Consent in the Age of AI (Part 1)
7 min read
The first time I seriously considered using artificial intelligence in my professional work, the answer was already decided.
No.
The decision was not mine to make. At the time, I was working on federal projects with significant security and compliance requirements. Public large language models (LLMs) were prohibited. That meant that we couldn't paste source code into prompts, upload documentation, or use project artifacts as context for retrieval systems. Even projects built largely upon open-source software were subject to the same restrictions. While developers across the industry were experimenting with AI-assisted coding, summarization, and research, our path was considerably narrower. The technology was simply too new, and too many questions remained unanswered.
At the time, I viewed those restrictions primarily as a security matter. That was certainly how most discussions were framed. Once information leaves a system, control becomes difficult to maintain. Data can be copied, logged, replicated, retained, backed up, and transferred in ways that are not always visible to the person who originally submitted it. A vendor might truthfully state that information would not be used for model training while still leaving dozens of important questions unresolved. Where would the data be stored? Who would have access to it? How long would it remain? What protections existed against misuse? These were practical questions, and they deserved practical answers.
Yet over time I began to notice something interesting. Security perspectives explained much of the concern, but not all of it. Compliance perspectives explained some of it. Risk management perspectives explained some of it. Data governance perspectives explained some of it. Each framework illuminated part of the picture, yet none seemed capable of explaining why the issue felt important even in situations where no obvious harm existed. A public document submitted to an AI system might contain no secrets, and an open-source repository might contain no protected information. A conference presentation might already be available to anyone willing to watch it online. The discomfort remained.
That lingering discomfort eventually led me to a question I had not considered before. What exactly was I trying to protect?
At first glance, the answer seemed obvious. I was trying to protect information. Information is, after all, what security professionals spend their careers protecting. We build controls around it. We classify it. We encrypt it. We audit access to it. Entire industries exist because information can be valuable, sensitive, dangerous, or confidential. The more I reflected on the issue, the less convinced I became that information itself was the real concern. Information is rarely important in isolation. What gives information meaning is its connection to people.
A medical record matters because it belongs to a patient. A financial record matters because it belongs to a person, a family, or an organization. A private conversation matters because it exists within a relationship. Even seemingly mundane information acquires significance through its connection to human lives. Once I began viewing the problem through that lens, the conversation changed. The issue was no longer merely about data. It was about responsibility toward the people connected to that data.
That distinction may seem subtle, but I believe it matters. Most of us learn the concept of consent long before we learn anything about artificial intelligence. We learn it in relationships, friendships, and families. We learn it whenever another person trusts us with something that belongs to them. Sometimes that trust involves information. Sometimes it involves vulnerability, physical possessions, private thoughts, or personal boundaries. The details vary, yet the underlying principle remains the same. Healthy relationships require us to recognize that other people possess agency independent of our desires.
When a friend shares something in confidence, most of us instinctively understand that the conversation carries obligations. The words themselves may not be secret in any formal sense. There may be no contract governing their use and no law may prohibit repeating them. Even still, we recognize that sharing them would constitute a violation of trust. The problem would not be that information moved from one place to another; the problem would be that we disregarded the wishes of the person who entrusted us with it.
That observation led me to reconsider many of the conversations surrounding artificial intelligence. Discussions about AI frequently begin with ownership. Who owns the data? Who owns the output? Who owns the model? Who owns the rights to a photograph, a book, a voice recording, or a software project? Those questions are important, and society will spend many years debating them. At the same time, ownership seemed increasingly incapable of explaining the discomfort I felt. Ownership describes transactions, rights, and permissions. What it struggles to describe is the human experience that exists behind those things.
Consider a photograph. Most conversations about photographs focus on the image itself. Who took it? Who owns it? Who may publish it? Who may profit from it? Those questions matter, but they often obscure something deeper. A photograph is rarely important because it is a collection of pixels. It matters because it depicts a person, preserves a memory, captures a moment, or documents a relationship. The image has value because human beings give it value.
The same pattern appears elsewhere. A blog post is not merely text; it is the product of someone's labor, experience, and reflection. A software project is not merely source code; it represents countless hours of learning, experimentation, failure, frustration, and growth. A voice recording is not merely audio data; it is connected to a person whose life extends far beyond the recording itself. The artifact is visible. The human being behind it is easier to overlook.
Artificial intelligence has a remarkable ability to accelerate that separation. A photograph becomes image data, a voice recording becomes a sample, a body of writing becomes a statistical pattern, and a collection of experiences becomes a dataset. None of these descriptions are technically wrong. In fact, they may be entirely accurate from a computational perspective. Something important disappears when we begin speaking this way. The person gradually fades from view while the artifact remains.
I do not believe this happens because people are malicious. More often, it happens because usefulness is persuasive. A photograph is useful. A voice recording is useful. An article is useful. Source code is useful. Data are useful. Once usefulness becomes the primary lens through which we evaluate something, it becomes remarkably easy to focus on what can be extracted rather than on whom it belongs to. The question shifts from "How should I treat this person?" to "What can I do with this resource?" The change is subtle enough that we may not even notice it happening.
That shift, I have come to believe, lies at the heart of many debates about AI. The technology itself is fascinating. The capabilities are impressive. The potential benefits are enormous. Yet beneath the technical discussions, legal arguments, and business incentives lies a much older human question. It is a question that predates computers, the internet, and artificial intelligence by thousands of years. It is the question of what happens when our desire to benefit from another person begins to eclipse our obligation to respect them.