A Critical Review on the Use (and Misuse) of Differential Privacy in Machine Learning

Blanco-Justicia, Alberto; Sánchez, David; Domingo‐Ferrer, Josep; Muralidhar, Krishnamurty

doi:10.1145/3547139

Cited by 28 publications

(12 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We would like to notice that this is not the usual range of values used in the literature. For example, in privacy-preserving data publishing, values of ϵ above 3 progressively seem to lose any meaningful guarantees [3]. However, for us, the fact that we will be using such large values is irrelevant, since we will empirically measure privacy leakage not through the ε itself, but through the effectiveness of an MIA.…”

Section: Resultsmentioning

confidence: 99%

Membership Inference Attack Against Principal Component Analysis

Zari

Parra-Arnau

Unsal

et al. 2022

Privacy in Statistical Databases

View full text Add to dashboard Cite

This paper studies the performance of membership inference attacks against principal component analysis (PCA). In this attack, we assume that the adversary has access to the principal components, and her main goal is to infer whether a given data sample was used to compute these principal components. We show that our attack is successful and achieves high performance when the number of samples used to compute the principal components is small. As a defense strategy, we investigate the use of various differentially private mechanisms. Accordingly, we present experimental results on the performance of Gaussian and Laplace mechanisms under naive and advanced compositions against MIA as well as the utility of these differentially-private PCA solutions.

show abstract

Section: Resultsmentioning

confidence: 99%

Membership Inference Attack Against Principal Component Analysis

Zari

Parra-Arnau

Unsal

et al. 2022

Privacy in Statistical Databases

View full text Add to dashboard Cite

show abstract

“…We set this value to 1 1000 in all experiments. Existing literature prescribes that the δ parameter should be smaller than one divided by the data set size (Blanco-Justicia et al 2022;Hsu et al 2014;van Dijk and Nguyen 2023). Algorithm 1 uses a privacy bound for the contacts per day, and as our simulators have a max of 200 contacts per day, and an average of only fifteen contacts per day, 1 1000 is well below the recommended standard.…”

Section: Methodsmentioning

confidence: 99%

Protect Your Score: Contact-Tracing with Differential Privacy Guarantees

Romijnders,

Louizos,

Asano

et al. 2024

AAAI

View full text Add to dashboard Cite

The pandemic in 2020 and 2021 had enormous economic and societal consequences, and studies show that contact tracing algorithms can be key in the early containment of the virus. While large strides have been made towards more effective contact tracing algorithms, we argue that privacy concerns currently hold deployment back. The essence of a contact tracing algorithm constitutes the communication of a risk score. Yet, it is precisely the communication and release of this score to a user that an adversary can leverage to gauge the private health status of an individual. We pinpoint a realistic attack scenario and propose a contact tracing algorithm with differential privacy guarantees against this attack. The algorithm is tested on the two most widely used agent-based COVID19 simulators and demonstrates superior performance in a wide range of settings. Especially for realistic test scenarios and while releasing each risk score with epsilon=1 differential privacy, we achieve a two to ten-fold reduction in the infection rate of the virus. To the best of our knowledge, this presents the first contact tracing algorithm with differential privacy guarantees when revealing risk scores for COVID19.

show abstract

“…The present contribution is scoped exclusively on Input Privacy techniques. Previous studies have exposed fundamental flaws of some recently proposed Output Privacy approaches aimed at sharing highly granular data (individual records, micro-data) and/or high-dimensional AI/ML models trained on personal data, see for instance Stadler and Troncoso (2022), Stadler et al (2022), Blanco-Justicia et al (2022), and Domingo-Ferrer et al (2021) and references therein. In the author’s opinion, the hurried adoption of these techniques, in certain business application contexts and without careful further scrutiny, may be more akin to privacywashing than to privacy enhancing.…”

Section: Input Privacy and Output Privacymentioning

confidence: 99%

Steps Toward a Shared Infrastructure for Multi-Party Secure Private Computing in Official Statistics

Ricciato

2024

Journal of Official Statistics

View full text Add to dashboard Cite

A Critical Review on the Use (and Misuse) of Differential Privacy in Machine Learning

Cited by 28 publications

References 45 publications

Membership Inference Attack Against Principal Component Analysis

Membership Inference Attack Against Principal Component Analysis

Protect Your Score: Contact-Tracing with Differential Privacy Guarantees

Steps Toward a Shared Infrastructure for Multi-Party Secure Private Computing in Official Statistics

Contact Info

Product

Resources

About