SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

How to ensure ethical deployment of AI implementations

By Contributor
Wed 18 May 2022

Article by Eliiza general manager, Natalie Rouse Ganderton.

The significant increase in automation and machine technology such as AI and machine learning has undoubtedly unlocked a whole new level of scale and service to organisations. 

We likely all expect that one of the advantages of AI is the opportunity to remove human-led biases and improve discrimination against minority groups. However, when managed poorly, AI can further entrench discrimination by embedding bias in its algorithms.

Today, machines routinely decide whether we're eligible for a mortgage or subject to surveillance by law enforcement agencies or insurance companies seeking to crack down on fraud. Their reach even extends to deciding which adverts you see online — including that job advert for a highly paid job role. 

There are many organisations where AI in automated systems is not well documented or understood. It's time for automated decision making to step out of the shadows and be held accountable.

When automated decision-making impacts people's lives, either directly or indirectly, and machines can discriminate in harmful ways, organisations must sit up, pay attention and act to ensure AI is implemented as ethically as possible.

First steps

Businesses and government organisations alike should be striving for the highest levels of protection against harm from any machine technology they deploy. At the start of any automation project, organisations must undertake legal, privacy, and ethical impact assessments to confirm the risks are well understood and can be mitigated satisfactorily. This also ensures the most appropriate solution is selected to establish an acceptable risk level while also delivering value. 

The sign-off on these assessments should sit with a multi-disciplinary objective review panel with the power of veto over any problematic aspects of a project, including the manner of deployment, the level of automation and the opportunity for recourse. The deployment must be a collaborative process between the data/technology teams and the business leadership team to operationalise best in practice ethics within data and analytics.

Deployment

There is some strong advice for good practices for designing and implementing machine technology outlined in the ombudsman's report. Still, we believe all organisations are obliged to consider the following best practices as a minimum:

  • The ethical considerations of fairness, transparency, non-maleficence, privacy, respect for autonomy and accountability dictate that any organisation implementing any machine technology must ensure it performs to the highest levels of accuracy for all affected groups;
  • That there is a mechanism to explain any decisions based on the output of a model or system; 
  • That there are processes to detect & mitigate harmful outcomes
  • That people can give informed consent to participate in the process
  • That there are mechanisms to contest any outcomes perceived as unjust. 

The development and deployment of any machine technology should be iterative, starting with an ethical review of the accuracy against historical data, ensuring performance is consistent across the sample population. If there are groups for which the performance is substantively worse, more data must be sought to ensure adequate representation for all groups. 

Where the risk of harmful consequences is identified, deployment should be similarly iterative and cautious, starting with human-in-the-loop solutions to ensure human oversight while confidence is gained in the performance of the model or system.

This is not to say that the human decision-making process is infallible; it merely offers an opportunity to understand and interrogate outputs before deployment. This process should be done with the most trusted operators to reduce the likelihood of human bias being reintroduced to the process. Additionally, everybody involved in the process should have undertaken unconscious bias training.

Once in production, any machine technology's ongoing accuracy and performance must be measured and monitored on an ongoing basis. This performance should be reportable and visible across the organisation, alongside existing KPIs.

Review

Any organisation implementing algorithmic decision making needs to have an objective ethical review process encompassing both quantitative and qualitative considerations. Model performance should be monitored against these ethical metrics to understand any anomalies in performance for minority groups as well as any change in performance over time. The model can then be adapted and adjusted on an ongoing basis as part of the operational process.

While the implementation may seem daunting, organisations must uplift their understanding and operationalisation of ethical considerations in their AI and machine learning projects. Businesses should be adopting a 'question - review - measure – improve' approach to managing the performance and impact of their automated decision making to ensure ethical outcomes. 

Related stories
Top stories
Story image
Internet of Things
Domino's Pizza: A blueprint for secure enterprise IoT deployment
Increasingly, organisations are embracing smart technologies to underpin innovations that can enhance safety and productivity in every part of our lives, from industrial systems, utilities, and building management to various forms of business enablement.
Story image
Artificial Intelligence
Abnormal Security finds financial supply chain under threat
New research by Abnormal Security has found a rising trend in financial supply chain compromise as threat actors increasingly impersonate vendors.
Story image
Amazon Web Services / AWS
Zscaler, AWS accelerate onramp to the cloud with zero trust
Zscaler has announced an extension to its relationship with Amazon Web Services, as well as innovations built on Zscaler's Zero Trust architecture.
Story image
Cybersecurity
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
Collaboration
Why the success of client collaboration projects depends on addressing these five warning signs
New tools, applications, and software have enabled project collaboration to continue remotely, both between employees within an organisation and with its clients.
Story image
DDoS
Q1 DDoS and application attack activity reveals surprise result
The cybersecurity threat landscape in the first quarter of 2022 represented a mixed bag of old enemies and new foes. New actors dominated the DDoS threat landscape while application security faced tried-and-true attack vectors.
Story image
Cloud
SonicWall recognises partners and distributors at FY2022 partner awards
SonicWall has recognised its distributors and partners for their efforts in producing the company’s most successful year to date.
Story image
INTERPOL
Hundreds arrested, millions seized in global INTERPOL investigation
A two-month-long investigation by INTERPOL this year involved 76 countries and clamped down on organised crime groups behind telecommunications and social engineering scams.
Story image
Cloud
Exabeam expands investment in Google Cloud in fight against cyber threats
The move opens up limitless data ingestion, speed, and scale opportunities for worldwide security teams in their ongoing fight against cybersecurity attacks.
Story image
Yubico
New research shows global drive for passwordless authentication
A new study has shown there has been a significant shift towards wanting a passwordless future, but adoption is still in its infancy.
Story image
Malware
Decline in mobile malware but hackers show growing sophistication
"It may seem that cybercriminals are becoming less active because of decreased mobile malware attacks. But it does not necessarily mean we are safer."
Story image
Manufacturing
Sternum joins NXP, collaborates on IoT security and observability
Sternum has announced it has joined the software partner community of NXP Semiconductors, a manufacturer of and large marketplace for embedded controllers.
Story image
Cybersecurity
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Cybersecurity
Kaspersky opens three new centers to boost data management
Cybersecurity company Kaspersky has opened three new Transparency Centers, one in Japan, the second in Singapore and the third in the United States.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Apple
LastPass announces new capability for iPhones and iPads
LastPass has announced its new save and fill experience, allowing customers to fill in, create and save their credentials directly within the site's form field.
Story image
Ransomware
Rapid7 report examines use of double extortion ransomware attacks
New insight into how attackers think when carrying out cyber attacks, along with further analysis of the disclosure layer of double extortion ransomware attacks, has come to light.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Rimini Street
Today we welcome back Daniel Benad, who is the GVP & regional GM for Oceania at Rimini Street.
Story image
Cybersecurity
Palo Alto Networks named Google Cloud technology partner of the year for security
Palo Alto Networks was recognised for helping organisations rapidly transform security operations for future success.
Story image
SaaS
Commvault's SaaS division experiences notable growth
Commvault has revealed the global momentum that its SaaS division Metallic has experienced since its launch two years ago.
Story image
Cybersecurity
Greater API usage raises concerns for protection - report
Radware has released its 2022 State of API Security report, which shows a rise in APIs, with 92% of the organisations surveyed significantly or somewhat increasing their usage.
Story image
APAC
Aqua Security launches cloud native security SaaS in APAC
Aqua Security has announced the general availability of cloud native security SaaS in Singapore, serving the broader APAC region.
Story image
Network Security
Netskope announces zero trust network access updates
Customers can now apply zero trust principles across a range of hybrid work security needs, including SaaS, IaaS, private applications, and endpoint devices.
Story image
Cybersecurity
Trend Micro unveils dedicated security for electric vehicles
The cybersecurity company has announced VicOne - dedicated security for the electric vehicles and connected cars of today and tomorrow.
Story image
Zscaler
Securonix partners with Snowflake, Zscaler in joint venture
Securonix is embarking on a joint technology integration with Snowflake and Zscaler to speed up threat detection and response at cloud scale.
SonicWall
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Digital Transformation
Cybersecurity priorities for digital leaders navigating digital transformation
In recent years, Asia-Pacific has especially been a hotspot for cyberattacks, and as we continue into 2022, it’s evident that the problem is becoming more significant.
Story image
Compliance
OCEG survey shows demand for connected GRC systems
The survey also revealed that many organisations lack visibility and connected processes to manage the increased velocity and volume of risks. 
Story image
Identity and Access Management
Ping Identity launches corporate venture capital fund
Ping Identity has launched a corporate venture capital fund to foster innovative offerings for the identity security market.
Story image
SaaS
Varonis strengthens security capabilities for AWS and S3
Varonis has strengthened and expanded its cloud and security capabilities, with a critical aim of improving safety and boosting data visibility in Amazon Simple Storage Service (S3).
Story image
Cloud
QuSecure partners with DataBridge Sites to showcase platform
QuSecure has partnered with DataBridge Sites to showcase its Quantum-as-a-Service (QaaS) orchestration platform, QuProtect.
Story image
PagerDuty
Ready for anything with the PagerDuty Operations Cloud
In a world of digital everything, teams face increasing complexity. Ever-growing dependencies across systems and processes put customer and employee experience, not to mention revenue, at risk.
Story image
DDoS
Flashpoint unveils security offering for school boards
Flashpoint has released its K-12 risk management and security offering to provide school boards and education security practitioners with tools to recognise, prevent and manage cyber and physical threats.
Story image
APAC
Digital resilience big concern for 95% of APAC businesses
A10 Networks finds of the 250 APAC businesses surveyed, 95% of them are very concerned about all aspects of enterprise digital resilience.
Story image
Ransomware
More than 90% of cyber attacks made possible by human error
The data are clear, with cyberattacks on the rise in recent years and the cybersecurity situation increasingly complex. 
Story image
Data Protection
Thales solution supports DevSecOps teams with data protection
Thales' CipherTrust Platform Community Edition enables DevSecOps teams to deploy data protection controls into multi-cloud applications faster.
Story image
Secure access service edge / SASE
Cloudflare adds new capabilities to zero trust SASE platform
New features for Cloudflare One include email security protection, data loss prevention tools, cloud access security broker, and private network discovery.
Story image
Cybersecurity
New survey uncovers critical OT security challenges
While industrial control environments continue to be a target for cyber criminals, there are widespread gaps in industrial security.
Story image
Data resilience
Digital resilience in 2022 - A10 Networks releases new study
Of the 250 corporate organisations surveyed, as many as 95% showed high levels of concern for all aspects of enterprise digital resilience.
Story image
Collaboration
IT and security team collaboration crucial to data security
Many IT and security decision makers are not collaborating as effectively as possible to address growing cyber threats.
Story image
Cybersecurity
ConnectWise reveals cybersecurity updates and partnerships
ConnectWise has unveiled new updates to its services and highlighted the importance of cyber insurance at its IT Nation Secure conference.
Story image
Tech job moves
Tech job moves - Boomi, Limepay, Thales, VMware & Zoom
We round up all job appointments from June 6-16, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Cybersecurity
Schneider Electric and Claroty launch building security solution
Schneider Electric has announced the launch of Cybersecurity Solutions for Buildings, a solution designed to help buildings customers secure BMS.
Story image
Manufacturing
Cyber attacks on industrial assets cost firms millions
Some 89% of electricity, oil & gas, and manufacturing firms have experienced cyber attacks impacting production and energy supply over the past year.