Jaechul Roh

Ph.D. Student in Computer Science @ UMass Amherst

4 minute read

TLDR: Differential Privacy (DP) and GenAI & Law

Just to be clear, I am writing this post after 9 months of period since the AAAI ‘23 held in Vancouver Convention Center. I just wanted to summarize the lessons I have learned and some insights I have gained from the conference. I thought that it would be a nice way to re-motivate myself by recalling the moment of thrill when I was attending the workshop (or it could be just another way of bringing back my concentration span. I just hope writing anything could help).

The Trip

I had the pleasure to attend the Fifth AAAI Privacy-Preserving AI Workshop as the author of the paper “Memory Triggers: Unveiling Memorization in Text-To-Image Generative Models through Word-Level Duplication” co-authored with Ali Naseh (the first author) and Amir Houmansadr (our advisor). It was a challenging flight to Vancouver since there was no direct flight from Bradley Airport. The workshop was held on February 26, 2024 but I landed on Vancouver 12AM, obviously having no time to fully rest and prepare for my first ever attending conference.

AAAI was held at the Vancounver Convention Center (looking more like a place where it could hold some Expos). The conference started with a poster session followed by lectures from various guest speakers in the field of privacy. I had a chance to meet Ph.D. students / researcher from other institutions who have similar interests, which was quite exciting to talk on their specified research directions.

Lessons Learned

The main focus of the conference was Differential Privacy (DP). Our work primarily addressed memorization and biased generations in Stable Diffusion models, which wasn’t the central interest of most attendees. While our results were visually impressive and undeniably interesting, we all recognized that our method lacked the complexity of the algorithms compared to those featured in the DP papers. Personally, I had neither prior knowledge nor passion for DP. However, one moment stands out: Katherine Lee, a current research scientist at Google DeepMind, described DP as simply being “sexy.” It took me by surprise—who would have thought to label a privacy-preserving algorithm as “sexy”? Yet, that moment made me realize that the future of privacy-preserving AI could very well depend on systems safeguarded by DP.

Differential Privacy. A common understanding of DP is that, while theoretically sound for privacy preservation, empirical results often reveal a tradeoff between model utility and privacy. However, recent work on large language models (LLMs) using DP seems to offer promising advancements in mitigating this issue. Unfortunately, I haven’t come across many substantial papers on DP for other modalities, especially in generative models like text-to-image. This could be due to privacy not being a major focus in multimodal AI research. Interestingly, Matthew Jagielski, another research scientist at Google, was exploring DP in multimodal models. By that time, he was also working on a project to visualize the weight of each token in generated images from text-to-image models, planning to open-source the tool. However, it seems the project hasn’t been released yet—I’ll be keeping an eye out for it.

Could DP be the field I deeply explore as a Ph.D. student? I’m not sure yet, but I do know I need to commit the time to reading numerous papers, and I certainly believe that feeling of being “lost” is an essential part of the journey to discovering a clear and meaningful direction for my future research endeavors.

GenAI and Law. Another intriguing direction came from Katherine’s talk on Generative AI and Law. She is also leading the GenLaw Center, which tackles societal challenges and has opened a new research avenue in the intersection of generative AI and law. This could be a compelling new research path for me to explore. My first step will be to dive into two papers: AI and Law: The Next Generation and the GenAI ICML ‘24 Workshop reports. The key question I need to answer is whether this field will reignite that thrill and fascination I’ve been seeking. Fingers crossed!

Now it comes down to the reading list—resources I intend to work through over time to establish my own identity in this field, rather than simply following others. This list will evolve as I progress:

  • Explore various Differential Privacy (DP) papers across diverse domains.
  • Read papers on Generative AI & Law.

Updated: