Can Foundation Models Help Us Achieve Perfect Secrecy?
- URL: http://arxiv.org/abs/2205.13722v1
- Date: Fri, 27 May 2022 02:32:26 GMT
- Title: Can Foundation Models Help Us Achieve Perfect Secrecy?
- Authors: Simran Arora and Christopher R\'e
- Abstract summary: A key promise of machine learning is the ability to assist users with personal tasks.
A gold standard privacy-preserving system will satisfy perfect secrecy.
However, privacy and quality appear to be in tension in existing systems for personal tasks.
- Score: 11.073539163281524
- License: http://creativecommons.org/publicdomain/zero/1.0/
- Abstract: A key promise of machine learning is the ability to assist users with
personal tasks. Because the personal context required to make accurate
predictions is often sensitive, we require systems that protect privacy. A gold
standard privacy-preserving system will satisfy perfect secrecy, meaning that
interactions with the system provably reveal no additional private information
to adversaries. This guarantee should hold even as we perform multiple personal
tasks over the same underlying data. However, privacy and quality appear to be
in tension in existing systems for personal tasks. Neural models typically
require lots of training to perform well, while individual users typically hold
a limited scale of data, so the systems propose to learn from the aggregate
data of multiple users. This violates perfect secrecy and instead, in the last
few years, academics have defended these solutions using statistical notions of
privacy -- i.e., the probability of learning private information about a user
should be reasonably low. Given the vulnerabilities of these solutions, we
explore whether the strong perfect secrecy guarantee can be achieved using
recent zero-to-few sample adaptation techniques enabled by foundation models.
In response, we propose FOCUS, a framework for personal tasks. Evaluating on
popular privacy benchmarks, we find the approach, satisfying perfect secrecy,
competes with strong collaborative learning baselines on 6 of 7 tasks. We
empirically analyze the proposal, highlighting the opportunities and
limitations across task types, and model inductive biases and sizes.
Related papers
- Mind the Privacy Unit! User-Level Differential Privacy for Language Model Fine-Tuning [62.224804688233]
differential privacy (DP) offers a promising solution by ensuring models are 'almost indistinguishable' with or without any particular privacy unit.
We study user-level DP motivated by applications where it necessary to ensure uniform privacy protection across users.
arXiv Detail & Related papers (2024-06-20T13:54:32Z) - Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory [82.7042006247124]
We show that even the most capable AI models reveal private information in contexts that humans would not, 39% and 57% of the time, respectively.
Our work underscores the immediate need to explore novel inference-time privacy-preserving approaches, based on reasoning and theory of mind.
arXiv Detail & Related papers (2023-10-27T04:15:30Z) - Privacy Preserving Large Language Models: ChatGPT Case Study Based Vision and Framework [6.828884629694705]
This article proposes the conceptual model called PrivChatGPT, a privacy-generative model for LLMs.
PrivChatGPT consists of two main components i.e., preserving user privacy during the data curation/pre-processing together with preserving private context and the private training process for large-scale data.
arXiv Detail & Related papers (2023-10-19T06:55:13Z) - Can Language Models be Instructed to Protect Personal Information? [30.187731765653428]
We introduce PrivQA -- a benchmark to assess the privacy/utility trade-off when a model is instructed to protect specific categories of personal information in a simulated scenario.
We find that adversaries can easily circumvent these protections with simple jailbreaking methods through textual and/or image inputs.
We believe PrivQA has the potential to support the development of new models with improved privacy protections, as well as the adversarial robustness of these protections.
arXiv Detail & Related papers (2023-10-03T17:30:33Z) - Tight Auditing of Differentially Private Machine Learning [77.38590306275877]
For private machine learning, existing auditing mechanisms are tight.
They only give tight estimates under implausible worst-case assumptions.
We design an improved auditing scheme that yields tight privacy estimates for natural (not adversarially crafted) datasets.
arXiv Detail & Related papers (2023-02-15T21:40:33Z) - Personalized Privacy Auditing and Optimization at Test Time [44.15285550981899]
This paper asks whether it is necessary to require emphall input features for a model to return accurate predictions at test time.
Under a personalized setting, each individual may need to release only a small subset of these features without impacting the final decisions.
Evaluation over several learning tasks shows that individuals may be able to report as little as 10% of their information to ensure the same level of accuracy.
arXiv Detail & Related papers (2023-01-31T20:16:59Z) - Group privacy for personalized federated learning [4.30484058393522]
Federated learning is a type of collaborative machine learning, where participating clients process their data locally, sharing only updates to the collaborative model.
We propose a method to provide group privacy guarantees exploiting some key properties of $d$-privacy.
arXiv Detail & Related papers (2022-06-07T15:43:45Z) - SF-PATE: Scalable, Fair, and Private Aggregation of Teacher Ensembles [50.90773979394264]
This paper studies a model that protects the privacy of individuals' sensitive information while also allowing it to learn non-discriminatory predictors.
A key characteristic of the proposed model is to enable the adoption of off-the-selves and non-private fair models to create a privacy-preserving and fair model.
arXiv Detail & Related papers (2022-04-11T14:42:54Z) - Differentially Private and Fair Deep Learning: A Lagrangian Dual
Approach [54.32266555843765]
This paper studies a model that protects the privacy of the individuals sensitive information while also allowing it to learn non-discriminatory predictors.
The method relies on the notion of differential privacy and the use of Lagrangian duality to design neural networks that can accommodate fairness constraints.
arXiv Detail & Related papers (2020-09-26T10:50:33Z) - Differentially private cross-silo federated learning [16.38610531397378]
Strict privacy is of paramount importance in distributed machine learning.
In this paper we combine additively homomorphic secure summation protocols with differential privacy in the so-called cross-silo federated learning setting.
We demonstrate that our proposed solutions give prediction accuracy that is comparable to the non-distributed setting.
arXiv Detail & Related papers (2020-07-10T18:15:10Z) - Differentially Private Deep Learning with Smooth Sensitivity [144.31324628007403]
We study privacy concerns through the lens of differential privacy.
In this framework, privacy guarantees are generally obtained by perturbing models in such a way that specifics of data used to train the model are made ambiguous.
One of the most important techniques used in previous works involves an ensemble of teacher models, which return information to a student based on a noisy voting procedure.
In this work, we propose a novel voting mechanism with smooth sensitivity, which we call Immutable Noisy ArgMax, that, under certain conditions, can bear very large random noising from the teacher without affecting the useful information transferred to the student
arXiv Detail & Related papers (2020-03-01T15:38:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.