How to constructively protest against AI voice transcription at work?

BurningRiver , 4 months ago

I would suggest that that first action item would be is to ask for (in writing) are 1) data protection and 2) privacy policies. I would then either pick it apart, or find someone who works in cybersecurity (or the right lawyer) to do that. I’ve done it a few times and talked my employer out of a few dodgy products, because the policies clearly try to absolve the vendor of any potential liability. Now, whether the policies truly limit liability would have to be tested in court.

You could also talk about how data protection, encryption, identity and access management, and governance is actually really expensive, but I’d first start poking holes in the actual policies to create doubt.

7heo , 4 months ago

I would have work sign a legal discharge that from the moment I use the technology, none of the recordings or transcription of me can be used to incriminate me in case of an alleged malpractice.

In fact, since both are generated or can be generated in a way that both sounds very assertive but also can be adding incredibly wild mistakes, in a potentially life and death situation, they legally recognise potentially nullifying my work, and taking the entire legal responsibility for it.

As you can see in the most recent example involving Air Canada, a policy has been invented out of thin air. Such policy is costing the company. In the case of a doctor, if the administration of the wrong sedative, the wrong medication, or if the wrong diagnosis was communicated to the patient, etc; all that could have serious consequences.

All sounding (using your phrasings, etc) like you, being extremely assertive, etc.

A human doing that job will know not to derive from the recording. An AI? "antihistaminic" and "anti asthmatic" aren't too far off, and that is just one example off of the top of my head.

turkalino , 4 months ago

It would be worth finding out more about how exactly the training process works, namely whether or not the AI company stores the training audio clips after training has been completed. If not, then I would say you don't have anything to worry about, because the model itself can't be used to clone your voice to any useful extent. Deep neural networks aren't reversible like that. Even if they were, it's not just trained on you, it's trained on hundreds of thousands of people then fine-tuned to you.

If they do store the clips though, then maybe show them this article about GitHub to prove to them that there is precedence for private companies using people's data to train AI without their explicit consent.

Adalast , 4 months ago

To expound on this, AI models are extremely narrow in scope. One which reproduces audio it is trained on is entirely different from one that understands what is being said. As Mr. Turkalino mentioned, the transcription AIs are built on a combination of speech recognition and incredibly specialized text data that is narrowly defined by your industry (medical in this case). In fact, they may have tuned specific models for separate disciplines. This included thousands of documents ranging from textbooks to scholarly journals along with thousands of recordings of professionals saying the words in a variety of accents and dialects so it can understand the difference between very important and very different sounding words, my wife is pregnant, so amnioitis and amniocentesis come to mind. They are close enough sounding that a general model might mistake them, and that being transcribed wrong could spell real problems when others may look at the patients chart if there are complications.

Also, most models are run in the cloud because the calculations can he very taxing. I run Stable Diffusion and other AIs locally on my beast of a machine and it struggles at times. Realistically, the cloud machines are just bugger than you can get as a desktop. Also, under the most ideal circumstances, the audio of your notes does not live in the servers, it is transmitted, stored on a virtual machine (VM) while it is being processed, then after the results are completed the VM is destroyed and the audio recording goes with it. Nothing is kept. Of course, that is where you need to be sure to do the work, making sure that your situation is "ideal". One of the biggest controversies in with AI right now is that data is being stored for doing reinforcement training on the AI models. Example, you send your recordings and the AI returns the transcript. You mark any corrections and go on with your day. The company takes those recordings and feeds them back into the general model with the corrections you made and tries to tell the AI what it got wrong. You are going to want to be sure that you are allowed to opt-out of your data being allowed to be used as training data (beyond the fine-tuning to help it learn your voice).

WitchHazel , 4 months ago

Unfortunately a guy I know works for a gov hospital and they've used such technology for over a decade at this point. It seems unavoidable.

Spyder , 4 months ago

Do your patients know that their information is being transcribed in the cloud, which means it could potentially be hacked, leaked, tracked, and sold? How does this foster a sense of distrust, and harm the patients progress?

Could you leverage this information and the possibility of being sued if information is leaked with the bureaucrats?

tonyn , 4 months ago

Stop using the digital voice recorder and type everything yourself. This is the best way to protect your voice print in this situation. It doesn't work well as a protest or to educate your colleagues, but I suppose that's one thing you can use your voice for. Since AI transcription is a cost saving measure, there will be nothing you can do to stop its use. No decision maker will choose the more expensive option with a higher error rate on morals alone.

FlappyBubble OP , 4 months ago

Unfortunately the interface of the medical records system will be changed when this is implemented. The keyboard input method will be entirely removed.

ubergeek77 , 4 months ago

Even if this gets implemented, I can't imagine it will last very long with something as completely ridiculous as removing the keyboard. One AI API outage and the entire office completely shuts down. Someone's head will roll when that inevitably happens.

FlappyBubble OP , 4 months ago

Ah sorry, I mean removing the option of using the keyboard as an input method in the medical records system. The keyboard itself isn't physically removed from the computer clients.

But I agree that in the event of a system failure the hospital will halt.

ubergeek77 , 4 months ago

Also, if you get the permission of someone in leadership to clone their voice, one angle could be to voice clone someone on ElevenLabs and make the voice say something particularly problematic, just to stress how easily voice data can be misused.

If this AI vendor is ever breached, all they have to do is robocall patients pretending to be a real doctor they know. I don't think I need to spell out how poorly that would go.

Lath , 4 months ago

Dunno, maybe collect the news of every private digital data leak in recent years and show how unsafe it really is?

drwho , 4 months ago

The personalized data model will be trained on your voice. That means that it's going to be trained on a great deal of patient medical history data (including PII). That means it's covered by HIPAA.

I strongly doubt the service in question meets even the most minimal of requirements.

datavoid , 4 months ago

Personally I'd be more worried about leaking patient information to an uncontrolled system than having a voice model made

FlappyBubble OP , 4 months ago

Thats another issue and doesn't lessen the importance of this issue. Both are important but separate. One is about patiwnt data, the other about my voice model. Also in thsi case I have no control over the mesical records and it's already stored outside the hospital in my case.

MajorHavoc , 4 months ago

Your voice-print is worth protecting.

There's already retirement funds activating "my voice is my password" by default, now. (You can, and absolutely should opt-out, if yours does.) And you can't change your voice-print if it gets leaked. (Maybe with a professional voice coach, you could...)

Personally, I would change employers over this, if I had the option.

I think we're heading towards having a group of citizens with compromised voice-prints leaked to the dark web, who have a harder time day to day through no fault of their own. Like the early SSN breach sufferers, history tells us that society says "it's a shame", and tries to protect the next generation properly, but doesn't recompense those hurt by the early bullshit.

While job searching, I would also request an accomodation, and not use the voice system.
It's much easier for the employer to retain a secretary for you, than to deal with the legal hassles that will come up if they try to fire you for not using their legal-gray-area solution.

Even granted the accommodation, I would be looking for my next job though.

PM_me_trebuchets , 4 months ago

Most places use this sort of software (at least, larger companies). I have worked with doctors who refused to use it and instead developed templates for common items they copied + pasted into the MAR software / PACS, etc., and they just type what they need. That’s what they did before dictation software existed anyway. It’s not as efficient, but it’s basically the only way to avoid this.

umami_wasbi , 4 months ago

So what's your concern? I'm a bit confused.

1. Using cloud to process patient data? Or,
2. Collecting your voice to train a model?

DessertStorms , 4 months ago

Yeah, I'd be sooooo confident and reassured if I knew my doctor was prioritising the security of their voice of the security of my information.. /s

(yes, it can be both, but this post doesn't seem at all concerned with one, and entirely with the other)

ZILtoid1991 , 4 months ago

1. Go to the Minecraft servers of OpenAI and similar corporations.
2. Find a room called "AI server room", all while avoiding of defeating the mobs protecting the area.
3. Destroy everything there.
4. Go to the offices.
5. Destroy everything there.

lorty , 4 months ago

This is really weird. Is it common in other countries for doctors to not input the data in the system themselves?

FlappyBubble OP , 4 months ago

I don't know if it's common practise in other countries. In Sweden where I work it is. I think the rationale is the following:

• It's a lot faster to use a voice recorder.
• A doctor's time is worth a lot more than a secretary's (in the sense of pay and rarity)
• Using a voice recorder lets us review lab results, radiology etc at the same time as recording, not having to switch between tasks.
  -Doctorss wont have to be good spellers or think about building well thought out sentences. We also dont have to look up classification codes for procedures and diagnoses. All this will be done by the secretary.

Of course we have to review the teanscribed result. At my hospital, all doctors carry smart cards and use the personal stoed private key to digitally sign every transcribed medical record entry.

privsecfoss , 4 months ago (edited 4 months ago)

I don't where you live. But almost all of bigtech US cloud is problematic (Read: Illegal to use) for storing or processing of Personal information according to the GDPR if you're based in the EU. Don't know about HIPPA and other non-EU legislation. But almost all cloudservices use US bigtech as a subprocessor under the hood. Which means that the use of AI and cloud is most likely not GDPR-complaint. Which you could mention to the right people and hope they listen.

Edit: It's illegal to use for the processing of the patients PII, because of transfer to insecure third countries and because bigtech uses the data for their own purposes without any legal basis.

Edit 2: The same is the case with your, and your colleagues PII.

In my opinion privacy and GDPR is the same in this case. I think most public authorities is required to have a DPO, fx hospitals or the relevant health authority. The DPO can help answer your and your bosses questions on the mentioned questions.

Hope you figure it out.

FlappyBubble OP , 4 months ago

I agree and I suspect this planned system might get scuttled before release due to legal problems. That's why I framed it in a non legal way. I want my bosses to understand the privacy issue, both in this particular case but also in future cases.

pearsaltchocolatebar , 4 months ago

You don't have to use a cloud service to do AI transcription. You don't even need to use AI. Speech to text has been a thing for like 30+ years.

Also, AWS has a FedRAMP authorized Gov Cloud that's almost certainly HIPAA (and it's non-us counterparts) compliant.

Also also, there are plenty of cloud based services that are HIPAA compliant.

SheeEttin , 4 months ago

What, exactly, are your privacy concerns about this?

520 , 4 months ago

Not OP but if I were him/her: Leakage of patient data. Even if OP isn't responsible, simply being tied to an incident like this can look very bad in fields that rely heavily on reputation.

AI models are known to leak this kind of information, there are news articles all over

FlappyBubble OP , 4 months ago (edited 4 months ago)

My biometric data, in this case my voice. Training an AI, tailored to my voice, out of my control, hosted as a cloud solution.

Of course there is an aspect of patient confidenciality too, but this battle is already lost. The data in the medical records is already hosted outside of my hospital.

SheeEttin , 4 months ago

Sounds like a weak argument. They're not going to be inclined to operate a local ML system just for one or two people.

I would see if you can get a quote for locally-hosted transcription software you can run on your own, like Dragon Medical. Maybe reach out to your IT department to see if they already have a working relationship with Nuance for that software. If they're willing to get you started, you can probably just use that for dictation and nobody will notice or care.