It was at a webinar on AI and ethics in July 2024 that I first heard Lord Tim Clement-Jones speak. After hearing him speak I wanted to hear more. I knew I had to get my hands on the AI regulation and policy book that he said he had published.

Living with the Algorithm – Servant or Master? opens with an exploration of the narratives around AI, and how governments have been grappling with regulating a rapidly evolving technology that can be used for good but also for harm. The author’s view is that governments should develop and implement a governance framework that encourages transparency and is designed to gain and develop stakeholder trust.

At this point in time when countries around the world are competing to be the top AI hub and are thinking about whether to regulate AI, how to do so, and what would encourage innovation and investment rather than scare it away, the author makes the pointed comment that focusing on innovation-friendly regulation can mislead regulators and hinder effective governance. Instead, regulators should focus on assessing and calibrating risk, and providing guardrails for high-impact outcomes.

Chapter 2 discusses how many governments identify and plan for AI risks. Chapter 3 examines the impact of AI on democracy and freedom of speech. It talks about how AI has contributed to disinformation, and how countries are trying to mitigate or prevent AI-specific risks to democratic values.

Chapter 4 focuses on public sector adoption of AI technologies, with sections devoted to live facial recognition and autonomous weapons systems. The author argues that even when automated decision making  is not relied upon solely, the impact of such systems across an entire population can be immense in terms of potential discrimination, breach of privacy, and access to justice. As an inhouse lawyer now implementing  AI regulations but who used to work for the government, I found rather interesting the author’s short discussion about the utility of procurement rules and contractual clauses in ensuring the quality of AI systems.

Another enjoyable chapter was Chapter 5, which discusses the complex relationship between AI and intellectual property, and how AI challenges traditional notions of IP rights and ownership. Chapter 6 covers digital skills training and education for the future, the importance of digital literacy, and how to combat digital exclusion and data poverty.

Chapter 7 surveys the landscape of ethical AI principles before talking about legal liability and corporate governance. The author says that boards must have the right skill sets to understand what technology the company is using, and how it is using and managing it, in order to fulfil their oversight role.

He also suggests questions that boards should ask when considering the adoption of AI solutions, questions which I think are pertinent and important, and which I think companies still trying to get AI governance in place will find challenging to answer. Examples are:

• How is ethics around technology included within board governance? How often is ethics and technology discussed by the board?
• How does accountability between the business leadership and technology specialists fit together? Who is accountable at board level for these issues?
• What is the risk appetite of the business for the adoption of new technologies? How is risk assessed?

Chapter 8 looks at the differing approaches to AI regulation adopted by the EU, US, and UK, and the role of international standards. I like that the author devoted space (Chapter 9) to examining geopolitical tensions with China. Finally, Chapter 10 recaps the key themes discussed throughout the book, emphasising the need for thoughtful regulation of AI.

I think that Living with the Algorithm – Servant or Master? is a jewel for policymakers and regulators dealing with AI. For readers in other professions, it will be an insightful introduction to the range of challenges in regulating AI, both challenges that governments have to grapple with as well as challenges that arise because of how governments work.

This book clearly reflects the author’s significant expertise in AI policy. I cannot help but wish that it was much longer than 160 pages with deeper discussions on various topics like mitigating AI risks, IP, and managing geopolitical tensions.

Darren Grayson Chng is a data and tech lawyer in Singapore.

About the book

Living with the Algorithm – Servant or Master? by Tim Clement-Jones

£12.39

Published March 2024

Paperback, 160 pages

ISBN: 1911397923

The post Book Review: Living with the Algorithm – Servant or Master? appeared first on Society for Computers & Law.

Rónán Kennedy reviews a book aimed directly at the legal professional who needs to understand the technology they advise on.

Those who work in law and technology are sure to encounter some aspect of hardware or software that they do not understand, either because it is new or because they simply have not needed to know about it before. In these situations, this book will be a very useful reference. Over 23 chapters, divided into four parts (Computing, Hardware/Software, Data and Programming; Security; Communications; and Artificial Intelligence and Machine Learning), the author provides rapid but reasonably detailed sketches of many aspects of information technology.

The back cover describes the writing style as direct and engaging but it is somewhat rapid and demanding, with a great deal of information packed into very factual sentences, although the author’s views and personality shine through at times. There are more general introductory texts on computing that are more of a gentle read, with illustrations and diagrams, and more text devoted to scene-setting and high-level explanation. However, the intended audience for this volume is busy professionals who probably have some existing exposure to technology and need to ‘get up to speed’ on some specific problem domain for a pressing matter, either a piece of research, a business negotiation, or litigation. For that purpose, the book works well. Reading it cover-to-cover would be a challenging proposition, although one that could be beneficial to the reader in the long term.

I have a somewhat technical background, in a variety of roles (programming, web development, network administration) – enough to chuckle at the mention of the debate on the difference between developers and software engineers – and found that there were things I could learn from this text. Some of this was because best practice technology has changed since my primary focus became the legal academy (the move from Master Boot Record to Globally Unique Identifier partition tables in hard disks, for example). Some was because there are new (or at least new to me) technologies that have become quite important: the most obvious example is so-called ‘artificial intelligence’, which is extensively covered. Although I make an effort to keep up to date, I anticipate returning to this part repeatedly to fill the gaps in my knowledge that I am sure remain, and was glad to see that it places technology in a human and social context, acknowledging and exploring issues of transparency, accuracy, and bias.

The foreword states that the author aims ‘to go one step beyond high-level’ and the book succeeds in that. Technologies are presented in sufficient detail to give the reader a little more than a basic understanding but complexities are generally acknowledged although not explored in depth. (Doing so would make the text much longer and more cumbersome.) For example, the discussion of object-oriented programming refers to inheritance and polymorphism, which are key for programmers to understand, but does not explain them, as they are probably not necessary for a lawyer to grasp except in quite complex circumstances.

There is a strong focus on security, with explanations of risks, guidance on how to avoid them, and many examples of failures to encourage adoption of the author’s wisdom. Given how important cybersecurity is and how much more important it becomes as our workplaces and personal lives are digitally mediated, this is very welcome. Legal issues are mentioned from time to time but not discussed in any detail.

On my reading, the text is generally correct, although there are some minor quibbles. At least two of the samples of program code given contain errors, but given that these are intended as illustrative examples rather than something for the user to type in and use, this might not be important. Also, there are no suggestions for additional reading, but this would not be feasible as it would add significantly to the length and require constant updating.

A free PDF addendum is available on the author’s website, containing diagrams and illustrations, and updates to the text.

Overall, this is a very useful book which any busy professional who regularly finds themselves wondering how some new technology that they have just heard of but need to understand works should have to hand.

About the book

• W. Kuan Hon
• Edward Elgar Publishing
• Publication date: 2024 
• ISBN: 9781803923925 
• 573 pages

Reviewed by Rónán Kennedy, School of Law, University of Galway

The post Technology and Security for Lawyers and Other Professionals appeared first on Society for Computers & Law.

IT Contracts and Dispute Management: A Practitioner’s Guide to the Project Lifecycle is the book that fills this gap for me, a book I wish I had then.

Twenty-one chapters in the book provide guidance on each stage of a technology contract in the form of commentary, from pre-contract to contract negotiation and execution, performance (or non-performance), termination, enforcement, and dispute resolution. In addition it takes into account the latest judicial decisions in relation to technology projects, providing justification for its guidance.

Chapters One, Two and Three discuss the selection of contracting partners, pre-contractual documents such as tenders and letters of intent, project methodology, contract negotiation, as well as types of liability for false pre-contractual statements. Some people may think that it is taboo or negative at this stage to talk about court cases. However I found it helpful that the authors brought in relevant ones to expand on or illustrate certain points made.

Chapter Four touches lightly on the structure of tech contracts. Chapter Five, on breach of contract, estoppel, waiver, acquiescence, and variation. Interestingly it is titled “Housekeeping”, with the authors saying that good project housekeeping will help limit the scope for operational disputes, delays, and a breakdown in the parties’ relationship.

In some companies, project management is left completely to the project team to carry out. Nevertheless I suggest that lawyers still go through Chapter Six, which provides guidance on legal issues that may arise such as  in relation to change control, and what kind of records ought to be kept.

Delivery and acceptance, testing, benchmarking, service credits, and delay are covered in Chapters Seven to Ten. Chapter Eleven contains a decent number of pages on project rescue which I savoured, as the other books on IT contracts that I read were light on project failure. The chapter talks about common approaches to resolving disputes mid-project, including de-scoping problematic areas, entering into ‘heads of terms’ or standstill agreements, step-in, and audit, and associated legal issues. My first project failure case was a monster and I could have used this chapter back then in generating options.

Chapters Twelve to Sixteen cover representations when re-baselining, termination rights, settlement considerations, interim dispute resolution, and enforcement of contract. Chapter Seventeen fearlessly tackles the issue of quantification of claims. The usual is covered: the rule against penalties, burden of proof, causation, remoteness. Then the chapter goes more in-depth into possible types of claims on a lost benefit basis, down to whether you can claim expenses incurred in preserving customers’ goodwill, say through an improved customer warranty.

It also goes more in-depth into claims on a wasted expenditure basis,  monies paid to the supplier for example, and it suggests that claims for out-of-pocket expenditure and consultants’ fees which were incurred in reliance on the contract, and which were wasted due to the breach, can be recovered. Other topics covered are claims by the supplier, global claims, suing the tortious measure of damages, particular challenges with long-running disputes, and enforcement of indemnities.

Chapter Eighteen covers exemption and limitation clauses, and the last three chapters discuss dispute resolution forums, disclosure and document preservation, and factual and expert witnesses.

On the whole, this book is a solid reference suitable for newbies to the IT project lifecycle, as well as experienced lawyers given its consideration of recent court decisions. One thing to note is that the book is written from this lens. It does not examine the granular components of IT contracts, and so should be seen as a complement to other kinds of IT contract books not  a one-stop shop.

Darren Grayson Chng is a data and tech lawyer in Singapore.

About the book

• IT Contracts and Dispute Management: A Practitioner’s Guide to the Project Lifecycle (2nd Edition) by Steven Baker, Lawrence Akka, Rachel Glass
• Published July 2023
• Hardback, 530 pages
• ISBN: ? 978 1 83910 795 5
• £190.00

Available as an ebook from £152.00 as well as from Amazon here.

The post IT Contracts and Dispute Management: A Practitioner’s Guide to the Project Lifecycle (2nd Edition) appeared first on Society for Computers & Law.

With AI continuing to be in vogue this year, the democratisation of publishing has led to content about AI of varying lengths and quality being published every day – journal articles, three-page law firm updates, LinkedIn posts linking to a webpage without saying much more. Some are wrought by the human hand. An increasing number I suspect, are written by AI.

Which raises the question: where now can you find a longer and more thought-out analysis of privacy issues in the context of AI? One source that I checked out was ‘Privacy and AI: Protecting Individuals in the Age of AI’.

This 301-page book aims to do three things: (a) discuss critical challenges posed by AI systems’ processing of personal data and how the European legal framework (as at December 2023) addresses these challenges; (b) propose alternative pathways to better protect the rights of individuals without stifling innovation; and (c) bridge the gap between the legislative and judicial interpretation, as well as the practical and operative aspects concerning personal data protection.

The first of the book’s five chapters takes the reader through concepts such as the definition of “personal data” in the GDPR, the definition of “AI system” in the 2021 Artificial Intelligence Regulation draft, and what the term “AI” covers such as, supervised and unsupervised machine learning. If you know these basics, you can skip this chapter.

Useful in Chapter Two is the discussion on what the GDPR processing principles require in the context of AI development, and specific challenges (and ensuring risks) that data controllers and AI developers or deployers may face, under Articles 5 and 6(1) of the GDPR. For example, when it comes to relying on consent as a lawful basis for processing, the book highlights an Italian case in which the Italian Court of Cassation ruled that consent is not valid if individuals are not adequately informed about the underlying logic and are then  subject to an automated decision-making system that may influence their rights.

Chapter Three covers the rights of data subjects whose personal data is processed using AI systems. A huge of space is rightfully devoted to Article 22 of the GDPR, the right not to be subject to a decision based solely on automated decision making which produces legal effects, safeguards, and exceptions to it. The chapter also touches on how other data subject rights and accountability mechanisms under the GDPR may affect the development or deployment of AI systems. It ends off by discussing general GDPR accountability mechanisms that controllers must comply with when processing personal data using AI systems.

Chapter Four, titled ‘Overcoming the Limitations of the GDPR’, deep dives into the challenges of ensuring transparency, fairness, and non-discrimination when processing personal data using AI systems.

The last chapter proposes seven measures to further mitigate the risks posed by AI systems: (a) establishing a register of AI systems or AI providers; (b) appointing an AI Ethical Officer to oversee AI ethics within the organisation; (c) standardisation of AI systems; (d) certification of AI systems; (e) establishing codes of conduct for AI operators, (f) empowering national public authorities to correct law-breaking behaviours; and (g) using Privacy by Design measures (which I would describe as privacy enhancing technologies) to reduce the identifiability of data e.g., anonymisation, encryption, synthetic data.

At the end of the book are two Annexes. Annex I contains a little more information on machine learning algorithms. Annex II contains a checklist that tests an organisation’s readiness to comply with the 2021 draft proposal for the Regulation of Artificial Intelligence (AI Act).

This book is generally written in plain English, so I think it is a rather useful starting point for anyone tasked with operationalising AI laws and guidelines, particularly those in the EU and UK. I for one enjoyed the book’s practical bent with references to the draft AI Act, legislation, caselaw, and non-binding instruments such as the UK Information Commissioner’s Office’s guidelines. Experienced professionals will be able to breeze through certain sections quickly, which nevertheless are useful for catching blindspots.

Darren Grayson Chng is a data and tech lawyer in Singapore.

About the book

• Privacy and AI: Protecting Individuals in the Age of AI by Federico Marengo
• Published August 2023
• Paperback, 302 pages
• ASIN: ? B0CFZGXQ7J
• €69.99

Available as an ebook from the author here at EUR 69.99 or hardcopy on Amazon here.

The post Privacy and AI: Protecting Individuals in the Age of AI appeared first on Society for Computers & Law.