Under manipulations, are some AI models harder to audit?
Keywords: algorithm audititng, robust methods, black-box audit, fairness, impossibility results, model capacity, rademacher complexity
TL;DR: We prove that under platform manipulations, AI models cannot be audited in black box more robustly than by random sampling.
Abstract: Auditors need robust methods to assess the compliance of web platforms with the law. However, since they hardly ever have access to the algorithm, implementation, or training data used by a platform, the problem is harder than a simple metric estimation. Within the recent framework of *manipulation-proof* auditing, we study in this paper the feasibility of robust audits in realistic settings, in which models exhibit large capacities. We first prove a constraining result: if a web platform uses models that may fit any data, no audit strategy---whether active or not---can outperform random sampling when estimating properties such as demographic parity. To better understand the conditions under which state-of-the-art auditing techniques may remain competitive, we then relate the *manipulability* of audits to the *capacity* of the targeted models, using the Rademacher complexity. We empirically validate these results on popular models of increasing capacities, thus confirming experimentally that large-capacity models, which are commonly used in practice, are particularly hard to audit robustly. These results refine the limits of the auditing problem, and open up enticing questions on the connection between model capacity and the ability of platforms to manipulate audit attempts.
Submission Number: 172
Loading