AI regulation is one of the hottest topics in politics right now, with 1,500 AI-related state laws already introduced this year. And last month, the current U.S. administration promulgated a controversial legislative framework that simultaneously tries to minimize state regulation and advance its own policy goals. The problem is, most of these proposals are misguided; they focus on tools rather than on the systems and people that use them.
Regulators need a holistic view of AI systems to prevent harms like deepfakes without sacrificing the benefits of the technology. Fortunately, while AI is perceived as an entirely new challenge for governance, the U.S. has a deep history of oversight for algorithm-based systems to draw upon.
We have more experience with automated decision-making systems, of which AI is the latest variant, than is popularly appreciated. The IRS first used computers and algorithms to select taxpayer returns to audit in 1962. The first U.S. autonomous weapons platform, the Navy’s Aegis system, entered service in 1983. FICO’s credit score, produced via algorithm, made its debut in 1989.
When I joined the software company Lotus in 1996, it already offered automated workflow and e-commerce applications over intranets. AI differs in degree, but not in kind, from these historical predecessors. The history of algorithmic systems is not only a guiding light for governance; it is a cause for optimism. Society has used computer-driven analysis in critical decisions for decades, with occasional setbacks but considerable progress.
So far, though, policymakers are ignoring the lessons of the past. At the state level, California, Colorado and New York began implementing influential legislation this year. Last December, the current administration issued an executive order that claims to preempt some state laws.
Although these state and federal regulatory approaches diverge significantly in substance and goals, both have the same shortcoming: they try to regulate mathematical models rather than the more complex systems that actually make decisions affecting our lives. They also treat the technology as entirely new, revolutionary and unitary.
AI is not a single type of tool; rather, it is a foundational approach upon which an entire class of technologies is being built. Regulation must take account of the context within which an AI system operates. It makes no more sense to regulate AI categorically than it does to regulate “the Internet,” “computers” or “genetic modification” as a single entity. Chatbots and automated weapon systems have different purposes, users, and needs for safeguards and oversight.
Automated decision-making systems share key characteristics that regulators ought to consider. Humans are always in the loop. People choose when and where to deploy AI systems, what training data to use, what thresholds trigger decisions and when humans can override algorithmic choices.
We also live in a world awash in data. Decision systems must employ automation to be meaningfully informed. Humans can add badly needed flexibility and resilience to hybrid decision-making systems, but only if those systems provide people with meaningful autonomy. Testing is vital to effective system design and governance. Systems are what they do. And AI systems are no more effective than the data upon which they are trained. As programmers have long known, garbage in means garbage out.
Many technologies have been framed as unprecedented, vital and potentially destructive, from recombinant DNA engineering to file-sharing to the blockchain. Each one has ultimately proved amenable to regulation and less revolutionary than predicted.
We will see the same trend with AI. Existing laws and precedent on issues such as copyright, privacy, armed conflict and discrimination should be the first tools regulators employ to manage AI’s challenges, rather than crafting entirely new rules. This will also help policymakers mitigate the difficulty of defining what tools count as AI. Most regulatory definitions are overly broad and littered with carve-outs, so that ChatGPT is covered but calculators are not.
Finally, a shift in perspective is in order: since AI never operates in isolation (humans are always in the loop somewhere), the key governance question is how to design and regulate hybrid systems to enable the respective strengths of people and machines. This involves more considerations than just accuracy; people may perceive human decisionmakers are more capable of empathy, or more capable of bias. One-size-fits-all regulation cannot take into account the values that are embedded in decision systems such as legal rules.
Like automated systems, humans are often biased, unprincipled and poorly informed. Even if human-generated decisions may appear more transparent, people are notorious for finding ways to rationalize decisions after the fact. Regulators need to take a more fulsome view of decision systems, incorporating both humans and AI with their strengths and weaknesses.
Taking AI’s history into account when deciding how to govern this foundational set of technologies can enable us to make the most of their remarkable, promising and evolutionary capabilities.
About the author:
Derek E. Bambauer is the Irving Cypen Professor of Law at the University of Florida Levin College of Law. A former principal systems engineer at IBM, his research concentrates on AI, cybersecurity and intellectual property.
