Earlier this week, I appeared before the Standing Senate Committee on Transport and Communications as part of its study on AI regulation. This follows earlier appearances before the House of Commons Heritage and Industry committees on the same issue. The hearing led to robust exchanges with multiple Senators on the intersection of AI policy with issues such as privacy, copyright, online harms, and sovereignty. I plan to post clips from the hearing in a future Law Bytes podcast, but in the meantime, my opening statement provides a good sense of my views on AI regulation with respect to privacy, copyright, and the need for an AI Transparency Act. A video of the opening statement is embedded below, followed by the text.
Latest Posts
Lawful Access Heads to Committee: The Opposition Found Its Voice, the Government Never Found Its Defence
After several days of debate in which the opposition to lawful access seemed half-hearted at best, the Conservatives woke up on Monday. MP after MP rose to argue, correctly, that Bill C-22 represents an unprecedented surveillance threat: mandated metadata retention (including location information) for up to a year, security vulnerabilities built into the interception architecture the bill requires, and a weakened legal standard for access to subscriber information. After days of debate with the government visibly struggling to defend its own legislation, this is precisely what the opposition should be targeting (coverage from day one, day two, day three).
Is Data De-Identification Dead?: Why the AI Privacy Risk Isn’t What It Learns, But What It Figures Out
In 1997, an MIT graduate student named Latanya Sweeney stunned the privacy world by matching publicly available voter rolls with hospital records stripped of names and addresses to identify the supposedly anonymous medical history of the then-governor of Massachusetts. Three years later, she expanded on that finding by demonstrating that 87 per cent of the U.S. population could be uniquely identified using just three data points: ZIP code, date of birth and gender.
My Globe and Mail op-ed notes that Ms. Sweeney’s work shaped privacy frameworks worldwide, which responded with de-identification standards designed to manage the risk by removing obvious identifiers, applying statistical tests and treating the resulting data as safe to use. Indeed, a core tenet of modern privacy regulation rests on the premise that de-identified data can be used, disclosed and commercialized without compromising individual privacy.
The Law Bytes Podcast, Episode 265: Jason Millar on Claude Mythos, Project Glasswing, and the Governance Crisis in Frontier AI
In a year in which AI has truly dominated much of the news cycle, the story of Anthropic’s Mythos may be the biggest story of them all. A version of the popular Claude AI service is reportedly so powerful that the company can’t release it to the public yet. As governments race to meet with company officials, there are serious cybersecurity risks, prompting many leading software companies to join a new working group to get ahead of the issue before the AI model is publicly released.
Jason Millar is a colleague at the University of Ottawa, where he holds the Canada Research Chair in the Ethical Engineering of Robotics and Artificial Intelligence. He joins the Law Bytes podcast to talk about Anthropic’s Mythos, the AI governance challenges, the importance of distinguishing between AI security and AI safety, and what governments should be doing to address this latest AI challenge.
A Standard That Doesn’t Exist: Parliamentary Secretary for Justice Offers Misleading Defence of Bill C-22’s Lower Threshold for Subscriber Information
The lawful access debate continued for a third day on Friday with Bloc MP Claude DeBellefeuille asking Patricia Lattanzio, the Parliamentary Secretary to the Minister of Justice, a critical question: why has the government chosen “the lowest possible threshold for obtaining information, that of reasonable grounds to suspect, rather than the more stringent threshold of reasonable grounds to believe.” She added that she did not understand the choice and would like a clear answer (I focused on this issue in a previous post). In keeping with the government’s discouraging defence of lawful access thus far (my posts on day one and day two of debate) Lattanzio’s response went for deception rather than clarity. After noting that reasonable grounds to suspect already appears in parts of the Criminal Code, she offered the government’s substantive defence of the lower threshold in a single sentence: “We also think that ‘reasonable grounds to suspect’ is higher than the threshold of mere suspicion.” The problem is that mere suspicion isn’t a threshold for search at all, but rather the standard the courts point to when a search is unconstitutional.
Recent Posts
Addressing the AI Policy Challenge: My Appearance before the Standing Senate Committee on Transport and Communications 
Lawful Access Heads to Committee: The Opposition Found Its Voice, the Government Never Found Its Defence 
Is Data De-Identification Dead?: Why the AI Privacy Risk Isn’t What It Learns, But What It Figures Out 
The Law Bytes Podcast, Episode 265: Jason Millar on Claude Mythos, Project Glasswing, and the Governance Crisis in Frontier AI 
A Standard That Doesn’t Exist: Parliamentary Secretary for Justice Offers Misleading Defence of Bill C-22’s Lower Threshold for Subscriber Information
