The United States of AI: Federated Learning and the Power of Privacy
Fresh off our 4th of July celebrations, commemorating a 247-year break up with the British, it’s good to take a minute to remember another significant date in American history. When my favourite British crooner, Lewis Capaldi, soulfully asks: “So, before you go was there something I could’ve said to make your heart beat better?” We retort: yes, a written constitution establishing a federal system of government. Adopted on June 21, 1788, the U.S. Constitution divvied up governing powers between a central authority (the federal government) and the individual states. We took the plunge first, but others soon followed our lead, including Germany, Switzerland, and Canada.
This concept of power distribution between a central authority and local authorities isn’t just confined to the world of politics; it has also infiltrated the world of artificial intelligence. I bet you didn’t see that coming, did you? So, cue the marching bands, the fireworks, and the NASCAR street race (for my friends in Chicago), and the red, white, and blue confetti, because we’re about to dive into the world of Federated Learning or Federated AI.
On a seemingly ordinary day, April 6, 2017, Brendon McMahan and Daniel Ramage, research scientists at Google, took the tech world by storm with a blog post titled “Federated Learning: Collaborative Machine Learning without Centralized Training Data.” This was Google’s invitation to the world to meet a new AI concept. Yet, much like that soft-spoken person who bravely stands up to make a toast while the party is in full swing, Google’s big moment flew under the radar for many of us. But don’t worry. As someone who’s never been shy, I’m ready to grab the mic and give you the reintroduction you didn’t know you needed.
Federated AI, also known as Federated Learning, is a decentralized approach to training machine learning models. The key? Data are kept locally for training, maintaining privacy and confidentiality, instead of being sent to a centralized server. The model training happens at the data source (such as a device or a secure environment), and only the model updates (such as weights and biases) are sent to a central server for aggregation.
In machine learning models, especially neural networks (if you need a refresher on this topic, check out Demystifying Neural Networks: Part 1 and Demystifying Neural Networks: Part 2), algorithms identify patterns in the data and “learn” by adjusting model parameters, such as weights and biases. The weights represent the strength or importance that the model assigns to each input and biases are like a starting point that can reinforce or offset model predictions. Suppose we’re hosting a 4th of July barbecue party with hot dogs, hamburgers, and veggie burgers. Not everyone likes everything, and certainly not in the same proportions. If we know from past parties that most attendees are vegetarians, we’ll buy and prepare more veggie burgers than hot dogs and hamburgers. In other words, we put more “weight” on veggie burgers as an input in our final meal composition. At the same time, we make some assumptions about how much everyone would eat to ensure we don’t run out of food. These are our biases. We might assume each person will eat two veggie burgers, but then learn that someone is on a diet and only wants one, or someone else skipped their last meal and could eat four. We update our initial assumptions as new information become available, much like a machine learning model.
In Federated learning, these weights and biases are learned in each local environment and then sent to the central server for aggregation, often involving taking the average of these parameters. This way, the central model can learn from all the local data without needing to share the original data, thereby maintaining privacy.
Now, let’s explore how Federated AI could be a potential game-changer in preserving data confidentiality, using the U.S. Census Bureau as an example. To protect the confidentiality (information disclosure) of its respondents, the Census Bureau does not release data at highly granular geographic levels that could be used to identify specific individuals. One approach that has been used instead is combining data from multiple sources to produce estimates for more granular geographies than any single dataset could support (for more on the use of synthetic data at Census Bureau, please see here).
However, Federated AI can offer a more secure and efficient alternative. Here’s how it could work:
- The Census Bureau trains a machine learning model on confidential data, locally, within the Bureau’s servers. This ensures that the data never leave the secure environment of the Census Bureau.
- During the training process, the model learns by adjusting its parameters (weights and biases). Once the model is adequately trained, these updated parameters — which now encapsulate the insights learned from the confidential data — are extracted. It’s important to note that these parameters don’t directly reveal any specifics about the confidential data.
- The Census Bureau can now share these updated model parameters with the public. Researchers or analysts can use these parameters to initialize their own versions of the model.
- Using these parameters, the public can generate predictions or insights that have been informed by the confidential data, without ever having access to the raw data. This can be done by feeding publicly available or other collected data into their version of the model.
However, Federated AI is not immune from all privacy attacks. While it holds significant promise for reshaping how we train ML models and manage data confidentiality, especially in federal agencies, ongoing efforts must be made to develop techniques against advanced adversarial attacks, particularly those aimed at discerning whether a specific data point was included in the training set.
