Are Chatbots Ready for Privacy-Sensitive Applications? An Investigation into Input Regurgitation and Prompt-Induced Sanitization

• URL: http://arxiv.org/abs/2305.15008v1
• Date: Wed, 24 May 2023 10:48:05 GMT
• Title: Are Chatbots Ready for Privacy-Sensitive Applications? An Investigation into Input Regurgitation and Prompt-Induced Sanitization
• Authors: Aman Priyanshu, Supriti Vijay, Ayush Kumar, Rakshit Naidu and Fatemehsadat Mireshghallah
• Abstract summary: ChatGPT would retain personally identifiable information (PII) verbatim in 57.4% of cases. We probe ChatGPT's perception of privacy-related policies and mechanisms by directly instructing it to provide compliant outputs.
• Score: 4.01610127647615
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: LLM-powered chatbots are becoming widely adopted in applications such as healthcare, personal assistants, industry hiring decisions, etc. In many of these cases, chatbots are fed sensitive, personal information in their prompts, as samples for in-context learning, retrieved records from a database, or as part of the conversation. The information provided in the prompt could directly appear in the output, which might have privacy ramifications if there is sensitive information there. As such, in this paper, we aim to understand the input copying and regurgitation capabilities of these models during inference and how they can be directly instructed to limit this copying by complying with regulations such as HIPAA and GDPR, based on their internal knowledge of them. More specifically, we find that when ChatGPT is prompted to summarize cover letters of a 100 candidates, it would retain personally identifiable information (PII) verbatim in 57.4% of cases, and we find this retention to be non-uniform between different subgroups of people, based on attributes such as gender identity. We then probe ChatGPT's perception of privacy-related policies and privatization mechanisms by directly instructing it to provide compliant outputs and observe a significant omission of PII from output.

Related papers

• Private Text Generation by Seeding Large Language Model Prompts [13.407214545457778]
  We propose Differentially Private Keyphrase Prompt Seeding (DP-KPS), a method that generates a private synthetic text corpus from a sensitive input corpus. We evaluate DP-KPS on downstream ML text classification tasks, and show that the corpora it generates preserve much of the predictive power of the original ones.
  arXiv  Detail & Related papers  (2025-02-18T16:50:38Z)
• On the Differential Privacy and Interactivity of Privacy Sandbox Reports [78.21466601986265]
  The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities. We provide a formal model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee.
  arXiv  Detail & Related papers  (2024-12-22T08:22:57Z)
• Smoke Screens and Scapegoats: The Reality of General Data Protection Regulation Compliance -- Privacy and Ethics in the Case of Replika AI [1.325665193924634]
  This paper takes a critical approach towards examining the intricacies of these issues within AI companion services. We analyze articles from public media about the company and its practices to gain insight into the trustworthiness of information provided in the policy. The results reveal despite privacy notices, data collection practices might harvest personal data without users' full awareness.
  arXiv  Detail & Related papers  (2024-11-07T07:36:19Z)
• Prompt Engineering a Schizophrenia Chatbot: Utilizing a Multi-Agent Approach for Enhanced Compliance with Prompt Instructions [0.0699049312989311]
  Patients with schizophrenia often present with cognitive impairments that may hinder their ability to learn about their condition. While Large Language Models (LLMs) have the potential to make topical mental health information more accessible and engaging, their black-box nature raises concerns about ethics and safety.
  arXiv  Detail & Related papers  (2024-10-10T09:49:24Z)
• PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
  PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories. We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds. State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
  arXiv  Detail & Related papers  (2024-08-29T17:58:38Z)
• Privacy Checklist: Privacy Violation Detection Grounding on Contextual Integrity Theory [43.12744258781724]
  We formulate the privacy issue as a reasoning problem rather than simple pattern matching. We develop the first comprehensive checklist that covers social identities, private attributes, and existing privacy regulations.
  arXiv  Detail & Related papers  (2024-08-19T14:48:04Z)
• Trust No Bot: Discovering Personal Disclosures in Human-LLM Conversations in the Wild [40.57348900292574]
  Measuring personal disclosures made in human-chatbot interactions can provide a better understanding of users' AI literacy. We run an extensive, fine-grained analysis on the personal disclosures made by real users to commercial GPT models.
  arXiv  Detail & Related papers  (2024-07-16T07:05:31Z)
• Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory [82.7042006247124]
  We show that even the most capable AI models reveal private information in contexts that humans would not, 39% and 57% of the time, respectively. Our work underscores the immediate need to explore novel inference-time privacy-preserving approaches, based on reasoning and theory of mind.
  arXiv  Detail & Related papers  (2023-10-27T04:15:30Z)
• DeID-GPT: Zero-shot Medical Text De-Identification by GPT-4 [80.36535668574804]
  We develop a novel GPT4-enabled de-identification framework (DeID-GPT") Our developed DeID-GPT showed the highest accuracy and remarkable reliability in masking private information from the unstructured medical text. This study is one of the earliest to utilize ChatGPT and GPT-4 for medical text data processing and de-identification.
  arXiv  Detail & Related papers  (2023-03-20T11:34:37Z)
• How Do Input Attributes Impact the Privacy Loss in Differential Privacy? [55.492422758737575]
  We study the connection between the per-subject norm in DP neural networks and individual privacy loss. We introduce a novel metric termed the Privacy Loss-Input Susceptibility (PLIS) which allows one to apportion the subject's privacy loss to their input attributes.
  arXiv  Detail & Related papers  (2022-11-18T11:39:03Z)
• Reinforcement Learning on Encrypted Data [58.39270571778521]
  We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces. Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
  arXiv  Detail & Related papers  (2021-09-16T21:59:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.