Facebook’s “radioactive data” tracks the images used to train an AI

The news: A team from Facebook AI Research has developed a way to track exactly which images in a data set were used to train a machine-learning model. By making imperceptible tweaks to images, creating a kind of watermark, they were able to make tiny corresponding changes to the way an image classifier trained on those images works, without impairing its overall accuracy. This let them later match models up with the images that were used to train them. 

Why it matters: Facebook calls the technique “radioactive data” because it is analogous to the use of radioactive markers in medicine, which show up in the body under x-ray. Highlighting what data has been used to train an AI makes models more transparent, flagging potential sources of bias—such as a model trained on an unrepresentative set of images—or revealing when a data set was used without permission or for inappropriate purposes. 

Make no mistake: A big challenge was to change the images without breaking the resulting model. Tiny tweaks to an AI’s input can sometimes lead to it making stupid mistakes, such as identifying a turtle as a gun or a sloth as a racecar. Facebook made sure to design its watermarks so that this did not happen. The team tested its technique on ImageNet, a widely used data set of more than 14 million images, and found that they could detect use of radioactive data with high confidence in a particular model even when only 1% of the images had been marked.