book

Practical Fairness

by Aileen Nielsen

December 2020

Intermediate to advanced

343 pages

10h 42m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Goals of This BookPractical Notes on the BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
Fairness in Engineering Is an Old ProblemOur Fairness Problems NowCommunity NormsEquity and EqualitySecurityPrivacyLegal Responses to Fairness in TechnologyThe Assumptions and Approaches in This BookWhat If I’m Skeptical of All This Fairness Talk?Won’t Fairness Slow Down Innovation?Are There Any Real-World Consequences for Not Developing Fairness-Aware Practices?What Is Fairness?Rules to Code By
Metrics for FairnessMeasures of EquityMeasures of PrivacyMeasures of SecurityConnected ConceptsPrivacy and SecurityPrivacy and EquityEquality and SecurityAccuracy and FairnessAutomated Fairness?Checklist of Points of Entry for Fairness in the Data Science PipelineConcluding Remarks
Ensuring Data IntegrityTrue MeasurementsProportionality and Sampling TechniqueChoosing Appropriate DataEquityPrivacySecurityCase Study: Choosing the Right Question for a Data Set and the Right Data Set for a QuestionQuality Assurance for a Data Set: Identifying Potential DiscriminationA Timeline for Fairness InterventionsComprehensive Data-Acquisition ChecklistConcluding Remarks
Simple Pre-Processing MethodsSuppression: The BaselineMassaging the Data Set: RelabelingAIF360 PipelineLoading the DataFairness MetricsThe US Census Data SetSuppressionReweightingHow It WorksCode DemonstrationLearning Fair RepresentationsHow It WorksCode DemonstrationOptimized Data TransformationsHow It WorksCode DemonstrationFairness Pre-Processing ChecklistConcluding Remarks
The Basic IdeaThe Medical Data SetPrejudice RemoverHow It WorksCode DemonstrationAdversarial DebiasingHow It WorksCode DemonstrationIn-Processing Beyond AntidiscriminationModel SelectionConcluding Remarks
Post-Processing Versus Black-Box AuditingThe Data SetEquality of OpportunityHow It WorksCode DemonstrationCalibration-Preserving Equalized OddsHow It WorksCode DemonstrationConcluding Remarks
The Parameters of an AuditScoping: What Should We Audit?Black-Box AuditingRunning a Model Through Different CounterfactualsModel of the ModelAuditing Black-Box Models for Indirect InfluenceConcluding Remarks
Interpretation Versus ExplanationInterpretable ModelsGLRM: How It WorksCode DemonstrationExplainability MethodsSHAP and LIME: The Workhorses for Local Post Hoc ExplanationsData-Driven ExplanationExplainability MetricsWhat Interpretation and Explainability MissAttacks on Explainable Machine LearningInterpretation and Explanation ChecklistConcluding Remarks
Membership AttacksHow It WorksCode DemonstrationOther Privacy Problems and AttacksImportant Privacy TechniquesConcluding Remarks

Evasion AttacksHow It WorksCode DemonstrationDefending Against Adversarial AttacksSome Evasion Attack PackagesWhy Do Evasion Attacks Matter to You?Poisoning AttacksHow They WorkDefenses Against Poisoning AttacksSome Poisoning Attack PackagesWhy Do Poisoning Attacks Matter to You?Concluding Remarks
Reasonable ExpectationsExpectations of Moving TargetsClear CommunicationFiduciary ObligationsRespecting Traditional Spheres of Privacy and Private LifeValue CreationComplex SystemsThe Impact of the Product Life CycleThe Need for Record KeepingThe Need for ExpertsClear Security Promises and Delineated LimitationsReasonable Expectations of SecurityPossibility of Downstream Control and VerificationVerification Systems and ObligationsProduct Iteration TimelinesTracking Downstream UsersProducts That Work Better for Privileged PeopleDark PatternsFair Products ChecklistConcluding Remarks
Personal DataGDPRCalifornia Consumer Privacy ActData Broker LawsAlgorithmic Decision MakingGDPRProposed US Laws for AlgorithmsSecurityHIPAAFTC Guidance on CybersecurityTort LawLogical ProcessesRight to an ExplanationFreedom of Information LawsDue ProcessSome Application-Specific LawsBiometricsLocal Ordinances on Facial RecognitionChat BotsConcluding Remarks

Content preview from Practical Fairness

Chapter 10. ML Models and Security

Security is not altogether separate from privacy, but in the context of this discussion, I approach security as a specific problem: when we release a model in which an adversary is able to make it behave in a way we did not anticipate. I speak broadly of adversarial attacks, for example, an adversary is able to engineer an incorrect classification with a specific incorrect target in mind.

In one example, merely rotating photographs of potentially cancerous lesions changed the results of a machine learning classification as to whether the image showed a cancerous lesion. As Beat Buesser pointed out at a PyCon UK presentation in 2018, rotating an image is hardly illegal, so this shows just how easily some machine learning algorithms can be gamed with legal and seemingly legitimate manipulations.

Importantly, this brief discussion of security aspects of machine learning in no way provides any sort of checklist for your own security considerations, for a number of reasons. First, security related to machine learning goes far beyond aspects of machine learning itself. For example, good data protection and cybersecurity measures are obviously a fundamental aspect of security for any machine learning product, and we make no discussion of these topics here. Secondly, these topics are quite complex and could themselves, even in the limited range of topics I discuss, easily turn into several books of material.

Security is also a more complex topic than ...