GRAIMATTER Green Paper: Recommendations for disclosure control of trained Machine Learning (ML) models from Trusted Research Environments (TREs)

Emily Jefferson (Lead / Corresponding author), Smarti Reel (Lead / Corresponding author), Alba Crespi Boixader, Maeve Roche, Esma Mansouri-Benssassi, Jillian Beggs, Antony Chuter, Christian Cole, Felix Ritchie, Angela Daly, Jim Smith, James Liley, Kerasidou Kerasidou, Francesco Tava, Andrew McCarthy, Richard Preen, Alberto Blanco-Justicia, Esma Mansouri-Benssassi, Josep Domingo-Ferrer, Simon RogersJim Smith

Research output: Book/ReportOther report

5 Downloads (Pure)

Abstract

TREs are widely, and increasingly used to support statistical analysis of sensitive data across a range of sectors (e.g., health, police, tax and education) as they enable secure and transparent research whilst protecting data confidentiality.

There is an increasing desire from academia and industry to train AI models in TREs. The field of AI is developing quickly with applications including spotting human errors, streamlining processes, task automation and decision support. These complex AI models require more information to describe and reproduce, increasing the possibility that sensitive personal data can be inferred from such descriptions. TREs do not have mature processes and controls against these risks. This is a complex topic, and it is unreasonable to expect all TREs to be aware of all risks or that TRE researchers have addressed these risks in AI-specific training.

GRAIMATTER has developed a draft set of usable recommendations for TREs to guard against the additional risks when disclosing trained AI models from TREs. The development of these recommendations has been funded by the GRAIMATTER UKRI DARE UK sprint research project. This version of our recommendations was published at the end of the project in September 2022. During the course of the project, we have identified many areas for future investigations to expand and test these recommendations in practice. Therefore, we expect that this document will evolve over time.

The GRAIMATTER DARE UK sprint project has also developed a minimal viable product (MVP) as a suite of attack simulations that can be applied by TREs and can be accessed here (https://github.com/AI-SDC/AI-SDC).

If you would like to provide feedback or would like to learn more, please contact Smarti Reel (sreel@dundee.ac.uk) and Emily Jefferson (erjefferson@dundee.ac.uk).

The summary of our recommendations for a general public audience can be found at DOI: 10.5281/zenodo.7089514
Original languageEnglish
Place of PublicationZenodo
PublisherDARE UK
Number of pages99
DOIs
Publication statusPublished - 21 Sep 2022

Keywords

  • cs.LG
  • cs.AI
  • cs.CR

Fingerprint

Dive into the research topics of 'GRAIMATTER Green Paper: Recommendations for disclosure control of trained Machine Learning (ML) models from Trusted Research Environments (TREs)'. Together they form a unique fingerprint.

Cite this