In its 2023 AI use case inventory, the agency charged with managing U.S. government documents disclosed it wants to use an AI-based system to autofill metadata for its archival documents. Similar to some other agencies, the National Archives also disclosed its interest in using the technology to help respond to FOIA requests.

While NARA shared these planned applications, it did not include any current, operational use cases of AI.

The list of AI use cases is required of most federal agencies under a 2020 executive order (EO 13960). Those inventories must be posted publicly and annually.

The agency’s public release of its AI inventory comes after FedScoop reported that the National Archives had published its list only on MAX.gov, a platform for sharing information within the government. The Office of Management and Budget later re-emphasized that agencies are required to release a list on their agency website, in addition to the MAX portal.

“The National Archives is excited about the use of AI/ML/RPA and how we can utilize these technologies to help with natural language processing, search, and process automation,” said NARA Chief Information Officer Sheena Burrell in a previous statement to FedScoop. 

Burrell also said the agency was in the process of developing a governance life cycle for AI “along with the evaluation criterias to assess our AI solutions for compliances in accordance with the Executive Order.”

While the agency provided most details required under the Federal CIO Council’s 2023 guidance for the inventories — and additional optional information — it appears to follow a format consistent with the guidance for the previous year’s inventories. As a result, it doesn’t include whether the use is contracted or consistent with the executive order. It also doesn’t include columns for dates that note when stages in a use case’s life cycle take place.

Researchers at Stanford’s RegLab reported widespread lagging compliance in the first year of agencies’ use case inventories in a December 2022 report about the country’s AI strategy. Recent FedScoop reviews of agency use case inventories found inconsistencies in reporting have persisted.

The post National Archives discloses planned AI uses for record management appeared first on FedScoop.

In response to a series of questions, an OMB spokesperson said that if agencies do not currently utilize AI, they must post a statement saying they don’t use the technology. Agencies are required to both post a full version of the AI use case list to the federal MAX portal, and a public version to their own website. Critically, the OMB spokesperson acknowledged problems with the AI inventorying process — an issue previously flagged by FedScoop, as well as other researchers.

“Office of the Federal CIO desk officers, the CIO Council, and the Small Agency CIO Council are engaging on an ongoing basis with agencies on their AI use case inventory requirements and to clarify the instructions and address issues with reporting,” the spokesperson said. “It’s important to note that this is the first year small agencies have been required to join this process. We are supporting them at every level to ensure their success.”

Federal agencies, particularly smaller ones, are still working on satisfying their compliance obligations under the order. For example, the Selective Service System (SSS), the independent agency that registers people who might be conscripted into the military, is still developing an initial inventory of AI use cases.

Micheal Migliara, the associate director for public and intergovernmental affairs at SSS, said the agency is considering using technology to improve its customer service capabilities, potentially in the form of chatbots and automating other administrative tasks.

Migliara added: “We are actively developing our AI strategy and capabilities in response to the Executive Order … [w]e are currently in the preliminary stages of our AI requirements assessment to determine our Agency’s AI capabilities and future needs, and are closely following all federal mandates for the potential adoption of commercial AI solutions.”

Similarly, the Federal Housing Finance Agency, a regulatory agency that oversees programs like Fannie Mae and Freddie Mac, has published its AI use case to MAX.gov, but told FedScoop that it’s still working on publishing its public list of use cases. In a similar vein, the National Archives only announced it would publicly post its AI inventory in response to FedScoop’s questions asking about that requirement.

The Tennessee Valley Authority, a federal utility, is also still working on meeting the executive order’s requirements. The agency has yet to designate a responsible artificial intelligence official, Elizabeth Gibson, a communications lead for the agency, told FedScoop.

“TVA has compiled an asset inventory that it is currently evaluating for both responsiveness and security, given our critical infrastructure role, and has not yet made that inventory public,” Gibson told FedScoop. “TVA intends to comply with applicable federal guidelines and directives, including Executive Order 13960, and will work to implement and track secure AI technology to meet our mission.”

When asked about whether it had created an AI inventory, a spokesperson for Amtrak said the rail provider would not provide a comment on the topic. Amtrak is still working on inventorying its operational technology, an issue that FedScoop previously flagged.

Meanwhile, other aspects of Executive Order 13960 raise questions about transparency. For instance, agencies seem to be at their own discretion when deciding what use cases should — and should not — be public, noted John Davisson, an attorney at the Electronic Privacy Information Center, in an email to FedScoop.

“[A]gencies get to interpret the exemptions in the order and guidance, and the public can’t easily test those withholdings like they can under the FOIA,” he said. “So while more disclosure is clearly a good thing, we really can’t trust that these inventories include everything they’re supposed to, let alone all agency uses of AI.”

Moreover, not every agency’s inventory has been uploaded to a list of inventories on AI.gov, the website that’s supposed to document all the publicly-disclosable use cases identified across the federal government, in a timely manner. For example, NASA — which told FedScoop it’s submitted its inventory to the White House Office of Science and Technology Policy — and OPM’s inventories only seem to have been added on the morning of August 16, according to a web-watching tool used by FedScoop.

“The public shouldn’t have to go hunting on dozens of agency websites to find out how their government is using AI,” remarked Davisson.

The 2023 CIO Council guidance tasks agencies with ensuring their inventories are present on that site. Agencies are instructed to email their Office of the Federal Chief Information Officer desk officer with the public link to their inventory and a request to add it to AI.gov if it’s not already included.

The post OMB acknowledges issues with process for inventorying AI use cases appeared first on FedScoop.

Speaking during an ATARC webinar Thursday, Dan Chandler said the idea is to use all the network information at OMB’s disposal to alert a user when their trust score isn’t high enough in real time — rather than simply reject their request.

The Cybersecurity Executive Order issued in May 2021 accelerated agencies’ efforts to implement zero-trust security architectures, but funding and expertise for systems like the one OMB envisions remain scarce.

“System may be too strong a word,” Chandler said. “This is an idea that we’re starting to develop.”

The comments after Federal CIO Clare Martorana last month told FedScoop that OMB aspires to implement new trust measures as it works to improve security and customer experience.

Agencies use tools like Google Authenticator and others from Amazon Web Services and Microsoft Azure to authenticate users, but trust in them changes depending on current events. If a zero-day vulnerability is found in one of those services, trust in it may drop a certain percentage, Chandler said.

If implemented, OMB’s desired system would compare a session’s trust score to the trust requirement on a function of feature. If a user’s score is too low to grant access, a list of options for raising their score — like reauthenticating or inputting a personal identity verification card — might even be provided, Chandler said.

The Department of Commerce is also interested in evaluating the trust of users and devices, but network evidence isn’t feeding into and informing its zero-trust architecture yet.

“We’re just not there yet because the investments haven’t come through,” said Lawrence Anderson, deputy chief information officer at the Department of Commerce. “But at some point we’re going to need some advanced tools to get to that advanced level of zero trust that we want to get to.”

Meanwhile the General Services Administration is working on another authentication solution that is expected to cost slightly less than Login.gov.

OMB has run the MAX.gov system, which performs authentication using PIV cards, for years. Agencies use MAX.gov for their budget systems and other use cases.

“MAX.gov is being transitioned to GSA,” Chandler said. “So by the end of next year GSA is supposed to have stood up an alternative solution which, as I understand it, is going to be based on Azure Active Directory.”

The post OMB working to develop system for real-time zero trust scoring appeared first on FedScoop.