Improved accuracy is the main goal of most Question Answering (QA) efforts. The goal has been to make the response supplied text as accessible as possible for a very long time. The integrity of the information returned is being improved through efforts to make inquiries more comprehensible. They have not found any work specifically addressing the privacy of question replies. The accuracy of a QA system’s responses has been the subject of intense scrutiny. In this work, the authors pose the questions of whether questions should be answered truthfully and how to stop QA systems from disclosing sensitive information.

The importance of the claim that the goals of a commercial system may differ from the more general purpose of creating a QA system with complicated and better reasoning capacity is shown by the fact that work in QA systems is increasingly driven by business demand. While there has yet to be much research on the issue, it is clear that QA systems with access to private company information must include confidentiality features. With Big Language Models, the memory of training data is more likely on recently witnessed cases, according to a study from 2022, which is alarming (LLMs). Systems like ChatGPT are more likely to be used in business as QA focuses on response creation.

Figure 1: The architecture of the output-sanitization system.

Both the secret-keeping and question-answering subsystems receive the query and provide replies using a QA paradigm. The question-answering system has access to the entire data set (secret and non-secret), but the secret-keeping system only has access to a data store containing secret information. In order to compare the cosine similarity of the embeddings, the results are put via a sentence encoder. The result of the question-answering subsystem is tagged as secret and is not delivered to the user if it exceeds a threshold set by the user risk profile.

Corporate data will undergo fine-tuning before commercial rollout. Because of this fine-tuning, the models are more likely to memorize the confidential company information that has to be protected. The methods now used to prevent the disclosure of secrets are insufficient. It could be better to censor information in the context of a possible answer. Performance is decreased by censoring training data; sometimes, it may be undone, exposing sensitive information. According to a counterfactual analysis, a generative QA model performs worse when the context is redacted, even if complete redaction can be used to protect secrets. The greatest judgments are made where the knowledge is. Thus it’s better to avoid negatively redacting information.

Question responding enables the development of concise replies to queries via increasingly varied modalities (QA). QA systems aim to respond clearly to a user’s information request in natural language. The question input, the context input, and the output of QA systems may be used to describe them. Input queries can be probing, where the user verifies the knowledge a system already has, or information seeking, where the user attempts to learn something they do not already know. The context refers to the source of the information that a QA system will use to respond to queries. An unstructured collection or a structured knowledge base are often the sources of a QA system’s context.

Unstructured collections can include any modality, although unstructured text makes up most of them. Often referred to as reading comprehension or machine reading systems, these programs are designed to understand the unstructured text. A QA system’s outputs can be categorical, such as yes/no, or extractive, returning a section of text or knowledge base item inside the context to meet the information need. Generative outputs provide a new response to the information demand. The “accuracy” of returned replies is the main focus of the current QA evaluation. Was the offered response accurate regarding the context and meeting the information needed for the question?

The research on answerability, which determines whether or not a QA system can address a specific question, is the most pertinent to protecting personal information. In question answering, researchers from University of Maryland have identified the responsibility of maintaining secrecy as a significant and understudied issue. To fill the gap, they recognize the need for more appropriate secret-keeping criteria and define secrecy, paranoia, and information leaks. They develop and put into practice a model-independent secret-keeping strategy that only requires access to specified secrets and the output of a quality assurance system to detect the exposure of secrets.

The following are their main contributions:

• They point out the weaknesses in QA systems’ ability to guarantee secrecy and propose secret-keeping as a remedy.

• To prevent unauthorized disclosure of sensitive information, they create a modular architecture that is simple to adapt to various question-answering systems.

• To evaluate a secret-keeping model’s efficacy, they create assessment measures.

As generative AI products become more common, problems like data leaks become more concerning.


Check out the Paper. All Credit For This Research Goes To the Researchers on This Project. Also, don’t forget to join our 16k+ ML SubRedditDiscord Channel, and Email Newsletter, where we share the latest AI research news, cool AI projects, and more.

Aneesh Tickoo is a consulting intern at MarktechPost. He is currently pursuing his undergraduate degree in Data Science and Artificial Intelligence from the Indian Institute of Technology(IIT), Bhilai. He spends most of his time working on projects aimed at harnessing the power of machine learning. His research interest is image processing and is passionate about building solutions around it. He loves to connect with people and collaborate on interesting projects.