Technical Report for the Forgotten-by-Design Project: Targeted Obfuscation for Machine Learning

TL;DR

This paper introduces a proactive privacy-preservation method called Forgotten by Design, which integrates obfuscation during AI training to prevent sensitive data embedding, reducing privacy risks while maintaining model accuracy.

Contribution

It presents a novel instance-specific obfuscation approach during training that differs from post-training unlearning, enhancing privacy protection in AI systems.

Findings

Reduces privacy risks by at least an order of magnitude.

Maintains model accuracy at 95% significance.

Provides visualization of privacy-utility trade-offs.

Abstract

The right to privacy, enshrined in various human rights declarations, faces new challenges in the age of artificial intelligence (AI). This paper explores the concept of the Right to be Forgotten (RTBF) within AI systems, contrasting it with traditional data erasure methods. We introduce Forgotten by Design, a proactive approach to privacy preservation that integrates instance-specific obfuscation techniques during the AI model training process. Unlike machine unlearning, which modifies models post-training, our method prevents sensitive data from being embedded in the first place. Using the LIRA membership inference attack, we identify vulnerable data points and propose defenses that combine additive gradient noise and weighting schemes. Our experiments on the CIFAR-10 dataset demonstrate that our techniques reduce privacy risks by at least an order of magnitude while maintaining model accuracy (at 95% significance). Additionally, we present visualization methods for the privacy-utility trade-off, providing a clear framework for balancing privacy risk and model accuracy. This work contributes to the development of privacy-preserving AI systems that align with human cognitive processes of motivated forgetting, offering a robust framework for safeguarding sensitive information and ensuring compliance with privacy regulations.