Alberta Machine Intelligence Institute

Meet Amii Fellow: Bailey Kacsmar | Amii

Published

Dec 13, 2023

Learn more about the research and work of Bailey Kacsmar, one of the latest Fellows to join Amii’s team of world-class researchers. Bailey is an assistant professor in the Department of Computing Science at the University of Alberta.

Her research focuses on development and evaluation of technical privacy solutions; including the use of privacy mechanisms for data analysis. She is currently focused on human-centered privacy-preserving machine learning.

Check out her conversation with Adam White, Amii’s Director of Scientific Operations, where she talks about the importance of protecting privacy in machine learning, the shifting legal landscape of privacy, and the problem of the "privacy paradox."

[This transcript has been edited for length and clarity. To see the expanded conversation, watch the video above.]


Adam White:
It's really nice to have you with us this morning Bailey. I'm really excited to talk to you about your research today, and welcome to Amii.

Bailey Kacsmar:

Thank you. I’m really glad to be here.

Adam White:

Okay, let's get into it and talk about your research.

Bailey Kacsmar:

Alright.

Adam White:

Just give me the 30-second or a minute-long elevator pitch about what your research is.

Bailey Kacsmar:

So with my work, I focus on ensuring that when we're building technical privacy systems for data analysis, which includes things like machine learning, we're being very cognizant of the human aspects of it. So we can build any number of technical systems, and we can make formal guarantees in terms of “we promise that with some probability this information will not go beyond anywhere we said it would be”.

But that still leaves the question of, does this make people any more comfortable with sharing their information or having it used in these ways? So kind, of piecing these two things together to develop better human-centred versions of these privacy protocols.

Adam White:

You said that with some probability we can guarantee this thing. Why can't we say with like absolute certainty? Is it like math reasons or is it something you can convey to us today?

Bailey Kacsmar:

So it depends on how you built the system. There are some things where we can guarantee no one's going to be able to get this information. So if we're using an information theoretic cryptography, we’re good. If we're relying on more conventional modern cryptography based on computational guarantees, our promise is based on “you don't have infinite computers” or “you don't have a quantum computer which would be a problem.” But in other cases, we're making statistical guarantees because we're using a statistical system.

Adam White:

What got you interested in your field? How did you end up in that field and why do you stay there?

Bailey Kacsmar:

Way back at the start, I kind of stumbled into cryptography specifically. I really enjoyed the mathematics of it and this was an applied useful setting for mathematics that could have real impact. It goes out into the universe. Whether we're aware of it or not, we are constantly interacting with systems using cryptography. And so that was really cool and once I got into that space I kind of ventured more into “okay, we're using these tools what are the privacy implications of them?” And I just kept asking more and more questions of how can we build these better for making an applied deployed system.

We need to be considering where it's going because whether we're able to make privacy guarantees in this kind of nice formal technical sense we like, is heavily dependent on how and where it's used. So I wanted to figure out how to make these systems in ways that it's easier to get them out to that end setting, where it's helping actual people or being used in actual organizations. Where there are less tripping hazards for where they can go wrong and not actually get those privacy guarantees.

Adam White:

That's awesome. And so if we look five or ten years into the future, where do you think your field is going? What is it gonna look like in five years that is gonna be different than it is now?

Bailey Kacsmar:

The field has been going through a lot of advancement. Back in 2015-2016, we saw Europe's GDPR. Recently we saw California's Consumer Protection Act come into play and they're currently making a new version here in Canada. We have the new bill C27 that's going through the process which improves privacy regulations, and so some of what we're seeing is research like from my space that helps guide those.

But we're also seeing more and more companies and organizations who are now seeing these laws and realizing they're gonna need to have to figure out how to ensure they're actually meeting the requirements of these new laws and regulations. So similar to what we saw in 2015 with GDPR where everyone got about a million emails saying here's our new privacy policy updates. With Canadian companies, we're starting to hear them be concerned about whether or not they can use AI systems in ways they're gonna be compliant with these new laws that are coming forth. Some of these companies are trying to be proactive about it, but others just really don't know what to do next. So they're coming to researchers and saying “how do we ensure we're being compliant with these, how can we do the things that we think we need to do in a way that still has these guarantees for our customers and clients?”

Adam White:

So, what is the most important problem in your field that hasn't been resolved yet?

Bailey Kacsmar:

in my assessment, the most important open problem right now is to what extent we can actually make concrete privacy guarantees when training a machine learning model. Because one of the things like that is kind of the great thing about using machine learning is we're able to take a bunch of data and we don't really understand all of its relationships, put it through whatever our algorithm of choices and either make inferences classifications or whatever.

But in privacy, we really like knowing what relationships are amongst data and so currently if you go to a security and privacy venue you're gonna see all these different papers being presented on attacks on privacy and machine learning because we just keep coming up with new ways to show that that information is not actually kind of locked in there. It's possible to learn things you don't want some adversarial entity to learn. and so we don't really have a concrete answer on where this could be or what guarantees we can't make.

And it's something that if we want to have machine learning be deployed in kind of really sensitive settings like for healthcare or health research, we have to solve that issue. And so with the kind of prolificness of machine learning on all these different disciplines and how popular it is for trying to deploy it right away because people get excited. I would call this the biggest issue just because if we don't solve it, it has so much risk for negative output.

Adam White:

just following up on that you know there's just a proliferation of people using ChatGPT for things. What do you think about you know all this interest in the healthcare space of trying to use pre-trained large language models like ChatGPT to help doctors work with doctors? Do you see any big issues with that?

Bailey Kacsmar:

I don't think I've seen enough of the cases of how they're trying to use ChatGPT in healthcare, or large language models. I would suspect it's going to be really dependent on both how those systems have been trained and how they're trying to be used. So, if they're trained on a bunch of information that I can tie back to other patients, obviously, that's bad.

If we're trying to just have ChatGPT or at a large language model make recommendations without kind of some sort of human doctor verifying it, that can be problematic. because, as we know ChatGPT and other large language models can say a lot of good things, but they're not always right. It's something we have to be really cautious of if it can impact people's lives and health.

Adam White:

Totally. So, people talk a lot about privacy and AI — how those things interact. What are some common misconceptions about that?

Bailey Kacsmar:

There is some aspect of it being an issue within privacy and privacy research in terms of motivation because while privacy sounds like a nice social good, one of the things that we often come up against is people bringing up what is known as the “privacy paradox.”

So, it's this argument that people don't actually care about privacy because they act against their needs and their privacy wishes all the time. But I kind of think that's a false dichotomy that we're making. For instance, go about your day and see how often you have to make decisions about agreeing to let your information go somewhere — whether it's accessing a webpage accessing your bank account to pay your bills, all these different things, and then just pick one of them and try to do it in a way where you're not having information go beyond that.

You will quickly see that one of the issues we have is not that people express that they want certain privacy aspects in their lives and how they interact with apps and devices and companies, but that is simply too hard and time-consuming for them to be going through each time. Even if you're saying “I don't want to share my cookies,” most of the time you have to go click through four different stages to just be like “Don't track me across the internet.” So, if you're busy and just trying to go about your life, it's just too hard. Even as someone who works in the privacy space, sometimes I'll be going and accessing my online banking account and I'm just like fine, take the cookies, I just need to pay this bill and then I have to go teach class.

This false perception that people don't care about privacy or that privacy doesn't matter when really it's just really really hard in the way our digital society has grown to have privacy protection over your data. It's really nice to hear how our research can actually matter in people's day-to-day lives and how it affects their decisions and what they do throughout their day. So, that's nice.

Adam White:

Thank you very much for joining us today. It was wonderful to hear about your research and I'm looking forward to working with you for years to come.

Bailey Kacsmar:

Thanks, it should be good!

Share