Interpretable Machine Learning for Privacy-Preserving Pervasive Systems

With the emergence of connected devices (e.g., smartphones and smartmeters), pervasive systems generate growing amounts of digital traces as users undergo their everyday activities. These traces are crucial to service providers to understand their customers, to increase the degree of personalization, and enhance the quality of their services. For instance, personal digital traces stemming from public transit smartcards help transportation providers understand the commuting patterns of users; the usage statistics of home appliances can be used to improve energy efficiency; on-street cameras provide police officers with new ways of investigating crimes; content generated through mobile and wearables (such as posts in online social media or GPS running routes in specialized websites such as those for fitness) can be used to provide tailored content to individuals; bank transaction logs can be used to spot unusual activity in accounts. However, sharing these digital traces generated by pervasive systems with service providers might raise concerns with regards to privacy. Indeed, the processing and analysis of these digital traces can surface latent information about the behavior of the users. While service providers have to store the usergenerated data in large databases that guarantee a certain level of privacy (e.g., from storing the traces in an anonymized manner using randomly-generated identifiers instead of the real user's name and surname to using more sophisticated privacy-preserving techniques such as differential privacy), third parties such as advertisers that have access to the traces can leverage machine learning techniques to reveal personal information about the users and expose their privacy [1]. This includes inferring personal information about users and identifying a single individual from a collection of user-generated traces. Moreover, these traces might reveal information about the significant places routinely visited by the user, enabling the service provider to infer a wide range of personal information, including the user's place of residence and work and their future locations. To a further extent, presence traces can also be used to identify a specific individual in a population.