Accurate, Explainable, and Private Models: Providing Recourse While Minimizing Training Data Leakage
This addresses privacy leakage in machine learning models that provide recourse, which is crucial for applications in impactful domains where individual outcomes are predicted.
The paper tackles the problem of adversaries using algorithmic recourse to infer private training data, presenting two novel methods for generating differentially private recourse that reduce inference risk, especially at low false positive rates, while maintaining accuracy when training data is large.
Machine learning models are increasingly utilized across impactful domains to predict individual outcomes. As such, many models provide algorithmic recourse to individuals who receive negative outcomes. However, recourse can be leveraged by adversaries to disclose private information. This work presents the first attempt at mitigating such attacks. We present two novel methods to generate differentially private recourse: Differentially Private Model (DPM) and Laplace Recourse (LR). Using logistic regression classifiers and real world and synthetic datasets, we find that DPM and LR perform well in reducing what an adversary can infer, especially at low FPR. When training dataset size is large enough, we find particular success in preventing privacy leakage while maintaining model and recourse accuracy with our novel LR method.