Where things have gone wrong¶

To make the ideas contained in the checklist more concrete, we've compiled examples of times when things have gone wrong. They're paired with the checklist questions to help illuminate where in the process ethics discussions may have helped provide a course correction.

Checklist Question	Examples of Ethical Issues
	Data Collection
A.1 Informed consent: If there are human subjects, have they given informed consent, where subjects affirmatively opt-in and have a clear understanding of the data uses to which they consent?	Facebook uses phone numbers provided for two-factor authentication to target users with ads. African-American men were enrolled in the Tuskegee Study on the progression of syphilis without being told the true purpose of the study or that treatment for syphilis was being withheld. OpenAI's ChatGPT memorized and regurgitated entire poems without checking for copyright permissions.
A.2 Collection bias: Have we considered sources of bias that could be introduced during data collection and survey design and taken steps to mitigate those?	StreetBump, a smartphone app to passively detect potholes, may fail to direct public resources to areas where smartphone penetration is lower, such as lower income areas or areas with a larger elderly population. Facial recognition cameras used for passport control register Asian's eyes as closed.
A.3 Limit PII exposure: Have we considered ways to minimize exposure of personally identifiable information (PII) for example through anonymization or not collecting information that isn't relevant for analysis?	Personal information on taxi drivers can be accessed in poorly anonymized taxi trips dataset released by New York City. Netflix prize dataset of movie rankings by 500,000 customers is easily de-anonymized through cross referencing with other publicly available datasets.
A.4 Downstream bias mitigation: Have we considered ways to enable testing downstream results for biased outcomes (e.g., collecting data on protected group status like race or gender)?	In six major cities, Amazon's same day delivery service excludes many predominantly black neighborhoods. Facial recognition software is significanty worse at identifying people with darker skin.
	Data Storage
B.1 Data security: Do we have a plan to protect and secure data (e.g., encryption at rest and in transit, access controls on internal users and third parties, access logs, and up-to-date software)?	Personal and financial data for more than 146 million people was stolen in Equifax data breach. Cambridge Analytica harvested private information from over 50 million Facebook profiles without users' permission. AOL accidentally released 20 million search queries from 658,000 customers.
B.2 Right to be forgotten: Do we have a mechanism through which an individual can request their personal information be removed?	The EU's General Data Protection Regulation (GDPR) includes the "right to be forgotten."
B.3 Data retention plan: Is there a schedule or plan to delete the data after it is no longer needed?	FedEx exposes private information of thousands of customers after a legacy s3 server was left open without a password.
	Analysis
C.1 Missing perspectives: Have we sought to address blindspots in the analysis through engagement with relevant stakeholders (e.g., checking assumptions and discussing implications with affected communities and subject matter experts)?	When Apple's HealthKit came out in 2014, women couldn't track menstruation.
C.2 Dataset bias: Have we examined the data for possible sources of bias and taken steps to mitigate or address these biases (e.g., stereotype perpetuation, confirmation bias, imbalanced classes, or omitted confounding variables)?	word2vec, trained on Google News corpus, reinforces gender stereotypes. Women are more likely to be shown lower-paying jobs than men in Google ads.
C.3 Honest representation: Are our visualizations, summary statistics, and reports designed to honestly represent the underlying data?	Misleading chart shown at Planned Parenthood hearing distorts actual trends of abortions vs. cancer screenings and preventative services. Georgia Dept. of Health graph of COVID-19 cases falsely suggests a steeper decline when dates are ordered by total cases rather than chronologically.
C.4 Privacy in analysis: Have we ensured that data with PII are not used or displayed unless necessary for the analysis?	Strava heatmap of exercise routes reveals sensitive information on military bases and spy outposts.
C.5 Auditability: Is the process of generating the analysis well documented and reproducible if we discover issues in the future?	Excel error in well-known economics paper undermines justification of austerity measures.
	Modeling
D.1 Proxy discrimination: Have we ensured that the model does not rely on variables or proxies for variables that are unfairly discriminatory?	In hypothetical trials, language models assign the death penalty more frequently to defendants who use African American dialects. Variables used to predict child abuse and neglect are direct measurements of poverty, unfairly targeting low-income families for child welfare scrutiny. Amazon scraps AI recruiting tool that showed bias against women. Criminal sentencing risk asessments don't ask directly about race or income, but other demographic factors can end up being proxies. Creditworthiness algorithms based on nontraditional criteria such as grammatic habits, preferred grocery stores, and friends' credit scores can perpetuate systemic bias.
D.2 Fairness across groups: Have we tested model results for fairness with respect to different affected groups (e.g., tested for disparate error rates)?	Apple credit card offers smaller lines of credit to women than men. Google Photos tags two African-Americans as gorillas. With COMPAS, a risk-assessment algorithm used in criminal sentencing, black defendants are almost twice as likely as white defendants to be mislabeled as likely to reoffend. -- Northpointe's rebuttal to ProPublica article. -- Related academic study. Google's speech recognition software doesn't recognize women's voices as well as men's. Google searches involving black-sounding names are more likely to serve up ads suggestive of a criminal record than white-sounding names. -- Related academic study. OpenAI's GPT models show racial bias in ranking job applications based on candidate names.
D.3 Metric selection: Have we considered the effects of optimizing for our defined metrics and considered additional metrics?	Facebook seeks to optimize "time well spent", prioritizing interaction over popularity. YouTube's search autofill suggests pedophiliac phrases due to high viewership of related videos. A widely used commercial algorithm in the healthcare industry underestimates the care needs of black patients because it optimizes for spending as a proxy for need, introducing racial bias due to unequal access to care.
D.4 Explainability: Can we explain in understandable terms a decision the model made in cases where a justification is needed?	Patients with pneumonia with a history of asthma are usually admitted to the intensive care unit as they have a high risk of dying from pneumonia. Given the success of the intensive care, neural networks predicted asthmatics had a low risk of dying and could therefore be sent home. Without explanatory models to identify this issue, patients may have been sent home to die. GDPR includes a "right to explanation," i.e. meaningful information on the logic underlying automated decisions.
D.5 Communicate bias: Have we communicated the shortcomings, limitations, and biases of the model to relevant stakeholders in ways that can be generally understood?	Google Flu claims to accurately predict weekly influenza activity and then misses the 2009 swine flu pandemic.
	Deployment
E.1 Monitoring and evaluation: How are we planning to monitor the model and its impacts after it is deployed (e.g., performance monitoring, regular audit of sample predictions, human review of high-stakes decisions, reviewing downstream impacts of errors or low-confidence decisions, testing for concept drift)?	Dutch Prime Minister and entire cabinet resign after investigations reveal that 26,000 innocent families were wrongly accused of social benefits fraud partially due to a discriminatory algorithm. Sending police officers to areas of high predicted crime skews future training data collection as police are repeatedly sent back to the same neighborhoods regardless of the true crime rate.
E.2 Redress: Have we discussed with our organization a plan for response if users are harmed by the results (e.g., how does the data science team evaluate these cases and update analysis and models to prevent future harm)?	Software mistakes result in healthcare cuts for people with diabetes or cerebral palsy.
E.3 Roll back: Is there a way to turn off or roll back the model in production if necessary?	Google "fixes" racist algorithm by removing gorillas from image-labeling technology. Microsoft's Twitter chatbot Tay quickly becomes racist.
E.4 Unintended use: Have we taken steps to identify and prevent unintended uses and abuse of the model and do we have a plan to monitor these once the model is deployed?	Generative AI can be exploited to create convincing scams like "virtual kidnapping". Deepfakes—realistic but fake videos generated with AI—span the gamut from celebrity porn to presidential statements.