Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published September 21, 2022 | Version v1
Report Open

GRAIMATTER Green Paper: Recommendations for disclosure control of trained Machine Learning (ML) models from Trusted Research Environments (TREs)

  • 1. Division of Population Health and Genomics, School of Medicine, University of Dundee. & University of Glasgow
  • 2. Department of Mathematical Sciences, Durham University.
  • 3. Dundee Law School School of Humanities Social Sciences and Law, University of Dundee.
  • 4. Division of Population Health and Genomics, School of Medicine, University of Dundee, Dundee.
  • 5. Division of Population Health and Genomics, School of Medicine, University of Dundee.
  • 6. Department of Health and Social SciencesUniversity of the West of England, Bristol
  • 7. Department of Computer Science and Creative Technologies, University of the West of England, Bristol
  • 8. Department of Computer Engineering and Mathematics, Universitat Rovira i Virgili, Tarragona, Catalonia
  • 9. Public/patient advocate, University of Dundee, Dundee.
  • 10. Bristol Business School, University of the West of England, Bristol
  • 11. Leverhulme Research Centre for Forensic Science, School of Science and Engineering, University of Dundee.
  • 12. NHS National Services Scotland.

Description

TREs are widely, and increasingly used to support statistical analysis of sensitive data across a range of sectors (e.g., health, police, tax and education) as they enable secure and transparent research whilst protecting data confidentiality.

There is an increasing desire from academia and industry to train AI models in TREs. The field of AI is developing quickly with applications including spotting human errors, streamlining processes, task automation and decision support. These complex AI models require more information to describe and reproduce, increasing the possibility that sensitive personal data can be inferred from such descriptions. TREs do not have mature processes and controls against these risks. This is a complex topic, and it is unreasonable to expect all TREs to be aware of all risks or that TRE researchers have addressed these risks in AI-specific training.

GRAIMATTER has developed a draft set of usable recommendations for TREs to guard against the additional risks when disclosing trained AI models from TREs. The development of these recommendations has been funded by the GRAIMATTER UKRI DARE UK sprint research project. This version of our recommendations was published at the end of the project in September 2022. During the course of the project, we have identified many areas for future investigations to expand and test these recommendations in practice. Therefore, we expect that this document will evolve over time. 

The GRAIMATTER DARE UK sprint project has also developed a minimal viable product (MVP) as a suite of attack simulations that can be applied by TREs and can be accessed here (https://github.com/AI-SDC/AI-SDC).

If you would like to provide feedback or would like to learn more, please contact Smarti Reel (sreel@dundee.ac.uk) and Emily Jefferson (erjefferson@dundee.ac.uk).

The summary of our recommendations for a general public audience can be found at  DOI: 10.5281/zenodo.7089514

Files

GRAIMATTER Green Paper.pdf

Files (3.1 MB)

Name Size Download all
md5:b60c6e016130119632c1a4643c773434
3.1 MB Preview Download

Additional details

Funding

Guidelines and Resources for AI Model Access from TrusTEd Research environments (GRAIMatter) MC_PC_21033
UK Research and Innovation