TextHide: Tackling Data Privacy in Language Understanding Tasks

TL;DR

TextHide introduces an efficient encryption method for privacy-preserving natural language understanding that minimally impacts model accuracy and effectively defends against gradient and representation attacks.

Contribution

It proposes a simple encryption step compatible with fine-tuning pre-trained language models to enhance privacy in distributed NLP tasks.

Findings

Effective privacy defense against gradient and representation attacks.

Minimal accuracy reduction of only 1.9% on GLUE benchmark.

Encryption adds negligible overhead to training.

Abstract

An unsolved challenge in distributed or federated learning is to effectively mitigate privacy risks without slowing down training or reducing accuracy. In this paper, we propose TextHide aiming at addressing this challenge for natural language understanding tasks. It requires all participants to add a simple encryption step to prevent an eavesdropping attacker from recovering private text data. Such an encryption step is efficient and only affects the task performance slightly. In addition, TextHide fits well with the popular framework of fine-tuning pre-trained language models (e.g., BERT) for any sentence or sentence-pair task. We evaluate TextHide on the GLUE benchmark, and our experiments show that TextHide can effectively defend attacks on shared gradients or representations and the averaged accuracy reduction is only $1.9\%$. We also present an analysis of the security of TextHide using a conjecture about the computational intractability of a mathematical problem. Our code is available at https://github.com/Hazelsuko07/TextHide