A Critical Review on the Use (and Misuse) of Differential Privacy in Machine Learning
This highlights a critical flaw in privacy protection for machine learning practitioners, potentially leading to misuse and false security.
The paper reviews the use of differential privacy in machine learning, finding that implementations are often too loose to provide formal privacy guarantees, and shows empirically that standard anti-overfitting techniques can achieve a better utility/privacy/efficiency trade-off than DP.
We review the use of differential privacy (DP) for privacy protection in machine learning (ML). We show that, driven by the aim of preserving the accuracy of the learned models, DP-based ML implementations are so loose that they do not offer the ex ante privacy guarantees of DP. Instead, what they deliver is basically noise addition similar to the traditional (and often criticized) statistical disclosure control approach. Due to the lack of formal privacy guarantees, the actual level of privacy offered must be experimentally assessed ex post, which is done very seldom. In this respect, we present empirical results showing that standard anti-overfitting techniques in ML can achieve a better utility/privacy/efficiency trade-off than DP.