Chapter 2. Exploration of Federated Learning and Analytics Technologies

Federated learning is a machine learning technique designed to preserve user privacy. What exactly is privacy? It may have different meanings for different people, but federated learning systems should have clearly defined privacy properties. In an ideal world, every entity participating in federated learning or using its outputs (the server, the clients, the model engineers, etc.) would only learn the information needed to play its role, and nothing more.

In order to more clearly specify what is meant by privacy in federated learning, we can distill this notion of the ideal world into a set of privacy principles that describe what information is learned by the federated system, and what information can be learned by other entities in the system.

The principles are:

Focused collection

Clients in federated learning should only report the minimal amount of data needed to collaborate in training the model.

Early aggregation

Access to any data provided by a single client should not be possible. The client contributions must be aggregated before the aggregate can be output by the federated system. Thus, for example, a model developer would never be able to inspect an individual client’s contribution.

Minimal retention

Individual contributions are ephemeral. They are only kept long enough to be incorporated into the aggregate and are then discarded.

Together, these principles constitute a policy of data ...