Machine learning (ML) is vulnerable to security and privacy attacks. Whereas security attacks aim at preventing model convergence or forcing convergence to wrong models, privacy attacks attempt to disclose the data used to train the model. In this talk, I will first review security and privacy attacks, both in the centralized ML setting and in the decentralized ML setting (federated learning (FL) and fully decentralized learning). Second, I will discuss various security defenses, privacy defenses, and combined privacy-security defenses. Third, I will critically examine the use of differential privacy (DP) as a privacy defense in federated learning. In particular, I will show that DP-based FL implementations do not deliver the “ex ante” privacy guarantees of DP. What they deliver is basically noise addition, similar to the traditional statistical disclosure control approach. The actual level of privacy offered must be assessed “ex post”, which is seldom done. I will present empirical results to show that standard anti-overfitting techniques in ML can achieve a better utility/privacy/efficiency trade-off than DP.
Josep Domingo-Ferrer is a Distinguished Professor of Computer Science and an ICREA-Acadèmia Research Professor at Universitat Rovira i Virgili, Tarragona, Catalonia. He is the founder and the director of CYBERCAT-Center for Cybersecurity Research of Catalonia. He also founded and leads the UNESCO Chair in Data Privacy. He is an associated researcher at the VP-IP Chair of Institut Mines-Télécom, Paris, France.
His research interests include security and privacy technologies, anonymization/statistical disclosure control, privacy and anti-discrimination in machine learning and data mining, and cryptography. More generally, he is interested in ethics by design in information technology. He is an IEEE Fellow, a Fellow of the Asia-Pacific Artificial Intelligence Association, an ACM Distinguished Scientist, and an Elected Member of Academia Europaea and the International Statistical Institute. He has received several research awards.