Supervised Machine Learning with Plausible Deniability
This provides a method for enhancing privacy in ML by allowing deniability of training data, which is incremental as it builds on existing privacy concerns.
The paper tackles the problem of privacy in machine learning by showing that any given model can be produced from random training data using a constructed learning rule, enabling plausible deniability about the original data. They support this with theoretical findings and practical implementations.
We study the question of how well machine learning (ML) models trained on a certain data set provide privacy for the training data, or equivalently, whether it is possible to reverse-engineer the training data from a given ML model. While this is easy to answer negatively in the most general case, it is interesting to note that the protection extends over non-recoverability towards plausible deniability: Given an ML model $f$, we show that one can take a set of purely random training data, and from this define a suitable ``learning rule'' that will produce a ML model that is exactly $f$. Thus, any speculation about which data has been used to train $f$ is deniable upon the claim that any other data could have led to the same results. We corroborate our theoretical finding with practical examples, and open source implementations of how to find the learning rules for a chosen set of raining data.