In conversation with Kazim Rizvi on AI, privacy and cross-border data flows

Published December 19, 2018   |   

I had a chance to interview Kazim Rizvi, a public policy entrepreneur and founder of an emerging policy think-think, The Dialogue. Kazim has delivered multiple research projects and public discourses around technology policy at The Dialogue. A prominent speaker at stakeholder consultations and roundtables organized by various civil society institutions in India, he previously worked in the office of Mr. Jay Panda and then lead energy policy communications at the British High Commission, New Delhi. Kazim is the Co-Chair of the public policy division at The Indian National Bar Association.

Can you give us a quick introduction about ‘The Dialogue’ and what do you try to do through this initiative?

The Dialogue is an emerging public-policy think-tank with a vision to drive a progressive narrative in India’s policy discourse. Founded in 2017 by a few frustrated Indians, we believe in facilitating well-researched policy debates at various levels to help develop a more informed citizenry, on areas around technology, strategic affairs, sustainability and development issues.

Our aim is to enable a more coherent policy discourse in India backed by evidence and layered with the passion to transform India’s growth, to help inform about public policies, analyses the impact of governance and subsequently, develop robust solutions to tackle our challenges and capitalize on our opportunities. To achieve our objectives, we deploy a multi-stakeholder approach and work with the Government, academia, civil society, industry, and other important stakeholders.

Kazim Rizvi

Kazim Rizvi, founder of emerging policy think-think, The Dialogue.

We are trying to drive innovation in India’s policy ecosystem by giving greater emphasis to research-driven discourses that are well-informed. I think our efforts lie in not only producing good research but also ensuring that the research reaches the right people, the right stakeholders, informs them for progressive policy change and also raises general awareness in the public so that the people are also well-educated. Which is why we focus on writing in the simple language, so that we can build the capacities of our people, as well as our stakeholders. All these things happen currently, but in silos. We are making attempts to bring it all together and connect each and every thread for greater impact.

Recently in a conference on AI, privacy and cross-border data flows, you released a paper titled “Intersection of Artificial Intelligence with Cross-Border Data Flow and Privacy” and it suggests that cross-border tranfer of data is imperative to drive AI growth in the future. Can you explain this with examples and why?

Fundamentally, AI relies on mining large data sets to come up with predictive analysis and insights. Analytics analysis these sets to uncover hidden patterns, correlations and new insights. It helps business to stay competitive by making smarter choices, enhance efficiency and subsequently improve productivity, which leads to greater profits and market capitalization. In order to achieve this, organizations must be able to collect data from across regions to achieve a complete picture of their operations. Every day, large amounts of data flow through the internet, over borders and between individuals, firms, and governments to power the internet and associated technologies. This data may originate from many sources located in multiple jurisdictions, making it imperative that data can move freely across borders. A growing portion of these data flows used to fuel AI applications. For example, if you ask Watson, IBM’s AI-powered super-computer to diagnose rare forms of cancer, it must first sift through some 20 million cancer research papers and draw meaningful conclusions by connecting various large data sets across multiple countries.

Companies across borders can drive up sales based on the pattern of data collected from each jurisdiction. Emerging technologies such as the Internet of Things rely heavily on cross-border data flows – the network of sensors and connected devices that power it is distributed across multiple jurisdictions, as well as machine learning technologies, that depend on access to large and varied datasets, as well as raw computing power, both of which may have to be sourced from another country or, indeed, more than one country.

Numbers alone might not do the impact of cross-border data flows. Because in shrinking the time and effort to communicate or conduct transactions globally, these flows have transformed industry on a fundamental level. Business Roundtable, self-defined as an association of CEOs of leading American companies, identified six mechanisms through which cross-border data flows help businesses in other sectors, namely, interconnected machinery, back-office consolidation, supply-chain automation, digital collaboration, cloud scalability, and big data analytics. These flows do not just impact the technology sectors in their respective countries but go on to affect other sectors as well.

You also talk about ensuring high-level privacy standards in AI deployment for India to emerge as a leader in AI. What are the key challenges right now in ensuring privacy standards and how can we overcome this?

For AI to function, it must retain and process enormous amounts of data, which, conceptually, may affect privacy. This is because AI learns from large data sets and has the ability to compare the datasets it processes. In sum, the more data that AI processes, the harder it is to de-identify. So, if you feed an AI enough data, it could become meaningless to try and anonymize the sets of data. Choosing to limit the data that AI processes would limit its effectiveness to solve problems and develop insights. For instance, placing limitations on the data that can be retained will interfere with the effective assessment and the oversight of AI. Firstly, withholding datasets from AI could lead to biased results and may not reflect a complete picture. Also, if you restrict access to features such as race and gender, it becomes much more difficult (perhaps impossible) to determine if the AI model is a biased one according to those dimensions

We studied this aspect more closely and our findings suggest that it is not only possible to marry AI with privacy, in the medium and long-term, enabling ‘privacy by design’ for AI development will support the deployment of this technology and will also enhance economic growth. So, privacy is also going to be a critical component around the development of AI in the future. Rather than a challenge, it is an opportunity we must start to leverage.

Privacy and AI can not only complement each other but also enhance the overall output while at the same time providing consumers the best user experience.

AI is proliferating, so it is necessary to embed privacy and appropriate technical and organizational measures for it into the process, so privacy issues do not affect its growth negatively but instead lead to positive outcomes. Fundamentally, data protection should be given due consideration ‘in all stages of development.’ By embedding privacy into systems and operations, we can best prevent harm from arising and avoid data breaches. There are multiple techniques that could support organizations to embed privacy by design and at the same time maximize AI potential.

Consumers should get “accessible, clear, meaningful data privacy and security notices.” Consumers should be given choices about “collection, use, sharing, retention, and deconstruction of data.” Further, the data collector should collect and keep the data for as long as necessary/required to achieve legitimate business purposes. However, the notices mentioned are termed as ‘privacy fatigue’ since very few people read or understand these notices. Privacy notices should be written in plain English, with an average person in context. Most of the people now are younger and prefer new and innovative ways of gathering information. At the same time, techniques such as Differential Privacy, Homomorphic Encryptions and General Adversarial Networks should be deployed in AI technology processes. Another privacy enhancing and data protection measure which should be taken is of certification schemes and privacy seals to help demonstrate the compliance by organizations.

So, for continued AI growth, it is fundamental that its deployed with ‘privacy by design’ in mind. Presently, we are still in the nascent stages, worldwide, of AI development, and this is the right time to ensure that AI technologies marry global privacy laws.

Where does India, as a nation, stand in this AI ecosystem in terms of adaption and innovation of this new technology? Of course, we hear a lot about Indian startups using some form of AI and the startup ecosystem is soaring with the unfolding of opportunities in the areas of banking & finance, healthcare, agriculture, eCommerce, autonomous driving, and eGovernance. What is your view on this?

India certainly is one of the leading nations when it comes to the adaptation of this technology. Around development of AI though, we still have a long way to go. What we need is to develop our own capacities to develop AI enabled tech to meet our domestic requirements. There needs to be a Make in India only for AI that leverages on this opportunity. Indian startups and other institutions are indeed using AI, but I think we are lacking on innovation which is where the focus needs to shift. To innovate, you first need to learn how it’s done, then deconstruct the process and reconstruct it basis your learnings. To achieve this, we need to be integrated with other economies so that we are able to use such learning to our advantage. A critical component to facilitate this is access to data flows from around the world. Tech innovations don’t happen in silos and by closing ourselves to global trends. Our best and the smartest technologists, data scientists, coders – they all need a platform that allows them to interact with the world, which is why we emphasize on enabling cross-border data flows and maintaining the open culture of the internet.

The tech world is undergoing a sweeping global data protection reforms, driven solely by the European Union’s General Data Protection Regulation (GDPR) and in India, we are yet to see the true impact of the new regulations. What are your insights and recommendations to create a better framework that protects the fundamental right s of every citizen?

I think Government of India has done a terrific job by getting a debate on privacy going on through the Personal Data Protection Bill 2018 that is undergoing stakeholder consultation at the moment. We have indeed taken a start, although the road is less traveled and there are going to be bumps and cracks on the way. Presently, the Bill is not in the shape and form for implementation, but that is a true hallmark for a functioning democracy, that all voices are stating their opinions and I hope the government listens to all stakeholders, weighs the pros and cons before going ahead with the draft.

There are issues around exception to consent, independence of the data protection authority, surveillance, penalties, and data localization. Specifically, on localization, evidence suggests that it will not only harm the economy but will also undermine the privacy and security of our own data. We did a study on this that is available in the public domain, and it appears that startups, small businesses, and young innovators will be the most affected by localization. Not only will localization hurt our GDP (up to 1% of growth curve), it may impact our ease of doing business rankings.

In order to create a more robust privacy framework in India, I think we must address these red lines that are mentioned and in order to drive effective implementation, stakeholders need to develop more trust and confidence.

What is going to be the future of AI in the next five years?

There was a show in the 90s called Small Wonder where the robot named Vicky was the handiest support to the family who owned it. Will be able to replicate it in the next five years? I don’t think so. Are we getting there? Yes, I do think we are. At the same time, however, we must be wary of the ethical and legal concerns that are there and refine the technology in such a way that we control AI’s functionality.

I think AI will get much more integrated than what we see today, in our daily lives, our communications, businesses and just basic tasks. We may see AI doing more advanced research, generating much better insights so that businesses can innovate better, creating safer infrastructure, helping govt. In law enforcement, plugging gaps in policy implementation, helping greater interaction between the recipients and provides of a product/service. The impact AI will have will be even more fundamental with what we are witnessing today, and I predict that in the coming years it will become a part of our lives just like mobile phones have become.