Interaction Patterns for Regulatory Compliance in Federated Learning

Organizations in highly regulated domains often struggle to build well-performing machine learning (ML) models due to restrictions from data protection regulation. Federated learning (FL) has recently been introduced as a potential remedy, whereby organizations share local models while keeping data on premise. Still, regulatory compliance remains challenging in FL settings: training data needs to be shared to some extent, and models can be reverse engineered or misused towards violation of data privacy by each participating organization. Guided by design science methodology, we introduce four interaction patterns that allow for compliance-by-design and trust-context-sensitive analysis of an FL system by combining different approaches to privacy preservation. We match the patterns to privacy principles and exemplify how verifiable claims about compliance at design-and operation-time FL can be generated to make all participating organizations accountable.

[1]  F. Fitzek,et al.  Survey on Fully Homomorphic Encryption, Theory, and Applications , 2022, Proceedings of the IEEE.

[2]  Dian Balta,et al.  Towards an Accountable and Reproducible Federated Learning: A FactSheets Approach , 2022, ArXiv.

[3]  Severin Kacianka,et al.  Designing Accountable Systems , 2021, FAccT.

[4]  Yike Guo,et al.  Privacy preservation in federated learning: An insightful survey from the GDPR perspective , 2020, Comput. Secur..

[5]  Moncef L. Nehdi,et al.  Machine Learning Algorithms in Civil Structural Health Monitoring: A Systematic Review , 2020, Archives of Computational Methods in Engineering.

[6]  Heiko Ludwig,et al.  IBM Federated Learning: an Enterprise Framework White Paper V0.1 , 2020, ArXiv.

[7]  Peter Henderson,et al.  Toward Trustworthy AI Development: Mechanisms for Supporting Verifiable Claims , 2020, ArXiv.

[8]  Christopher A. Choquette-Choo,et al.  Machine Unlearning , 2019, 2021 IEEE Symposium on Security and Privacy (SP).

[9]  H. Vincent Poor,et al.  Federated Learning With Differential Privacy: Algorithms and Performance Analysis , 2019, IEEE Transactions on Information Forensics and Security.

[10]  G. Wainrib,et al.  Deep learning-based classification of mesothelioma improves prediction of patient outcome , 2019, Nature Medicine.

[11]  Kai Rannenberg,et al.  PrivacyBot: Detecting Privacy Sensitive Information in Unstructured Texts , 2019, 2019 Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS).

[12]  Anit Kumar Sahu,et al.  Federated Learning: Challenges, Methods, and Future Directions , 2019, IEEE Signal Processing Magazine.

[13]  Bingsheng He,et al.  A Survey on Federated Learning Systems: Vision, Hype and Reality for Data Privacy and Protection , 2019, IEEE Transactions on Knowledge and Data Engineering.

[14]  Kush R. Varshney,et al.  FactSheets: Increasing trust in AI services through supplier's declarations of conformity , 2019, IBM J. Res. Dev..

[15]  Rui Zhang,et al.  A Hybrid Approach to Privacy-Preserving Federated Learning , 2018, Informatik Spektrum.

[16]  Fei Wang,et al.  Deep learning for healthcare: review, opportunities and challenges , 2018, Briefings Bioinform..

[17]  Wei Shi,et al.  Federated learning of predictive models from federated Electronic Health Records , 2018, Int. J. Medical Informatics.

[18]  Nizan Geslevich Packin Regtech, Compliance and Technology Judgment Rule , 2017 .

[19]  Anna Romanou,et al.  The necessity of the implementation of Privacy by Design in sectors where data protection concerns arise , 2017, Comput. Law Secur. Rev..

[20]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[21]  Blaise Agüera y Arcas,et al.  Communication-Efficient Learning of Deep Networks from Decentralized Data , 2016, AISTATS.

[22]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[23]  Xiang Zhang,et al.  Character-level Convolutional Networks for Text Classification , 2015, NIPS.

[24]  David Hay,et al.  Privacy Auditing Standards , 2015 .

[25]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[26]  Ronald Leenes,et al.  Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law , 2014 .

[27]  Florian Matthes,et al.  Pattern-Based Design Research - An Iterative Research Method Balancing Rigor and Relevance , 2013, DESRIST.

[28]  Sara Eriksén,et al.  Designing for accountability , 2002, NordiCHI '02.

[29]  Jan O. Borchers A pattern approach to interaction design , 2001, DIS '00.

[30]  Nei Kato,et al.  Machine Learning Meets Computation and Communication Control in Evolving Edge and Cloud: Challenges and Future Perspective , 2020, IEEE Communications Surveys & Tutorials.

[31]  Shai Halevi,et al.  Homomorphic Encryption , 2017, Tutorials on the Foundations of Cryptography.