Stop Uploading Test Data in Plain Text: Practical Strategies for Mitigating Data Contamination by Evaluation Benchmarks

Data contamination has become prevalent and challenging with the rise of models pretrained on large automatically-crawled corpora. For closed models, the training data becomes a trade secret, and even for open models, it is not trivial to detect contamination. Strategies such as leaderboards with hidden answers, or using test data which is guaranteed to be unseen, are expensive and become fragile with time. Assuming that all relevant actors value clean test data and will cooperate to mitigate data contamination, what can be done? We propose three strategies that can make a difference: (1) Test data made public should be encrypted with a public key and licensed to disallow derivative distribution; (2) demand training exclusion controls from closed API holders, and protect your test data by refusing to evaluate without them; (3) avoid data which appears with its solution on the internet, and release the web-page context of internet-derived data along with the data. These strategies are practical and can be effective in preventing data contamination. 2 E.g., OpenAI's GPT series (Brown et al., 2020) , Mo-saicML Inference (MosaicML, 2023), and Google's Bard and PaLM API (Google, 2023b). 3 OpenAI currently provides exclusion guarantees for certain API calls as of March 1, 2023. This guarantee does not extend to data sent before this date or to data sent through the ChatGPT and DALL-E Labs interfaces. Google's Bard provides no exclusion guarantee exists as of this writing. Sources: openai.com/policies/api-data-usage-policies; bard. google.com/faq