Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2018 Oct 15;376(2133):20180083.
doi: 10.1098/rsta.2018.0083.

Algorithms that remember: model inversion attacks and data protection law

Michael Veale  1 Reuben Binns  2 Lilian Edwards  3
Affiliations

Algorithms that remember: model inversion attacks and data protection law

Michael Veale et al. Philos Trans A Math Phys Eng Sci. .

Abstract

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around 'model inversion' and 'membership inference' attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation.This article is part of the theme issue 'Governing artificial intelligence: ethical, legal, and technical opportunities and challenges'.

Keywords: machine learning; model inversion; model trading; personal data.

PubMed Disclaimer

Conflict of interest statement

We declare we have no competing interests.

Figures

Figure 1.
Figure 1.
Model inversion and membership inference attacks.
See this image and copyright information in PMC

References

    1. Hildebrandt M. 2008. Profiling and the rule of law. Identity Inf. Soc. 1, 55–70. (10.1007/s12394-008-0003-1) - DOI
    1. Depreeuw S, de Vries K. 2016. Deliverable 3.11: profile transparency, trade secrets and intellectual property rights in OSNs. Brussels, Belgium: USEMP Project.
    1. Wachter S, Mittelstadt B, Floridi L. 2017. Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation. Int. Data Privacy Law 7, 76–99. (10.1093/idpl/ipx005) - DOI
    1. Edwards L, Veale M. 2017. Slave to the algorithm? Why a ‘right to an explanation’ is probably not the remedy you are looking for. Duke Law Technol. Rev. 16, 18–84. (10.31228/osf.io/97upg) - DOI
    1. Selbst AD, Powles J. 2017. Meaningful information and the right to explanation. Int. Data Privacy Law 7, 233–242. (10.1093/idpl/ipx022) - DOI

LinkOut - more resources