Abstract: This article advocates algorithm audit as a means to improving algorithm governance. China should implement algorithm regulation on a regular basis to realize “agile governance” that can keep up with technological development. Algorithm audit can address problems caused by new technologies with proper governance mechanisms and new governance technologies in a targeted manner.
Data exploitation and use is coming under the spotlight in social governance amid the ongoing digital boom. Data-based computation across various scenarios is playing an increasing role shaping our decisions of all kinds from food and clothing and medical care to jobs, opinions or even the administration of justice.
Proper use of data and exploration of application scenarios can promote a more transparent market where information flows freely, reduce the search cost, lower the market access, and boost technological advances and efficiency to spur rollout of new products and services and forge a sound ecology for innovation.
But if inappropriately managed, application of algorithms in data use could pose management challenges, the most debated ones among which are algorithmic discrimination, black box algorithms and algorithm-driven monopoly.
Legislation and governance on algorithms started in 2020 in China. An outline in pursuit of building a law-based society was released in 2020 with the vision set over 2020-2025, suggesting to enhance regulation of new algorithm technologies including algorithmic recommendation; the Guiding Opinions on Strengthening Overall Governance of Internet Information Service Algorithms released in September 2021 stressed the importance of “building and improving governance mechanisms for algorithm security”; the 14th Five-Year Plan for the Development of the Digital Economy published at the end of 2021 proposed to accelerate forging a national integrated big data system that could synergize computing power, algorithm, data and application resources; in December 2021, the Cyberspace Administration of China, together with three other authorities, released the Provisions on Administration of Algorithmic Recommendation in the Internet Information Service which was put into effect on March 1, 2022, marking the establishment of a preliminary legal system on algorithm governance in the country.
But challenges still prevail. For example, most of the regulation today on platforms are ex post, implementing penalties on their misbehaviors. But ex-ante procedural regulation is lacking.
Besides, existing regulations are formulated from the perspectives of cybersecurity and legal risks, but there are very few technical rules. As big data plays an increasingly important role in social governance, regulation on algorithms should avoid an intrusive, sweeping approach; instead, it should be carried out on a routine basis to realize “agile governance” that can keep up with technological development.
To counter the new challenges facing algorithm regulation, it’s suggested to improve the transparency of algorithmic rules and perform algorithm audit focusing on input/output and result assessment.
Algorithm audit means to collect the performance data of an algorithm in certain scenarios and take the data as a basis to evaluate whether it is having negative impacts on our rights or interests, in order to identify if the algorithm in question is good or bad.
The United States takes the lead in algorithm audit, which, of course, is still in its infancy. In 2016, the US government issued a report on algorithmic systems and civil rights which injected momentum into the development of this new sector. In 2021, Rumman Chowdhury, Director of ML Ethics, Transparency, and Accountability at Twitter, pointed out that only about 10-20 well-reputed companies were providing algorithms reviews. But many companies have their internal auditing team to review their algorithms before public release.
There are two types of algorithm audit: external audit and internal audit. External algorithm audit makes a difference in at least four aspects:
? It helps evaluate the compliance of algorithms: for example, regulators can better evaluate if banks are able to control risks without increasing the non-performing rate if they audit the lending algorithms;
? It helps evaluate whether algorithms work in accordance with economic and market rules and prevent bad money driving out good;
? It helps evaluate the risk control ability of algorithm suppliers and users, including the ethnic and reputational risks facing them, thus facilitating precautions and remedies;
? It improves information transparency for platform stakeholders so that they are well-informed when investing or dealing with the platforms.
Internal evaluation and auditing of algorithms should be incorporated into the overall business or organizational development planning. Specifically, internal auditors should evaluate the organization’s data and algorithms including their status quo, potential risks and challenges, and major opportunities and benefits to explore. Internal algorithm audit should include procedures such as ex-ante or ex-post review and having auditors advise the design and implementation of algorithms. Internal audits could focus on how data is used, how algorithms are implemented and technical control, among others.
There are two ways to audit algorithms. One emphasizes the transparency of algorithm codes, and the other emphasizes the evaluation of input, output, and results. This article is inclined toward the latter one.
The transparency approach requires companies to hand over core algorithm programs, which will be sent to independent third-party companies or public institutions to evaluate whether the programs are compliant. The problem is that such an arrangement might be rejected by the audited companies as it may involve core business secrets, and auditors have no way of knowing whether the algorithm provided is the same as the algorithm running.
While under the other approach, input audit means the platform is required to clarify which key dimensions are based on when personalized services are provided. Output audit means the platform is required to report its most important pursuit based on algorithms. For example, what exactly is fairness? Meanwhile, the platform is required to report and evaluate the performance of algorithms.
As for the specific framework of algorithmic audit, internal and external audits can both consider the following algorithmic arrangements:
? The prediction or optimization goals. Explain the considerations of the core interests of stakeholders in the design of the algorithm (such as the safety of both Didi drivers and passengers, on-time high-quality food delivery services for consumers and due income for food merchants), and the specific indicators for actual algorithmic prediction or optimization. Explain the difference between the actual forecast or optimization metrics and the desired metrics.
? The data applied in algorithm training, evaluation, and selection. Describe the meaning of each data indicator, clarify how the data are collected, why some data are excluded (e.g., data quality), whether the data is representative of the entire stakeholder group, etc.
? The technology applied by the algorithm. Explain which technologies (eg, regression analysis, neural networks, and random forests) have been tried, and why the final algorithm is adopted.
? The algorithm performance. It includes forecast accuracy, results of the metrics of stakeholders’ core interests, etc.
? Specific arrangements for personal information protection and data security.
As for the scale of algorithm audit, some foreign auditing frameworks can be used for references, such as the five dimensions of discrimination, effectiveness, transparency, direct impact, and security and availability.
? Discrimination: social discrimination and statistical discrimination
? Effectiveness: accuracy, stability, reproducibility, the efficiency of data use, etc.
? Transparency: the degree of transparency and interpretability of data architecture, transparency of platform use, transparency of data collection and use
? Direct impact: the assessment of the possibility of misuse, abuse, and illegal use
? Security: the availability and security of algorithms and data in use.
There are also certain extra precautions for algorithm auditing in its design. For example, a 2018 Harvard Business Review article discussed ProPublica's investigation of an algorithm used to determine the probability of recidivism in criminal suspects. ProPublica reporters found that African-Americans who did not re-offend were counted as more likely to re-offend than white people who did not re-offend. But is this evidence of racism? Using the algorithm, it turns out that if blacks and whites get similarly high scores, their probability of reoffending is irrelevant to their race, which satisfies another important concept of "fairness." Subsequent academic studies show that it is generally impossible to meet two fairness criteria at the same time. Deciding on a more important type of fairness should not be the goal of an algorithm audit; an algorithm audit aims to comply with the mainstream values of the government and the public.
Overall, algorithmic auditing, as a new source of algorithm governance, is to solve problems caused by new technologies and avoid “one-size-fits-all” supervision through the appropriate design of governance mechanisms. It helps stakeholders and the public have a comprehensive understanding of the compliance of the platform algorithms by scoring the algorithms in the above five dimensions and their sub-items. It thereby encourages companies to develop themselves and the digital economy at a higher level of compliance.
This article was published on CF40’s WeChat blog on July 31, 2022. The views expressed herewith are the author’s own and do not represent those of CF40 or other organizations. It is translated by CF40 and has not been subject to the review of the author herself.