InvBERT: Reconstructing Text from Contextualized Word Embeddings by inverting the BERT pipeline
This reveals a critical security flaw for digital humanities researchers relying on Derived Text Formats to bypass copyright restrictions.
The paper tackles the problem of reconstructing original copyrighted text from contextualized word embeddings (like BERT) used in Derived Text Formats, showing that under certain conditions, reconstruction is feasible with accuracy sufficient to violate copyright laws.
Digital Humanities and Computational Literary Studies apply text mining methods to investigate literature. Such automated approaches enable quantitative studies on large corpora which would not be feasible by manual inspection alone. However, due to copyright restrictions, the availability of relevant digitized literary works is limited. Derived Text Formats (DTFs) have been proposed as a solution. Here, textual materials are transformed in such a way that copyright-critical features are removed, but that the use of certain analytical methods remains possible. Contextualized word embeddings produced by transformer-encoders (like BERT) are promising candidates for DTFs because they allow for state-of-the-art performance on various analytical tasks and, at first sight, do not disclose the original text. However, in this paper we demonstrate that under certain conditions the reconstruction of the original copyrighted text becomes feasible and its publication in the form of contextualized token representations is not safe. Our attempts to invert BERT suggest, that publishing the encoder as a black box together with the contextualized embeddings is critical, since it allows to generate data to train a decoder with a reconstruction accuracy sufficient to violate copyright laws.