Small federal agency craft standards to make AI safe, secure and reliable

BOSTON (AP) – No technology since nuclear fission will shape our collective future like artificial intelligence, so it’s imperative that AI systems are safe, secure, reliable and socially responsible.

But unlike the atom bomb, this paradigm shift has been driven almost entirely by the private technology sector, which has been averse to regulation, to say the least. Billions are at stake, making the Biden administration’s task of setting standards for AI safety a major challenge.

To define the parameters, he used a small federal agency, the National Institute of Standards and Technology. NIST tools and measures define products and services from atomic clocks to election security technology and nanomaterials.

Leading the agency’s AI efforts is Elham Tabassi, NIST’s chief AI advisor. She shepherded the AI ​​Risk Management Framework published 12 months ago that laid the groundwork for Biden’s AI executive order on October 30. He cataloged risks such as bias against non-whites and threats to privacy.

Tabassi, who was born in Iran, came to the US in 1994 for her master’s in electrical engineering and joined NIST soon after. She is a principal architect of a standard used by the FBI to measure fingerprint image quality.

This interview with Tabassi has been edited for length and clarity.

Q: Emerging AI technologies have capabilities not even understood by their creators. There isn’t even an agreed dictionary, the technology is so new. You emphasized the importance of creating a dictionary on AI. Why?

A: Most of my work has been in computer vision and machine learning. We then also needed a shared vocabulary to avoid disagreement. One term can mean different things to different people. Talking to each other is especially common in interdisciplinary fields such as AI.

Q: You have said that for your work to be successful you need input not only from computer scientists and engineers but also from lawyers, psychologists, philosophers.

A: AI systems are inherently socio-technical, influenced by environments and conditions of use. They must be tested in real-world conditions to understand risks and impacts. So we have cognitive scientists, social scientists and, yes, philosophers.

Q: This task is a tall order for a small agency, under the Commerce Department, that the Washington Post called “underfunded and understaffed.” How many people at NIST are working on this?

A: First, I want to say that we at NIST have a great history of engaging with broad communities. In putting together the AI ​​risk framework we heard from over 240 different organizations and received something like 660 sets of public comments. In terms of quality of output and impact, we do not seem small. We have more than a dozen people on staff and growing.

Q: Will NIST’s budget increase from the current $1.6 billion given the AI ​​mission?

A: Congress writes the checks for us and we appreciate their support.

Q: The executive order gives you until July to create a set of tools to guarantee the safety and reliability of AI. I understand that was an “almost impossible deadline” at a conference last month.

A: Yes, but I quickly said that this is not the first time we have faced this kind of challenge, that we have a great team, that we are committed and excited. As for the deadline, it’s not like we’re starting from scratch. In June we convened a public working group which focused on four sets of guidelines including the authentication of synthetic materials.

Q: Members of the House Science and Technology Committee said in a letter last month that they learned that NIST intends to make grants or awards through a new AI safety institute — suggesting a lack of transparency. A: Indeed, we are exploring options for a competitive process to support collaborative research opportunities. Our scientific independence is very important to us. Although we run a massive engagement process, we are the final authors of whatever we produce. We never delegate to someone else.

Q: A consortium created to help the AI ​​safety institute has the potential to spark controversy because of industry involvement. What must the consortium members agree to?

A: We posted a template for that agreement on our website at the end of December. Openness and transparency are our hallmark. The template is out there.

Q: The AI ​​risk framework was voluntary but the executive order mandates some obligations for developers. That includes submitting major language models for the government’s red team (testing for risks and vulnerabilities) once they reach a certain threshold in size and computing power. Will NIST be in charge of deciding which models will be red teamed?

A: Our job is to advance the measurement science and standards required for this work. This will include several evaluations. This is something we have done with facial recognition algorithms. As for the tasking (the red team), NIST is not going to do any of those things. Our job is to help industry develop technically sound and scientifically valid standards. We are a non-regulatory, neutral and objective agency.

Q: How AIs are trained and guardrails placed on them can vary widely. And sometimes features like cyber security are an afterthought. How do we guarantee accurate risk assessment and identification – especially when we don’t know which publicly released models have been trained?

A: In the AI ​​risk management framework we came up with a taxonomy of sorts around reliability, emphasizing the importance of addressing it during design, development and deployment — including regular monitoring and evaluations throughout system lifecycles AI. Everyone has learned that we cannot try to fix AI systems after they are out of use. It must be done as soon as possible.

And yes, a lot depends on the use case. Download facial recognition. It’s one thing if I’m using it to unlock my phone. A whole different set of security, privacy and accuracy requirements come into play when, say, law enforcement uses it to try to solve a crime. Trade-offs between convenience and security, bias and privacy — depend on the context of use.

Leave a Reply

Your email address will not be published. Required fields are marked *