Embracing Uncertainty: from Differential Privacy to Generative Adversarial Privacy

April 3, 2018

Peter Kairouz

Stanford University

The explosive growth in connectivity and data collection is accelerating the use of machine learning to guide consumers through a myriad of choices and decisions. While this vision is expected to generate many disruptive businesses and social opportunities, it presents one of the biggest threats to privacy in recent history. In response to this threat, differential privacy (DP) has recently surfaced as a context-free, robust, and mathematically rigorous notion of privacy.

The first part of my talk will focus on understanding the fundamental tradeoff between DP and utility for a variety of learning applications. Surprisingly, our results show the universal optimality of a family of extremal privacy mechanisms called staircase mechanisms. While the vast majority of early works on DP have focused on using the Laplace mechanism, our results indicate that it is often strictly suboptimal and can be replaced by a staircase mechanism to improve utility. Our results also show that the strong privacy guarantees of DP often come at a significant loss in utility.

The second part of my talk is motivated by the following question: can we exploit data statistics to achieve a better privacy-utility tradeoff? To address this question, I will present a novel context-aware notion of privacy called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to arrive to a unified framework for data-driven privacy that has deep game-theoretic and information-theoretic roots. I will conclude my talk by showcasing the performance of GAP on real life datasets.

Published on April 3rd, 2018

Last updated on March 29th, 2018