AI ETHICS IN NATIONAL SECURITY

Executive Summary

• Mission-first fit: Only deploy where the cost of error is acceptable and understood.
• Clear ownership: A RACI-L matrix prevents ethical diffusion and ensures actionability.
• Assurance evidence: Decisions must be backed by test artifacts, logs, and red-team findings.
• Human authority: Define HITL/HOTL roles and keep a real kill-switch with pre-rehearsed rollback.
• Ongoing monitoring: Shift-aware evaluation and subgroup calibration are non-optional.

Context & Problem Framing

“High stakes” is not a vibe; it’s a measurable harm model. We map use cases by consequence (strategic, legal, human) and controllability (time to intervene, reversibility). Systems that front-run human judgment or route kinetic effects demand stronger guarantees than advisory analytics. This framing turns abstract ethics into concrete gates.

MARA: A Working Frame

• Mission: What decision is supported, who is affected, and what alternative exists without AI?
• Accountability: Who is responsible, who is accountable, who is consulted, who is informed—and what is logged?
• Risk: What are FP/FN harms at operational base rates? What are adversarial and abuse risks?
• Assurance: What evidence shows the system is fit for purpose under shift and stress?

Data Governance & Provenance

• Lineage manifests: dataset IDs, hashes, licenses, collection conditions, and exclusions.
• PII hygiene: minimization and masking; legal bases documented; retention with TTLs.
• Documentation: model cards + system cards describing human workflow and limits.

{
  "dataset": "imagery_v5",
  "hash": "sha256:…",
  "license": "gov-owned",
  "pii_controls": ["face_blur"],
  "exclusions": ["schools", "hospitals"]
}

Development Lifecycle & Gates

1. Sandbox: offline evals, ablations, threat modeling.
2. Shadow mode: compare against human baseline; no operational impact.
3. Limited release: time-boxed, narrow population, SLOs + rollback rehearsed.
4. Operationalization: 24/7 on-call, dashboards, post-incident protocol, version pinning.

Evaluation Under Operational Priors

Confusion matrices are necessary; confusion costs are decisive. We weight FP/FN by mission harm and pick thresholds accordingly. We report reliability curves (calibration) per subgroup and use drift detectors to flag base-rate shifts. The goal is not a single AUC but a portfolio of stress results that survive contact with reality.

Red-Teaming & Safety Cases

• Threats: data poisoning, prompt/goal injection, sensor spoofing, targeted subgroup failure.
• Evidence: attach red-team reports to a safety case dossier with hazard analysis and residual risk acceptance signed by the accountable owner.

Runtime Controls & Logging

• Full decision trace (input → features → model/version → policy → human action).
• Override capture with rationale and authority level.
• Immutable, queryable logs supporting external audit.

{
  "ts":"2025-02-10T03:12Z",
  "model":"recce-v3.2",
  "ver":"a1b2c3",
  "score":0.91,
  "threshold":0.95,
  "action":"HITL escalate",
  "override":true,
  "by":"ops_412",
  "reason":"low-illumination edge case"
}

Incident Response & Learning

1. Declare severity; freeze model version; preserve evidence.
2. Root-cause (people, process, tech); assign corrective actions.
3. Update safety case; communicate to oversight; schedule follow-up eval.