Skip to content

Privacy controls🔗

Enabling a custodian to define privacy settings is integral to the design of the Apheris product. The secure federated architecture ensures that computations are brought to the data. Once a computation is submitted for execution to the Data Custodian environment, the Compute Gateway validates that:

  • the submitter is allowed to run computations on the data;
  • the computation is permitted on the data;
  • the computation parameters are within the allowed bounds.

In addition to these validation steps, privacy controls provide another layer of control and privacy enhancement.

Note

Privacy as such becomes a property of a computational result rather than an underlying property of the dataset. This has major advantages to preserve the value of data. A combination of privacy-enhancing technologies can be used to ensure that the computational result cannot be misused to reverse engineer the underlying sensitive data.

Models and privacy controls🔗

Privacy controls are model specific. When creating an Asset Policies for a dataset, you can select one or multiple models from the Model Registry that you want to allow on the dataset. Only models that you explicitly allow in you asset policy can be used for computations.

model-selection.png

A model from the Model Registry may have associated privacy controls. Hence, the selected model defines which, if any, privacy controls are available for data custodians to configure in Asset Policies.

Privacy controls can be based on privacy-enhancing technologies (PETs) suitable for a given model. For example noise, bounded or rounded privacy are suitable for statistical models like Apheris Stats. Different models might have different privacy controls.

Privacy-enhancing technologies and model categories🔗

Apheris pre-defined models🔗

Apheris pre-defined models are statistical or machine learning models that have been reviewed and made federation-ready by Apheris to run out-of-the-box on any Compute Gateway. When a PET is suitable for a model, Apheris may have implemented PETs in the model code and exposed their parameters in Asset Policies for the data custodian to configure.

Custom models🔗

Custom models are models submitted by the Data Scientist organization (model creator) to the Model Registry. This category of models may include custom privacy-enhancing technologies (bring your own PETs) but it is the responsibility of the model creator to include suitable PETs into the model code and the data custodian needs to configure the available parameters.

Before allowing computations using a custom model, we strongly recommend to review the model code for security, privacy and sufficient privacy controls. As Apheris does not maintain custom models, Apheris is not responsible for any security or privacy leaks caused by using custom models.

The Apheris Compute Gateway will ensure that the computation as defined by the model creator - including PET implementations - is run as-is.

Example of a custom model with model-defined privacy controls and permissions.

custom-model-controls-example.png

For model creators, Apheris specifies an interface defining how privacy controls should be exposed in a custom model. For more details, please see Porting models to Apheris.

If you want to learn more about privacy-risk mitigation strategies, please see our corresponding Trust Center article.

Privacy controls for custom models🔗

Custom models provide a high degree of freedom, also in terms of embedded privacy controls. Model creators can choose none or any privacy-enhancing technology available on the market and implement it into their custom model. As Apheris uses NVIDIA FLARE (FLARE) as the federation backbone, model creators can easily leverage FLARE’s data privacy protection offering via their privacy protection filters to implement privacy controls into custom models.

FLARE has already a powerful offering, for example:

  • Homomorphic Encryption
  • Differential Privacy via Sparse Vector Technique (SVT)
  • Percentile Privacy

Please see NVFLARE’s documentation for a full overview.

Apheris provides an interface for model creators called jobs API which specifies how to expose custom privacy controls. The according parameters are then available for the data custodian to configure within Asset Policies.

For more details on the jobs API, please see