Summary: Differential Privacy has become a widely used tool to protect privacy in data science applications. In this talk, I will present two use cases for differential privacy: a) in collection of key-value statistics and b) as a protection against membership inference attacks. Key-value statistics are commonly used to gather information about the use of software products. Yet, the collector may be untrusted, and the data of each user should be protected. There exist a number of differentially private collection methods that perturb the data at the client's site. However, these are very inaccurate. In theory it would also be possible to collect these statistics using secure computations. However, that is too inefficient to even test. We show that a new combination of differentially privacy and secure computation achieves both high accuracy and high efficiency. In the second application, we investigate the theoretical protection of differential privacy against membership inference attacks on neural network models. There exist proofs of theoretical upper bounds that scale with the privacy parameter. We show theoretically and empirically that those bounds do not hold against existing membership inference attacks in a natural deployment. We show that when using existing data sets from different sources on the Internet (instead of the same data set as in lab experiments) and unmodified existing, even no longer state-of-the-art membership inference attacks, the bound does not hold. We provide a theoretical explanation using a model that removes an unrealistic assumption about the training that, namely that it is iid.
