Tools for responsible decision-making in machine learning

Rastegarpanah, Bashir

03 March 2022

Machine learning algorithms are increasingly used by decision making systems that affect individual lives in a wide variety of ways. Consequently, in recent years concerns have been raised about the social and ethical implications of using such algorithms. Particular concerns include issues surrounding privacy, fairness, and transparency in decision systems. This dissertation introduces new tools and measures for improving the social desirability of data-driven decision systems, and consists of two main parts. The first part provides a useful tool for an important class of decision making algorithms: collaborative filtering in recommender systems. In particular, it introduces the idea of improving socially relevant properties of a recommender system by augmenting the input with additional training data, an approach which is inspired by prior work on data poisoning attacks and adapts them to generate `antidote data' for social good. We provide an algorithmic framework for this strategy and show that it can efficiently improve the polarization and fairness metrics of factorization-based recommender systems. In the second part, we focus on fairness notions that incorporate data inputs used by decision systems. In particular, we draw attention to `data minimization', an existing principle in data protection regulations that restricts a system to use the minimal information that is necessary for performing the task at hand. First, we propose an operationalization for this principle that is based on classification accuracy, and we show how a natural dependence of accuracy on data inputs can be expressed as a trade-off between fair-inputs and fair-outputs. Next, we address the problem of auditing black- box prediction models for data minimization compliance. For this problem, we suggest a metric for data minimization that is based on model instability under simple imputations, and we extend its applicability from a finite sample model to a distributional setting by introducing a probabilistic data minimization guarantee. Finally, assuming limited system queries, we formulate the problem of allocating a query budget to simple imputations for investigating model instability as a multi-armed bandit framework, for which we design efficient exploration strategies.

Computer science

Data minimization

Fairness

Privacy

Recommender systems

Responsible AI

The Wicked Problem of Privacy : Design Challenge for Crypto-based Solutions

Alaqra, Ala Sarah

January 2018

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are  a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature. We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions. / Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions. / <p>Paper 3 was included as manuscript in the thesis.</p>

Data privacy

wicked problems

user-centered design

crypto-based solutions

usability

data minimization

redactable signatures

Computer Sciences

Datavetenskap (datalogi)

Compliance with the General Data Protection Regulation: an exploratory case study on business systems’ adaptation / Medgörlighet med Dataskyddsförordningen: en undersökande fallstudie av affärssystems anpassning

Knutsson, Mikael

January 2017

Current moves into a heavily digitalized era has led to a phase where our privacy is being eroded as we hand over our personal data to organizations and their systems. At the same time, the applicable laws to give security to the individuals have failed to incorporate these legal developments. However, in April 2016 the European Union proposed a change to a new regulation called the General Data Protection Regulation (GDPR). The GDPR will be implemented and start to apply in May 2018, thus the main purpose of this study was to investigate how organizations can adapt to changing regulations on how personal data should be stored and managed, and what the key tension points are within specifically closed IT-systems. The goal of the GDPR and this study on its feature implementation is to guarantee the EU citizens their right to privacy. Through an exploratory case study involving an in-depth analysis of two closed IT-systems this study develops a broader understanding on how organizations should adapt their daily businesses in order to be fully compliant with the new bylaws. This study identifies four critical issues which are used to discuss how the new bylaws could affect the EU citizens’ privacy. To accomplish this and open up for further investigation within the field of data privacy laws - four different propositions to modifications were suggested. / Den aktuella övergången till en omfattande digitaliserad tid har lett till en fas där vår integritet går förlorad då vi överlämnar vår personliga information till organisationer och deras system. Samtidigt har de tillämpade datalagarna med syfte att skydda individen misslyckats med att införliva denna utveckling. Därför har den Europeiska Unionen i april 2016 föreslagit en förändring till en ny reglering som får namnet Dataskyddsförordningen. Dataskyddsförordningen kommer blir implementerad och börja gälla i maj 2018 och därav var huvudsyftet med den här studien att undersöka hur organisationer bör anpassa sig till de nya riktlinjerna för hur personlig information bör lagras och hanteras samt vilka spänningspunkterna är för slutna IT-system. Målet med Dataskyddsförordningen och vad den här studien beaktade i dess kommande utförande är att garantera EU-medborgare rätten till sin integritet. Genom att utföra en undersökande fallstudie innehållandes en djupgående analys av två slutna IT-system har den här studien bidragit med en bredare förståelse för hur organisationer bör anpassa sina dagliga verksamhet för att vara helt medgörliga med Dataskyddsförordningen. Studien har identifierat fyra kritiska problem som har legat till grund för att diskutera hur den nya förordningen kommer påverka EU-medborgarnas rätt till sin integritet. För att göra det möjligt samt öppna upp för framtida undersökningar inom ramen för dataskyddslagar föreslogs fyra förslag på generella förändringar.

Data protection laws

GDPR

privacy

the right to be forgotten

IT safety

data minimization

Media and Communication Technology

Medieteknik