Just posted: A near-final draft of my latest paper, Big Data: Destroyer of Informed Consent. It will appear later this year in a special joint issue of the Yale Journal of Health Policy, Law, and Ethics and the Yale Journal of Law and Technology.
Here’s the tentative abstract (I hate writing abstracts):
The ‘Revised Common Rule’ took effect on January 21, 2019, marking the first change since 2005 to the federal regulation that governs human subjects research conducted with federal support or in federally supported institutions. The Common Rule had required informed consent before researchers could collect and use identifiable personal health information. While informed consent is far from perfect, it is and was the gold standard for data collection and use policies; the standard in the old Common Rule served an important function as the exemplar for data collection in other contexts.
Unfortunately, true informed consent seems incompatible with modern analytics and ‘Big Data’. Modern analytics hold out the promise of finding unexpected correlations in data; it follows that neither the researcher nor the subject may know what the data collected will be used to discover. In such cases, traditional informed consent in which the researcher fully and carefully explains study goals to subjects is inherently impossible. In response, the Revised Common Rule introduces a new, and less onerous, form of “broad consent” in which human subjects agree to as varied forms of data use and re-use as researchers’ lawyers can squeeze into a consent form. Broad consent paves the way for using identifiable personal health information in modern analytics. But these gains for users of modern analytics come with side-effects, not least a substantial lowering of the aspirational ceiling for other types of information collection, such as in commercial genomic testing.
Continuing improvements in data science also cause a related problem, in that data thought by experimenters to have been de-identified (and thus subject to more relaxed rules about use and re-use) sometimes proves to be re-identifiable after all. The Revised Common Rule fails to take due account of real re-identification risks, especially when DNA is collected. In particular, the Revised Common Rule contemplates storage and re-use of so-called de-identified biospecimins even though these contain DNA that might be re-identifiable with current or foreseeable technology.
Defenders of these aspects of the Revised Common Rule argue that ‘data saves lives’. But even if that claim is as applicable as its proponents assert, the effects of the Revised Common Rule will not be limited to publicly funded health sciences, and its effects will be harmful elsewhere.
I’m in Ottawa today for the Machine M.D. conference. My panel, on “Regulating Health and Safety” started at 8:30am, so now that it’s over I get to enjoy the rest of the very packed schedule.
(I’m missing the also wonderful annual Privacy Law Scholars conference to be here, an example of the difficulties in trying to write in, and keep up in, multiple areas even within technology law.)
My argument in my talk was that, contrary to a number of articles by others that are now in press, we don’t want a super-AI regulator, but rather need to find a way to strengthen the AI capacity of existing sectoral regulators like the FDA, NHTSA and many others. The exception(s) to this general rule arise(s) only if the AI aspect of a regulatory question predominates over the sectoral — something I argue is rare, and probably limited to issues regarding access to data, to data quality, to job losses due to AI, and possibly to the regulation (or at least liability for) AI emergent behavior.
Unsurprisingly, some members of the audience, many of whom are health professionals, pushed back against the idea that when it comes to AI health really isn’t all that different from transport, finance, sentencing, or other predictive profiling applications. A polite discussion — we are after all in Canada — ensued.
Technology and Regulation (TechReg) is an international journal of law, technology and society, with an interdisciplinary identity. TechReg provides an online platform for disseminating original research on the legal and regulatory challenges posed by existing and emerging technologies (and their applications) including, but by no means limited to, the Internet and digital technology, artificial intelligence and machine learning, robotics, neurotechnology, nanotechnology, biotechnology, energy and climate change technology, and health and food technology. We conceive of regulation broadly to encompass ways of dealing with, ordering and understanding technologies and their consequences, such as through legal regulation, competition, social norms and standards, and technology design (or in Lessig’s terms: law, market, norms and architecture).
We aim to address critical and sometimes controversial questions such as:
How do new technologies shape society both positively and negatively?
Should technology development be steered towards societal goals, and if so, which goals and how?
What are the benefits and dangers of regulating human behavior through technology?
What is the most appropriate response to technological innovation, in general or in particular cases?
It is in this sense that TechReg is intrinsically interdisciplinary: we believe that legal and regulatory debates on technology are inextricable from societal, political and economic concerns, and that therefore technology regulation requires a multidisciplinary, integrated approach. Through a combination of monodisciplinary, multidisciplinary and interdisciplinary articles, the journal aims to contribute to an integrated vision of law, technology and society.
We invite original, well-researched and methodologically rigorous submissions from academics and practitioners, including policy makers, on a wide range of research areas such as privacy and data protection, security, surveillance, cybercrime, intellectual property, innovation, competition, governance, risk, ethics, media and data studies, and others.
TechReg is double-blind peer-reviewed and completely open access for both authors and readers. TechReg does not charge article processing fees.
Someday, perhaps soon, diagnostics generated by machine learning (ML) will have demonstrably better success rates than those generated by human doctors. What will the dominance of ML diagnostics mean for medical malpractice law, for the future of medical service provision, for the demand for certain kinds of doctors, and—in the long run—for the quality of medical diagnostics itself?
This Article argues that once ML diagnosticians, such as those based on neural networks, are shown to be superior, existing medical malpractice law will require superior ML-generated medical diagnostics as the standard of care in clinical settings. Further, unless implemented carefully, a physician’s duty to use ML systems in medical diagnostics could, paradoxically, undermine the very safety standard that malpractice law set out to achieve. Although at first doctor + machine may be more effective than either alone because humans and ML systems might make very different kinds of mistakes, in time, as ML systems improve, effective ML could create overwhelming legal and ethical pressure to delegate the diagnostic process to the machine. Ultimately, a similar dynamic might extend to treatment also. If we reach the point where the bulk of clinical outcomes collected in databases are ML-generated diagnoses, this may result in future decisions that are not easily audited or understood by human doctors. Given the well-documented fact that treatment strategies are often not as effective when deployed in clinical practice compared to preliminary evaluation, the lack of transparency introduced by the ML algorithms could lead to a decrease in quality of care. This Article describes salient technical aspects of this scenario particularly as it relates to diagnosis and canvasses various possible technical and legal solutions that would allow us to avoid these unintended consequences of medical malpractice law. Ultimately, we suggest there is a strong case for altering existing medical liability rules to avoid a machine-only diagnostic regime. We argue that the appropriate revision to the standard of care requires maintaining meaningful participation in the loop by physicians the loop.
I think this is one of the best articles I’ve written or co-written–certainly in the top five. I’m particularly proud that I worked out, or intuited, a property of Machine Learning that was either not present or certainly not prominent in the literature: that if all the inputs to future generations of ML systems are due to the output of earlier generations of the ML system, there’s a chance it may all go wrong.
Reasonable people could disagree about the size of that chance, but if it happens at least with current technology there’s no way the system itself would warn us. Depending on the complexity of the system, and the extent to which doctors have been deskilled by the prevalence of the ML technology, we might be hard put to notice some types of degradation ourselves.
It would be good, therefore, to try to engineer legal rules that would make this possibly very unhealthy outcome much less likely.