Black-Box Access is Insufficient for Rigorous AI Audits

• dc.contributor.author: Casper, Stephen
• dc.contributor.author: Ezell, Carson
• dc.contributor.author: Siegmann, Charlotte
• dc.contributor.author: Kolt, Noam
• dc.contributor.author: Curtis, Taylor Lynn
• dc.contributor.author: Bucknall, Benjamin
• dc.contributor.author: Haupt, Andreas
• dc.contributor.author: Wei, Kevin
• dc.contributor.author: Scheurer, Jérémy
• dc.contributor.author: Hobbhahn, Marius
• dc.contributor.author: Sharkey, Lee
• dc.contributor.author: Krishna, Satyapriya
• dc.contributor.author: Von Hagen, Marvin
• dc.contributor.author: Alberti, Silas
• dc.contributor.author: Chan, Alan
• dc.contributor.author: Sun, Qinyi
• dc.contributor.author: Gerovitch, Michael
• dc.contributor.author: Bau, David
• dc.contributor.author: Tegmark, Max
• dc.contributor.author: Krueger, David
• dc.contributor.author: Hadfield-Menell, Dylan
• dc.date.issued: 2024-06-03
• dc.identifier.isbn: 979-8-4007-0450-5
• dc.identifier.uri: https://hdl.handle.net/1721.1/155783
• dc.description: FAccT ’24, June 03–06, 2024, Rio de Janeiro, Brazil
• dc.description.abstract: External audits of AI systems are increasingly recognized as a key mechanism for AI governance. The effectiveness of an audit, however, depends on the degree of access granted to auditors. Recent audits of state-of-the-art AI systems have primarily relied on black-box access, in which auditors can only query the system and observe its outputs. However, white-box access to the system’s inner workings (e.g., weights, activations, gradients) allows an auditor to perform stronger attacks, more thoroughly interpret models, and conduct fine-tuning. Meanwhile, outside-the-box access to training and deployment information (e.g., methodology, code, documentation, data, deployment details, findings from internal evaluations) allows auditors to scrutinize the development process and design more targeted evaluations. In this paper, we examine the limitations of black-box audits and the advantages of white- and outside-the-box audits. We also discuss technical, physical, and legal safeguards for performing these audits with minimal security risks. Given that different forms of access can lead to very different levels of evaluation, we conclude that (1) transparency regarding the access and methods used by auditors is necessary to properly interpret audit results, and (2) white- and outside-the-box access allow for substantially more scrutiny than black-box access alone.
• dc.publisher: ACM|The 2024 ACM Conference on Fairness, Accountability, and Transparency
• dc.relation.isversionof: 10.1145/3630106.3659037
• dc.source: Association for Computing Machinery
• dc.type: Article
• dc.identifier.citation: Casper, Stephen, Ezell, Carson, Siegmann, Charlotte, Kolt, Noam, Curtis, Taylor Lynn et al. 2024. "Black-Box Access is Insufficient for Rigorous AI Audits."
• dc.contributor.department: Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
• dc.contributor.department: Massachusetts Institute of Technology. Department of Economics
• dc.contributor.department: Massachusetts Institute of Technology. Center for Collective Intelligence
• dc.contributor.department: Massachusetts Institute of Technology. Department of Physics
• dc.identifier.mitlicense: PUBLISHER_CC
• dc.eprint.version: Final published version
• dc.language.rfc3066: en