Privacy in Machine Learning

NeurIPS 2019 Workshop
Vancouver, December 14


The goal of our workshop is to bring together privacy experts working in academia and industry to discuss the present and the future of privacy-aware technologies powered by machine learning. The workshop will focus on the technical aspects of privacy research and deployment with invited and contributed talks by distinguished researchers in the area. We encourage submissions exploring a broad range of research areas related to data privacy, including but not limited to:

  • Differential privacy: theory, applications, and implementations
  • Privacy-preserving machine learning
  • Trade-offs between privacy and utility
  • Programming languages for privacy-preserving data analysis
  • Statistical and information-theoretic notions of privacy
  • Empirical and theoretical comparisons between different notions of privacy
  • Privacy attacks
  • Policy-making aspects of data privacy
  • Secure multi-party computation techniques for machine learning
  • Learning on encrypted data, homomorphic encryption
  • Distributed privacy-preserving algorithms
  • Privacy in autonomous systems
  • Online social networks privacy
  • Interplay between privacy and adversarial robustness in machine learning
  • Relations between privacy, fairness and transparency

Call For Papers & Important Dates

Download Full CFP

Submission deadline: September 9, 2019, 23:59 UTC
Notification of acceptance: October 1, 2019
NeurIPS early registration deadline: October 23, 2019
Workshop: December 14, 2019 (Saturday)

Submission Instructions

Submissions in the form of extended abstracts must be at most 4 pages long (not including references; additional supplementary material may be submitted but may be ignored by reviewers), non-anonymized and adhere to the NeurIPS format. We do accept submissions of work recently published or currently under review. The workshop will not have formal proceedings, but authors of accepted abstracts can choose to have a link to arxiv or a pdf published on the workshop webpage.

Submit Your Abstract

Invited Speakers

  • Philip Leclerc (US Census)
  • Ashwin Machanavajjhala (Duke University)
  • Brendan McMahan (Google)
  • Lalitha Sankar (Arizona State University)

Accepted Papers

Links to pdfs as well as abstracts will be added soon.

Clément Canonne, Gautam Kamath, Audra McMillan, Jonathan Ullman and Lydia Zakynthinou
Private Identity Testing for High-Dimensional Distributions    [arxiv]
Seth Neel, Zhiwei Steven Wu, Aaron Roth and Giuseppe Vietri
Differentially Private Objective Perturbation: Beyond Smoothness and Convexity   
Jonathan Lebensold, William Hamilton, Borja Balle and Doina Precup
Actor Critic with Differentially Private Critic   
Samyadeep Basu, Rauf Izmailov and Chris Mesterharm
Membership Model Inversion Attacks for Deep Networks   
Gautam Kamath, Janardhan Kulkarni, Zhiwei Steven Wu and Huanyu Zhang
Privately Learning Markov Random Fields   
Fatemehsadat Mireshghallah, Mohammadkazem Taram, Prakash Ramrakhyani, Dean Tullsen and Hadi Esmaeilzadeh
Shredder: Learning Noise Distributions to Protect Inference Privacy    [arxiv]
Jinshuo Dong, Aaron Roth and Weijie Su
Gaussian Differential Privacy (contributed talk)    [arxiv]
Andres Munoz, Umar Syed, Sergei Vassilvitskii and Ellen Vitercik
Private Linear Programming Without Constraint Violations   
Hafiz Imtiaz, Jafar Mohammadi and Anand D. Sarwate
Correlation-Assisted Distributed Differentially Private Estimation    [arxiv]
Naoise Holohan, Stefano Braghin, Pol Mac Aonghusa and Killian Levacher
Diffprivlib: The IBM Differential Privacy Library    [arxiv]
Antti Koskela, Joonas Jälkö and Antti Honkela
Computing Exact Guarantees for Differential Privacy    [arxiv]
Joonas Jälkö, Antti Honkela and Samuel Kaski
Privacy-Preserving Data Sharing via Probabilistic Modelling   
Nitin Agrawal, Ali Shahin Shamsabadi, Matthew Kusner and Adria Gascon
QUOTIENT: Secure Two-Party Neural Network Training and Prediction via Oblivious Transfer (contributed talk)   
Dingfan Chen, Ning Yu, Yang Zhang and Mario Fritz
GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs   
Si Kai Lee, Luigi Gresele, Mijung Park and Krikamol Muandet
Private Causal Inference using Propensity Scores   
Kareem Amin, Matthew Joseph and Jieming Mao
Pan-Private Uniformity Testing (contributed talk)   
Ios Kotsogiannis, Yuchao Tao, Xi He, Ashwin Machanavajjhala, Michael Hay and Gerome Miklau
PrivateSQL: A Differentially Private SQL Query Engine   
Chao Jin, Ahmad Qaisar Ahmad Al Badawi, Balagopal Unnikrishnan, Jie Lin, Fook Mun Chan, James Brown, J. Peter Campbell, Michael F. Chiang, Jayashree Kalpathy-Cramer, Vijay Chandrasekhar, Pavitra Krishnaswamy and Khin Mi Mi Aung
CareNets: Efficient Homomorphic CNN for High Resolution Images   
Amrita Roy Chowdhury, Chenghong Wang, Xi He, Ashwin Machanavajjhala and Somesh Jha
Cryptε: Crypto-Assisted Differential Privacy on Untrusted Servers   
Benjamin Spector, Andrew Tomkins and Ravi Kumar
Preventing Adversarial Use of Datasets through Fair Core-set Construction   
Nhathai Phan, My Thai, Devu Shila and Ruoming Jin
Differentially Private Lifelong Learning   
Alessandro Epasto, Hossein Esfandiari, Vahab Mirrokni, Andreas Munoz Medina, Umar Syed and Sergei Vassilvitskii
Anonymizing List Data   
Mrinank Sharma, Michael Hutchinson, Siddharth Swaroop, Antti Honkela and Richard Turner
Differentially Private Federated Variational Inference   
Hassan Takabi, Robert Podschwadt, Jeff Druce, Curt Wu and Kevin Procopio
Privacy preserving Neural Network Inference on Encrypted Data with GPUs   
Casey Meehan and Kamalika Chaudhuri
Location Trace Privacy Under Conditional Priors   
Zhengli Zhao, Nicolas Papernot, Sameer Singh, Neoklis Polyzotis and Augustus Odena
Improving Differentially Private Models via Active Learning    [arxiv]
Hsiang Hsu, Shahab Asoodeh and Flavio Calmon
Discovering Information-Leaking Samples and Features   
Martine De Cock, Rafael Dowsley, Anderson Nascimento, Davis Railsback, Jianwei Shen and Ariel Todoki
Fast Secure Logistic Regression for High Dimensional Gene Data   
Giuseppe Vietri, Grace Tian, Mark Bun, Thomas Steinke and Steven Wu
New Oracle-Efficient Algorithms for Private Synthetic Data Release   
Shadi Rahimian, Tribhuvanesh Orekondy and Mario Fritz
Differential Privacy Defenses and Sampling Attacks for Membership Inference   
Amos Beimel, Aleksandra Korolova, Kobbi Nissim, Or Sheffet and Uri Stemmer
The Power of Synergy in Differential Privacy: Combining a Small Curator with Local Randomizers   


Workshop organizers

  • Borja Balle (DeepMind)
  • Kamalika Chaudhuri (UC San Diego)
  • Antti Honkela (University of Helsinki)
  • Antti Koskela (University of Helsinki)
  • Casey Meehan (UC San Diego)
  • Mijung Park (Max Planck Institute for Intelligent Systems)
  • Mary Anne Smart (UC San Diego)
  • Adrian Weller (Alan Turing Institute & Cambridge)

Program Committee

  • James Bell (University of Cambridge)
  • Aurélien Bellet (INRIA)
  • Mark Bun (Boston University)
  • Christos Dimitrakakis (Chalmers University / University of Lille / Harvard University)
  • James Foulds (University of Maryland, Baltimore County)
  • Matt Fredrikson (Carnegie Mellon University)
  • Marco Gaboardi (University at Buffalo, SUNY)
  • Adria Gascon (The Alan Turing Institute / Warwick University)
  • Alon Gonen (Princeton University)
  • Peter Kairouz (Google AI)
  • Gautam Kamath (University of Waterloo)
  • Marcel Keller (Data61)
  • Nadin Kokciyan (King's College London)
  • Aleksandra Korolova (University of Southern California)
  • Audra McMillan (Boston University and Northeastern University)
  • Olga Ohrimenko (Microsoft)
  • Jun Sakuma (University of Tsukuba)
  • Anand Sarwate (Rutgers University)
  • Phillipp Schoppmann (Humboldt University of Berlin)
  • Or Sheffet (University of Alberta)
  • Kana Shimizu (Computational Biology Research Center, AIST)
  • Thomas Steinke (IBM)
  • Kunal Talwar (Google)
  • Carmela Troncoso (Ecole Polytechnique Fédérale de Lausanne)
  • Yu-Xiang Wang (Carnegie Mellon University)


By taking a few simple steps—such as paying special attention to font sizes and captions— you can make your presentations and posters more accessible. Feel free to contact us about any accessibility concerns relating to the website, workshop, etc.