EU lawmakers held their first political debate on the AI Act on Wednesday (5 October) as the discussion moved to more sensitive topics like the highly debated issue of biometric recognition. The AI Act is a landmark EU legislation intended to regulate Artificial Intelligence introducing a series of obligations proportional to the potential harm of the technologies’ applications. So far, the co-rapporteurs of the European Parliament, the social democrat Brando Benifei and the liberal Dragoș Tudorache have limited the discussion to the more technical aspects, hoping to build momentum before addressing the more political hurdles. This approach was not without its successes since the file progressed in several parts. In the meeting, the MEPs formally agreed on the first two batches of compromises on administrative procedures, conformity assessment, standards, and certificates. Some significant parts of the third batch on obligations for high-risk systems were also endorsed.
However, most of the political meeting in Strasbourg on Wednesday was dedicated to highly sensitive topics such as the scope of the AI regulation and the restraints to the use of biometric recognition, a much-debated technology that allows identifying a person by its face or other personal traits. As expected, the most passionate part of the debate was on biometric recognition systems. Ahead of the meeting, the co-rapporteur shared an agenda, including a proposed rewording of the article on prohibited practices. In the initial draft, the European Commission proposed banning subliminal techniques, exploitation of vulnerabilities, social scoring, and real-time biometric identification systems. However, the latter prohibition had some remarkable exceptions, when it came to identifying kidnapping victims, preventing imminent threats such as terrorist attacks, and flagging criminal suspects.
Progressive lawmakers and civil society organizations have harshly criticized this approach, contending that these exceptions could open the door to more generalized surveillance. The leading MEPs have now put that in black and white while leaving the other prohibited practices untouched.
The article now forbids “placing or making available on the market, the putting into service or use of remote biometric identification systems that are or may be used in publicly or privately accessible spaces, both offline and online.” Notably, the text removes the reference to real-time, extending the ban to ex-post identification, affecting some of the most controversial cases, such as face-scraping company Clearview AI. Another significant extension is to private spaces, clarifying that the ban also applies to the online sphere. The complete ban would go along with a resolution adopted in October last year when the center-right European People’s Party (EPP) was largely isolated in its calls for giving law enforcement some leeway in using these tools.
The scope of the AI rulebook is another sensitive topic. The co-rapporteurs proposed an exemption for public authorities in third countries and international organizations that use the AI in the context of international cooperation or judicial cooperation agreements and if they are covered by a data adequacy decision or an agreement on fundamental rights. This compromise falls somewhere in the middle between progressive MEPs asking for stricter fundamental rights safeguards – which are not necessarily covered by data adequacy decisions – and center-right lawmakers favoring a broader exemption for third countries.
Moreover, the leading MEPs suggested that the regulation would not affect the EU’s data protection rules, including those related to law enforcement, the European regime on consumer protection and product safety, national labor law, and purely research and development (R&D) activities. The R&D exemption was particularly discussed. According to one official, the issue here is more on the wording, as no one wants to provide a loophole. For a second parliamentary official, on the issue of scope, there is a general recognition that every group needs to renounce something. Therefore, the text needs to be looked at comprehensively. The initial Commission’s draft included an obligation for the providers of AI systems most likely to cause harm to be registered in an EU database. The compromise amendments proposed extending that obligation to users that are public authorities and to anyone who makes a substantial modification to the system. The EPP and Greens disagree with such wording, but each group for opposite reasons.
Meanwhile, in Russia, The Moscow city government's IT department plans to build a unified system for processing footage from security cameras throughout Russia by mid-December. The project will reportedly allow authorities to use Moscow's facial recognition technology to identify people caught on tape in every region of the country.
The Moscow Department of Information Technologies (DIT) plans to deploy a platform for the centralized collection and analysis of video data from surveillance cameras nationwide. It is expected that this will increase the effectiveness of search activities and help improve the security situation in general. As informed Kommersant newspaper, information about the project is contained in the state contract published by DIT on the RTS-Tender site. The idea is to modernize the unified data storage center (ECSD) of the capital’s mayor’s office, on the basis of which the face recognition system operates. The amount of the contract is 43.3 million rubles, and the deadline for completing the work is until December 16 of the current year. But, as experts note, such a small amount is likely to be allocated only for design work, and the modernization itself can be much more expensive.
After the expansion of capacities, the metropolitan data center will be able to receive and process data from video surveillance cameras installed throughout Russia. Centralization is expected to make facial recognition services more sustainable. In addition, the initiative will help solve the problem of lack of funds and capacities in the regions. The fact is that now not all subjects of the Russian Federation have the necessary financial and hardware resources to create a platform for storing and analyzing video materials. At the same time, the Moscow DIT is able to solve this problem on a national scale.
The surprise is that everyone is against it. European Parliament calls loud and clear for a ban on biometric mass surveillance in AI Act. Each political group of the European Parliament has submitted several hundred amendments, bringing the total to several thousand. One of the most controversial topics is definitions. What practices to prohibit remains divisive. Green MEPs want to ban biometric categorization, emotion recognition, and all automated monitoring of human behavior. Liberals have joined the Social Democrats and Greens to advocate a complete ban, eliminating the exceptions included in the European Commission’s original proposal such as the prevention of terrorist attacks or the identification of a missing person. Conservative lawmakers want to narrow the list of high-risk use cases, excluding software designed to assess creditworthiness, among others. Futuristic metaverse applications are under the microscope. Advertising software is also controversial. The amendments to the IMCO - LIBE Committee Report for the Artificial Intelligence Act clearly state the need for a ban on Remote Biometric Identification. In fact, 24 individual MEPs representing 158 MEPs, demand a complete ban on biometric mass surveillance practices. Now we need to keep up the pressure at European and national levels to ensure that when the AI Act is officially passed, likely in 2023 or 2024, it bans biometric mass surveillance. Europe could become the last line of resistance, but we all know that it is a battle with windmills.
ReplyDelete