Merge pull request #115353 from luisquintanilla/AB1705439

Court72 · web-flow · commit 8733bc044976 · 2020-05-19T09:33:32.000-07:00
Responsible ML | Differential Privacy How-To
diff --git a/articles/machine-learning/how-to-differential-privacy.md b/articles/machine-learning/how-to-differential-privacy.md
@@ -0,0 +1,246 @@
+---
+title: How to preserve data privacy using the WhiteNoise packages
+titleSuffix: Azure Machine Learning
+description: Learn how to apply differential privacy best practices to Azure Machine Learning models by using the WhiteNoise packages.
+services: machine-learning
+ms.service: machine-learning
+ms.subservice: core
+ms.topic: conceptual
+ms.author: slbird
+author: slbird
+ms.reviewer: luquinta
+ms.date: 05/17/2020
+# Customer intent: As an experienced data scientist, I want to use differential privacy in Azure Machine Learning.
+---
+
+# Use differential privacy in Azure Machine Learning
+
+[!INCLUDE [applies-to-skus](../../includes/aml-applies-to-basic-enterprise-sku.md)]
+
+Learn how to apply differential privacy best practices to Azure Machine Learning models by using the WhiteNoise Python packages.
+
+Differential privacy is the gold-standard definition of privacy. Systems that adhere to this definition of privacy provide strong assurances against a wide range of data reconstruction and reidentification attacks, including attacks by adversaries who possess auxiliary information. Learn more about how [differential privacy works](./concept-differential-privacy.md).
+
+## Prerequisites
+
+- If you don't have an Azure subscription, create a free account before you begin. Try the [free or paid version of Azure Machine Learning](https://aka.ms/AMLFree) today.
+- [Python 3](https://www.python.org/downloads/)
+
+## Install WhiteNoise packages
+
+### Standalone installation
+
+The libraries are designed to work from distributed Spark clusters, and can be installed just like any other package.
+
+The instructions below assume that your `python` and `pip` commands are mapped to `python3` and `pip3`.
+
+Use pip to install the [WhiteNoise Python packages](https://pypi.org/project/opendp-whitenoise/).
+
+`pip install opendp-whitenoise`
+
+To verify that the packages are installed, launch a python prompt and type:
+
+```python
+import opendp.whitenoise.core
+import opendp.whitenoise.sql
+```
+
+If the imports succeed, the libraries are installed and ready to use.
+
+### Docker image
+
+You can also use WhiteNoise packages with Docker.
+
+Pull the `opendp/whitenoise` image to use the libraries inside a Docker container that includes Spark, Jupyter, and sample code.
+
+```sh
+docker pull opendp/whitenoise:privacy
+```
+
+Once you've pulled the image, launch the Jupyter server:
+
+```sh
+docker run --rm -p 8989:8989 --name whitenoise-run opendp/whitenoise:privacy
+```
+
+This starts a Jupyter server at port `8989` on your `localhost`, with password `pass@word99`. Assuming you used the command line above to start the container with name `whitenoise-privacy`, you can open a bash terminal in the Jupyter server by running:
+
+```sh
+docker exec -it whitenoise-run bash
+```
+
+The Docker instance clears all state on shutdown, so you will lose any notebooks you create in the running instance. To remedy this, you can bind mount a local folder to the container when you launch it:
+
+```sh
+docker run --rm -p 8989:8989 --name whitenoise-run --mount type=bind,source=/Users/your_name/my-notebooks,target=/home/privacy/my-notebooks opendp/whitenoise:privacy
+```
+
+Any notebooks you create under the *my-notebooks* folder will be stored in your local filesystem.
+
+## Perform data analysis
+
+To prepare a differentially private release, you need to choose a data source, a statistic, and some privacy parameters, indicating the level of privacy protection.  
+
+This sample references the California Public Use Microdata (PUMS), representing anonymized records of citizen demographics:
+
+```python
+import os
+import sys
+import numpy as np
+import opendp.whitenoise.core as wn
+
+data_path = os.path.join('.', 'data', 'PUMS_california_demographics_1000', 'data.csv')
+var_names = ["age", "sex", "educ", "race", "income", "married", "pid"]
+```
+
+In this example, we compute the mean and the variance of the age.  We use a total `epsilon` of 1.0 (epsilon is our privacy parameter, spreading our privacy budget across the two quantities we want to compute. Learn more about [privacy metrics](concept-differential-privacy.md#differential-privacy-metrics).
+
+```python
+with wn.Analysis() as analysis:
+    # load data
+    data = wn.Dataset(path = data_path, column_names = var_names)
+
+    # get mean of age
+    age_mean = wn.dp_mean(data = wn.cast(data['age'], type="FLOAT"),
+                          privacy_usage = {'epsilon': .65},
+                          data_lower = 0.,
+                          data_upper = 100.,
+                          data_n = 1000
+                         )
+    # get variance of age
+    age_var = wn.dp_variance(data = wn.cast(data['age'], type="FLOAT"),
+                             privacy_usage = {'epsilon': .35},
+                             data_lower = 0.,
+                             data_upper = 100.,
+                             data_n = 1000
+                            )
+analysis.release()
+
+print("DP mean of age: {0}".format(age_mean.value))
+print("DP variance of age: {0}".format(age_var.value))
+print("Privacy usage: {0}".format(analysis.privacy_usage))
+```
+
+The results look something like those below:
+
+```text
+DP mean of age: 44.55598845931517
+DP variance of age: 231.79044646429134
+Privacy usage: approximate {
+  epsilon: 1.0
+}
+```
+
+There are some important things to note about this example.  First, the `Analysis` object represents a data processing graph.  In this example, the mean and variance are computed from the same source node.  However, you can include more complex expressions that combine inputs with outputs in arbitrary ways.
+
+The analysis graph includes `data_upper` and `data_lower` metadata, specifying the lower and upper bounds for ages.  These values are used to precisely calibrate the noise to ensure differential privacy.  These values are also used in some handling of outliers or missing values.
+
+Finally, the analysis graph keeps track of the total privacy budget spent.
+
+You can use the library to compose more complex analysis graphs, with several mechanisms, statistics, and utility functions:
+
+| Statistics    | Mechanisms | Utilities  |
+| ------------- |------------|------------|
+| Count         | Gaussian   | Cast       |
+| Histogram     | Geometric  | Clamping   |
+| Mean          | Laplace    | Digitize   |
+| Quantiles     |            | Filter     |
+| Sum           |            | Imputation |
+| Variance/Covariance |      | Transform  |
+
+See the [basic data analysis notebook](https://github.com/opendifferentialprivacy/whitenoise-samples/blob/master/analysis/basic_data_analysis.ipynb) for more details.
+
+## Approximate utility of differentially private releases
+
+Because differential privacy operates by calibrating noise, the utility of releases may vary depending on the privacy risk.  Generally, the noise needed to protect each individual becomes negligible as sample sizes grow large, but overwhelm the result for releases that target a single individual.  Analysts can review the accuracy information for a release to determine how useful the release is:
+
+```python
+with wn.Analysis() as analysis:
+    # load data
+    data = wn.Dataset(path = data_path, column_names = var_names)
+
+    # get mean of age
+    age_mean = wn.dp_mean(data = wn.cast(data['age'], type="FLOAT"),
+                          privacy_usage = {'epsilon': .65},
+                          data_lower = 0.,
+                          data_upper = 100.,
+                          data_n = 1000
+                         )
+analysis.release()
+
+print("Age accuracy is: {0}".format(age_mean.get_accuracy(0.05)))
+```
+
+The result of that operation should look similar to that below:
+
+```text
+Age accuracy is: 0.2995732273553991
+```
+
+This example computes the mean as above, and uses the `get_accuracy` function to request accuracy at `alpha` of 0.05. An `alpha` of 0.05 represents a 95% interval, in that released value will fall within the reported accuracy bounds about 95% of the time.  In this example, the reported accuracy is 0.3, which means the released value will be within an interval of width 0.6, about 95% of the time.  It is not correct to think of this value as an error bar, since the released value will fall outside the reported accuracy range at the rate specified by `alpha`, and values outside the range may be outside in either direction.
+
+Analysts may query `get_accuracy` for different values of `alpha` to get narrower or wider confidence intervals, without incurring additional privacy cost.
+
+## Generate a histogram
+
+The built-in `dp_histogram` function creates differentially private histograms over any of the following data types:
+
+- A continuous variable, where the set of numbers has to be divided into bins
+- A boolean or dichotomous variable, that can only take on two values
+- A categorical variable, where there are distinct categories enumerated as strings
+
+Here is an example of an `Analysis` specifying bins for a continuous variable histogram:
+
+```python
+income_edges = list(range(0, 100000, 10000))
+
+with wn.Analysis() as analysis:
+    data = wn.Dataset(path = data_path, column_names = var_names)
+
+    income_histogram = wn.dp_histogram(
+            wn.cast(data['income'], type='int', lower=0, upper=100),
+            edges = income_edges,
+            upper = 1000,
+            null_value = 150,
+            privacy_usage = {'epsilon': 0.5}
+        )
+```
+
+Because the individuals are disjointly partitioned among histogram bins, the privacy cost is incurred only once per histogram, even if the histogram includes many bins.
+
+For more on histograms, see the [histograms notebook](https://github.com/opendifferentialprivacy/whitenoise-samples/blob/master/analysis/histograms.ipynb).
+
+## Generate a covariance matrix
+
+WhiteNoise offers three different functionalities with its `dp_covariance` function:
+
+- Covariance between two vectors
+- Covariance matrix of a matrix
+- Cross-covariance matrix of a pair of matrices
+
+Here is an example of computing a scalar covariance:
+
+```python
+with wn.Analysis() as analysis:
+    wn_data = wn.Dataset(path = data_path, column_names = var_names)
+
+    age_income_cov_scalar = wn.dp_covariance(
+      left = wn.cast(wn_data['age'], 
+      type = "FLOAT"), 
+      right = wn.cast(wn_data['income'], 
+      type = "FLOAT"), 
+      privacy_usage = {'epsilon': 1.0},
+      left_lower = 0., 
+      left_upper = 100., 
+      left_n = 1000, 
+      right_lower = 0., 
+      right_upper = 500_000.,
+      right_n = 1000)
+```
+
+For more information, see the [covariance notebook](
+https://github.com/opendifferentialprivacy/whitenoise-samples/blob/master/analysis/covariance.ipynb)
+
+## Next Steps
+
+- Explore [WhiteNoise sample notebooks](https://github.com/opendifferentialprivacy/whitenoise-samples/tree/master/analysis).
diff --git a/articles/machine-learning/toc.yml b/articles/machine-learning/toc.yml
@@ -261,6 +261,9 @@
       - name: Version & track datasets
         displayName: data, data set
         href: how-to-version-track-datasets.md
+      - name: Preserve data privacy
+        displayName: data,privacy,differential privacy
+        href: how-to-differential-privacy.md
   - name: Train models
     items:
     - name: Use estimators for ML
