Rozita Dara

Sonal Allana, Mohan Kankanhalli, Rozita Dara

Explainable Artificial Intelligence (XAI) has emerged as a pillar of Trustworthy AI and aims to bring transparency in complex models that are opaque by nature. Despite the benefits of incorporating explanations in models, an urgent need is found in addressing the privacy concerns of providing this additional information to end users. In this article, we conduct a scoping review of existing literature to elicit details on the conflict between privacy and explainability. Using the standard methodology for scoping review, we extracted 57 articles from 1,943 studies published from January 2019 to December 2024. The review addresses 3 research questions to present readers with more understanding of the topic: (1) what are the privacy risks of releasing explanations in AI systems? (2) what current methods have researchers employed to achieve privacy preservation in XAI systems? (3) what constitutes a privacy preserving explanation? Based on the knowledge synthesized from the selected studies, we categorize the privacy risks and preservation methods in XAI and propose the characteristics of privacy preserving explanations to aid researchers and practitioners in understanding the requirements of XAI that is privacy compliant. Lastly, we identify the challenges in balancing privacy with other system desiderata and provide recommendations for achieving privacy preserving XAI. We expect that this review will shed light on the complex relationship of privacy and explainability, both being the fundamental principles of Trustworthy AI.

Sonal Allana, Rozita Dara, Xiaodong Lin et al.

Explainable Artificial Intelligence (XAI) is a crucial pathway in mitigating the risk of non-transparency in the decision-making process of black-box Artificial Intelligence (AI) systems. However, despite the benefits, XAI methods are found to leak the privacy of individuals whose data is used in training or querying the models. Researchers have demonstrated privacy attacks that exploit explanations to infer sensitive personal information of individuals. Currently there is a lack of defenses against known privacy attacks targeting explanations when vulnerable XAI are used in production and machine learning as a service system. To address this gap, in this article, we explore Privacy Enhancing Technologies (PETs) as a defense mechanism against attribute inference on explanations provided by feature-based XAI methods. We empirically evaluate 3 types of PETs, namely synthetic training data, differentially private training and noise addition, on two categories of feature-based XAI. Our evaluation determines different responses from the mitigation methods and side-effects of PETs on other system properties such as utility and performance. In the best case, PETs integration in explanations reduced the risk of the attack by 49.47%, while maintaining model utility and explanation quality. Through our evaluation, we identify strategies for using PETs in XAI for maximizing benefits and minimizing the success of this privacy attack on sensitive personal information.

Hassan Khan, Jason Ceci, Jonah Stegman et al.

Personal Identification Numbers (PINs) are widely used as an access control mechanism for digital assets (e.g., smartphones), financial assets (e.g., ATM cards), and physical assets (e.g., locks for garage doors or homes). Using semi-structured interviews (n=35), participants reported on PIN usage for different types of assets, including how users choose, share, inherit, and reuse PINs, as well as behaviour following the compromise of a PIN. We find that memorability is the most important criterion when choosing a PIN, more so than security or concerns of reuse. Updating or changing a PIN is very uncommon, even when a PIN is compromised. Participants reported sharing PINs for one type of asset with acquaintances but inadvertently reused them for other assets, thereby subjecting themselves to potential risks. Participants also reported using PINs originally set by previous homeowners for physical devices (e.g., alarm or keypad door entry systems). While aware of the risks of not updating PINs, this did not always deter participants from using inherited PINs, as they were often missing instructions on how to update them. %While aware of the risks of not updating PINs, participants continued using these PINs, as they were often missing instructions on how to update them.Given the expected increase in PIN-protected assets (e.g., loyalty cards, smart locks, and web apps), we provide suggestions and future research directions to better support users with multiple digital and non-digital assets and more secure human-device interaction when utilizing PINs.