FinP: Fairness-in-Privacy in Federated Learning by Addressing Disparities in Privacy Risk
Tianyu Zhao, Mahmoud Srewa, Salma Elmalaki
TL;DR
FinP is a novel framework that enhances fairness in privacy distribution across clients in federated learning by reducing privacy risk disparities and improving robustness against source inference attacks, with minimal utility loss.
Contribution
FinP introduces a dual strategy of adaptive aggregation and client-side regularization to address privacy fairness disparities in federated learning.
Findings
Improves fairness-in-privacy on HAR and CIFAR-10 datasets.
Reduces privacy risk disparities by over 57% on CIFAR-10.
Mitigates source inference attack risks significantly.
Abstract
Ensuring fairness in machine learning extends to the critical dimension of privacy, particularly in human-centric federated learning (FL) settings where decentralized data necessitates an equitable distribution of privacy risk across clients. This paper introduces FinP, a novel framework specifically designed to address disparities in privacy risk by mitigating disproportionate vulnerability to source inference attacks (SIA). FinP employs a two-pronged strategy: (1) server-side adaptive aggregation, which dynamically adjusts client contributions to the global model to foster fairness, and (2) client-side regularization, which enhances the privacy robustness of individual clients. This comprehensive approach directly tackles both the symptoms and underlying causes of privacy unfairness in FL. Extensive evaluations on the Human Activity Recognition (HAR) and CIFAR-10 datasets demonstrate…
Peer Reviews
Decision·ICLR 2026 Conference Withdrawn Submission
1) Clear fairness framing in terms of metrics: Operationalizes per-client SIA vulnerability as fairness via CoV, EOD, and Fairness Index with concrete metrics 2) Two-sided design + strong CIFAR results: drives Mean SIA near random while improving EOD, fairness indices, and accuracy
1)My main concern remains in how the privacy problem is done. Overfitting as a central cause of enhanced privacy risk is not something that is widely known (the authors also cite one paper). The framing seems to assume that this is a known phenomenon and the authors algorithm builds on top of it.Perhaps the author can denote a section recalling this connection between overfitting and privacy phenomenon and explaining it a bit more. More importantly, If generalization and privacy are correlated
1. **Well-Motivated Problem:** The paper addresses the important topic of fairness in privacy. Moving beyond average privacy guarantees to consider the equitable distribution of risk is a valuable and necessary step for the responsible deployment of FL systems. 2. **Logical Two-Part Design:** The proposed solution, which addresses the problem from both the server and client perspectives, is well-structured. This approach of correcting existing risk disparities at the server while also reducin
The paper presents an interesting approach to an important problem. However, there are some aspects related to the framework's practical application and underlying assumptions that could be strengthened. 1. **Concerns Regarding Computational Cost and Scalability:** The primary server-side aggregation method is based on PCA distance. The experiments in the appendix (C.3) show that this method increases the per-round computation time from 7 seconds (baseline) to 116 seconds. This level of comput
- **Novel direction and concept - fairness in privacy.** The paper opens a new and underexplored dimension in federated learning by introducing fairness considerations in privacy, beyond classical utility or accuracy fairness. If this is indeed the first formal treatment of “privacy fairness,” it is a substantial conceptual contribution. - Idea of two-sided design where clients reduce the cause (overfitting) and server mitigates aggregation-level symptoms is interesting. - The mathematical de
- **W1. Insufficient motivation and justification of introducing of "fairness-in-privacy".** While the idea is intriguing, the paper does not clearly articulate why fairness in privacy is necessary beyond minimizing worst-case leakage. The authors should elaborate on the ethical and practical implications of unequal privacy exposure (e.g., why variance in leakage matters rather than the worst case). - **W2. Limited comparison with existing defenses mechanism againt SIA**. Experiments only compa
* The paper is mostly well-written and easy to read. * To my knowledge, the proposed method is novel.
1) It is currently very hard to evaluate the significance of the empirical experiments (see Questions for details). 2) The proposed method requires significantly more communications/computations probably making it impractical for many real use cases. 3) There is no code available. 4) The paper is missing baselines based on differential privacy (DP). I find this unacceptable, as DP is currently the standard method for preventing privacy breaches such as MIAs, and has been extensively studied i
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Privacy, Security, and Data Protection · Ethics and Social Impacts of AI