TECHNOLOGY AND HUMAN RIGHTS

Co-creating a Shared Human Rights Agenda for AI Regulation and the Digital Welfare State

On September 26, 2023, the Digital Welfare State and Human Rights Project at the Center for Human Rights and Global Justice at NYU Law and Amnesty Tech’s Algorithmic Accountability Lab (AAL) brought together 50 participants from civil society organizations across the globe to discuss the use and regulation of artificial intelligence in the public sector, within a collaborative online strategy session entitled ‘Co-Creating a Shared Human Rights Agenda for AI and the Digital Welfare State.’ Participants spanned diverse geographies and contexts—from Nigeria to Chile, and from Pakistan to Brazil—and included organizations working across a broad spectrum of human rights issues such as privacy, social security, education, and health. Through a series of lightning talks and breakout room discussions, the session surfaced shared concerns regarding the use of AI in public sector contexts, key gaps in existing discussions surrounding AI regulation, and potential joint advocacy opportunities.

Global discussions on the regulation of artificial intelligence (AI) have, in many contexts, thus far been preoccupied with whether to place meaningful constraints on the development, sale, and use of AI by private technology companies. Less attention has been paid to the need to place similar constraints on governments’ use of AI. But governments’ enthusiastic adoption of AI across public sector programs and critical public services has been accelerating apace around the world. AI-based systems are consistently tested in spheres where some of the most marginalized and low-income groups are unable to opt out – for instance, machine learning and other technologies are used to detect welfare benefit fraud, to assess vulnerability and determine eligibility for social benefits like housing, and to monitor people on the move. All too often, however, this technological experimentation results in discrimination, restriction of access to key services, privacy violations, and many other human rights harms. As governments eagerly build “digital welfare states,” incorporating AI into critical public services, the scale and severity of potential implications demands that meaningful constraints be placed on these developments. 

In the past few years, a wide array of regulatory and policy initiatives aimed at regulating the development and use of AI have been introduced – in Brazil, China, Canada, the EU, and the African Commission on Human and Peoples’ Rights, among many other countries and policy fora. However, what is emerging from these initiatives is an uneven patchwork of approaches to AI regulation, with concerning gaps and omissions when it comes to public sector applications of AI. Some of the world’s largest economies – where many powerful technology companies are based – are embarking on new regulatory initiatives with impacts far beyond their territorial confines, while many of the groups likely to be most affected have not been given sufficient opportunities to participate in these processes.

Despite these shortcomings, ongoing efforts to craft regulatory regimes do offer a crucial and urgent entry point for civil society organizations to seek to highlight critical gaps, to foster greater participation, and to contribute to shaping future deployments of AI in these important sectors.

In hosting this collaborative event on AI regulation and the digital welfare state, the AAL and the Center sought to build an inclusive space for civil society groups from across regions and sectors to forge new connections, share lessons, and collectively strategize. We sought to expand mobilization and build solidarity by convening individuals from dozens of countries, who work across a wide range of fields – including “digital rights” organizations, but also bringing in human rights and social justice groups who have not previously worked on issues relating to new technologies. Our aim was to brainstorm how actors across the human rights ecosystem can, in practice, help to elevate more voices into ongoing discussions about AI regulation.

Key issues for AI regulation in the digital welfare state

In breakout sessions, participants emphasized the urgent need to address serious harms that are already resulting from governments’ AI uses, particularly in contexts such as border control, policing, the judicial system, healthcare, and social protection. The public narrative – and accelerated impetus for regulation – has been dominated by discussion of existential threats AI may pose in the future, rather than the severe and widespread threats that are already seen in almost every area of public services. In Serbia, the roll-out of Social Cards in the welfare system has excluded thousands of the most marginalized from accessing their social protection entitlements; in Brazil, the deployment of facial recognition in public schools has subjected young children to discriminatory biases and serious privacy risks. Deployments of AI across public services are consistently entrenching inequalities and exacerbating intersecting discrimination – and participants noted that governments’ increasing interest in generative AI, which has the potential to encode harmful racial bias and stereotypes, will likely only intensify these risks.

Participants also noted that it is likely that AI will continue to impact groups that may defy traditional categorizations – including, for instance, those who speak minority languages. Indeed, a key theme across discussions was the insufficient attention paid in regulatory debates to AI’s impacts on culture and language. Given that systems are generally trained only in dominant languages, breakout discussions surfaced concerns about the potential erasure of traditional languages and loss of cultural nuance.

As advocates work not only to remedy some of these existing harms, but also to anticipate the impacts of the next iterations of AI, many expressed concern about the dominant role that the private sector plays in governments’ roll-outs of AI systems, as well as in discussions surrounding regulation. Where tech companies – who are often protected by powerful lobby groups, commercial confidentiality, and intellectual property regimes – are selling combinations of software, hardware, and technical guidance to governments, this can pose significant transparency challenges. It can be difficult for civil society organizations and affected individuals to understand who is providing these systems, as well as to understand how decisions are made. In the welfare context, for example, beneficiaries are often unaware of whether and how AI systems are making highly consequential decisions about their entitlements. Participants noted that human rights actors need the capacity and resources to move beyond traditional human rights work, to engage with processes such as procurement, standard-setting, and auditing, and to address issues related to intellectual property regimes and proliferating public-private partnerships underlying governments’ uses of AI.

These issues are compounded by the fact that, in many instances, AI-based systems are designed and built in countries such as the US and then marketed and sold to governments around the world for use across critical public services. Often, these systems are not designed with sensitivity to local contexts, cultures, and languages, nor with cognizance of how the technology will interface with the political, social, and economic landscape where it is deployed. In addition, civil society organizations face additional barriers when seeking transparency and access to information from foreign companies. As AI regulation efforts advance, a failure to consider potential extraterritorial harms will leave a significant accountability gap and risk deepening global inequalities. Many participants therefore noted both the importance of ensuring that regulation in countries where tech companies are based includes diverse voices and addresses extraterritorial impacts, but also to ensure that Global North models of regulation, which may not be fit for purpose, are not automatically “exported.”

A way forward

The event ended with a strategizing session that revealed the diverse strengths of the human rights movement and multiple areas for future work. Several specific and urgent calls to action emerged from these discussions.

First, given the disproportionate impacts of governments’ AI deployments on marginalized communities, a key theme was the need for broader participation in discussions on emerging AI regulation. This includes specially protected groups such as indigenous peoples, minoritized ethnic and racial groups, immigrant communities, people with disabilities, women’s rights activists, children, and LGBTQ+ groups, to name just a few. Without learning from and elevating the perspectives and experiences of these groups, regulatory initiatives will fail to address the full scope of the realities of AI. We must therefore develop participatory methodologies that bring the voices of communities into key policy spaces. More routes to meaningful consultation would lead to greater power and autonomy for previously marginalized voices to shape a more human rights-centric agenda for AI regulation. 

Second, the unique impacts that public sector use of AI can have on human rights, especially for marginalized groups, demands a comprehensive approach to AI regulation that takes careful account of specific sectors. Regulatory regimes that fail to include meaningful sector-specific safeguards for areas such as health, education, and social security will fail to address the full range of AI related harms. Participants noted that existing tools and mechanisms can provide a starting point – such as consultation and testing requirements, specific prohibitions on certain kinds of systems, requirements surrounding proportionality, mandatory human rights impact assessments, transparency requirements, periodic evaluations, and supervision mechanisms.

Finally, there was a shared desire to build stronger solidarity across a wider range of actors, and a call to action for more effective collaborations. Participants from around the world were keen to share resources, partner on specific advocacy goals, and exchange lessons learned. Since participants focus on many diverse issues, and adopt different approaches to achieve better human rights outcomes, collaboration will allow us to draw on a much deeper pool of collective knowledge, methodologies, and networks. It will be especially critical to bridge silos between those who identify more as “digital rights” organizations and groups working on issues such as healthcare, or migrants’ rights, or on the rights of people with disabilities. Elevating the work of grassroots groups, and improving diversity and representation among those empowered to enter spaces where key decisions around AI regulation are made, should also be central in movement-building. 

There is also an urgent need for more exchange not only across the human rights ecosystem, but also with actors from other disciplines who bring different forms of technical expertise, such as engineers and public interest technologists. Given the barriers to entry to regulatory spaces – including the resources, long-term commitment, and technical vocabularies imposed – effective coalition-building and information sharing could help to lessen these burdens.

While this event brought together a fantastic and energetic group of advocates from dozens of countries, these takeaways reflect the views of only a small subset of the relevant stakeholders in these debates. We ended the session hopeful, but with the recognition that there is a great deal more work needed to allow for the full participation of affected communities from around the world. Moving forward, we aim to continue to create spaces for varied groups to self-organize, continue the dialogue, and share information. We will help foster collaborations and concretely support organizations in building new partnerships across sectors and geographies, and hope to continue to co-create a shared human rights agenda for AI regulation for the digital welfare state.

As we continue this work and seek to support efforts and build collaborations, we would love to hear from you – please get in touch if you are interested in joining these efforts.

TECHNOLOGY & HUMAN RIGHTS

Prominent human rights expert admitted as amicus curiae in groundbreaking legal challenge to Ugandan national digital ID system

Today, at the High Court of Uganda in Kampala, the Hon. Justice Boniface Wamala issued a decision to admit the application of Professor Philip Alston of New York University School of Law to participate as amicus curiae, or ‘friend of the court’, in a petition for the enforcement of human rights challenging the use of the country’s national digital ID system as a pre-condition to access to public services.

The admission of the amicus application is a critical development in this groundbreaking litigation, the latest in a series of legal challenges that have raised concerns about national digital ID systems in countries including India, Kenya, and Jamaica. This case is one of the first globally to center concerns around social and economic rights. The applicants, three Ugandan civil society organizations, argue that the national digital ID system suffers from persistent and severe gaps in coverage, and its integration with the country’s social welfare programs has resulted in the exclusion of vulnerable and marginalized individuals from fundamental services such as social protection and healthcare.

“Given the importance of the national digital ID system and its mandatory usage, it is imperative that it is fully inclusive. All Ugandans, regardless of age or economic status, must be able to access their social welfare benefits,” said Professor Alston. “Today’s decision by the High Court is an important and welcome step in that direction.”

In a 32-page brief, Professor Alston seeks to assist the court in analyzing some of the novel legal questions at the heart of the case. He calls attention to the obligations of the Government of Uganda under international human rights law, the serious consequences that digital and non-digital barriers to public services may have on the enjoyment of rights, and the high burden of proof that falls on the government to justify any measure that leads to exclusion. The brief also emphasizes the need to ensure equal treatment and non-discrimination in the enjoyment of these rights, particularly given the high risk that any negative impacts of the digital ID system will continue to fall disproportionately on poor and marginalized groups.

“As many governments turn to digital ID systems to mediate access to essential public services, there is an urgent need for courts to ensure the protection of economic and social rights,” said Professor Alston.

Setting aside the objections of the two government respondents, the Attorney General and the National Identification & Registration Authority, Judge Boniface Wamala stated that the “positive benefits of the intervention as amicus curiae outweighs any possible opposition from the parties in the main cause. It is in public interest, the interest of justice, the protection and progressive development of human rights and socio-economic reform that the leave sought in the application is granted.”

“The court and by extension the multitude of Ugandans whose human rights the main petition is fighting to protect shall benefit from the input and expertise that Prof. Philip shall contribute in its adjudication,” said Counsel Elijah Enyimu, who represented Professor Alston. “The contents of the amicus brief shall be elucidatory on the standards and protections necessary for the realization of ESCR in Uganda.”

The Applicants and Respondents will be back in court to argue their cases on April 5, 2023. In the meantime, those who have missed out on social protection payments or been turned away from health centers due to their inability to access the national digital ID will continue to wait for a judicial decision.

This post was originally published as a press statement on March 24, 2023. 

TECHNOLOGY & HUMAN RIGHTS

The Aadhaar Mirage: A Second Look at the World Bank’s “Model” for Digital ID Systems 

Drawing inspiration from India’s Aadhaar system, the World Bank is promoting a dangerous digital ID model in the name of providing “a legal identity for all.” But rather than providing a model, Aadhaar is merely a mirage—an illusion of inclusiveness, accuracy, and universal identity.

Last month saw the publication of a report on the World Bank’s ill-conceived approach to digital ID, described as “essential reading for all concerned about human rights and development” by former UN Special Rapporteur on Extreme Poverty and Human Rights Philip Alston. As the press release summarizes:

“Governments around the world have been investing heavily in digital identification systems, often with biometric components (digital ID). The rapid proliferation of such systems is driven by a new development consensus, packaged and promoted by key global actors like the World Bank, but also by governments, foundations, vendors, and consulting firms. This new ‘manufactured consensus’ holds that digital ID can contribute to inclusive and sustainable development—and is even a prerequisite for the realization of human rights.”

The report argues that India’s digital identification system has been central to the formation and promotion of this consensus. This has also been increasingly clear to me in my experience as an economist and identity management consultant who has provided advisory services to the World Bank. For the World Bank—and particularly its Identification for Development (ID4D) cross-sectoral practice—the Indian system, named Aadhaar, has become the singular answer to development and a key source of inspiration. This continues irrespective of the body of evidence which shows how poorly a “fit” the Aadhaar system is for identity management in India, and even more so elsewhere. Aadhaar represents a mirage: it is not evidencing the universality, inclusiveness, unprecedented enrollment speed, meaningful legal identity, nor accuracy that it is claimed to represent.

The World Bank’s own data on the completeness of ID systems displays the “20/80-rule”: the overwhelming odds are that digital ID systems not building on a functional civil registration system (in which births, deaths, marriages and so forth are recorded) will exclude 20% or more of (mostly vulnerable) people, or they will take at least 80 years to cover all. Many developing countries often abandon underperforming ID-systems obtained at great cost, only to launch new and even more sophisticated systems. Instead of using existing service infrastructure for civil registration, new digital ID systems are rolled out through a quick fix “mobile campaign,” held once or twice, with mobile enrollment kits and temporary enrollment staff. But this invariably leaves a coverage and service void behind.

But what about Aadhaar, then? Hasn’t Aadhaar enrolled almost all of the Indian population (1.29 billion by March 2021, out of 1.39 billion), in just a decade (from September 2010­), at minimal cost (USD $1.60/enrollment)? If one believes the data from the Unique Identification Authority of India (UIDAI), then yes. But independent data are unavailable; UIDAI controls the message—even the Comptroller and Auditor General of India (CAG) had to use UIDAI data for its first ever audit of Aadhaar. Still, CAG found that UIDAI’s operational and financial management have been utterly deficient. Claims about Aadhaar’s impressive coverage and universality might, then, be questionable. Neither is the database accurate: the Aadhaar system has no way of weeding out dead enrollees (about 80 million in 10 years) or people leaving India (including Indian citizens). CAG also found UIDAI’s digital archiving and its collection and storage of the physical documents that back up enrollments to be inadequate.

Furthermore, claims about the uniqueness guaranteed by biometric technologies within Aadhaar are also illusory. There is no uniqueness for the approximately 25 million children under five years old enrolled in the database. Multiple Aadhaars were issued to the same persons, while different Aadhaar numbers associated with the same biometric data were issued to multiple people. Fingerprint authentication success for 2020-21 was only (an unverifiable) 74-76%. This may well be the canary in the coalmine, indicating exaggerated coverage claims for Aadhaar. Indeed, a Privacy International study explains the very statistical impossibility of a unique biometric profile in a population of 1.39 billion people. Rather, each Indian person has an average of 17,500 indistinguishable biometric “doubles.”

These claims about the benefits of biometrics have far-reaching implications as Aadhaar is linked to other areas of governance. A new law provides for the use of Aadhaar to verify the electoral roll. Weeding out “ghost entries” when the uniqueness and de-duplicated nature of the Aadhaar database is disproved is a doomed exercise, and represents another potential threat to India’s democracy.

Aadhaar’s “big numbers” are a mirage too. Proponents claim that over a billion were newly enrolled at record speed at low cost. But this is not as unprecedented as is suggested. For elections in India, 900 million voters are registered or verified every five years—which tops Aadhaar’s enrollment accomplishment. And India’s bureaucracy has long provided multiple forms of documentation; for proof of identity, date of birth, and address, enrollees can choose from a menu of no less than 106 valid documents. Less than 3 in 10,000 enrollees lacked valid ID prior to Aadhaar enrollment by 2016. The Aadhaar system is a duplication which simply adds on biometrics—which, as we saw, are not the holy grail they are claimed to be. To suggest that other countries, which do not have this multitude of breeder documents and existing enrollment capacities, can copy the Aadhaar approach and obtain widespread coverage, is an illusion.

In respect of claims that Aadhaar brings down costs and increases efficiencies: these costs are applicable only in India. I have found that digital ID systems in many African countries cost 5 to 10 times more per capita than India’s ID system. The high failure rates of ID-systems in many developing countries add to the unbearable costs for poorer countries and their more vulnerable people.

This cries out for a better identity management model—one that is centered around citizenship, with civil registration as the foundation, which seeks to guarantee rights. A model closer to northern European identity management systems comes to mind, or one that is already in use in South Africa. Such systems stand in contrast with Aadhaar, which seeks to side-step the “pesky political issue” of citizenship. This is perhaps the most serious and dangerous element of the mirage: Aadhaar only provides an “economic identity” (with rights limited to government hand-outs, and “voluntary” use for private services), which aims to facilitate economic transactions and private sector service delivery. The UIDAI, then, insists that Aadhaar has “nothing to do with the citizenship issue.”

But Aadhaar’s “citizenship-blindness” is make-believe. Enrollment into Aadhaar was selective in Assam state, for example, where the issuance of digital ID was linked to citizenship determinations. Suddenly, Aadhaar proved to be an exclusionary “citizenship ID” after all. Aadhaar has dangerously played into worrying trends, such as the Citizenship Amendment Act and widespread lack of proof of citizenship—all while proponents claim that it is a model of how to achieve “legal identity for all.”

Aadhaar proves to be a mirage that we see while traveling on “the road to hell,” which is paved with imaginary intentions and is leading to a deadly development destination. Its presentation as a “model” digital ID system should be urgently reconsidered.

July 14, 2022. Drs. Jaap van der Straaten, MBA, is an economist and identity management consultant. In 2016­–2017, he provided advisory services to the World Bank’s ID4D practice. He has published extensively on Elsevier’s SSRN and ResearchGate.