Large Language Models are Advanced Anonymizers

Robin Staab,Mark Vero,Mislav Balunović,Martin Vechev
2024-02-21
Abstract:Recent work in privacy research on large language models has shown that they achieve near human-level performance at inferring personal data from real-world online texts. With consistently increasing model capabilities, existing text anonymization methods are currently lacking behind regulatory requirements and adversarial threats. This raises the question of how individuals can effectively protect their personal data in sharing online texts. In this work, we take two steps to answer this question: We first present a new setting for evaluating anonymizations in the face of adversarial LLMs inferences, allowing for a natural measurement of anonymization performance while remedying some of the shortcomings of previous metrics. We then present our LLM-based adversarial anonymization framework leveraging the strong inferential capabilities of LLMs to inform our anonymization procedure. In our experimental evaluation, we show on real-world and synthetic online texts how adversarial anonymization outperforms current industry-grade anonymizers both in terms of the resulting utility and privacy.
Artificial Intelligence,Computation and Language,Cryptography and Security
What problem does this paper attempt to address?
### What problem does this paper attempt to solve? This paper aims to solve the problem of insufficient protection of users' online text privacy in the context of increasingly powerful large - language models (LLMs). Specifically, the paper focuses on how to effectively protect personal data and prevent the inference of personal sensitive information from seemingly harmless online posts. #### Background and problem description 1. **Privacy threats**: - Modern large - language models can infer personal attributes (such as age, gender, location, etc.) from seemingly insignificant online posts with near - human - level accuracy. This makes traditional text anonymization methods difficult to deal with this new threat. - Current industry - standard anonymization tools are unable to identify complex and context - dependent cues, resulting in users' privacy being vulnerable to attacks. 2. **Regulatory requirements**: - With increasingly strict regulations on personal privacy protection (such as the GDPR in the EU and the CCPA in California), existing anonymization techniques fail to meet these regulatory requirements. - Users are increasingly aware of the importance of protecting personal data, but existing tools are not effective in handling unstructured text. #### Main contributions of the paper 1. **New framework**: - A new anonymization framework based on adversarial feedback is proposed, which utilizes the powerful reasoning ability of LLMs to guide the anonymization process. Through multiple rounds of iteration, this framework can gradually remove or blur sensitive information in the text, thereby improving the anonymization effect. 2. **Evaluation method**: - A new evaluation metric is introduced, which directly uses powerful adversarial LLMs to evaluate the effect of anonymized text instead of relying on traditional span - based measurement standards. This method is more in line with actual privacy protection requirements and provides a clearer measure of the anonymization effect. 3. **Experimental verification**: - Extensive experiments have been carried out on real - world and personal synthetic datasets, and the results show that this framework is superior to existing industry - standard anonymization tools in terms of practicality and privacy protection. #### Specific objectives - **Improve anonymization effect**: Ensure that the anonymized text retains the practicality of the original text while effectively protecting personal privacy. - **Meet regulatory requirements**: Ensure that the anonymization method can meet strict privacy protection regulations (such as GDPR and CCPA). - **Deal with complex context cues**: Identify and handle complex and context - dependent sensitive information that traditional methods cannot capture. Through the above efforts, this paper attempts to bridge the gap between current anonymization techniques and the increasingly powerful LLM reasoning ability, and provide users with more effective privacy protection means.