{"id":193672,"date":"2021-03-03T23:49:26","date_gmt":"2021-03-03T20:49:26","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/researchers-discover-that-privacy-preserving-tools-leave-private-data-unprotected\/"},"modified":"2021-03-03T23:49:26","modified_gmt":"2021-03-03T20:49:26","slug":"researchers-discover-that-privacy-preserving-tools-leave-private-data-unprotected","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/researchers-discover-that-privacy-preserving-tools-leave-private-data-unprotected\/","title":{"rendered":"#Researchers discover that privacy-preserving tools leave private data unprotected"},"content":{"rendered":"

#Researchers discover that privacy-preserving tools leave private data unprotected<\/strong>”<\/p>\n

\n
\n
\n
\"privacy\"
\n Credit: Unsplash\/CC0 Public Domain
\n <\/figcaption><\/figure>\n<\/div>\n<\/div>\n

Machine-learning (ML) systems are becoming pervasive not only in technologies affecting our day-to-day lives, but also in those observing them, including face expression recognition systems. Companies that make and use such widely deployed services rely on so-called privacy preservation tools that often use generative adversarial networks (GANs), typically produced by a third party to scrub images of individuals’ identity. But how good are they?<\/p>\n

Researchers at the NYU Tandon School of Engineering, who explored the machine-learning frameworks behind these tools, found that the answer is “not very.” In the paper “Subverting Privacy-Preserving GANs: Hiding Secrets in Sanitized Images,” presented last month at the 35th AAAI Conference on Artificial Intelligence, a team led by Siddharth Garg, Institute Associate Professor of electrical and computer engineering at NYU Tandon, explored whether private data could still be recovered from images that had been “sanitized” by such deep-learning discriminators as privacy protecting GANs (PP-GANs) and that had even passed empirical tests. The team, including lead author Kang Liu, a Ph.D. candidate, and Benjamin Tan, research assistant professor of electrical and computer engineering, found that PP-GAN designs can, in fact, be subverted to pass privacy checks, while still allowing secret information to be extracted from sanitized images.<\/p>\n

Machine-learning-based privacy tools have broad app<\/a>licability, potentially in any privacy sensitive domain, including removing location-relevant information from vehicular camera data, obfuscating the identity of a person who produced a handwriting sample, or removing barcodes from images. The design and training of GAN-based tools are outsourced to vendors because of the complexity involved.<\/p>\n

“Many third-party tools for protecting the privacy of people who may show up on a surveillance or data-gathering camera use these PP-GANs to manipulate images,” said Garg. “Versions of these systems are designed to sanitize images of faces and other sensitive data so that only application-critical information is retained. While our adversarial PP-GAN passed all existing privacy checks, we found that it actually hid secret data pertaining to the sensitive attributes, even allowing for reconstruction of the original private image.”<\/p>\n

The study provides background on PP-GANs and associated empirical privacy checks, formulates an attack scenario to ask if empirical privacy checks can be subverted, and outlines an approach for circumventing empirical privacy checks.<\/p>\n