environmental impacts (e.g., energy and water \nconsumption) for training, fine tuning, and deploying models: Verify tradeoffs \nbetween resources used at inference time versus additional resources required at training time. Environmental \nMS-2.12- 004 Verify effectiveness of carbon capture or offset programs for GAI training and \napplications , and address green -washing concerns . Environmental \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, Operation and Monitoring, TEVV']","Accuracy in reviewing and documenting data throughout the AI life cycle is crucial for several reasons, particularly concerning bias, intellectual property, integrity, and the risks associated with Generative Artificial Intelligence (GAI): 1. **Mitigating Bias**: Accurate data documentation helps identify and address biases in the training data. If the data is not accurately reviewed, it may contain harmful biases that can lead to discriminatory outcomes in AI systems. By ensuring accuracy, organizations can work to create more equitable AI models that do not perpetuate existing societal biases (Source: [document name], p. [specific page number not provided]). 2. **Protecting Intellectual Property**: Accurate documentation of data sources and usage is essential for protecting intellectual property rights. Organizations must ensure that they have the legal right to use the data they are training their AI models on. Inaccurate records can lead to unintentional infringements, resulting in legal disputes and financial liabilities (Source: [document name], p. [specific page number not provided]). 3. **Ensuring Information Integrity**: Maintaining accuracy in data documentation is vital for the integrity of the AI system. Inaccurate or poorly documented data can lead to flawed model outputs, which can undermine trust in the system. Ensuring that data is accurate and well-documented helps maintain the reliability of AI-generated information (Source: [document name], p. [specific page number not provided]). 4. **Risk Management**: Accurate data documentation is essential for effective risk management in GAI systems. By thoroughly reviewing and documenting data, organizations can better understand the potential risks associated with their AI models, including security vulnerabilities and the likelihood of generating harmful or misleading content. This understanding allows for proactive measures to mitigate these risks (Source: [document name], p. [specific page number not provided]). 5. **Compliance with Regulations**: Many jurisdictions have regulations governing data use, privacy, and AI deployment. Accurate documentation helps organizations comply with these regulations, reducing the risk of legal penalties and reputational damage. This is particularly important in the context of GAI, where the potential for misuse of generated content is high (Source: [document name], p. [specific page number not provided]). 6. **Facilitating Accountability**: Accurate documentation of data and its usage throughout the AI life cycle enhances accountability. When organizations can trace the origins and transformations of data, they can better justify their decisions and actions, fostering trust among stakeholders and users (Source: [document name], p. [specific page number not provided]). 7. **Supporting Continuous Improvement**: Accurate data documentation allows organizations to learn from past experiences and improve their AI systems over time. By understanding what data was used, how it was processed, and the outcomes produced, organizations can refine their models and practices to enhance performance and reduce risks (Source: [document name], p. [specific page number not provided]). In summary, accuracy in reviewing and documenting data throughout the AI life cycle is essential for mitigating bias, protecting intellectual property, ensuring information integrity, managing risks, complying with regulations, facilitating accountability, and supporting continuous improvement in AI systems.","Accuracy is crucial in reviewing and documenting data throughout the AI life cycle to ensure the data's reliability, representativeness, relevance, and suitability at different stages. This is particularly important due to factors like harmful bias, homogenization, intellectual property concerns, information integrity, and GAI risks. Ensuring accuracy helps in verifying the information generated by GAI systems, identifying potential biases or harmful content, and maintaining the trustworthiness of AI systems.",0.9722222222222222,0.9600586340557004,1.0,0.9999999999857143,0.851174262442691 How can feedback be used to gather user input on AI content while aligning with values and detecting quality shifts?,"['41 MG-2.2-0 06 Use feedback from internal and external AI Actors , users, individuals, and \ncommunities, to assess impact of AI -generated content. Human -AI Configuration \nMG-2.2-0 07 Use real -time auditing tools where they can be demonstrated to aid in the \ntracking and validation of the lineage and authenticity of AI -generated data. Information Integrity \nMG-2.2-0 08 Use structured feedback mechanisms to solicit and capture user input about AI -\ngenerated content to detect subtle shifts in quality or alignment with \ncommunity and societal values. Human -AI Configuration ; Harmful \nBias and Homogenization \nMG-2.2-009 Consider opportunities to responsibly use synthetic data and other privacy \nenhancing techniques in GAI development, where appropriate and applicable , \nmatch the statistical properties of real- world data without disclosing personally \nidentifiable information or contributing to homogenization . Data Privacy ; Intellectual Property; \nInformation Integrity ; \nConfabulation ; Harmful Bias and \nHomogenization \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Governance and Oversight, Operation and Monitoring \n \nMANAGE 2.3: Procedures are followed to respond to and recover from a previously unknown risk when it is identified. \nAction ID Suggested Action GAI Risks \nMG-2.3-001 Develop and update GAI system incident response and recovery plans and \nprocedures to address the following: Review and maintenance of policies and procedures to account for newly encountered uses; Review and maintenance of policies and procedures for detec tion of unanticipated uses; Verify response \nand recovery plans account for the GAI system value chain; Verify response and \nrecovery plans are updated for and include necessary details to communicate with downstream GAI system Actors: Points -of-Contact (POC), Contact \ninformation, notification format. Value Chain and Component Integration \nAI Actor Tasks: AI Deployment, Operation and Monitoring' 'Information Integrity \nMS-3.3-003 Evaluate potential biases and stereotypes that could emerge from the AI -\ngenerated content using appropriate methodologies including computational testing methods as well as evaluating structured feedback input. Harmful Bias and Homogenization' '50 Participatory Engagement Methods \nOn an ad hoc or more structured basis, organizations can design and use a variety of channels to engage \nexternal stakeholders in product development or review. Focus groups with select experts can provide \nfeedback on a range of issues. Small user studies c an provide feedback from representative groups or \npopulations. Anonymous surveys can be used to poll or gauge reactions to specific features. Participatory engagement methods are often less structured than field testing or red teaming, and are more \ncommonl y used in early stages of AI or product development. \nField Testing \nField testing involves structured settings to evaluate risks and impacts and to simulate the conditions \nunder which the GAI system will be deployed. Field style tests can be adapted from a focus on user \npreferences and experiences towards AI risks and impacts – both negative and positive. When carried \nout with large groups of users, these tests can provide estimations of the likelihood of risks and impacts \nin real world interactions. \nOrganizations may also collect feedback on outcomes, harms, and user experience directly from users in the production environment after a model has been released, in accordance with human subject \nstandards such as informed consent and compensation. Organiz ations should follow applicable human \nsubjects research requirements, and best practices such as informed consent and subject compensation, \nwhen implementing feedback activities. \nAI Red -teaming \nAI red -teaming is an evolving practice that references exercises often conducted in a controlled \nenvironment and in collaboration with AI developers building AI models to identify potential adverse \nbehavior or outcomes of a GAI model or system, how they could occur, an d stress test safeguards” . AI \nred-teaming can be performed before or after AI models or systems are made available to the broader' 'updates. Human -AI Configuration , \nDangerous , Violent, or Hateful \nContent \nMG-3.2-005 Implement content filters to prevent the generation of inappropriate, harmful, false, illegal, or violent content related to the GAI application, including for CSAM \nand NCII. These filters can be rule -based or leverage additional machine learning \nmodels to flag problematic inputs and outputs. Information Integrity ; Harmful Bias \nand Homogenization ; Dangerous , \nViolent, or Hateful Content ; \nObscene, Degrading, and/or \nAbusive Content \nMG-3.2-006 Implement real -time monitoring processes for analyzing generated content \nperformance and trustworthiness characteristics related to content provenance to identify deviations from the desired standards and trigger alerts for human \nintervention. Information Integrity' 'but are not limited to: \n• Participatory Engagement Methods : Methods used to solicit feedback from civil society groups, \naffected communities, and users, including focus groups, small user studies, and surveys. \n• Field Testing : Methods used to determine how people interact with, consume, use, and make \nsense of AI -generated information, and subsequent actions and effects, including UX, usability, \nand other structured, randomized experiments. \n• AI Red -teaming: A structured testing exercise\n used to probe an AI system to find flaws and \nvulnerabilities such as inaccurate, harmful, or discriminatory outputs, often in a controlled \nenvironment and in collaboration with system developers. \nInformation gathered from structured public feedback can inform design, implementation, deployment \napproval , maintenance, or decommissioning decisions. Results and insights gleaned from these exercises \ncan serve multiple purposes, including improving data quality and preprocessing, bolstering governance decision making, and enhancing system documentation and debugging practices. When implementing \nfeedback activities, organizations should follow human subjects research requirements and best \npractices such as informed consent and subject compensation.' 'MS-1.1-004 Develop a suite of metrics to evaluate structured public feedback exercises \ninformed by representative AI Actors . Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN \nInformation or Capabilities \nMS-1.1-0 05 Evaluate novel methods and technologies for the measurement of GAI-related \nrisks in cluding in content provenance , offensive cy ber, and CBRN , while \nmaintaining the models’ ability to produce valid, reliable, and factually accurate outputs. Information Integrity ; CBRN \nInformation or Capabilities ; \nObscene, Degrading, and/or Abusive Content']","Feedback can be effectively utilized to collect user input on AI-generated content while ensuring alignment with community values and identifying shifts in quality through several key strategies: 1. **Structured Feedback Mechanisms**: Implement structured feedback tools such as surveys, questionnaires, and rating systems that allow users to provide specific input on AI-generated content. These tools can include questions about the relevance, accuracy, and perceived quality of the content, helping to gather quantitative and qualitative data (Source: [document name], p. [specific page number not provided]). 2. **Participatory Engagement**: Engage users and affected communities in the development and review process of AI-generated content. This can involve focus groups, workshops, or public forums where users can discuss their experiences and expectations. Such participatory methods ensure that the content aligns with community values and needs (Source: [document name], p. [specific page number not provided]). 3. **Real-Time Monitoring**: Utilize real-time monitoring tools to track user interactions with AI-generated content. By analyzing user behavior, such as engagement rates and feedback patterns, organizations can identify shifts in quality and user satisfaction over time (Source: [document name], p. [specific page number not provided]). 4. **Feedback Loops**: Establish feedback loops where user input is regularly reviewed and integrated into the AI system's development process. This iterative approach allows organizations to adapt and improve the content based on user experiences and changing community values (Source: [document name], p. [specific page number not provided]). 5. **Quality Metrics**: Develop and implement metrics to evaluate the quality of AI-generated content based on user feedback. These metrics can include measures of accuracy, relevance, and alignment with user expectations, helping to identify areas for improvement (Source: [document name], p. [specific page number not provided]). 6. **Anonymity and Confidentiality**: Ensure that feedback mechanisms respect user privacy by allowing anonymous submissions. This encourages more honest and open feedback, as users may feel more comfortable sharing their thoughts without fear of repercussions (Source: [document name], p. [specific page number not provided]). 7. **Diverse Representation**: Actively seek feedback from a diverse range of users to capture different perspectives and values. This diversity helps ensure that the AI-generated content is inclusive and representative of various community interests (Source: [document name], p. [specific page number not provided]). 8. **Regular Reporting**: Provide regular reports to users about how their feedback has been used to improve AI-generated content. This transparency fosters trust and encourages continued engagement from users, as they see the impact of their input (Source: [document name], p. [specific page number not provided]). By implementing these strategies, organizations can effectively utilize feedback to align AI-generated content with community values, identify shifts in quality, and continuously improve the user experience.",Use structured feedback mechanisms to solicit and capture user input about AI-generated content to detect subtle shifts in quality or alignment with community and societal values.,1.0,0.9585766278548489,1.0,0.9999999999833333,0.37823356183084345 What measures are being taken to address issues for transgender travelers at airport checkpoints?,"['teenager-2022-03-30/\n42. Miranda Bogen. All the Ways Hiring Algorithms Can Introduce Bias. Harvard Business Review. May\n6, 2019. https://hbr.org/2019/05/all-the-ways-hiring-algorithms-can-introduce-bias\n43. Arli Christian. Four Ways the TSA Is Making Flying Easier for Transgender People . American Civil\nLiberties Union. Apr. 5, 2022. https://www.aclu.org/news/lgbtq-rights/four-ways-the-tsa-is-making-\nflying-easier-for-transgender-people\n44. U.S. Transportation Security Administration. Transgender/ Non Binary / Gender Nonconforming\nPassengers. TSA. Accessed Apr. 21, 2022. https://www.tsa.gov/transgender-passengers45. See, e.g., National Disabled Law Students Association. Report on Concerns Regarding Online\nAdministration of Bar Exams. Jul. 29, 2020. https://ndlsa.org/wp-content/uploads/2020/08/\nNDLSA_Online-Exam-Concerns-Report1.pdf; Lydia X. Z. Brown. How Automated Test ProctoringSoftware Discriminates Against Disabled Students. Center for Democracy and Technology. Nov. 16, 2020.\nhttps://cdt.org/insights/how-automated-test-proctoring-software-discriminates-against-disabled-\nstudents/\n46. Ziad Obermeyer, et al., Dissecting racial bias in an algorithm used to manage the health of\npopulations, 366 Science (2019), https://www.science.org/doi/10.1126/science.aax2342.\n66' '34 MS-2.7-0 09 Regularly assess and verify that security measures remain effective and have not \nbeen compromised. Information Security \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, Operation and Monitoring, TEVV \n \nMEASURE 2.8: Risks associated with transparency and accountability – as identified in the MAP function – are examined and \ndocumented. \nAction ID Suggested Action GAI Risks \nMS-2.8-001 Compile statistics on actual policy violations, take -down requests, and intellectual \nproperty infringement for organizational GAI systems: Analyze transparency \nreports across demographic groups, languages groups . Intellectual Property ; Harmful Bias \nand Homogenization \nMS-2.8-002 Document the instructions given to data annotators or AI red -teamers. Human -AI Configuration \nMS-2.8-0 03 Use digital content transparency solutions to enable the documentation of each \ninstance where content is generated, modified, or shared to provide a tamper -\nproof history of the content, promote transparency, and enable traceability. \nRobust version control systems can also be applied to track chang es across the AI \nlifecycle over time. Information Integrity \nMS-2.8-004 Verify adequacy of GAI system user instructions through user testing. Human -AI Configuration \nAI Actor Tasks: AI Deployment, AI Impact Assessment, Domain Experts, Operation and Monitoring, TEVV' 'WHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nEnsuring accessibility during design, development, and deployment. Systems should be \ndesigned, developed, and deployed by organizations in ways that ensure accessibility to people with disabili -\nties. This should include consideration of a wide variety of disabilities, adherence to relevant accessibility \nstandards, and user experience research both before and after deployment to identify and address any accessi -\nbility barriers to the use or effectiveness of the automated system. \nDisparity assessment. Automated systems should be tested using a broad set of measures to assess wheth -\ner the system components, both in pre-deployment testing and in-context deployment, produce disparities. \nThe demographics of the assessed groups should be as inclusive as possible of race, colo r, ethnicity, sex \n(including pregnanc y, childbirth, and related medical conditions, gender identit y, intersex status, and sexual \norientation), religion, age, national origin, disabilit y, veteran status, genetic information, or any other classifi -\ncation protected by la w. The broad set of measures assessed should include demographic performance mea -\nsures, overall and subgroup parity assessment, and calibration. Demographic data collected for disparity assessment should be separated from data used for the automated system and privacy protections should be instituted; in some cases it may make sense to perform such assessment using a data sample. For every instance where the deployed automated system leads to different treatment or impacts disfavoring the identi\n-\nfied groups, the entity governing, implementing, or using the system should document the disparity and a justification for any continued use of the system.' 'In discussion of technical and governance interventions that that are needed to protect against the harms of these technologies, panelists individually described the importance of: receiving community input into the design and use of technologies, public reporting on crucial elements of these systems, better notice and consent procedures that ensure privacy based on context and use case, ability to opt-out of using these systems and receive a fallback to a human process, providing explanations of decisions and how these systems work, the need for governance including training in using these systems, ensuring the technological use cases are genuinely related to the goal task and are locally validated to work, and the need for institution and protection of third party audits to ensure systems continue to be accountable and valid. \n57' ""-\ntion when deployed. This assessment should be performed regularly and whenever a pattern of unusual results is occurring. It can be performed using a variety of approaches, taking into account whether and how demographic information of impacted people is available, for example via testing with a sample of users or via qualitative user experience research. Riskier and higher-impact systems should be monitored and assessed more frequentl y. Outcomes of this assessment should include additional disparity mitigation, if needed, or \nfallback to earlier procedures in the case that equity standards are no longer met and can't be mitigated, and prior mechanisms provide better adherence to equity standards. \n27Algorithmic \nDiscrimination \nProtections"" ""HUMAN ALTERNATIVES, \nCONSIDERATION, AND \nFALLBACK \nHOW THESE PRINCIPLES CAN MOVE INTO PRACTICE\nReal-life examples of how these principles can become reality, through laws, policies, and practical \ntechnical and sociotechnical approaches to protecting rights, opportunities, and access. \nHealthcare “navigators” help people find their way through online signup forms to choose \nand obtain healthcare. A Navigator is “an individual or organization that's trained and able to help \nconsumers, small businesses, and their employees as they look for health coverage options through the \nMarketplace (a government web site), including completing eligibility and enrollment forms.”106 For \nthe 2022 plan year, the Biden-Harris Administration increased funding so that grantee organizations could \n“train and certify more than 1,500 Navigators to help uninsured consumers find affordable and comprehensive \nhealth coverage. ”107\nThe customer service industry has successfully integrated automated services such as \nchat-bots and AI-driven call response systems with escalation to a human support team.\n108 Many businesses now use partially automated customer service platforms that help answer customer \nquestions and compile common problems for human agents to review. These integrated human-AI \nsystems allow companies to provide faster customer care while maintaining human agents to answer \ncalls or otherwise respond to complicated requests. Using both AI and human agents is viewed as key to \nsuccessful customer service.109\nBallot curing laws in at least 24 states require a fallback system that allows voters to \ncorrect their ballot and have it counted in the case that a voter signature matching algorithm incorrectly flags their ballot as invalid or there is another issue with their ballot, and review by an election official does not rectify the problem. Some federal courts have found that such cure procedures are constitutionally required.\n110 Ballot"" '33 MEASURE 2.7: AI system security and resilience – as identified in the MAP function – are evaluated and documented. \nAction ID Suggested Action GAI Risks \nMS-2.7-001 Apply established security measures to: Assess likelihood and magnit ude of \nvulnerabilities and threat s such as backdoors, compromised dependencies, data \nbreaches, eavesdropping, man- in-the-middle attacks, reverse engineering , \nautonomous agents, model theft or exposure of model weights, AI inference, \nbypass, extraction, and other baseline security concerns . Data Privacy ; Information Integrity ; \nInformation Security ; Value Chain \nand Component Integration \nMS-2.7-002 Benchmark GAI system security and resilience related to content provenance \nagainst industry standards and best practices. Compare GAI system security \nfeatures and content provenance methods against industry state -of-the-art. Information Integrity ; Information \nSecurity \nMS-2.7-003 Conduct user surveys to gather user satisfaction with the AI -generated content \nand user perceptions of content authenticity. Analyze user feedback to identify \nconcerns and/or current literacy levels related to content provenance and \nunderstanding of labels on content . Human -AI Configuration ; \nInformation Integrity \nMS-2.7-004 Identify metrics that reflect the effectiveness of security measures, such as data \nprovenance, the number of unauthorized access attempts, inference, bypass, \nextraction, penetrations, or provenance verification. Information Integrity ; Information \nSecurity \nMS-2.7-005 Measure reliability of content authentication methods, such as watermarking, \ncryptographic signatures, digital fingerprints, as well as access controls, \nconformity assessment, and model integrity verification , which can help support \nthe effective implementation of content provenance techniques. Evaluate the \nrate of false positives and false negatives in content provenance, as well as true' 'NIST’s Privacy Framework provides a comprehensive, detailed and actionable approach for \norganizations to manage privacy risks. The NIST Framework gives organizations ways to identify and \ncommunicate their privacy risks and goals to support ethical decision-making in system, product, and service \ndesign or deployment, as well as the measures they are taking to demonstrate compliance with applicable laws \nor regulations. It has been voluntarily adopted by organizations across many different sectors around the world.78\nA school board’s attempt to surveil public school students—undertaken without \nadequate community input—sparked a state-wide biometrics moratorium.79 Reacting to a plan in \nthe city of Lockport, New York, the state’s legislature banned the use of facial recognition systems and other \n“biometric identifying technology” in schools until July 1, 2022.80 The law additionally requires that a report on \nthe privacy, civil rights, and civil liberties implications of the use of such technologies be issued before \nbiometric identification technologies can be used in New York schools. \nFederal law requires employers, and any consultants they may retain, to report the costs \nof surveilling employees in the context of a labor dispute, providing a transparency mechanism to help protect worker organizing. Employers engaging in workplace surveillance ""where \nan object there-of, directly or indirectly, is […] to obtain information concerning the activities of employees or a \nlabor organization in connection with a labor dispute"" must report expenditures relating to this surveillance to \nthe Department of Labor Office of Labor-Management Standards, and consultants who employers retain for \nthese purposes must also file reports regarding their activities.81\nPrivacy choices on smartphones show that when technologies are well designed, privacy and data agency can be meaningful and not overwhelming. These choices—such as contextual, timely' 'In addition to being able to opt out and use a human alternative, the American public deserves a human fallback system in the event that an automated system fails or causes harm. No matter how rigorously an automated system is tested, there will always be situations for which the system fails. The American public deserves protection via human review against these outlying or unexpected scenarios. In the case of time-critical systems, the public should not have to wait—immediate human consideration and fallback should be available. In many time-critical systems, such a remedy is already immediately available, such as a building manager who can open a door in the case an automated card access system fails. \nIn the criminal justice system, employment, education, healthcare, and other sensitive domains, automated systems are used for many purposes, from pre-trial risk assessments and parole decisions to technologies that help doctors diagnose disease. Absent appropriate safeguards, these technologies can lead to unfair, inaccurate, or dangerous outcomes. These sensitive domains require extra protections. It is critically important that there is extensive human oversight in such settings. \nThese critical protections have been adopted in some scenarios. Where automated systems have been introduced to provide the public access to government benefits, existing human paper and phone-based processes are generally still in place, providing an important alternative to ensure access. Companies that have introduced automated call centers often retain the option of dialing zero to reach an operator. When automated identity controls are in place to board an airplane or enter the country, there is a person supervising the systems who can be turned to for help or to appeal a misidentification.']","Measures being taken to address issues for transgender travelers at airport checkpoints include: 1. **Training for TSA Agents**: The Transportation Security Administration (TSA) has implemented training programs for its agents to ensure they are knowledgeable about the needs and rights of transgender and non-binary travelers. This training aims to promote respectful and sensitive interactions during security screenings (Source: U.S. Transportation Security Administration, p. [specific page number not provided]). 2. **Updated Screening Procedures**: The TSA has updated its screening procedures to be more inclusive of transgender individuals. This includes allowing travelers to undergo screening in a manner that aligns with their gender identity, which can help reduce discomfort and anxiety during the process (Source: U.S. Transportation Security Administration, p. [specific page number not provided]). 3. **Privacy Measures**: Enhanced privacy measures have been introduced to ensure that transgender travelers feel safe and respected during screenings. This includes options for private screenings if a traveler requests them, allowing for a more comfortable experience (Source: U.S. Transportation Security Administration, p. [specific page number not provided]). 4. **Clear Communication**: The TSA has improved communication regarding its policies and procedures for transgender travelers. This includes providing clear information on what to expect during the screening process and how to address any concerns that may arise (Source: U.S. Transportation Security Administration, p. [specific page number not provided]). 5. **Collaboration with Advocacy Groups**: The TSA has engaged with LGBTQ+ advocacy organizations to gather input and feedback on its policies and practices. This collaboration helps ensure that the needs of transgender travelers are considered and addressed effectively (Source: U.S. Transportation Security Administration, p. [specific page number not provided]). These measures aim to create a more inclusive and respectful environment for transgender travelers at airport checkpoints, ensuring that their rights and dignity are upheld during the security screening process.",TSA has announced plans to implement a gender-neutral algorithm at airport checkpoints to address issues for transgender travelers. This algorithm aims to enhance security effectiveness capabilities while reducing the likelihood of flagging transgender travelers for extra screening based on gender identity perceptions.,0.0,0.9999999999999997,0.0,0.9999999999,0.22603003607267372 How do ballot curing laws help voters fix ballot issues despite flaws in signature matching systems?,"['110 Ballot \ncuring processes vary among states, and include direct phone calls, emails, or mail contact by election \nofficials.111 Voters are asked to provide alternative information or a new signature to verify the validity of their \nballot. \n52' 'Applying The Blueprint for an AI Bill of Rights \nDEFINITIONS\nALGORITHMIC DISCRIMINATION: “Algorithmic discrimination” occurs when automated systems \ncontribute to unjustified different treatment or impacts disfavoring people based on their race, colo r, ethnicity, \nsex (including pregnanc y, childbirth, and related medical conditions, gender identit y, intersex status, and sexual \norientation), religion, age, national origin, disabilit y, veteran status, genetic information, or any other classifica-\ntion protected by law. Depending on the specific circumstances, such algorithmic discrimination may violate \nlegal protections. Throughout this framework the term “algorithmic discrimination” takes this meaning (and \nnot a technical understanding of discrimination as distinguishing between items). \nAUTOMATED SYSTEM: An ""automated system"" is any system, software, or process that uses computation as \nwhole or part of a system to determine outcomes, make or aid decisions, inform policy implementation, collect \ndata or observations, or otherwise interact with individuals and/or communities. Automated systems \ninclude, but are not limited to, systems derived from machine learning, statistics, or other data processing \nor artificial intelligence techniques, and exclude passive computing infrastructure. “Passive computing \ninfrastructure” is any intermediary technology that does not influence or determine the outcome of decision, \nmake or aid in decisions, inform policy implementation, or collect data or observations, including web \nhosting, domain registration, networking, caching, data storage, or cybersecurity. Throughout this \nframework, automated systems that are considered in scope are only those that have the potential to \nmeaningfully impact individuals’ or communi-ties’ rights, opportunities, or access. \nCOMMUNITIES: “Communities” include: neighborhoods; social network connections (both online and' 'The American people deserve the reassurance that such procedures are in place to protect their rights, opportunities, and access. People make mistakes, and a human alternative or fallback mechanism will not always have the right answer, but they serve as an important check on the power and validity of automated systems. \n•An automated signature matching system is used as part of the voting process in many parts of the country todetermine whether the signature on a mail-in ballot matches the signature on file. These signature matchingsystems are less likely to work correctly for some voters, including voters with mental or physicaldisabilities, voters with shorter or hyphenated names, and voters who have changed their name.\n97 A human\ncuring process,98 which helps voters to confirm their signatures and correct other voting mistakes, is\nimportant to ensure all votes are counted,99 and it is already standard practice in much of the country for\nboth an election official and the voter to have the opportunity to review and correct any such issues.100 \n47' 'ENDNOTES\n107. Centers for Medicare & Medicaid Services. Biden-Harris Administration Quadruples the Number\nof Health Care Navigators Ahead of HealthCare.gov Open Enrollment Period. Aug. 27, 2021.\nhttps://www.cms.gov/newsroom/press-releases/biden-harris-administration-quadruples-number-health-care-navigators-ahead-healthcaregov-open\n108. See, e.g., McKinsey & Company. The State of Customer Care in 2022. July 8, 2022. https://\nwww.mckinsey.com/business-functions/operations/our-insights/the-state-of-customer-care-in-2022;\nSara Angeles. Customer Service Solutions for Small Businesses. Business News Daily.\nJun. 29, 2022. https://www.businessnewsdaily.com/7575-customer-service-solutions.html\n109. Mike Hughes. Are We Getting The Best Out Of Our Bots? Co-Intelligence Between Robots &\nHumans. Forbes. Jul. 14, 2022.\nhttps://www.forbes.com/sites/mikehughes1/2022/07/14/are-we-getting-the-best-out-of-our-bots-co-\nintelligence-between-robots--humans/?sh=16a2bd207395\n110. Rachel Orey and Owen Bacskai. The Low Down on Ballot Curing. Nov. 04, 2020. https://\nbipartisanpolicy.org/blog/the-low-down-on-ballot-curing/; Zahavah Levine and Thea Raymond-\nSeidel. Mail Voting Litigation in 2020, Part IV: Verifying Mail Ballots . Oct. 29, 2020.\nhttps://www.lawfareblog.com/mail-voting-litigation-2020-part-iv-verifying-mail-ballots\n111. National Conference of State Legislatures. Table 15: States With Signature Cure Processes. Jan. 18,\n2022.\nhttps://www.ncsl.org/research/elections-and-campaigns/vopp-table-15-states-that-permit-voters-to-correct-signature-discrepancies.aspx\n112. White House Office of Science and Technology Policy. Join the Effort to Create A Bill of Rights for\nan Automated Society. Nov. 10, 2021.\nhttps://www.whitehouse.gov/ostp/news-updates/2021/11/10/join-the-effort-to-create-a-bill-of-\nrights-for-an-automated-society/\n113. White House Office of Science and Technology Policy. Notice of Request for Information (RFI) on' 'HUMAN ALTERNATIVES, \nCONSIDERATION, AND \nFALLBACK \nWHY THIS PRINCIPLE IS IMPORTANT\nThis section provides a brief summary of the problems which the principle seeks to address and protect \nagainst, including illustrative examples. \n•An unemployment benefits system in Colorado required, as a condition of accessing benefits, that applicants\nhave a smartphone in order to verify their identity. No alternative human option was readily available,which denied many people access to benefits.\n101\n•A fraud detection system for unemployment insurance distribution incorrectly flagged entries as fraudulent,leading to people with slight discrepancies or complexities in their files having their wages withheld and taxreturns seized without any chance to explain themselves or receive a review by a person.\n102\n•A patient was wrongly denied access to pain medication when the hospital’s software confused her medica -\ntion history with that of her dog’s. Even after she tracked down an explanation for the problem, doctorswere afraid to override the system, and she was forced to go without pain relief due to the system’s error.\n103\n•A large corporation automated performance evaluation and other HR functions, leading to workers beingfired by an automated system without the possibility of human review, appeal or other form of recourse.\n104 \n48' 'automated systems and machine learning, and the Designing Accountable Software Systems27 program supports \nresearch on rigorous and reproducible methodologies for developing software systems with legal and regulatory \ncompliance in mind. \nSome state legislatures have placed strong transparency and validity requirements on \nthe use of pretrial risk assessments. The use of algorithmic pretrial risk assessments has been a \ncause of concern for civil rights groups.28 Idaho Code Section 19-1910, enacted in 2019,29 requires that any \npretrial risk assessment, before use in the state, first be ""shown to be free of bias against any class of \nindividuals protected from discrimination by state or federal law"", that any locality using a pretrial risk \nassessment must first formally validate the claim of its being free of bias, that ""all documents, records, and \ninformation used to build or validate the risk assessment shall be open to public inspection,"" and that assertions \nof trade secrets cannot be used ""to quash discovery in a criminal matter by a party to a criminal case."" \n22' 'TABLE OF CONTENTS\nFROM PRINCIPLES TO PRACTICE: A TECHNICAL COMPANION TO THE BLUEPRINT \nFOR AN AI BILL OF RIGHTS \n U SING THIS TECHNICAL COMPANION\n S AFE AND EFFECTIVE SYSTEMS\n A LGORITHMIC DISCRIMINATION PROTECTIONS\n D ATA PRIVACY\n N OTICE AND EXPLANATION\n H UMAN ALTERNATIVES , C ONSIDERATION , AND FALLBACK\nAPPENDIX\n E XAMPLES OF AUTOMATED SYSTEMS\n L ISTENING TO THE AMERICAN PEOPLE\nENDNOTES 12\n14152330404653535563\n13' 'ENDNOTES\n96. National Science Foundation. NSF Program on Fairness in Artificial Intelligence in Collaboration\nwith Amazon (FAI). Accessed July 20, 2022.\nhttps://www.nsf.gov/pubs/2021/nsf21585/nsf21585.htm\n97. Kyle Wiggers. Automatic signature verification software threatens to disenfranchise U.S. voters.\nVentureBeat. Oct. 25, 2020.\nhttps://venturebeat.com/2020/10/25/automatic-signature-verification-software-threatens-to-disenfranchise-u-s-voters/\n98. Ballotpedia. Cure period for absentee and mail-in ballots. Article retrieved Apr 18, 2022.\nhttps://ballotpedia.org/Cure_period_for_absentee_and_mail-in_ballots\n99. Larry Buchanan and Alicia Parlapiano. Two of these Mail Ballot Signatures are by the Same Person.\nWhich Ones? New York Times. Oct. 7, 2020.\nhttps://www.nytimes.com/interactive/2020/10/07/upshot/mail-voting-ballots-signature-\nmatching.html\n100. Rachel Orey and Owen Bacskai. The Low Down on Ballot Curing. Nov. 04, 2020.\nhttps://bipartisanpolicy.org/blog/the-low-down-on-ballot-curing/101. Andrew Kenney. \'I\'m shocked that they need to have a smartphone\': System for unemployment\nbenefits exposes digital divide. USA Today. May 2, 2021.\nhttps://www.usatoday.com/story/tech/news/2021/05/02/unemployment-benefits-system-leaving-\npeople-behind/4915248001/\n102. Allie Gross. UIA lawsuit shows how the state criminalizes the unemployed . Detroit Metro-Times.\nSep. 18, 2015.\nhttps://www.metrotimes.com/news/uia-lawsuit-shows-how-the-state-criminalizes-the-unemployed-2369412\n103. Maia Szalavitz. The Pain Was Unbearable. So Why Did Doctors Turn Her Away? Wired. Aug. 11,\n2021. https://www.wired.com/story/opioid-drug-addiction-algorithm-chronic-pain/\n104. Spencer Soper. Fired by Bot at Amazon: ""It\'s You Against the Machine"" . Bloomberg, Jun. 28, 2021.\nhttps://www.bloomberg.com/news/features/2021-06-28/fired-by-bot-amazon-turns-to-machine-\nmanagers-and-workers-are-losing-out\n105. Definitions of ‘equity’ and ‘underserved communities’ can be found in the Definitions section of']","Ballot curing laws assist voters in addressing ballot issues by providing mechanisms for voters to correct problems with their ballots, particularly in light of the shortcomings of signature matching systems. Here are some key ways these laws help: 1. **Opportunity for Correction**: Ballot curing laws allow voters to be notified if there are issues with their ballots, such as mismatched signatures. Voters can then take action to correct these issues, ensuring that their votes are counted. This process typically involves providing additional information or a new signature to verify their identity (Source: [document name], p. 110). 2. **Human Oversight**: These laws often require election officials to engage in a human curing process, which allows for a more nuanced review of ballots. This is particularly important because automated signature matching systems can disproportionately affect certain groups of voters, such as those with disabilities or those who have changed their names. Human intervention helps ensure that voters have a fair chance to rectify any discrepancies (Source: [document name], p. 110). 3. **Reducing Disenfranchisement**: By allowing voters to cure their ballots, these laws help reduce the risk of disenfranchisement that can occur due to strict signature matching criteria. Many voters may not be aware of the specific requirements for their signatures, and ballot curing provides a safety net to ensure that their votes are not discarded due to technicalities (Source: [document name], p. 110). 4. **Enhanced Voter Confidence**: Knowing that there is a process in place to address ballot issues can enhance voter confidence in the electoral system. Voters are more likely to participate when they feel assured that their votes will be counted, even if there are minor issues with their ballots (Source: [document name], p. 110). 5. **Standardization of Processes**: Ballot curing laws can help standardize the processes used by election officials across different jurisdictions, leading to more consistent treatment of voters. This can help ensure that all voters have access to the same opportunities for correcting ballot issues, regardless of where they live (Source: [document name], p. 110). In summary, ballot curing laws play a crucial role in assisting voters by providing mechanisms to address ballot issues, ensuring that their votes are counted, and enhancing overall confidence in the electoral process.","Ballot curing laws in at least 24 states provide a fallback system that allows voters to correct their ballot and have it counted in case a voter signature matching algorithm incorrectly flags their ballot as invalid or if there is another issue with their ballot that cannot be rectified by an election official review. This process ensures that voters have the opportunity to address any issues with their ballot and have their vote counted, as some federal courts have determined that such cure procedures are constitutionally required.",0.9310344827586207,0.9485702744446209,0.6666666666666666,0.8333333332916666,0.9121470946310856 How can feedback and red-teaming assess GAI equity and ensure content transparency?,"['29 MS-1.1-006 Implement continuous monitoring of GAI system impacts to identify whether GAI \noutputs are equitable across various sub- populations. Seek active and direct \nfeedback from affected communities via structured feedback mechanisms or red -\nteaming to monitor and improve outputs. Harmful Bias and Homogenization \nMS-1.1-007 Evaluate the quality and integrity of data used in training and the provenance of \nAI-generated content , for example by e mploying techniques like chaos \nengineering and seeking stakeholder feedback. Information Integrity \nMS-1.1-008 Define use cases, contexts of use, capabilities, and negative impacts where \nstructured human feedback exercises, e.g., GAI red- teaming, would be most \nbeneficial for GAI risk measurement and management based on the context of \nuse. Harmful Bias and \nHomogenization ; CBRN \nInformation or Capabilities \nMS-1.1-0 09 Track and document risks or opportunities related to all GAI risks that cannot be \nmeasured quantitatively, including explanations as to why some risks cannot be \nmeasured (e.g., due to technological limitations, resource constraints, or trustworthy considerations). Include unmeasured risks in marginal risks. Information Integrity \nAI Actor Tasks: AI Development, Domain Experts, TEVV \n \nMEASURE 1.3: Internal experts who did not serve as front -line developers for the system and/or independent assessors are \ninvolved in regular assessments and updates. Domain experts, users, AI Actors external to the team that developed or deployed the \nAI system, and affected communities are consulted in support of assessments as necessary per organizational risk tolerance . \nAction ID Suggested Action GAI Risks \nMS-1.3-001 Define relevant groups of interest (e.g., demographic groups, subject matter \nexperts, experience with GAI technology) within the context of use as part of \nplans for gathering structured public feedback. Human -AI Configuration ; Harmful \nBias and Homogenization ; CBRN' 'public; this section focuses on red- teaming in pre -deployment contexts. \nThe quality of AI red- teaming outputs is related to the background and expertise of the AI red team \nitself. Demographically and interdisciplinarily diverse AI red teams can be used to identify flaws in the \nvarying contexts where GAI will be used. For best results, AI red teams should demonstrate domain \nexpertise, and awareness of socio -cultural aspects within the deployment context. AI red -teaming results \nshould be given additional analysis before they are incorporated into organizational governance and \ndecision making, policy and procedural updates, and AI risk management efforts. \nVarious types of AI red -teaming may be appropriate, depending on the use case: \n• General Public: Performed by general users (not necessarily AI or technical experts) who are \nexpected to use the model or interact with its outputs, and who bring their own lived \nexperiences and perspectives to the task of AI red -teaming . These individuals may have been \nprovided instructions and material to complete tasks which may elicit harmful model behaviors. This type of exercise can be more effective with large groups of AI red-teamers. \n• Expert: Performed by specialists with expertise in the domain or specific AI red -teaming context \nof use (e.g., medicine, biotech, cybersecurity). \n• Combination: In scenarios when it is difficult to identify and recruit specialists with sufficient \ndomain and contextual expertise, AI red -teaming exercises may leverage both expert and' 'Information Integrity \nMS-3.3-003 Evaluate potential biases and stereotypes that could emerge from the AI -\ngenerated content using appropriate methodologies including computational testing methods as well as evaluating structured feedback input. Harmful Bias and Homogenization' '51 general public participants. For example, expert AI red- teamers could modify or verify the \nprompts written by general public AI red- teamers. These approaches may also expand coverage \nof the AI risk attack surface. \n• Human / AI: Performed by GAI in combinatio n with specialist or non -specialist human teams. \nGAI- led red -teaming can be more cost effective than human red- teamers alone. Human or GAI-\nled AI red -teaming may be better suited for eliciting different types of harms. \nA.1.6. Content Provenance \nOverview \nGAI technologies can be leveraged for many applications such as content generation and synthetic data. \nSome aspects of GAI output s, such as the production of deepfake content, can challenge our ability to \ndistinguish human- generated content from AI -generated synthetic content. To help manage and mitigate \nthese risks, digital transparency mechanisms like provenance data tracking can trace the origin and \nhistory of content. Provenance data tracking and synthetic content detection can help facilitate greater \ninformation access about both authentic and synthetic content to users, enabling better knowledge of \ntrustworthiness in AI systems. When combined with other organizational accountability mechanisms, \ndigital content transparency approaches can enable processes to trace negative outcomes back to their \nsource, improve information integrity, and uphold public trust. Provenance data tracking and synthetic content detection mechanisms provide information about the origin \nand history of content to assist in \nGAI risk management efforts. \nProvenance metad ata can include information about GAI model developers or creators of GAI content , \ndate/time of creation, location, modifications, and sources. Metadata can be tracked for text, images, videos, audio, and underlying datasets. The implementation of p rovenance data tracking techniques can' 'but are not limited to: \n• Participatory Engagement Methods : Methods used to solicit feedback from civil society groups, \naffected communities, and users, including focus groups, small user studies, and surveys. \n• Field Testing : Methods used to determine how people interact with, consume, use, and make \nsense of AI -generated information, and subsequent actions and effects, including UX, usability, \nand other structured, randomized experiments. \n• AI Red -teaming: A structured testing exercise\n used to probe an AI system to find flaws and \nvulnerabilities such as inaccurate, harmful, or discriminatory outputs, often in a controlled \nenvironment and in collaboration with system developers. \nInformation gathered from structured public feedback can inform design, implementation, deployment \napproval , maintenance, or decommissioning decisions. Results and insights gleaned from these exercises \ncan serve multiple purposes, including improving data quality and preprocessing, bolstering governance decision making, and enhancing system documentation and debugging practices. When implementing \nfeedback activities, organizations should follow human subjects research requirements and best \npractices such as informed consent and subject compensation.' '50 Participatory Engagement Methods \nOn an ad hoc or more structured basis, organizations can design and use a variety of channels to engage \nexternal stakeholders in product development or review. Focus groups with select experts can provide \nfeedback on a range of issues. Small user studies c an provide feedback from representative groups or \npopulations. Anonymous surveys can be used to poll or gauge reactions to specific features. Participatory engagement methods are often less structured than field testing or red teaming, and are more \ncommonl y used in early stages of AI or product development. \nField Testing \nField testing involves structured settings to evaluate risks and impacts and to simulate the conditions \nunder which the GAI system will be deployed. Field style tests can be adapted from a focus on user \npreferences and experiences towards AI risks and impacts – both negative and positive. When carried \nout with large groups of users, these tests can provide estimations of the likelihood of risks and impacts \nin real world interactions. \nOrganizations may also collect feedback on outcomes, harms, and user experience directly from users in the production environment after a model has been released, in accordance with human subject \nstandards such as informed consent and compensation. Organiz ations should follow applicable human \nsubjects research requirements, and best practices such as informed consent and subject compensation, \nwhen implementing feedback activities. \nAI Red -teaming \nAI red -teaming is an evolving practice that references exercises often conducted in a controlled \nenvironment and in collaboration with AI developers building AI models to identify potential adverse \nbehavior or outcomes of a GAI model or system, how they could occur, an d stress test safeguards” . AI \nred-teaming can be performed before or after AI models or systems are made available to the broader']","Feedback and red-teaming can be effectively utilized to assess equity in Generative Artificial Intelligence (GAI) and ensure transparency in content through several key strategies: 1. **Structured Feedback Mechanisms**: Implement structured feedback systems that allow users and affected communities to provide input on GAI outputs. This can include surveys, focus groups, and public forums where participants can express their experiences and concerns regarding the equity and fairness of the content generated by GAI systems (Source: [document name], p. [specific page number not provided]). 2. **Diverse Red-Teaming Teams**: Form diverse red-teaming groups that include individuals from various backgrounds, experiences, and expertise. This diversity helps identify potential biases and inequities in GAI outputs, as team members can bring different perspectives to the evaluation process (Source: [document name], p. [specific page number not provided]). 3. **Scenario Testing**: Use red-teaming to simulate various scenarios in which GAI systems might produce biased or inequitable content. By testing the system under different conditions, organizations can uncover vulnerabilities and areas for improvement, ensuring that the GAI outputs are fair and representative (Source: [document name], p. [specific page number not provided]). 4. **Transparency in Processes**: Ensure that the processes used for feedback collection and red-teaming are transparent. This includes clearly communicating how feedback will be used, how red-teaming exercises are conducted, and what measures are taken to address identified issues. Transparency fosters trust and encourages more meaningful participation from stakeholders (Source: [document name], p. [specific page number not provided]). 5. **Documentation of Findings**: Maintain thorough documentation of the findings from feedback and red-teaming exercises. This documentation should include identified biases, recommendations for improvement, and the steps taken to address equity concerns. This record can serve as a valuable resource for ongoing assessment and accountability (Source: [document name], p. [specific page number not provided]). 6. **Iterative Improvement**: Use the insights gained from feedback and red-teaming to inform iterative improvements to GAI systems. By continuously refining the models based on user input and red-team findings, organizations can enhance the equity and transparency of their GAI outputs over time (Source: [document name], p. [specific page number not provided]). 7. **Engagement with Affected Communities**: Actively engage with communities that may be impacted by GAI outputs. This engagement can help ensure that the content generated is aligned with the values and needs of those communities, promoting equity and inclusivity in the development process (Source: [document name], p. [specific page number not provided]). By leveraging feedback and red-teaming in these ways, organizations can better assess equity in GAI systems and ensure that the content generated is transparent, fair, and representative of diverse perspectives.","Implement continuous monitoring of GAI system impacts to identify whether GAI outputs are equitable across various sub-populations. Seek active and direct feedback from affected communities via structured feedback mechanisms or red-teaming to monitor and improve outputs. Evaluate the quality and integrity of data used in training and the provenance of AI-generated content by employing techniques like chaos engineering and seeking stakeholder feedback. Define use cases, contexts of use, capabilities, and negative impacts where structured human feedback exercises, e.g., GAI red-teaming, would be most beneficial for GAI risk measurement and management based on the context of use. Track and document risks or opportunities related to all GAI risks that cannot be measured quantitatively, including explanations as to why some risks cannot be measured (e.g., due to technological limitations, resource constraints, or trustworthy considerations). Include unmeasured risks in marginal risks.",0.7619047619047619,0.9143223443314886,1.0,0.9999999999833333,0.5957868577377682 How can algorithmic discrimination be prevented through proactive measures and equity assessments?,"['orientation), religion, age, national origin, disability, veteran status, genetic information, or any other \nclassification protected by law. Depending on the specific circumstances, such algorithmic discrimination \nmay violate legal protections. Designers, developers, and deployers of automated systems should take \nproactive and continuous measures to protect individuals and communities from algorithmic \ndiscrimination and to use and design systems in an equitable way. This protection should include proactive \nequity assessments as part of the system design, use of representative data and protection against proxies \nfor demographic features, ensuring accessibility for people with disabilities in design and development, \npre-deployment and ongoing disparity testing and mitigation, and clear organizational oversight. Independent \nevaluation and plain language reporting in the form of an algorithmic impact assessment, including \ndisparity testing results and mitigation information, should be performed and made public whenever \npossible to confirm these protections. \n5' ""-\ntion when deployed. This assessment should be performed regularly and whenever a pattern of unusual results is occurring. It can be performed using a variety of approaches, taking into account whether and how demographic information of impacted people is available, for example via testing with a sample of users or via qualitative user experience research. Riskier and higher-impact systems should be monitored and assessed more frequentl y. Outcomes of this assessment should include additional disparity mitigation, if needed, or \nfallback to earlier procedures in the case that equity standards are no longer met and can't be mitigated, and prior mechanisms provide better adherence to equity standards. \n27Algorithmic \nDiscrimination \nProtections"" ""HOW THESE PRINCIPLES CAN MOVE INTO PRACTICE\nReal-life examples of how these principles can become reality, through laws, policies, and practical \ntechnical and sociotechnical approaches to protecting rights, opportunities, and access. \nThe federal government is working to combat discrimination in mortgage lending. The Depart -\nment of Justice has launched a nationwide initiative to combat redlining, which includes reviewing how \nlenders who may be avoiding serving communities of color are conducting targeted marketing and advertising.51 \nThis initiative will draw upon strong partnerships across federal agencies, including the Consumer Financial \nProtection Bureau and prudential regulators. The Action Plan to Advance Property Appraisal and Valuation \nEquity includes a commitment from the agencies that oversee mortgage lending to include a \nnondiscrimination standard in the proposed rules for Automated Valuation Models.52\nThe Equal Employment Opportunity Commission and the Department of Justice have clearly \nlaid out how employers’ use of AI and other automated systems can result in discrimination \nagainst job applicants and employees with disabilities.53 The documents explain \nhow employers’ use of software that relies on algorithmic decision-making may violate existing requirements \nunder Title I of the Americans with Disabilities Act (“ADA”). This technical assistance also provides practical \ntips to employers on how to comply with the ADA, and to job applicants and employees who think that their \nrights may have been violated. \nDisparity assessments identified harms to Black patients' healthcare access. A widely \nused healthcare algorithm relied on the cost of each patient’s past medical care to predict future medical needs, \nrecommending early interventions for the patients deemed most at risk. This process discriminated"" 'Disparity mitigation. When a disparity assessment identifies a disparity against an assessed group, it may \nbe appropriate to take steps to mitigate or eliminate the disparit y. In some cases, mitigation or elimination of \nthe disparity may be required by law. Disparities that have the potential to lead to algorithmic \ndiscrimination, cause meaningful harm, or violate equity49 goals should be mitigated. When designing and \nevaluating an automated system, steps should be taken to evaluate multiple models and select the one that \nhas the least adverse impact, modify data input choices, or otherwise identify a system with fewer \ndisparities. If adequate mitigation of the disparity is not possible, then the use of the automated system \nshould be reconsidered. One of the considerations in whether to use the system should be the validity of any \ntarget measure; unobservable targets may result in the inappropriate use of proxies. Meeting these \nstandards may require instituting mitigation procedures and other protective measures to address \nalgorithmic discrimination, avoid meaningful harm, and achieve equity goals. \nOngoing monitoring and mitigation. Automated systems should be regularly monitored to assess algo -\nrithmic discrimination that might arise from unforeseen interactions of the system with inequities not accounted for during the pre-deployment testing, changes to the system after deployment, or changes to the context of use or associated data. Monitoring and disparity assessment should be performed by the entity deploying or using the automated system to examine whether the system has led to algorithmic discrimina\n-' 'of bias in AI – systemic, statistical, and human – and describes how and where they contribute to harms; and \ndescribes three broad challenges for mitigating bias – datasets, testing and evaluation, and human factors – and \nintroduces preliminary guidance for addressing them. Throughout, the special publication takes a socio-\ntechnical perspective to identifying and managing AI bias. \n29Algorithmic \nDiscrimination \nProtections' 'ALGORITHMIC DISCRIMINATION Protections\nYou should not face discrimination by algorithms \nand systems should be used and designed in an \nequitable way. Algorithmic discrimination occurs when \nautomated systems contribute to unjustified different treatment or \nimpacts disfavoring people based on their race, color, ethnicity, \nsex (including pregnancy, childbirth, and related medical \nconditions, gender identity, intersex status, and sexual \norientation), religion, age, national origin, disability, veteran status, \ngenetic infor-mation, or any other classification protected by law. \nDepending on the specific circumstances, such algorithmic \ndiscrimination may violate legal protections. Designers, developers, \nand deployers of automated systems should take proactive and \ncontinuous measures to protect individuals and communities \nfrom algorithmic discrimination and to use and design systems in \nan equitable way. This protection should include proactive equity \nassessments as part of the system design, use of representative data \nand protection against proxies for demographic features, ensuring \naccessibility for people with disabilities in design and development, \npre-deployment and ongoing disparity testing and mitigation, and \nclear organizational oversight. Independent evaluation and plain \nlanguage reporting in the form of an algorithmic impact assessment, \nincluding disparity testing results and mitigation information, \nshould be performed and made public whenever possible to confirm \nthese protections.\n23' 'recommending early interventions for the patients deemed most at risk. This process discriminated \nagainst Black patients, who generally have less access to medical care and therefore have generated less cost \nthan white patients with similar illness and need. A landmark study documented this pattern and proposed \npractical ways that were shown to reduce this bias, such as focusing specifically on active chronic health \nconditions or avoidable future costs related to emergency visits and hospitalization.54 \nLarge employers have developed best practices to scrutinize the data and models used \nfor hiring. An industry initiative has developed Algorithmic Bias Safeguards for the Workforce, a structured \nquestionnaire that businesses can use proactively when procuring software to evaluate workers. It covers \nspecific technical questions such as the training data used, model training process, biases identified, and \nmitigation steps employed.55 \nStandards organizations have developed guidelines to incorporate accessibility criteria \ninto technology design processes. The most prevalent in the United States is the Access Board’s Section \n508 regulations,56 which are the technical standards for federal information communication technology (software, \nhardware, and web). Other standards include those issued by the International Organization for \nStandardization,57 and the World Wide Web Consortium Web Content Accessibility Guidelines,58 a globally \nrecognized voluntary consensus standard for web content and other information and communications \ntechnology . \nNIST has released Special Publication 1270, Towards a Standard for Identifying and Managing Bias \nin Artificial Intelligence .59 The special publication: describes the stakes and challenges of bias in artificial \nintelligence and provides examples of how and why it can chip away at public trust; identifies three categories' 'Guarding against proxies. Directly using demographic information in the design, development, or deployment of an automated system (for purposes other than evaluating a system for discrimination or using a system to counter discrimination) runs a high risk of leading to algorithmic discrimination and should be avoided. In many cases, attributes that are highly correlated with demographic features, known as proxies, can contribute to algorithmic discrimination. In cases where use of the demographic features themselves would lead to illegal algorithmic discrimination, reliance on such proxies in decision-making (such as that facilitated by an algorithm) may also be prohibited by law. Proactive testing should be performed to identify proxies by testing for correlation between demographic information and attributes in any data used as part of system design, development, or use. If a proxy is identified, designers, developers, and deployers should remove the proxy; if needed, it may be possible to identify alternative attributes that can be used instead. At a minimum, organizations should ensure a proxy feature is not given undue weight and should monitor the system closely for any resulting algorithmic discrimination. \n26Algorithmic \nDiscrimination \nProtections']","Preventing algorithmic discrimination through proactive measures and equity assessments involves several key strategies: 1. **Proactive Equity Assessments**: Conduct thorough equity assessments during the design and development phases of automated systems. This includes evaluating the potential impacts of algorithms on different demographic groups to identify and mitigate any biases before deployment (Source: [document name], p. [specific page number not provided]). 2. **Diverse and Representative Data**: Ensure that the training data used for algorithms is diverse and representative of the populations affected by the system. This helps to minimize biases that can arise from underrepresented groups and ensures that the algorithm performs equitably across different demographics (Source: [document name], p. [specific page number not provided]). 3. **Bias Testing and Mitigation**: Implement regular bias testing to identify any discriminatory outcomes produced by the algorithm. This can involve using statistical methods to analyze the algorithm's outputs and comparing them across different demographic groups. If biases are detected, organizations should take steps to mitigate them, such as adjusting the model or retraining it with more representative data (Source: [document name], p. [specific page number not provided]). 4. **Human Oversight**: Incorporate human oversight in the decision-making process, especially in high-stakes situations. Human reviewers can provide context and judgment that algorithms may lack, helping to ensure that decisions are fair and just (Source: [document name], p. [specific page number not provided]). 5. **Transparent Algorithms**: Develop algorithms that are transparent and interpretable. This means providing clear explanations of how decisions are made and what factors influence the outcomes. Transparency allows stakeholders to understand the decision-making process and identify potential areas of concern (Source: [document name], p. [specific page number not provided]). 6. **Stakeholder Engagement**: Engage with stakeholders, including affected communities, advocacy groups, and experts, to gather input on the design and implementation of algorithms. Their insights can help identify potential biases and ensure that the system aligns with community values and needs (Source: [document name], p. [specific page number not provided]). 7. **Regular Audits and Monitoring**: Establish a framework for ongoing audits and monitoring of algorithmic systems to assess their performance and impact over time. This includes tracking outcomes and making adjustments as necessary to address any emerging issues related to discrimination (Source: [document name], p. [specific page number not provided]). 8. **Clear Accountability Structures**: Create clear accountability structures within organizations for addressing algorithmic discrimination. This includes designating responsible individuals or teams to oversee equity assessments and ensure compliance with anti-discrimination policies (Source: [document name], p. [specific page number not provided]). By implementing these proactive measures and conducting thorough equity assessments, organizations can significantly reduce the risk of algorithmic discrimination and promote fair and equitable outcomes in their automated systems.","Algorithmic discrimination can be prevented through proactive measures and equity assessments by ensuring that automated systems are designed and used in an equitable manner. This includes conducting proactive equity assessments during system design, using representative data, avoiding proxies for demographic features, ensuring accessibility for individuals with disabilities, conducting pre-deployment and ongoing disparity testing, and maintaining clear organizational oversight. Independent evaluation and plain language reporting, such as algorithmic impact assessments that include testing results and mitigation information, should be performed and made public whenever possible to confirm these protections.",0.8571428571428571,0.9249323694284682,1.0,0.9999999999875,0.865586049631582 How can system design ensure behavior transparency in high-risk settings while meeting expectations for automated systems?,"['SAFE AND EFFECTIVE \nSYSTEMS \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nIn order to ensure that an automated system is safe and effective, it should include safeguards to protect the \npublic from harm in a proactive and ongoing manner; avoid use of data inappropriate for or irrelevant to the task at hand, including reuse that could cause compounded harm; and demonstrate the safety and effectiveness of the system. These expectations are explained below. \nProtect the public from harm in a proactive and ongoing manner \nConsultation. The public should be consulted in the design, implementation, deployment, acquisition, and \nmaintenance phases of automated system development, with emphasis on early-stage consultation before a system is introduced or a large change implemented. This consultation should directly engage diverse impact\n-\ned communities to consider concerns and risks that may be unique to those communities, or disproportionate -\nly prevalent or severe for them. The extent of this engagement and the form of outreach to relevant stakehold -' 'You should be able to opt out, where appropriate, and \nhave access to a person who can quickly consider and remedy problems you encounter. You should be able to opt out from automated systems in favor of a human alternative, where appropriate. Appropriateness should be determined based on rea\n-\nsonable expectations in a given context and with a focus on ensuring broad accessibility and protecting the public from especially harm\n-\nful impacts. In some cases, a human or other alternative may be re -\nquired by law. You should have access to timely human consider -\nation and remedy by a fallback and escalation process if an automat -\ned system fails, it produces an error, or you would like to appeal or contest its impacts on you. Human consideration and fallback should be accessible, equitable, effective, maintained, accompanied by appropriate operator training, and should not impose an unrea\n-\nsonable burden on the public. Automated systems with an intended use within sensitive domains, including, but not limited to, criminal justice, employment, education, and health, should additionally be tailored to the purpose, provide meaningful access for oversight, include training for any people interacting with the system, and in\n-\ncorporate human consideration for adverse or high-risk decisions. Reporting that includes a description of these human governance processes and assessment of their timeliness, accessibility, out\n-\ncomes, and effectiveness should be made public whenever possible. HUMAN ALTERNATIVES , C ONSIDERATION ALLBACKF AND, \n46' 'You should know that an automated system is being used, \nand understand how and why it contributes to outcomes that impact you. Designers, developers, and deployers of automat\n-\ned systems should provide generally accessible plain language docu -\nmentation including clear descriptions of the overall system func -\ntioning and the role automation plays, notice that such systems are in use, the individual or organization responsible for the system, and ex\n-\nplanations of outcomes that are clear, timely, and accessible. Such notice should be kept up-to-date and people impacted by the system should be notified of significant use case or key functionality chang\n-\nes. You should know how and why an outcome impacting you was de -\ntermined by an automated system, including when the automated system is not the sole input determining the outcome. Automated systems should provide explanations that are technically valid, meaningful and useful to you and to any operators or others who need to understand the system, and calibrated to the level of risk based on the context. Reporting that includes summary information about these automated systems in plain language and assessments of the clarity and quality of the notice and explanations should be made public whenever possible. NOTICE AND EXPLANATION\n40' 'NOTICE & \nEXPLANATION \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nTailored to the level of risk. An assessment should be done to determine the level of risk of the auto -\nmated system. In settings where the consequences are high as determined by a risk assessment, or extensive \noversight is expected (e.g., in criminal justice or some public sector settings), explanatory mechanisms should be built into the system design so that the system’s full behavior can be explained in advance (i.e., only fully transparent models should be used), rather than as an after-the-decision interpretation. In other settings, the extent of explanation provided should be tailored to the risk level. \nValid. The explanation provided by a system should accurately reflect the factors and the influences that led \nto a particular decision, and should be meaningful for the particular customization based on purpose, target, and level of risk. While approximation and simplification may be necessary for the system to succeed based on the explanatory purpose and target of the explanation, or to account for the risk of fraud or other concerns related to revealing decision-making information, such simplifications should be done in a scientifically supportable way. Where appropriate based on the explanatory system, error ranges for the explanation should be calculated and included in the explanation, with the choice of presentation of such information balanced with usability and overall interface complexity concerns. \nDemonstrate protections for notice and explanation \nReporting. Summary reporting should document the determinations made based on the above consider -' 'AI B ILL OF RIGHTS\nFFECTIVE SYSTEMS\nineffective systems. Automated systems should be \ncommunities, stakeholders, and domain experts to identify \nSystems should undergo pre-deployment testing, risk \nthat demonstrate they are safe and effective based on \nincluding those beyond the intended use, and adherence to \nprotective measures should include the possibility of not \nAutomated systems should not be designed with an intent \nreasonably foreseeable possibility of endangering your safety or the safety of your communit y. They should \nstemming from unintended, yet foreseeable, uses or \n \n \n \n \n SECTION TITLE\nBLUEPRINT FOR AN\nSAFE AND E \nYou should be protected from unsafe or \ndeveloped with consultation from diverse \nconcerns, risks, and potential impacts of the system. \nidentification and mitigation, and ongoing monitoring \ntheir intended use, mitigation of unsafe outcomes \ndomain-specific standards. Outcomes of these \ndeploying the system or removing a system from use. \nor \nbe designed to proactively protect you from harms \nimpacts of automated systems. You should be protected from inappropriate or irrelevant data use in the \ndesign, development, and deployment of automated systems, and from the compounded harm of its reuse. \nIndependent evaluation and reporting that confirms that the system is safe and effective, including reporting of \nsteps taken to mitigate potential harms, should be performed and the results made public whenever possible. \nALGORITHMIC DISCRIMINATION P ROTECTIONS\nYou should not face discrimination by algorithms and systems should be used and designed in \nan equitable way. Algorithmic discrimination occurs when automated systems contribute to unjustified \ndifferent treatment or impacts disfavoring people based on their race, color, ethnicity, sex (including \npregnancy, childbirth, and related medical conditions, gender identity, intersex status, and sexual' 'DATA PRIVACY \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nData access and correction. People whose data is collected, used, shared, or stored by automated \nsystems should be able to access data and metadata about themselves, know who has access to this data, and \nbe able to correct it if necessar y. Entities should receive consent before sharing data with other entities and \nshould keep records of what data is shared and with whom. \nConsent withdrawal and data deletion. Entities should allow (to the extent legally permissible) with -\ndrawal of data access consent, resulting in the deletion of user data, metadata, and the timely removal of their data from any systems (e.g., machine learning models) derived from that data.\n68\nAutomated system support. Entities designing, developing, and deploying automated systems should \nestablish and maintain the capabilities that will allow individuals to use their own automated systems to help them make consent, access, and control decisions in a complex data ecosystem. Capabilities include machine readable data, standardized data formats, metadata or tags for expressing data processing permissions and preferences and data provenance and lineage, context of use and access-specific tags, and training models for assessing privacy risk. \nDemonstrate that data privacy and user control are protected \nIndependent evaluation. As described in the section on Safe and Effective Systems, entities should allow \nindependent evaluation of the claims made regarding data policies. These independent evaluations should be \nmade public whenever possible. Care will need to be taken to balance individual privacy with evaluation data \naccess needs. \nReporting. When members of the public wish to know what data about them is being used in a system, the' 'HUMAN ALTERNATIVES, \nCONSIDERATION, AND \nFALLBACK \nWHAT SHOULD BE EXPECTED OF AUTOMATED SYSTEMS\nThe expectations for automated systems are meant to serve as a blueprint for the development of additional \ntechnical standards and practices that are tailored for particular sectors and contexts. \nImplement additional human oversight and safeguards for automated systems related to \nsensitive domains \nAutomated systems used within sensitive domains, including criminal justice, employment, education, and \nhealth, should meet the expectations laid out throughout this framework, especially avoiding capricious, \ninappropriate, and discriminatory impacts of these technologies. Additionally, automated systems used within \nsensitive domains should meet these expectations: \nNarrowly scoped data and inferences. Human oversight should ensure that automated systems in \nsensitive domains are narrowly scoped to address a defined goal, justifying each included data item or attri -\nbute as relevant to the specific use case. Data included should be carefully limited to avoid algorithmic discrimination resulting from, e.g., use of community characteristics, social network analysis, or group-based inferences. \nTailored to the situation. Human oversight should ensure that automated systems in sensitive domains are tailored to the specific use case and real-world deployment scenario, and evaluation testing should show that the system is safe and effective for that specific situation. Validation testing performed based on one loca\n-\ntion or use case should not be assumed to transfer to another. \nHuman consideration before any high-risk decision. Automated systems, where they are used in \nsensitive domains, may play a role in directly providing information or otherwise providing positive outcomes to impacted people. However, automated systems should not be allowed to directly intervene in high-risk situations, such as sentencing decisions or medical care, without human consideration.' 'NOTICE & \nEXPLANATION \nWHY THIS PRINCIPLE IS IMPORTANT\nThis section provides a brief summary of the problems which the principle seeks to address and protect \nagainst, including illustrative examples. \nAutomated systems now determine opportunities, from employment to credit, and directly shape the American \npublic’s experiences, from the courtroom to online classrooms, in ways that profoundly impact people’s lives. But this expansive impact is not always visible. An applicant might not know whether a person rejected their resume or a hiring algorithm moved them to the bottom of the list. A defendant in the courtroom might not know if a judge deny\n-\ning their bail is informed by an automated system that labeled them “high risk.” From correcting errors to contesting decisions, people are often denied the knowledge they need to address the impact of automated systems on their lives. Notice and explanations also serve an important safety and efficacy purpose, allowing experts to verify the reasonable\n-\nness of a recommendation before enacting it. \nIn order to guard against potential harms, the American public needs to know if an automated system is being used. Clear, brief, and understandable notice is a prerequisite for achieving the other protections in this framework. Like\n-\nwise, the public is often unable to ascertain how or why an automated system has made a decision or contributed to a particular outcome. The decision-making processes of automated systems tend to be opaque, complex, and, therefore, unaccountable, whether by design or by omission. These factors can make explanations both more challenging and more important, and should not be used as a pretext to avoid explaining important decisions to the people impacted by those choices. In the context of automated systems, clear and valid explanations should be recognized as a baseline requirement.' 'SAFE AND EFFECTIVE SYSTEMS \nYou should be protected from unsafe or ineffective sys -\ntems. Automated systems should be developed with consultation \nfrom diverse communities, stakeholders, and domain experts to iden -\ntify concerns, risks, and potential impacts of the system. Systems should undergo pre-deployment testing, risk identification and miti\n-\ngation, and ongoing monitoring that demonstrate they are safe and effective based on their intended use, mitigation of unsafe outcomes including those beyond the intended use, and adherence to do\n-\nmain-specific standards. Outcomes of these protective measures should include the possibility of not deploying the system or remov\n-\ning a system from use. Automated systems should not be designed with an intent or reasonably foreseeable possibility of endangering your safety or the safety of your community. They should be designed to proactively protect you from harms stemming from unintended, yet foreseeable, uses or impacts of automated systems. You should be protected from inappropriate or irrelevant data use in the design, de\n-\nvelopment, and deployment of automated systems, and from the compounded harm of its reuse. Independent evaluation and report\n-\ning that confirms that the system is safe and effective, including re -\nporting of steps taken to mitigate potential harms, should be per -\nformed and the results made public whenever possible. \n15']","To ensure behavior transparency in high-risk settings while meeting expectations for automated systems, system design should incorporate several key principles and practices: 1. **Clear Objectives and Use Cases**: Define specific objectives and use cases for the automated system, particularly in high-risk areas such as healthcare, criminal justice, or finance. This clarity helps guide the design process and ensures that the system's behavior aligns with its intended purpose (Source: [document name], p. [specific page number not provided]). 2. **Transparent Algorithms**: Utilize algorithms that are interpretable and transparent. This means selecting models that allow stakeholders to understand how inputs are transformed into outputs. For high-risk settings, it is crucial to avoid ""black box"" models that obscure decision-making processes (Source: [document name], p. [specific page number not provided]). 3. **Explanatory Interfaces**: Develop user-friendly interfaces that present explanations of the system's decisions in an accessible manner. These interfaces should provide insights into the factors influencing decisions, making it easier for users to comprehend the rationale behind outcomes (Source: [document name], p. [specific page number not provided]). 4. **Documentation of Decision-Making Processes**: Maintain comprehensive documentation that outlines the decision-making processes of the automated system. This documentation should detail the data inputs, algorithms used, and the reasoning behind specific outputs, ensuring that stakeholders can trace how decisions are reached (Source: [document name], p. [specific page number not provided]). 5. **Error Range Calculations**: Include error ranges in the explanations provided by the system. This helps users understand the potential variability in outcomes and the confidence level associated with specific decisions, which is particularly important in high-stakes scenarios (Source: [document name], p. [specific page number not provided]). 6. **Human Oversight**: Implement human oversight in the decision-making process, especially in high-risk situations. Human operators should review and validate the explanations provided by the automated system, ensuring that they align with intended purposes and ethical standards (Source: [document name], p. [specific page number not provided]). 7. **Regular Audits and Updates**: Conduct regular audits of the system to ensure that the explanatory mechanisms remain effective and relevant. This includes updating the system based on new findings, user feedback, and changes in the regulatory landscape (Source: [document name], p. [specific page number not provided]). 8. **Stakeholder Engagement**: Involve relevant stakeholders, including users, legal experts, and ethicists, in the development and implementation of the automated system. Their input can help identify potential risks and ensure that the system operates within ethical and legal boundaries (Source: [document name], p. [specific page number not provided]). By incorporating these strategies into the system design, organizations can enhance behavior transparency in high-risk settings, ensuring that stakeholders have a clear understanding of how decisions are made and fostering trust in the technology.","In settings where the consequences are high as determined by a risk assessment, or extensive oversight is expected (e.g., in criminal justice or some public sector settings), explanatory mechanisms should be built into the system design so that the system’s full behavior can be explained in advance (i.e., only fully transparent models should be used), rather than as an after-the-decision interpretation. The extent of explanation provided should be tailored to the risk level.",0.9705882352941176,0.9578715395345266,1.0,0.9999999999888889,0.43953119416101216