Learning Goals

• Understand how ML components are parts of larger systems
• Illustrate the challenges in engineering an ML-enabled system beyond accuracy
• Explain the role of specifications and their lack in machine learning and the relationship to deductive and inductive reasoning
• Summarize the respective goals and challenges of software engineers vs data scientists
• Explain the concept and relevance of "T-shaped people"

Catastrophic Success

Breakout: Likely challenges in building commercial product?

ML in a Production System

By Steven Geringer, via Ryan Orban. Bridging the Gap Between Data Science & Engineer: Building High-Performance Teams. 2016

T-Shaped People

Broad-range generalist + Deep expertise

Figure: Jason Yip. Why T-shaped people?. 2018

Syllabus and Class Structure

17-445/17-645/17-745, Fall 2022, 12 units

Monday/Wednesdays 1:25-2:45pm

Recitation Fridays 10:10-11:00am / 1:25-2:45pm

First Homework Assignment

Reading Assignments & Quizzes

Timeline

Grading Philosophy

Specification grading, based in adult learning theory

Giving you choices in what to work on or how to prioritize your work

We are making every effort to be clear about expectations (specifications), will clarify if you have questions

Assignments broken down into expectations with point values, each graded pass/fail

Opportunities to resubmit work until last day of class

[Example]

ML Models Make Mistakes

Lack of Specifications

/**
  Return the text spoken within the audio file
  ????
*/
String transcribe(File audioFile);

It's not all new

We routinely build:

• Safe software with unreliable components
• Cyberphysical systems
• Non-ML big data systems, cloud systems
• "Good enough" and "fit for purpose" not "correct"

ML intensifies our challenges

Complexity

Learning goals

• Explain how machine learning fits into the larger picture of building and maintaining production systems
• Explain the consequences of the shift from deductive to inductive reasoning for abstraction and composition
• Explain the modularity implications of having machine-learning components without specifications
• Describe the typical components relating to AI in an AI-enabled system and typical design decisions to be made

Why do we care about image captioning?

Products using Image Synthesis?

Traditional Model Focus (Data Science)

Focus: building models from given data, evaluating accuracy

Automating Pipelines and MLOps (ML Engineering)

Focus: experimenting, deploying, scaling training and serving, model monitoring and updating

ML-Enabled Systems (ML in Production)

Interaction of ML and non-ML components, system requirements, user interactions, safety, collaboration, delivering products

Model vs System Goals

Case Study: Self-help legal chatbot

Machine learning that matters

Systems Thinking

Feedback Loops

Safety is a System Property

• Code/models are not unsafe, cannot harm people
• Systems can interact with the environment in ways that are unsafe

Safety Assurance in/outside the Model

Presenting Intelligence

Automate: Take action on user's behalf

Prompt: Ask the user if an action should be taken

Organize/Annotate/Augment: Add information to a display

Hybrids of these

Breakout Discussion: Experience Design

Things change...

Monitoring in Production

Design for telemetry

Pipelines Thinking is Challenging

Who has had bad experiences in teams? Student teams? Teams in industry?

Summary: How would you handle...

Teamwork Policies and Support in this Course

• Teams can set their own priorities and policies -- do what works for you, experiment
  • Not everybody will contribute equally to every assignment -- that's okay
  • Team members have different strength and weaknesses -- that's good
• We will intervene in team citizenship issues!

Golden rule: Try to do what you agreed to do by the time you agreed to. If you cannot, seek help and communicate clearly and early.

Learning Goals

• Select a suitable metric to evaluate prediction accuracy of a model and to compare multiple models
• Select a suitable baseline when evaluating model accuracy
• Know and avoid common pitfalls in evaluating model accuracy
• Explain how software testing differs from measuring prediction accuracy of a model

Model Quality

First Part: Measuring Prediction Accuracy

• the data scientist's perspective

Second Part: What is Correctness Anyway?

• the role and lack of specifications, validation vs verification

Third Part: Learning from Software Testing

• unit testing, test case curation, invariants, simulation (next lecture)

Later: Testing in Production

• monitoring, A/B testing, canary releases (in 2 weeks)

Confusion/Error Matrix

def accuracy(model, xs, ys):
  count = length(xs)
  countCorrect = 0
  for i in 1..count:
    predicted = model(xs[i])
    if predicted == ys[i]:
      countCorrect += 1
  return countCorrect / count

Area Under the Curve

Turning numeric prediction into classification with threshold ("operating point")

The Legend of the Failed Tank Detector

Production Data -- The Ultimate Unseen Validation Data

more in a later lecture

Common Pitfalls of Evaluating Model Quality?

Test Data not Representative

Often neither training nor test data representative of production data

Shortcut Learning

Data Leakage during Data Preprocessing

wordsVectorizer = CountVectorizer().fit(text)
wordsVector = wordsVectorizer.transform(text)
invTransformer = TfidfTransformer().fit(wordsVector)
invFreqOfWords = invTransformer.transform(wordsVector)
X = pd.DataFrame(invFreqOfWords.toarray())

train, test, spamLabelTrain, spamLabelTest = 
                   train_test_split(X, y, test_size = 0.5)
predictAndReport(train = train, test = test)

Independence of Data: Temporal

Independence of Data: Related Datapoints

Example: Kaggle competition on detecting distracted drivers

Relation of datapoints may not be in the data (e.g., driver)

Part 2:

What is Correctness Anyway?

specifications, bugs, fit

SE World: Evaluating a Component's Functional Correctness

/**
 * compute deductions based on provided adjusted 
 * gross income and expenses in customer data.
 *
 * see tax code 26 U.S. Code A.1.B, PART VI
 */
float computeDeductions(float agi, Expenses expenses);

Validation vs Verification

No specification!

Testing a Machine Learning Model?

// detects cancer in an image
boolean hasCancer(Image scan);

@Test
void testPatient1() {
  assertEquals(loadImage("patient1.jpg"), false);
}
@Test
void testPatient2() {
  assertEquals(loadImage("patient2.jpg"), false);
}

All Models Are Wrong

All models are approximations. Assumptions, whether implied or clearly stated, are never exactly true. All models are wrong, but some models are useful. So the question you need to ask is not "Is the model true?" (it never is) but "Is the model good enough for this particular application?" -- George Box

Deductive vs Inductive Reasoning

Machine Learning Models Fit, or Not

• A model is learned from given data in given procedure
  • The learning process is typically not a correctness concern
  • The model itself is generated, typically no implementation issues
• Is the data representative? Sufficient? High quality?
• Does the model "learn" meaningful concepts?
• Is the model useful for a problem? Does it fit?
• Do model predictions usually fit the users' expectations?
• Is the model consistent with other requirements? (e.g., fairness, robustness)

Learning Goals

• Curate validation datasets for assessing model quality, covering subpopulations and capabilities as needed
• Explain the oracle problem and how it challenges testing of software and models
• Use invariants to check partial model properties with automated testing
• Select and deploy automated infrastructure to evaluate and monitor model quality

Curating Validation Data & Input Slicing

Software Test Case Design

Not All Inputs are Equal

"Call mom" "What's the weather tomorrow?" "Add asafetida to my shopping list"

Input Partitioning Example

Example: Model Impr. at Apple (Overton)

Testing Model Capabilities

Testing Capabilities

Generating Test Data for Capabilities

Idea 1: Domain-specific generators

Testing negation in sentiment analysis with template:
I {NEGATION} {POS_VERB} the {THING}.

Testing texture vs shape priority with artificial generated images:

Generating Test Data for Capabilities

Idea 3: Crowd-sourcing test creation

Testing sarcasm in sentiment analysis: Ask humans to minimally change text to flip sentiment with sarcasm

Testing background in object detection: Ask humans to take pictures of specific objects with unusual backgrounds

Automated (Random) Testing and Invariants

(if it wasn't for that darn oracle problem)

Cancer in Random Image?

The Oracle Problem

How do we know the expected output of a test?

assertEquals(??, factorPrime(15485863));

Examples of Invariants

Simulation-Based Testing

One More Thing: Simulation-Based Testing

• Derive input-output pairs from simulation, esp. in vision systems
• Example: Vision for self-driving cars:
  • Render scene -> add noise -> recognize -> compare recognized result with simulator state
• Quality depends on quality of simulator:
  • examples: render picture/video, synthesize speech, ...
  • Less suitable where input-output relationship unknown, e.g., cancer prognosis, housing price prediction

Test Coverage

Continuous Integration for Model Quality

Project Milestone 1: Modeling and First Deployment

Exploring Requirements...

Learning goals

• Judge when to apply ML for a problem in a system
• Define system goals and map them to goals for ML components
• Understand the key concepts and risks of measurement

Today's Case Study: Spotify Personalized Playlists

When to use Machine Learning

Big problems: Many inputs, massive scale

Open-ended problems: No single "final" solution; incremental improvements and growth over time

Time-changing problems: Adapting to constant changes, learning with users

Intrinsically hard problems: Unclear rules, heuristics perform poorly

Examples?

AI as Prediction Machines

Layers of Success Measures

Breakout: Automating Admission Decisions

What are different types of goals behind automating admissions decisions to a Master's program?

As a group post answer to #lecture tagging all group members using template:

Organizational goals: ...
Leading indicators: ...
System goals: ...
User goals: ...
Model goals: ...

Everything is Measurable

Composing/Decomposing Measures

Often higher-level measures are composed from lower level measures

Clear trace from specific low-level measurements to high-level metric

Stating Measures Precisely

Measuring

Three ingredients:

1. Measure: What do we try to capture?
2. Data collection: What data is collected and how?
3. Operationalization: How is the measure computed from the data?

Streetlight effect

Learning Goals

• Understand the role of requirements in ML-based systems and their failures
• Understand the distinction between the world and the machine
• Understand the importance of environmental assumptions in establishing system requirements

Facial Recognition in ATM

Q. What went wrong? What is the root cause of the failure?

Automated Hiring

Q. What went wrong? What is the root cause of the failure?

Machine vs World

Shared Phenomena

Breakout: Lane Assist Assumptions

REQ: The vehicle must be prevented from veering off the lane.

SPEC: Lane detector accurately identifies lane markings in the input image; the controller generates correct steering commands

Discuss with your neighbor to come up with 2-3 assumptions

Lufthansa 2904 Runaway Crash

Breakout Session: Fall detection

As a group, post answer to #lecture and tag group members:

Requirement: ...
Assumptions: ...
Specification: ...
What can go wrong: ...

What went wrong? (REQ, ASM, SPEC)?

Understanding requirements is hard

• Customers don't know what they want until they see it
• Customers change their mind ("no, not like that")
• Descriptions are vague
• It is easy to ignore important requirements (privacy, fairness)
• Focused too narrowly on needs of few users
• Engineers think they already know the requirements
• Engineers are overly influenced by technical capability
• Engineers prefer elegant abstractions

Examples?

Requirements elicitation techniques

ML Prototyping: Wizard of Oz

Personas in GenderMag

See examples and details http://gendermag.org/foundations.php

How much requirements eng. and when?

Homework I2: Requirements

Dashcam system

Learning goals:

• Consider ML models as unreliable components
• Use safety engineering techniques FTA, FMEA, and HAZOP to anticipate and analyze possible mistakes
• Design strategies for mitigating the risks of failures due to ML mistakes

Models make mistakes

Common excuse: Nobody could have foreseen this...

What responsibility do designers have to anticipate problems?

Confounding Variables

Reverse Causality

Reasons barely matter

No model is every "correct"

Some mistakes are unavoidable

Anticipate the eventual mistake

• Make the system safe despite mistakes
• Consider the rest of the system (software + environment)
• Example: Thermal fuse in smart toaster

ML model = unreliable component

Bollards mitigate mistakes

Today's Running Example: Autonomous Train

Human in the Loop - Examples

• Email response suggestions

• Fall detection smartwatch
• Safe browsing

Undoable actions - Examples

• Override thermostat setting
• Undo slide design suggestions
• Automated shipment + offering free return shipment
• Appeal process for banned "spammers" or "bots"
• Easy to repair bumpers on autonomous vehicles?

Guardrails - Examples

Recall: Thermal fuse in smart toaster

• maximum toasting time + extra heat sensor

Guardrails - Examples

Mistake detection

Independent mechanism to detect problems (in the real world)

Example: Gyrosensor to detect a train taking a turn too fast

Graceful Degradation (Fail-safe)

• Goal: When a component failure is detected, achieve system safety by reducing functionality and performance
• Switches operating mode when failure detected (e.g., slower, conservative)

Redundancy Example: Sensor Fusion

• Combine data from a wide range of sensors
• Provides partial information even when some sensor is faulty
• A critical part of modern self-driving vehicles

Short Breakout

What design strategies would you consider to mitigate ML mistakes:

• Credit card fraud detection
• Image captioning for accessibility in photo sharing site
• Speed limiter for cars (with vision system to detect traffic signs)

Consider: Human in the loop, Undoable actions, Guardrails, Mistake detection and recovery (monitoring, doer-checker, fail-over, redundancy), Containment and isolation

As a group, post one design idea for each scenario to #lecture and tag all group members.

What's the worst that could happen?

What's the worst that could happen?

What is Risk Analysis?

What can possibly go wrong in my system, and what are potential impacts on system requirements?

Risk = Likelihood * Impact

A number of methods:

• Failure mode & effects analysis (FMEA)
• Hazard analysis
• Why-because analysis
• Fault tree analysis (FTA)
• ...

Fault Tree Analysis (FTA)

Consider Mitigations

• Remove basic events with mitigations
• Increase the size of cut sets with mitigations

Failure Mode and Effects Analysis (FMEA)

• A forward search technique to identify potential hazards
• Widely used in aeronautics, automotive, healthcare, food services, semiconductor processing, and (to some extent) software

Hazard and Interoperability Study (HAZOP)

identify hazards and component fault scenarios through guided inspection of requirements

After requirements...

Learning Goals

• Describe the role of architecture and design between requirements and implementation
• Identify the different ML components and organize and prioritize their quality concerns for a given project
• Explain they key ideas behind decision trees and random forests and analyze consequences for various qualities
• Demonstrate an understanding of the key ideas of deep learning and how it drives qualities
• Plan and execute an evaluation of the qualities of alternative AI components for a given purpose

Readings

Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning Engineering." (2018), Chapters 17 and 18

Recommended reading: Siebert, Julien, Lisa Joeckel, Jens Heidrich, Koji Nakamichi, Kyoko Ohashi, Isao Namba, Rieko Yamamoto, and Mikio Aoyama. “Towards Guidelines for Assessing Qualities of Machine Learning Systems.” In International Conference on the Quality of Information and Communications Technology, pp. 17–31. Springer, Cham, 2020.

Thinking like a Software Architect

Case Study: Twitter

Twitter Case Study: Key Insights

Architectural decisions affect entire systems, not only individual modules

Abstract, different abstractions for different scenarios

Reason about quality attributes early

Make architectural decisions explicit

Question: Did the original architect make poor decisions?

System Decomposition

Identify components and their responsibilities

Establishes interfaces and team boundaries

Information Hiding

Decomposition enables scaling teams

Each team works on a component

Need to coordinate on interfaces, but implementations remain hidden

Interface descriptions are crutial

• Who is responsible for what
• Component requirements (specifications), behavioral and quality
• Especially consider nonlocal qualities: e.g., safety, privacy

Interfaces rarely fully specified in practice, source of conflicts

Common components

• Model inference service: Uses model to make predictions for input data
• ML pipeline: Infrastructure to train/update the model
• Monitoring: Observe model and system
• Data sources: Manual/crowdsourcing/logs/telemetry/...
• Data management: Storage and processing of data, often at scale
• Feature store: Reusable feature engineering code, cached feature computations

Common System-Wide Design Challenges

Separating concerns, understanding interdependencies

• e.g., anticipating/breaking feedback loops, conflicting needs of components

Facilitating experimentation, updates with confidence

Separating training and inference and closing the loop

• e.g., collecting telemetry to learn from user interactions

Learn, serve, and observe at scale or with resource limits

• e.g., cloud deployment, embedded devices

Qualities of Interest?

Scenario: Component for detecting credit card frauds, as a service for banks

Decision Trees: Qualities

• Tasks: Classification & regression
• Qualities: Advantages: ?? Drawbacks: ??

$f_{\mathbf{W}_h,\mathbf{b}_h,\mathbf{W}_o,\mathbf{b}_o}(\mathbf{X})=\phi( \mathbf{W}_o \cdot \phi(\mathbf{W}_h \cdot \mathbf{X}+\mathbf{b}_h)+\mathbf{b}_o)$

(matrix multiplications interleaved with step function)

Deep Learning

• Tasks: Classification & regression
• Qualities: Advantages: ?? Drawbacks: ??

Network Size

Cost & Energy Consumption

Constraints and Tradeoffs

Constraints

Constraints define the space of attributes for valid design solutions

Trade-offs: Cost vs Accuracy

Breakout: Qualities & ML Algorithms

Consider two scenarios:

1. Credit card fraud detection
2. Pedestrian detection in sidewalk robot

As a group, post to #lecture tagging all group members:

• Qualities of interests: ??
• Constraints: ??
• ML algorithm(s) to use: ??

Learning Goals

Deploying a Model is Easy

Model inference component as a service

from flask import Flask, escape, request
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = '/tmp/uploads'
detector_model = … # load model…

# inference API that returns JSON with classes 
# found in an image
@app.route('/get_objects', methods=['POST'])
def pred():
    uploaded_img = request.files["images"]
    coverted_img = … # feature encoding of uploaded img
    result = detector_model(converted_img)
    return jsonify({"response":
                result['detection_class_entities']})

But is it really easy?

Offline use?

Deployment at scale?

Hardware needs and operating cost?

Frequent updates?

Integration of the model into a system?

Meeting system requirements?

Every system is different!

What can we reason about?

Case Study: Augmented Reality Translation

Where Should the Models Live?

Cloud? Phone? Glasses?

What qualities are relevant for the decision?

Breakout: Latency and Bandwidth Analysis

1. Estimate latency and bandwidth requirements between components
2. Discuss tradeoffs among different deployment models

As a group, post in #lecture tagging group members:

• Recommended deployment for OCR (with justification):
• Recommended deployment for Translation (with justification):

Reusing Feature Engineering Code

Avoid training–serving skew

Tecton Feature Store

Separating Models and Business Logic

Documenting Input/Output Types for Inference Components

{
  "mid": string,
  "languageCode": string,
  "name": string,
  "score": number,
  "boundingPoly": {
    object (BoundingPoly)
  }
}

From Google’s public object detection API.

Anti-Patterns

• Big Ass Script Architecture
• Dead Experimental Code Paths
• Glue code
• Multiple Language Smell
• Pipeline Jungles
• Plain-Old Datatype Smell
• Undeclared Consumers

Learning Goals

• Design telemetry for evaluation in practice
• Understand the rationale for beta tests and chaos experiments
• Plan and execute experiments (chaos, A/B, shadow releases, ...) in production
• Conduct and evaluate multiple concurrent A/B tests in a system
• Perform canary releases
• Examine experimental results with statistical rigor
• Support data scientists with monitoring platforms providing insights from production data

Beta Testing

Crash Telemetry

A/B Testing

Measuring Model Quality with Telemetry

Breakout: Design Telemetry in Production

Detecting Drift

Engineering Challenges for Telemetry

Model Quality vs System Quality

Feature Flags (Boolean flags)

if (features.enabled(userId, "one_click_checkout")) {
     // new one click checkout function
} else {
     // old checkout functionality
}

def isEnabled(user): Boolean = (hash(user.id) % 100) < 10

Canary Releases

Chaos Experiments

Learning Goals

• Implement and automate tests for all parts of the ML pipeline
• Understand testing opportunities beyond functional correctness
• Automate test execution with continuous integration
• Deploy a service for models using container infrastructure
• Automate common configuration management tasks
• Devise a monitoring strategy and suggest suitable components for implementing it
• Diagnose common operations problems
• Understand the typical concerns and concepts of MLOps

Possible Mistakes in ML Pipelines

Danger of "silent" mistakes in many phases

Examples?

Integrating the Pipeline with other Components

Unit Test, Integration Tests, System Tests

General Testing Strategy: Decoupling Code Under Test

Subtle Bugs in Data Wrangling Code

df['Join_year'] = df.Joined.dropna().map(
    lambda x: x.split(',')[1].split(' ')[1])

df.loc[idx_nan_age,'Age'].loc[idx_nan_age] = 
    df['Title'].loc[idx_nan_age].map(map_means)

df["Weight"].astype(str).astype(int)

Modularizing and Testing Data Cleaning

def is_valid_row(row):
    try:
        datetime.strptime(row['date'], '%b %d %Y')
        return true
    except ValueError:
        return false

@test
def test_dates(self):
    self.assertTrue(is_valid_row(...))
    self.assertTrue(is_valid_row(...))
    self.assertFalse(is_valid_row(...))

Integration and system tests

Test larger units of behavior

Often based on use cases or user stories -- customer perspective

@Test void testCleaningWithFeatureEng() {
    DataFrame d = loadTestData();
    DataFrame cd = clean(d);
    DataFrame f = feature3.encode(cd);
    assert(noMissingValues(f.getColumn("m")));
    assert(max(f.getColumn("m"))<=1.0);
}

Static Analysis, Code Linting

Automatic detection of problematic patterns based on code structure

if (user.jobTitle = "manager") {
   ...
}

function fn() {
    x = 1;
    return x;
    x = 3; 
}

Breakout Groups

• In the Smartphone Covid Detection scenario
• Discuss in groups:
  • Back left: data tests
  • Back right: model dev. tests
  • Front right: infrastructure tests
  • Front left: monitoring tests
• For 8 min, discuss some of the listed point in the context of the Covid-detection scenario: what would you do?
• In #lecture, tagging group members, suggest what tests to implement

Dev vs. Ops

QA responsibilities in both roles

Heavy tooling and automation

Automate Everything

Containers

MLOps Overview

Integrate ML artifacts into software release process, unify process (i.e., DevOps extension)

Automated data and model validation (continuous deployment)

Continuous deployment for ML models: from experimenting in notebooks to quick feedback in production

Versioning of models and datasets (more later)

Monitoring in production (discussed earlier)

Tooling Landscape LF AI

Learning Goals

• Distinguish precision and accuracy; understanding the better models vs more data tradeoffs
• Use schema languages to enforce data schemas
• Design and implement automated quality assurance steps that check data schema conformance and distributions
• Devise infrastructure for detecting data drift and schema violations
• Consider data quality as part of a system; design an organization that values data quality

Data cleaning and repairing account for about 60% of the work of data scientists.

Own experience?

Case Study: Inventory Management

Many Data Sources

sources of different reliability and quality

Raw Data is an Oxymoron

Accuracy vs Precision

Data Cascades

Detection almost always delayed! Expensive rework. Difficult to detect in offline evaluation.

Schema in Relational Databases

CREATE TABLE employees (
    emp_no      INT             NOT NULL,
    birth_date  DATE            NOT NULL,
    name        VARCHAR(30)     NOT NULL,
    PRIMARY KEY (emp_no));
CREATE TABLE departments (
    dept_no     CHAR(4)         NOT NULL,
    dept_name   VARCHAR(40)     NOT NULL,
    PRIMARY KEY (dept_no), UNIQUE  KEY (dept_name));
CREATE TABLE dept_manager (
   dept_no      CHAR(4)         NOT NULL,
   emp_no       INT             NOT NULL,
   FOREIGN KEY (emp_no)  REFERENCES employees (emp_no),
   FOREIGN KEY (dept_no) REFERENCES departments (dept_no),
   PRIMARY KEY (emp_no,dept_no)); 

Example: HoloClean

Drift & Model Decay

Breakout: Drift in the Inventory System

What kind of drift might be expected?

As a group, tagging members, write plausible examples in #lecture:

• Concept Drift:
• Data Drift:
• Upstream data changes:

Microsoft Azure Data Drift Dashboard

"Everyone wants to do the model work, not the data work"

Data Quality Documentation

Learning Goals

• Organize different data management solutions and their tradeoffs
• Understand the scalability challenges involved in large-scale machine learning and specifically deep learning
• Explain the tradeoffs between batch processing and stream processing and the lambda architecture
• Recommend and justify a design and corresponding technologies for a given system

Scaling Computations

Distributed Gradient Descent

Relational Data Models

select p.photo_id, p.path, u.photos_total 
from photos p, users u 
where u.user_id=p.user_id and u.account_name = "ckaestne"

Partitioning

Replication with Leaders and Followers

Microservices

Stream Processing (e.g., Kafka)

Event Sourcing

• Append only databases
• Record edit events, never mutate data
• Compute current state from all past events, can reconstruct old state
• For efficiency, take state snapshots
• Similar to traditional database logs, but persistent

addPhoto(id=133422131, user=54351, path="/st/u211/1U6uFl47Fy.jpg", date="2021-12-03T09:18:32.124Z")
updatePhotoData(id=133422131, user=54351, title="Sunset")
replacePhoto(id=133422131, user=54351, path="/st/x594/vipxBMFlLF.jpg", operation="/filter/palma")
deletePhoto(id=133422131, user=54351)

Lambda Architecture and Machine Learning

• Learn accurate model in batch job
• Learn incremental model in stream processor

Data Lake

Trend to store all events in raw form (no consistent schema)

May be useful later

Data storage is comparably cheap

Bet: Yet unknown future value of data is greater than storage costs

Breakout: Vimeo Videos

As a group, discuss and post in #lecture, tagging group members:

• How to distribute storage:
• How to design scalable copy-right protection solution:
• How to design scalable analytics (views, ratings, ...):

Process...

Learning Goals

Case Study: Real-Estate Website

Data Science is Iterative and Exploratory

Computational Notebooks

Waterfall Model

taming chaos, understand req., plan before coding, remember testing

Risk First: Spiral Model

incremental prototypes, starting with most risky components

Constant iteration: Agile

working with customers, constant replanning

Discussion: Iteration in Notebook vs Agile?

Model first vs Product first

Technical debt

Breakout: Technical Debt from ML

As a group in #lecture, tagging members: Post two plausible examples technical debt in housing price prediction system:

1. Deliberate, prudent:
2. Reckless, inadvertent:

Changing directions...

With a few lines of code...

Another Example: Social Media

What is the (real) organizational objective of the company?

Mental Health

• 35% of US teenagers with low social-emotional well-being have been bullied on social media.
• 70% of teens feel excluded when using social media.

Who's to blame?

Are these companies intentionally trying to cause harm? If not, what are the root causes of the problem?

Liability?

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Buzzword or real progress?

Legally protected classes (US)

Dividing a Pie?

Harms of Allocation

• Withhold opportunities or resources
• Poor quality of service, degraded user experience for certain groups

Harms of Representation

• Over/under-representation of certain groups in organizations
• Reinforcement of stereotypes

Historical Bias

Data reflects past biases, not intended outcomes

Should the algorithm reflect the reality?

Tainted Labels

Bias in dataset labels assigned (directly or indirectly) by humans

Example: Hiring decision dataset -- labels assigned by (possibly biased) experts or derived from past (possibly biased) hiring decisions

Skewed Sample

Bias in how and what data is collected

Crime prediction: Where to analyze crime? What is considered crime? Actually a random/representative sample?

Recall: Raw data is an oxymoron

Proxies

Features correlate with protected attribute, remain after removal

• Example: Neighborhood as a proxy for race
• Extracurricular activities as proxy for gender and social class (e.g., “cheerleading”, “peer-mentor for ...”, “sailing team”, “classical music”)

Feedback Loops reinforce Bias

"Big Data processes codify the past. They do not invent the future. Doing that requires moral imagination, and that’s something only humans can provide. " -- Cathy O'Neil in Weapons of Math Destruction

Breakout: College Admission

Scenario: Evaluate applications & identify students who are likely to succeed

Features: GPA, GRE/SAT, gender, race, undergrad institute, alumni connections, household income, hometown, transcript, etc.

As a group, post to #lecture tagging members:

• Possible harms: Allocation of resources? Quality of service? Stereotyping? Denigration? Over-/Under-representation?
• Sources of bias: Skewed sample? Tainted labels? Historical bias? Limited features? Sample size disparity? Proxies?

Learning Goals

• Understand different definitions of fairness
• Discuss methods for measuring fairness
• Outline interventions to improve fairness at the model level

Past bias, different starting positions

Anti-Classification

• Also called fairness through blindness or fairness through unawareness
• Ignore certain sensitive attributes when making a decision
• Example: Remove gender and race from mortgage model
• Easy to implement, but any limitations?

Group fairness

Key idea: Compare outcomes across two groups

• Similar rates of accepted loans across racial/gender groups?
• Similar chance of being hired/promoted between gender groups?
• Similar rates of (predicted) recidivism across racial groups?

Outcomes matter, not accuracy!

Equalized odds

Key idea: Focus on accuracy (not outcomes) across two groups

• Similar default rates on accepted loans across racial/gender groups?
• Similar rate of "bad hires" and "missed stars" between gender groups?
• Similar accuracy of predicted recidivism vs actual recidivism across racial groups?

Accuracy matters, not outcomes!

Breakout: Cancer Prognosis

In groups, post to #lecture tagging members:

• Does the model meet anti-classification fairness wrt. sex?
• Does the model meet group fairness?
• Does the model meet equalized odds?
• Is the model fair enough to use?

Intuitive Justice

Research on what post people perceive as fair/just (psychology)

When rewards depend on inputs and participants can chose contributions: Most people find it fair to split rewards proportional to inputs

• Which fairness measure does this relate to?

Most people agree that for a decision to be fair, personal characteristics that do not influence the reward, such as sex or age, should not be considered when dividing the rewards.

• Which fairness measure does this relate to?

Equality vs Equity

Discussion: Fairness Goal for College Admission?

Strong legal precedents

Very limited scope of affirmative action

Most forms of group fairness likely illegal

In practice: Anti-classification

Improving Fairness of a Model

In all pipeline stages:

• Data collection
• Data cleaning, processing
• Training
• Inference
• Evaluation and auditing

Example audit tool: Aequitas

Example: Tweaking Thresholds

Learning Goals

• Understand the role of requirements engineering in selecting ML fairness criteria
• Understand the process of constructing datasets for fairness
• Document models and datasets to communicate fairness concerns
• Consider the potential impact of feedback loops on AI-based systems and need for continuous monitoring
• Consider achieving fairness in AI-based systems as an activity throughout the entire development cycle

Most Fairness Discussions are Model-Centric or Pipeline-Centric

Fairness Problems are System-Wide Challenges

• Requirements engineering challenges: How to identify fairness concerns, fairness metric, design data collection and labeling
• Human-computer-interaction design challenges: How to present results to users, fairly collect data from users, design mitigations
• Quality assurance challenges: Evaluate the entire system for fairness, continuously assure in production
• Process integration challenges: Incoprorate fairness work in development process
• Education and documentation challenges: Create awareness, foster interdisciplinary collaboration

Negotiate Fairness Goals/Measures

Equality or equity? Equalized odds? ...

Cannot satisfy all. People have conflicting preferences...

Treating everybody equally in a meritocracy will reinforce existing inequalities whereas uplifting disadvantaged communities can be seen as giving unfair advantages to people who contributed less, making it harder to succeed in the advantaged group merely due to group status.

Making Rare Skills Attainable

We should stop training radiologists now. It’s just completely obvious that within five years, deep learning is going to do better than radiologists. -- Geoffrey Hinton, 2016

Who does the Fairness Work?

Within organizations usually little institutional support for fairness work, few activists

Fairness issues often raised by communities affected, after harm occurred

Affected groups may need to organize to affect change

Do we place the cost of unfair systems on those already marginalized and disadvantaged?

Breakout: College Admission

Assume most universities want to automate admissions decisions.

As a group in #lecture, tagging group members:

What good or bad societal implications can you anticipate, beyond a single product? Should we do something about it?

1. Avoid Unnecessary Distinctions

"Doctor/nurse applying blood pressure monitor" -> "Healthcare worker applying blood pressure monitor"

2. Suppress Potentially Problem Outputs

How to fix?

4. Keep Humans in the Loop

TV subtitles: Humans check transcripts, especially with heavy dialects

Fairer Data Collection

Carefully review data collection procedures, sampling biases, what data is collected, how trustworthy labels are, etc.

Can address most sources of bias: tainted labels, skewed samples, limited features, sample size disparity, proxies:

• deliberate what data to collect
• collect more data, oversample where needed
• extra effort in unbiased labels

-> Requirements engineering, system engineering

-> World vs machine, data quality, data cascades

Feedback Loops

Barriers to Fairness Work

1. Rarely an organizational priority, mostly reactive (media pressure, regulators)

• Limited resources for proactive work
• Fairness work rarely required as deliverable, low priority, ignorable
• No accountability for actually completing fairness work, unclear responsibilities

What to do?

Affect Culture Change

Buy-in from management is crucial

Show that fairness work is taken seriously through action (funding, hiring, audits, policies), not just lofty mission statements

Reported success strategies:

1. Frame fairness work as financial profitable, avoiding rework and reputation cost
2. Demonstrate concrete, quantified evidence of benefits of fairness work
3. Continuous internal activism and education initiatives
4. External pressure from customers and regulators

Documenting Model Fairness

Recall: Model cards

Documenting Fairness of Datasets

Explainability as Building Block in Responsible Engineering

Learning Goals

• Understand the importance of and use cases for interpretability
• Explain the tradeoffs between inherently interpretable models and post-hoc explanations
• Measure interpretability of a model
• Select and apply techniques to debug/provide explanations for data, models and model predictions
• Eventuate when to use interpretable models rather than ex-post explanations

Detecting Anomalous Commits

Is this recidivism model fair?

IF age between 18–20 and sex is male THEN 
  predict arrest
ELSE IF age between 21–23 and 2–3 prior offenses THEN 
  predict arrest
ELSE IF more than three priors THEN 
  predict arrest
ELSE 
  predict no arrest

How to interpret the results?

Debugging

Debugging is the most common use in practice (Bhatt et al. "Explainable machine learning in deployment." In Proc. FAccT. 2020.)

Understanding a Model

Levels of explanations:

• Understanding a model
• Explaining a prediction
• Understanding the data

Inherently Interpretable: Sparse Linear Models

$f(x) = \alpha + \beta_1 x_1 + ... + \beta_n x_n$

Truthful explanations, easy to understand for humans

Easy to derive contrastive explanation and feature importance

Requires feature selection/regularization to minimize to few important features (e.g. Lasso); possibly restricting possible parameter values

Score card: Sparse linear model with "round" coefficients

Post-Hoc Model Explanation: Global Surrogates

1. Select dataset X (previous training set or new dataset from same distribution)
2. Collect model predictions for every value: $y_i=f(x_i)$
3. Train inherently interpretable model $g$ on (X,Y)
4. Interpret surrogate model $g$

Can measure how well $g$ fits $f$ with common model quality measures, typically $R^2$

Advantages? Disadvantages?

Post-Hoc Model Explanation: Feature Importance

Source: Christoph Molnar. "Interpretable Machine Learning." 2019

Post-Hoc Model Explanation: Partial Dependence Plot (PDP)

Understanding Predictions from Inherently Interpretable Models is easy

Derive key influence factors or decisions from model parameters

Derive contrastive counterfacturals from models

Examples: Predict arrest for 18 year old male with 1 prior:

IF age between 18–20 and sex is male THEN predict arrest
ELSE IF age between 21–23 and 2–3 prior offenses THEN predict arrest
ELSE IF more than three priors THEN predict arrest
ELSE predict no arrest

Posthoc Prediction Explanation: Feature Influences

Which features were most influential for a specific prediction?

Feature Influences in Images

Example: Anchors

Multiple Counterfactuals

Prototypes and Criticisms

• Prototype is a data instance that is representative of all the data
• Criticism is a data instance not well represented by the prototypes

Influential Instance

Data debugging: What data most influenced the training?

Breakout: Debugging with Explanations

Setting Cancer Imaging -- What explanations do radiologists want?

• Past attempts often not successful at bringing tools into production. Radiologists do not trust them. Why?
• Wizard of oz study to elicit requirements

Explanations foster Trust

Users are less likely to question the model when explanations provided

• Even if explanations are unreliable
• Even if explanations are nonsensical/incomprehensible

Danger of overtrust and intentional manipulation

(a) Rationale, (b) Stating the prediction, (c) Numerical internal values

Observation: Both experts and non-experts overtrust numerical explanations, even when inscrutable.

"Stop explaining ..."

More Explainability, Policy, and Politics

Learning Goals

• Explain key concepts of transparency and trust
• Discuss whether and when transparency can be abused to game the system
• Design a system to include human oversight
• Understand common concepts and discussions of accountability/culpability
• Critique regulation and self-regulation approaches in ethical machine learning

Case Study: Facebook's Feed Curation

Gaming/Attacking the Model with Explanations?

Does providing an explanation allow customers to 'hack' the system?

• Loan applications?
• Apple FaceID?
• Recidivism?
• Auto grading?
• Cancer diagnosis?
• Spam detection?

Human Oversight and Appeals

• Unavoidable that ML models will make mistakes
• Users knowing about the model may not be comforting
• Inability to appeal a decision can be deeply frustrating

Who is responsible?

Easy to Blame "The Algorithm" / "The Data" / "Software"

"Just a bug, things happen, nothing we could have done"

• But system was designed by humans
• But humans did not anticipate possible mistakes, did not design to mitigate mistakes
• But humans made decisions about what quality was good enough
• But humans designed/ignored the development process
• But humans gave/sold poor quality software to other humans
• But humans used the software without understanding it
• ...

More Foundational Technology for Responsible Engineering

Learning Goals

• Judge the importance of data provenance, reproducibility and explainability for a given system
• Create documentation for data dependencies and provenance in a given system
• Propose versioning strategies for data and models
• Design and test systems for reproducibility

Breakout Discussion: Movie Predictions

Data Provenance

Versioning Strategies for Datasets

1. Store copies of entire datasets (like Git), identify by checksum
2. Store deltas between datasets (like Mercurial)
3. Offsets in append-only database (like Kafka), identify by offset
4. History of individual database records (e.g. S3 bucket versions)
   • some databases specifically track provenance (who has changed what entry when and how)
   • specialized data science tools eg Hangar for tensor data
5. Version pipeline to recreate derived datasets ("views", different formats)
   • e.g. version data before or after cleaning?

Aside: Git Internals

Example: DVC

dvc add images
dvc run -d images -o model.p cnn.py
dvc remote add myrepo s3://mybucket
dvc push

• Tracks models and datasets, built on Git
• Splits learning into steps, incrementalization
• Orchestrates learning in cloud resources

https://dvc.org/

ModelDB Example

from verta import Client
client = Client("http://localhost:3000")

proj = client.set_project("My first ModelDB project")
expt = client.set_experiment("Default Experiment")

# log the first run
run = client.set_experiment_run("First Run")
run.log_hyperparameters({"regularization" : 0.5})
run.log_dataset_version("training_and_testing_data", dataset_version)
model1 = # ... model training code goes here
run.log_metric('accuracy', accuracy(model1, validationData))
run.log_model(model1)

# log the second run
run = client.set_experiment_run("Second Run")
run.log_hyperparameters({"regularization" : 0.8})
run.log_dataset_version("training_and_testing_data", dataset_version)
model2 = # ... model training code goes here
run.log_metric('accuracy', accuracy(model2, validationData))
run.log_model(model2)

Logging and Audit Traces

Key goal: If a customer complains about an interaction, can we reproduce the prediction with the right model? Can we debug the model's pipeline and data? Can we reproduce the model?

• Version everything
• Record every model evaluation with model version
• Append only, backed up

<date>,<model>,<model version>,<feature inputs>,<output>
<date>,<model>,<model version>,<feature inputs>,<output>
<date>,<model>,<model version>,<feature inputs>,<output>

More responsible engineering...

Learning Goals

• Explain key concerns in security (in general and with regard to ML models)
• Identify security requirements with threat modeling
• Analyze a system with regard to attacker goals, attack surface, attacker capabilities
• Describe common attacks against ML models, including poisoning and evasion attacks
• Understand design opportunities to address security threats at the system level
• Apply key design principles for secure system design

Evasion Attacks (Adversarial Examples)

Attack at inference time

• Add noise to an existing sample & cause misclassification
• Possible with and without access to model internals

Task Decision Boundary vs Model Boundary

Untargeted Poisoning Attack on Availability

Targeted Poisoning Attacks on Integrity

Insert training data with seemingly correct labels

More targeted than availability attack, cause specific misclassification

Model Stealing Attacks

Model Inversion against Confidentiality

Breakout: Dashcam System

State of ML Security

STRIDE Threat Modeling

A systematic approach to identifying threats (i.e., attacker actions)

• Construct an architectural diagram with components & connections
• Designate the trust boundary
• For each untrusted component/connection, identify threats
• For each potential threat, devise a mitigation strategy

Secure Design Principles

Minimize the impact of a compromised component

• Principle of least privilege: A component given only minimal privileges needed to fulfill its functionality
• Isolation/compartmentalization: Components should be able to interact with each other no more than necessary
• Zero-trust infrastructure: Components treat inputs from each other as potentially malicious

Monitoring & detection

• Identify data drift and unusual activity

Andew Pole, who heads a 60-person team at Target that studies customer behavior, boasted at a conference in 2010 about a proprietary program that could identify women - based on their purchases and demographic profile - who were pregnant.

Data Lakes

Who has access?

Privacy Consent and Control

Mitigating more mistakes...

Learning Goals

• Understand safety concerns in traditional and AI-enabled systems
• Apply hazard analysis to identify risks and requirements and understand their limitations
• Discuss ways to design systems to be safe against potential failures
• Suggest safety assurance strategies for a specific project
• Describe the typical processes for safety evaluations and their limitations

AI Safety

Reward Hacking -- Many Examples

Practical Alignment Problems

Does the model goal align with the system goal? Does the system goal align with the user's goals?

• Profits (max. accuracy) vs fairness
• Engagement (ad sales) vs enjoyment, mental health
• Accuracy vs operating costs

Test model and system quality in production

(see requirements engineering and architecture lectures)

Robustness in a Safety Setting

• Does the model reliably detect stop signs?
• Also in poor lighting? In fog? With a tilted camera? Sensor noise?
• With stickers taped to the sign? (adversarial attacks)

No Model is Fully Robust

• Every useful model has at least one decision boundary
• Predictions near that boundary are not (and should not) be robust

Breakout: Robustness

Scenario: Medical use of transcription service, dictate diagnoses and prescriptions

As a group, tagging members, post to #lecture:

1. What safety concerns can you anticipate?
2. What notion of robustness are you concerned about (i.e., what distance function)?
3. How could you use robustness to improve the product (i.e., when/how to check robustness)?

Safety != Reliability

Reliability = absence of defects, mean time between failure

Safety = prevents accidents, harms

Can build safe systems from unreliable components (e.g. redundancy, safeguards)

System may be unsafe despite reliable components (e.g. stronger gas tank causes more severe damage in incident)

Accuracy and robustness are about reliability!

Safety of AI-Enabled Systems

Improving Safety of ML-Enabled Systems

Anticipate problems (hazard analysis, FTA, FMEA, HAZOP, ...)

Anticipate the existence of unanticipated problems

Plan for mistakes, design mitigations

• Human in the loop
• Undoable actions, failsoft
• Guardrails
• Mistaked detection
• Redundancy, ...

Improve reliability (accuracy, robustness)

Demonstrating Safety

Two main strategies:

1. Evidence of safe behavior in the field
   • Extensive field trials
   • Usually expensive
2. Evidence of responsible (safety) engineering process
   • Process with hazard analysis, testing mitigations, etc
   • Not sufficient to assure safety

Most standards require both

Documenting Safety with Assurance (Safety) Cases

Machine Learning in Production

Fostering Interdisciplinary Teams

(Process and Team Reflections)

One last crosscutting topic

Learning Goals

• Understand different roles in projects for AI-enabled systems
• Plan development activities in an inclusive fashion for participants in different roles
• Diagnose and address common teamwork issues
• Describe agile techniques to address common process and communication issues

Case Study: Depression Prognosis on Social Media

Continuum of Skills

• Software Engineer
• Data Engineer
• Data Scientist
• Applied Scientist
• Research Scientist

Process Costs

n(n − 1) / 2 communication links within a team

Congurence

Structural congruence, Geographical congruence, Task congruence, IRC communication congruence

Breakout: Team Structure for Depression Prognosis

In groups, tagging team members, discuss and post in #lecture:

• How to decompose the work into teams?
• What roles to recruit for the teams

Conflicting Goals?

Matrix Organization

Project Organization

Team issues: Groupthink

Mitigation Strategies

• Diversity in team composition
• Culture of open conflicts
• Appoint devil's advocate in discussions, moderate and rotate speaker order, leaders hide opinions in discussions
• Involve outside experts
• Always request a second solution
• Monitoring and process measurement
• Agile techniques as planning poker, on-site customer

Learning from DevOps

Are Software Engineers Disappearing?

Are Data Scientists Disappearing?

Are Data Scientists Disappearing?

However, AutoML does not spell the end of data scientists, as it doesn’t “AutoSelect” a business problem to solve, it doesn’t AutoSelect indicative data, it doesn’t AutoAlign stakeholders, it doesn’t provide AutoEthics in the face of potential bias, it doesn’t provide AutoIntegration with the rest of your product, and it doesn’t provide AutoMarketing after the fact. -- Frederik Bussler

SE4AI Research: More SE Power to Data Scientists?

SE4AI Research: More DS Power to Software Engineers?

Analogy

Analogy

(better tools don't replace the knowledge to use them)

My View

This is an education problem, more than a research problem.

Interdisciplinary teams, mutual awareness and understanding

Software engineers and data scientists will each play an essential role

DevOps as a Role Model

Joint responsibilities, joint processes, joint tools, joint vocabulary

Some things we tried

• Scaling the class!
• Stable TA-team mapping and checkins
• In-class interactions with 50+ students
• In-class breakouts, posting to slack
• Clear specifications for homework, pass/fail grading, allow resubmission
• Open-ended reading quizzes
• Credit for social activities in teams
• Team checkins, peer grading for "team citizenship"
• Slack for coordination and questions

Feedback

• What was useful?
• What could be improved?
• Where did we overdo it with the homework?
• Ideas for better scaling?
• How to better support teamwork?
• How to better use the recitations?