AI's next challenge: how to forget

Jun 03, 2024

Presented by

With help from Derek Robertson

The OpenAI logo on a mobile phone. | AP

As the new wave of artificial intelligence systems quickly comes under the microscope of law and policy, an intriguing question is becoming central: How does AI un-learn?

That might seem like a strange goal, considering the amount of energy dedicated to getting AI systems to learn faster and more efficiently, inhaling ever more information.

But the owners of that information also have a stake in what happens. With more publishers signing licensing deals with OpenAI, some have been asking what happens when arrangements expire — how outlets would go about taking back access, and whether it’s technically possible to erase traces of their editorial content from future queries.

Regulators in Europe, meanwhile, are looking to apply existing digital law to the new platforms, which could mean getting AI to “forget” information it has memorized about people.

So … is there a way to wipe what an AI system has already learned without training the model again from scratch? That’s a far trickier matter than simply deleting pieces of information from a database.

In fact, an emergent research field called “machine unlearning” has taken shape in recent years to figure out what methods can make AI models selectively and retroactively forget training data, or at least come close.

If researchers manage to develop easier ways for AI to fully unlearn information, it would allow these deals and regulations to be cleanly enforced.

It’s not just new generative AI models triggering this question. Researchers started thinking about machine unlearning after the EU recognized a legal “right to be forgotten” in 2014, allowing residents to demand the deletion of their personal data from Internet searches and other digital records.

The arrival of large language models sparked new questions and added complexity to the field’s existing problems, said Ken Liu, a PhD researcher at Stanford’s AI lab, who has written a primer on the topic.

Generative AI models use neural networks modeled on the human brain that teach themselves from patterns within existing data. Even their scientist creators can’t precisely explain how that self-learning happens, creating a near-impossible task for unlearning algorithms. They’d need to block the influence of certain data, while resisting jailbreak attacks trying to extract that information anyway, and maintaining the model’s overall performance.

“We’re asking, how do we update a pattern that we don’t even understand? And we don't understand how the data points have contributed to these patterns, so that's what makes it very, very difficult,” Liu said.

One case showing the difficulty comes from Microsoft researchers, who created a novel technique to make Meta’s Llama 2 model forget its knowledge of the Harry Potter series. (They chose this particular model because it’s open-sourced, and there were rumors that its training dataset included copyrighted novels.) The technique appeared to work, though the model would hallucinate made-up answers when tested about the books, rather than admitting it was unfamiliar with them. The team saw this tendency as an inherent trait of LLMs, not a result of the unlearning process.

Another team audited the model and discovered evidence suggesting it may have just been pretending to forget. With the right prompts, the model could still output copyrighted content. When asked “In Harry Potter, what type of animal is Hedwig,” it answered correctly that Hedwig is a white owl, suggesting the full slate of original knowledge was never genuinely removed.

There’s always the brute force approach — retraining the model without the data — but it’s very impractical and costly to do that every time data needs to be taken out. The point of unlearning is to discover techniques that are less tedious, said Radu Marculescu, a University of Texas Austin professor whose lab is exploring machine unlearning for image-to-image generative models. He called the field a kind of “counterculture” in a field that is otherwise obsessively dedicated to adding information to get better results.

No unlearning methods are ready yet for widespread deployment. Guihong Li, a researcher at Marculescu’s lab, says “the problem space is a newborn baby,” and sees a lot of promise in future experimentation on different types of AI (image-based versus text-based models require unique approaches) and increasingly complex, sometimes arbitrary cases like forgetting the writing style of a particular publication.

There is also an argument that, when it comes to generative AI, true unlearning will be impossible. In a blog post about the Harry Potter experiment, Microsoft researchers warned that “unlearning remains one of the most challenging conundrums in the AI sphere” and “many believe that achieving perfect unlearning might be a pipe dream and even approximations seem daunting.”

Liu says he’s also skeptical — but argues that imperfect forgetting might still be useful depending on the application.

It might not be enough to ensure a clean model when access to data is legally blocked — such as unlearning copyrighted material, or scrubbing out private data to obey regulations.

Where “pretending to forget” may eventually be good enough, however, is in reducing harms — like editing the model to filter out misinformation, bias, outdated data, hate speech or violent content. Here, there’s more leniency since the focus is any incremental improvement toward AI safety rather than meeting legal requirements. It could also help with copyright issues by gradually correcting the model to give users fewer near-verbatim excerpts, avoiding the type of evidence the New York Times is suing OpenAI over.

“These unlearning methods don’t really work work in a sense that they don't have guarantees, but empirically, you can reduce the effects of the data, so what that means is for most people, the model does appear safer,” said Liu. “It’s up to the practitioner to decide what’s the right threshold, the risk they're willing to take and the effort they're willing to spend.”

A message from eBay:

Why do people trust eBay? It’s because we’ve invested billions into creating a seamless buying experience, backed by dozens of guarantees and programs that boost consumer confidence. By increasing trust in the small businesses that rely on us, we’ve transformed the original find-anything site into America’s go-to small business platform. Learn more about our innovations at eBaysmallbiz.com.

the crypto spigot stays open

BEVERLY HILLS, CALIFORNIA - OCTOBER 23: Brian Armstrong, cofounder and CEO of Coinbase speaks onstage during 'Tales from the Crypto:What the Currency of the Future Means for You' at Vanity Fair's 6th Annual New Establishment Summit at Wallis Annenberg Center for the Performing Arts on October 23, 2019 in Beverly Hills, California. (Photo by Matt Winkelmeyer/Getty Images for Vanity Fair)

Coinbase CEO Brian Armstrong. | Getty Images for Vanity Fair

Coinbase is dumping another $25 million into this year’s elections.

POLITICO’s Jasper Goodman reported for Pro subscribers this morning on the contribution from the largest U.S. crypto exchange, which brought a network of crypto super PACs’ war chest to more than $160 million this cycle. The group, which includes Fairshake, Protect Progress and Defend American Jobs, also received $25 million contributions each from Ripple Labs and Andreessen Horowitz last week.

“Crypto voters won't be taken seriously until we send a clear message to political candidates that it is bad politics to be anti-crypto,” Coinbase CEO Brian Armstrong said in a blog post. “Therefore, the simple conclusion is that we need to support pro-crypto candidates on both sides of the aisle, and unceremoniously vote anti-crypto candidates out of office.”

A message from eBay:

the bitcoin basin

The Permian Basin, long a wellspring for American oil production, could serve the same purpose for bitcoin.

E&E News’ Shelby Webb reported on how the boom in energy-hungry bitcoin mining and data centers in the oil-rich region in Texas could further strain an already-struggling power grid.

Todd Staples, president of the Texas Oil and Gas Association, said the newcomers have been making it hard on the state’s existing infrastructure for a while: “That infrastructure is not keeping up and the need to electrify these operations has [been an] ongoing issue since I started with TXOGA almost 10 years ago,” he told Shelby. “Growth is going to continue, and companies need reliability with their power supplies.”

The bitcoin industry doesn’t see it as a competition. Lee Bratcher, president of the Texas Blockchain Council, said his members “never anticipate more than 5,000 MW of bitcoin mining in Texas,” a level at which oil and gas would still account for most of the region’s electricity use.

THE GOLD STANDARD OF DEFENSE POLICY REPORTING & INTELLIGENCE: POLITICO has more than 500 journalists delivering unrivaled reporting and illuminating the policy and regulatory landscape for those who need to know what’s next. Throughout the election and the legislative and regulatory pushes that will follow, POLITICO Pro is indispensable to those who need to make informed decisions fast. The Pro platform dives deeper into critical and quickly evolving sectors and industries, like defense, equipping policymakers and those who shape legislation and regulation with essential news and intelligence from the world’s best politics and policy journalists.

Our newsroom is deeper, more experienced, and better sourced than any other. Our defense reporting team—including Lara Seligman, Joe Gould, Paul McCleary, Connor O’Brien and Lee Hudson—is embedded with the market-moving legislative committees and agencies in Washington and across states, delivering unparalleled coverage of defense policy and the defense industry. We bring subscribers inside the conversations that determine policy outcomes and the future of industries, providing insight that cannot be found anywhere else. Get the premier news and policy intelligence service, SUBSCRIBE TO POLITICO PRO TODAY.

Tweet of the Day

The Future in 5 links

Google appears to have turned off its troubled AI search.
A series of opaque investments account (partially) for Sam Altman’s fortune.
Apple is trying to build a better recycling robot.
Nvidia and AMD are scrambling to win the AI chips market.
Could the rush to the Moon actually threaten astronomy?

Stay in touch with the whole team: Derek Robertson (drobertson@politico.com); Mohar Chatterjee (mchatterjee@politico.com); Steve Heuser (sheuser@politico.com); Nate Robson (nrobson@politico.com); Daniella Cheslow (dcheslow@politico.com); and Christine Mui (cmui@politico.com).

If you’ve had this newsletter forwarded to you, you can sign up and read our mission statement at the links provided.

A message from eBay:

When it comes to online shopping, trust is the most important currency. That’s why eBay has invested billions into innovations that boost confidence, including:

· AI tools that constantly monitor listings for dangerous and illegal items
· Investigators dedicated to preventing fraud and counterfeits
· Industry leading buyer protections and guarantees

In 2023 alone, 99.2% of prohibited item violations were blocked before ever appearing on the site. Increasing the trust, safety and transparency on eBay means people are more likely to buy from the small businesses who rely on us – which, in turn, boosts America’s small business economy.

Learn how we continue to power small business at eBaysmallbiz.com.

POLITICO is gearing up to deliver experiences that help you navigate the NATO Summit. What issues should our reporting and events spotlight? Click here to let us know.