Unlearnable Examples: Making Personal Data Unexploitable

TL;DR

This paper introduces error-minimizing noise as a method to make personal data unlearnable by deep learning models, protecting privacy without compromising data utility.

Contribution

It proposes a novel error-minimizing noise technique that renders training data unexploitable while remaining imperceptible to humans.

Findings

Error-minimizing noise effectively prevents models from learning from protected data.

The method works for both sample-wise and class-wise data.

It is practical and effective in face recognition scenarios.

Abstract

The volume of "free" data on the internet has been key to the current success of deep learning. However, it also raises privacy concerns about the unauthorized exploitation of personal data for training commercial models. It is thus crucial to develop methods to prevent unauthorized data exploitation. This paper raises the question: \emph{can data be made unlearnable for deep learning models?} We present a type of \emph{error-minimizing} noise that can indeed make training examples unlearnable. Error-minimizing noise is intentionally generated to reduce the error of one or more of the training example(s) close to zero, which can trick the model into believing there is "nothing" to learn from these example(s). The noise is restricted to be imperceptible to human eyes, and thus does not affect normal data utility. We empirically verify the effectiveness of error-minimizing noise in both sample-wise and class-wise forms. We also demonstrate its flexibility under extensive experimental settings and practicability in a case study of face recognition. Our work establishes an important first step towards making personal data unexploitable to deep learning models.