The government often finds itself playing catch-up. With the evolution of generative artificial intelligence – a technology capable of creating text, images and other media using generative models – the need for policymakers to address AI, its capabilities and its potential impacts on government operations is growing by the day.
City & State spoke with state Sen. Tracy Pennycuick, a Republican from Montgomery County and chair of the state Senate Communications & Technology Committee, about the challenges related to AI and the public sector’s potential approach to regulating it.
The conversation has been edited for length and clarity.
How are AI and other technological advancements already being used in the government space?
We are at the beginning stages of getting a good sense of what is happening in state government. There is not an overall chief information officer for the government, which we would love to see, so there’s no cross-coordination of systems in cybersecurity or AI.
AI can be a huge positive for the government with the automation of process and utilization of predictive measures, but it has tremendous opportunity to be misused. We’re just trying to get a good sense of where the state is now, and then we are hoping to work with both the House and the governor to ensure that it will be used properly to protect our constituents’ information while making sure there’s no fraud, waste and abuse in state government.
What are your thoughts on Gov. Josh Shapiro’s executive order to establish an AI governing board and what do you hope can come out of that in the short term?
I think it’s a positive first step that he initiated an AI board. I think it’s great that we are starting to have these conversations because, as you can see, AI is growing exponentially every day. And if we don’t get our hands wrapped around it now, that train is going to be out of the station before we can catch up. We need to open those communications and we need to put guardrails in place so that consumers are being protected, AI is being used properly and also being identified as AI. We don’t want anyone to write a book that’s really AI-produced. We want to make sure that products that are created with AI are identified as such.
What is your message to government employees afraid AI or automation will replace them?
I don't believe that AI will replace humans in their jobs. I think it can enhance, streamline and improve a process, but at the end of the day, you need humans to make sure that everything is processed properly and that the function of that government agency is being held to the right standard. AI, in my opinion, is a tool in a toolbox – potentially for reducing waste and abuse and for helping people navigate the government system – but I do not believe that it will replace government employees.
What types of conversations have you had with your caucus leaders and/or committee members about AI and what priorities they have related to the issue?
The state of Pennsylvania has about 50,000 hits of individuals or bad actors trying to break into our databases in our systems per year. Cybersecurity is very, very important. We are assessing whether we can create an umbrella over all state agencies so that we have an even higher level of cybersecurity. We want to make sure that at the end of the day when you’re in the state of Pennsylvania, your constituency – your personal information, insurance information and medical records – that it’s all safe from being exploited.
Is there any legislation related to AI or technology regulation to look out for this session?
We have a couple of bills that will be coming out. One bill is specific to artificial intelligence and it would require a disclaimer on a product that is made by AI. I think that’s important for people to know so that someone’s not erroneously taking credit for something that was done with artificial intelligence.
The other cybersecurity piece that we’re looking at is a requirement for any state agency not to loan, give or sell the personal information of constituents. Sometimes that’s done inadvertently when you’re working with a contractor or a third-party entity. We want to make sure that people’s individual information is used only as it’s intended to be used and not sold or used for other data gathering or statistical use.