The Federation Strikes Back: A Survey of Federated Learning Privacy Attacks, Defenses, Applications, and Policy Landscape

TL;DR

This survey reviews federated learning's privacy challenges, attacks, defenses, applications, and regulatory landscape, emphasizing the need for improved privacy-preserving techniques to enable secure collaborative machine learning.

Contribution

It provides a comprehensive overview of privacy attacks and defenses in federated learning, highlighting current limitations and future research directions.

Findings

Privacy attacks can often infer sensitive data from model updates

Existing defenses have limitations in fully protecting client privacy

Successful industry applications demonstrate federated learning's potential

Abstract

Deep learning has shown incredible potential across a wide array of tasks, and accompanied by this growth has been an insatiable appetite for data. However, a large amount of data needed for enabling deep learning is stored on personal devices, and recent concerns on privacy have further highlighted challenges for accessing such data. As a result, federated learning (FL) has emerged as an important privacy-preserving technology that enables collaborative training of machine learning models without the need to send the raw, potentially sensitive, data to a central server. However, the fundamental premise that sending model updates to a server is privacy-preserving only holds if the updates cannot be "reverse engineered" to infer information about the private training data. It has been shown under a wide variety of settings that this privacy premise does not hold. In this survey paper, we provide a comprehensive literature review of the different privacy attacks and defense methods in FL. We identify the current limitations of these attacks and highlight the settings in which the privacy of an FL client can be broken. We further dissect some of the successful industry applications of FL and draw lessons for future successful adoption. We survey the emerging landscape of privacy regulation for FL and conclude with future directions for taking FL toward the cherished goal of generating accurate models while preserving the privacy of the data from its participants.