In this article, we discuss legal liabilities that may arise as your company develops language models for artificial intelligence. To the best of our knowledge, we are the first law firm to raise legal awareness surrounding liabilities associated with artificial intelligence language models. As natural language processing becomes more widely adopted, companies training or deploying systems should be aware of legal concerns surrounding their systems. Your technical team should know the legal repercussions and your attorneys should anticipate legal challenges as we move into an era of artificial intelligence.
Data extraction attacks have been known to the artificial intelligence community for several years now. Recent publication by Carlini et al. has shown that this is more practical than previously thought. This means that confidential, private or copyrighted material used during training may be “leaked” from your system.
For those who build language models, overtraining can lead to overfitting of models. In such cases, your system can “memorize” some of the data it was trained on. However, even without overtraining, your system has likely “memorized” some training data. An adversary who has access to the inputs and outputs of your system may extract information from your model.
Companies who train or outsource their training of artificial intelligence systems should have a good understanding on contents of the training data. Your experts on machine learning should mitigate data leaks, however, similar to the software industry, not all software programmers are aware of all the security vulnerabilities in their code. For traditional software systems, poorly written code opens up security vulnerabilities; this may or may not have legal accountabilities depending on the situation. However, data leaks from improperly trained artificial intelligence system will certainly open you to legal liabilities. The key is whether you have exercised “due care” in protecting your training data from hacking, and lack of due care may create legal liabilities.
Without close interactions with a legal team specialized in artificial intelligence, your technical team may be unaware of legal liabilities. This may lead to the deployment of systems that are exposed to legal issues.
Companies who do not directly train their own systems and outsource their development can also be held accountable for privacy or confidential data leaks of improperly trained systems. If your company outsources any machine learning development, you should include clauses that protect against liabilities that may arise from this, so that a third-party indemnification clause, for example, is a must. Some traditional law firms may have overlooked these clauses given that they do not specialize in this area and are unaware of recent technical advancements in language models.
These legal concerns don’t stop with private and confidential information. In fact, copyright material used for training data may lead to “reproduction” of copyright material, or any other form of copyright infringements, from the output of your systems. This can open unprecedented legal challenges for companies who are not careful with their training and deployment of artificial intelligence systems.
The complexities of the legal dispute can be dependent on the legal jurisdiction. Given that information and data are not limited by borders, further complications may arise.
At Kingdom’s Law Firm, we specialize in legal counseling for technology companies. Our founder had helped revise the Personal Data Protection Act in Taiwan and has been mentioned in Legal 500 under capital markets, intellectual property and TMT for over 9 years. Please feel free to contact us if you have any questions or concerns.
The Supreme Court in Taiwan issues ruling pertaining to Article 41 of the Personal Data Protection Act