2 | Title: Ethical Principles for Web Machine Learning 3 | Shortname: webmachinelearning-ethics 4 | Level: none 5 | Status: ED 6 | Group: webmlwg 7 | Repository: webmachinelearning/webmachinelearning-ethics 8 | TR: https://www.w3.org/TR/webmachinelearning-ethics/ 9 | URL: https://webmachinelearning.github.io/webmachinelearning-ethics/ 10 | Former Editor: James Fletcher 135366, BBC, https://bbc.co.uk 11 | Editor: Anssi Kostiainen 41974, Intel Corporation, https://intel.com/ 12 | Boilerplate: conformance no, index no, issues-index no 13 | Abstract: This document discusses ethical issues associated with using Machine Learning and outlines considerations for web technologies that enable related use cases. 14 | Status Text:17 |This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
This document was published by the [Machine Learning Working Group](https://www.w3.org/groups/wg/webmachinelearning) as a Group Draft Note using the [Note track](https://www.w3.org/2023/Process-20231103/#recs-and-notes).
This document is for guidance only and does not constitute legal or professional advice. The document will evolve and receives updates as often as needed. The whole document is open for comment and review, but input is particularly sought on Sections 3, 4 and 5.
Group Draft Notes are not endorsed by W3C nor its Members.
This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
The W3C Patent Policy does not carry any licensing requirements or commitments on this document.
This document is governed by the 03 November 2023 W3C Process Document.
15 | Markup Shorthands: markdown yes 16 |
18 | {
19 | "UNESCO": {
20 | "href": "https://unesdoc.unesco.org/ark:/48223/pf0000380455",
21 | "title": "Recommendation on the Ethics of Artificial Intelligence",
22 | "publisher": "UNESCO"
23 | },
24 | "FAST": {
25 | "href": "https://w3c.github.io/apa/fast/checklist.html",
26 | "title": "Framework for Accessibility in the Specification of Technologies",
27 | "publisher": "W3C Accessible Platform Architectures Working Group"
28 | },
29 | "WCAG": {
30 | "href": "https://www.w3.org/TR/WCAG21",
31 | "title": "Web Content Accessibility Guidelines (WCAG) 2.1",
32 | "publisher": "W3C Accessibility Guidelines Working Group"
33 | },
34 | "CDEI": {
35 | "href":
36 | "https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/938857/Summary_Slide_Deck_-_CDEI_review_into_bias_in_algorithmic_decision-making.pdf",
37 | "title": "Review into Bias in Algorithmic Decision-Making",
38 | "publisher": "Centre for Data Ethics and Innovation (2020)"
39 | },
40 | "Mehrabi": {
41 | "href": "https://arxiv.org/pdf/1908.09635.pdf",
42 | "title": "A Survey on Bias and Fairness in Machine Learning",
43 | "authors": ["Ninareh Mehrabi", "Fred Morstatter", "Nripsuta Saxena",
44 | "Kristina Lerman", "Aram Galstyan"]
45 | },
46 | "Leslie": {
47 | "authors": ["Leslie D."],
48 | "href": "https://www.turing.ac.uk/sites/default/files/2019-08/understanding_artificial_intelligence_ethics_and_safety.pdf",
49 | "title": "Understanding artificial intelligence ethics and safety",
50 | "publisher": "The Alan Turing Institute (2019)"
51 | },
52 | "Treviranus": {
53 | "authors": ["Jutta Treviranus"],
54 | "href": "https://www.w3.org/2020/06/machine-learning-workshop/talks/we_count_fair_treatment_disability_and_machine_learning.html",
55 | "title": "We Count: Fair Treatment, Disability and Machine Learning"
56 | },
57 | "Bourtoule": {
58 | "authors": ["Bourtoule, L. et al"],
59 | "title": "Machine Unlearning",
60 | "href": "https://arxiv.org/pdf/1912.03817.pdf"
61 | },
62 | "Crawford": {
63 | "authors": ["Crawford, K"],
64 | "publisher": "Conference on Neural Information Processing Systems, invited speaker.",
65 | "title": "The trouble with bias",
66 | "href": "https://www.youtube.com/watch?v=fMym_BKWQzk"
67 | },
68 | "FATML": {
69 | "title": "Principles for Accountable Algorithms",
70 | "href": "https://www.fatml.org/resources/principles-for-accountable-algorithms"
71 | },
72 | "EGTAI": {
73 | "title": "Ethics Guidelines for Trustworthy AI",
74 | "href": "https://www.aepd.es/sites/default/files/2019-12/ai-ethics-guidelines.pdf",
75 | "publisher": "EU High Level Expert Group on Artificial Intelligence (2018)"
76 | },
77 | "AI4People": {
78 | "authors": ["Floridi et al"],
79 | "title": "AI4People - An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations",
80 | "href": "https://link.springer.com/article/10.1007/s11023-018-9482-5"
81 | },
82 | "Gall": {
83 | "authors": ["Gall, R."],
84 | "title": "Machine Learning Explainability vs Interpretability: Two concepts that could help restore trust in AI",
85 | "href": "https://www.kdnuggets.com/2018/12/machine-learning-explainability-interpretability-ai.html#:~:text=Interpretability%20is%20about%20the%20extent,be%20observed%20within%20a%20system.&text=Explainability%2C%20meanwhile%2C%20is%20the%20extent,be%20explained%20in%20human%20terms."
86 | },
87 | "Rodrigues": {
88 | "authors": ["Rodrigues, R", "Tesseguier, R."],
89 | "title": "The underdog in the AI ethical and legal debate: human autonomy",
90 | "href": "https://www.ethicsdialogues.eu/2019/06/12/the-underdog-in-the-ai-ethical-and-legal-debate-human-autonomy/#:~:text=It%20describes%20a%20person's%20ability,to%20shape%20their%20own%20lives."
91 | },
92 | "Smuha": {
93 | "authors": ["Smuha, N."],
94 | "href": "https://policyreview.info/pdf/policyreview-2021-3-1574.pdf",
95 | "title": "Beyond the individual: governing AI’s societal harm"
96 | },
97 | "Suresh": {
98 | "authors": ["Suresh"],
99 | "title": "A Framework for Understanding Sources of Harm throughout the Machine Learning Life Cycle",
100 | "href": "https://arxiv.org/pdf/1901.10002.pdf"
101 | },
102 | "Vallor": {
103 | "authors": ["Vallor", "Green", "Raicu"],
104 | "title": "Overview of Ethics in Tech Practice",
105 | "href": "https://www.scu.edu/ethics-in-technology-practice/overview-of-ethics-in-tech-practice/"
106 | },
107 | "Zeng": {
108 | "authors": ["Yi Zeng", "Enmeng Lu", "Cunqing Huangfu"],
109 | "title": "Linking AI Principles",
110 | "href": "https://www.linking-ai-principles.org/principles"
111 | },
112 | "Weidinger": {
113 | "authors": ["Weidinger et al"],
114 | "title": "Ethical and social risks of harm from Language Models",
115 | "href": "https://arxiv.org/pdf/2112.04359.pdf"
116 | },
117 | "Vaughan": {
118 | "authors": ["Wortman", "Vaughan", "Wallach"],
119 | "title": "A Human-Centered Agenda for Intelligible Machine Learning",
120 | "href": "http://www.jennwv.com/papers/intel-chapter.pdf"
121 | },
122 | "Xue": {
123 | "authors": ["M. Xue", "C. Yuan", "H. Wu", "Y. Zhang", "W. Liu"],
124 | "title": "Machine Learning Security: Threats, Countermeasures, and Evaluations",
125 | "href": "https://ieeexplore.ieee.org/document/9064510"
126 | },
127 | "Khan": {
128 | "authors": ["Arif Ali Khan", "Sher Badshah", "Peng Liang", "Bilal Khan", "Muhammad Waseem", "Mahmood Niazi", "Muhammad Azeem Akbar"],
129 | "title": "Ethics of AI: A Systematic Literature Review of Principles and Challenges",
130 | "href": "https://arxiv.org/pdf/2109.07906.pdf"
131 | },
132 | "Floridi": {
133 | "authors": ["Luciano Floridi", "Josh Cowls"],
134 | "href": "https://hdsr.mitpress.mit.edu/pub/l0jsh9d1/release/7",
135 | "title": "A Unified Framework of Five Principles for AI in Society "
136 | },
137 | "Jobin": {
138 | "authors": ["Anna Jobin", "Marcello Ienca", "Effy Vayena"],
139 | "title": "The global landscape of AI ethics guidelines",
140 | "href": "https://www.nature.com/articles/s42256-019-0088-2"
141 | },
142 | "What2How": {
143 | "authors": ["Jessica Morley", "Luciano Floridi", "Libby Kinsey", "Anat Elhalal" ],
144 | "title": "From What to How: An Initial Review of Publicly Available AI Ethics Tools, Methods and Research to Translate Principles into Practices",
145 | "href": "https://link.springer.com/article/10.1007/s11948-019-00165-5"
146 | }
147 | }
148 |
149 |
150 | # Introduction
151 |
152 | That AI will have a major impact on society is no longer in question. Current debate turns instead on how far this impact will be positive or negative, for whom, in which ways, in which places, and on what timescale. [[AI4People]]153 | 154 | 155 |
There is no 'silver bullet' here; creating technologies that will promote human flourishing and sustainable life on this planet is hard and uncertain work, involving difficult tradeoffs, some inevitable failures, and challenges that defy simple and stable solutions. But it is good work, work that can and must be done. [[Vallor]]156 | 157 | 158 | 159 | Machine Learning (ML) is a powerful technology, whose application to the web promises to bring benefits and enable compelling new user experiences. But there is also increasing awareness that ML applications can create harms, intentional and unintentional, that impact individual users, communities and society. 160 | 161 | W3C’s mission is to “ensure the long-term growth of the web” and this is best achieved where the potential harms of new technologies like ML are considered and mitigated through a comprehensive ethical approach to the design and implementation of Web ML specifications. 162 | 163 | As required by the charter of the [Web Machine Learning Working Group](https://www.w3.org/groups/wg/webmachinelearning), this document sets out such an ethical approach. It contains a set of ethical principles and guidance. It includes some general consideration of harms, risks and mitigations relevant to Web ML. And it offers a practical process for supplementing those general considerations with concrete risks and mitigations for specific use cases. 164 | 165 | NOTE: In broader debate, the terms Artificial Intelligence and Machine Learning, and their related ethical considerations (AI/ML Ethics) are often used interchangeably. Given the focus of the WG on Machine Learning, this document will generally use the terms Machine Learning or ML, and Machine Learning or ML Ethics, with the intent to refer to the broader set of issues and concerns encompassed by AI/ML. 166 | 167 | 168 | # Machine Learning on the Web 169 | 170 | In parallel to general advances in ML, the web platform is gaining [client-side Machine Learning capabilities](https://github.com/webmachinelearning/webnn/blob/main/explainer.md). Currently machine learning inference in the browser uses the WebGL graphics API, but the lack of access to platform capabilities beneficial for ML such as dedicated ML hardware accelerators constrains the scope of experiences and leads to inefficient implementations on modern hardware. 171 | 172 | The [Web Machine Learning Working Group](https://www.w3.org/groups/wg/webmachinelearning) aims to develop standards to enable access to these client-side capabilities. In web-based ML applications, the model may reside on the server or on the client, and the data processing, or inference, can be offloaded to the client. 173 | 174 | [Example use cases](https://webmachinelearning.github.io/webnn/#usecases) include person detection, facial recognition, image captioning, machine translation and noise suppression. 175 | 176 | Web machine learning has a number of potential benefits. It could make large-scale deployment of ML systems feasible without investment in cloud-based infrastructure. This opens the door to tens of millions of do-it-yourself web developers and aligns this technology with the [decentralized web architecture](https://w3ctag.github.io/ethical-web-principles/#control) ideal that minimizes single points of failure and single points of control. 177 | 178 | Local processing could also enable machine learning use cases that require low latency, such as object detection in immersive web experiences. By offloading computationally expensive tasks involving ML to on-device hardware, any web application could be enriched with ML capabilities, and existing web content progressively enhanced. 179 | 180 | With appropriate safeguards, enabling machine learning inference in the browser (as opposed to in the cloud) *could* also enhance privacy, since input data such as locally sourced images or video streams stay within the browser's sandbox. 181 | 182 | # General ethical issues in Machine Learning 183 | 184 | As well as potential benefits, there is increasing awareness that the application of machine learning poses risks and can lead to harms, raising a range ethical questions. This section presents a brief overview of some key concerns. 185 | 186 | For a general background on ethics and its relevance to ML, see [[#appendix-background]]. 187 | 188 | 189 | ## Accuracy 190 | 191 | The accuracy of an ML model is the proportion of examples for which it generates a correct output [[Leslie]]. In general high accuracy is a good thing, and low accuracy can lead to harms, for example where facial recognition systems are used in law enforcement. But highly accurate facial recognition systems can also pose risks to privacy and autonomy (e.g. mass surveillance). 192 | 193 | In some areas such as credit-scoring or loan approval, increasing the accuracy of predictions might come at the cost of requiring access to too much personal data. 194 | 195 | There is also concern about the [over-hyping of the ability of AI to accurately predict certain things at all](https://www.cs.princeton.edu/~arvindn/talks/MIT-STS-AI-snakeoil.pdf), particularly social outcomes such as job performance or criminal recidivism. Accuracy may be a useful measure where an area has a clear, objective ground truth (e.g. vehicle license-plate recognition) but many areas of human judgment are nuanced, messy and contextual, and simple accuracy risks being too reductive a measure. 196 | 197 | An incorrect output produced by an ML model can have varying context-dependent impact [[Leslie]]. For example, when identifying cancerous skin growth, *false positives* may increase the cost of cancer detection (by requiring additional lab work to rule them out), while *false negatives* may delay treatment to the point where it is no longer effective. What matters here is lowering the risk of *false negatives*. In a judicial context, *false positives* may send innocents behind bars, while *false negatives* might make it more difficult to convict a criminal. What matters here is lowering the risk of *false positives*. 198 | 199 | ## Bias 200 | 201 | Bias has a number of meanings, including a systematic deviation from a true value. This can be positive or negative. Bias is a prominent concern in ML ethics, where the concern more specifically is ‘a systematic skew in decision-making that results in unfair outcomes’ [[CDEI]]. 202 | 203 | Concerns about bias are particularly prominent where negative outcomes (such as inaccurate predictions and their consequences) disproportionately affect individuals or groups who are vulnerable or historically marginalised. Where the unfair treatment relates to protected characteristics such as race, gender, disability or sexuality, bias can constitute illegal discrimination, depending on relevant laws. 204 | 205 | There are a number of causes of bias [[Mehrabi]], ranging from issues with data to algorithmic design and human perception and decision-making. Perhaps the most prominent cause is that algorithms trained to make decisions based on past data will often replicate the historic biases in that data ([[Suresh]] also has a useful survey of causes of bias). 206 | 207 | 208 | 209 | ## Fairness 210 | 211 | There is [no single definition of fairness](https://www.youtube.com/watch?v=jIXIuYdnyyk&ab_channel=ArvindNarayanan) ([[Mehrabi]] also has a good survey of definitions) - like ethics it is contextual and varies according to different values, perspectives and societies. But one core idea is that people should be treated equally unless there is a justified, relevant reason not to. 212 | 213 | Fairness is often a lens through which to make sense of other ethical concerns. As noted above, bias can be positive or negative - it’s when it leads to ‘unfair’ outcomes that it is problematic. Where ethical principles or concerns need to be balanced against each other, considering fairness often provides a guide to how to do that. 214 | 215 | Fairness is about both outcomes and process. Outcomes should involve the fair distribution of benefits and costs, and the avoidance of unfair bias or arbitrary decisions. Procedural elements of fairness include involving communities that will be affected by ML outputs in decisions about how the systems are designed and used, and ensuring there is the ability to contest and seek redress for decisions made by ML. 216 | 217 | Fairness could also arguably justify bias - for example biasing a system to favour people who have been historically marginalised, in order to achieve an outcome which is in some sense equal or fair (this is known as equity - treating people differently on the basis of need to achieve outcomes which are fair). 218 | 219 | Another important aspect of fairness is the distribution of access to computationally complex ML approaches, and the benefits that come from access. People living in countries with less powerful or functioning infrastructure, or who cannot access sufficient computing power, may be unfairly disadvantaged. 220 | 221 | 222 | ## Safety & Security 223 | 224 | Safety includes that an ML system should be accurate, but also that it should be reliable (perform as intended, and continue to do so over time), secure (against adversarial attacks), and robust enough to do these things in real-world, unpredictable and sometimes challenging conditions ([[Leslie]]) 225 | 226 | Safety is a broad concern, but is particularly relevant where the failure of ML systems could result in real-world harm - for example with medical diagnosis or self-driving cars. 227 | 228 | There are a number of security risks to machine learning, including training data poisoning, adversarial inputs, or model inversion and adversarial inference attacks which can expose model parameters or training data ([[Xue]]). 229 | 230 | Machine learning can also increase the effectiveness of other types of security attacks, for example by enabling more effective impersonation for social engineering and phishing attacks. 231 | 232 | 233 | ## Privacy 234 | 235 | There are a number of ways in which ML systems can pose risks to privacy. 236 | 237 | One is where systems that undermine privacy operate without a user’s knowledge or explicit, informed consent. This is true of systems that undermine privacy explicitly (surveillance systems), but also where undermining privacy is a potential byproduct of intended, legitimate use (e.g. if an ML system which has access to a user’s video camera). 238 | 239 | There are also privacy concerns about the data used to train models. Data may be collected in a way which violates privacy, such as without consent from users (e.g. scraping personal information). Models may ‘leak’ personal data (e.g. large language models [[Weidinger]]). Legitimately collected data may also be compromised, for example through reverse engineering or inference style attacks which can de-anonymise model training data. 240 | 241 | The accuracy of the predictions of ML systems may also present risks. Just as the outputs of sensor APIs could be used to identify, fingerprint or correlate user activity (e.g. if the output is too precise), it is possible that the outputs of ML systems could pose similar risks. 242 | 243 | And use of ML systems to infer sensitive, personal data about users based on non-sensitive data (e.g. inferring sexuality from content preferences) may also violate privacy. 244 | 245 | Some jurisdictions (e.g. EU/GDPR) also provide a ‘right to be forgotten’, which arguably could include being removed from ML training data. So a privacy-protecting approach would need to ensure that appropriate processes and technical capabilities are in place for this to happen (see e.g. [[Bourtoule]]). 246 | 247 | 248 | ## Transparency 249 | 250 | Very broadly, transparency is about users and stakeholders having access to the information they need to make informed decisions about ML. It’s a holistic concept, covering both ML models themselves and the process or pipeline by which they go from inception to use. [[Vaughan]] (following the [[EGTAI]]) propose 3 key components: 251 | 252 | - **Traceability**: Those who develop or deploy machine learning systems should clearly document their goals, definitions, design choices, and assumptions. 253 | - **Communication**: Those who develop or deploy machine learning systems should be open about the ways they use machine learning technology and about its limitations. 254 | - **Intelligibility**: Stakeholders of machine learning systems should be able to understand and monitor the behavior of those systems to the extent necessary to achieve their goals. 255 | 256 | Understanding ML systems involves two key related concepts [[Gall]]: 257 | 258 | - **Interpretability**: is about the extent to which a cause and effect can be observed within a system. 259 | - **Explainability**: the extent to which the internal mechanics of a machine or deep learning system can be explained in human terms. 260 | 261 | Lack of interpretability and explainability is known as the black-box problem, which is particularly prevalent with more complex ML approaches such as neural networks. 262 | 263 | 264 | ## Accountability 265 | 266 | Given that ML systems are increasingly being used in high impact areas (healthcare, welfare, criminal justice) and that harms can be large when they go wrong, and that actors in the ML pipeline take responsibility for considering the impact of ML systems, and accountability for when things go wrong. 267 | 268 | “Algorithms and the data that drive them are designed and created by people – there is always a human ultimately responsible for decisions made or informed by an algorithm. "The algorithm did it" is not an acceptable excuse if algorithmic systems make mistakes or have undesired consequences, including from machine-learning processes.” [[FATML]] 269 | 270 | Transparency is an enabler for accountability (we need to be able to see what is going wrong and where to be able to determine responsibility). It also requires proper processes for the consideration of risks to be in place, documentation of policies and processes, and the means for those who are harmed to seek redress. The developers of ML systems should also take responsibility for any 3rd party ML they use in their system. 271 | 272 | Increasingly in some jurisdictions, there are formal legal mechanisms for accountability and seeking redress. 273 | 274 | 275 | ## Human Control and Decision-making 276 | 277 | The need for accountability, as well as other concerns above such as accuracy and fairness, have led to the assertion of the importance of humans making in the final decision in high stakes applications. More broadly, ML applications should always be under ultimate human control. 278 | 279 | But there are pitfalls too where ML approaches support human decision-making - problems with explainability can inhibit the full exercise of human capabilities, or humans may exhibit “automation bias” where they place too much trust in information or recommendations provided by an ML system. 280 | 281 | 282 | ## Environmental Impact & Sustainability 283 | 284 | There is increasing awareness that computationally complex ML approaches trained on very large data sets can have a large environmental impact, given the amount of energy required to power the training phase. 285 | 286 | The broader concern with sustainability suggests that ML applications and systems should not undermine the sustainability of the physical, social and political ecosystems in which they’re deployed. This might include the impact on jobs, employment and the economy, or on the quality of and access to information necessary for a functioning democratic system. 287 | 288 | 289 | ## Types of harm 290 | 291 | The above list contains some potential sources or causes of harm from machine learning. It is also important to be aware that harm can take a number of different forms, all of which should be considered. 292 | 293 | As noted above, harms can impact individuals, groups and society. To take the example of a biased facial recognition system [[Smuha]]: 294 | 295 | - this may lead to wrongful discrimination against an **individual** (e.g. wrongful arrest). 296 | - where a number of individuals who belong to a **group or collective** suffer this discimination (e.g. because of shared ethnicity), there is a group harm. This could be the sum of the individual harms, as well as harms such as an increase in prejudice towards that group caused by the perpetuation of historic bias. 297 | - here could be a harm to the interests of **society**, such as being able to ‘live in a society that does not discriminate against people based on their skin colour and that treats its citizens equally.’ [[Smuha]] 298 | 299 | Harms can also take a number of forms. These can include: 300 | 301 | - **physical**, either directly (e.g. the failure of driver-less cars), or indirectly (e.g. flaws in a system leading to incorrect medical diagnosis). 302 | - **allocative**, when a system unfairly allocates or withholds from certain individuals or groups an opportunity or a resource (e.g. benefits or loans) [[Crawford]]. 303 | - **representational,** when systems “reinforce the subordination of some groups along the lines of identity.” [[Crawford]] e.g. when a Google search for ‘CEO’ returns mostly pictures of white men, or image recognition systems generate offensive labels for people of colour. 304 | 305 | # Ethical Principles for Web ML 306 | 307 | The following ethical values and principles are taken from the UNESCO [Recommendation on the Ethics of Artificial Intelligence](https://unesdoc.unesco.org/ark:/48223/pf0000380455) [[UNESCO]]. They were developed through a global, multi-stakeholder process, and have been ratified by 193 countries. There are four high level values, and ten more detailed principles, to which we've added an additional, explicit principle of ‘Autonomy’. For more on why these have been adopted, see [[#appendix-unesco]]. 308 | 309 | These values and principles should drive the development, implementation and adoption of specifications for Web Machine Learning. They include guidance (adapted from UNESCO and W3C sources) which provides further detail on how the values and principles should be interpreted in the W3C web machine learning context. 310 | 311 | The following terms are used: 312 | 313 | - ‘ML actors’ refers to stakeholders involved in web ML: specification writers, implementers and web developers 314 | - ‘ML systems’ refers to the ML model or application that is making use of web ML capabilities 315 | 316 | The next section (S.5) provides further guidance on how to operationalize the principles and turn them into specific risks and mitigations. 317 | 318 | 319 | ## UNESCO Values 320 | 321 | These indicate desirable behavior and represent the foundation of the principles 322 | 323 | 324 |
path: gh-contrib-mitigation.md509 | 510 | PDNH-R2 Mitigations 511 | 512 |
path: gh-contrib-mitigation.md513 | 514 | PDNH-R3 Mitigations 515 | 516 |
path: gh-contrib-mitigation.md517 | 518 | ## Fairness and non-discrimination 519 | 520 | ### Risks 521 | 522 | FND-R1 523 | 524 | Scaling up ML via browsers creates risks of scaling up bias issues linked to ML training. 525 | 526 | FND-R2 527 | 528 | ML approaches optimize for the majority, leaving minorities and underrepresented groups at risk of harm or sub-optimal service (see e.g. Treviranus). 529 | 530 | FND-R3 531 | 532 | Differences in Internet connection speeds across geographical locations and large size of production-grade models means the user experience of on-device inference is not equal in all locations. 533 | 534 | FND-R4 535 | 536 | Speech recognition must recognize different accents, including regional, ethnic, and “accents” arising from a person’s disability - a focus on “mostly fair but left out the edges” will result in massive discrimination. 537 | 538 | FND-R5 539 | 540 | Bias in ML training can a) make ML non-useful to some people by effectively not recognizing their personhood, or b) interfere with ability to conduct tasks efficiently, effectively, or at all, or c) create a new digital divide of ML haves and have-nots. 541 | 542 | FND-R6 543 | 544 | That the WebML Working Group has very little control over models … is it able to influence those who do build them enough to ensure this principle is operationalised. 545 | 546 | FND-R7 547 | 548 | Imagine doing ML-based captions: this raises issues about accuracy, efficiency, but also burden-shifting: if the captioning is happening on the local device, it may create burdens for the people that are the least able to change it while being the typical target. 549 | 550 | FND-R8 551 | 552 | One cannot rely on simple classifications of individuals into homogeneous social groups (e.g., binary gender ca categorizations that exclude non-binary individuals). In particular, disability is characterized by diversity, and not by any property that distinguishes people who have from those who do not have disabilities. 553 | 554 | FND-R9 555 | 556 | There are also important issues of “proxy discrimination” that have been brought out in the literature, and which should be considered (i.e., machine learning systems that discover protected classes of persons even in cases in which such classifications and obvious proxies for them are excluded from the data used in training). 557 | 558 | FND-R10 559 | 560 | One example is how geographic pricing is employed by companies like Amazon – e.g. depending on where your IP address is located to or depending on your device type, different prices are presented to shoppers – it’s a question if this is unethical or unlawful, but it is something that is happening and also begs to question whether or not this is something we want to speak to → taken further you can also imagine reducing service based on geography or hardware or other factors in a way that is automated through ML systems. 561 | 562 | ### Possible Mitigations 563 | 564 | FND-R1 Mitigations 565 | 566 | Browser-assisted mechanisms to find out about the limitations and performance characteristics of ML models used in a Web app. This could build on an approach published in Model Cards for Model Reporting where making this report machine-discoverable would allow for the web browser to offer a more integrated user experience. Another transparency tool is the [Open Ethics Transparency Protocol](https://github.com/webmachinelearning/ethical-webmachinelearning/issues/6). 567 | 568 | FND-R2 Mitigations 569 | 570 | ML actors should provide fallback solutions for these inevitabilities. 571 | 572 | FND-R3 Mitigations 573 | 574 | This issue is not specific to ML and can be mitigated in part by using a Content Delivery Network and by offering reduced size models. 575 | 576 | FND-R4 Mitigations 577 | 578 |
path: gh-contrib-mitigation.md579 | 580 | FND-R5 Mitigations 581 | 582 |
path: gh-contrib-mitigation.md583 | 584 | FND-R6 Mitigations 585 | 586 |
path: gh-contrib-mitigation.md587 | 588 | FND-R7 Mitigations 589 | 590 |
path: gh-contrib-mitigation.md591 | 592 | FND-R8 Mitigations 593 | 594 |
path: gh-contrib-mitigation.md595 | 596 | FND-R9 Mitigations 597 | 598 |
path: gh-contrib-mitigation.md599 | 600 | FND-R10 Mitigations 601 | 602 |
path: gh-contrib-mitigation.md603 | 604 | 605 | ## Autonomy 606 | 607 | ### Risks 608 | 609 | A-R1 610 | 611 |
path: gh-contrib-risk.md612 | 613 | A-R2 614 | 615 | That browsers will cease to be *user agents*. Autonomy is a key differentiator for the web vs. alternative content and app platforms. 616 | 617 | A-R3 618 | 619 | Users have lesser and lesser control on what we see and who sees us. We’re tracked by 1st and 3rd parties and we see what others want us to see (e.g. ads). Hence, based on the the principle: people should be able to render content as they want, not only should ML systems take care of that, but also help in countering this global problem. 620 | 621 | A-R4 622 | 623 | Black boxes of ML models might negatively impact the ability of Web Extensions to bring more control (and thus autonomy) to end-users for their experience on the Web. 624 | 625 | A-R5 626 | 627 | Web accessibility can enhance individual autonomy, by making more aspects of life “self-serve”. It can also destroy autonomy, by designing only for the middle and “leaving others out in the cold” as society adopts the ML over other ways of accomplishing objectives. 628 | 629 | A-R6 630 | 631 | ML in the Web could very well be used to enhance user’s capabilities by acting as an assistant in a privacy preserving way. I.e. generating calendar events from emails or websites without sending information back up to the servers.
It could erase their autonomy by being used against them by the website using the ML as a gatekeeper before providing human access. I.e. How chatbots are used today.
Users would be wary to give consent when something which can help them can be equally used to control them or restrict access. 632 | 633 | A-R7 634 | 635 | Cannot fully enforce informed consent requirement for the web for ML. E.g. inference with generic WebGL/Wasm capabilities possible without consent, even if purpose-built APIs would require informed consent. 636 | 637 | A-R8 638 | 639 | Web ML systems are used without informed user consent. 640 | 641 | A-R9 642 | 643 | Browser standards like MV3 makes the implementation harder. 644 | 645 | A-R10 646 | 647 | Example: ML / IOT devices will be used with the intention of increasing autonomy of e.g., aging people, people with disabilities, etc., but have the risk of instead reducing autonomy if it’s not usable as designed to some users due to bias etc. 648 | 649 | A-R11 650 | 651 | Corporate priorities will constantly be against user choice (autonomy), things like making it very difficult to choose a different option than the corporation wants users to make could easily become worse in ML scenarios. 652 | 653 | A-R12 654 | 655 | Function creep - that a user consents to data / access / use of ML in one context, but then the use is extended beyond that context without explicit consent. 656 | 657 | A-R13 658 | 659 | Permission / Decision fatigue is another risk, if we ask people to explicitly allow every new web feature that could be abused. It’s a hard tradeoff. By asking for explicit decisions, we might actually reduce the chance that people are making informed decisions, because they are cognitively overloaded and don’t have the time or mental energy to really understand the implications.
Browsers today do not ask user consent for things like JavaScript usage, Wasm, WebGL, WebGPU, web workers, etc. All of those can be used to perform “ML”. 660 | 661 | A-R14 662 | 663 | Permission/consent should definitely be sought from users when accessing sensitive information about their computer or environment. Cameras, Bluetooth devices, microphones, location, controllers, gamepads, and XR devices should all be under permission prompts. 664 | 665 | A-R15 666 | 667 | Does this include informing users about the capabilities and limitations of the system, as well as the associated risks? Informed choice needs to be guided by an understanding of capabilities, limitations, and how the system should fit into the social context in which it is intended to be used. 668 | 669 | A-R16 670 | 671 | People might feel that their trust is betrayed if they don’t know what a web app is doing with their data. This isn’t specific to Web ML, perhaps, but it’s more salient, or more in the news.
It can be hard to explain why someone might want to enable Web ML. Eg, it’s actually safer, because your personal data will remain on your device and won’t be sent to remote servers. You’ll have a better experience or new features in the web app. 672 | 673 | ### Possible Mitigations 674 | 675 | A-R1 Mitigations 676 | 677 | Similarly to videos, the sites should make it opt-in to load large models on load or run expensive compute tasks. 678 | 679 | A-R2 Mitigations 680 | 681 |
path: gh-contrib-mitigation.md682 | 683 | A-R3 Mitigations 684 | 685 |
path: gh-contrib-mitigation.md686 | 687 | A-R4 Mitigations 688 | 689 |
path: gh-contrib-mitigation.md690 | 691 | A-R5 Mitigations 692 | 693 |
path: gh-contrib-mitigation.md694 | 695 | A-R6 Mitigations 696 | 697 |
path: gh-contrib-mitigation.md698 | 699 | A-R7 Mitigations 700 | 701 |
path: gh-contrib-mitigation.md702 | 703 | A-R8 Mitigations 704 | 705 | Things that *end users* could be asked to do… 706 | - Growing awareness about the risks (like phishing) 707 | - Surfacing the value of data that users share for ML can be re-used in different contexts (e.g. legal, commercial) 708 | 709 | Things that *developers* could be asked to do… 710 | - Develop guidance for ethical ML that includes bringing user awareness 711 | - Open source ML algo - auditability / certification 712 | 713 | Things that *implementers* could be asked to do… 714 | - Upstream frequent ML-built features into browser features where they can be used in a clearer/less UX intrusive framework (as an incentive towards the safest approach) 715 | - For a purpose-built APIs, the browser could make the usage detectable (e.g. via a web extension) 716 | - Linked to incentive 717 | - If ML has been certified as quality and privacy good. Or rated (A-F?) users could choose to only enable ML features at a certain level. 718 | 719 | Things that *regulators* could be asked to do… 720 | - Quality Assurance certificates for the algos, 721 | 722 | Things that *standard makers* could be asked to do… 723 | - Develop best practice guidelines for devs 724 | 725 | Things that *no one* can fix or control… 726 | - Developers giving users trivial incentives to load a data leaking ML model. Silly hats for all of your data. 727 | 728 | A-R9 Mitigations 729 | 730 |
path: gh-contrib-mitigation.md731 | 732 | A-R10 Mitigations 733 | 734 |
path: gh-contrib-mitigation.md735 | 736 | A-R11 Mitigations 737 | 738 |
path: gh-contrib-mitigation.md739 | 740 | A-R12 Mitigations 741 | 742 |
path: gh-contrib-mitigation.md743 | 744 | A-R13 Mitigations 745 | 746 |
path: gh-contrib-mitigation.md747 | 748 | A-R14 Mitigations 749 | 750 |
path: gh-contrib-mitigation.md751 | 752 | A-R15 Mitigations 753 | 754 |
path: gh-contrib-mitigation.md755 | 756 | A-R16 Mitigations 757 | 758 |
path: gh-contrib-mitigation.md759 | 760 | ## Right to Privacy, and Data Protection 761 | 762 | ### Risks 763 | 764 | RPDP-R1 765 | 766 |
path: gh-contrib-risk.md767 | 768 | RPDP-R2 769 | 770 | Fingerprinting of various kinds: disability 771 | 772 | RPDP-R3 773 | 774 | One area we came across recently related to ML is in the context of the WebXR raw camera access API. The API could allow raw access to the camera image (vs the regular AR API that only exposes room geometry). This allows for more functionality but puts the user at risk - for example camera image could be piped to a ML subsystem which is doing facial recognition outside of user’s consent. Documented in [our TAG issue](https://github.com/w3ctag/design-reviews/issues/406).
The wider issue is that ML as a 1st class feature on the Web creates additional risks for existing APIs (such as camera access). 775 | 776 | RPDP-R4 777 | 778 | Addition of ML creates additional risks for use of existing APIs that were not present previously. 779 | 780 | RPDP-R5 781 | 782 | Different jurisdictions have different regulations for data protection and rights to privacy. Demonstrating that your model is consistent with one or another could be confusing. 783 | 784 | RPDP-R6 785 | 786 | ML models may be based on training data that abused privacy. 787 | 788 | RPDP-R7 789 | 790 | It will be necessary to obtain data from marginalized individuals (including those who are unable to give informed consent themselves) in order to ensure they are not discriminated against and that they are included in the product, but their data need to be treated carefully and respectfully, and there are issues of consent involved. Under what circumstances can others give consent on their behalf? Consider, for example, people with certain cognitive disabilities who cannot give voluntary, informed consent to a particular data collection activity. 791 | 792 | RPDP-R8 793 | 794 | Sites could claim compliance with relevant laws and principles without actually being compliant. (Transparency and third-party auditing are important here.) 795 | 796 | RPDP-R9 797 | 798 | Fingerprinting systems uses hardware accelerated ML APis to improve their tracking capabilities. 799 | 800 | RPDP-R10 801 | 802 | Doing processing on user’s device could be good for privacy, but could also be excuse to shift cost of computation to the end user. 803 | 804 | RPDP-R11 805 | 806 | Another risk is that people distrust and turn off Web ML, and the alternative is worse, from a privacy perspective. The web app can still use ML, but may do so by sending private data to remote servers that are less secure than the local device. 807 | 808 | ### Possible Mitigations 809 | 810 | RPDP-R1 Mitigations 811 | 812 | Requiring explicit consent to access privacy-sensitive capabilities such as on-device camera. 813 | 814 | RPDP-R2 Mitigations 815 | 816 |
path: gh-contrib-mitigation.md817 | 818 | RPDP-R3 Mitigations 819 | 820 |
path: gh-contrib-mitigation.md821 | 822 | RPDP-R4 Mitigations 823 | 824 |
path: gh-contrib-mitigation.md825 | 826 | RPDP-R5 Mitigations 827 | 828 |
path: gh-contrib-mitigation.md829 | 830 | RPDP-R6 Mitigations 831 | 832 |
path: gh-contrib-mitigation.md833 | 834 | RPDP-R7 Mitigations 835 | 836 |
path: gh-contrib-mitigation.md837 | 838 | RPDP-R8 Mitigations 839 | 840 |
path: gh-contrib-mitigation.md841 | 842 | RPDP-R9 Mitigations 843 | 844 |
path: gh-contrib-mitigation.md845 | 846 | RPDP-R10 Mitigations 847 | 848 |
path: gh-contrib-mitigation.md849 | 850 | RPDP-R11 Mitigations 851 | 852 |
path: gh-contrib-mitigation.md853 | 854 | 855 | ## Safety and security 856 | 857 | ### Risks 858 | 859 | SS-R1 860 | 861 | Possible to leak the locally stored data, even sensitive data such as biosignature?
What kind of capabilities would the ML system get and thus leak sensitive local data? 862 | 863 | SS-R2 864 | 865 | Model drift - that a model stops performing as well as real world data diverges from training data over time. 866 | 867 | SS-R3 868 | 869 | Censorship requirements of governments and other actors, if operationalized into ML, create massive risks for individuals as well as societal evolution - ranging from being unable to accomplish objectives that our principles say they should, to “being tattled on” to the autocrats and suffering real-world retaliation. 870 | 871 | SS-R4 872 | 873 | A model can produce results that are blindly trusted. If the model is open to compromise, it will produce inaccurate results, which can be influential.
An example could be of an app that is intended to “help you cross the street” as a visually limited person - but if that application fails to detect a cyclist or car, then you could create physical harm to the user of that application. 874 | 875 | SS-R5 876 | 877 |
path: gh-contrib-risk.md878 | 879 | ### Possible Mitigations 880 | 881 | SS-R1 Mitigations 882 | 883 |
path: gh-contrib-mitigation.md884 | 885 | SS-R2 Mitigations 886 | 887 |
path: gh-contrib-mitigation.md888 | 889 | SS-R3 Mitigations 890 | 891 |
path: gh-contrib-mitigation.md892 | 893 | SS-R4 Mitigations 894 | 895 |
path: gh-contrib-mitigation.md896 | 897 | SS-R5 Mitigations 898 | 899 | Can be at least partially mitigated by transparency and third-party auditing. 900 | 901 | 902 | ## Transparency and explainability 903 | 904 | ### Risks 905 | 906 | TE-R1 907 | 908 | Web developers are familiar with developer tools integrated into browsers used to inspect HTML, CSS and JavaScript. These developer tools, however, do not currently understand neural network models and model inspection requires specialized tools. This complicates development and raises the barriers to entry for web developers venturing into machine learning. 909 | 910 | TE-R2 911 | 912 | Complexity is the enemy of transparency. ML models are complex and getting more complex over time. 913 | 914 | TE-R3 915 | 916 | ML “closed boxes” doing something out side of users’ control and understanding and the browser not able to audit or control or otherwise warn the user. 917 | 918 | TE-R4 919 | 920 | Transparency may be operationalised in a way which doesn’t make sense to users and doesn’t respect autonomy and allow them to make informed decisions. 921 | 922 | TE-R5 923 | 924 | The difficulty of explaining Web ML’s benefits and drawbacks may lead people to make choices that are worse for them. Eg, they might turn off Web ML, not understanding that it’s better for privacy to keep the data local. (I’m thinking here about the transparency and explainability of the API, not the ML model.) 925 | 926 | ### Possible Mitigations 927 | 928 | TE-R1 Mitigations 929 | 930 | Web APIs by their design make it possible to integrate into browsers developer tools features that help build intuition on how neural networks work, in the spirit of "view source" principle. 931 | 932 | TE-R2 Mitigations 933 | 934 | Web-based visualization tools have been developed for deep neural networks for educational use. Such tools provide a conceptual graph of a model's structure to help inspect and understand the model's architecture. Examples of tools that make use of model-agnostic explainability techniques to provide a visual view include [Netron](https://netron.app/) and [WebSHAP](https://poloclub.github.io/webshap/). Integration of this type of transparency and explainability features into browser developer tools remains future work. 935 | 936 | TE-R3 Mitigations 937 | 938 |
path: gh-contrib-mitigation.md939 | 940 | TE-R4 Mitigations 941 | 942 |
path: gh-contrib-mitigation.md943 | 944 | TE-R5 Mitigations 945 | 946 |
path: gh-contrib-mitigation.md947 | 948 | ## Responsibility and accountability 949 | 950 | ### Risks 951 | 952 | RA-R1 953 | 954 | During the discussion around DRM on the Web via Encrypted Media Extensions, a lot of focus was on whether security researchers would get protected in case they reverse-engineered DRM systems on the Web (which was seen as a net good for the Web, but a legal risk for researchers); a similar challenge may arise for ML models as they get reviewed against e.g. bias. 955 | 956 | RA-R2 957 | 958 | Assuming long-tail web developers will prefer to use 3rd party ML models due to cost of training your own (similarly to JS frameworks in general). This means the ethical responsibility and liability is deferred (in part?) to the 3rd party. 959 | 960 | RA-R3 961 | 962 | The use of 3rd party models introduces an external dependency to a possibly critical component of the web (app) experience. 963 | 964 | RA-R4 965 | 966 | We can't force developers to follow these principles and guidelines. 967 | 968 | RA-R5 969 | 970 | That the WebML Working Group has very little control over models … is it able to influence those who do build them enough to ensure these principles are operationalised. 971 | 972 | RA-R6 973 | 974 |
path: gh-contrib-risk.md975 | 976 | RA-R7 977 | 978 | ML models can operate as black boxes, and when integrated in a platform that already mixes and matches content and code from very many parties, this may make the accountability of a how an app uses ML that much harder to track. 979 | 980 | ### Possible Mitigations 981 | 982 | TA-R1 Mitigations 983 | 984 |
path: gh-contrib-mitigation.md985 | 986 | TA-R2 Mitigations 987 | 988 |
path: gh-contrib-mitigation.md989 | 990 | TA-R3 Mitigations 991 | 992 |
path: gh-contrib-mitigation.md993 | 994 | TA-R4 Mitigations 995 | 996 | But they should get incentives (e.g. better performance) to use the purpose-built approach with more guarantees baked-in. 997 | 998 | TA-R5 Mitigations 999 | 1000 | Things that *end users* could be asked to do… 1001 | - permissions requests - though these are clicked away by most users. 1002 | - End users could choose to use a different model (if a browser implements a mechanism to use an alternative model, e.g. a model shipped with the browser/OS/platform locally?). 1003 | 1004 | Things that *developers* could be asked to do… 1005 | - Developers could develop “model filtering” approaches, a block/accept approach for models (although places the burden on users) 1006 | 1007 | Things that *implementers* could be asked to do… 1008 | - Knowing the provenance of models could help to develop a allow/block list of allowable sources for models 1009 | - Ensure / enable meaningful transparency around models, e.g. like privacy report 1010 | 1011 | Things that *regulators* could be asked to do… 1012 | - Set operational requirements for characteristics of models in regulated contexts, ideally based on a neutral set of guidelines 1013 | 1014 | Things that *standard makers* could be asked to do… 1015 | - Ensure Web ML guidelines are evaluatable or certifiable 1016 | 1017 | 1018 | TA-R6 Mitigations 1019 | 1020 | Wonder if something like model cards could include (or maybe they do) accountability details, or even any details at all, so that models are linked back to actual people / companies. 1021 | 1022 | TA-R7 Mitigations 1023 | 1024 |
path: gh-contrib-mitigation.md1025 | 1026 | 1027 | ## Sustainability 1028 | 1029 | ### Risks 1030 | 1031 | S-R1 1032 | 1033 | Web ML applications are compute / energy intensive, and widespread adoption exacerbates environmental problems. 1034 | 1035 | S-R2 1036 | 1037 | Multiplying the value and use of ML models may create a rush to create more of them, when the environmental cost of building a model is probably high. 1038 | 1039 | S-R3 1040 | 1041 | Distributing large ML models across the networks to each and every client may raise the environmental cost of running Web applications. 1042 | 1043 | S-R4 1044 | 1045 | Moving ML to browsers means people have to have more powerful computers, which can be financially unachievable as well as more costly environmentally compared to a model of stronger servers and lighter clients. 1046 | 1047 | S-R5 1048 | 1049 |
path: gh-contrib-risk.md1050 | 1051 | S-R6 1052 | 1053 |
path: gh-contrib-risk.md1054 | 1055 | S-R7 1056 | 1057 | Because inference is happening client-side, what happens to incentives for developers to make that energy efficient - i.e. if they’re not paying for the compute, do they care? It would be easy to cut corners. 1058 | 1059 | S-R8 1060 | 1061 | Web developers have Web APIs at their disposal to help adapt the experience to be more energy efficient, see Compute Pressure API or Battery Status API. This requires balancing between enough information to satisfy the use case and not disclosing too much information to become a fingerprinting vector. 1062 | 1063 | ### Possible Mitigations 1064 | 1065 | S-R1 Mitigations 1066 | 1067 | Opportunity for web browsers to make visible the energy impact of various workloads running in the browser, for example through the proposed Compute Pressure API. 1068 | 1069 | S-R2 Mitigations 1070 | 1071 |
path: gh-contrib-mitigation.md1072 | 1073 | S-R3 Mitigations 1074 | 1075 |
path: gh-contrib-mitigation.md1076 | 1077 | S-R4 Mitigations 1078 | 1079 |
path: gh-contrib-mitigation.md1080 | 1081 | S-R5 Mitigations 1082 | 1083 | There is probably room to improve in-browser energy impact reporting: “this tab is using significant amount of energy” – wondering if there’s room for an explicit web developer-facing API to surface energy impact more explicitly? 1084 | 1085 | S-R6 Mitigations 1086 | 1087 | Web experiences should not depend solely on ML capabilities but enable graceful degradation path should the user or user agent wish to minimize the environmental impact. 1088 | 1089 | S-R7 Mitigations 1090 | 1091 |
path: gh-contrib-mitigation.md1092 | 1093 | S-R8 Mitigations 1094 | 1095 |
path: gh-contrib-mitigation.md1096 | 1097 | 1098 | ## Human oversight and determination 1099 | 1100 | ### Risks 1101 | 1102 | HOD-R1 1103 | 1104 | That ML models determining things like of access to welfare / insurance / healthcare etc. could rely on client-side inference? 1105 | 1106 | ### Possible Mitigations 1107 | 1108 | HOD-R1 Mitigations 1109 | 1110 |
path: gh-contrib-mitigation.md1111 | 1112 | 1113 | ## Awareness and literacy 1114 | 1115 | ### Risks 1116 | 1117 | AL-R1 1118 | 1119 | The boundaries and effectiveness of ML (and its grand-sounding umbrella of artificial intelligence) may lead end users to either put more trust than they should in how well they operate, or not feel empowered to understand the impact of its use in a given web app. With the Web reaching 4bn+ users, mitigations that rely on end-users awareness are likely challenging. 1120 | 1121 | AL-R2 1122 | 1123 |
path: gh-contrib-risk.md1124 | 1125 | AL-R3 1126 | 1127 | That even the designers/developers do not know of the affordances that their ML systems can provide so it can create a broader need to be able to provide feedback when something is not going well/causing harm. 1128 | 1129 | AL-R4 1130 | 1131 | From a dev perspective: there can be an assumption that “ML will solve the problem” w/out realizing the limitations of the models/data they are employing (e.g. let’s say someone builds an app that is meant to understand facial expressions to do some action, but if people have limited facial mobility or if their models do not register their expressions as fitting into their expected classification, then the entire experience is designed around a flawed and problematic assumption that all people emote the same way). 1132 | 1133 | AL-R5 1134 | 1135 | That without literacy and awareness users will be unable to identify the uncanny valley which can be important for privacy and security (e.g. the use of conversational bots that might be used to deceive you to gain access to your login credentials etc). 1136 | 1137 | ### Possible Mitigations 1138 | 1139 | AL-R1 Mitigations 1140 | 1141 |
path: gh-contrib-mitigation.md1142 | 1143 | AL-R2 Mitigations 1144 | 1145 | Perhaps specs could enable innovative use cases for developers to come up with good ways to help people be informed and aware of what’s going on under the hood with ML. 1146 | 1147 | AL-R3 Mitigations 1148 | 1149 |
path: gh-contrib-mitigation.md1150 | 1151 | AL-R4 Mitigations 1152 | 1153 |
path: gh-contrib-mitigation.md1154 | 1155 | AL-R5 Mitigations 1156 | 1157 |
path: gh-contrib-mitigation.md1158 | 1159 | 1160 | ## Multi-stakeholder and adaptive governance and collaboration 1161 | 1162 | ### Risks 1163 | 1164 | MAGC-R1 1165 | 1166 | That the people who are *affected* by the outcomes of the system aren't involved in its design and development? (E.g. in a system determining eligibility for social security/benefits for people with disabilities, are people with disabilities considered as stakeholders?) 1167 | 1168 | MAGC-R2 1169 | 1170 | "Big players" – global corporations/EU/governments – can make unilateral decisions that affect billions of people. What decision making process will they participate in? 1171 | 1172 | ### Possible Mitigations 1173 | 1174 | MAGC-R1 Mitigations 1175 | 1176 |
path: gh-contrib-mitigation.md1177 | 1178 | MAGC-R2 Mitigations 1179 | 1180 | It feels like the secret sauce in thinking about governance is trying to do as much as possible to build bridges across the many/various stakeholders to try to motivate maintaining and applying the principles set out in this document. 1181 | 1182 | # Appendix 1. Background: Ethics & Machine Learning # {#appendix-background} 1183 | 1184 | ## What is ethics? 1185 | 1186 | Ethics is about what is right and wrong, good and bad. All of us think about ethics all the time as we think about what’s right and wrong and make decisions about how to act accordingly. 1187 | 1188 | Philosophical discussions around ethics seek to ground those thoughts about right and wrong in a rational context. They generally consider ethical issues at three levels, from the abstract to the concrete: 1189 | 1190 | - **Meta-ethics** is the most abstract, concerned with questions like whether concepts of right and wrong are objective facts or subjective values 1191 | - **Normative ethics** is the more practical consideration of how we should act, both in terms of broad principles (e.g. treat others as you would want to be treated yourself) and more specific rules (e.g. do not steal) 1192 | - **Applied ethics** goes even further, considering how normative considerations should be applied in specific situations or domains, such as medical ethics, bio-ethics or AI ethics. 1193 | 1194 | So ethical systems or frameworks are concerned with both broad principles to guide ethical thinking, and providing more specific answers to or guidance on a range of ethical questions. 1195 | 1196 | The following is [a useful sense of what ethics is/isn’t from the Markkula Center for Applied Ethics](https://www.scu.edu/ethics-in-technology-practice/overview-of-ethics-in-tech-practice/) 1197 | 1198 | Ethics isn’t: 1199 | 1200 | - Legal/Corporate 'Compliance' (Legal ≠ Ethical; Ethical ≠ Legal) 1201 | - A Set of Fixed Rules to Follow (No fixed set of rules can cover all ethical cases/contexts) 1202 | - A Purely Negative Frame: (“Don't do that! Or That! Or THAT!”) 1203 | - Subjective Sense of Right/Wrong ("You have your ethics, I have mine") 1204 | - Religious Belief ("It's right/wrong simply because my religion says so") 1205 | - Non-moral Customs of Etiquette ("That is just Not Done here") 1206 | - Uncritical Obedience to Authority (“Good Germans'/'Good Americans”) 1207 | 1208 | Ethics Is: 1209 | 1210 | - Promoting objective (but context & culture-dependent) conditions of human flourishing 1211 | - Respecting the dignity of others and the duties created in our relationships to them 1212 | - Living as a person of integrity and principle 1213 | - Promoting beneficial and just outcomes, avoiding and minimizing harm to others 1214 | - Cultivating one's own character to become increasingly more noble and excellent 1215 | - A skillful practice of moral perception, sensitivity, and flexible, discerning judgment 1216 | - Learning to more expertly see and navigate the moral world and its features 1217 | 1218 | The idea of ethics as a practice is important. Ethical principles are valuable, but by themselves achieve little - they are often abstract and not directly actionable. They must be turned into concrete outcomes to have an effect. Although there may be pre-existing approaches and best practices to draw on to do this, in a fast-moving area like ML it is often necessary to think through new ethical challenges to come up with appropriate solutions. 1219 | 1220 | Thankfully, applied ethics also concerns itself with the development of tools to support this type of thinking. In ML ethics, these tools help people facing ethical questions to work them through, moving from principles, to thinking about the impact of particular approaches or technologies, their benefits and potential risks and harms, and how those might be mitigated to ensure the overall ethical and beneficial impact of the approach. 1221 | 1222 | This note will do the same - it will propose a set of ethical principles for Web ML, and offer guidance on how to turn those principles into practice. 1223 | 1224 | For those interested to explore further: 1225 | 1226 | - the Markkula Center has a [useful and comprehensive set of resources](https://www.scu.edu/ethics-in-technology-practice/) devoted to technology ethics and translating principles into practice. 1227 | - The University of Helsinki has a free MOOC on [Ethics of AI](https://ethics-of-ai.mooc.fi/) 1228 | - Another good MOOC is the University of Edinburgh / EdX course [Data Ethics, AI and Responsible Innovation](https://www.edx.org/course/Data-Ethics-AI-and-Responsible-Innovation) 1229 | 1230 | 1231 | ## 1.2 Why and how does ethics apply to machine learning? 1232 | 1233 | It’s clear that ML can have a big impact on people’s lives and experience. So we could ask whether that impact is good or bad, and also how we might act to try to ensure that the impact is good rather than bad. Ethics could help us answer those questions. 1234 | 1235 | Why should we take an ethical approach? Firstly, [it is a deliverable required in the working group’s charter](https://www.w3.org/2021/04/web-machine-learning-charter.html). 1236 | 1237 | But as ethics is the active consideration of what’s good and bad, rather than the uncritical acceptance of rules, it’s worth considering why it should be a deliverable. There are a number of reasons: 1238 | 1239 | - Technology is never neutral - it will always have social and ethical implications. The question is whether these are actively considered and addressed, or not. 1240 | - Given the scale and depth of the impact that AI/ML is anticipated to have, failure to consider the ethical implications could cause (and indeed is already causing) great harm. If technologies are not aligned with the values of the societies they operate in, they risk undermining them. 1241 | - There is clear demand for an ethical approach to ML, seen through activism from civil society, the emergence of >100 sets of ethical AI principles globally, and government moves all around the world to regulate AI. 1242 | - It aligns with the [W3C’s mission and design principles](https://www.w3.org/Consortium/mission): 1243 | - W3C’s mission is to “ensure the long-term growth of the web” - this is unlikely if web technologies create more harm than good 1244 | - W3C design principles include “Web for all” and “Web of trust” which suggest that W3C’s approach to web standards is values-based 1245 | - W3C TAG is developing [Ethical Web Principles](https://w3ctag.github.io/ethical-web-principles/). These are not normative, but provide a more explicit signal that W3C supports an ethical approach to web technologies. 1246 | 1247 | ## 1.3 The universality of the web vs the specificity of ethics 1248 | 1249 | The web is a universal technology, used around the world by people of all different nationalities, races, religions and beliefs. 1250 | 1251 | By contrast, ethical systems are often specific to particular groups or societies - for example religions, professional groups or regions and countries. 1252 | 1253 | Some beliefs may be universal across systems (e.g. a prohibition on murder), but ethical practice may also vary between different systems, cultures and contexts. Ethical principles are sometimes in tension with each other, and different societies might agree different trade-offs and balances. For example they might vary in how they balance the rights of individuals, communities and society, or security and safety and individual privacy. 1254 | 1255 | Negotiating this tension is important when choosing ethical principles for something with global application like web ML standards. Several considerations are important. 1256 | 1257 | Firstly, in common with other fields, ethical ML principles generally operate at a high level of abstraction, allowing them to be more universal. For example, “fairness” is a common principle, but not a specific definition of fairness, leaving that to be negotiated within any particular socio-political context. 1258 | 1259 | In choosing principles, we should take an approach which supports universality. One way to do this is by choosing principles which have evidence of global relevance and support, both through the process of developing them, and their subsequent adoption. 1260 | 1261 | We can also foreground principles which empower users and support their agency and autonomy, so that they can make decisions for themselves, based on their own context and values. 1262 | 1263 | Also, the W3C’s role is as a promoter of open standards, rather than specific technologies or implementations. While standards are not values-neutral, in practice some of the harder ethical questions (where specific values may vary) are more relevant to specific implementations or approaches than to the broader standards. This note offers principles and guidance for implementers and authors to make use of these standards according to their context. 1264 | 1265 | # Appendix 2. Why the UNESCO principles were chosen # {#appendix-unesco} 1266 | 1267 | In response to ethical concerns and cases where ML has caused or contributed to harm, there has been an explosion in recent years of AI Ethical principles - there are now more than a hundred globally ([Linking Artificial Intelligence Principles](https://arxiv.org/abs/1812.04814) provides links to around 90 of them). 1268 | 1269 | They have been developed by actors of all types, from trans-national bodies like the EU, OECD and UNESCO, to large companies, public-sector organizations, academia, private philanthropic concerns, and campaigning and activist groups. 1270 | 1271 | For the W3C Web ML working group, the first question is whether we should develop our own principles from scratch or adopt some already existing ones. Given the scope of the current remit, the resources required for proper stakeholder consultation and management around developing principles from scratch, and the existence of good candidates amongst already published principles, it is proposed to adopt and adapt existing principles. This does not preclude the development of more bespoke principles from scratch in the future. 1272 | 1273 | 1274 | ## General considerations for choosing from existing ethical AI principles 1275 | 1276 | Given the number of existing sets of principles, how should we choose amongst them? 1277 | 1278 | Some key criteria are: 1279 | 1280 | - They should be as universal as possible, as evidenced by: 1281 | - A diverse, global range of stakeholders involved in their development 1282 | - Broad acceptance of the final result 1283 | - They should have good coverage (be as complete as possible, while not unnecessarily broad) as evidenced by: 1284 | - Alignment with key principles found in meta-analyses of AI ethical principles, which investigate a number of sets of principles to look for convergence on common themes. 1285 | - They should align with relevant existing W3C principles and guidance in this space 1286 | 1287 | ## Candidate universal ethical AI principles 1288 | 1289 | For the following evaluations, see our [comparison of the various principles](#appendix-comparison). 1290 | 1291 | Given the requirement for universality, the most likely source is transnational organizations, either governmental or non-governmental. 1292 | 1293 | Some candidates: 1294 | 1295 | - [[UNESCO]] 1296 | - [[EGTAI]] 1297 | - [OECD AI Principles](https://oecd.ai/en/ai-principles) / [G20 AI Principles](https://www.meti.go.jp/press/2019/06/20190610010/20190610010-1.pdf) 1298 | 1299 | Of these, the UNESCO Recommendation stands out as the best candidate because: 1300 | 1301 | - It is the product of an [inclusive, multi-disciplinary, global consultation and development process](https://en.unesco.org/artificial-intelligence/ethics#recommendation), as part of a global institution with non-Western participants (unlike EU) 1302 | - It has been [adopted by all 193 UNESCO member countries](https://news.un.org/en/story/2021/11/1106612) (NB: The US is not part of UNESCO and not a signatory of the new recommendations. But the UNESCO principles align with many developed in the US) 1303 | - It has a good breadth of principles (vs OECD/G20). Compared with the EU principles, it lacks an explicit statement about “Respect for Human Autonomy”. It could be argued that this is implicitly covered by the other values and principles, such as Value 1: **“**Respect, protection and promotion of human rights and fundamental freedoms and human dignity”. But while the other UNESCO Values are made more concrete by the principles that follow, Value 1 is less so, and hence there is less of an explicit commitment to Autonomy. 1304 | - Although UNESCO members are states, the principles are framed broadly enough that they can apply to anyone involved in the AI lifecycle, and the UNESCO guidance refers to ‘AI actors’ as well as states. 1305 | 1306 | ## UNESCO Values and Principles 1307 | 1308 | The UNESCO Recommendation consists of 4 values and 10 principles. According to the recommendation: 1309 | 1310 |
Values play a powerful role as motivating ideals in shaping policy measures and legal norms. While the set of values outlined below thus inspires desirable behaviour and represents the foundations of principles, the principles unpack the values underlying them more concretely so that the values can be more easily operationalized in policy statements and actions.1311 | 1312 | The UNESCO Values are: 1313 | 1314 | - Respect, protection and promotion of human rights and fundamental freedoms and human dignity 1315 | - Environment and ecosystem flourishing 1316 | - Ensuring diversity and inclusiveness 1317 | - Living in peaceful, just and interconnected societies 1318 | 1319 | The UNESCO Principles are: 1320 | 1321 | - Proportionality and Do No Harm 1322 | - Safety and security 1323 | - Fairness and non-discrimination 1324 | - Sustainability 1325 | - Right to Privacy, and Data Protection 1326 | - Human oversight and determination 1327 | - Transparency and explainability 1328 | - Responsibility and accountability 1329 | - Awareness and literacy 1330 | - Multi-stakeholder and adaptive governance and collaboration 1331 | 1332 | ## Sense checking UNESCO for universality 1333 | 1334 | One of the main concerns in terms of universality is that many AI principles are developed from a Western perspective. So the UNESCO principles can be further sense-checked for against a set of non-Western country/region specific principles 1335 | 1336 | - China [Governance Principles for the New Generation Artificial Intelligence--Developing Responsible Artificial Intelligence](http://www.chinadaily.com.cn/a/201906/17/WS5d07486ba3103dbf14328ab7.html) 1337 | - [Dubai AI Principles](https://www.digitaldubai.ae/initiatives/ai-prin) 1338 | - [Japan: Social Principles of Human-centric AI](https://www.cas.go.jp/jp/seisaku/jinkouchinou/pdf/humancentricai.pdf) 1339 | 1340 | [Comparing these principles](#appendix-comparison) (UNESCO with the ones highlighted in orange), we see good general alignment across almost all the principles and values. This is truest for the principles at their highest-level, simplest formulations. The more detailed explanation of some principles reveals particular countries’ more specific policy concerns and emphases which occasionally diverge. This is not a major concern, but suggests we should exercise some caution to avoid being over-specific in fleshing out the principles. 1341 | 1342 | UNESCO also continues to actively consider issues of universality and cultural diversity, and has a number of useful resources including this video on [Shaping AI through Cultural Diversity](https://www.youtube.com/watch?v=AiK0iYZuNS0). 1343 | 1344 | 1345 | ## Sense checking UNESCO for appropriate coverage 1346 | 1347 | To check for completeness and appropriate breadth, we can compare with meta-analyses of AI Principles. There are a number of these, often referring to each other, but the following two provide a good level of coverage and depth. 1348 | 1349 | - [Principled Artificial Intelligence Mapping Consensus in Ethical and Rights - based Approaches to Principles for AI](https://dash.harvard.edu/bitstream/handle/1/42160420/HLS%20White%20Paper%20Final_v3.pdf?sequence=1&isAllowed=y) by Harvard Berkman Klein Centre 1350 | - [The Ethics of AI: Evaluation of Guidelines](https://link.springer.com/content/pdf/10.1007/s11023-020-09517-8.pdf) by Thilo Hagendorf 1351 | 1352 | Here again [we can see](#appendix-comparison) (comparing UNESCO with the ones highlighted in pink) that there is good alignment of the UNESCO principles with the most popular principles that emerge from the meta-analyses. UNESCO covers them all, but is not going too far beyond them - the main differences are that “awareness and literacy” is not among the top principles in either meta-analysis, and “sustainability” does not appear in the Harvard one. 1353 | 1354 |
Relevant for consideration here is W3C’s vision of “One web”, the focus on “web for all” including accessibility and internationalization, and “web of trust”, including security, privacy and trust more broadly. 1367 |
These all map well to the UNESCO Recommendation. Trust is both enhanced by specific principles such as privacy and security, but also as the supporting text of the UNESCO Recommendation points out, by the effective operationalisation of the Recommendation as a whole. 1368 |
Relevant here are the areas of activity of the horizontal review groups, as this is an indication that W3C places a high priority on the values they represent. The key ones are: accessibility, internationalization, privacy and security. 1370 |
As above, these all map well to the UNESCO Recommendation. 1371 |
Architecture is not considered relevant above as an ethical value in itself, but clearly the output of the TAG, especially their Ethical Web Principles, has strong relevance. This is a non-normative document, representing the consensus view of TAG around principles to guide their work, and that of others. 1373 |
[Mapping these principles against the UNESCO recommendations](#appendix-comparison), we can see a good level of overlap. There are two that map less well (The web is multi-browser, multi-OS and multi-device; People should be able to render web content as they want) but this is because of their quite specific technical focus on consumption of the web, so is not considered a problem. 1374 |
Less clear is “the web must enhance individuals control and power” - which seems most aligned with a principle of autonomy, but as noted above the UNESCO recommendation has only an implicit focus on that, with no explicit statement of it as a principle. 1375 |
This is another TAG document which builds on the Ethical Web Principles. Relevant for consideration here are the principles in section 1: put user needs first; safety (including security and privacy and informed decision-making); trust; and meaningful consent. 1377 |
Again these mostly map well to the UNESCO recommendation, with a similar note as above that informed decision-making and consent might sit most comfortably with an explicit principle of user autonomy, but can be accommodated within the other principles. 1378 |
According to this document, it is “intended to be a stronger vision statement for the W3C. This is currently exposed as a work item of the W3C Advisory Board, on the AB wiki” and “builds on the basis of the Technical Architecture Group's excellent Ethical Web Principles.” 1380 |
The values and principles include many of the themes above (accessibility, security, trust), as well as some additional ones which echo the central concerns of ethical ML (transparency, equity, fairness). They generally map well to the UNESCO Recommendation. 1381 |
UNESCO’s principle of “Multi-stakeholder and adaptive governance and collaboration” also aligns well with the articulation of the W3C’s purpose and identity. 1382 |
The area which perhaps maps least directly is W3C’s concern with an interoperable, de-centralized web. 1383 |