Stephen Casper of MIT CSAIL proposes using the Sarbanes-Oxley Act as a model for auditing and regulating AI

More than a couple of times, people have told me that the Sarbanes-Oxley Act is a historically interesting piece of legislation that can offer useful inspiration when thinking about AI governance. Yesterday I finally checked it out, and I see why people have recommended this. There are multiple things about it that parallel ways that AI could be governed. - It was passed following a mid-sized crisis after egregious company misconduct (by Enron). - It establishes an oversight authority -- the PCAOB. - It gives the PCAOB the power to make standards for how financial audits are conducted. - It requires companies submitting qualifying financial reports to designate a single person who the buck stops with. They are responsible for understanding, overseeing, and leading evaluations of internal controls for risks of fraud and mistakes. - It requires financial audits to be signed by that person, who must also report recent changes to company policies, deficiencies discovered in those policies, and weaknesses that could render the policies ineffective. - It poses criminal penalties for tampering with documents and for the designated officer signing off on audit reports that they know to be false. - It provides whistleblower protections. It is easy to imagine a very analogous bill for AI audits.