PAPILLON: Privacy Preservation from Internet-based and Local Language Model Ensembles (2410.17127v3)

Abstract: Users can divulge sensitive information to proprietary LLM providers, raising significant privacy concerns. While open-source models, hosted locally on the user's machine, alleviate some concerns, models that users can host locally are often less capable than proprietary frontier models. Toward preserving user privacy while retaining the best quality, we propose Privacy-Conscious Delegation, a novel task for chaining API-based and local models. We utilize recent public collections of user-LLM interactions to construct a natural benchmark called PUPA, which contains personally identifiable information (PII). To study potential approaches, we devise PAPILLON, a multi-stage LLM pipeline that uses prompt optimization to address a simpler version of our task. Our best pipeline maintains high response quality for 85.5% of user queries while restricting privacy leakage to only 7.5%. We still leave a large margin to the generation quality of proprietary LLMs for future work. Our data and code is available at https://github.com/siyan-sylvia-li/PAPILLON.

• The paper introduces PAPILLON, an ensemble pipeline leveraging prompt optimization to balance response quality and user privacy.
• It demonstrates an 85.5% success rate in preserving response quality while limiting privacy exposure to 7.5% of interactions.
• The approach advocates for a hybrid use of local and API-based models, setting the stage for privacy-aware LLM applications in sensitive domains.

Privacy-Conscious Delegation in LLMs: The PAPILLON Framework

The paper presents a comprehensive exploration of privacy preservation for users interacting with LLMs, focusing on both API-based and locally hosted models. The authors introduce a novel task, Privacy-Conscious Delegation, aimed at maintaining user privacy during inference time while minimizing degradation in response quality. This task is driven by the tradeoffs between trusted but weaker, locally hosted models, and untrusted yet more powerful proprietary models.

Methodology and Contributions

The core contribution of this research is the PAPILLON system, an ensemble pipeline that leverages prompt optimization to improve privacy preservation. PAPILLON integrates both local and API-based models to generate responses that are less privacy-invasive yet retain high-quality outputs. The paper introduces the PUPA benchmark, constructed from real-world interactions containing personally identifiable information (PII), facilitating the evaluation of privacy-preserving capabilities within LLMs.

Numerical Results and Implications

PAPILLON achieves an 85.5% success rate in preserving response quality, with privacy leakage restricted to 7.5% of interactions. These results indicate that the system effectively utilizes powerful proprietary models without unnecessary exposure of sensitive information. However, the authors caution that PAPILLON's performance still falls short of matching the highest-grade proprietary models, suggesting ample room for improvement.

Theoretical and Practical Implications

The research sheds light on the balancing act between model quality and user privacy—a crucial consideration as LLMs become pervasive in sensitive applications such as healthcare and education. The proposed Privacy-Conscious Delegation framework encourages a shift towards deploying smaller, more privacy-aware LLMs on edge devices, empowering users with enhanced control over their data.

Future Directions

For future exploration, the authors propose refining PAPILLON by incorporating advanced training strategies and exploring additional pipeline configurations to bridge the quality gap. The potential for developing specialized, privacy-centric local models is also highlighted as an avenue for advancement.

In summary, the paper contributes significantly to the discourse on privacy in AI, offering initial steps toward robust privacy-preserving mechanisms. The task, benchmark, and pipeline design collectively set the stage for ongoing research and development in protecting user privacy during interactions with state-of-the-art LLMs.