Law and Adversarial Machine Learning
It addresses the legal challenges posed by adversarial ML attacks for society and ML researchers, but it is incremental as it applies existing laws without proposing new legal solutions.
The paper explores how existing legal frameworks, including computer crime, copyright, and tort law, might apply to adversarial machine learning attacks such as perturbation, poisoning, model stealing, and inversion, identifying which attacks are more likely to lead to liability. It concludes by urging ML researchers to develop transparent benchmarks, design systems for forensic analysis, and consider civil liberties implications.
When machine learning systems fail because of adversarial manipulation, how should society expect the law to respond? Through scenarios grounded in adversarial ML literature, we explore how some aspects of computer crime, copyright, and tort law interface with perturbation, poisoning, model stealing and model inversion attacks to show how some attacks are more likely to result in liability than others. We end with a call for action to ML researchers to invest in transparent benchmarks of attacks and defenses; architect ML systems with forensics in mind and finally, think more about adversarial machine learning in the context of civil liberties. The paper is targeted towards ML researchers who have no legal background.