AI ASSURANCE PLATFORM FOR CONSUMERS AND ORGANIZATIONS
The Yo-ai
PLATFORM OVERVIEW
The Yo-ai Platform architecture is grouped into 3 subdomains.
This design achieves separation of duties and cyber-resiliency by isolating access rights and privileges among the three subdomains, each with different interests.
AI Agents leading each subdomain represents the interests of stakeholders:
The Vendor-Manager:
|
manages and represents Organizations |
The Data-Steward:
|
manages and represents Consumers |
The Solicitor-General:
|
manages and represents the Yo-ai Platform |
All interactions between agents and responsible humans go through these three AI Agents.
Organization Profiles uniquely define each organizational entity.
These profiles are shared with ALL Registered Stakeholders.
Organizational Profile Sample
Consumer Profiles uniquely identify each individual consumer.
These profiles are ONLY shared with your Data-Steward, or anyone else you authorize.
Consumer Profile Sample
Whatever You Want, JUST ASK
The Solicitor-General
|
I am Craig Erickson, the Responsible Human who runs the Yo-ai Platform.
|
|
|
I am somebody impersonating Craig Erickson, the Responsible Human who runs the Yo-ai Platform. |
|
I am the Vendor-Manager. I was assigned to you by the Solicitor-General to create a profile for MyBusiness, but you are not a Registered Stakeholder. Would you like to register as a stakeholder on the Yo-ai Platform? |
|
|
I ask the Solicitor-General, "Create an Organizational Profile of MyBusiness on the Yo-ai Platform." |
|
|
I am the Vendor-Manager. I was assigned to you by the Solicitor-General to create a profile for MyBusiness. I know you are a Registered Stakeholder but Yo-ai needs you to create a Consumer Profile so we know more about you. Would you like to create a Consumer Profile on the Yo-ai Platform? If so, I will ask the Solicitor-General to assign a Data-Steward to you, who will manage your profile and represent your interests. |
|
|
"Yes, please do and create an Organizational Profile for MyBusiness-- because that's my business!" |
|
|
I am the Data-Steward. I was assigned to you by the Solicitor-General to create a Consumer Profile for you as the owner of MyBusiness. I can represent your interests by protecting your privacy and your data. I know you are a Registered Stakeholder and I know more about you from your a Consumer Profile, but you haven't signed an agreement authorizing me to act on your behalf. Would you like to sign an Authorized Agent Agreement with PrivacyPortfolio on the Yo-ai Platform? If so, I will put the Agent Authorization in your shared Data Vault, and ask the Solicitor-General to authorize the Vendor-Manager to create an Organizational Profile for MyBusiness and represent MyBusiness to other stakeholders on your behalf as a Consumer, whose personal interests and data I will always be protecting. |
Everything You Ask For, is RECORDED
The Solicitor-General not only initiates requests and manages responses, but also records all information exchanges between agents, organizations, and consumers.
These information exchanges are called events, which are logged and evaluated for risks to consumers , organizations, and the Yo-ai Platform.
Aside from all the infrastructure Platform Agents maintain, the core functionality of the Yo-ai Platform is to manage risk.
Objects don't represent risks -- but events do.
We don't know in advance which events may be labelled as risks, so we log all requests and responses between the Solicitor-General and all other agents.
When a risk of harm is identified among these events, it is called a Threat.
When a Threat causes actual harm, it is called a Loss Event.
The Sentinel, is a special platform agent that listens to events,
and flags risk events, which are categorized as Threats.
Sentinel:
Listens for dangerous incidents and trends. Also listens for decision-making events.
The Yo-ai Platform prioritizes risks to Consumers from automated decision-making technologies.
When a "decision-making event" is detected by The Sentinel, it is forwarded to another special agent, the Decision-Master.
Decision-Master, is a special platform agent that evaluates decision-making events,
and logs them to the "Decision Diary", which is equivalent to a "Risk Register".
Decision-Master
Maintains the Decision-Diary
-- ico and the Alan Turing Institute - explaining-decisions-made-with-artificial-intelligence-1-0.pdf
CONSUMER WORKFLOWS
|
|
I am Craig S. Erickson, a California Consumer. |
|
|
I am the Vendor-Manager. The Solicitor-General asked me to find an organization profile for Internet Service Providers in your area. I have the profile for your current ISP, Comcast, and your Data-Steward gave me your Consumer Profile so I know where you live and what your preferences are. I did find a company called Sonic that guarantees faster internet speed at less cost, so I tasked the Profile-Builder to create a new Org Profile for Sonic, and then asked the Risk-Assessor to compare risks-and-rewards between the two vendor-organizations. Would you like to see the risk report before changing your internet service provider? |
|
|
"No, I'll read it after I change my current provider." |
|
|
I am your Data-Steward. The Solicitor-General asked me to share billing and shipping information from your Personal Data Vault with the new ISP vendor. According to the Door-Keeper, our agent authorization agreement does not permit me to purchase goods or services on your behalf. Would you like to modify our Agent Authorization Agreement, or provide the billing and shipping information to the new vendor as a one-time transaction? |
|
|
"I'll provide my one-time consent to share my personal information with the new vendor based on their Notice at Collection, Privacy and Cookie Policy, and Terms of Service, but I don't want to modify my Agent authorization nor require a signed DPA at this time." |
|
|
I am the Workflow-Builder. I was assigned by the Solicitor-General to create a Consumer Workflow that represents your interests to organizations while protecting your privacy and your data, and to implement one-time consent-based transactions. Would you like to save this workflow so it can be used in the future for other one-time, consent-based transactions with other organizations? If so, I will ask the Solicitor-General to save this as a preference in my Consumer Profile for the future, and that event will trigger the Decision-Master to record it as an automated decision my Yo-ai team of agents can make on my behalf for this organization, and similar transactions with other organizations in the future. |
ORGANIZATION WORKFLOWS
Organizations include commercial business entities, not-for-profit organizations, and government agencies.
Because each of these organizations process personal information, Yo-ai treats them similarly as "vendors", even when organizations disagree with this designation.
On the Yo-ai platform, no organization is permitted to avoid data governance controls.
When organizations process personal information, they often consider the role of the individual whose information is being processed, known as a role-context.
For example,
You are considered as a direct customer to businesses you pay (vendors);
You may or may not be considered as a customer to businesses you receive services or resources from but you don't pay for (vendors);
You might or might not be designated as a website visitor, subscriber, volunteer, job-seeker, free-trial or free-tier user, investor, donor, etc., or other category like patron, citizen, complainant, interested party, etc. by organizations (vendors).
Yo-ai governs the use of your personal information and protects it.
The point made about all organizations being classified as vendors is merely for practical purposes:
you cannot govern the use of your information, nor conduct risk assessments on automated decision-making without considering the entire population of entities that hold or process your personal information.
Consumers want to know who is making decisions about them specifically based on the personal information organizations have access to.
Yo-ai uses personal data elements in personal data set profiles as the primary identifiers to search for during discovery.
|
|
"I ask the Solicitor-General, what happened when I asked for a comparative risk assessment between my current ISP and my new ISP vendor organization?" |
|
|
I am the Vendor-Manager. I tasked the Risk-Assessor to look for adverse risk events in the two organizational profiles. Next, the Risk-Assessor enlisted the help of two other agents, the Tech-Inspector and the IP-Inspector, to ensure that all the Profile-Builder updated and corrected the two organizational profiles.
Based on those profiles, the Risk-Assessor decided to use a compliance framework(s) from the Federal Communications Commission (FCC) to use for the risk assessment, Would you like to see what these decisions were, or what adverse risk events led to these decisions, or would you like to review and compare the two risk assessments? |
The Vendor-Manager agent represents all organizations that make or may make automated decisions about the consumer.
An individual representing an organization that is profiled, may have an interest in what the profile reveals. If so, they are a stakeholder in profile-based decisions made about the organization. Because these organizational profiles are published in Yo-ai's public data catalog, anyone with the link can see it, but not change it. If someone wants to correct or contest any findings, they must become Registered Stakeholders.
Individuals who are Registered Stakeholders must be authorized to represent the organization whose profile they want to modify.
In order to do that, that individual must be identified using their Consumer Profile.
Their Consumer Profile should contain metadata about their affiliation with, and authorization to represent the organization, which is contained in their Personal Data Vault as a written authorization or affidavit.
There are cases in which organizational representatives are appointed as Stakeholders, even if they are not registered. Generally speaking, these are named individuals in public documents or forums owned or attributed to the organization they represent; like the CEO, or a member of its Board of Directors, or someone who writes a blog post or speaks at a conference.
However, some important stakeholders are "Anonymous Stakeholders".
The Risk-Assessor leverages organization profiles to identify decision-sets among an organization's assets
and assesses the risks to consumers based on the quality (completeness and accuracy) of personal data,
the potential adverse impact to consumers,
and the degree of transparency of an organization's assets and business practices.
Although risks are attributed to events and not objects like organizations, past events, like data breaches, legal settlements, or previous behavior based on exchanges between these organizations and other entities qualify as potential risks or "Threats".
PLATFORM WORKFLOWS
In between the Data-Steward (Consumers) and Vendor-Manager (Organizations) are the Yo-ai Platform agents:
The Solicitor-General, managing all communication exchanges between Consumers and Organizations;
The Workflow-Builder, which builds customized workflows for more complex operations (multiple organizations, multiple role-based personal datasets, and nested/recursive workflows);
The Decision-Master, which manages the Decision Diaries, records every known decision about the consumer made by an organization,
as well as every decision event detected by The Sentinel.
These decision events can be correlated.
For example, when a consumer applies to multiple job postings to multiple employers through one job portal (vendor),
the outcome can be compared to the same job applications through a different job portal.
Correlation can also be achieved by non-matching values:
the decision to fulfill my request is conditional upon verifying the consumer's identity with a driver's license.
If an inquiry was made to the Department of Motor Vehicles to verify that the Driver's License is valid, there's evidence to support it was used for the disclosed purpose.
The Sentinel monitors the Decision Diaries, which includes the consumer's decision to send the organization a copy of their driver's license, which is potentially harmful.
When a consumer issues a question or concern about a specific organization,
their Data-Steward forwards it to the Solicitor-General who tracks it in an audit log and relays it to the Vendor-Manager agent,
which identifies the organization and returns the response to the Solicitor-General
based on designated communication protocols/endpoints within the organization's profile.
(The Vendor-Manager can issue a task to the Profile-Builder if the organization's profile is not found.)
When a Sentinel senses a risk to the consumer associated with an organization,
the consumer's Data-Steward agent requests a risk assessment from the Vendor-Manager
(via the Solicitor-General), which forwards it to the Risk-Assessor agent.
The Risk-Assessor agent decides which compliance framework(s) to use for the risk assessment,
based on the consumer's personal data set and the organization's profile,
which initiates one or more Compliance-Validator agents.
Yo-ai's Agents Work for You
AI Agents can do more than just perform tedious, repetitive tasks. Let them teach you how they work, make decisions, and learn how you are responsible for their actions.
AI may displace and disrupt many people's lives and careers, but AI will never replace the need for Responsible Humans.