On the relevance of APIs facing fairwashed audits

05/23/2023
by   Jade Garcia Bourrée, et al.
0

Recent legislation required AI platforms to provide APIs for regulators to assess their compliance with the law. Research has nevertheless shown that platforms can manipulate their API answers through fairwashing. Facing this threat for reliable auditing, this paper studies the benefits of the joint use of platform scraping and of APIs. In this setup, we elaborate on the use of scraping to detect manipulated answers: since fairwashing only manipulates API answers, exploiting scraps may reveal a manipulation. To abstract the wide range of specific API-scrap situations, we introduce a notion of proxy that captures the consistency an auditor might expect between both data sources. If the regulator has a good proxy of the consistency, then she can easily detect manipulation and even bypass the API to conduct her audit. On the other hand, without a good proxy, relying on the API is necessary, and the auditor cannot defend against fairwashing. We then simulate practical scenarios in which the auditor may mostly rely on the API to conveniently conduct the audit task, while maintaining her chances to detect a potential manipulation. To highlight the tension between the audit task and the API fairwashing detection task, we identify Pareto-optimal strategies in a practical audit scenario. We believe this research sets the stage for reliable audits in practical and manipulation-prone setups.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/27/2023

Formal Analysis of the API Proxy Problem

Implementing a security mechanism on top of APIs requires clear understa...
research
06/04/2023

Crypto-ransomware Detection through Quantitative API-based Behavioral Profiling

With crypto-ransomware's unprecedented scope of impact and evolving leve...
research
03/23/2023

gDoc: Automatic Generation of Structured API Documentation

Generating and maintaining API documentation with integrity and consiste...
research
09/17/2019

Enterprise API Security and GDPR Compliance: Design and Implementation Perspective

With the advancements in the enterprise-level business development, the ...
research
07/05/2023

Proxy Selection in Transitive Proxy Voting

Transitive proxy voting (or "liquid democracy") is a novel form of colle...
research
07/10/2020

Zur Benutzbarkeit und Verwendung von API-Dokumentationen

A good documentation is essential for a good usability of (security) API...
research
04/27/2023

Answering Uncertain, Under-Specified API Queries Assisted by Knowledge-Aware Human-AI Dialogue

Developers' API needs should be more pragmatic, such as seeking suggesti...

Please sign up or login with your details

Forgot password? Click here to reset