Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differential Privacy for Text Analytics via Natural Text Sanitization

Xiang Yue, Minxin Du, Tianhao Wang, Yaliang Li, Huan Sun, Sherman S. M. Chow

TL;DR

This work tackles the challenge of privacy-preserving NLP by moving beyond noisy representations to directly sanitizing text documents. It introduces Utility-optimized MLDP (UMLDP) and token-wise sanitization mechanisms (SanText and SanText+) to replace tokens with semantically similar alternatives under local DP, enabling human-readable privacy guarantees. The authors integrate sanitization-aware pretraining and fine-tuning on sanitized data, demonstrating improved utility and robust privacy against inference attacks across SST-2, MedSTS, and QNLI. Experiments show SanText+ delivers superior utility and efficiency compared with baselines, and sanitization-aware pretraining yields further gains without compromising privacy. Overall, the approach provides a practical, scalable pathway for privacy-preserving NLP pipelines with transparent sanitization and interpretable privacy guarantees.

Abstract

Texts convey sophisticated knowledge. However, texts also convey sensitive information. Despite the success of general-purpose language models and domain-specific mechanisms with differential privacy (DP), existing text sanitization mechanisms still provide low utility, as cursed by the high-dimensional text representation. The companion issue of utilizing sanitized texts for downstream analytics is also under-explored. This paper takes a direct approach to text sanitization. Our insight is to consider both sensitivity and similarity via our new local DP notion. The sanitized texts also contribute to our sanitization-aware pretraining and fine-tuning, enabling privacy-preserving natural language processing over the BERT language model with promising utility. Surprisingly, the high utility does not boost up the success rate of inference attacks.

Differential Privacy for Text Analytics via Natural Text Sanitization

TL;DR

This work tackles the challenge of privacy-preserving NLP by moving beyond noisy representations to directly sanitizing text documents. It introduces Utility-optimized MLDP (UMLDP) and token-wise sanitization mechanisms (SanText and SanText+) to replace tokens with semantically similar alternatives under local DP, enabling human-readable privacy guarantees. The authors integrate sanitization-aware pretraining and fine-tuning on sanitized data, demonstrating improved utility and robust privacy against inference attacks across SST-2, MedSTS, and QNLI. Experiments show SanText+ delivers superior utility and efficiency compared with baselines, and sanitization-aware pretraining yields further gains without compromising privacy. Overall, the approach provides a practical, scalable pathway for privacy-preserving NLP pipelines with transparent sanitization and interpretable privacy guarantees.

Abstract

Texts convey sophisticated knowledge. However, texts also convey sensitive information. Despite the success of general-purpose language models and domain-specific mechanisms with differential privacy (DP), existing text sanitization mechanisms still provide low utility, as cursed by the high-dimensional text representation. The companion issue of utilizing sanitized texts for downstream analytics is also under-explored. This paper takes a direct approach to text sanitization. Our insight is to consider both sensitivity and similarity via our new local DP notion. The sanitized texts also contribute to our sanitization-aware pretraining and fine-tuning, enabling privacy-preserving natural language processing over the BERT language model with promising utility. Surprisingly, the high utility does not boost up the success rate of inference attacks.

Paper Structure

This paper contains 28 sections, 13 equations, 5 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Sanitizing Sensitive Texts, Naturally
  3. Privacy-Preserving NLP, Holistically
  4. Related Work
  5. Defining (Local) Differential Privacy
  6. (Variants of) Local Differential Privacy
  7. Our New Utility-optimized MLDP Notion
  8. Our Privacy-Preserving NLP Pipeline
  9. Overview
  10. Base Sanitization Mechanism: SanText
  11. Enhanced Mechanism: SanText$^+$
  12. NLP over Sanitized Text
  13. Definition of "Sensitivity"
  14. Experiments
  15. Experimental Setup
  16. ...and 13 more sections

Figures (5)

  • Figure 1: Workflow of our PPNLP pipeline, including the user-side sanitization and the service provider-side NLP modeling with pretraining/fine-tuning
  • Figure 2: Overview of our new UMLDP notion
  • Figure 3: Performance of SanText$^+$ over $(w, p)$ when fixing $\epsilon=2$ based on the GloVe embedding
  • Figure 4: Privacy and Utility Tradeoffs of SanText in terms of Defense Rate (of the Mask Token Inference Attack) versus Accuracy ($\epsilon=\infty$ means "unsanitized.")
  • Figure 5: Influence of privacy parameter $\epsilon$ of SanText on the utility and privacy ($N_x$, $S_x$, $S^*_y$) based on the SST-2 dataset: The top panel is based on BERT embeddings, and the bottom panel is based on GloVe embeddings.

Theorems & Definitions (2)

  • proof : Proof of Theorem \ref{['thm:base']}
  • proof : Proof of Theorem \ref{['thm:enhanced']}