Deepfakes, Phrenology, Surveillance, and More! A Taxonomy of AI Privacy Risks

View on arXiv ← Back to list

Authors: Hao-Ping Lee, Yu-Ju Yang, Thomas Serban von Davier, Jodi Forlizzi, Sauvik Das

Published: 2023-10-11 20:40:38+00:00

AI Summary

This paper develops a taxonomy of AI privacy risks by analyzing 321 documented AI privacy incidents. It identifies 12 high-level risks, showing how AI technologies either create entirely new privacy concerns or exacerbate existing ones, such as exposure risks from deepfake pornography and surveillance risks from data collection. The work highlights that current privacy-preserving AI/ML approaches only address a subset of these identified risks.

Abstract

Privacy is a key principle for developing ethical AI technologies, but how does including AI technologies in products and services change privacy risks? We constructed a taxonomy of AI privacy risks by analyzing 321 documented AI privacy incidents. We codified how the unique capabilities and requirements of AI technologies described in those incidents generated new privacy risks, exacerbated known ones, or otherwise did not meaningfully alter the risk. We present 12 high-level privacy risks that AI technologies either newly created (e.g., exposure risks from deepfake pornography) or exacerbated (e.g., surveillance risks from collecting training data). One upshot of our work is that incorporating AI technologies into a product can alter the privacy risks it entails. Yet, current approaches to privacy-preserving AI/ML (e.g., federated learning, differential privacy, checklists) only address a subset of the privacy risks arising from the capabilities and data requirements of AI.

Key findings
The study found that AI technologies significantly alter privacy landscapes, either by creating entirely new risks (e.g., deepfake generation leading to exposure and distortion) or exacerbating existing ones (e.g., large-scale surveillance due to data collection requirements). It concludes that current privacy-preserving AI/ML methods are inadequate, addressing only a fraction of the identified AI-specific privacy risks, underscoring the need for AI-specific design guidance.
Approach
The authors constructed a taxonomy of AI privacy risks by systematically analyzing 321 documented AI privacy incidents from the AIAAIC repository. They categorized how AI capabilities and requirements either newly created risks, exacerbated existing ones, or did not change them, using Solove's 2006 privacy taxonomy as a baseline.
Datasets
AI, Algorithmic, and Automation Incident and Controversy (AIAAIC) repository
Model(s)
UNKNOWN
Author countries
United States, United Kingdom
← Previous
Next →