-
GRAIMATTER Green Paper: Recommendations for disclosure control of trained Machine Learning (ML) models from Trusted Research Environments (TREs)
Authors:
Emily Jefferson,
James Liley,
Maeve Malone,
Smarti Reel,
Alba Crespi-Boixader,
Xaroula Kerasidou,
Francesco Tava,
Andrew McCarthy,
Richard Preen,
Alberto Blanco-Justicia,
Esma Mansouri-Benssassi,
Josep Domingo-Ferrer,
Jillian Beggs,
Antony Chuter,
Christian Cole,
Felix Ritchie,
Angela Daly,
Simon Rogers,
Jim Smith
Abstract:
TREs are widely, and increasingly used to support statistical analysis of sensitive data across a range of sectors (e.g., health, police, tax and education) as they enable secure and transparent research whilst protecting data confidentiality. There is an increasing desire from academia and industry to train AI models in TREs. The field of AI is develo** quickly with applications including spott…
▽ More
TREs are widely, and increasingly used to support statistical analysis of sensitive data across a range of sectors (e.g., health, police, tax and education) as they enable secure and transparent research whilst protecting data confidentiality. There is an increasing desire from academia and industry to train AI models in TREs. The field of AI is develo** quickly with applications including spotting human errors, streamlining processes, task automation and decision support. These complex AI models require more information to describe and reproduce, increasing the possibility that sensitive personal data can be inferred from such descriptions. TREs do not have mature processes and controls against these risks. This is a complex topic, and it is unreasonable to expect all TREs to be aware of all risks or that TRE researchers have addressed these risks in AI-specific training. GRAIMATTER has developed a draft set of usable recommendations for TREs to guard against the additional risks when disclosing trained AI models from TREs. The development of these recommendations has been funded by the GRAIMATTER UKRI DARE UK sprint research project. This version of our recommendations was published at the end of the project in September 2022. During the course of the project, we have identified many areas for future investigations to expand and test these recommendations in practice. Therefore, we expect that this document will evolve over time.
△ Less
Submitted 3 November, 2022;
originally announced November 2022.
-
Preventing or Mitigating Adversarial Supply Chain Attacks; a legal analysis
Authors:
Kaspar Rosager Ludvigsen,
Shishir Nagaraja,
Angela Daly
Abstract:
The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attack…
▽ More
The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks and consider what their consequences may be going forward, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further vigilance may be what is necessary to consider these large threats, as national law tends to fail at properly regulating companies when it comes to cybersecurity.
△ Less
Submitted 6 August, 2022;
originally announced August 2022.
-
The Dangers of Computational Law and Cybersecurity; Perspectives from Engineering and the AI Act
Authors:
Kaspar Rosager Ludvigsen,
Shishir Nagaraja,
Angela Daly
Abstract:
Computational Law has begun taking the role in society which has been predicted for some time. Automated decision-making and systems which assist users are now used in various jurisdictions, but with this maturity come certain caveats. Computational Law exists on the platforms which enable it, in this case digital systems, which means that it inherits the same flaws. Cybersecurity addresses these…
▽ More
Computational Law has begun taking the role in society which has been predicted for some time. Automated decision-making and systems which assist users are now used in various jurisdictions, but with this maturity come certain caveats. Computational Law exists on the platforms which enable it, in this case digital systems, which means that it inherits the same flaws. Cybersecurity addresses these potential weaknesses. In this paper we go through known issues and discuss them in the various levels, from design to the physical realm. We also look at machine-learning specific adversarial problems. Additionally, we make certain considerations regarding computational law and existing and future legislation. Finally, we present three recommendations which are necessary for computational law to function globally, and which follow ideas in safety and security engineering. As indicated, we find that computational law must seriously consider that not only does it face the same risks as other types of software and computer systems, but that failures within it may cause financial or physical damage, as well as injustice. Consequences of Computational Legal systems failing are greater than if they were merely software and hardware. If the system employs machine-learning, it must take note of the very specific dangers which this brings, of which data poisoning is the classic example. Computational law must also be explicitly legislated for, which we show is not the case currently in the EU, and this is also true for the cybersecurity aspects that will be relevant to it. But there is great hope in EU's proposed AI Act, which makes an important attempt at taking the specific problems which Computational Law bring into the legal sphere. Our recommendations for Computational Law and Cybersecurity are: Accommodation of threats, adequate use, and that humans remain in the centre of their deployment.
△ Less
Submitted 1 July, 2022;
originally announced July 2022.
-
YASM (Yet Another Surveillance Mechanism)
Authors:
Kaspar Rosager Ludvigsen,
Shishir Nagaraja,
Angela Daly
Abstract:
Client-Side Scanning (CSS) see in the Child Sexual Abuse Material Detection (CSAMD) represent ubiquitous mass scanning. Apple proposed to scan their systems for such imagery. CSAMD was since pushed back, but the European Union decided to propose forced CSS to combat and prevent child sexual abuse and weaken encryption. CSS is mass surveillance of personal property, pictures and text, without consi…
▽ More
Client-Side Scanning (CSS) see in the Child Sexual Abuse Material Detection (CSAMD) represent ubiquitous mass scanning. Apple proposed to scan their systems for such imagery. CSAMD was since pushed back, but the European Union decided to propose forced CSS to combat and prevent child sexual abuse and weaken encryption. CSS is mass surveillance of personal property, pictures and text, without considerations of privacy and cybersecurity and the law. We first argue why CSS should be limited or not used and discuss issues with the way pictures cryptographically are handled and how the CSAMD preserves privacy. In the second part, we analyse the possible human rights violations which CSS in general can cause within the regime of the European Convention on Human Rights. The focus is the harm which the system may cause to individuals, and we also comment on the proposed Child Abuse Regulation. We find that CSS is problematic because they can rarely fulfil their purposes, as seen with antivirus software. The costs for attempting to solve issues such as CSAM outweigh the benefits and is not likely to change. The CSAMD as proposed is not likely to preserve the privacy or security in the way of which it is described source materials. We also find that CSS in general would likely violate the Right to a Fair Trial, Right to Privacy and Freedom of Expression. Pictures could have been obtained in a way that could make any trial against a legitimate perpetrator inadmissible or violate their right for a fair trial, the lack of any safeguards to protect privacy on national legal level, which would violate the Right for Privacy, and it is unclear if the kind of scanning could pass the legal test which Freedom of Expression requires. Finally, we find significant issues with the proposed Regulation, as it relies on techno-solutionist arguments and disregards knowledge on cybersecurity.
△ Less
Submitted 29 May, 2022;
originally announced May 2022.
-
Variational Autoencoders Without the Variation
Authors:
Gregory A. Daly,
Jonathan E. Fieldsend,
Gavin Tabor
Abstract:
Variational autoencdoers (VAE) are a popular approach to generative modelling. However, exploiting the capabilities of VAEs in practice can be difficult. Recent work on regularised and entropic autoencoders have begun to explore the potential, for generative modelling, of removing the variational approach and returning to the classic deterministic autoencoder (DAE) with additional novel regularisa…
▽ More
Variational autoencdoers (VAE) are a popular approach to generative modelling. However, exploiting the capabilities of VAEs in practice can be difficult. Recent work on regularised and entropic autoencoders have begun to explore the potential, for generative modelling, of removing the variational approach and returning to the classic deterministic autoencoder (DAE) with additional novel regularisation methods. In this paper we empirically explore the capability of DAEs for image generation without additional novel methods and the effect of the implicit regularisation and smoothness of large networks. We find that DAEs can be used successfully for image generation without additional loss terms, and that many of the useful properties of VAEs can arise implicitly from sufficiently large convolutional encoders and decoders when trained on CIFAR-10 and CelebA.
△ Less
Submitted 1 March, 2022;
originally announced March 2022.
-
When is Software a Medical Device? Understanding and Determining the 'Intention' and Requirements for Software as a Medical device in EU law
Authors:
Kaspar Rosager Ludvigsen,
Shishir Nagaraja,
Angela Daly
Abstract:
The role of software in society has changed drastically since the start of the 21st century. Software can now partially or fully facilitate anything from diagnosis to treatment of a disease, regardless of whether it is psychological or pathological, with the consequence of software being comparable to any other type of medical equipment, and this makes discovering when software must comply with su…
▽ More
The role of software in society has changed drastically since the start of the 21st century. Software can now partially or fully facilitate anything from diagnosis to treatment of a disease, regardless of whether it is psychological or pathological, with the consequence of software being comparable to any other type of medical equipment, and this makes discovering when software must comply with such rules vital to both manufacturers and regulators. In lieu of the Medical Device Regulation we expand on the idea of intention, and identify the criteria software must fulfil to be considered medical devices within EU-law.
△ Less
Submitted 24 February, 2022;
originally announced February 2022.
-
Constrained non-negative matrix factorization enabling real-time insights of $\textit{in situ}$ and high-throughput experiments
Authors:
Phillip M. Maffettone,
Aidan C. Daly,
Daniel Olds
Abstract:
Non-negative Matrix Factorization (NMF) methods offer an appealing unsupervised learning method for real-time analysis of streaming spectral data in time-sensitive data collection, such as $\textit{in situ}$ characterization of materials. However, canonical NMF methods are optimized to reconstruct a full dataset as closely as possible, with no underlying requirement that the reconstruction produce…
▽ More
Non-negative Matrix Factorization (NMF) methods offer an appealing unsupervised learning method for real-time analysis of streaming spectral data in time-sensitive data collection, such as $\textit{in situ}$ characterization of materials. However, canonical NMF methods are optimized to reconstruct a full dataset as closely as possible, with no underlying requirement that the reconstruction produces components or weights representative of the true physical processes. In this work, we demonstrate how constraining NMF weights or components, provided as known or assumed priors, can provide significant improvement in revealing true underlying phenomena. We present a PyTorch based method for efficiently applying constrained NMF and demonstrate this on several synthetic examples. When applied to streaming experimentally measured spectral data, an expert researcher-in-the-loop can provide and dynamically adjust the constraints. This set of interactive priors to the NMF model can, for example, contain known or identified independent components, as well as functional expectations about the mixing of components. We demonstrate this application on measured X-ray diffraction and pair distribution function data from $\textit{in situ}$ beamline experiments. Details of the method are described, and general guidance provided to employ constrained NMF in extraction of critical information and insights during $\textit{in situ}$ and high-throughput experiments.
△ Less
Submitted 1 April, 2021;
originally announced April 2021.
-
AI Ethics Needs Good Data
Authors:
Angela Daly,
S Kate Devitt,
Monique Mann
Abstract:
In this chapter we argue that discourses on AI must transcend the language of 'ethics' and engage with power and political economy in order to constitute 'Good Data'. In particular, we must move beyond the depoliticised language of 'ethics' currently deployed (Wagner 2018) in determining whether AI is 'good' given the limitations of ethics as a frame through which AI issues can be viewed. In order…
▽ More
In this chapter we argue that discourses on AI must transcend the language of 'ethics' and engage with power and political economy in order to constitute 'Good Data'. In particular, we must move beyond the depoliticised language of 'ethics' currently deployed (Wagner 2018) in determining whether AI is 'good' given the limitations of ethics as a frame through which AI issues can be viewed. In order to circumvent these limits, we use instead the language and conceptualisation of 'Good Data', as a more expansive term to elucidate the values, rights and interests at stake when it comes to AI's development and deployment, as well as that of other digital technologies. Good Data considerations move beyond recurring themes of data protection/privacy and the FAT (fairness, transparency and accountability) movement to include explicit political economy critiques of power. Instead of yet more ethics principles (that tend to say the same or similar things anyway), we offer four 'pillars' on which Good Data AI can be built: community, rights, usability and politics. Overall we view AI's 'goodness' as an explicly political (economy) question of power and one which is always related to the degree which AI is created and used to increase the wellbeing of society and especially to increase the power of the most marginalized and disenfranchised. We offer recommendations and remedies towards implementing 'better' approaches towards AI. Our strategies enable a different (but complementary) kind of evaluation of AI as part of the broader socio-technical systems in which AI is built and deployed.
△ Less
Submitted 14 February, 2021;
originally announced February 2021.
-
Artificial Intelligence Governance and Ethics: Global Perspectives
Authors:
Angela Daly,
Thilo Hagendorff,
Li Hui,
Monique Mann,
Vidushi Marda,
Ben Wagner,
Wei Wang,
Saskia Witteborn
Abstract:
Artificial intelligence (AI) is a technology which is increasingly being utilised in society and the economy worldwide, and its implementation is planned to become more prevalent in coming years. AI is increasingly being embedded in our lives, supplementing our pervasive use of digital technologies. But this is being accompanied by disquiet over problematic and dangerous implementations of AI, or…
▽ More
Artificial intelligence (AI) is a technology which is increasingly being utilised in society and the economy worldwide, and its implementation is planned to become more prevalent in coming years. AI is increasingly being embedded in our lives, supplementing our pervasive use of digital technologies. But this is being accompanied by disquiet over problematic and dangerous implementations of AI, or indeed, even AI itself deciding to do dangerous and problematic actions, especially in fields such as the military, medicine and criminal justice. These developments have led to concerns about whether and how AI systems adhere, and will adhere to ethical standards. These concerns have stimulated a global conversation on AI ethics, and have resulted in various actors from different countries and sectors issuing ethics and governance initiatives and guidelines for AI. Such developments form the basis for our research in this report, combining our international and interdisciplinary expertise to give an insight into what is happening in Australia, China, Europe, India and the US.
△ Less
Submitted 28 June, 2019;
originally announced July 2019.
