Random Noise Data Generator

Summary: Random noise data generator uses differential privacy to provide mathematically verifiable data privacy guarantees by introducing a controlled amount of random noise data in the training datasets.

Type of pattern: Product pattern

Type of objective: Trustworthiness

Target users: Data scientists

Impacted stakeholders: RAI governors, AI users, AI consumers

Lifecycle stages: Design

Relevant AI ethics principles: Privacy protection and security

Context: It is often insufficient to protect data privacy by directly removing sensitive data (such as personally identifiable information) from a dataset through data anonymization techniques (such as k-anonymity [1] and its variations). This is especially true when attackers already have some information about individuals in the dataset. Even if attackers do not have access to the full dataset, they may still be able to re-identify individuals by cross-referencing other information they have access to.

Problem: How can we prevent the private data from being leaked, especially the personally identifiable information? 

Solution: Differential privacy is a privacy-preserving technique that adds a carefully tuned amount of random noise data into training datasets before using the dataset to train the model. This noise is specially calibrated to ensure the training results are not significantly impacted. In other words, the presence or absence of any single piece of data in the training dataset does not impact the results of the model training.

Benefits:

• Guaranteed data privacy: Differential privacy can be used to reduce the risk of data leakage in AI systems by protecting the privacy of the training data. The introduction of noise in the training data makes it difficult for an attacker to infer the original data from the decisions made by the AI system.
• Reduced risk of data memorization: Differential privacy performs indistinguishable results on neighboring datasets, making it challenging for an attacker to memorize individual data entries.

Drawbacks:

• Model utility loss: Applying differential privacy to AI systems can result in a decrease in the accuracy of the models. 
• Limited by data type: Applying differential privacy to unstructured data, such as videos, images, and text, can be challenging. 

Related Patterns:

• Federated learner: Differential privacy can be used in federated learning to protect data privacy by randomly generating noise data in the local training and aggregation process.  

Known Uses:

• Google Differential Privacy Library is used in Google’s products including Google Maps.
• IBM Differential Privacy Library provides a tool suite for machine learning tasks to achieve built-in privacy guarantees.
• SmartNoise is an open data differential privacy platform that is jointly developed by Microsoft and Harvard’s institute for quantitative Social Science.

References:

[1] Sweeney, L., k-anonymity: A model for protecting privacy. International journal of uncertainty, fuzziness and knowledge-based systems, 2002. 10(05): p. 557-570.