Unlocking Accuracy and Fairness in Differentially Private Image Classification
Berrada, Leonard, De, Soham, Shen, Judy Hanwen, Hayes, Jamie, Stanforth, Robert, Stutz, David, Kohli, Pushmeet, Smith, Samuel L., Balle, Borja
–arXiv.org Artificial Intelligence
Privacy-preserving machine learning aims to train models on private data without leaking sensitive information. Differential privacy (DP) is considered the gold standard framework for privacy-preserving training, as it provides formal privacy guarantees. However, compared to their non-private counterparts, models trained with DP often have significantly reduced accuracy. Private classifiers are also believed to exhibit larger performance disparities across subpopulations, raising fairness concerns. The poor performance of classifiers trained with DP has prevented the widespread adoption of privacy preserving machine learning in industry. Here we show that pre-trained foundation models fine-tuned with DP can achieve similar accuracy to non-private classifiers, even in the presence of significant distribution shifts between pre-training data and downstream tasks. We achieve private accuracies within a few percent of the non-private state of the art across four datasets, including two medical imaging benchmarks. Furthermore, our private medical classifiers do not exhibit larger performance disparities across demographic groups than non-private models. This milestone to make DP training a practical and reliable technology has the potential to widely enable machine learning practitioners to train safely on sensitive datasets while protecting individuals' privacy.
arXiv.org Artificial Intelligence
Aug-21-2023
- Country:
- North America
- United States
- Alaska (0.04)
- Hawaii (0.04)
- Minnesota > Hennepin County
- Minneapolis (0.14)
- Illinois > Cook County
- Chicago (0.04)
- Colorado > Boulder County
- Boulder (0.04)
- California
- San Francisco County > San Francisco (0.14)
- Los Angeles County > Long Beach (0.14)
- Santa Clara County > Palo Alto (0.04)
- San Diego County > San Diego (0.04)
- Canada
- Quebec > Montreal (0.04)
- British Columbia > Metro Vancouver Regional District
- Vancouver (0.04)
- United States
- Europe
- Austria (0.04)
- United Kingdom > England
- Greater London > London (0.04)
- Spain > Catalonia
- Barcelona Province > Barcelona (0.04)
- France > Hauts-de-France
- Asia > Middle East
- Jordan (0.04)
- North America
- Genre:
- Research Report > New Finding (1.00)
- Industry:
- Technology:
- Information Technology
- Data Science > Data Mining
- Big Data (0.74)
- Artificial Intelligence
- Vision (1.00)
- Machine Learning
- Statistical Learning (1.00)
- Performance Analysis > Accuracy (1.00)
- Neural Networks > Deep Learning (1.00)
- Data Science > Data Mining
- Information Technology