Privacy- and Utility-Preserving Textual Analysis via Calibrated Multivariate Perturbations

TL;DR

This paper introduces a formal method for privacy-preserving text analysis using calibrated noise in word embeddings, achieving a balance between privacy guarantees and utility in machine learning tasks.

Contribution

It proposes a novel dx-privacy framework for text perturbation with formal privacy proofs and practical utility evaluation on large-scale embeddings and datasets.

Findings

Achieves less than 2% utility loss in binary classifier training.

Provides stronger privacy guarantees than baseline models.

Demonstrates effective privacy-utility tradeoff across multiple datasets.

Abstract

Accurately learning from user data while providing quantifiable privacy guarantees provides an opportunity to build better ML models while maintaining user trust. This paper presents a formal approach to carrying out privacy preserving text perturbation using the notion of dx-privacy designed to achieve geo-indistinguishability in location data. Our approach applies carefully calibrated noise to vector representation of words in a high dimension space as defined by word embedding models. We present a privacy proof that satisfies dx-privacy where the privacy parameter epsilon provides guarantees with respect to a distance metric defined by the word embedding space. We demonstrate how epsilon can be selected by analyzing plausible deniability statistics backed up by large scale analysis on GloVe and fastText embeddings. We conduct privacy audit experiments against 2 baseline models and utility experiments on 3 datasets to demonstrate the tradeoff between privacy and utility for varying values of epsilon on different task types. Our results demonstrate practical utility (< 2% utility loss for training binary classifiers) while providing better privacy guarantees than baseline models.