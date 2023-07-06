You have to hand it to the good folks at the Digital Transformation Agency for their impeccable sense of timing.

On the eve of the Royal Commission into the Robodebt Scheme report being tabled, the now Department of Finance-headquartered technology supermarket and advice shop has issued whole-of-government interim guidance on the use of Generative Artificial Intelligence (AI) in the public sector.

It’s an important development for the public service because apart from the usual security-related alerts, warnings and bans from the Australian Signals Directorate and other cyber friends, the set of recommendations is the first real set of government guard rails for the likes of ChatGPT, Bard AI or Bing AI, and there are some pretty big caveats that could easily bring unassessed projects seriously unstuck.

The big takeaways are that public servants, and arguably suppliers to the public service, have been told to immediately start logging, recording and permissioning the use of generative AI, which suggests there is already widespread and unchecked shadow use.

“We recommend agencies implement an enrolment mechanism to register and approve staff user accounts to access generative AI platforms. This should include appropriate approval processes through Chief Information Security Officers (CISO) and/or Chief Information Officers (CIO),” the DTA said in its advisory.

The DTA is also telling agencies they’ll need to self-report any staff breaches of the formative AI policy, saying they need to “establish an avenue for staff to report any exceptions made to adhering to the guidance through your CISO/CIO. This should be reported periodically to the DTA by emailing digitalpolicy@dta.gov.au”.

Artificial intelligence has of course been used for years inside government, with Tax, Defence, the Bureau of Meteorology, Bureau of Statistics and Health all-long term users of proprietary AI stacks that are used every day for modelling, prediction, simulations and forecasting.

It’s the nasty, biased, unregulated free stuff the DTA and Finance are worried about, especially if the unsanitised product starts seeping into previously clean or trusted data sets and models and polluting the various data lakes and departmental outputs.

“Publicly available generative AI platforms are third-party AI platforms, tools or software that have not been security risk assessed by the agency nor entered into a commercial contract with the provider,” is how the DTA puts it.

The advisory was drummed up in conjunction with the Department of Industry, Science and Resources (DISR) as the AI vendors big and small scour government for opportunities to put their bots to work on.

Cloud and chip vendors also love AI because it burns MIPS by the gigawatt and sells rack space by the hectare, especially when agencies are embarking on big projects that require predictive logic, a+b testing and modelling and simulation.

A bit like the early days of the internet and cloud computing, the government is still clearly finding its feet in terms of what opportunities generative AI platforms presents as opposed to threatens, but it has pulled together a set of guiding principles “for the ethical use of AI in government” that DTA said “are designed to ensure the responsible, safe, and ethical use of generative AI by the Australian Public Service (APS).

The principles are intended to:

support the responsible and safe use of technology;

minimise harm, and achieve safer, more reliable and fairer outcomes for all Australians;

reduce the risk of negative impact on those affected by AI applications;

enable the highest ethical standards when using AI;

increase transparency and build community trust in the use of emerging technology by government; and

In the AI “use cases” explored by DTA, cautioning classified material can’t jump the fence.

“AI USE CASE 2

“Stephanie is creating an urgent report to present later in the day and realises she is short of time to make a PowerPoint presentation. She is planning to upload the data for the slides to a public AI platform to help create a quick presentation.

“What should Stephanie do?

“Stephanie must not upload or input any sensitive or classified information into public AI platforms. She could input non-sensitive information, such as information available on a government website or an agency report that has been released publicly. She could also ask the AI for generic slide templates to help her prepare her presentation.”

Other pitfalls include uploading tender information, as illustrated by an exemplary public servant called “Roque” who needs to get some technical information for an approach to market.

“Roque can use Bard AI to find information about technical aspects, however Roque should take care not to input any details of his agency’s specific requirements or any organisational information,” the guidance says.

“Roque should also take care not to mention the word tender or any market sensitive information that could, combined with his official email address, indicate a tender is being prepared by his agency. The information received should also be thoroughly validated by a human for appropriateness and accuracy before being used.”

One thing the DTA is certain of is that its advice will change. And that public servants should also follow the guidance of their own agency.

“Note this guidance will be iterative. It is provided for government agencies to implement within their organisation. APS staff should follow their agency’s policies and guidance on generative AI tools in the first instance,” the DTA said.

