Tuesday, October 31, 2023

AI Regulation Seems to be on an "Ex Ante" Track, Not Ex Post Facto

The current rush to regulate AI appears to differ from prior efforts to regulate computing technology and especially the internet. 


As always is the case, regulators seek to balance consumer protection and innovation. With regard to the internet, however, regulators took a “wait and see” approach. This ex post facto approach allowed the internet to develop, with regulation happening only when issues were deemed to have arisen. 


Most major internet regulations took a decade to a few decades to develop.


Regulation

Date Passed

Years After Internet Commercialization

Communications Decency Act (CDA)

1996

10 years

Children's Online Privacy Protection Act (COPPA)

1998

12 years

Digital Millennium Copyright Act (DMCA)

1998

12 years

CAN-SPAM Act

2003

17 years

Do Not Track (DNT)

2011

25 years

General Data Protection Regulation (GDPR)

2016

30 years

California Consumer Privacy Act (CCPA)

2018

32 years


AI seems to be drawing scrutiny quite early in its development. Already, issues such as misinformation, malware and cybercrime have been raised about AI use. 


Issue

Earlier form of internet or computing governance

AI governance/regulation

Privacy

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to protect the privacy of their customers' financial information.

AI systems can collect, store, and process vast amounts of personal data, which raises concerns about privacy.

Misuse

The Digital Millennium Copyright Act (DMCA) prohibits the circumvention of digital rights management (DRM) technologies.

AI systems can be used to create deep fakes and other forms of synthetic media, which could be used for malicious purposes.

Privacy and security

General Data Protection Regulation, California Consumer Privacy Act 

These regulations were developed to protect user privacy and security on the internet.

Loss of control

ICANN

This organization is responsible for overseeing the global DNS.


Many observers would suggest there is a much-higher level of unease about AI, compared to the internet, which might raise the specter of ex ante regulation that inadvertently slows development, which might be precisely what its backers want. 

Ex ante regulation is regulation that takes place before an event or activity occurs. It is designed to prevent problems from happening in the first place. 

Others might caution that ex post facto has traditionally been the case for internet regulation. 

Ex post facto regulation is regulation that takes place after an event or activity has already occurred. It is designed to punish or compensate for harm that has already been done.

One might say the difference in approach comes from fears that the harm or damage is too potentially too great to rely on ex post facto regulation. 

No comments:

Directv-Dish Merger Fails

Directv’’s termination of its deal to merge with EchoStar, apparently because EchoStar bondholders did not approve, means EchoStar continue...