The goal of our workshop is to bring together privacy experts working in academia and industry to discuss the present and future of technologies that enable machine learning with privacy. The workshop will focus on the technical aspects of privacy research and deployment with invited and contributed talks by distinguished researchers in the area. By design, the workshop should serve as a meeting point for regular NeurIPS attendees interested/working on privacy to meet other parts of the privacy community (security researchers, legal scholars, industry practitioners). The focus this year will include emerging problems such as machine unlearning, privacy-fairness tradeoffs and legal challenges in recent deployments of differential privacy (e.g. that of the US Census Bureau). We will conclude the workshop with a panel discussion titled: “Machine Learning and Privacy in Practice: Challenges, Pitfalls and Opportunities”. A diverse set of panelists will address the challenges faced applying these technologies to the real world. The programme of the workshop will emphasize the diversity of points of view on the problem of privacy. We will also ensure that there is ample time for discussions that encourage networking between researchers, which should result in mutually beneficial new long-term collaborations.
| Introduction (Opening) | |
| Invited talk: Emiliano de Cristofaro (University College London) --- Privacy in Machine Learning -- It's Complicated (Invited talk) | |
| Emiliano Q&A (Q&A) | |
| Coffee break (coffee break) | |
| Differential Privacy via Group Shuffling (Contributed talk) | |
| SoK: Privacy-preserving Clustering (Extended Abstract) (Contributed talk) | |
| Contributed talk Q&A (Q&A) | |
| Coffee Break (Break) | |
| Poster Session (Poster) | |
| Panel | |
| Introduction (Opening) | |
| Invited talk: Helen Nissenbaum (Cornell Tech) --- Practical Privacy, Fairness, Ethics, Policy (Invited talk) | |
| Invited talk: Aaron Roth (UPenn / Amazon): Machine Unlearning. (Invited talk) | |
| Q&A for Helen and Aaron (Q&A) | |
| Coffee break (Break) | |
| Poster Session (Gather.Town) | |
| Coffee break (Break) | |
| Invited talk: Kristin Lauter (Facebook AI Research): ML on Encrypted Data. (Invited talk) | |
| Q&A for Kristin (Q&A) | |
| Privacy-Aware Rejection Sampling (Contributed talk) | |
| Population Level Privacy Leakage in Binary Classification wtih Label Noise (Contributed talk) | |
| Simple Baselines Are Strong Performers for Differentially Private Natural Language Processing (Contributed talk) | |
| Canonical Noise Distributions and Private Hypothesis Tests (Contributed talk) | |
| Q&A for four contributed talks (Q&A) | |
| Panel | |
| Closing (closing) | |
| A Generic Hybrid 2PC Framework with Application to Private Inference of Unmodified Neural Networks (Extended Abstract) (Poster) | |
| ABY2.0: New Efficient Primitives for STPC with Applications to Privacy in Machine Learning (Extended Abstract) (Poster) | |
| Combining Public and Private Data (Poster) | |
| Iterative Methods for Private Synthetic Data: Unifying Framework and New Methods (Poster) | |
| Unsupervised Membership Inference Attacks Against Machine Learning Models (Poster) | |
| Population Level Privacy Leakage in Binary Classification wtih Label Noise (Poster) | |
| A Novel Self-Distillation Architecture to Defeat Membership Inference Attacks (Poster) | |
| Enforcing fairness in private federated learning via the modified method of differential multipliers (Poster) | |
| Efficient passive membership inference attack in federated learning (Poster) | |
| Interaction data are identifiable even across long periods of time (Poster) | |
| Simple Baselines Are Strong Performers for Differentially Private Natural Language Processing (Poster) | |
| Feature-level privacy loss modelling in differentially private machine learning (Poster) | |
| Opacus: User-Friendly Differential Privacy Library in PyTorch (Poster) | |
| Differential Privacy via Group Shuffling (Poster) | |
| Architecture Matters: Investigating the Influence of Differential Privacy on Neural Network Design (Poster) | |
| Reconstructing Training Data with Informed Adversaries (Poster) | |
| SSSE: Efficiently Erasing Samples from Trained Machine Learning Models (Poster) | |
| Differentially Private Hamiltonian Monte Carlo (Poster) | |
| Zero Knowledge Arguments for Verifiable Sampling (Poster) | |
| Basil: A Fast and Byzantine-Resilient Approach for Decentralized Training (Poster) | |
| Canonical Noise Distributions and Private Hypothesis Tests (Poster) | |
| Privacy-Aware Rejection Sampling (Poster) | |
| Reconstructing Test Labels from Noisy Loss Scores (Extended Abstract) (Poster) | |
| Understanding Training-Data Leakage from Gradients in Neural Networks for ImageClassifications (Poster) | |
| Sample-and-threshold differential privacy: Histograms and applications (Poster) | |
| Tight Accounting in the Shuffle Model of Differential Privacy (Poster) | |
| Realistic Face Reconstruction from Deep Embeddings (Poster) | |
| Communication Efficient Federated Learning with Secure Aggregation and Differential Privacy (Poster) | |
| Mean Estimation with User-level Privacy under Data Heterogeneity (Poster) | |
| An automatic differentiation system for the age of differential privacy (Poster) | |
| DP-SEP: Differentially private stochastic expectation propagation (Poster) | |
| Label Private Deep Learning Training based on Secure Multiparty Computation and Differential Privacy (Poster) | |
| Private Confidence Sets (Poster) | |
| A Joint Exponential Mechanism for Differentially Private Top-k Set (Poster) | |
| Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning (Poster) | |
| Characterizing and Improving MPC-based Private Inference for Transformer-based Models (Poster) | |
| SoK: Privacy-preserving Clustering (Extended Abstract) (Poster) | |
| Certified Predictions using MPC-Friendly Publicly Verifiable Covertly Secure Commitments (Poster) | |
| Membership Inference Attacks Against NLP Classification Models (Poster) | |