Having your Privacy Cake and Eating it Too: Platform-supported Auditing of Social Media Algorithms for Public Interest

Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse today. The opaque nature of the algorithms these platforms use to curate content raises societal questions. Prior studies have used black-box methods led by experts or collaborative audits driven by everyday users to show that these algorithms can lead to biased or discriminatory outcomes. However, existing auditing methods face fundamental limitations because they function independent of the platforms. Concerns of potential harmful outcomes have prompted proposal of legislation in both the U.S. and the E.U. to mandate a new form of auditing where vetted external researchers get privileged access to social media platforms. Unfortunately, to date there have been no concrete technical proposals to provide such auditing, because auditing at scale risks disclosure of users' private data and platforms' proprietary algorithms. We propose a new method for platform-supported auditing that can meet the goals of the proposed legislation. The first contribution of our work is to enumerate the challenges and the limitations of existing auditing methods to implement these policies at scale. Second, we suggest that limited, privileged access to relevance estimators is the key to enabling generalizable platform-supported auditing of social media platforms by external researchers. Third, we show platform-supported auditing need not risk user privacy nor disclosure of platforms' business interests by proposing an auditing framework that protects against these risks. For a particular fairness metric, we show that ensuring privacy imposes only a small constant factor increase (6.34x as an upper bound, and 4× for typical parameters) in the number of samples required for accurate auditing. Our technical contributions, combined with ongoing legal and policy efforts, can enable public oversight into how social media platforms affect individuals and society by moving past the privacy-vs-transparency hurdle.


INTRODUCTION
Social media platforms are no longer just digital tools that connect friends and family-today they play a critical role in shaping public discourse and moderating access to information and opportunities.Platforms such as Facebook, Instagram, Twitter, LinkedIn and TikTok have become the new search engines [57,85], helping individuals find important life opportunities such as jobs [52,75], and are often sources of news and advice [87].Content curation on these platforms is done by algorithms that estimate relevance of content to users, which raises fundamental questions about their societal implications.For example: Do these algorithms discriminate against certain demographic groups?Do they amplify political content in a way that threatens democracy?Does optimization for relevance, often defined via engagement, emphasize extreme viewpoints, dividing society?
Prior studies have used either user-driven or expert-led audits to answer some of these questions but their methodologies have limitations.User-driven, collaborative approaches rely on day-to-day observations by users to infer algorithmic behavior of the platforms [13,24,31,88].Such audits have uncovered important societal issues such as racial bias in image cropping on Twitter [11,13].Although user-driven audits can detect such visible algorithmic results, other types of harm can be invisible to end-users and require systematic study by experts to detect [24].
Researchers and journalists have performed audits in a more systematic way to uncover harm on platforms.Examples of their findings include biased or discriminatory ad targeting and delivery [2,5,54,63], amplification of hateful content [80], political polarization [45,51,53,78,83], and promotion of addictive behavior in teens [40] .We describe harms in detail in §3.2.Although existing methods that auditors use have been crucial in uncovering harms and driving change, they are reaching hard limits in terms of what they can reliably and provably learn about the role of platforms' algorithms [2,3,54].We expand on limitations of both user-and expert-driven methods in §2.2.
Concerns of algorithmic harms and challenges of existing auditing methods have prompted policy proposals for a new type of auditing [19,21,32,33,67,81].Such legislation is motivated by the critical role of social media today because of personalization algorithms, the need for auditing these algorithms to mitigate harms, and the concern that self-auditing has not addressed these issues.In addition to legislation, the White House recently reported on civil rights of users in the digital age, raising similar challenges [94].Legislative proposals have suggested platforms make data available to vetted, external researchers, who will audit platforms' algorithms and evaluate their alignment with societal or legal expectations.We call such proposals platform-supported auditing, and discuss how they extend existing auditing taxonomies in §4.1.Two such prominent proposals are U.S. 's Platform Accountability and Transparency Act (PATA [21]) and the E.U. 's Digital Services Act (DSA [33]).The E.U. will start enforcing DSA in 2024 [34], and PATA is still a proposed bill.DSA will require platform to support auditing but how the proposal can be implemented in practice remains an open question [76].
A critical concern outlined in the legislative proposals is the need to protect privacy.Privacy encompasses protecting both users' profile data and platforms' proprietary algorithms.Prior research has shown increasing transparency while protecting users' data and platforms' proprietary algorithms presents technical challenges [1,4,6,14,53,76].Platforms such as Facebook have also cited privacy of users' data as a constraint on increasing their transparency efforts [18,100].In our discussions with platforms, privacy of their proprietary algorithms is also an issue that quickly comes up.Until now, no actionable proposals have been put forth for how to implement platform-supported auditing while addressing the privacy concerns.The challenge is to translate the ambitious policy goals into a practical and scalable implementation.
Our first contribution is to enumerate limitations of existing auditing methods for implementing platform-supported auditing at scale ( §2).We start with an overview of what DSA and PATA compel social media platforms to make available to external auditors.We then enumerate the significant limitations and non-generalizability of existing external auditing methods to study algorithmic harms on these platforms.Specifically, although existing methods have been crucial to detecting how various social media platforms harm different demographic groups and our society at large, they do not generalize well to study multiple types of harms, demographic groups or platforms.
Our second contribution is to suggest that transparency of relevance estimators is the key to enabling a generalizable and actionable framework for platform-supported auditing ( §3).Our proposal provides a plausible, practical approach to platform-supported auditing.While the DSA and PATA require auditing legislatively, they do not specify a mechanism; our approach is the first to meet this need.We show the importance of auditing relevance estimators by examining platforms' documentations that show they are the "brains" that shape delivery of every piece of organic and promoted content on social media.Despite being the core drivers, these algorithms are used across multiple social-media platforms with little transparency into their definitions of relevance or the specific inputs they use to optimize for it.We survey prior audits that indirectly measured how the use of relevance estimators can result in harmful outcomes to show a means to directly query and audit these algorithms is the key to increasing transparency and providing a meaningful path to verifying alignment with societal and legal expectations.
Our third contribution is to show platform-supported auditing need not risk user privacy nor disclosure of platforms' business interests.In §4, we propose an auditing framework that protects against these risks.Our framework uses the rigorous definition of Differential Privacy (DP) to protect private information about audit participants from leaking to the auditor.It also protects the platform by not exposing details of the ranking algorithm-the platform shares with the auditor only the privatized scores of the relevance estimator, not proprietary source code, models, training data or weights.At a high level (Figure 2), our framework works as follows: an auditor queries the algorithm with a trial content and a list of users whose sensitive demographic attributes are known to the auditor.The platform then calculates how relevant the content is to each user, applies a differentially private mechanism to protect information that the relevance scores may leak about the users, and returns a distribution of noisy scores to the auditor.Finally, the auditor uses the noisy scores and an applicable fairness metric to test for disparity between the distributions of relevance scores the algorithm assigns to different demographic groups.The auditor chooses the specific type of content, attribute of users and metric of fairness to use depending on the specific scenario and the type of bias or harm they are studying.
We show that the privacy guarantees in our framework do not prevent an auditor from achieving the same statistical confidence in their analysis as without privacy protections -the "cost of privacy" is an increase in the number of samples required for an audit by a small constant factor ( §5).We theoretically analyze the trade-off between guaranteeing privacy and the minimum sample size required for auditing in one concrete scenario -measuring bias in the delivery of employment ads.For the specific fairness metric we study, equality of opportunity, we find that the noise that the platform adds to guarantee DP increases the required sample size by only approximately a factor of 4 for reasonable auditing parameters, and with a strict upper bound of 6.34.Our contribution is application of a standard DP algorithm to ad relevance estimators, a new application where DP enables viable privacy-utility trade-offs.
Overall, our technical contributions show a path exists from the proposed legislation to a realizable auditing system.While full implementation of our framework is future work and will require collaboration with a platform, conceptually demonstrating how to enable public oversight while protecting privacy is an important step forward.We summarize the limitations of our framework in §4.4,but as the first proposed solution for implementing DSA-and PATA-like laws, it provides a useful starting point for exploring a new solution space.

THE NEED FOR A GENERALIZABLE AUDITING FRAMEWORK
We discuss recent developments in policies that are pushing to increase transparency of digital platforms, the need for safeguards to protect privacy, and the insufficiency of existing auditing methods to practically implement these policies at scale.

Policy Pushes to Increase Transparency while Ensuring Privacy
As social media platforms increasingly shape economic, social and political discourse, new policies are being proposed to regulate them.We discuss two prominent pieces of legislation to mandate independent oversight and transparency research on platforms: Platform Accountability and Transparency Act (PATA [21,79], proposed in the US) and Digital Services Act (DSA [33], to be enforced in the EU starting in 2024).
PATA proposes mandating platforms to support independent research on algorithmic transparency.A discussion draft was originally proposed in December 2021 [20], followed by a formal introduction of the bill in December 2022 [21].The proposal covers all large platforms with at least 25 million unique monthly users.It mandates the platforms make data available to "qualified researchers" who will study how platforms negatively impact individuals and society.Only researchers and projects vetted and approved by the National Science Foundation (NSF) will be allowed to access platforms' data.
DSA was proposed in the EU in December 2020 to regulate digital platforms and services [34].DSA covers a broader set of entities beyond large social media platforms, including online marketplaces and app stores.While DSA has a broader scope than PATA, it similarly mandates platforms to allow scrutiny of their algorithms by "vetted researchers" (Article 40 [33]).DSA was approved and passed as a law in November 2022 [34].
Both PATA and DSA recognize the need to ensure safeguards to protect privacy during platform auditing.PATA emphasizes user privacy, with the necessity to "establish reasonable privacy and cybersecurity safeguards" for user data, and to ensure the data platforms provide is "proportionate to the needs of the [. . .] researchers to complete the qualified research project" [21].DSA acknowledges platforms' desire for "protection of confidential information, in particular trade secrets" [33] when conducting audits.To mitigate the risks to users and platforms, both proposals require vetting auditors, their projects, and results before they are published.Prior to our work, no actionable technical proposals put forth methods to implement such auditor access while protecting users' privacy and platforms' proprietary algorithms.
Platforms themselves also often cite their need to protect user privacy as a handicap for their transparency and self-policing capabilities [1,6].For example, Facebook has argued that laws such as the EU's GDPR constrain their efforts to make data available to researchers [60,100].In line with this argument, Facebook has constrained transparency efforts through actions such as providing data without sufficient granularity and accuracy needed to conduct meaningful audits through its Ad Archive APIs [29,78,100], and shutting down accounts used for transparency research by NYU's Ad Observatory project [18].In a partnership Facebook made with Social Science One, Facebook cited GDPR concerns and agreed to share data only using a differentially private mechanism [60].Other social media platforms such as Twitter have also raised the challenges of sharing data for auditing for societal benefit while protecting the privacy of users [53].
Overall, the legislative proposals demonstrate society's need for increasing transparency.Given policymakers' and platforms' concern about privacy, implementing these proposals requires solving methodological challenges to increasing transparency while safeguarding the privacy of users.Our auditing framework ( §4) suggests that these policy requirements can be made concrete and viable with our proposed methodology.

Existing External Auditing Methods are Insufficient
Until the present, societal and individual harms of social media algorithms have mostly been merely hypothesized or, in some cases, demonstrated by end-users, journalists and researchers through audits done independent of the platforms.
However, such fully external auditing methods are reaching hard limits in terms of what they can reliably and provably learn about the optimization algorithms' role; increasing public-interest researchers' calls for legislation and other transparency sources that can support their efforts [2,3,22,28,54,78,89]. Specifically, the fully external auditing methods face fundamental challenges accounting for confounding variables, measuring the effect of algorithmic decisions that are opaque to end-users, and using proxies for sensitive attributes of interest.As a result, they are difficult to generalize and have high cost.In addition, they are susceptible to platform interference ( §2.3).We next expand on these challenges.
Confounding variables: The first challenge is controlling for variables that confound measurements.These confounding factors are present because platforms' algorithms operate in an environment that is influenced by actions of both users and the algorithms themselves.These hidden variables make it difficult to attribute measured effects to decisions made by platforms' algorithms.
Auditing for bias in ad delivery provides an illustration of the challenge of accounting for confounding factors.Several factors may drive differences in ad delivery to individuals from different demographic groups, such as different levels of market competition from other ads for members of different groups, as well as differences in platform's use or interaction patterns among users from various demographics.An external auditor aiming to isolate the role of the relevance estimator for differences in outcomes between demographic groups must control for such factors.Designing auditing methods with such controls in place, however, is a laborious process that requires careful reasoning and creative hacks.In particular, it took many years of research effort to get from Sweeney's study that gave the first evidence of biased ad delivery in 2013 [90] to Ali and Sapiezynski et al. 's study that attributed such bias to the role the platform's algorithms play in 2019 [2], and the Imana et al. 's 2021 study [54] that established that the algorithms are not merely biased, but, in fact, discriminatory.
Similar factors can confound measurements of potential harms in personalized organic content delivery.For example, a study on Twitter used sock-puppet accounts to compare their reversechronological and personalized timelines, and showed Twitter's algorithms distort information that users get exposed to [10].However, the study identifies the duration sock-puppet accounts stay logged-in for and the timeline scrolling capabilities as potential confounding factors that could possibly alter the conclusions [10].Even Twitter's internal audit of disparate algorithmic amplification of political content, for political right compared to political left, shows the limits of current methods [53].The study showed that their metric of amplification, which is based on number of impressions, demonstrates the presence of bias on Twitter, but that confounding factors prevent any conclusions about potential sources of this bias.
These examples demonstrate the limits of impression-based measurements for isolating algorithmic effects.To increase transparency beyond what we have already learned through existing external auditing methods, a new level of access is needed for auditors ( §3).
Opacity to end-users: Another challenge is that the effects of platform algorithms are often not obvious or visible to end-users.Collaborative methods that rely on end-users' day-to-day experiences may not be able to detects harms that are invisible or unnoticeable to users [24,88].We discuss this limitation in more detail in §6.
Reliance on proxies: A third challenge is the need for an auditor to use proxies for demographic attributes that platforms do not collect or report.Auditors may be interested in studying the impact of a specific demographic feature on algorithmic personalization, but often conduct external audits by posing as a regular user or advertiser.Operating as a normal user or advertiser is relatively easy and allows audits without a platform support or knowledge, but it also means the auditor can only use data points that a platform makes available to any user.For example, in the context of ad delivery, some platforms may not report ad impression rates broken down by attributes such as gender, race or political affiliation.Past audits have worked around this challenge by using proxies for demographic attributes that platforms do not report [2,3,54].However, such workarounds introduce measurement errors [54] and significantly limit the ability to vary the attributes.
Lack of generalizability: Another challenge is that existing external auditing methods are often not generalizable beyond the limited context which they were originally designed for.For example, we carried out a study aiming to ascertain whether job ad delivery algorithms are discriminatory that built upon Ali and Sapiezynski et al. 's work, but adding new controls for job qualifications across genders that required additional knowledge about gender composition of current employees of several companies [54].The use of additional data on employers and the gender of their employees means this method does not directly generalize to auditing for discrimination in ad delivery of other types of ads (for example, housing ads) and along other demographic attributes (such as race).This lack of generalizability is also directly related to the limitations of confounding variables and use of proxies discussed above.In order to work around these limitations, researchers often use one-off hacks that are experiment-or platform-specific.Examples include use of random phone numbers to generate a random custom ad audience [2], and use of public data sources such as voter data to build audiences with a specific demographic make up [2,3,89].Such public data sources are extremely limited and subject individuals to participation in experiments without their knowledge.
On the other hand, crowdsourced audits that rely on browser extensions do not easily generalize beyond desktop versions of platforms, a significant limitation to their applicability given that most people today access social media through their phones.For example, 98.3% of Facebook users access it using a phone app [58].Furthermore, such extensions need to be customized for each platform, and need to be regularly maintained to adapt to changes on platforms' websites.
Cost of auditing: Finally, existing external auditing methods can also incur high costs in terms of both time and money.For ad delivery, the state-of-the-art method for auditing involves registering as an advertiser, running real ads, and measuring how they are delivered in real-time while controlling for confounding factors [2,54].The monetary cost for this procedure can easily accumulate with repeated assessments of a platform to confirm results over time, increase statistical confidence, or vary study parameters.In addition, controlling for confounding factors and proxies for measuring delivery along sensitive attributes requires time for study design.
For studies of personalization of organic content, creation of sock-puppet accounts is expensive because it often requires separate hardware and phone number verification, and it takes time and effort to make a sock-puppet's account activity "realistic".
Overall, these challenges motivate our approach: by using platform-supported auditing centered on relevance estimators, we directly focus on platform choices, side-stepping confounding variables and proxies.Explicit platform support also avoids platform interference and minimizes cost, provided platforms collaborate, as we explore next.

Platforms Beginning to Favor Platform-supported Audits?
Platform-supported audits, of course, require support from the platform, so we next look at evolution of the platforms' responses to requests for auditing.Resistance from platforms: Traditionally, a major challenge for external auditing methods has been resistance from platforms, often citing privacy concerns or violation of their terms of service.
External audits collect data either through interfaces the platforms provide or by using tools such as customized scrapers and browser extensions.Regular website changes complicate long-term maintenance of automated tools that track platforms [10].Facebook has resisted external auditing by explicitly blocking accounts used to conduct audits [18], tweaking its APIs to break auditing tools [69], and threatening legal actions against researchers who scrape data from its platform [50].
A change of heart?Recently platforms have begun releasing data or providing APIs to researchers, suggesting platforms themselves may be interested in some form of platform-supported auditing.Platform support allows them to manage auditing, and perhaps preempt adversarial black-box audits, lawsuits, and explicit regulation.
Facebook announced, in its June 2022 settlement with the U.S. Department of Justice, that it will work towards de-biasing its algorithms used to deliver job, housing and credit ads [7,92], and deployed changes for housing ads in January 2023 [8].The settlement requires Facebook to work with a vetted, external entity to verify the changes implemented to its algorithms comply with the non-discrimination goals set by the settlement, a compliance structure similar to platform-supported methods proposed in PATA and DSA.
Multiple platforms have also recently established programs to provide vetted researchers with access to data about their algorithms.In 2021, Facebook announced the "Facebook Open Research & Transparency" (FORT) initiative, that provides privacy-protected datasets and APIs for researchers, so that "the public can learn more about Facebook's impact on the world from credible and independent academic sources" [37].In the same year, Twitter provided source code of their image salience algorithm to researchers, challenging them to evaluate it for bias [17,103].And in July 2022, YouTube announced "YouTube Researcher Program" (YRP), which promises to provide academic researchers with data, tools, and support to study YouTube and its impact [104].These steps are promising responses partially in the direction of proposed legislative requirements.They suggest platforms are considering explicit support of methods that increase transparency of their influence on individuals and society.
However, for both YRP and FORT, current data available to researchers is limited to public data corpora, such as public videos, pages, posts and comments [37,104].While such access is an important first step for helping understand how the platforms shape public discourse, we argue in §3 that it is also important for platforms to provide a means to studying how their algorithms curate (often personalized) delivery of content.We hope our work encourages platforms to expand these first efforts to allow researchers to study how their algorithms shape access to content.

RELEVANCE ESTIMATORS ARE THE KEY TO INCREASING TRANSPARENCY
In this section, we show transparency of relevance estimators is the key to enabling generalizable auditing of platforms for potential harms.To support this claim, we first document the importance of relevance estimators for content prioritization.We then survey studies that have shown harmful outcomes that result from use of these algorithms.

Relevance Estimators: "Brains" of Social Media Platforms
Relevance estimators are algorithms that form the primary means by which platforms select every piece of content shown to users.Prior work and platform documentation show the importance of these algorithms, but provide little transparency into how they operate.
Given the vast amount of potential content shared on social media, relevance estimators have become responsible for selecting which content is shown on a user's feed and in what order, and  which is omitted or deprioritized.For example, for organic content, it may be selecting and ranking posts from a user's friends or pages they follow, or for promoted content, it may be running auctions for ads that are currently competing for a particular user's attention.Platforms may mix both organic posts and ads in the content feed.Facebook's algorithmic newsfeed dates back to 2007 [72], and Twitter and Instagram deployed such personalization in 2016 [59].Before deploying these algorithms, the platforms used ordering that was reverse chronological.For organic content, these algorithms ultimately boil down to relevance scores that will determine the selection and order of content shown at the top of users' feed.For example, Facebook makes a number of predictions about how likely a user is to engage with posts, and will "add these predictions up into a relevancy score" to order the posts [35].Instagram follows a similar approach [73].Similarly, Twitter uses a number of "consolidated signals to develop a relevancy score" [61] that it uses to determine which tweets to show on top of the feed.LinkedIn also uses an algorithm that "scores tens of thousands of posts and ranks the most relevant at the top of the feed" [71].TikTok mixes content from both followed accounts and others using algorithms that optimize for "effective relevance" as a "secret sauce" [95].
Relevance estimators are also used in ad auctions, that consider relevance as a factor predictive of user engagement.These predictions are combined with other factors, such as the bid and budget the advertiser set for the ad, to determine the auction winner.Different platforms use different terminologies to refer to these predictions.For example, Facebook, LinkedIn and Twitter refer to them as "Estimated action rates" [36], "Relevancy scores" [65], and "Quality scores" [97], respectively.But they all have very similar purposes in that they are applied as modifiers to bids to determine which ad wins an auction.Therefore, an ad with the highest bid may not win an auction if it is given a low relevance score by the algorithmic prediction.
Platforms provide little transparency into their relevance score algorithms, neither for organic nor promoted content.As summarized in Figure 1, publicly available documentation gives a highlevel description that platforms use information about the content itself, the author of the content, and user's profile data.However, the specific types of algorithms and inputs to those algorithms are not disclosed.Facebook, Instagram and LinkedIn use thousands of factors to estimate relevance of posts [35,71,73].Similarly, Twitter's documentation shows they use advanced machine learning algorithms to predict relevance, where the "list of considered features and their varied interactions keeps growing" [61] 1,922 different factors used to rank content (albeit many are marked as legacy) which gives an additional evidence that platforms use many hidden factors to rank content [41].
The importance of relevance estimators to organic content and ad delivery lead us to place them at the center of our mechanism for platform-supported auditing in §4.

Relevance Estimators Can Cause Various Forms of Algorithmic Harms
We next present examples of audits where controlled experiments demonstrate biased or harmful outcomes that result from social media platforms' algorithmic choices of relevance estimators.
Ad delivery is an area where there is substantial evidence for relevance optimization resulting in bias and discrimination.Starting with Sweeney's empirical study in 2013 [90], researchers hypothesized that platform-driven choices result in discriminatory ad delivery across demographic groups.In 2019, this hypothesis was confirmed by Ali and Sapiezynski et al. by showing Facebook's relevance algorithms skewed delivery of job and housing ads by gender and race, even when an advertiser targets a gender-and race-balanced audience and market effects are accounted for [2].A subsequent study by Imana et al. controlled for job qualifications, a legally excusable source of skew, to demonstrate that Facebook's relevance algorithms may be violating U.S. antidiscrimination laws [54].These examples provide evidence that opaque optimization algorithms result in discriminatory delivery of opportunity ads for certain demographic groups.
Facebook's academic work [25] and Facebook's public statements [7] in response to the recent settlement with the US Department of Justice [92] both also acknowledge the need to ensure its algorithms for opportunity ads are not biased.The legal developments serve as additional evidence that harms of relevance estimators that prior studies pointed out are well grounded.
Delivery of organic content is another area where past audits have found evidence for bias.Twitter conducted an internal audit on its algorithms used to curate timelines, and found that its platform amplifies right-leaning political tweets more than moderate ones [53].The study suggests the difference in the amplification may be attributable to Twitter's ranking models assigning higher relevance scores to the right-leaning tweets.Another external audit by Bartley et al. performed a more general comparison of algorithmic and reverse chronological timelines on Twitter and showed the algorithmic timeline distorts information that users are shown [10].
Besides such internal and external audits, investigations done by journalists have corroborated that the potential harms of algorithms used by platforms are not merely theoretical.A recent prominent example is "the Facebook files", an investigation by Wall Street Journal into leaked internal Facebook documents.Among other findings, the investigation showed how changes in 2018 to make "the platform healthier" by focusing on relevance and engagement caused its algorithms to promote objectionable content [93].They report cases where Facebook's algorithms have led teenagers to harmful content [40] and spread hateful posts [80].
These findings underscore the need for public oversight.The goal of such oversight will be to ensure relevance estimators that optimize for business objectives take societal interests into account.Platform-supported auditing is an important part of progress towards this goal.

PRIVACY-PRESERVING PLATFORM-SUPPORTED AUDITING
We next describe our approach to platform-supported auditing and how it addresses risks to the privacy of users and business interests of platforms.

Overview and Context
Our proposal for platform-supported auditing allows an auditor to evaluate whether, for a given piece of content, the platform's relevance estimator scores that content with bias reflecting protected attributes such as gender or race.The framework is summarized in Figure 2  steps: (1) an auditor selects a trial content and an audience whose demographic attributes are known to the auditor, and uploads the content and sub-audience for each demographic group separately; (2) for each demographic group, the platform calculates relevance scores that estimate how relevant the content is to each user in the group; (3) the platform then applies a privacy mechanism and returns to the auditor a noisy distribution of the scores for each group; (4) finally, the auditor evaluates the fairness of the scores assigned to different demographic groups using an applicable metric of fairness.We discuss each of these steps in more detail in §4.3.

Key
Properties of the Framework.Our framework has three key properties: privileged access, generalizability, and preservation of privacy.Figure 2 shows the relationship between these properties, and we next explore them to provide context for the details of our framework.Privileged interface: A unique property of our framework is that we propose platforms provide to auditors a new, privileged query-access to the platform's relevance estimators.This access is privileged in that it will be available only to auditors, not regular users or advertisers.As summarized in §3.1, relevance estimators estimate the interest a user is expected to show for each particular content.Given the central role of these algorithms to platform business models, platforms hold them closely and they are opaque to both users and advertisers.The framework we propose will increase transparency by giving auditors a privileged interface to query these algorithms, allowing evaluation of the algorithms' (un)fairness or potential harms while retaining privacy of both user data and platforms' proprietary information.
Generalizable: Our framework generalizes to allow the auditor to vary the audience, content, and fairness metric to evaluate many potential scenarios for bias.This property is shown in the left hand side of Figure 2 (blue, dotted box).For example, an auditor may evaluate performance of relevance estimators on job ads, political content, news, or misinformation to consider different societally relevant questions.The auditor can select the audience to consider bias relative to attributes such as race, gender, age, or political affiliation.The content and audience then determine what fairness metric the auditor uses as what is considered "fair" is context-dependent [99].Our approach is generalizable because it allows auditors to explore multiple combinations along these three axes, and study various types of potential algorithmic harms.
Preservation of privacy: The final important property of our framework is that it is privacypreserving.Our proposal keeps both user data and platform algorithms private from the auditor, as shown on the right side in Figure 2 (green, solid box).We protect user information with Differential Privacy, and platform's algorithms and any proprietary information is protected by providing only query-level access.We also minimize the chance of abuse by limiting query access to researchers vetted through the legal framework described in DSA and PATA.

Comparison with
Existing Taxonomy of Methods.Our platform-supported auditing framework is a new category that extends the classical Sandvig taxonomy of auditing [84].Their taxonomy defines five types of audits: source code audit, noninvasive user audit, scraping audit, sock-puppet audit and crowdsourced audit.Our platform-supported auditing defines a new type of audit because, unlike methods that use only features or APIs publicly available to regular users and advertisers, it requires a privileged and auditor-specific interface.And unlike methods that require access to platforms' proprietary source code, it only requires query-level access to the output of their algorithms.We further discuss how platform-supported auditing compares to the existing taxonomy of methods in §6.
Our framework is also different from collaborative user-driven audits, another class of methods that does not fit into the Sandvig taxonomy [24,88].In particular, our proposal for direct query access to relevance estimators can help uncover biases that otherwise would be difficult to systematically study solely based on what content end-users' are shown shown on their newsfeed.We also further discuss how our framework compares to user-driven audits in §6.

Privacy and Business Risks of Platform-Supported Auditing
Our approach is designed to minimize risks to the privacy of platform users and to platform's proprietary information.As discussed in §2.1, protecting against these risks is an important goal of PATA and DSA, and is also a concern that platforms identify as a constraint to enabling transparency and auditability.We next discuss the potential risks of providing query access to relevance estimators and the need for ensuring rigorous privacy protection when their outputs are shared.
Relevance scores may leak private user data based on which they are calculated.As discussed in §3.1, platforms calculate relevance scores based on users' personal profile data and their historical engagements with the platform.The relevance of each particular content to each user may reveal information about the user that the auditor otherwise would not know.For example, when a platform finds content about disability support or insurance highly relevant to a given user, that result suggests the user may be disabled or is caring for a disabled person.Similar real-life examples from other contexts include Target's predictive algorithms for sending relevant coupons leaking a teenager's pregnancy [46], and Facebook's "People You May Know" feature that suggest connections Facebook deems relevant revealing private information about a user [47].Even if relevance scores are aggregated in some fashion, prior work has shown similar aggregate outputs of personalization systems, combined with auxiliary information about users can leak private information [12,16,101].Therefore, our auditing method must limit the potential to make such inferences.
In §4.3.3, we show how our framework protects the privacy of users, when privacy protection is defined as ensuring a Differential Privacy (DP) guarantee on any data that is shared with the auditor.Platforms often cultivate information about users, including sensitive information, but our goal is to ensure that no such information becomes available to the auditors.(addressing risks to privacy that the platform itself may pose is outside the scope of our paper.)DP is the current gold standard for protecting privacy of individuals, while providing useful statistical computations on their data [26].DP provides a rigorous guarantee that each individual's choice to participate in the audit has negligible impact on their privacy.A differentially-private mechanism will specifically protect the privacy of the users participating in the audit, while providing aggregate information about the relevance estimator, which the auditor can use to asses fairness.
In addition to risks to platform users, platforms themselves would like to minimize what details of their algorithms they share.Platforms regard their algorithms' source code and data as proprietary business assets; our framework explicitly does not require direct access to either.Our framework minimizes information it requires the platforms to share about their algorithms and data by providing only query access to auditors, asking to share only aggregate relevance metrics, while preserving the confidentiality of the source code, how those metrics are computed and what inputs and training data they use.

Steps of Platform-Supported Auditing
We next describe each of the four steps of platform-supported auditing in detail.

Auditor Uploads Content and Audience.
The auditor first will select a trial content and a customized audience.The auditor selects the content and demographics based on the specific platform and the type of algorithmic harm they are studying.The audience is a list of users whose demographic attributes are known to the auditor.
The auditor then uploads the content and a sub-audience for each demographic group to the platform.Major platforms already have an infrastructure for advertisers to upload audience and content which, with some modifications, can be used for auditing purposes.Given our goals of protecting individual users from harm, we focus on accounts of typical users.Commercial accounts, or accounts of unusual users such as public figures or prominent influencers, are outside the scope of our work.
The type of content and the demographic make up of the users depends on what type of harm or bias the auditor is interested in studying.For example, one may wish to study whether LinkedIn's ad delivery algorithms deliver STEM job ads in a biased way that reflects historical under-representation of women in the field.To perform the study, the auditor may use a STEM job ad as the content, and a sample of men and women as the audience.The auditor will query the platform using the audience from each demographic group to evaluate whether LinkedIn's relevance estimators assign higher scores to men compared to women for the STEM job ad.
The auditor will specify the audience by uploading a custom list of specific people whose demographic attributes are known to the auditor.The auditor can build such an audience in two ways: by externally recruiting volunteers for the study or by asking the platform to provide a random sample of users.Recruiting volunteers has two main advantages over prior methods that use publicly available datasets, such as voter data [2,3,54].First, each participant gets the opportunity to consent to the use of their data for auditing purposes.Second, participants can provide additional attributes that may not be present in public data but could be useful for auditing.An example is a job qualification attribute that is useful for auditing delivery of employment ads.
Existing recent studies such as The Markup's Citizen Browser [91] and Mozilla's Rally [74] show that users are willing to opt-in and provide data to reputable efforts that aim to hold platforms accountable.
In addition to such external efforts, platforms themselves can provide support for selecting a sample of users among those who have provided the platforms with their sensitive attributes [1,66].Using platforms' support for building a random audience of users can help minimize bias such as self-selection that can be present when recruiting external volunteers.We discuss the potential limitations due to audience selection approaches in §5.Having the auditor specify a custom audience is also advantageous over letting the platform itself pick an audience.It helps protect the privacy of users since it does not require platforms, nor gives them the excuse, to collect sensitive demographic attributes.This advantage also addresses the challenges around collecting and securing sensitive attributes of users that companies often identify as one of the major obstacles to auditing for fairness [1,4,14].
Popular social media platforms have an infrastructure for advertisers to upload custom audiences.These existing features are currently designed for use by advertisers to run ad campaigns that retarget their customers.An advertiser may upload information such as names, email addresses and phone numbers of their customers and the platform tries to match this information with user profiles on the platform.
These existing features can serve as a starting point for platforms to build a similar interface that can be used for platform-supported auditing.In the existing custom audience features, not all people in the audience may match to user profiles on the platform.In a prior work, we have found that such partial matches can be a source of error when using custom audiences for auditing [54].A possible modification for supporting accurate auditing is for the platform to allow the auditor to upload unique identifiers (for example: Facebook usernames) for the accounts of people who are participating in the audit.The auditor can collect these identifiers when recruiting volunteers for the study.

Platform
Calculates Relevance Scores.The platform then calculates how relevant the content is to each user in the custom audience.Relevance estimation on the platform boils down to a relevance score for each user, which is the platform's prediction of how likely the user is to engage with the content.The platform will not report the raw scores to the auditor as they may reveal private information about its users' past engagement history.Instead, the platform builds statistics that summarizes the distribution of the scores (for example, a histogram or a CDF), and adds privacy protections (discussed in §4.3.3),before returning the statistics to the auditor.
Platforms use many factors for estimating relevance but not all are applicable for auditing context.For example, during a normal usage of the platform, the estimators may use as inputs factors such as what time of the day it is and for how long a user has been logged in [35].For such temporal variables that are only applicable in the context of a user browsing the site, the platform must keep them constant for all users in the audience.This control allows the auditor to evaluate bias in the relevance estimators that may arise from the historical data that the platform has about users and not from temporal factors.

Platform Applies Privacy
Mechanism and Returns DP-protected Scores.The platform then applies a differentially private mechanism to the statistic of relevance scores calculated and returns a noisy statistic to the auditor.The mechanism will provide a rigorous guarantee that the data the auditor gets was produced in a way that ensures differential privacy for individuals participating in the audit.We use the following definition of DP, where neighboring databases are defined as differing in one person 's data:  1 =  and  2 =  ∪ {} for some database .Definition 4.1 (-Differential Privacy [26]).Given a privacy parameter  > 0, a randomized mechanism  is -differentially private if for any two neighboring databases  1 and  2 , and for any subset  ∈  of outputs, where the probability is taken over the random coin tosses of .
Auditors can approximate tests for group-fairness metrics using a binned histogram of relevance scores without access to individual scores.One method to share the binned histogram while preserving privacy is using the Laplace Mechanism [26].The platform can independently add noise drawn from the Laplace distribution to each of the bins in the histogram.Since presence or absence of a single user changes each bin's count by at most one, adding noise from the Laplace distribution with scale 1/ independently to each bin ensures the mechanism is −differentially private [26].The platform then returns the noisy histogram counts back to the auditor.At the end of §5.2, we discuss what choices of the privacy parameter  our framework allows.
We describe above one iteration of an audit but, in reality, an auditor may be interested in using the same audience to study multiple questions.Answering different questions may require querying relevance estimators multiple times, where each query uses up additional privacy budget.For such cases, (a well-studied topic in the DP literature) composition property of DP allows for the auditor to split a total privacy budget among the different queries [27].We leave exploration of how such total budget can be best allocated and at what cadence it can be replenished as an area of future work.

Auditor
Evaluates Fairness of Relevance Scores.Finally, the auditor uses the noisy distribution of scores to test whether there is a disparity between the relevance scores the algorithm assigns to the different demographic groups.Any arbitrary post-processing to the output of the differentially private mechanism from the prior step does not reverse the privacy protection.Therefore, the auditor can use the noisy scores to apply any post-processing computations to test for fairness without further reducing the privacy of the users.
The specific metric of fairness depends on the type of algorithmic bias the auditor is interested in testing for.For example, to study bias in the delivery of employment ads, the auditor may use Equality of Opportunity as a metric for fairness, since it takes qualification of people for jobs into account, which is a relevant factor for the context of employment [43].We further explore this scenario in our theoretical result in §5.

Trust Model and Limitations
We next discuss the trust model we use to evaluate the privacy and business interest risks of our approach.The efficiency our approach assumes a legal framework in which both the platforms and auditors work in good faith.
Platforms: One major assumption of our framework is that the platform will truthfully collaborate with auditors and ensure audits are done accurately and effectively.The platform must provide auditors access to the same algorithms that are used in production, truthfully executing them on the audience the auditors upload and reporting relevance scores accurately (modulo privacy modifications).This assumption was not stated in prior auditing methods that do not use a platform's support.Even for such methods, platforms have the means to know they are being audited as the audiences and methodologies auditors typically used are publicly documented.Examples included North Carolina's voter datasets used as data source for demographic attributes [89], Facebook ad accounts used to audit ad delivery [2,3,54], and browser extensions used for collecting data from Facebook [77,91].
Assuming the platform truthfully collaborates with auditors is a strong assumption, but there are four reasons we think it is appropriate.First, the consequences of non-compliance are significant when auditing is part of an official legal framework, as it would be in the context of a DSA-or PATA-like law or a legal settlement, such as Facebook's settlement with the US Department of Justice [7].For example, Volkswagen faced significant legal and financial repercussions as a result of their violation of emissions regulations [56].
Second, platforms also have the incentive to minimize inadvertent errors in order to avoid tarnishing their public image and potential legal liability.serve as an example of this incentive.In the first case, Facebook made inadvertent errors in sharing data to external researchers as part of its Social Science One program [96].This preventable error undermined academic work that was based on the data [96], tarnishing Facebook's efforts to be a leader in increasing transparency.In the second case, Facebook mistakenly inflated potential reach estimates for ads, and was sued as a result [42].
Third, simply formalizing auditing and involving two parties often adds sufficient oversight to discourage abuse.For example, corporate financial accounting is not immune to fraud, but the levels of non-compliance are small enough that it is a very useful and powerful tool.
Finally, as discussed in §2.3, there is evidence that the platforms themselves may be moving towards supporting audits through giving external researchers privileged access to their data and algorithms.
Auditors: The platform must also trust researchers doing the independent audit.One risk for abuse is misuse of the auditing interface to harm a platform's business.Both the DSA and PATA provide rules to ensure only vetted researchers will be allowed to perform audits on social media platforms [21,33].In both proposals, an assigned regulatory body will screen researchers and their projects before they are allowed to audit a platform's system or data.Platform-initiated transparency efforts such as Facebook's FORT, Social Science One, and YouTube's Researcher Program also all have approaches for vetting researchers [37,60,104].Such screening processes will minimize the risk that comes from malicious auditors, and the platforms' implementations show that the platforms themselves believe this risk can be overcome.
Another risk is misuse of sensitive data that auditors collect from users who are participating in an audit.Because DP protects user information that may leak to auditors, our work does not create new privacy risks to users.As one example, the auditor framework does not create new opportunities that allow governments or other third parties to surveil users.In addition, unlike prior methods that used voters' data without their knowledge, users in our proposed framework would voluntarily participate by being recruited by an auditor (as discussed in §4.3.1) or through programs the platforms provide [66].

SAMPLE SIZE REQUIRED FOR AUDITING RELEVANCE ESTIMATORS WITH PRIVACY
We next present the key technical result of this paper by applying our framework to one use-case: a study of discrimination in employment ad delivery.We show that the addition of differential privacy to the auditing pipeline does not prevent an auditor from achieving the same statistical confidence as without privacy protections, provided the sample audience is increased by a small constant factor.This result supports our claim that it is feasible to both audit for fairness and protect user privacy and platforms' business interests.

Setup and Assumptions: Bias in Delivery of Employment Ads
Auditing social media platforms for fairness while preserving privacy is a goal that desirable in multiple scenarios.We study one scenario: assessing discrimination in delivery of employment ads.Our problem formulation is general, although specific scenarios place additional requirements, like the role of job qualifications in employment ads.Extending our approach to other types of ads may require identifying similar factors reflecting allowable preferences.We consider the case where an auditor wishes to confirm delivery of job ads is unbiased relative to a factor such as gender or race.To evaluate this question, the auditor will examine the relevance scores a platform's relevance estimator will assign to different groups with specific demographic attributes.This scenario is motivated by prior third-party audits that have indirectly measured the role of relevance optimization in biased job ad delivery [2,54].

Setup and Definitions:
We first introduce formal notations for the scenario.Let  represent a set of all users on a platform and let  be the range of values for a sensitive attribute (For example,  = {black, white, ...} for race).Let  = {0, 1} represent binary options for qualification of a user to a given job ad (1 if the user is qualified, 0 -otherwise).Let   () be the relevance estimator that calculates the relevance score of the job ad  to a given user  ∈  .We assume a specific ad  and omit the subscript  throughout.And let  be a small finite set of discrete relevance scores (we describe how to extend  to the continuous case at the end of this section).
In practice, the external auditor cannot have access to a complete list of all of the platform's users ( ), so the auditor recruits a sample () of users to perform the audit.The auditor uses a random sample set  = {( 1 ,  1 ,  1 ), ( 2 ,  2 ,  2 ), ...., (  ,   ,   )} drawn i.i.d.from  .In that case, each subset  , is also i.i.d. in  , , where  , and  , represent subsets with given values of  and .We discuss implications of this assumption at the end of this section.
Following the steps in Figure 2, the auditor first queries the platform's relevance estimator using each subset   and ad  (step 1).The platform then applies  to every user in   (step 2) and builds a histogram  of the scores, grouped by possible range of relevance scores in  .It then independently adds noise drawn with a Laplacian distribution  ( 1  ) to each of the bins in  , where  represents the level of differential privacy desired.The platform returns the noisy histogram counts back to the auditor (step 3).
Finally, the auditor tests for fairness of the scores assigned using Equality of Opportunity as a definition of fairness (step 4).Equality of Opportunity is an established fairness notion in the algorithmic fairness literature, and is applicable to job ads as it allows for taking into account the qualification of users [43].
Definition 5.1 (derived from Equality of Opportunity [43]).A relevance estimator function  satisfies equality of opportunity: where the probability is taken over the choices of samples from  and the random coin tosses of .
We modify Hardt et al. 's formulation by using the group of qualified people ( = 1) to represent the "advantaged outcome" group [43].The advantaged outcome in our case is that a person sees a job ad because they are qualified for the job.In addition, in our formulation, the outcome space  is not binary but a finite set of discrete values.
To test for this metric, the auditor must know whether each user is qualified for the job being advertised.For convenience, we introduce the following notation: , () represents the likelihood that a qualified individual from a specific demographic group  receives a relevance score .The auditor expects this likelihood to be equal across demographic groups if the platform's algorithm is unbiased.We relax strict equality of the above term since any real-world observation may have small noise or variation.We will use a relaxation from prior work [86], that allows a small additive error  as maximum allowed fairness gap () between any two demographic groups.We change the relaxation to use  instead of  because we use  as a privacy parameter.Definition 5.2 (-fairness [86]).We define a relevance estimator function  to be -fair if: Since the auditor has only access to an independent sample of users (), the measure of  , the auditor gets empirically is given by: where 1{.} is an indicator function selecting qualified members from group  that are assigned a score , and  , is the number of qualified members in S from group .The equation requires that  , > 0, an assumption we discuss at the end of this section.
Let  ,, be the number of qualified people in  from group  that got assigned a score .We can also rewrite  , (, ) as: We next consider the value of  , (, ) after it is distorted by noise to preserve privacy.From Equation 3,  , is already known to the auditor so the quantity the platform wishes to protect is  ,, , which represents each bin in the histogram that the platform computes.The platform applies Laplace mechanism by adding noise drawn from  ∼  ( 1  ) to each count  ,, to guarantee -DP [26].Let  * , (, ) represent the noisy value the platform calculates: Extending a formulation in prior work [86] by adding a new privacy parameter, the empirical fairness gap (EFG) is given below (we give both the private and non-private cases).A large EFG between two demographic groups implies unfairness.
The auditor checks  (, , ) ≤  to test whether a relevance estimator  is fair.To analyze the sample size needed to perform this test with high statistical confidence, we will use the following definition that allows a small  probability of failure over the randomness in  and possible choices of samples in .Definition 5.3 ((, )-fairness [86]).We define  to be (, )-fair with high probability with respect to S if: We extend this definition for the case where an -DP mechanism is applied to outputs of  to protect privacy of users.Definition 5.4 ((, , )-fairness).We define  to be (, , )-fair with respect to S where an -DP mechanism is applied to outputs of  if: The formulation in this and the following sections assumes  is a set of discrete values.Equation 1 and Equation 2 can be extended to the case where  is a continuous space by choosing a different indicator function and comparing CDFs of relevance scores:

Assumptions:
Our approach makes several assumptions to avoid degenerate cases.We describe these next so that an auditor can design a robust experiment and may verify, post-audit, that the assumptions are met.
Equality of Opportunity (EoO) metric (Definition 5.1) adapts to unequal numbers of qualified individuals from different groups, but it cannot handle cases when no one or very few in the population with specific attributes are qualified for the job being advertised.The first degenerate case occurs when  , = 0 in the denominator in Equation 2. Another case is when only a few individuals are qualified from one group, and very many individuals are qualified from a second group (Example:   1 , = 1 and   2 , = 1 million).In this case, EoO requires selecting all or none of the 1 million people in  2 to match the inclusion or exclusion of the only individual in  1 .Our Theorem 1 guarantees that, for realistic parameters,  , is not small and that such degenerate cases do not occur.Moreover, the auditor may verify, post-audit, that the assumptions about  , were met.
Second, we assume samples in each demographic group are independent and identically distributed.We recognize that there maybe confounding factors that may induce bias, such as the location the audience is chosen from or difference in how active users are on the platform.The auditor can anticipate some of these factors and control for them but only the platform has the data to verify independence.In our result, we assume independence only within samples in a group, so we do not expect this limitation to decrease the observable differences in fairness across groups.This assumption is common in nearly all statistical studies, and is aimed to be achieved by following best practices in subject selection.Examples from prior work include repeating audits on various audience partitions, and varying locations that users are chosen from [2,54].
Third, we assume there is some way to randomly sample users.This mechanism may be provided by the platform, or the auditor may use some external source of users (in which case we require that will not induce its own bias).We recognize that sampling users from social media and encouraging them to share their data with the auditor may be difficult, but prior studies have met this requirement satisfactorily (for example, the work of Citizen Browser [91]).We therefore place this problem outside the scope of this paper.

Result: Minimum Sample Size Required for Auditing with Privacy
Building on the background in the prior section, we give the following theoretical result: we show that, for employment ad delivery use-case, auditing with differential privacy guarantee increases the number of samples required for auditing, but only by a small constant factor.Theorem 1.An audit relying on a differentially privatized output of a relevance estimator  is (, , )-fair under equality-of-opportunity provided that, compared to the non-private case, an additional factor of   samples are measured.We show that 4 ln(3)/ln(2) = 6.34 is an upper bound for   and that 4 is a better estimate for   under typical auditing parameters.
Formally, for an auditor to verify  is (, , )-fair with respect to a sample set , assuming  > /2, the condition  (, , ) ≤  and the following condition on the minimum number of where  = {( 1 ,  1 ,  1 ), ( 2 ,  2 ,  2 ), ...., (  ,   ,   )} ∼  and  , is the number of people in  with sensitive attribute  ∈  and who are qualified for the job being advertised. and  are knobs that control the level of fairness and statistical confidence, respectively.
To prove this theorem, we first show with the case of auditing relevance scores when a privacy mechanism is not used.We then analyze by what factor the required number of samples increases when a differentially private mechanism is applied.
Lemma 5.1.Without any guarantees of privacy, the following minimum number of samples is required to verify whether  is (, )-fair with respect to a sample set : where  = {( 1 ,  1 ,  1 ), ( 2 ,  2 ,  2 ), ...., (  ,   ,   )} ∼  and  , is the number of people in  with sensitive attribute  ∈  and who are qualified for the job being advertised.
For the non-private case, the proof directly follows from prior work by Segal et al. on auditing machine learning models using cryptographic techniques [86].In Appendix A, we extend their proof with consideration of qualification as an additional attribute.
We next consider sample size for the private case, where the auditor receives a noisy histogram of relevance scores because the platform applies a differentially-private mechanism.Lemma 5.2.With privacy, the following minimum number of samples is needed to verify whether  is (, , )-fair with respect to a sample set , where  = {( 1 ,  1 ,  1 ), ( 2 ,  2 ,  2 ), ...., (  ,   ,   )} ∼  and  , is the number of people in  with the sensitive attribute  ∈  and are qualified for the job being advertised.
Proof.At a high level, the proof works by first defining a bad event that we want to happen with very low probability and then conditioning on this event not happening to derive the sample size needed to guarantee (, , )-fairness.The bad event is when there is error in the value for  , that the auditor calculates empirically.We have two sources of error: sampling error and error due to noise added to protect privacy.Now, consider the following "bad" event where the error between the value the auditor calculates  * , (, ) and the true  , () is above some threshold  > 0: Conditioning on the event that the total error for the bad event does not exceed , we get a lower bound for a sample size that satisfies (, )-fairness using the following value of  (see Appendix A): We bound the probability of the above bad event for all groups in  and possible outputs in  : By applying the triangle inequality, it is sufficient (but not necessary) to bound the probability that each of the two sources of errors exceed /2: Since we require the samples in  are chosen i.i.d.,  , (, ) is unbiased estimator of  , (), i.e,  [ , (, )] =  , () (We prove this in Appendix C).Therefore, we can apply Hoeffding's inequality to the first term (sampling error) to simplify it to 2 exp( − ,  2  2 ).We then apply a known tail bound for the Laplace distribution (for  ∼  () : to the second term (privacy error) to simplify it to exp( ).We then take a union bound over all possible values of  and : where   is the smallest  , across all groups  , .The last step above uses the fact that  >  to simplify the term.This fact follows from Equation 9and uses the assumption from Theorem 1 that  >  2 .Rearranging the term and then plugging in  =  2 , we get the following lower bound for   : We next give the following upper bound on the factor by which number of samples increase when a privacy mechanism is added to conclude the proof of the theorem.Lemma 5.3.Compared to the non-private case (Lemma 5.1), at most 6.34 times as many samples are needed to perform the audit with differential privacy guarantees (Lemma 5.2)).
We prove the above lemma in Appendix B. While this is a strict upper bound, for reasonable auditing parameters, the overhead is much lower, around 4. Figure 3  the four parameters: , , ||, and | |.For all parameters, the factor of increase stays close to 4, lower than the true upper bound of 6.34.We omit  from the plots because the upper bound stays the same for any  >  2 .Since a typical value for  will be close to 0, this constraint allows for small values of , which are known to provide reasonable privacy guarantees [27].
As an example of this more typical upper bound, say the auditor sets the fairness gap to  = 0.2, a comparable parameter to the 4/5ths rule that is commonly applied to test for adverse impact [30].Assume there are 2 demographic groups (|| = 2) and that relevance scores range from 1 to 100 (| | = 100), and assume the auditor would like to evaluate fairness with 95% confidence ( = 0.05).Then, the auditor needs a minimum of 1,879 samples from each demographic group to do the evaluation with privacy guarantees, compared to 450 samples without privacy, which is a 4.17x increase.Such a sample size is reasonable compared to cohorts of several thousands of users used in prior external audits performed on social media platforms [2,54], and is at the same order of magnitude achieved by current opt-in crowdsourcing efforts [91].
This small constant factor represents the increase in number of samples that ensuring the protection of differential privacy requires.More importantly, it demonstrates that ensuring privacy need not be a barrier to implementation of platform-supported auditing.

RELATED WORK
As algorithmic decision making systems have become ubiquitous, there is a growing call for auditing them for potential harmful behavior.We highlight below such work on methods for algorithmic auditing, their use on social media and their trade-offs with privacy.
Methods for Algorithmic Auditing: Audits can be either internal, performed by employees of companies with direct access to their systems, or external, performed by independent third-party entities with usually only user-level access to the systems.We highlight how the platform-supported auditing framework we propose compares to existing auditing methods.
Sandvig et al. provides an overview and taxonomy of external algorithmic auditing methods [84].The taxonomy identifies five categories for types of audits: source code audit, non-invasive user audit, scraping audit, sock-puppet audit and crowdsourced audit.Using this taxonomy, a recent literature review categorized past algorithmic audits done on Internet platforms [9].Our proposal for platform-supported auditing would extend this taxonomy of audits.It differs from source code audits because it only requires that auditors to have query access to algorithms' output without access to the underlying code.It differs from the other four types of methods because it requires a privileged and auditor-specific query interface.
Some newer collaborative and user-driven auditing methods explored in the human-computer interaction and social computing literature do not directly fit into Sandvig's taxonomy.Such methods rely on regular users to identify bias in algorithms, and do not formally involve auditing experts [24,88].One example of newer methods is everyday algorithm auditing, where users of online platforms identify problematic behavior through their normal, day-to-day interactions with the platforms [88].Recent examples of everyday users uncovering bias in Twitter's image cropping algorithm and Yelp's rating system, show the ability of everyday users to identify problematic algorithms without formal or centralized auditing.Additional work has explored making user-driven auditing more effective [24].Although user-driven auditing is important, our work instead focuses on detecting harms that are not visible to casual users, such as discriminatory ad delivery by gender or race.A user cannot know which ads they were targeted with but not shown due to platform's algorithmic choices based on their characteristic; thus, such studies require a broader view of the algorithm's performance.Second, our work employs an auditor who can carry out statistical tests to document skew.Such tests allow detection of more subtle differences that would be invisible to users.Despite the differences, platform-supported auditing and user-driven audits can complement each other, with user-driven auditing suggesting the types of problems that may warrant more systematic, statistical evaluation through our proposed framework.
Matias et al. have proposed software-supported auditing, augmenting the effectiveness of crowdsourced audits with automation that chooses auditing parameters such as audit prompts and sample size [68].While this work rigorously estimates sample sizes, they do not analyze how adding a privacy guarantee changes the sample size required, something we add in §5.
Reisman et al. proposes a framework for performing algorithmic impact assessments and enumerates challenges around them [82].Among other recommendations, they identify the need for external auditors to have meaningful access to periodically assess the impact of algorithms but they do not suggest how auditing can be done while protecting privacy.Metaxa et al. emphasizes the need to evaluate the role of personalization when auditing algorithmic systems [70].Our work provides a concrete proposal for how to implement an audit of social media platforms' personalization algorithms while safeguarding the privacy of users.
An audit of Pymetrics, a startup that offers a job candidate screening service, performed by external researchers in 2020 proposes a new cooperative audit framework, where the target platform gives the auditor special access to its source code and data [102].This framework is similar to our work in that it requires platform collaboration.Our framework differs in that it requires only query access to the platform's algorithms, and does not require access to underlying proprietary source code and data; furthermore, it protects the privacy of the individuals participating in the audit.
Use of Algorithm Audits on Social Media: Several studies have investigated the role of social media algorithms in biased delivery of both organic content and promoted ads.Sweeney empirical study of Google Search ads [90] was the first to hypothesize that platform-driven decisions can lead to discriminatory ad delivery; a hypothesis strengthened by evidence from subsequent works [23,39,62].Ali and Sapiezynski et al. confirmed this hypothesis by showing Facebook's algorithms skew delivery of job and housing ads by gender and race even when an advertiser targets a neutral audience [2].In our prior work, we showed how to control for job qualifications on Facebook and LinkedIn, providing evidence that skew on Facebook may be discriminatory under U.S. law [54].While these studies successfully identified harms, each has limitations we discuss in §2.2.The new method we propose can be used to audit societal impacts of ad delivery algorithms while accounting for user privacy and other limitations.
Audits have also evaluated how social media algorithms bias delivery of organic content.A sock-puppet study of Facebook's newsfeed, with a focus on content generated leading up to the Italian election in 2018, shows the algorithms cause ranking bias [44].A similar sock-puppet audit compared reverse-chronological and algorithmic timelines on Twitter to show the platform's algorithms distort content that is shown to users [10].An internal audit by Twitter also looked at the effect of algorithmic timelines on political content and found their algorithms amplify content unequally across the political spectrum [53].These studies quantify biases by comparing algorithmic and chronological timelines.Although we do not apply our work to bias in organic content, our framework is generalizable to studying where such biases may arise from.
Algorithmic Auditing and Privacy: Auditing for fairness while protecting privacy of users is also an active area of research that our work contributes to.Segal et al. proposed a privacypreserving framework for certifying the fairness of machine learning models through an interactive test [86].Their framework protects privacy of auditors' query inputs by using secure computation to ensure the model owner does not see the data in the queries.In contrast, our method assumes user data is already known to the platform, as is the case of social media platforms.Our framework focuses on protecting the information query outputs leak about users or the platforms' algorithms to the auditor.
Other studies at the intersection of auditing and privacy have also looked at addressing privacy and other challenges around use of demographic data.Studies by Holstein [49] and later by Andrus [4] interviewed practitioners from a wide range of industries to map out such challenges and normative questions around collection, inference, and use of sensitive demographics attributes of users for fairness efforts [4,49].Similarly, Bogen et al. discusses the challenges around access to demographic attributes that arise due to different laws and inconsistent practices across different domains such as credit, employment, and health [15].Platforms like Meta are actively working to address these challenges with new mechanisms for internal studies of the impact of sensitive attributes while protecting privacy [1,6].Our proposal sidesteps these challenges as it does not require platforms to collect or store sensitive attributes; they only need to be known by the external auditor.Similar to our work, Veale et al.'s proposes use of a trusted third-party entity to collect demographic data of users of an algorithmic system and later used the data for auditing the system [98].Our proposal differs in that it does not require collection of demographic attributes of all users, but just enough number needed to conduct an audit.Other works aiming to determine disparate algorithmic outcomes based on group membership, such as by [55] and [38], operate under a different privacy goal -they aim to keep group membership private from the auditor.

IMPLICATIONS AND FUTURE WORK
Privacy concerns have hindered increasing transparency into operation of social media platforms.Our work addresses this challenge by showing it is feasible to audit relevance estimators, the "brains" of social media platforms, without violating the privacy of their users or revealing proprietary details of the platforms' algorithms.
A natural next step for this work is collaboration with a social media platform to evaluate a prototype of our framework.While a full implementation is future work, our conceptual demonstration of the framework's feasibility is important progress, suggesting proposed legislation can be realized; the policy goal of external auditing with privacy is feasible.
Our proposal for platform-supported auditing gives a practical framework for implementing policies outlined in DSA and PATA.Our framework focuses on these proposals as both are promising efforts to increasing transparency of social media platforms and their algorithms' role in influencing individuals and shaping societal discourse.Compared to prior proposals in the U.S. [19,67,81], PATA is the most comprehensive in terms of the large platforms it covers [76].Even if PATA's ultimate fate is uncertain, the EU-centric DSA that has already been passed as law may influence future policies in the U.S. and beyond, similar to the way EU's GDPR has shaped the global privacy landscape [64].As an example, YouTube's announcement of the YouTube Researcher Program for researchers in more than 50 countries came on the heels of the passing of the DSA [104].
The scope of our framework has limitations that are potential avenues for future work.For example, DSA's proposal covers platforms and services other than social media that are outside the scope of our study.Also, within social media platforms, our work focuses on how organic and promoted content is delivered on users' feeds, a place where users consume most of their content.However, there are other features, such as Trends on Twitter, chosen by platforms' algorithms, which we do not address in our work but are worth studying for potential harms such as misinformation.
Another potential direction for future work is exploring how platform-supported auditing can be adopted to study other forms of algorithmic harms.Our example use case focuses on auditing for discrimination in job ad delivery.A potential direction is exploring privacy mechanisms and metrics of fairness that will safeguard privacy of users when performing audits in other contexts, such as amplification of political and hateful content.
Our work assumes audits will be conducted under a legal framework that incentivizes platforms to act in good faith ( §4.4), but another area of future work is to relax this assumption and add technical methods that look for accidental errors or intentional non-compliance by platforms.Correlation of data has detected lapses in the past [96].Technical methods, combined with the legal incentives proposed in DSA and PATA, would provide even stronger guarantees that audits are accurate and complete.

CONCLUSION
Auditing social media platforms for public interest is an active and pressing area of academic research, policy-making and legislation.To address concerns raised by prior audits, legislations have been proposed to mandate auditing by external researchers without compromising privacy of platform users and business interests of platforms.We propose a platform-supported auditing framework that has safeguards for protecting against these risks.The center of our mechanism is increasing transparency of relevance estimators, which are the core drivers of both organic and promoted content choice and prioritization on social media.Our analysis shows privacy-preserving auditing of relevance estimators can be implemented with high statistical confidence, provided that the sample size is increased by a small constant factor.Our findings offer a novel technical solution for how to practically implement public oversight of social media companies, a core goal the proposed legislations are pushing for.

A NUMBER OF SAMPLES REQUIRED FOR AUDITING WITHOUT PRIVACY
In §5.2, we suggest Lemma 5.1 holds as lower bound for number of samples required for auditing without privacy.Here we give a detailed proof for Lemma 5.1.Our proof follows Segal et al.'s work [86], with modifications to adopt it to our use-case that considers qualification as an additional attribute of users.
Proof.An auditor uses a sample set  of users to perform an audit.Consider the following "bad" event where the sampling error is above some threshold  > 0: We would like to bound the probability of this event for all demographic groups in  and possible outputs in  : [∃ ∈  and  ∈  :  , (, ) is bad] ≤  We use union bound followed by Hoeffding's concentration bound: where   is the number of people in a group in  that has least number of qualified people.We want the above probability to be small, i.e., ||| |2 exp(−2   2 ) ≤ .Rearranging, we get the following bound on   : We next derive the value of  needed to guarantee (, )-fairness.Based on Definition 5.2, it is sufficient to show that, for any pair  1 ,  2 ∈  and any  ∈  , the fairness gap is bounded by :     10.Here we give a proof for why we can apply Hoeffding's inequality even in the presence of potential bias in .
From Equation 10, we would to apply Hoeffding's bound to the following sampling error term: , (, ) −  , () >  2 Hoeffding's inequality gives an upper bound on the probability that the sum of bounded random variables deviates from its expected value [48].
To apply Hoeffding's, we need to show sampling is i.i.d. and that we are summing bounded random variables.An auditor can sample i.i.d. in several ways: the platform may provide sampling or the auditor may use an external source of a unique set of users.Based on Equation 2,  , (, ) is a sum of  , indicator variables defined on each sample in  , .Indicator variables can only hold a value of 0 or 1, so they are bounded.The remaining requirement we need to show to apply Hoeffding's is: [ , (, )] =  , () (13) The goal of the auditor is to test for potential bias that is correlated with some sensitive attribute.We next show  , (, ) is unbiased estimator of  , () (by showing Equation 13 the presence of bias per group as long as the samples in  , are i.i.d.We consider three cases: when bias is an additive constant factor, a multiplicative constant factor, and an additive discrete random variable. Bias that is an additive, constant factor.Consider the following formulation that takes such bias into account: () =  () +   (14) where   is a constant bias for a user with attribute , and  () is a random variable reflecting that individual 's history.
As mentioned before,  , represent subset of  with given values of  and .We consider the subset of qualified individuals so  = 1.Let  , represent the complement of  , .=  , () .....plug in Equation 14 in Equation 1Therefore, we can apply Hoeffding's for samples in a group even if the group attribute induces an additive bias.
Bias that is a multiplicative, constant factor.One can follow similar steps to show Equation 13holds for the case a multiplicative constant bias.Let () =  () *   (16) where   is a constant.=  , () .....plug in Equation 16in Equation 1Bias that is a random variable (not a constant).Consider bias that is a discrete random variable and is an additive factor.Let () =  () +   where   is a discrete random variable.We would like to show Equation 13 holds for this case.We look at each side of the equation separately: Since Equation 17and Equation 18 are equal,  [ , (, )] =  , ().

Fig. 1 .
Fig.1.Social media platforms use relevance estimators to score every content using many factors as input, only some of which are publicly documented.