Ethical AI in Sensitive Security Contexts

Artificial Intelligence (AI) is being increasingly adopted in high-stakes prediction applications to support, if not even drive, decision-making processes. But the dichotomy between progression and regression is drastically soft. The current technical risk landscape is indeed populated by a taxonomy of ethical concerns associated with the interpretability, fairness, and robustness of machine learning solutions. Predictive machine learning models can have (and have already have) serious consequences when their deployment touches human lives. There have been cases of criminals incorrectly denied parole, poor bail decisions leading to the release of dangerous people, or machine learning-based pollution models stating that highly polluted air was safe to breathe (Rudin, 2019). The aim of the PhD thesis is to establish a deeper understanding of the incorporation and operationalisation of ethics in AI across a range of defence and security contexts, with an emphasis on online child exploitation. Ethical machine learning is defined as to which is "(a) beneficial to, and respectful of, people and the environment (beneficence); (b) robust and secure (non-maleficence); (c) respectful of human values (autonomy); (d) fair (justice); and (e) explainable, accountable and understandable (explicability)." Taken together, these attributes aim to inform the topics of the PhD thesis in their convergence with the national security dimension. Focus is posed on the topics of interpretability, causality, and safety against adversarial attacks because of a number of reasons. Interpretable models in high-stakes prediction applications, should be always preferred, if possible, rather than "explained" black-box algorithms as discriminatory behaviours and operational fairness can be more easily debated and evaluated. Meanwhile, explaining black-boxes rather than replacing them with interpretable models, can lead to false or misleading characterisation of the model behaviour. Secondly, a central role in interpretable machine learning is played by causality-oriented methods, which aim to explore causality between features and predictions in observational data. This constitutes a fundamental step towards explaining predictions. Explainability however, is a "dual edged sword, which can also be leveraged by adversaries" (Rosenberg et al., 2020). Studies have shown that adversaries can, for instance, take advantage of explainable machine learning to bypass multi-feature types malware classifiers (Rosenberg et al., 2020). This is why careful consideration should be given to protect the model against adversarial attacks, especially if considering that high-stakes predictive applications largely operate with sensitive data. If we do not succeed at these efforts, it is possible that un-ethical machine learning models will be developed and deployed in highly sensitive production environments when it is not safe to do so. This may continue to lead to dangerous implications throughout our criminal justice systems and agencies involved in the protection of individuals from harm.