We study the question of how well machine learning (ML) models trained on a
certain data set provide privacy for the training data, or equivalently,
whether it is possible to reverse-engineer the training data from a given ML
model. While this is easy to answer negatively in the most general case, it is
interesting to note that the protection extends over non-recoverability towards
plausible deniability: Given an ML model $f$, we show that one can take a set
of purely random training data, and from this define a suitable “learning
rule” that will produce a ML model that is exactly $f$. Thus, any speculation
about which data has been used to train $f$ is deniable upon the claim that any
other data could have led to the same results. We corroborate our theoretical
finding with practical examples, and open source implementations of how to find
the learning rules for a chosen set of raining data.

By admin