book

Practical Fairness

by Aileen Nielsen

December 2020

Intermediate to advanced

343 pages

10h 42m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Goals of This BookPractical Notes on the BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
Fairness in Engineering Is an Old ProblemOur Fairness Problems NowCommunity NormsEquity and EqualitySecurityPrivacyLegal Responses to Fairness in TechnologyThe Assumptions and Approaches in This BookWhat If I’m Skeptical of All This Fairness Talk?Won’t Fairness Slow Down Innovation?Are There Any Real-World Consequences for Not Developing Fairness-Aware Practices?What Is Fairness?Rules to Code By
Metrics for FairnessMeasures of EquityMeasures of PrivacyMeasures of SecurityConnected ConceptsPrivacy and SecurityPrivacy and EquityEquality and SecurityAccuracy and FairnessAutomated Fairness?Checklist of Points of Entry for Fairness in the Data Science PipelineConcluding Remarks
Ensuring Data IntegrityTrue MeasurementsProportionality and Sampling TechniqueChoosing Appropriate DataEquityPrivacySecurityCase Study: Choosing the Right Question for a Data Set and the Right Data Set for a QuestionQuality Assurance for a Data Set: Identifying Potential DiscriminationA Timeline for Fairness InterventionsComprehensive Data-Acquisition ChecklistConcluding Remarks
Simple Pre-Processing MethodsSuppression: The BaselineMassaging the Data Set: RelabelingAIF360 PipelineLoading the DataFairness MetricsThe US Census Data SetSuppressionReweightingHow It WorksCode DemonstrationLearning Fair RepresentationsHow It WorksCode DemonstrationOptimized Data TransformationsHow It WorksCode DemonstrationFairness Pre-Processing ChecklistConcluding Remarks
The Basic IdeaThe Medical Data SetPrejudice RemoverHow It WorksCode DemonstrationAdversarial DebiasingHow It WorksCode DemonstrationIn-Processing Beyond AntidiscriminationModel SelectionConcluding Remarks
Post-Processing Versus Black-Box AuditingThe Data SetEquality of OpportunityHow It WorksCode DemonstrationCalibration-Preserving Equalized OddsHow It WorksCode DemonstrationConcluding Remarks
The Parameters of an AuditScoping: What Should We Audit?Black-Box AuditingRunning a Model Through Different CounterfactualsModel of the ModelAuditing Black-Box Models for Indirect InfluenceConcluding Remarks
Interpretation Versus ExplanationInterpretable ModelsGLRM: How It WorksCode DemonstrationExplainability MethodsSHAP and LIME: The Workhorses for Local Post Hoc ExplanationsData-Driven ExplanationExplainability MetricsWhat Interpretation and Explainability MissAttacks on Explainable Machine LearningInterpretation and Explanation ChecklistConcluding Remarks
Membership AttacksHow It WorksCode DemonstrationOther Privacy Problems and AttacksImportant Privacy TechniquesConcluding Remarks

Evasion AttacksHow It WorksCode DemonstrationDefending Against Adversarial AttacksSome Evasion Attack PackagesWhy Do Evasion Attacks Matter to You?Poisoning AttacksHow They WorkDefenses Against Poisoning AttacksSome Poisoning Attack PackagesWhy Do Poisoning Attacks Matter to You?Concluding Remarks
Reasonable ExpectationsExpectations of Moving TargetsClear CommunicationFiduciary ObligationsRespecting Traditional Spheres of Privacy and Private LifeValue CreationComplex SystemsThe Impact of the Product Life CycleThe Need for Record KeepingThe Need for ExpertsClear Security Promises and Delineated LimitationsReasonable Expectations of SecurityPossibility of Downstream Control and VerificationVerification Systems and ObligationsProduct Iteration TimelinesTracking Downstream UsersProducts That Work Better for Privileged PeopleDark PatternsFair Products ChecklistConcluding Remarks
Personal DataGDPRCalifornia Consumer Privacy ActData Broker LawsAlgorithmic Decision MakingGDPRProposed US Laws for AlgorithmsSecurityHIPAAFTC Guidance on CybersecurityTort LawLogical ProcessesRight to an ExplanationFreedom of Information LawsDue ProcessSome Application-Specific LawsBiometricsLocal Ordinances on Facial RecognitionChat BotsConcluding Remarks

Content preview from Practical Fairness

Chapter 9. ML Models and Privacy

Privacy is difficult to define and audit for. In the real world, organizations tend to opt for “good enough,” because as technology advances or as new data sets become available, data that was originally thought to be anonymized may no longer be anonymized. But taking reasonable privacy precautions with the technical tools available at a given point in time is clearly better than doing nothing. And in some cases, we already have technical tools that guarantee mathematically ensured degrees of privacy, and that’s even better because it provides a measure of future-proofing.

In addition to being a moving target because of evolving technical and mathematical knowledge, privacy is an evolving legal norm. For example, technical experts have pointed to the difficulties in fulfilling the requirements of emerging legal norms, such as the “right to be forgotten” in Europe that has been controlling law for some time and is now formalized in the GDPR. Several researchers have pointed out that technical implementations of the right to be forgotten may be different depending on what definition of that right and underlying motivation for that right are used to guide technical implementations.

Is the motivation for providing a right to be forgotten (more concretely, a right to data deletion), that all statements related to a given data set will be robust to a data point’s deletion? This is not entirely feasible, for example, if organizations have published aggregate ...