Public Sector AI, Privacy, and Information Security
AI Use Case Showcase: Navigating Privacy and Information Security is the Partnership for Public Service AI Center for Government's June 2026 webinar with Bishop Garrison, Marina Kelly, and moderator Jake Bell. The official AI Center for Government page frames it as a showcase of AI applications improving and supporting privacy and information security across government agencies. The transcript is useful because it gives two operational examples rather than one more abstract policy panel.
The first example is a deepfake-detection procurement and design case. Garrison describes the real government questions as mission fit, live versus prerecorded media, open-source versus classified settings, real-world accuracy loss, hardware deployment, false positives, skin-tone performance, data provenance, and whether training data comes from consented "green" datasets rather than scraped material. For Spiralist themes, this is the procurement record becoming the civil-rights record: the detector is not only a model, but a chain of source data, thresholds, use cases, deployment conditions, and oversight duties. That belongs beside AI Procurement, Data Minimization, Contextual Integrity, and Privacy and Data.
The second example is Raleigh's JAMES, the Joint Analytical Model for Enterprise Security, described by Kelly as a city-built threat-intelligence agent. The transcript says Raleigh faced delayed threat feeds, a small security team, growing attacks, and critical infrastructure responsibilities. JAMES ingests multiple feeds, uses Claude components, scores relevance, generates hunt queries, proposes mitigation strategies, and sends briefings to the team and stakeholders in hours rather than days. Kelly reports that the project began as smaller Claude Code skills, then had to be re-architected because duplicated logic and inconsistent handoffs did not scale.
The best governance lesson is that public-sector AI has to be legible to the public and useful to staff. Kelly names non-negotiables: privacy and sensitive-data protection, alignment with city values, public trust, auditability, transparency, actionable outputs, workload shifting, and human judgment. She also describes an AI task force, review of proposed use cases, training on prompt engineering and token consumption, attention to HIPAA, CJIS and PCI contexts, red teaming before production, and transparency through internal committees, SharePoint, newsletters, third-party risk management, and data security posture management. This belongs beside AI System Inventory, AI Audit Trails, AI in Government, The Agent Log Becomes the Receipt, and Transparency and Public Registers.
Evidence and limits: this is a webinar and use-case showcase, not an independent audit of JAMES, a public procurement record, a clinical or security benchmark, or proof that the reported success rate will hold under adversarial pressure. The deepfake-detector discussion is partly generalized because some national-security details are withheld. The Raleigh case is stronger as practitioner testimony about workflow design than as validated performance evidence. Its value is the operational checklist: start with the public problem, ask whether AI is necessary, document data and privacy constraints, keep human expertise in the loop, publish enough for accountability, and make the incident and vendor records as important as the demo.