Expert interpretation | Construction of Internet information service algorithm security supervision system

At present, the information process of human society is rapidly changing from digitalization and networking to the intelligent stage. With the development of artificial intelligence, big data and other new information technology, algorithms are widely used in Internet information services to provide personalized, accurate and intelligent information services for users. At the same time, the unreasonable application of the algorithm also affects the normal communication order, market order and social order, and brings severe challenges to the maintenance of ideological security, social fairness and justice and the legitimate rights and interests of netizens.

In order to standardize the application of Internet information service algorithms, the State Internet Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration of Market Supervision and Administration jointly issued the regulations on the recommendation and Management of Internet Information Service algorithms (hereinafter referred to as the provisions), which provides an important legal guarantee for the comprehensive governance of Internet information service algorithms. The promulgation of the regulations is a timely move to further enhance the ability of comprehensive network governance, which is highly exploratory and forward-looking, and also indicates that China's cyberspace governance has entered a new stage of development. At the same time, we need to clearly understand the complexity and long-term nature of algorithm comprehensive governance, define the boundary of algorithm governance, improve the algorithm security supervision system, promote algorithm independent innovation, and promote the healthy, orderly and prosperous development of algorithms.

"algorithm" itself is a technical concept, as its name implies, refers to the "method of calculation", embodied in a series of problem-solving steps or computer instructions. With the popularity of electronic computers, the word "algorithm" is gradually known to people. In people's initial impression, the algorithm is only executing human instructions "out of the box". The discussion of the algorithm mainly stays at the technical level, such as time complexity and space complexity, and the security risk of the algorithm has not attracted widespread attention. Later, with the rapid development of artificial intelligence, big data and other new information technology, the connotation of the algorithm gradually evolved into a "model of training with data". The algorithm is no longer immutable, but continues to evolve in the process of being fed data. While the algorithm is becoming more and more "intelligent", it also brings people an increasingly strong "sense of inadaptability". The security risk of the algorithm has gradually entered the public view and attracted more and more attention. In essence, intelligence and risk are the two sides of the algorithm, which is also the necessary stage of technology from birth to application. Generally speaking, the algorithm security risk includes not only the algorithm loophole, algorithm vulnerability, algorithm black box and other "technical risks", but also the algorithm bias, algorithm bullying, algorithm collusion and other "social risks" caused by the unreasonable application of the algorithm.

The comprehensive governance of Internet information service algorithms focuses on good management, good use and development of algorithm applications, guiding the application of algorithms to be fair, fair, transparent and interpretable, and fully protect the legitimate rights and interests of netizens. For this reason, from the point of view of hierarchical and classified management of algorithms, the stipulation effectively identifies the high-risk algorithms in Internet information services, focusing on the algorithms widely used in five types of Internet information services, such as generating composite classes, personalized push classes, sorting and selection classes, retrieval and filtering classes, and scheduling and decision-making classes. Furthermore, the stipulation defines the main responsibility of the algorithm recommendation service provider from the two aspects of the information service specification and the protection of users' rights and interests, while encouraging to give full play to the positive energy transmission role of the algorithm service, it focuses on defining the criteria that the algorithm application should follow and the behaviors that must not exist. Maximize the protection of netizens' right to know and choose when using algorithm recommendation services, as well as the legitimate rights and interests of minors, the elderly, workers, consumers and other groups. In a word, the focus of the comprehensive governance of Internet information service algorithm is not only the technical risk of the algorithm itself, but also to prevent the unreasonable application of the algorithm from affecting the normal communication order, market order and social order.

The comprehensive governance of Internet information service algorithm focuses on curing both the symptoms and the root causes, and the key is to build and improve the algorithm security supervision system. The guidance on strengthening the Comprehensive Governance of Internet Information Service algorithms issued by the State Internet Information Office and other nine ministries defines the algorithm security supervision system and stipulates four measures: algorithm filing, algorithm supervision and inspection, algorithm risk monitoring, and algorithm security evaluation. Among them, algorithm filing is the starting point and cornerstone of algorithm security supervision; algorithm supervision and inspection and algorithm risk monitoring complement each other, inspection is on-site monitoring, monitoring is online inspection; algorithm security assessment is the exit, is the foothold of algorithm security supervision. The complexity of the algorithm itself and the concealment of algorithm security risks pose challenges to the implementation of various measures of the algorithm security supervision system. From an implementation point of view, the key to the implementation of these four measures is:

First, the algorithm filing work. The regulations require algorithm recommendation service providers with the attribute of public opinion or the ability of social mobilization to complete the algorithm filing procedures through the Internet information service algorithm filing system, and to indicate its filing number in the prominent position of the websites and applications that provide services. Algorithm filing is an important part of the algorithm security supervision system. The recommended algorithm filing work first needs to clarify the scope of the algorithm filing, that is, which algorithms need to be filed and what information of the algorithm needs to be filed. From the point of view of the purpose of filing "registration for reference", the filing information should cover the basic principle, purpose, intention and main operating mechanism of the algorithm recommendation service, including the data description, basic model, application scenario, service form, human intervention and so on. From the perspective of filing implementation, the algorithm filing work should take the Internet information services or functions perceived by users as the entrance, and record the algorithms that support the services or functions; the algorithm recommends the service provider as the responsible subject of the filing algorithm, responsible for completing the algorithm filing and ensuring the authenticity of the filing information. There are many kinds and forms of algorithms, which bring many difficulties to the algorithm filing work. the key to promoting the filing work is to take the algorithm and service as an organic whole, "taking the serv