Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Privacy Issues in Large Language Models: A Survey (2312.06717v4)

Published 11 Dec 2023 in cs.AI

Abstract: This is the first survey of the active area of AI research that focuses on privacy issues in LLMs. Specifically, we focus on work that red-teams models to highlight privacy risks, attempts to build privacy into the training or inference process, enables efficient data deletion from trained models to comply with existing privacy regulations, and tries to mitigate copyright issues. Our focus is on summarizing technical research that develops algorithms, proves theorems, and runs empirical evaluations. While there is an extensive body of legal and policy work addressing these challenges from a different angle, that is not the focus of our survey. Nevertheless, these works, along with recent legal developments do inform how these technical problems are formalized, and so we discuss them briefly in Section 1. While we have made our best effort to include all the relevant work, due to the fast moving nature of this research we may have missed some recent work. If we have missed some of your work please contact us, as we will attempt to keep this survey relatively up to date. We are maintaining a repository with the list of papers covered in this survey and any relevant code that was publicly available at https://github.com/safr-ml-lab/survey-LLM.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (223)
  1. On the opportunities and risks of foundation models. ArXiv, 2021. URL https://crfm.stanford.edu/assets/report.pdf.
  2. Oct 2023. URL https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/.
  3. Nicola Lucchi. Chatgpt: A case study on copyright challenges for generative artificial intelligence systems. European Journal of Risk Regulation, page 1–23, 2023. doi:10.1017/err.2023.59.
  4. Humans forget, machines remember: Artificial intelligence and the right to be forgotten. Computer Law &\&& Security Review, 34(2):304–313, 2018. ISSN 0267-3649. doi:https://doi.org/10.1016/j.clsr.2017.08.007. URL https://www.sciencedirect.com/science/article/pii/S0267364917302091.
  5. A survey of machine unlearning, 2022.
  6. Antonio Gulli, 2004. URL http://groups.di.unipi.it/~gulli/AG_corpus_of_news_articles.html.
  7. Bigpatent: A large-scale dataset for abstractive and coherent summarization, 2019.
  8. Aligning books and movies: Towards story-like visual explanations by watching movies and reading books, 2015.
  9. W. N. Francis and H. Kucera. Brown corpus manual. Technical report, Department of Linguistics, Brown University, Providence, Rhode Island, US, 1979. URL http://icame.uib.no/brown/bcm.html.
  10. Common Crawl. Common crawl, 2008. URL https://commoncrawl.org/.
  11. Documenting large webtext corpora: A case study on the colossal clean crawled corpus, 2021.
  12. mt5: A massively multilingual pre-trained text-to-text transformer, 2021.
  13. Findings of the 2018 conference on machine translation (WMT18). In Proceedings of the Third Conference on Machine Translation: Shared Task Papers, pages 272–303, Belgium, Brussels, October 2018. Association for Computational Linguistics. doi:10.18653/v1/W18-6401. URL https://aclanthology.org/W18-6401.
  14. Customer simulation for direct marketing experiments. In 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), pages 478–487, 2016. doi:10.1109/DSAA.2016.59.
  15. Mimic-iii, a freely accessible critical care database. Scientific Data, 3(1), 2016. doi:10.1038/sdata.2016.35.
  16. One billion word benchmark for measuring progress in statistical language modeling, 2014.
  17. Openwebtext corpus, 2019. URL http://Skylion007.github.io/OpenWebTextCorpus.
  18. Building a large annotated corpus of English: The Penn Treebank. Computational Linguistics, 19(2):313–330, 1993. URL https://aclanthology.org/J93-2004.
  19. The pile: An 800gb dataset of diverse text for language modeling, 2020.
  20. Transfer learning in biomedical natural language processing: An evaluation of BERT and ELMo on ten benchmarking datasets. In Proceedings of the 18th BioNLP Workshop and Shared Task, pages 58–65, Florence, Italy, August 2019. Association for Computational Linguistics. doi:10.18653/v1/W19-5006. URL https://aclanthology.org/W19-5006.
  21. Roberta: A robustly optimized bert pretraining approach, 2019.
  22. Alec Go. Sentiment classification using distant supervision. 2009. URL https://api.semanticscholar.org/CorpusID:18635269.
  23. Stack Overflow. Stack overflow data, Mar 2019. URL https://www.kaggle.com/datasets/stackoverflow/stackoverflow.
  24. Building a question answering test collection. In Proceedings of the 23rd Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR ’00, page 200–207, New York, NY, USA, 2000. Association for Computing Machinery. ISBN 1581132263. doi:10.1145/345508.345577. URL https://doi.org/10.1145/345508.345577.
  25. Pointer sentinel mixture models. ArXiv, abs/1609.07843, 2016. URL https://api.semanticscholar.org/CorpusID:16299141.
  26. Character-level convolutional networks for text classification, 2016.
  27. Matt Mahoney. Large text compression benchmark, 2009. URL https://cs.fit.edu/~mmahoney/compression/text.html.
  28. The secret sharer: Evaluating and testing unintended memorization in neural networks, 2019.
  29. Extracting training data from large language models. In USENIX Security Symposium, 2020. URL https://api.semanticscholar.org/CorpusID:229156229.
  30. Quantifying memorization across neural language models, 2023a.
  31. Vitaly Feldman. Does learning require memorization? a short tale about a long tail. In Proceedings of the 52nd Annual ACM SIGACT Symposium on Theory of Computing, STOC 2020, page 954–959, New York, NY, USA, 2020. Association for Computing Machinery. ISBN 9781450369794. doi:10.1145/3357713.3384290. URL https://doi.org/10.1145/3357713.3384290.
  32. When is memorization of irrelevant training data necessary for high-accuracy learning? In Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing, STOC 2021, page 123–132, New York, NY, USA, 2021. Association for Computing Machinery. ISBN 9781450380539. doi:10.1145/3406325.3451131. URL https://doi.org/10.1145/3406325.3451131.
  33. Griffin Davis. Chatgpt allegedly trained on copyrighted books!, May 2023a. URL https://www.techtimes.com/articles/291210/20230505/chatgpt-allegedly-trained-copyrighted-books-new-study-claims-memorized-harry.htm.
  34. Melissa Heikkila. What does gpt-3 “know” about me?, Sep 2022a. URL https://www.technologyreview.com/2022/08/31/1058800/what-does-gpt-3-know-about-me/.
  35. SCRT Labs. The secret behind large language models: Memorization over understanding?, Apr 2023. URL https://www.linkedin.com/pulse/secret-behind-large-language-models-memorization-over-understanding/.
  36. F.t.c. opens investigation into chatgpt maker over technology’s potential harms, Jul 2023. URL https://www.nytimes.com/2023/07/13/technology/chatgpt-investigation-ftc-openai.html.
  37. Deduplicating training data makes language models better. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pages 8424–8445, Dublin, Ireland, May 2022. Association for Computational Linguistics. doi:10.18653/v1/2022.acl-long.577. URL https://aclanthology.org/2022.acl-long.577.
  38. Preventing verbatim memorization in language models gives a false sense of privacy, 2023.
  39. Deduplicating training data mitigates privacy risks in language models, 2022.
  40. Memorization without overfitting: Analyzing the training dynamics of large language models, 2022.
  41. Sparks of artificial general intelligence: Early experiments with gpt-4. ArXiv, abs/2303.12712, 2023. URL https://api.semanticscholar.org/CorpusID:257663729.
  42. Scalable extraction of training data from (production) language models, 2023.
  43. Counterfactual memorization in neural language models, 2021.
  44. Quantifying and analyzing entity-level memorization in large language models, 2023.
  45. Prefix-tuning: Optimizing continuous prompts for generation. In Chengqing Zong, Fei Xia, Wenjie Li, and Roberto Navigli, editors, Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pages 4582–4597, Online, August 2021. Association for Computational Linguistics. doi:10.18653/v1/2021.acl-long.353. URL https://aclanthology.org/2021.acl-long.353.
  46. The power of scale for parameter-efficient prompt tuning. In Marie-Francine Moens, Xuanjing Huang, Lucia Specia, and Scott Wen-tau Yih, editors, Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pages 3045–3059, Online and Punta Cana, Dominican Republic, November 2021. Association for Computational Linguistics. doi:10.18653/v1/2021.emnlp-main.243. URL https://aclanthology.org/2021.emnlp-main.243.
  47. Measuring forgetting of memorized training examples, 2023.
  48. GPT-Neo: Large Scale Autoregressive Language Modeling with Mesh-Tensorflow, March 2021. URL https://doi.org/10.5281/zenodo.5297715.
  49. Ben Wang. Mesh-Transformer-JAX: Model-Parallel Implementation of Transformer Language Model with JAX. https://github.com/kingoflolz/mesh-transformer-jax, May 2021.
  50. Efficient large scale language modeling with mixtures of experts, 2022.
  51. Opt: Open pre-trained transformer language models, 2022.
  52. Investigating the impact of pre-trained word embeddings on memorization in neural networks. In Workshop on Time-Delay Systems, 2020.
  53. GloVe: Global vectors for word representation. In Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pages 1532–1543, Doha, Qatar, October 2014. Association for Computational Linguistics. doi:10.3115/v1/D14-1162. URL https://aclanthology.org/D14-1162.
  54. Deep contextualized word representations. In Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers), pages 2227–2237, New Orleans, Louisiana, June 2018. Association for Computational Linguistics. doi:10.18653/v1/N18-1202. URL https://aclanthology.org/N18-1202.
  55. BERT: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pages 4171–4186, Minneapolis, Minnesota, June 2019. Association for Computational Linguistics. doi:10.18653/v1/N19-1423. URL https://aclanthology.org/N19-1423.
  56. CRFM Stanford. Mistral, 2021. URL https://github.com/stanford-crfm/mistral.
  57. Reflective decoding: Beyond unidirectional generation with off-the-shelf language models. In Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers), pages 1435–1450, Online, August 2021. Association for Computational Linguistics. doi:10.18653/v1/2021.acl-long.114. URL https://aclanthology.org/2021.acl-long.114.
  58. Exploring the limits of transfer learning with a unified text-to-text transformer, 2020.
  59. Understanding deep learning requires rethinking generalization, 2017.
  60. Julien Simon. Large language models: A new moore’s law?, 2021. URL https://huggingface.co/blog/large-language-models.
  61. Emergent and predictable memorization in large language models, 2023a.
  62. Pythia: A suite for analyzing large language models across training and scaling, 2023b.
  63. Datasheet for the pile, 2022.
  64. How much do language models copy from their training data? evaluating linguistic novelty in text generation using raven, 2021.
  65. How bpe affects memorization in transformers, 2021.
  66. Privacy amplification by iteration. In Mikkel Thorup, editor, 59th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2018, Paris, France, October 7-9, 2018, pages 521–532. IEEE Computer Society, 2018. doi:10.1109/FOCS.2018.00056. URL https://doi.org/10.1109/FOCS.2018.00056.
  67. Provably confidential language modelling, 2022.
  68. Communication-efficient learning of deep networks from decentralized data, 2016.
  69. Understanding unintended memorization in federated learning, 2020.
  70. Training production language models without memorizing user data, 2020.
  71. Membership inference attacks on machine learning: A survey. ACM Comput. Surv., 54(11s), sep 2022. ISSN 0360-0300. doi:10.1145/3523273. URL https://doi.org/10.1145/3523273.
  72. When machine learning meets privacy: A survey and outlook. ACM Comput. Surv., 54(2), mar 2021. ISSN 0360-0300. doi:10.1145/3436755. URL https://doi.org/10.1145/3436755.
  73. Privacy risk in machine learning: Analyzing the connection to overfitting, 2018.
  74. Membership inference attacks against language models via neighbourhood comparison. In Findings of the Association for Computational Linguistics: ACL 2023, pages 11330–11343, Toronto, Canada, July 2023. Association for Computational Linguistics. doi:10.18653/v1/2023.findings-acl.719. URL https://aclanthology.org/2023.findings-acl.719.
  75. Quantifying the privacy risks of learning high-dimensional graphical models, 2021.
  76. Membership inference attacks against machine learning models, 2017.
  77. A pragmatic approach to membership inferences on machine learning models. In 2020 IEEE European Symposium on Security and Privacy (EuroS&\&&P), pages 521–534, 2020. doi:10.1109/EuroSP48549.2020.00040.
  78. White-box vs black-box: Bayes optimal strategies for membership inference, 2019.
  79. Systematic evaluation of privacy risks of machine learning models, 2020.
  80. Membership inference attacks from first principles, 2022.
  81. Does bert pretrained on clinical notes reveal sensitive data?, 2021.
  82. Information leakage in embedding models, 2020.
  83. Enriching word vectors with subword information. Transactions of the Association for Computational Linguistics, 5:135–146, 2017. doi:10.1162/tacl_a_00051. URL https://aclanthology.org/Q17-1010.
  84. Distributed representations of words and phrases and their compositionality, 2013.
  85. Universal sentence encoder for English. In Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pages 169–174, Brussels, Belgium, November 2018. Association for Computational Linguistics. doi:10.18653/v1/D18-2029. URL https://aclanthology.org/D18-2029.
  86. Learning cross-lingual sentence representations via a multi-task dual-encoder model. In Proceedings of the 4th Workshop on Representation Learning for NLP (RepL4NLP-2019), pages 250–259, Florence, Italy, August 2019. Association for Computational Linguistics. doi:10.18653/v1/W19-4330. URL https://aclanthology.org/W19-4330.
  87. Efficient natural language response suggestion for smart reply, 2017.
  88. An efficient framework for learning sentence representations, 2018.
  89. The Ubuntu dialogue corpus: A large dataset for research in unstructured multi-turn dialogue systems. In Proceedings of the 16th Annual Meeting of the Special Interest Group on Discourse and Dialogue, pages 285–294, Prague, Czech Republic, September 2015. Association for Computational Linguistics. doi:10.18653/v1/W15-4640. URL https://aclanthology.org/W15-4640.
  90. Sentence-BERT: Sentence embeddings using Siamese BERT-networks. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), pages 3982–3992, Hong Kong, China, November 2019. Association for Computational Linguistics. doi:10.18653/v1/D19-1410. URL https://aclanthology.org/D19-1410.
  91. Learning semantic textual similarity from conversations. In Proceedings of the Third Workshop on Representation Learning for NLP, pages 164–174, Melbourne, Australia, July 2018. Association for Computational Linguistics. doi:10.18653/v1/W18-3022. URL https://aclanthology.org/W18-3022.
  92. zlib compression library, 1995. URL http://zlib.net/.
  93. Quantifying privacy risks of masked language models using membership inference attacks, 2022.
  94. Using membership inference attacks to evaluate privacy-preserving language modeling fails for pseudonymizing data. In Proceedings of the 24th Nordic Conference on Computational Linguistics (NoDaLiDa), pages 318–323, Tórshavn, Faroe Islands, May 2023. University of Tartu Library. URL https://aclanthology.org/2023.nodalida-1.33.
  95. Membership inference attack susceptibility of clinical language models. ArXiv, abs/2104.08305, 2021. URL https://api.semanticscholar.org/CorpusID:233296028.
  96. Kart: Parameterization of privacy leakage scenarios from pre-trained language models, 2022.
  97. Publicly available clinical BERT embeddings. In Proceedings of the 2nd Clinical Natural Language Processing Workshop, pages 72–78, Minneapolis, Minnesota, USA, June 2019. Association for Computational Linguistics. doi:10.18653/v1/W19-1909. URL https://aclanthology.org/W19-1909.
  98. Language models are unsupervised multitask learners. 2019. URL https://api.semanticscholar.org/CorpusID:160025533.
  99. Analyzing information leakage of updates to natural language models. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM, oct 2020. doi:10.1145/3372297.3417880. URL https://doi.org/10.1145%2F3372297.3417880.
  100. Recurrent neural network regularization, 2015.
  101. Auditing data provenance in text-generation models, 2019.
  102. Chameleons in imagined conversations: A new approach to understanding coordination of linguistic style in dialogs. In Proceedings of the 2nd Workshop on Cognitive Modeling and Computational Linguistics, pages 76–87, Portland, Oregon, USA, June 2011. Association for Computational Linguistics. URL https://aclanthology.org/W11-0609.
  103. Learning phrase representations using RNN encoder–decoder for statistical machine translation. In Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pages 1724–1734, Doha, Qatar, October 2014. Association for Computational Linguistics. doi:10.3115/v1/D14-1179. URL https://aclanthology.org/D14-1179.
  104. Philipp Koehn. Europarl: A parallel corpus for statistical machine translation. In Proceedings of Machine Translation Summit X: Papers, pages 79–86, Phuket, Thailand, September 13-15 2005. URL https://aclanthology.org/2005.mtsummit-papers.11.
  105. Membership inference attacks on sequence-to-sequence models: Is my data in your machine translation system? Transactions of the Association for Computational Linguistics, 8:49–63, dec 2020. doi:10.1162/tacl_a_00299. URL https://doi.org/10.1162%2Ftacl_a_00299.
  106. Automatic evaluation of machine translation quality using longest common subsequence and skip-bigram statistics. In Proceedings of the 42nd Annual Meeting on Association for Computational Linguistics, ACL ’04, page 605–es, USA, 2004. Association for Computational Linguistics. doi:10.3115/1218955.1219032. URL https://doi.org/10.3115/1218955.1219032.
  107. Attention is all you need, 2023.
  108. Sockeye: A toolkit for neural machine translation, 2018.
  109. Did the neurons read your book? document-level membership inference for large language models, 2023.
  110. Together Computer. Redpajama: an open dataset for training large language models, 2023. URL https://github.com/togethercomputer/RedPajama-Data.
  111. Openllama: An open reproduction of llama, May 2023. URL https://github.com/openlm-research/open_llama.
  112. Tmi! finetuned models leak private information from their pretraining data, 2023.
  113. Transformer-XL: Attentive language models beyond a fixed-length context. In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, pages 2978–2988, Florence, Italy, July 2019. Association for Computational Linguistics. doi:10.18653/v1/P19-1285. URL https://aclanthology.org/P19-1285.
  114. Scalable membership inference attacks via quantile regression, 2023.
  115. Bag of tricks for training data extraction from language models, 2023.
  116. Huggingface’s transformers: State-of-the-art natural language processing, 2020.
  117. Training data extraction challenge, 2023b. URL https://github.com/google-research/lm-extraction-benchmark.
  118. Ethicist: Targeted training data extraction through loss smoothed soft prompting and calibrated confidence estimation, 2023a.
  119. Oskar Andersson. Sequential Good-Turing and the missing species problem. PhD thesis, 2022.
  120. Can sensitive information be deleted from llms? objectives for defending against extraction attacks, 2023.
  121. Extracting training data from diffusion models, 2023c.
  122. Beyond memorization: Violating privacy via inference with large language models, 2023.
  123. Data portraits: Recording foundation model training data, 2023.
  124. Datasheets for datasets, 2021.
  125. Pier Paolo Ippolito. Ai differential privacy and federated learning, Oct 2020. URL https://towardsdatascience.com/ai-differential-privacy-and-federated-learning-523146d46b85.
  126. Cynthia Dwork. Differential privacy. In Automata, Languages and Programming: 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II 33, pages 1–12. Springer, 2006.
  127. Provable membership inference privacy, 2022.
  128. Stochastic gradient descent with differentially private updates. In 2013 IEEE Global Conference on Signal and Information Processing, pages 245–248, 2013. doi:10.1109/GlobalSIP.2013.6736861.
  129. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, oct 2016. doi:10.1145/2976749.2978318. URL https://doi.org/10.1145%2F2976749.2978318.
  130. Privacy-preserving prediction, 2018.
  131. Pac learning with stable and private predictions, 2020.
  132. The Algorithmic Foundations of Differential Privacy. Foundations and Trends in Theoretical Computer Science, 2014.
  133. Tempered sigmoid activations for deep learning with differential privacy. CoRR, abs/2007.14191, 2020. URL https://arxiv.org/abs/2007.14191.
  134. Jacob Poushter. Smartphone ownership and internet usage continues to climb in emerging economies, Feb 2016. URL https://www.pewresearch.org/global/2016/02/22/smartphone-ownership-and-internet-usage-continues-to-climb-in-emerging-economies/.
  135. Federated learning for mobile keyboard prediction, 2019.
  136. Large-scale differentially private bert, 2021.
  137. Google’s neural machine translation system: Bridging the gap between human and machine translation, 2016.
  138. Learning and evaluating a differentially private pre-trained language model. In Findings of the Association for Computational Linguistics: EMNLP 2021, pages 1178–1189, Punta Cana, Dominican Republic, 2021. URL https://aclanthology.org/2021.findings-emnlp.102/.
  139. 2010 i2b2/VA challenge on concepts, assertions, and relations in clinical text. Journal of the American Medical Informatics Association, 18(5):552–556, 06 2011. ISSN 1067-5027. doi:10.1136/amiajnl-2011-000203. URL https://doi.org/10.1136/amiajnl-2011-000203.
  140. Selective differential privacy for language modeling, 2022.
  141. Neural machine translation of rare words with subword units, 2016.
  142. MultiWOZ 2.2 : A dialogue dataset with additional annotation corrections and state tracking baselines. In Proceedings of the 2nd Workshop on Natural Language Processing for Conversational AI, pages 109–117, Online, July 2020. Association for Computational Linguistics. doi:10.18653/v1/2020.nlp4convai-1.13. URL https://aclanthology.org/2020.nlp4convai-1.13.
  143. Differentially private language models benefit from public pre-training. In Proceedings of the Second Workshop on Privacy in NLP, pages 39–45, Online, November 2020. Association for Computational Linguistics. doi:10.18653/v1/2020.privatenlp-1.5. URL https://aclanthology.org/2020.privatenlp-1.5.
  144. Large language models can be strong differentially private learners, 2022.
  145. The e2e dataset: New challenges for end-to-end generation, 2017.
  146. Scaling up differentially private deep learning with fast per-example gradient clipping, 2020.
  147. An efficient dp-sgd mechanism for large scale nlp models, 2022.
  148. Language models are few-shot learners. In H. Larochelle, M. Ranzato, R. Hadsell, M.F. Balcan, and H. Lin, editors, Advances in Neural Information Processing Systems, volume 33, pages 1877–1901. Curran Associates, Inc., 2020. URL https://proceedings.neurips.cc/paper_files/paper/2020/file/1457c0d6bfcb4967418bfb8ac142f64a-Paper.pdf.
  149. Prompts should not be seen as secrets: Systematically measuring prompt extraction attack success, 2023.
  150. Privacy-preserving in-context learning with differentially private few-shot generation, 2023.
  151. Knowledge sanitization of large language models, 2023.
  152. Submix: Practical private prediction for large-scale language models, 2022.
  153. Scalable private learning with pate, 2018.
  154. Differentially private decoding in large language models, 2022.
  155. Megatron-lm: Training multi-billion parameter language models using model parallelism, 2020.
  156. Learning differentially private recurrent language models, 2018.
  157. Conversational contextual cues: The case of personalization and history for response ranking, 2016.
  158. Long short-term memory based recurrent neural network architectures for large vocabulary speech recognition, 2014.
  159. Large language models can be good privacy protection learners, 2023.
  160. Direct preference optimization: Your language model is secretly a reward model, 2023.
  161. Llama: Open and efficient foundation language models, 2023.
  162. Medalpaca – an open-source collection of medical conversational ai models and training data, 2023.
  163. LeapBeyond. Scrubadub: A python library for cleaning sensitive data from text. https://github.com/LeapBeyond/scrubadub, 2023. GitHub Repository.
  164. Chin-Yew Lin. ROUGE: A package for automatic evaluation of summaries. In Text Summarization Branches Out, pages 74–81, Barcelona, Spain, July 2004. Association for Computational Linguistics. URL https://aclanthology.org/W04-1013.
  165. Bertscore: Evaluating text generation with bert, 2020.
  166. James Vincent. The scary truth about ai copyright is nobody knows what will happen next, Nov 2022. URL https://www.theverge.com/23444685/generative-ai-copyright-infringement-legal-fair-use-training-data.
  167. Melissa Heikkila. This artist is dominating ai-generated art. and he’s not happy about it., Nov 2022b. URL https://www.technologyreview.com/2022/09/16/1059598/this-artist-is-dominating-ai-generated-art-and-hes-not-happy-about-it/?truid=&utm_source=the_algorithm&utm_medium=email&utm_campaign=the_algorithm.unpaid.engagement&utm_content=04-17-2023.
  168. Addressing "documentation debt" in machine learning research: A retrospective datasheet for bookcorpus, 2021.
  169. Wes Davis. Sarah silverman is suing openai and meta for copyright infringement, Jul 2023b. URL https://www.theverge.com/2023/7/9/23788741/sarah-silverman-openai-meta-chatgpt-llama-copyright-infringement-chatbots-artificial-intelligence-ai?ICID.
  170. Copyright violations and large language models, 2023.
  171. Daniel E. Rose. It might be cheaper to pay them: Artificial intelligence, copyright, and the hollywood writers’ strike - copyright - united states, May 2023a. URL https://www.mondaq.com/unitedstates/copyright/1314270/it-might-be-cheaper-to-pay-them-artificial-intelligence-copyright-and-the-hollywood-writers-strike.
  172. Ryan Broderick. Ai can’t replace humans yet - but if the wga writers don’t win, it might not matter, May 2023. URL https://www.polygon.com/23742770/ai-writers-strike-chat-gpt-explained.
  173. Sylvie Delacroix. Data rivers: Re-balancing the data ecosystem that makes generative ai possible, Apr 2023. URL https://ssrn.com/abstract=4388928.
  174. Nov 2021. URL https://harvardlawreview.org/print/vol-135/google-llc-v-oracle-america-inc/.
  175. Benjamin L. W. Sobel. Artificial intelligence’s fair use crisis. The Columbia Journal of Law and the Arts, 41(1):45–97, Dec. 2017. doi:10.7916/jla.v41i1.2036. URL https://journals.library.columbia.edu/index.php/lawandarts/article/view/2036.
  176. Foundation models and fair use, 2023.
  177. Fair learning, Mar 2021. URL https://texaslawreview.org/fair-learning/.
  178. Matthew Sag. The new legal landscape for text mining and machine learning. SSRN Electronic Journal, 66:291–365, 2019. doi:10.2139/ssrn.3331606.
  179. Kalin Hristov. Artificial intelligence and the copyright dilemma, May 2017. URL https://ssrn.com/abstract=2976428.
  180. US Copyright. Copyright registration guidance: Works containing material generated by artificial intelligence 2023, 2023.
  181. Daniel E. Rose. Dabus dares to dream: A look at stephen thaler’s patent puzzle, Jan 2023b. URL https://www.vklaw.com/ImagineThatIPLawBlog/dabus-dares-to-dream-a-look-at-stephen-thalers-patent-puzzle.
  182. Dan L Burk. Algorithmic fair use. The University of Chicago Law Review, 86(2):283, 2019.
  183. 499 U.S. 340 US Supreme Court. Feist publications, inc. v. rural telephone service company, inc., 1991. URL https://www.law.cornell.edu/supremecourt/text/499/340.
  184. Amanda Levendowski. How copyright law can fix artificial intelligence’s implicit bias problem. Washington Law Review, 93, 2017.
  185. Provable copyright protection for generative models, 2023.
  186. Can copyright be reduced to privacy?, 2023.
  187. Formalizing human ingenuity: A quantitative framework for copyright law’s substantial similarity, 2022.
  188. Deepcreativity: Measuring creativity with deep learning techniques, 2022.
  189. Margaret A. Boden. The creative mind: Myths and mechanisms. Routledge, 2005.
  190. Americans and privacy: Concerned, confused and feeling lack of control over their personal information, Nov 2019. URL https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/.
  191. European Parliament and Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council, 2016. URL https://data.europa.eu/eli/reg/2016/679/oj.
  192. State of California Department of Justice. California consumer privacy act, 2023. URL https://oag.ca.gov/privacy/ccpa.
  193. State of New York. Senate bill s365b, 2023. URL https://legislation.nysenate.gov/pdf/bills/2023/S365B.
  194. Government of Canada. Consumer privacy protection act, 2023. URL https://ised-isde.canada.ca/site/innovation-better-canada/en/consumer-privacy-protection-act.
  195. Right to be forgotten in the era of large language models: Implications, challenges, and solutions, 2023b.
  196. Federal Trade Commission. California company settles ftc allegations it deceived consumers about use of facial recognition in photo storage app, Jan 2021. URL https://www.ftc.gov/news-events/news/press-releases/2021/01/california-company-settles-ftc-allegations-it-deceived-consumers-about-use-facial-recognition-photo.
  197. Help Net Security. Consumers take data control into their own hands amid rising privacy concerns, Apr 2023. URL https://www.helpnetsecurity.com/2023/04/11/personal-data-privacy-concerns/#:~:text=Data%20privacy%20concerns,on%20Meta’s%20data%20privacy%20practices.
  198. Adaptive machine unlearning, 2021.
  199. Amnesiac machine learning, 2020.
  200. Machine unlearning, 2020.
  201. Real-time prediction of online shoppers’ purchasing intention using multilayer perceptron and lstm recurrent neural networks. Neural Computing and Applications, 31, 10 2019. doi:10.1007/s00521-018-3523-0.
  202. Frank R. Hampel. The influence curve and its role in robust estimation. Journal of the American Statistical Association, 69(346):383–393, 1974. doi:10.1080/01621459.1974.10482962.
  203. R Dennis Cook. Influential observations in linear regression. Journal of the American Statistical Association, 74(365):169–174, Mar 1979.
  204. Influence functions in deep learning are fragile, 2021.
  205. If influence functions are the answer, then what is the question?, 2022.
  206. Descent-to-delete: Gradient-based methods for machine unlearning, 2020.
  207. Comunication-efficient algorithms for statistical optimization, 2013.
  208. Towards unbounded machine unlearning, 2023.
  209. Knowledge unlearning for mitigating privacy risks in language models. In Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pages 14389–14408, Toronto, Canada, July 2023. Association for Computational Linguistics. doi:10.18653/v1/2023.acl-long.805. URL https://aclanthology.org/2023.acl-long.805.
  210. Forgetting outside the box: Scrubbing deep networks of information accessible from input-output observations. CoRR, abs/2003.02960, 2020. URL https://arxiv.org/abs/2003.02960.
  211. Eternal sunshine of the spotless net: Selective forgetting in deep networks. CoRR, abs/1911.04933, 2019. URL http://arxiv.org/abs/1911.04933.
  212. Privacy adhering machine un-learning in nlp, 2022.
  213. Parameter-efficient transfer learning for NLP. In Kamalika Chaudhuri and Ruslan Salakhutdinov, editors, Proceedings of the 36th International Conference on Machine Learning, volume 97 of Proceedings of Machine Learning Research, pages 2790–2799. PMLR, 09–15 Jun 2019. URL https://proceedings.mlr.press/v97/houlsby19a.html.
  214. GLUE: A multi-task benchmark and analysis platform for natural language understanding. In Proceedings of the 2018 EMNLP Workshop BlackboxNLP: Analyzing and Interpreting Neural Networks for NLP, pages 353–355, Brussels, Belgium, November 2018. Association for Computational Linguistics. doi:10.18653/v1/W18-5446. URL https://aclanthology.org/W18-5446.
  215. Recursive deep models for semantic compositionality over a sentiment treebank. In Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing, pages 1631–1642, Seattle, Washington, USA, October 2013. Association for Computational Linguistics. URL https://aclanthology.org/D13-1170.
  216. A broad-coverage challenge corpus for sentence understanding through inference, 2018.
  217. Fortuitous forgetting in connectionist networks, 2022.
  218. Large language model unlearning, 2023.
  219. Who’s harry potter? approximate unlearning in llms, 2023.
  220. Detecting pretraining data from large language models, 2023.
  221. Unlearn what you want to forget: Efficient unlearning for llms, 2023.
  222. Learning word vectors for sentiment analysis. In Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, pages 142–150, Portland, Oregon, USA, June 2011. Association for Computational Linguistics. URL https://aclanthology.org/P11-1015.
  223. SAMSum corpus: A human-annotated dialogue dataset for abstractive summarization. In Lu Wang, Jackie Chi Kit Cheung, Giuseppe Carenini, and Fei Liu, editors, Proceedings of the 2nd Workshop on New Frontiers in Summarization, pages 70–79, Hong Kong, China, November 2019. Association for Computational Linguistics. doi:10.18653/v1/D19-5409. URL https://aclanthology.org/D19-5409.
Citations (37)
View on Semantic Scholar

Summary

  • The paper reveals that unintended memorization in LLMs increases privacy breaches, particularly with larger models and duplicated data.
  • The paper details membership inference and data extraction attacks, advocating robust privacy-enhancing technologies like differential privacy.
  • The paper highlights regulatory and copyright challenges, emphasizing the need for scalable machine unlearning and updated legal frameworks.

Privacy Issues in LLMs: A Survey

The paper "Privacy Issues in LLMs: A Survey" offers a comprehensive review of the ongoing research on the privacy challenges associated with LLMs. LLMs, such as those used in ChatGPT, have brought remarkable advancements in natural language processing and have been widely adopted across industries. However, they pose various privacy risks due to their training on extensive datasets, often containing sensitive and copyrighted information.

Key Areas of Investigation

  1. Memorization and Privacy Risks: LLMs have a tendency to memorize training data, which can lead to unintended privacy breaches. The paper discusses this phenomenon, coined as "unintended memorization," where models can regurgitate sensitive information verbatim. Studies show that larger model sizes and data duplications exacerbate this issue. Methods such as de-duplication and differential privacy during training are explored as mitigation strategies.
  2. Membership Inference and Data Extraction Attacks: These attacks aim to determine whether specific data points were part of the model's training set or to extract training data directly. The authors review various approaches, including threshold and shadow model attacks, and highlight the need for robust defenses in models to protect sensitive data from being uncovered. The implementation of Privacy Enhancing Technologies (PETs) like differential privacy offers promising, albeit complex, solutions.
  3. Regulatory Context and Legal Implications: The paper explores current legislative frameworks like GDPR and the emerging legal landscape around AI in the U.S., emphasizing the "Right to Be Forgotten." It points out the challenge of aligning LLM operations with these regulations, especially in cases requiring data deletion from a model post-training. Machine unlearning is introduced as a potential solution, though its scalability remains an issue.
  4. Copyright Concerns: The paper addresses how LLMs, through training on copyrighted texts, can reproduce protected content, thus infringing on intellectual property rights. The researchers discuss existing legal doctrines and court cases that may impact how LLM-generated content is viewed under copyright law. They also speculate on the future of copyright as it pertains to AI-created works, considering models' access to and use of copyright material.

Practical and Theoretical Implications

The implications of these privacy concerns are significant both in practice and theory. Practically, they influence how LLMs are deployed and managed, requiring developers to incorporate privacy-preserving techniques and stay abreast of legal developments. Theoretically, they push the boundaries of machine learning research, necessitating new frameworks and algorithms that balance utility and privacy.

Future Developments

The survey speculates on several future developments necessary for aligning LLMs with privacy standards:

  • Advancements in Unlearning Techniques: As legislation grows more stringent, developing efficient machine unlearning methods that comply with privacy laws without severely impacting model performance will be crucial.
  • Improved Privacy Metrics and Benchmarks: Establishing standardized benchmarks and metrics for evaluating privacy in LLMs can guide the development of more secure models.
  • Legal and Ethical Frameworks: As AI technologies advance, updating legal and ethical frameworks to address the unique challenges posed by AI-generated content and its implications will be essential.

In summary, the survey provides a thorough analysis of the privacy issues associated with LLMs, underlining the importance of ongoing research and innovation in both technical solutions and legal frameworks to ensure these powerful tools are used responsibly and ethically.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
Youtube Logo Streamline Icon: https://streamlinehq.com

YouTube