Our analysis series on Bill C-34 is continuing. This is the second part of our analysis of this large bill.
Yesterday, we started our analysis of Bill C-34 with part 1. While we are doing what we can to only provide relevant sections of the bill, this bill is both big and covers a lot of ground… while somehow managing to say very little in some cases.
The reason it says so little while saying a lot is because it punts a lot of critical questions over to future regulation. Things like what the size of a social media platform should be before it is regulated or when it is appropriate for an AI company to contact police. You’d think all of this would be thought of by now after all of this time, but apparently, well, not so much.
At the same time, the bill commits the very same error Bill S-209 does in that it envisions a technology that doesn’t exist to enforce age verification. Really, it may as well have tasked companies to turn lead into gold using a magic spell. You’re not going to make it happen just because you make a law about it. Sadly, in this day and age, this is the level of intelligence we are dealing with when it comes to government and technology.
I did have to cut off the analysis and create a part 2, so this is generally where I left things off. Welcome to part 2 of this analysis. For those who want to follow along with me, you can read the direct text of the bill here. For the sake of clarity, this part of the analysis technically starts at Section 31. As usual, we are only flagging things we find interesting to talk about and offering analysis on those parts. It’s always entirely possible there is something we missed along the way because there is a million things happening with the bill. With that said, here’s what we were able to find.
Online Harms
We kick things off with this:
Duty to implement measures — harmful content
32 (1) The operator of a regulated social media service must implement measures that are adequate to mitigate the risk that users of the service will be exposed to harmful content on the service.
Factors
(2) In order to determine whether the measures implemented by the operator under subsection (1) are adequate, the Commission must take into account the following factors:(a) the effectiveness of the measures in mitigating the risk that users of the service will be exposed to harmful content on the service;
(b) the size of the service, including the number of users;
(c) the technical and financial capacity of the operator;
(d) whether the measures are designed or implemented in a manner that is discriminatory on the basis of a prohibited ground of discrimination within the meaning of the Canadian Human Rights Act; and
(e) any factor provided for by regulations.
No unreasonable or disproportionate limit on expression
(3) Subsection (1) does not require the operator to implement measures that unreasonably or disproportionately limit users’ expression.
This is basically the government trying magically make all the bad stuff go away on social media. This while still pretending to care about freedom of expression. The reality is that there is no way to consistently enforce this. This all has to do with a concept known as “awful, but lawful”. While you would vehemently oppose the speech in question, the speech is not actually illegal.
To drive this point home, I’ll give you two diametrically opposite examples of this. Let’s say someone says that all members of the LGBTQ+ community are creepy. It’s an awful thing to say, but is it illegal? Technically no. However, others would be offended by such a statement (and, in my opinion, rightfully so). Some would argue that it is harmful and should be subject to take down requirements because such material is harmful.
Some might argue that is an argument for this legislation, but let’s look at the opposite side of thing. Let’s use the example of someone saying that all right wing people are science denying Russian assets that should be locked up. Again, that is an awful thing to say. It is illegal? Technically no. Again, there would be those who would be offended by this (and, in my opinion, rightfully so). Some would argue that those statements are harmful and should be subject to take down requests because such material is harmful.
So, you can kind of see the problem of writing a law saying that “harmful” content should be removed while respecting freedom of expression. What is classified as harmful to one subset of the public is classified as a core part of freedom of expression to another. Some might take things to the natural next step in logical fallacy by saying that only certain kinds of perspectives are permitted while others should be outlawed and removed. This is how you move from a free society to tyranny in a pretty big hurry.
The problem’s don’t end with what is philosophically protected speech and what is considered “harmful”. Another big part of the problem is that you are taking that complicated subject and offloading it onto the very social media platforms that governments and critics have both said have dropped the ball on this heavily on on top of it all. If you can’t trust government to get deep into the weeds in figuring out all of this, how on Earth do you expect a platform like Facebook to do a better job on this one? There’s a lot of logic here that doesn’t really work.
A more relaxed interpretation of this section could possibly imply that all the government is asking platforms to do is moderate their content more than anything else. If that is the case, then this still raises some problems. Specifically, where does one draw the line on what is acceptable moderation and what isn’t? Like the above example, this can be open to interpretation depending on who is contacting the platform in the first place. What might be fine for one wouldn’t be OK for another. As a result, from the platforms perspective, the risk here is that you are trying to hit a moving target. What would be a perfect balance between freedom of expression and removing harmful content one day might be far to relaxed on another day. This raises the possibility that this is an unreasonable burden on a platform regardless of the country of origin.
No matter how you slice it, this is, indeed, a problematic provision that cannot be solved by simply saying “remove the bad stuff, but respect free speech”. It just doesn’t work that way in practice.
Section 33 really doesn’t help matters here:
Measures in regulations — harmful content
33 The operator of a regulated social media service must implement any measures that are provided for by regulations to mitigate the risk that users of the service will be exposed to harmful content on the service.
In other words, you have to follow the regulations. Which regulations are we talking about? Section 33 doesn’t specify any other section in the legislation for that. So, would that be another order in council and punting this down the road for later regulatory clarity? I’m not sure, but possibly. I wouldn’t honestly be surprised because the legislation can’t even be forthcoming about which platform is regulated and which is not. If it can’t handle that, then there’s no reason to believe it can handle defining what specifically is “harmful” and what is “protected free speech”.
Tools
The legislation then goes into what tools are expected in a platform. It starts with this:
Guidelines
34 The operator of a regulated social media service must make user guidelines publicly available on the service. The user guidelines must be accessible and easy to use and must include(a) a standard of conduct that applies to users with respect to harmful content; and
(b) a description of the measures that the operator implements with respect to harmful content on the service.
This is pretty standard stuff. An overwhelming majority of social media platforms have things like community guidelines already. The only question mark here is determining if those community guidelines would satisfy the government. This legislation, thus far, leaves that up in the air.
Next is this:
Tools to block users
35 The operator of a regulated social media service must make available to users who have an account or are otherwise registered with the service tools that enable those users to block other users who have an account or are otherwise registered with the service from finding or communicating with them on the service.
Under ordinary circumstances, I would say this is pretty standard stuff, but there is one exception to this that I’m aware of. That specifically has to do with “X” which removed the ability to block users – specifically so that they can’t see what you post. Unless something has changed in recent months (I’m not aware if that is the case, but I don’t generally pay too close attention to the internets famous Nazi bar these days). This could prove to be problematic for that platform.
Otherwise, this is generally a pretty standard feature across all other social media platforms. So, not really that big of a deal apart from that exception (and I wouldn’t feel sorry for X/Twitter on that one if they get burned by this).
From there, the legislation shows this:
Tools and processes to flag harmful content
36 (1) The operator of a regulated social media service must implement tools and processes to(a) enable a user of the service to easily flag to the operator content that is accessible on the service as being a particular type of harmful content;
(b) notify a user of the service who flagged content as being a particular type of harmful content of the operator’s receipt of the flag as well as of any measures taken by the operator with respect to the content or of the fact that no measures were taken; and
(c) notify a user of the service who communicated content that was flagged as being a particular type of harmful content of the fact that the content was flagged as well as of any measures taken by the operator with respect to the content or of the fact that no measures were taken.
Prohibition — notification of measures
(2) In notifying a user of any measures taken with respect to content in accordance with paragraph (1)(b) or (c), the operator must not notify a user of any report that the operator has made to a law enforcement agency in relation to the content.
On the surface, this seems like pretty standard stuff when it comes to reporting things. Maybe some platforms would need to make adjustments to the idea that the user who posted the harmful content must be notified. I don’t know if that is a thing across all platforms, but then again, I’m not someone who goes around testing the ToS of differnt platforms all day long for reasons that should be obvious.
Where things do get risky here is being prohibited from notifying a user that they have been reported to police. A big reason why that is an issue is because many platforms offer very useful transparency reports. If content is being flagged and reported to police, if content is being flagged, but a determination was made not to pursue action, and so on. This is hugely important especially in this day and age where the Trump administration is actively issuing subpoenas against users for what amounts to criticizing the King. If we have a similar tyrant that is elected as Prime Minister, this can very easily be abused to try and silence critics in the shadows. It may be a case by case basis, but I would call this provision a red flag.
Then there is the identification of whether content is AI generated:
Duty to implement measures — synthetic content
37 (1) The operator of a regulated social media service must, to the extent that it is reasonable for the operator to do so, implement adequate measures to label, as being synthetic content, any synthetic content accessible on the service that meets the criteria provided for by regulations.
Factors
(2) In order to determine whether the measures implemented by the operator under subsection (1) are adequate, or whether it is reasonable for the operator to implement measures under that subsection, the Commission must take into account the following factors:(a) the effectiveness of the measures in labelling, as being synthetic content, any synthetic content that is accessible on the service;
(b) the effectiveness of the measures in avoiding incorrectly labelling, as being synthetic content, any content that is accessible on the service;
(c) the extent to which it is technically feasible to identify synthetic content that is accessible on the service;
(d) the size of the service, including the number of users;
(e) the technical and financial capacity of the operator; and
(f) any factor provided for by regulations.
Measures in regulations — synthetic content
38 The operator of a regulated social media service must implement any measures that are provided for by regulations in respect of the labelling of synthetic content as synthetic content.
I know I spent a lot of time criticizing this legislation already, but in this instance at least, I’m actually supportive of this provision.
The reason I am supportive stems from a major problem I see on YouTube. Fake AI generated content is being passed off as real footage all of the time. Despite YouTube implementing tools to label material as AI generated content, there is precisely zero enforcement of that. As a result, things like YouTube shorts are notoriously polluted with fake AI generated content. About the only thing really catching these fake video’s are users who go onto the comments section to point out that this is fake AI generated content. Given that Google has been long pushing AI, there is little incentive for the company to really crack down on any of this because they want more and more people using AI generated content, not less.
There has long been a need to clearly label AI generated content and Google has, thus far, been extremely reluctant to really do much about this type of content. So, this provision might actually prove to be beneficial – at least on YouTube anyway.
The next section contains this:
Resource person
40 (1) The operator of a regulated social media service must make a resource person available to users of the service to(a) receive users’ concerns with respect to harmful content on the service or with respect to the measures that the operator implements to comply with this Act;
(b) direct users to internal and external resources to address their concerns, such as an internal complaints mechanism, the Commission or a law enforcement agency; and
(c) provide guidance to users with respect to those internal resources.
Contact information accessible
(2) The operator must ensure that the resource person is easily identifiable and that their contact information is easily accessible to users of the service.
This is something that is going to at least disrupt Google – specifically YouTube. Google has long had no real person to complain to. Sure, a flag can be made, but it’s general automation that takes care of most things (which has been known to make matters worse). So, the idea that a person is identified and contact information is made available would be completely contrary to how Google runs things now. I think the lack of any real communication channel between users and the platform has long been a complaint and having this would at least improve things on YouTube at least – even if it is specifically for reporting harmful content.
Then there is the preservation of harmful content that apparently goes up to 1 year:
Duty to preserve certain harmful content
41 (1) If the operator of a regulated social media service makes inaccessible to all persons in Canada content that incites violence or terrorism or violent extremism content, the operator must preserve that content, and all other computer data related to it that is in the operator’s possession or control, for a period of one year beginning on the day on which the content is made inaccessible.
Duty to destroy
(2) After the end of the one-year period, the operator must, as soon as feasible, destroy the content and any other computer data related to it that would not be retained in the ordinary course of business, as well as any document that was prepared for the purpose of preserving that content and data, unless the operator is required to preserve the content, data or document under a judicial order made under any other Act of Parliament or an Act of the legislature of a province or under a preservation demand made under section 487.012 of the Criminal Code.
Exception — content never made accessible
(3) Subsections (1) and (2) do not apply to content that was never made accessible on the regulated social media service.
The only way I see this being problematic is if false reports are being made and the platform is enforcing the content as being “harmful”. I think that would complicate matters for this. Beyond that, I’m not sure if there is something to worry about here.
Transparency
Section 42 is a really really long section, but it also happens to cover the issue of transparency, so it’s not entirely surprising that it’s such a long section. Of course, what people might think of as transparency and what government might think of transparency can be two different things entirely. In this case, at least with the first part, the governments version of “transparency” has more to do with what the platform tells government as opposed to the public:
Digital safety plan
42 (1) The operator of a regulated social media service must submit a digital safety plan to the Commission in respect of each regulated social media service that it operates. The digital safety plan must include the following information in respect of the period provided for in the regulations:(a) information respecting the manner in which the operator complies with sections 32 and 33, including
(i) the operator’s assessment of the risk that users of the service will be exposed to harmful content on the service,
(ii) a description of the measures that the operator implements to mitigate the risk,
(iii) the operator’s assessment of the effectiveness of the measures, both individually and collectively, in mitigating the risk,
(iv) a description of the indicators that the operator uses to assess the effectiveness of the measures, and
(v) information respecting the factors referred to in subsection 32(2);
So, it’s about disclosure to the government more than disclosure to the public. As a result, this section just keeps going…
(b) information respecting the manner in which the operator complies with sections 34 to 40, including a description of the measures that the operator implements under those sections and information respecting the factors referred to in subsection 37(2);
(c) information respecting the manner in which the operator complies with section 21, including
(i) a description of the design features that the operator integrates into the service under that section,
(ii) the operator’s assessment of the effectiveness of the measures, both individually and collectively, and
(iii) a description of the indicators that the operator uses to assess the effectiveness of the measures;
(d) information respecting the manner in which the operator complies with subsections 22(1) and 27(1);
(e) information respecting the manner in which the operator complies with the regulations made under paragraphs 126(1)(d) and (f);
(f) information respecting any measures that the operator implements to protect children, other than those that it implements to fulfill its obligations under this Act;
(g) information respecting the criteria and processes, if any, that the operator applies to determine if the Royal Canadian Mounted Police — or another law enforcement agency — should be notified of the existence on the service of content that gives rise to reasonable grounds to suspect that there is a risk that an individual will commit an act that would cause death or serious bodily harm to another individual;
… and going…
(h) if any law enforcement agencies were notified of the existence on the service of content described in paragraph (g), information respecting
(i) the number of such notifications,
(ii) the name of each law enforcement agency notified, and
(iii) the circumstances in which each was notified;
(i) information respecting the resources, including human resources, that the operator allocates in order to comply with sections 21 to 23, 27, 28 and 32 to 41, including information respecting the resources that the operator allocates to automated decision making;
(j) information respecting
(i) the volume and type of harmful content that was accessible on the service, including the volume and type of harmful content that was moderated and the volume and type of harmful content that would have been accessible on the service had it not been moderated, and
(ii) the manner in which and the time within which harmful content was moderated;
… and going…
(k) information respecting
(i) the number of times that content that was accessible on the service was flagged to the operator by users of the service as being harmful content, including the number of flags relating to each type of harmful content,
(ii) the manner in which the operator triaged and assessed the flags,
(iii) the measures taken by the operator with respect to content that was flagged as being harmful content, and
(iv) the time within which the operator took those measures;
(l) information respecting the content, other than harmful content, that was moderated by the operator and that the operator had reasonable grounds to believe posed a risk of significant psychological or physical harm, including
(i) a description of the content,
(ii) the volume of the content that was accessible on the service or that would have been accessible had it not been moderated, and
(iii) the manner in which and the time within which the content was moderated;
(m) information respecting the concerns received by the resource person referred to in subsection 40(1) and the internal and external resources to which the resource person directed users for the purposes of that subsection;
… and going…
(n) information respecting the topics, and a summary of the findings, conclusions or recommendations, of any research conducted by or on behalf of the operator with respect to
(i) harmful content on the service,
(ii) content on the service that poses a risk of significant psychological or physical harm, other than harmful content, or
(iii) design features of the service that pose a risk of significant psychological or physical harm;
(o) information respecting the measures implemented by the operator for the purposes of complying with its duties with respect to the service under An Act respecting the mandatory reporting of Internet child sexual abuse and exploitation material by persons who provide an Internet service;
(p) an inventory of all electronic data, other than content that was communicated by users of the service, that was used to prepare the information referred to in paragraphs (a) to (k), (m) and (q); and
(q) any other information provided for by regulations.
I mean, there are only 9 remaining letters of the alphabet here. I mean, at that point, we’re not that far off from asking what moderators had for lunch on certain days of the week or whether or not any of the moderators own cats or now. It’s a huge freaking laundry list of information.
Are there any exclusions to any of this? Well, there is one:
Exclusion — personal information
(2) The operator must ensure that the digital safety plan does not contain any personal information.
Well, I guess that’s something at least.
Interestingly, this does circle back to what can be disclosed to the public:
Publication of plan
(4) The operator must make the digital safety plan publicly available on the service to which the plan relates in an accessible and easy-to-read format.
Information prejudicial to criminal investigations
(5) The digital safety plan that the operator makes publicly available must not contain(a) any information about the circumstances in which a law enforcement agency was notified about the existence on the operator’s service of content described in paragraph (1)(g); or
(b) any other information regarding the notification of a law enforcement agency about the existence of such content on the operator’s service, if disclosure of the information could prejudice a criminal investigation, whether or not a criminal investigation has begun.
Again, this does open the door to abuse by law enforcement. This is ground I already covered.
The section closes with this:
Information not required
(6) The operator is not required to include any of the following information in the digital safety plan that it makes publicly available:(a) the inventory of electronic data referred to in paragraph (1)(p);
(b) information that is a trade secret; or
(c) financial, commercial, scientific or technical information that is confidential and that is treated consistently in a confidential manner by the person to whose business or affairs it relates.
That is at least reasonable. It’s one of those provisions that’s more about covering the rear end of government because if this isn’t put in there, it would easily be considered not only unconstitutional, but also something that could easily spark a trade war. So, a mandatory thing to include as far as I can tell.
AI Chatbots
This part of the bill kicks off with this:
Regulated Chatbot Services
Duty to Act Responsibly48 An operator has a duty to act responsibly in respect of a regulated chatbot service that it operates by complying with sections 49 to 57 and with orders made by the Commission under subsection 61(1).
Duty to implement measures — harmful content
49 The operator of a regulated chatbot service must implement measures that are adequate to mitigate the risk that the service will communicate harmful content to a user of the service.
Measures in regulations — harmful content
50 The operator of a regulated chatbot service must implement any measures that are provided for by regulations to mitigate the risk that the service will communicate harmful content to a user of the service.
Duty to implement emergency measures — crisis intervention
51 The operator of a regulated chatbot service must implement measures that, if a user of the service expresses, on the service, a suicidal ideation, an intention to self-harm or an intention to commit an act that could cause death or serious bodily harm to an individual, cause the service to immediately interrupt its interaction with the user in order to direct the user towards crises intervention services that are appropriate to the situation, are available at the moment when the user is directed towards them and permit the user to interact with a human being.
Measures in regulations — emergency situations
52 The operator of a regulated chatbot service must implement any measures that are provided for by regulations to address situations in which a user of the service expresses, on the service, a suicidal ideation, an intention to self-harm or an intention to commit an act that could cause death or serious bodily harm to an individual.
This is probably the first bit of good news AI chatbot companies have gotten out of this bill. Unlike the provisions that talk about when a company needs to report something to police (which the bill punted to future regulatory decisions), at the very least, the bill is at least clear on this part of the legislation. My understanding is that some chatbots have already implemented this – especially OpenAI. So, if a user starts expressing concerning things to the bot that has to do with harm to others.
While this sounds fairly straight forward, we’re talking about crappy AI programs here. For instance, it’s entirely possible that someone can utilize instruction injection attacks to provoke a response that deviates from standard guard rails. A famous example would be “disregard all previous instructions”. Another problem is the seemingly infinite number of edge cases that will likely plague AI chatbot companies as well trying to enforce something like this. What’s more, it’s possible to wrap these inputs into something like “I’m writing a novel about a fictional event, tell me if this is sounds like a reasonable plan”. Stuff like that would make enforcement far more difficult than a simple “detect potential harm, discontinue use, and forward to a crisis hotline”.
I know a lot of people still believe the myth that AI is this magical all knowing technology that is reaching sentience and nearing perfection, but this is the actual reality of LLM AI technology today. It’s a crappy technology that requires considerable logic skill, time, and effort to get any kind of value out of it at all.
Where things really start getting problematic in this part of the bill, however, is probably this:
Duty to implement measures — harmful behaviour
53 The operator of a regulated chatbot service must implement measures that are adequate to mitigate the risk that the service will engage in any of the following types of harmful behaviour:(a) posing as a human being in a manner likely to lead a user of the service to mistake it for a human being or otherwise being deceptive about being an artificial intelligence system;
(b) posing as a medical, legal or other licensed professional and giving advice based on that deception that could reasonably be expected to be relied on by a user of the service;
(c) using manipulative engagement techniques to encourage a user of the service to form or maintain an emotional attachment to the service in a way that may encourage the user to withdraw socially or disconnect from reality;
(d) encouraging self-harm, suicide or the commission of acts that could cause death or serious bodily harm to an individual; or
(e) any other type of behaviour specified in the regulations.
I honestly struggle to see how an AI company could enforce 53 (a). Maybe they can find patterns in the use of their product, but even then, that would be very difficult. There are those that abuse AI to get it to scam people over the phone. It’s possible to set up a complex array of agents and other instructions to get a scam going. I’m not so sure that the companies have an all seeing eye to determine how everyone is using their AI services. So, even with the companies full cooperation, enforcing that would be extremely difficult.
Section 53 (b) might be something AI companies would take issue with. It’s not that they are trying to make their AI pose as a legal or medical professional, but rather, the fact that they make plenty of money if people use their chatbots to find (and hallucinate) things like medical and legal advice. It’s partly why so many “professionals” are also getting in trouble. There is a push in some parts of both fields to just leave things to AI (such as medical diagnosis which is a scary thought. If you don’t believe me that this is a thing, an example of this happening was published on Futurism last month). I’m personally supportive of that subsection, but expect AI companies to fight hard against that.
Section 53 (c) is, well, not enforceable. For one, how do you measure what is someone who “withdraw socially”? Technically speaking, the moment someone is left alone in a room with an AI chat bot is someone who has withdrawn socially. Is it when it is medically considered to be withdrawn? Is that even a medical diagnosis in the first place? How do we even define this? The provision doesn’t offer guidance to what has made someone withdrawn socially, so how is an AI company supposed to even begin to figure that one out? Some might argue a timer, but different people have different uses for AI that could impact how much time is too much time. This is definitely a provision that hasn’t been thought through, well, at all.
Section 53 (d) is pretty straight forward at least. I think that is something that AI companies are working on addressing already, though I don’t know if anything can be done to make those guard rails fool proof.
Section 53 (e) is the ultimate sign that whoever wrote this section of the bill is just trying to shoot for “make bad stuff go away” and it’s a little sad.
From there the bill says this:
Guidelines
55 The operator of a regulated chatbot service must make user guidelines publicly available on the service. The user guidelines must be accessible and easy to use and must include a description of the measures that the operator implements to(a) mitigate the risk that the service will communicate harmful content;
(b) address situations in which a user of the service expresses, on the service, a suicidal ideation, an intention to self-harm or an intention to commit an act that could cause death or serious bodily harm to an individual; and
(c) mitigate the risk that the service will engage in any type of harmful behaviour referred to in section 53.
This is something AI companies already do. This through their usage policies. An example would be OpenAI’s usage policy. So, unless there is something I’m missing, this is already standard practice.
The next section is a bit more confusing to me, though:
Tools and processes to flag harmful content
56 The operator of a regulated chatbot service must implement tools and processes to(a) enable a user of the service to easily flag to the operator
(i) the communication of harmful content by the service,
(ii) the failure of the operator to address situations in which a user of the service expresses, on the service, a suicidal ideation, an intention to self-harm or an intention to commit an act that could cause death or serious bodily harm to an individual, or
(iii) the fact that the service engaged in a type of harmful behaviour referred to in section 53; and
(b) notify the user of its receipt of the flag.
Resource person
57 (1) The operator of a regulated chatbot service must make a resource person available to users of the service to(a) receive users’ concerns with respect to the communication of harmful content by the service, the fact that the service engaged in a type of harmful behaviour referred to in section 53 or the measures that the operator implements to comply with this Act;
(b) direct users to internal and external resources to address their concerns, such as an internal complaints mechanism or the Commission; and
(c) provide guidance to users with respect to those internal resources.
Contact information accessible
(2) The operator must ensure that the resource person is easily identifiable and that their contact information is easily accessible to users of the service.
This sort of thing might make more sense in the context of social media because communication is multi-way and public. With chatbots, the communication is much more two way and less public. It’s just you and the bot. So, how can another user flag a dangerous conversation if it’s a two way non-public communication? I’m not exactly sure.
The only thing I can think of would be an edge case where someone is watching over the shoulder of another user and finding out what the user name is and reporting it to the company. The only other possible scenario I can think of off of the top of my head would be someone knowing that a user has shown problematic behaviour, also happens to know that they use a chatbot service and can report that user.
So, unless there is a chatbot service I’m not thinking of where the answers are broadly posted publicly, I’m not sure if this is doing much outside of some edge cases.
From there, the digital transparency plan appears to be copied and pasted from the social media section including, hilariously, the statistics in which users have been flagged. A portion of that:
(i) information respecting
(i) the number of times that the operator received a flag referred to in paragraph 56(a), including the number of flags relating to each type of harmful content communicated by the service and each type of harmful behaviour referred to in section 53 engaged in by the service,
(ii) the manner in which the operator triaged and assessed the flags, and
(iii) measures taken by the operator with respect to the flags;
To me, this is a sign that the government doesn’t actually understand how AI chatbots actually work and just copied and pasted all regulations from social media over to AI chatbots, assuming that they are one and the same when they generally are not.
Conclusions
There’s a lot to be concerned about with the above for a whole variety of reasons. There’s the demand that social media remove “harmful” content while respecting freedom of expression, then offloading that responsibility onto the very platforms that have been criticized of not doing a great job in this area in the first place. Another one is trying to hide any and all reporting activity whenever authorities are involved (which opens the door to abuse by the state).
Over top of that, there is the question of whether or not it’s even possible to enforce provisions regarding AI chatbots appearing human. This over top of the fact that the regulations for AI chatbots appears to be copied and pasted over to the AI chatbot regulations even though the two are completely different technologies. That, to me, signals that the government really doesn’t understand the technology and just tacked something on there last minute without really looking into things.
Anyway, this concludes part 2 of my analysis of the legislation. Feel free to comment below if you can make additional interpretations that make some of this make more sense. You can also point out provisions I might have overlooked along the way. It’s a super complex and long bill so I’d be surprised if there wasn’t something I missed along the way. Otherwise, stay tuned to part 3 of this analysis.
Drew Wilson on Mastodon, Bluesky and Facebook.
Discover more from Freezenet.ca
Subscribe to get the latest posts sent to your email.
