Randomization Techniques to Mitigate the Risk of Copyright Infringement

TL;DR

This paper explores randomization techniques, including differential privacy and retrieval models, to reduce copyright infringement risks in AI outputs, highlighting challenges and potential solutions.

Contribution

It introduces the concept of Near Access-Freeness (NAF) for measuring similarity and evaluates the effectiveness of DP models and retrieval approaches for copyright mitigation.

Findings

NAF measurement is challenging and complex.

DP models incur high costs when ensuring NAF.

Retrieval models offer a more controllable mitigation scheme.

Abstract

In this paper, we investigate potential randomization approaches that can complement current practices of input-based methods (such as licensing data and prompt filtering) and output-based methods (such as recitation checker, license checker, and model-based similarity score) for copyright protection. This is motivated by the inherent ambiguity of the rules that determine substantial similarity in copyright precedents. Given that there is no quantifiable measure of substantial similarity that is agreed upon, complementary approaches can potentially further decrease liability. Similar randomized approaches, such as differential privacy, have been successful in mitigating privacy risks. This document focuses on the technical and research perspective on mitigating copyright violation and hence is not confidential. After investigating potential solutions and running numerical experiments, we concluded that using the notion of Near Access-Freeness (NAF) to measure the degree of substantial similarity is challenging, and the standard approach of training a Differentially Private (DP) model costs significantly when used to ensure NAF. Alternative approaches, such as retrieval models, might provide a more controllable scheme for mitigating substantial similarity.