Privacy and Robustness in Federated Learning: Attacks and Defenses

As data are increasingly being stored in different silos and societies becoming more aware of data privacy issues, the traditional centralized training of artificial intelligence (AI) models is facing efficiency and privacy challenges. Recently, federated learning (FL) has emerged as an alternative solution and continue to thrive in this new reality. Existing FL protocol design has been shown to be vulnerable to adversaries within or outside of the system, compromising data privacy and system robustness. Besides training powerful global models, it is of paramount importance to design FL systems that have privacy guarantees and are resistant to different types of adversaries. In this paper, we conduct the first comprehensive survey on this topic. Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy, we provide an accessible review of this important topic. We highlight the intuitions, key techniques as well as fundamental assumptions adopted by various attacks and defenses. Finally, we discuss promising future research directions towards robust and privacy-preserving federated learning.Comment: arXiv admin note: text overlap with arXiv:2003.02133; text overlap with arXiv:1911.11815 by other author

Privacy & the Mashrabiya Screen: Knowledge is Sweeter than Honey

This paper is offered to demonstrate the value of legal objects in the consideration of key legal concepts. In it I indicate the opportunities presented by an encounter with Susan Hefuna’s large Mashrabiya Screen artwork in the British Museum to supplement, criticise and disrupt current thinking and attitudes towards the concept of privacy. In contrast to the increasingly contested and transactional nature of contemporary understandings of this concept, in which privacy is sometimes imagined just as one more complex function in the reasonable management of dataflows, Hefuna’s screen can help to articulate and support a different approach to privacy. This approach is Privacy by Design, and through a consideration of the physicality of Hefuna’s work, together with her own artistic ambition, my claim is that her art object helps to make the alternative approach to privacy manifest and tangible, prompting a reappraisal of the proper scope and nature of privacy protection

Uncertainty, Identification, And Privacy: Experiments In Individual Decision-making

The alleged privacy paradox states that individuals report high values for personal privacy, while at the same time they report behavior that contradicts a high privacy value. This is a misconception. Reported privacy behaviors are explained by asymmetric subjective beliefs. Beliefs may or may not be uncertain, and non-neutral attitudes towards uncertainty are not necessary to explain behavior. This research was conducted in three related parts. Part one presents an experiment in individual decision making under uncertainty. Ellsberg\u27s canonical two-color choice problem was used to estimate attitudes towards uncertainty. Subjects believed bets on the color ball drawn from Ellsberg\u27s ambiguous urn were equally likely to pay. Estimated attitudes towards uncertainty were insignificant. Subjective expected utility explained subjects\u27 choices better than uncertainty aversion and the uncertain priors model. A second treatment tested Vernon Smith\u27s conjecture that preferences in Ellsberg\u27s problem would be unchanged when the ambiguous lottery is replaced by a compound objective lottery. The use of an objective compound lottery to induce uncertainty did not affect subjects\u27 choices. The second part of this dissertation extended the concept of uncertainty to commodities where quality and accuracy of a quality report were potentially ambiguous. The uncertain priors model is naturally extended to allow for potentially different attitudes towards these two sources of uncertainty, quality and accuracy. As they relate to privacy, quality and accuracy of a quality report are seen as metaphors for online security and consumer trust in e-commerce, respectively. The results of parametric structural tests were mixed. Subjects made choices consistent with neutral attitudes towards uncertainty in both the quality and accuracy domains. However, allowing for uncertainty aversion in the quality domain and not the accuracy domain outperformed the alternative which only allowed for uncertainty aversion in the accuracy domain. Finally, part three integrated a public-goods game and punishment opportunities with the Becker-DeGroot-Marschak mechanism to elicit privacy values, replicating previously reported privacy behaviors. The procedures developed elicited punishment (consequence) beliefs and information confidentiality beliefs in the context of individual privacy decisions. Three contributions are made to the literature. First, by using cash rewards as a mechanism to map actions to consequences, the study eliminated hypothetical bias as a confounding behavioral factor which is pervasive in the privacy literature. Econometric results support the \u27privacy paradox\u27 at levels greater than 10 percent. Second, the roles of asymmetric beliefs and attitudes towards uncertainty were identified using parametric structural likelihood methods. Subjects were, in general, uncertainty neutral and believed \u27bad\u27 events were more likely to occur when their private information was not confidential. A third contribution is a partial test to determine which uncertain process, loss of privacy or the resolution of consequences, is of primary importance to individual decision-makers. Choices were consistent with uncertainty neutral preferences in both the privacy and consequences domains

Privacy labels should go to the dogs

Data privacy is a complex multi-faceted concept which is not easy to get a grip on, even more so when it's about you and your dog. Modern data-driven tech often has long and unreadable privacy policies making it difficult for consumers to understand what is being captured—and technology for dogs is no exception to that. Privacy labels present an alternative approach to informing consumers, aiming to provide a clear, visual summary of relevant data privacy concerns. However, no labels tailored to technology for dogs, let alone animals, seem to exist as of yet. In this work, we present an initial set of informative privacy labels usable in different contexts that inform dog owners of the most important privacy considerations for them and their dogs. The label design is grounded in the results of a mixed-method study eliciting requirements from dog owners towards typical pet technologies' data handling, cross-referenced with analysis of actual dog tech's data handling. We discuss the design of the labels, who could and should use them, and the additional uses that such labels may have for human-dog relationships

Para além da privacidade

Although promoting overcoming metaphysical dualism, the concept of private event does not have a consensual and uncritical development in behavior-analytic approach of subjective phenomena. The debate among advocates and critics of the concept, however, has not satisfactorily touch an important issue: the notion of privacy as inaccessibility to stimuli promotes the link of this proposal with philosophical presuppositions incompatible with the radical behaviorism. This paper presents critical arguments towards overcoming the notion of privacy and the concept of private event, presenting alternative analysis. One questions the connection between observation and interpretation present in the public-private distinction, proposing the replacement of the concept of privacy by the notion of complexity.Apesar de encaminhar a superação do dualismo metafísico, o conceito de evento privado não se apresenta de forma consensual, nem é unânime na abordagem analítico-comportamental dos fenômenos subjetivos. O debate travado entre defensores e críticos do conceito, contudo, parece não enfrentar satisfatoriamente uma importante questão: a noção de privacidade como inacessibilidade a estímulos promove a vinculação dessa proposta a pressupostos filosóficos incompatíveis com o projeto comportamentalista radical. Este trabalho apresenta argumentos críticos para a superação da noção de privacidade e do conceito de evento privado, propondo caminhos alternativos de análise. Questiona-se a desvinculação entre observação e interpretação presente na raiz da distinção público-privado, propondo-se a substituição da noção de privacidade pela noção de complexidade

Understanding the social in a digital age

Datafication, algorithms, social media and their various assemblages enable massive connective processes, enriching personal interaction and amplifying the scope and scale of public networks. At the same time, surveillance capitalists and the social quantification sector are committed to monetizing every aspect of human communication, all of which threaten ideal social qualities, such as togetherness and connection. This Special Issue brings together a range of voices and provocations around ‘the social’, all of which aim to critically interrogate mediated human connection and their contingent socialities. Conventional methods may no longer be adequate, and we must rethink not only the fabric of the social but the very tools we use to make sense of our changing social formations. This Special Issue raises shared concerns with what the social means today, unpicking and rethinking the seams between digitization and social life that characterize today’s digital age