Artificial intelligence poses legal threats to government contractors

AI brings to contractors a raft of new legal challenges, especially because the Biden administration has insisted on safe, secure and trustworthy AI.

You can hardly talk to a federal contractor who’s not offering something to do with artificial intelligence. But AI brings to contractors a raft of new legal challenges, especially because the Biden administration has insisted on safe, secure and trustworthy AI. Joining the Federal Drive with Tom Temin for more is Sheppard Mullin partner Townsend Bourne.

Interview transcript: 

Tom Temin  Townsend, good to have you back.

Townsend Bourne  Thanks for having me, Tom.

Tom Temin  You have written extensively here in a law journal about the idea that there are lots of legal challenges with AI for contractors. What are they?

Townsend Bourne  It’s a great question. We’re seeing a lot of challenges, a lot of questions come up in the space. I know you saw the article that me and my partner Jim Gatto published in the Procurement Lawyer recently on this specific topic, AI challenges for government contractors. The way I look at it really is three different main challenges. There’s, if you’re developing AI, there are the challenges you just mentioned with ensuring that that development complies with some of these responsible development practices that we’re seeing coming out of the Biden administration. NIST has an AI risk management framework now, and some other publications, that are guidance for the development of AI. And we can get into some of these in a little more detail. But the second main challenge, I think, is AI use. All companies are dealing with this now, but particularly government contractors, I think need to think specifically about their AI use when it’s supporting a government contract. And then third, we talk about supply chain management all the time, but vendor due diligence when you’re using third party AI tools is going to be very important for government contractors.

Tom Temin  And is there exposure on the false claims front, or what?

Townsend Bourne  We always worry about exposure on the false claims front here. Of course, we don’t yet have specific regulations on government contractors relating to AI, but there is, of course, false claims risk where you have potential misrepresentations. So, even now, it’s very important that contractors are clear and transparent about their AI use with respect to their government contracts.

Tom Temin  So if you, say, don’t certify, for example, and the agency is okay with that, but you don’t state specifically that you’re using these good practices, and something comes to light that you haven’t, then you could be found just to be non performing, for example.

Townsend Bourne  I’m going to give you the lawyerly answer, which is, I think it depends. It’ll be a case by case issue. But, of course, the contract terms are going to matter. We’re seeing more and more agencies are thinking about AI and procurement. So, there might be solicitation provisions and contract terms that speak to some of these issues, and if you’ve agreed to perform that contract with those terms, there’s the potential for misrepresentation, right?

Tom Temin  Right. So, you could get bad performance, on the one hand, if all of that wasn’t in the contract, but if it’s in the contract, then you have to actually do what you say as expressed in the contract.

Townsend Bourne  Exactly.

Tom Temin  And the supply chain issue. That’s a case of using, say, a particular algorithm that could later found to be a really bad one. That is, it performs technically, but it has some of these biases or security leaks, or it was trained with data it should not have been trained with, that kind of thing.

Townsend Bourne  That’s definitely one of the issues. So, are your vendors employing these responsible and secure AI practices? I think also a main concern is going to be with the terms that you agree to with your vendor and the data that they’re getting. So, I think a big issue here is going to be government data, and is that being fed into an AI model? Who owns the data? So, there are a lot of legal issues that we see that are just being expounded when you’re talking about AI.

Tom Temin  And on the development side, that’s probably not going to be a generative situation, but just a machine learning and standard type of AI development. It would be wise, then, to know and bring in those NIST standards and be able to state that you’re using them.

Townsend Bourne  I think that’s right. We’re seeing NIST not only putting out its own standards, which would apply in the U.S. once they get incorporated into contracts or regulations, but NIST is also working on global AI standards and trying to conform what we’re doing here in the U.S. with what other countries are doing. So, I do think for government contractors, in particular, where, you know, we have a history in the cyber security space, which I know you and I have talked about extensively, of the U.S. government building into FAR and DFARS regulations compliance with certain standards. So, I’ve got to expect here that at some point in the future we will have a regulation relating to AI that most likely will incorporate some of these NIST standards, so companies can stay ahead of that by using this now and not getting themselves into a position later where they potentially have to scramble and kind of go back and can potentially lose a lot of the AI development they’ve done, if it wasn’t consistent with some of these frameworks.

Tom Temin  We are speaking with attorney Townsend Bourne. She’s a partner at Sheppard Mullin. And have you seen any case work developing? Have there been any lawsuits or protests or agencies going after contractors yet for anything connected to AI?

Townsend Bourne  In the government and contracting space, not so much. Of course, there are many, many, many lawsuits at the federal and state level now on AI issues. I think the most well publicized one in the last couple years is the article about copyright infringement and whether or not certain companies and publications are able to use certain data in their AI machine learning. In the government space, we do have a relatively recent memo out of OMB with direction to agencies on AI use and also procurement of AI. So, we are seeing more and more pilot programs out of the government, more and more opportunities for companies and contractors to sell and work with government on AI solutions. So, I think all that is coming. It hasn’t really hit us in the wave yet, because this is still relatively new, but I think it’s worthwhile to keep an eye on the lawsuits in the main sphere and see where those are going, because that can inform what we’re going to see agencies do with their AI use under government contracts.

Tom Temin  And compliance requirements are spreading like a, not a bottle or a glass, but a barrel of wine spilled on a white carpet. It just gets wider and wider and wider, and it seems like companies need greater and greater expertise in that compliance area. When it was just financial, well, the CPAs could help you there, and the CFO types, but now, with cyber and AI and financial and a whole bunch of other things, DEI, environmental. How does the average contractor keep up with this spreading stain of compliance needs?

Townsend Bourne  I like that analogy. I’ve not heard that before. So, of course, the answer is they come to us right at Sheppard Mullin. As you know, my specialty is cybersecurity and emerging technologies. So, my team has an entire resource. We have playbooks on the best way to attack some of these compliance issues. I think, with respect to AI, emerging technologies, cyber and supply chain, which is the other big one we’re seeing, we get questions all the time. They’re very nuanced, because every situation is a little bit different. It depends on what you’re providing to the government. Are you a products or services provider? Do you provide cloud? Do you provide AI solutions? So, the compliance can look a little different depending on what you’re providing to the government. So, I think you’re right. We have a team that tries to stay on top of new developments as they come out, and they’re coming out every day, so it is basically a full time job. We’ve got several people that focus on this.

Tom Temin  Industry wide. They won’t all hire Sheppard Mullin. In the larger sense, the trend in corporate America has been to try to reduce reliance on external counsel because of the cost over the past number of years. It sounds like given all of these little specialties, compliance areas that might need to be rethought.

Townsend Bourne  I think companies, more and more, are bringing in house personnel that can handle some of these topics, like you said, on a more global basis. So, we are seeing functions within companies that have responsibility for public sector compliance, privacy, kind of lumped together, and sometimes that can be overwhelming. So, we like to partner with our clients, and again, give them those frameworks that they can implement that really looks at these issues across the board, and again, trying to figure out where you need to focus. Obviously, right now the DOJ has their civil cyber fraud initiative. They’re very focused on cyber security. There are other areas within government contracts compliance that are, I would say, a little more hot topics right now. So, with our publications and what we try to provide out there in the public, give you a sense of, here are the areas that you really should probably focus on first and target and then come up with your wider compliance strategy once you target those big areas.

Tom Temin  And it’s probably fair to say that the counterpart, which is the contracting officer and the acquiring agency and contracting officer representatives also have a spreading need of knowledge to keep up with all the regulations that they have to make sure the contractors comply with.

Townsend Bourne  That’s exactly right, and unfortunately, we do see some misunderstanding sometimes on the government side with regard to what some of these rules require and what compliance looks like. So, I think that’s right. Education is huge, and making sure people understand how a lot of these issues work together is going to be very important.

Tom Temin  Attorney Townsend Bourne is a partner at Sheppard Mullin. Thanks so much for joining me.

Townsend Bourne  Thanks for having me, Tom.

Tom Temin  And we’ll post this interview along with her article in the Procurement Lawyer at federalnewsnetwork.com/federaldrive. Subscribe to the Federal Drive wherever you get your podcasts.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Getty Images/Khanchit Khirisutchalualtechnology control law ai concept for AI ethics and Developing artificial codes of ethics.Compliance, regulation, standard, and responsibility for guarding against

    DoD sunsets Task Force Lima, introduces AI rapid capabilities cell

    Read more