I love the recent papers taking a deeper dive into synthetic data that highlight how a one-size-fits-all approach to data access and privacy strategies is a mirage. This is best highlighted in the paper "On the Inadequacy of Similarity-based Privacy Metrics: Reconstruction Attacks against 'Truly Anonymous Synthetic Data'" by Georgi Ganev and Emiliano De Cristofaro. I would consider the paper required reading for anyone who is seriously working with synthetic data and was brought to my attention through Damien Desfontaines' amazing post, which effectively summarizes the key insights.
"Synthetic data, when not underpinned by robust privacy guarantees like Differential Privacy (DP), can lead to significant privacy breaches, especially concerning outliers" (Ganev & De Cristofaro, 2023). The quote is a great call out and highlights the challenges for real-world and product environment usage of synthetic data for various applications.
The paper highlights that most synthetic data products claim compliance with regulations like GDPR, HIPAA, or CCPA, yet rarely use DP. Instead, many companies use empirical heuristics to ensure privacy, which can break the end-to-end DP pipeline and negate its privacy protections.
The authors identify major disadvantages of commonly used privacy metrics and filters. They introduce a novel reconstruction attack, ReconSyn, which exposes the vulnerabilities of these metrics. ReconSyn recovers at least 78% of underrepresented train data records (outliers) with perfect precision across various models and datasets.
The paper identifies eight major issues with using similarity-based privacy metrics (SBPMs), including the lack of theoretical guarantees, treating privacy as a binary property, and the absence of worst-case analysis. These limitations present severe vulnerabilities to privacy attacks.
Synthetic data's appeal lies in its presumed privacy and utility, especially for software and model testing by creating a safe playground without exposing sensitive real-world data. However, synthetic data can be less useful in deep analytics and model training. The paper highlights that synthetic data generated from highly sensitive information often falls short of providing adequate privacy unless it incorporates stringent privacy-preserving methods like DP.
This distinction leads us to a broader narrative in the realm of privacy-enhancing technologies (PETs). It’s often not practical to choose a single PET, such as trusted execution environments or homomorphic encryption, because in practice they all have their ideal use cases. The intent behind their use should be the primary driver of technology decisions. Sometimes, synthetic data suffices; other times, more robust controls are necessary.
The intent and use case should always be at the forefront of any data protection strategy. For instance, safeguarding highly sensitive data in scenarios where accuracy is paramount might call for homomorphic encryption or DP. Conversely, in scenarios with lower privacy risks or less sensitive data contexts, synthetic data could be a viable and efficient option.
Ganev and De Cristofaro advocate for a nuanced approach to data privacy, stating, "A critical examination of current privacy metrics and the adoption of empirically driven methods is essential for ensuring real privacy in synthetic data generation" (Ganev & De Cristofaro, 2023).
This perspective should inform the selection of appropriate PETs based on specific use cases, balancing the dual demands of utility and privacy.
References: