Differential privacy is ensuring that our neural networks are learning from sensitive data, that they’re only learning what they’re supposed to learn from the data without accidentally learning what they’re not supposed to learn from the data.
The general goal of differential privacy is to ensure that different kinds of statistical analysis don’t compromise privacy.
Statistical analysis, means in the most general term, we have some training data or database or just a dataset about individuals and we want to make sure that our statistical analysis of that dataset does not compromise the privacy of any particular individual contained within that dataset.
When people talk about differential privacy, they don’t always have the same thing in mind. People agree on the definition, but context also matters a lot.
Differential privacy comes in two different kinds which refer to the two different places that you can add noise.
Local Differential Privacy
Adds noise to each individual data point. You can think of this as adding noise directly to the database or having individuals add noise to their own data before even putting it into the database. In this setting, users are most protected as they do not have to trust the database owner to use their data responsibly.
To explain the local model, let us consider a typical setup where we have a set of users with inputs at the bottom, along with a data scientist at the top who would like to learn an aggregation on these inputs. In the middle we have an aggregator that receives the inputs from the users, does the actual computation, and sends the output to the data scientist.
In terms of privacy, what we are after is that no one should be able to learn “too much” about each individual user, and as such a bit of noise is added by each user before sending it to the aggregator.
Global Differential Privacy
Adds noise to the output of the query on the database. This means that the database itself contains all the private information and that it’s only the interface to the data which adds the noise necessary to protect each individual’s privacy
To explain the global model, let us consider the same example, but here the aggregator/operator adds noise instead of the users. Doing so can still give the desired level of privacy towards the data scientist, yet now the users have to trust the aggregator to be an angel.
What is the difference between Local and Global Differential Privacy?
If the database operator is trustworthy, the only difference is that the global differential privacy leads to more accurate results with the same level of privacy protection. However, this requires a database owner to be trustworthy. That is the database owner should add noise properly. In DP literature the database owner is called a Trusted Curator ( An owner of the database upon which global DP is applied and they are trusted to apply DP correctly )
Conclusion :
Fortunately, modern cryptography provides a way out of blindly trusting the aggregator: secure multi-party computation, or MPC for short. Using various techniques such as secret sharing and homomorphic encryption, it turns out that we can actually build a cryptographic system that provides as much privacy as the local model, but assumes much smaller leaps of faith!
Awareness, industry standards, as well as legislation around privacy, are making steady progress, turning privacy into a strategic and ethical positioning. Large companies, such as Google and Apple, have taken into account these opportunities and constraints, and are setting high standards in the field.
Thank You, If Found Useful Clap it! and Share it! to others in need!!
#60daysofudacity #SecureAndPrivateAI #Lesson5
