While the application of differential privacy (DP) has been well-studied in cross-device federated learning (FL), there is a lack of work considering DP and its implications for cross-silo FL, a setting characterized by a limited number of clients each containing many data subjects. In cross-silo FL, usual notions of client-level DP are less suitable as real-world privacy regulations typically concern the in-silo data subjects rather than the silos themselves. In this work, we instead consider an alternative notion of silo-specific sample-level DP, where silos set their own privacy targets for their local examples. Under this setting, we reconsider the roles of personalization in federated learning. In particular, we show that mean-regularized multi-task learning (MR-MTL), a simple personalization framework, is a strong baseline for cross-silo FL: under stronger privacy requirements, silos are incentivized to federate more with each other to mitigate DP noise, resulting in consistent improvements relative to standard baseline methods. We provide an empirical study of competing methods as well as a theoretical characterization of MR-MTL for mean estimation, highlighting the interplay between privacy and cross-silo data heterogeneity. Our work serves to establish baselines for private cross-silo FL as well as identify key directions of future work in this area.

While the application of differential privacy (DP) has been well-studied in cross-device federated learning (FL), there is a lack of work considering DP and its implications for cross-silo FL, a setting characterized by a limited number of clients each containing many data subjects. In cross-silo FL, usual notions of client-level DP are less suitable as real-world privacy regulations typically concern the in-silo data subjects rather than the silos themselves. In this work, we instead consider an alternative notion of silo-specific sample-level DP, where silos set their own privacy targets for their local examples. Under this setting, we reconsider the roles of personalization in federated learning. In particular, we show that mean-regularized multi-task learning (MR-MTL), a simple personalization framework, is a strong baseline for cross-silo FL: under stronger privacy requirements, silos are incentivized to federate more with each other to mitigate DP noise, resulting in consistent improvements relative to standard baseline methods.

Human activity recognition (HAR) is a well-established field, significantly advanced by modern machine learning (ML) techniques. While companies have successfully integrated HAR into consumer products, they typically rely on a predefined activity set, which limits personalizations at the user level (edge devices). Despite advancements in Incremental Learning for updating models with new data, this often occurs on the Cloud, necessitating regular data transfers between cloud and edge devices, thus leading to data privacy issues. In this paper, we propose MAGNETO, an Edge AI platform that pushes HAR tasks from the Cloud to the Edge. MAGNETO allows incremental human activity learning directly on the Edge devices, without any data exchange with the Cloud. This enables strong privacy guarantees, low processing latency, and a high degree of personalization for users. In particular, we demonstrate MAGNETO in an Android device, validating the whole pipeline from data collection to result visualization.

TL;DR: We study the use of differential privacy in personalized, cross-silo federated learning (NeurIPS'22), explain how these insights led us to develop a 1st place solution in the US/UK Privacy-Enhancing Technologies (PETs) Prize Challenge, and share challenges and lessons learned along the way. If you are feeling adventurous, checkout the extended version of this post with more technical details! Patient data collected by groups such as hospitals and health agencies is a critical tool for monitoring and preventing the spread of disease. Unfortunately, while this data contains a wealth of useful information for disease forecasting, the data itself may be highly sensitive and stored in disparate locations (e.g., across multiple hospitals, health agencies, and districts). In this post we discuss our research on federated learning, which aims to tackle this challenge by performing decentralized learning across private data silos. We then explore an application of our research to the problem of privacy-preserving pandemic forecasting--a scenario where we recently won a 1st place, $100k prize in a competition hosted by the US & UK governments--and end by discussing several directions of future work based on our experiences.

The Carnegie Endowment for International Peace (CEIP) and Carnegie Mellon University held the first part of the two-part joint Carnegie Colloquium on Digital Governance and Security in Washington D.C. on Oct. 31. The first part of the colloquium was titled "The Rise of Artificial Intelligence: Implications for Military Operations and Privacy," and the second part, titled "The Future of the Internet: Governance and Conflict," will be held this year in Pittsburgh on Dec. 2. CEIP is a series of foreign policy-based research centers located in Russia, China, Europe, the Middle East, India, and the United States, with headquarters in Washington D.C., that collects itself under the phrase, "The Global Think Tank." It was established in 1960 by Andrew Carnegie and, according to a report by the University of Pennsylvania, is the third most influential think tank in the world. The colloquium, held for the benefit of both Carnegie Mellon and the CEIP, aimed to allow for communication between the academics at Carnegie Mellon and the foreign policy and ethics experts from all the CEIP stations across the world to discuss the implication of artificial intelligence on foreign policy and the challenges posed by it. The second part of the colloquium will focus on cyber-security norms and internet governance. "Designing safe software systems and attempting to create the learning abilities of the human brain are natural progressions towards the two of the modern world's most pressing concerns -- cyber security and privacy," said President Subra Suresh, in the welcome address.