Please note: This PhD defence will take place in DC 3317 and online.
Nils Lukas, PhD candidate
David R. Cheriton School of Computer Science
Supervisor: Professor Florian Kerschbaum
Large-scale machine learning models such as ChatGPT rapidly transform how we interact with and trust digital media. However, the emergence of such a powerful technology faces a dual-use dilemma. While it can have many positive societal impacts in providing equitable access to information, deploying ML systems can also cause harm. For example, if it puts the privacy of individuals in its training data at risk because it has inadvertently memorized sensitive information. It could also be used to erode trust in digital media if it enables untrustworthy users to misuse the system to generate deepfakes, and misinformation or enhance the deceptiveness of online scams.
This thesis presents five projects to assess these risks to the privacy and security of ML systems and evaluates the reliability of known countermeasures. To do so, I assess the privacy risks of extracting Personally Identifiable Information from language models trained with (record-level) differential privacy. As a method of controlling misuse, I study the effectiveness and reliability of fingerprinting and watermarking methods to (i) detect the provenance of a model and (ii) detect any image generated by a watermarked ML system.