A total of 80 technical experts and chief information officers (CIOs), from CIO Strategy Council were invited to participate in a roundtable and provide feedback on the Treasury Board of Canada Secretariat’s (TBS) Third Review of the Directive on Automated Decision-Making.
The Directive on Automated Decision-Making came into effect in April 2019, to ensure that the government of Canada’s use of artificial intelligence (AI) to make, or assist in making, administrative decisions, is compatible with core administrative values such as transparency, accountability, legality, and procedural fairness.
The directive is reviewed every six months and is overseen by the TBS, which is also responsible for providing guidance on Automated Decision Systems, granting exceptions, developing and updating the Algorithmic Impact Assessment (AIA), and drafting informed strategies by engaging with the government, and partners in other jurisdictions and sectors.
While the first review of the directive sought to clarify and reinforce existing requirements, transparency, and quality assurance measures, the second informed the development of guidelines supporting the interpretation of the directive.
The Third Review of the Directive on Automated Decision-Making seeks to re-evaluate and adapt the state and use of the directive based on the current Canadian and global AI landscape, as well as the evolving risks and challenges related to the use of AI in the federal public sector.
As part of the Third Review, TBS is recommending the following changes in a revised Directive:
- Replace six-month review interval with a biennial review and enable the CIO of Canada, Catherine Luelo to request off-cycle reviews
- Integrate explanation criteria and expand AIA to investigate reasons for automation and effect on people with disabilities
- Mandate publication of peer reviews and AIAs prior to system production
- Introduce measures to trace, protect, and dispose of data used, and mandate bias testing on models, including Gender-Based-Analysis Plus (GBA+), during system development.
- Clarify scope, use more inclusive language and align contingency requirements with Treasury Board security policy terminology
CIO Strategy Council’s roundtable generated the following discussion points and recommendations:
- Tailor review timeframes to the type and sensitivity of AI being deployed
- Evaluate publication of source code with risk of exposing secret classifications
- Consider the threat of adversarial AI and risk of individuals gaming and other perturbing models
- User experience must drive policy, process, and AI design
- Create data inventories based on existing policy decisions to inform AI design
- Publish existing AI projects used by the government for increased transparency
- Shed light on the monitoring process and schedule for AI systems
- Mandate privacy impact assessments to build in privacy by design and default
The revised Directive is scheduled to be released on March 23, 2023.