What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve the potential copyright infringement issues caused by using data containing copyrighted materials during the training process of machine - learning models. Specifically, the paper explores how to supplement the existing input and output methods through randomization techniques (such as differential privacy) to reduce the risk of copyright infringement. #### Main problems: 1. **Define copyright infringement**: How to define whether a model trained on potentially copyrighted data constitutes copyright infringement? 2. **Evaluate similarity**: How to evaluate the substantial similarity between the output generated by the model and the copyrighted data? 3. **Prevent infringement**: How to prevent the model from generating outputs that are significantly similar to the copyrighted data? #### Background: Modern machine - learning models rely on a large amount of high - quality training data, which mainly comes from the Internet. Inevitably, these large - scale data sets contain some copyrighted materials. When a model is trained on these copyrighted data, it may accidentally generate outputs that are very similar to the training data, thus leading to potential copyright infringement problems. For example, although recent foundation models (such as Bommasani et al., 2021) have made progress, research shows that these models can easily remember a large part of their training data (Carlini et al., 2021, 2023). #### Solutions: The paper proposes a new method, that is, reducing the risk of copyright infringement by introducing randomization techniques. Specifically, the paper studies the following methods: - **Near Access - Freeness (NAF)**: This is a method for quantifying the difference between the model output and a secure model that has not been exposed to the original work. The core idea of NAF is to use the inherent randomness of the generative model and measure the substantial similarity by comparing the output distributions with and without access to the original work. - **Differential Privacy (DP)**: Differential privacy is a technique used to protect privacy. It can protect individual data from being leaked by adding noise. The paper explores how to apply differential privacy to copyright protection to ensure that the model does not rely too much on specific training data. - **Other randomization techniques**: Including increasing the decoding temperature, performing random responses, etc., to enhance the randomness of the model, thereby further reducing the risk of substantial similarity. #### Conclusion: The paper experimentally evaluates the performance of the CP - κ and CP - ∆ algorithms and shows how they can effectively alleviate the memory effect of the model in fine - tuning tasks. To achieve more stringent NAF guarantees, the paper suggests introducing additional randomization during the generation process, such as increasing the decoding temperature or performing random responses. In addition, future work will also explore the possibility of enhancing performance by interpolating (ε - DP) model outputs. ### Formula representation - **NAF definition**: \[ \text{Let } C \text{ be a set of copyrighted data points and } M \text{ be a collection of (trained) models. Let } \text{safe}: C \to M; \text{ and let } \Delta \text{ be a divergence measure between distributions. We say that a generative model } p \text{ is } k_x\text{-near access - free (}k_x\text{-NAF) on prompt } x \in X \text{ with respect to } C, \text{safe}, \text{ and } \Delta \text{ if for every } C \in C, \] \[ \Delta(p(\cdot|x) \| \text{safe}_C(\cdot|x))