Protecting Privacy in Classifiers by Token Manipulation

Re’em Harel, Yair Elboher, Yuval Pinter


Abstract
Using language models as a remote service entails sending private information to an untrusted provider. In addition, potential eavesdroppers can intercept the messages, thereby exposing the information. In this work, we explore the prospects of avoiding such data exposure at the level of text manipulation. We focus on text classification models, examining various token mapping and contextualized manipulation functions in order to see whether classifier accuracy may be maintained while keeping the original text unrecoverable. We find that although some token mapping functions are easy and straightforward to implement, they heavily influence performance on the downstream task, and via a sophisticated attacker can be reconstructed. In comparison, the contextualized manipulation provides an improvement in performance.
Anthology ID:
2024.privatenlp-1.4
Volume:
Proceedings of the Fifth Workshop on Privacy in Natural Language Processing
Month:
August
Year:
2024
Address:
Bangkok, Thailand
Editors:
Ivan Habernal, Sepideh Ghanavati, Abhilasha Ravichander, Vijayanta Jain, Patricia Thaine, Timour Igamberdiev, Niloofar Mireshghallah, Oluwaseyi Feyisetan
Venues:
PrivateNLP | WS
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
29–38
Language:
URL:
https://aclanthology.org/2024.privatenlp-1.4
DOI:
Bibkey:
Cite (ACL):
Re’em Harel, Yair Elboher, and Yuval Pinter. 2024. Protecting Privacy in Classifiers by Token Manipulation. In Proceedings of the Fifth Workshop on Privacy in Natural Language Processing, pages 29–38, Bangkok, Thailand. Association for Computational Linguistics.
Cite (Informal):
Protecting Privacy in Classifiers by Token Manipulation (Harel et al., PrivateNLP-WS 2024)
Copy Citation:
PDF:
https://preview.aclanthology.org/autopr/2024.privatenlp-1.4.pdf