Robust ML Auditing using Prior Knowledge

• URL: http://arxiv.org/abs/2505.04796v2
• Date: Thu, 22 May 2025 22:08:20 GMT
• Title: Robust ML Auditing using Prior Knowledge
• Authors: Jade Garcia Bourrée, Augustin Godinot, Martijn De Vos, Milos Vujasinovic, Sayan Biswas, Gilles Tredan, Erwan Le Merrer, Anne-Marie Kermarrec,
• Abstract summary: Audit manipulation occurs when a platform deliberately alters its answers to a regulator to pass an audit without modifying its answers to other users.<n>This paper introduces a novel approach to manipulation-proof auditing by taking into account the auditor's prior knowledge of the task solved by the platform.
• Score: 3.513282443657269
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Among the many technical challenges to enforcing AI regulations, one crucial yet underexplored problem is the risk of audit manipulation. This manipulation occurs when a platform deliberately alters its answers to a regulator to pass an audit without modifying its answers to other users. In this paper, we introduce a novel approach to manipulation-proof auditing by taking into account the auditor's prior knowledge of the task solved by the platform. We first demonstrate that regulators must not rely on public priors (e.g. a public dataset), as platforms could easily fool the auditor in such cases. We then formally establish the conditions under which an auditor can prevent audit manipulations using prior knowledge about the ground truth. Finally, our experiments with two standard datasets illustrate the maximum level of unfairness a platform can hide before being detected as malicious. Our formalization and generalization of manipulation-proof auditing with a prior opens up new research directions for more robust fairness audits.

Related papers

• Revisiting Algorithmic Audits of TikTok: Poor Reproducibility and Short-term Validity of Findings [3.682493598086475]
  We study the drawbacks and generalizability of the existing sockpuppeting audits of TikTok recommender systems.<n>Our experiments also reveal that these one-shot audit findings often hold only in the short term.
  arXiv  Detail & Related papers  (2025-04-25T07:50:06Z)
• Are Users More Willing to Use Formally Verified Password Managers? [47.205801464292485]
  We design and implement two experiments to understand how formal verification impacts users.<n>We focus on the application domain of password managers since it has been documented that the lack of trust in password managers might lead to lower adoption.<n>We conclude that formal verification is seen as desirable by users and identify three actional recommendations to improve formal verification communication efforts.
  arXiv  Detail & Related papers  (2025-04-02T20:57:49Z)
• Auditing for Bias in Ad Delivery Using Inferred Demographic Attributes [50.37313459134418]
  We study the effects of inference error on auditing for bias in one prominent application: black-box audit of ad delivery using paired ads.<n>We propose a way to mitigate the inference error when evaluating skew in ad delivery algorithms.
  arXiv  Detail & Related papers  (2024-10-30T18:57:03Z)
• From Transparency to Accountability and Back: A Discussion of Access and Evidence in AI Auditing [1.196505602609637]
  Audits can take many forms, including pre-deployment risk assessments, ongoing monitoring, and compliance testing. There are many operational challenges to AI auditing that complicate its implementation. We argue that auditing can be cast as a natural hypothesis test, draw parallels hypothesis testing and legal procedure, and argue that this framing provides clear and interpretable guidance on audit implementation.
  arXiv  Detail & Related papers  (2024-10-07T06:15:46Z)
• Auditing Private Prediction [45.23153167486169]
  We study the privacy leakage of four private prediction algorithms: PATE, CaPC, PromptPATE and Private-kNN. Our experiments show that (i) the privacy analysis of private prediction can be improved, (ii) algorithms which are easier to poison lead to much higher privacyleakage, and (iii) the privacy leakage is significantly lower for adversaries without query control than thosewith full control.
  arXiv  Detail & Related papers  (2024-02-14T18:59:27Z)
• Under manipulations, are some AI models harder to audit? [2.699900017799093]
  We study the feasibility of robust audits in realistic settings, in which models exhibit large capacities. We first prove a constraining result: if a web platform uses models that may fit any data, no audit strategy can outperform random sampling. We then relate the manipulability of audits to the capacity of the targeted models, using the Rademacher complexity.
  arXiv  Detail & Related papers  (2024-02-14T09:38:09Z)
• The Decisive Power of Indecision: Low-Variance Risk-Limiting Audits and Election Contestation via Marginal Mark Recording [51.82772358241505]
  Risk-limiting audits (RLAs) are techniques for verifying the outcomes of large elections. We define new families of audits that improve efficiency and offer advances in statistical power. New audits are enabled by revisiting the standard notion of a cast-vote record so that it can declare multiple possible mark interpretations.
  arXiv  Detail & Related papers  (2024-02-09T16:23:54Z)
• Who Audits the Auditors? Recommendations from a field scan of the algorithmic auditing ecosystem [0.971392598996499]
  We provide the first comprehensive field scan of the AI audit ecosystem. We identify emerging best practices as well as methods and tools that are becoming commonplace. We outline policy recommendations to improve the quality and impact of these audits.
  arXiv  Detail & Related papers  (2023-10-04T01:40:03Z)
• Tight Auditing of Differentially Private Machine Learning [77.38590306275877]
  For private machine learning, existing auditing mechanisms are tight. They only give tight estimates under implausible worst-case assumptions. We design an improved auditing scheme that yields tight privacy estimates for natural (not adversarially crafted) datasets.
  arXiv  Detail & Related papers  (2023-02-15T21:40:33Z)
• Auditing Recommender Systems -- Putting the DSA into practice with a risk-scenario-based approach [5.875955066693127]
  European Union's Digital Services Act requires platforms to make algorithmic systems more transparent and follow due diligence obligations. These requirements constitute an important legislative step towards mitigating the systemic risks posed by online platforms. But the DSA lacks concrete guidelines to operationalise a viable audit process. This void could foster the spread of 'audit-washing', that is, platforms exploiting audits to legitimise their practices and neglect responsibility.
  arXiv  Detail & Related papers  (2023-02-09T10:48:37Z)
• Having your Privacy Cake and Eating it Too: Platform-supported Auditing of Social Media Algorithms for Public Interest [70.02478301291264]
  Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse. Prior studies have used black-box methods to show that these algorithms can lead to biased or discriminatory outcomes. We propose a new method for platform-supported auditing that can meet the goals of the proposed legislation.
  arXiv  Detail & Related papers  (2022-07-18T17:32:35Z)
• Algorithmic audits of algorithms, and the law [3.9103337761169943]
  We focus on external audits that are conducted by interacting with the user side of the target algorithm. The legal framework in which these audits take place is mostly ambiguous to researchers developing them. This article highlights the relation of current audits with law, in order to structure the growing field of algorithm auditing.
  arXiv  Detail & Related papers  (2022-02-15T14:20:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.