Observational Auditing of Label Privacy
By: Iden Kalemaj , Luca Melis , Maxime Boucher and more
Potential Business Impact:
Checks computer privacy without changing data.
Differential privacy (DP) auditing is essential for evaluating privacy guarantees in machine learning systems. Existing auditing methods, however, pose a significant challenge for large-scale systems since they require modifying the training dataset -- for instance, by injecting out-of-distribution canaries or removing samples from training. Such interventions on the training data pipeline are resource-intensive and involve considerable engineering overhead. We introduce a novel observational auditing framework that leverages the inherent randomness of data distributions, enabling privacy evaluation without altering the original dataset. Our approach extends privacy auditing beyond traditional membership inference to protected attributes, with labels as a special case, addressing a key gap in existing techniques. We provide theoretical foundations for our method and perform experiments on Criteo and CIFAR-10 datasets that demonstrate its effectiveness in auditing label privacy guarantees. This work opens new avenues for practical privacy auditing in large-scale production environments.
Similar Papers
Tight and Practical Privacy Auditing for Differentially Private In-Context Learning
Cryptography and Security
Checks if AI models leak private information.
Auditing Approximate Machine Unlearning for Differentially Private Models
Machine Learning (CS)
Protects secrets in computers even after removing data.
On the Fairness of Privacy Protection: Measuring and Mitigating the Disparity of Group Privacy Risks for Differentially Private Machine Learning
Machine Learning (CS)
Protects everyone's data equally, not just some.