The goal of our workshop is to bring together privacy experts working in academia and industry to discuss the present and future of technologies that enable machine learning with privacy. The workshop will focus on the technical aspects of privacy research and deployment with invited and contributed talks by distinguished researchers in the area. By design, the workshop should serve as a meeting point for regular NeurIPS attendees interested/working on privacy to meet other parts of the privacy community (security researchers, legal scholars, industry practitioners). The focus this year will include emerging problems such as machine unlearning, privacy-fairness tradeoffs and legal challenges in recent deployments of differential privacy (e.g. that of the US Census Bureau). We will conclude the workshop with a panel discussion titled: “Machine Learning and Privacy in Practice: Challenges, Pitfalls and Opportunities”. A diverse set of panelists will address the challenges faced applying these technologies to the real world. The programme of the workshop will emphasize the diversity of points of view on the problem of privacy. We will also ensure that there is ample time for discussions that encourage networking between researchers, which should result in mutually beneficial new long-term collaborations.
| Introduction (Opening) | |
| Invited talk: Emiliano de Cristofaro (University College London) --- Privacy in Machine Learning -- It's Complicated (Invited talk) | |
| Emiliano Q&A (Q&A) | |
| Coffee break (coffee break) | |
| Differential Privacy via Group Shuffling (Contributed talk) | |
| SoK: Privacy-preserving Clustering (Extended Abstract) (Contributed talk) | |
| Contributed talk Q&A (Q&A) | |
| Coffee Break (Break) | |
| Poster Session (Poster) | |
| Panel | |
| Introduction (Opening) | |
| Invited talk: Helen Nissenbaum (Cornell Tech) --- Practical Privacy, Fairness, Ethics, Policy (Invited talk) | |
| Invited talk: Aaron Roth (UPenn / Amazon): Machine Unlearning. (Invited talk) | |
| Q&A for Helen and Aaron (Q&A) | |
| Coffee break (Break) | |
| Poster Session (Gather.Town) | |
| Coffee break (Break) | |
| Invited talk: Kristin Lauter (Facebook AI Research): ML on Encrypted Data. (Invited talk) | |
| Q&A for Kristin (Q&A) | |
| Privacy-Aware Rejection Sampling (Contributed talk) | |
| Population Level Privacy Leakage in Binary Classification wtih Label Noise (Contributed talk) | |
| Simple Baselines Are Strong Performers for Differentially Private Natural Language Processing (Contributed talk) | |
| Canonical Noise Distributions and Private Hypothesis Tests (Contributed talk) | |
| Q&A for four contributed talks (Q&A) | |
| Panel | |
| Closing (closing) | |
| A Novel Self-Distillation Architecture to Defeat Membership Inference Attacks (Poster) | |
| Population Level Privacy Leakage in Binary Classification wtih Label Noise (Poster) | |
| Iterative Methods for Private Synthetic Data: Unifying Framework and New Methods (Poster) | |
| An automatic differentiation system for the age of differential privacy (Poster) | |
| A Generic Hybrid 2PC Framework with Application to Private Inference of Unmodified Neural Networks (Extended Abstract) (Poster) | |
| Certified Predictions using MPC-Friendly Publicly Verifiable Covertly Secure Commitments (Poster) | |
| SoK: Privacy-preserving Clustering (Extended Abstract) (Poster) | |
| Characterizing and Improving MPC-based Private Inference for Transformer-based Models (Poster) | |
| Architecture Matters: Investigating the Influence of Differential Privacy on Neural Network Design (Poster) | |
| Realistic Face Reconstruction from Deep Embeddings (Poster) | |
| Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning (Poster) | |
| A Joint Exponential Mechanism for Differentially Private Top-k Set (Poster) | |
| Label Private Deep Learning Training based on Secure Multiparty Computation and Differential Privacy (Poster) | |
| Communication Efficient Federated Learning with Secure Aggregation and Differential Privacy (Poster) | |
| DP-SEP: Differentially private stochastic expectation propagation (Poster) | |
| Feature-level privacy loss modelling in differentially private machine learning (Poster) | |
| Opacus: User-Friendly Differential Privacy Library in PyTorch (Poster) | |
| Enforcing fairness in private federated learning via the modified method of differential multipliers (Poster) | |
| Tight Accounting in the Shuffle Model of Differential Privacy (Poster) | |
| Mean Estimation with User-level Privacy under Data Heterogeneity (Poster) | |
| Private Confidence Sets (Poster) | |
| Membership Inference Attacks Against NLP Classification Models (Poster) | |
| ABY2.0: New Efficient Primitives for STPC with Applications to Privacy in Machine Learning (Extended Abstract) (Poster) | |
| Combining Public and Private Data (Poster) | |
| Unsupervised Membership Inference Attacks Against Machine Learning Models (Poster) | |
| Differential Privacy via Group Shuffling (Poster) | |
| SSSE: Efficiently Erasing Samples from Trained Machine Learning Models (Poster) | |
| Sample-and-threshold differential privacy: Histograms and applications (Poster) | |
| Differentially Private Hamiltonian Monte Carlo (Poster) | |
| Reconstructing Test Labels from Noisy Loss Scores (Extended Abstract) (Poster) | |
| Privacy-Aware Rejection Sampling (Poster) | |
| Canonical Noise Distributions and Private Hypothesis Tests (Poster) | |
| Understanding Training-Data Leakage from Gradients in Neural Networks for ImageClassifications (Poster) | |
| Efficient passive membership inference attack in federated learning (Poster) | |
| Interaction data are identifiable even across long periods of time (Poster) | |
| Simple Baselines Are Strong Performers for Differentially Private Natural Language Processing (Poster) | |
| Reconstructing Training Data with Informed Adversaries (Poster) | |
| Zero Knowledge Arguments for Verifiable Sampling (Poster) | |
| Basil: A Fast and Byzantine-Resilient Approach for Decentralized Training (Poster) | |