Provably Confidential Language Modelling

TL;DR

This paper introduces Confidentially Redacted Training (CRT), a method that provably prevents language models from memorizing sensitive information during training, while maintaining comparable performance to standard models.

Contribution

The paper presents CRT, a novel training approach that integrates privacy guarantees into language models, inspired by differential privacy, and applicable to LSTM and GPT architectures.

Findings

CRT prevents unintended memorization of confidential data.

Models trained with CRT maintain similar perplexity to standard models.

CRT enhances confidentiality with minimal impact on model performance.

Abstract

Large language models are shown to memorize privacy information such as social security numbers in training data. Given the sheer scale of the training corpus, it is challenging to screen and filter these privacy data, either manually or automatically. In this paper, we propose Confidentially Redacted Training (CRT), a method to train language generation models while protecting the confidential segments. We borrow ideas from differential privacy (which solves a related but distinct problem) and show that our method is able to provably prevent unintended memorization by randomizing parts of the training process. Moreover, we show that redaction with an approximately correct screening policy amplifies the confidentiality guarantee. We implement the method for both LSTM and GPT language models. Our experimental results show that the models trained by CRT obtain almost the same perplexity while preserving strong confidentiality.