Robust ML Auditing using Prior Knowledge
This addresses a crucial yet underexplored issue in enforcing AI regulations, providing a foundational approach for robust fairness audits, though it is incremental in building on prior auditing concepts.
The paper tackles the problem of audit manipulation in AI regulation, where platforms can deceive regulators without affecting user interactions, by proposing a manipulation-proof auditing method that uses the auditor's prior knowledge of the task. The result includes formal conditions for preventing manipulation and experiments showing the maximum unfairness a platform can hide before detection.
Among the many technical challenges to enforcing AI regulations, one crucial yet underexplored problem is the risk of audit manipulation. This manipulation occurs when a platform deliberately alters its answers to a regulator to pass an audit without modifying its answers to other users. In this paper, we introduce a novel approach to manipulation-proof auditing by taking into account the auditor's prior knowledge of the task solved by the platform. We first demonstrate that regulators must not rely on public priors (e.g. a public dataset), as platforms could easily fool the auditor in such cases. We then formally establish the conditions under which an auditor can prevent audit manipulations using prior knowledge about the ground truth. Finally, our experiments with two standard datasets illustrate the maximum level of unfairness a platform can hide before being detected as malicious. Our formalization and generalization of manipulation-proof auditing with a prior opens up new research directions for more robust fairness audits.