Scenario of Use Scheme: Threat Model Specification for Speaker Privacy Protection in the Medical Domain
This work addresses privacy concerns for patients in medical settings using speech data, but it is incremental as it builds on existing privacy protection approaches.
The paper tackles the problem of speaker privacy in medical speech data by proposing a Scenario of Use Scheme with Attacker and Protector Models to specify threats and defenses, and demonstrates it with experiments on protecting against gender inference while maintaining utility for Parkinson's detection.
Speech recordings are being more frequently used to detect and monitor disease, leading to privacy concerns. Beyond cryptography, protection of speech can be addressed by approaches, such as perturbation, disentanglement, and re-synthesis, that eliminate sensitive information of the speaker, leaving the information necessary for medical analysis purposes. In order for such privacy protective approaches to be developed, clear and systematic specifications of assumptions concerning medical settings and the needs of medical professionals are necessary. In this paper, we propose a Scenario of Use Scheme that incorporates an Attacker Model, which characterizes the adversary against whom the speaker's privacy must be defended, and a Protector Model, which specifies the defense. We discuss the connection of the scheme with previous work on speech privacy. Finally, we present a concrete example of a specified Scenario of Use and a set of experiments about protecting speaker data against gender inference attacks while maintaining utility for Parkinson's detection.