PhD Proposal: Mosaicing Prevention in Declassification
IRB IRB-4109
Abstract:
Multiple methods can be used to infer as-yet unrecorded information. However, this ability can place confidentiality at risk when some inferences, although correct, could cause harm. We therefore flip the problem, seeking not to enable but to prevent specific inferences. This inference prevention task is motivated by what has been called the "mosaicing" problem in declassification review for documents that, in the past, were withheld from public access for national security reasons. The goal of such a review is to reveal as much as can now be safely revealed but to also withhold things that could be used to infer facts that require continued protection. This problem is modeled using three primary components: (1) existing public knowledge (representing what is already publicly known), (2) a set of secrets (information not present in the public text that requires continuing protection), and (3) a review set (previously secret information now being reviewed for possible public release). The inference prevention task is to determine whether any information in the review set would substantially increase the risk of inference of any secret by any known technique. To accomplish this task, we first structure the problem in a knowledge graph and develop novel methods to generate redactions that prevent inference by a broad spectrum of state-of-the-art models. We next turn to interdiction in text, drawing inspiration from multi-hop question answering datasets and models to prevent inference of secrets in text. Finally, we propose a novel evaluation measure that provides deeper insight into not only the interdiction capabilities of our models but also weighs the scope of the redactions made, balancing the need to release information while protecting secrets.