Thursday, March 22, 2018

What should guide 'Algorithmic Auditing' in theory and in practice?

In response to how "algorithmic bias" has been suddenly thrust upon the national agenda with the publication of books like Noble's Algorithms of Oppression and O'Neil's Weapons of Math Destruction, calls for transparency and accountability are pronounced almost as a knee-jerk reflex.

Transparency, in this context mainly referring to private corporations with black-box proprietary algorithms being required to open their source code and let outsiders view those decision-making formulas, quite simply is never going to happen on a grand enough scale to matter.  Ask Google to let the world see its search algorithm, or Netflix to open up its hood and allow us to see how it recommends new shows and movies, and see how far you get.  It would be like asking Coca Cola to publish its secret recipe in Reader's Digest.

From a regulatory perspective, requiring a high-level of algorithmic transparency is not - and probably never was - a realistic approach.  And there's an additional major problem which is that just knowing an algorithm isn't even necessarily helpful because the specific data that feeds it is often the key factor in understanding its produced results.

On the other hand, calls for accountability are more intriguing.  Accountability, in this context referring mainly to those private corporations being penalized in some way for the most egregious examples of algorithmic bias, focuses on outputs.  For instance, regulators may not need to actually see Google's algorithm in order to determine that there's something horribly wrong with a search for the phrase "three black teenagers" resulting in images of mugshots while, simultaneously, a search for "three white teenagers" resulting in images of smiling beachgoers.

If some type of penalty system were devised to hold corporations accountable for such outputs, the means of analysis would be "algorithmic auditing".  In fact, New York City is already pursuing this track with its newly created Algorithm Task Force.  But what should such an algorithmic audit actually look like?  What criteria should it use for scientific testing?

There are several categories of algorithmic audits.  In their paper, "Auditing Algorithms: Research Methods for Detecting Discrimination on Internet Platforms", the authors propose the follow taxonomy:

  • Code Audits - based on transparency, as described above
  • Noninvasive User Audits - surveying users about their interactions with the platform
  • Scraping Audits - issuing repeated queries to observe the results
  • Sock Puppet Audits - using automated software to inject false data into the platform
  • Crowdsourced/Collaborative Audits - using human testers to inject false data into the platform
Each of these types have their own pros and cons. Most likely, the characteristics of each specific case would warrant which type would be most appropriate to implement.

An alternative and, in my opinion, more useful and comprehensive framework for ensuring accountability through regulatory policy focuses on these five core principles as proposed by Diakopoulos and Friedler:

  • Responsibility - for any algorithmic system, there needs to be a person with the authority to deal with its adverse effects in a timely fashion.
  • Explainability - any decisions produced by an algorithmic system should be explainable to the people affected by those decisions.
  • Accuracy - sources of errors and uncertainty throughout an algorithm and its data sources need to be identified, logged, and benchmarked.
  • Auditability - algorithms need to include in their design a way that enables third parties to probe and review their behavior.
  • Fairness - all algorithms making decisions about individuals should be tested and evaluated for discriminatory effects.
The surest, and most likely, path forward is for governments to experiment with different policies pursuant to both transparency and accountability as they perform analysis of their own algorithms.  After all, this occurs in the public sector too, and some might argue on an even more consequential issues.  Government regulators should make strides to get their own house in order, learn valuable lessons, and then they'll hopefully be better prepared for the massive wave of resistance that they're certain to encounter when attempting to bring those regulatory proposals to the private sector.