Jack Fitzsimons, Oblivious
When you think about PETs in machine learning, you likely think about protecting the training data: there are well-developed tools and approaches to ensuring that your model doesn't leak user data it was trained on. But that's only half of the story: what about protecting the data used for inference?
In the last few years, there's been a growing thread of research and some commercial offerings that promise just that: to protect model inputs while still allowing inference. These tools transform data so that it is hard to recover the original input, but in a way that still allows a model to make accurate predictions.
Does that sound too good to be true? That's because it is! This talk will look at the (bad) ways that these tools are measuring "privacy", the fundamental limits of how much we can protect, and whether there are any alternative approaches.
This work is based on a collaboration by Jack Fitzsimons, Daniel Simmons-Marengo, Tudor Cebere and Damien Desfontaines.
Jack is the CTO and co-founder of Oblivious, an Irish-based technology company focused on privacy-enhancing technologies. He holds a D.Phil (PhD) from the University of Oxford, and has worked on a wide range of data-centric challenges in industry; from topics in computer vision at NASA's Jet Propulsion Laboratory to quantitative data analysis at ElectroRoute, the European energy trading subsidiary of Mitsubishi. Jack has been an active member of the UN's Privacy-Preserving Technologies Task Team since 2020, the UN PET Lab since its inception and an author of the NIST Differential Privacy Deployment Registry.
author = {Jack Fitzsimons},
title = {The Emperor{\textquoteright}s New Embeddings: Obfuscating {ML} Inputs Doesn{\textquoteright}t Provide Privacy},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}