Foundation models could help us reach the "perfect secret"

Check out all the Smart Security Summit on-demand sessions here.

The digital assistants of the future promise to make everyday life easier. We may ask them to complete tasks such as booking accommodation for an out-of-town business trip based on the content of an email or answering open-ended questions that require a mixture of personal context and public knowledge. (For example: "Is my blood pressure within the normal range for someone my age?")

But before we can achieve new levels of efficiency at work and at home, a big question needs to be answered: how can we provide users with strong and transparent privacy safeguards about the underlying personal information used by machine learning (ML) models? to arrive at these answers?

If we expect digital assistants to facilitate personal tasks that involve a mix of public and private data, we will need the technology to provide "perfect secrecy", or the highest level of confidentiality possible, in certain situations. Until now, previous methods either ignored the privacy issue or offered weaker privacy guarantees.

Third-year PhD in computer science at Stanford. student Simran Arora studied the intersection of ML and privacy with Associate Professor Christopher Ré as an advisor. Recently, they set out to determine whether emerging baseline models – large ML models trained on massive amounts of public data – hold the answer to this pressing privacy question. The resulting paper was published in May 2022 on the preprint service ArXiv, with a proposed framework and proof of concept for using ML in the context of personal tasks.

Event

On-Demand Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.

look here The Perfect Secret Defined

According to Arora, a perfect guarantee of confidentiality satisfies two conditions. First, as users interact with the system, the likelihood of adversaries learning private information does not increase. Second, because multiple personal tasks are performed using the same private data, the likelihood of data being accidentally shared does not increase.

With this definition in mind, she identified three criteria for evaluating a privacy system against the goal of perfect secrecy:

Privacy: How well does the system prevent the leakage of private data? Quality: How does the model perform a given task when perfect secrecy is guaranteed? Feasibility: Is the approach realistic in terms of time and cost incurred to run the model?

Today, state-of-the-art privacy systems use an approach called federated learning, which facilitates the formation of collective patterns between multiple parties while preventing the exchange of raw data. In this method, the model is sent to each user and then sent back to a central server with that user's updates. Source data is never revealed to participants, in theory. But unfortunately, other researchers have discovered that it is possible to recover data from an exposed model.

The popular technology used to improve the privacy guarantee of federated learning is called differential privacy, which is a statistical approach to protecting private information. This technology requires the implementer to set privacy parameters, which govern a trade-off between model performance and information privacy....