This document discusses privacy, security, and ethics in data science. It covers topics such as anonymizing data and computations, seeking security for personal data, and the unethical surprises that can occur in data science work. It also discusses how to respect privacy by securely storing data, adding layers of protection like encryption, and using techniques like distributed computing and differential privacy to better protect sensitive information. The document cautions that biases in data can propagate biases in models, and highlights the importance of addressing issues like social bias, redaction of sensitive info, and debiasing models to help ensure ethical practices in this field.

1. Privacy, Security and Ethics
in Data Science
Nikolaos Vasiloglou
1

2. Summary
● From Public to Private datasets
● Anonymizing data
● Anonymizing computations
● Seeking security for my data
● The unethical surprise of a data scientist
● Data science, the opportunity to build a more equal world
2

3. When are public data useful to a data scientist?
● Public data are by default anonymized (census data)
● By its nature there is no privacy concern (imagenet)
● Public data come with an identifier that allows user to join them with private
data (census)
● Public data can semantically join without an id (imagenet)
3

4. Public datasets that are not so useful
● Netflix or movielens and any other recommender datasets
● There is no way you can join them with real users
● They are only good for testing your algorithm
● Get an expectation of the accuracy range
4

5. Not so public not so private data
● Twitter data
● Facebook data
● Yelp data
● Amazon data
5

6. What is wrong about this data?
● Some of them are public to your friends but not to everybody
● Even when they are public, they might not be personally identifiable
● The fact that they are there does not mean you can use them without consent
● The Cambridge Analytica case
6

7. How to respect people’s privacy
● The minimum you can do is store them in a safe place
● Is cloud safe?
● How safe can it be?
● Is encryption enough?
7

8. Major Failures
8

9. How many layers of protection should I add?
● Two factor authentication
● VPN
● Encryption
● ….
● What is wrong with it?
● Secure -> Difficult -> People become creative in exfiltrating the data
9

10. Is my laptop safer than my company’s servers?
● Let’s discuss it!
● Who is the best target?
10

11. Use the usual trick
● Distribute your data
● Why is this helpful?
11

12. 12

13. An example: Distributed Addition
13

14. 14

15. Another example: Distributed multiplication
15

16. Homomorphic encryption another direction
16

17. 17

18. 18

19. 19

20. 20

21. Does encryption really respect privacy?
● What if I train a classifier and then throw the data?
● Can the classifier leak the data trained?
21

22. Adversarial Attacks
● Reconstructing training datasets
22

23. Reconstructing images
23

24. Reconstructing text
24

25. Differential Privacy, the remedy
25

26. What is differential privacy
● Practically speaking, a clever way to add
noise on your model without hurting
performance
● More or less the same trick like gradient
descend
● Bayesian model give you differential privacy
for free!!
26

27. What if you are not allowed to see the data?
● Sensitive and personal data like email
● European Union does not allow storing Personally Identifiable Information
● What representation should you use ?
27

28. Generative Models
● GANs
● LSTMs
28

29. Are they safe?
● Almost!
● It is possible to leak information
● You have to be carefull
29

30. What if we redact the sensitive information
● Netfix 2
30

31. Identifying people from location data
31

32. Life after model, ethical responsibility
32

33. Some Facts about ML algorithms
● Garbage In -> Garbage Out
● Racism In -> Racism Out
33

34. A never ending list of failures
34

35. 35

36. 36

37. 37

38. Social Bias
38

39. More on social bias
39

40. More sad failures
40

41. Debiasing is possible
41

42. You can fix it
42

43. Use legitimate source of information
43

44. NIPS devoted a keynote and a worksop
44

45. Conclusion
45