Reflections on the UK-US PETs Prize Challenge

By Sasi Murakonda, Research Scientist at Privitar

Our team has been awarded first prize in the U.K.-U.S. Privacy-enhancing Technologies Prize challenge, the transatlantic innovation prize challenge created by the United Kingdom and United States governments to advance the use of privacy-enhancing technologies (PETs).

For the challenge, we teamed up with academics from University College London (UCL) and Cardiff University to build an end-to-end, privacy-preserving federated learning solution for financial crime detection. Along with the joint first prize, our solution was awarded a special recognition prize for novel modelling and design. 

Here, I’m going to share some details of the prize challenge and our journey through its different phases. 

Origin of the challenge

The PETs Prize challenge was announced at the first Summit for Democracy in late 2021, where PETs were recognized as critical democracy-affirming technologies that can unlock the benefits of data and AI while protecting shared values like accountability, transparency, and the right to privacy.

The problem statements for the challenge were developed in collaboration between the UK Department for Science, Innovation and Technology’s Centre for Data Ethics and Innovation (CDEI), Innovate UK, the National Institute of Standards and Technology (NIST), and the US National Science Foundation (NSF), in cooperation with the White House Office of Science and Technology Policy. I participated in workshops organized by the NSF and NIST to understand open problems in the privacy space and compelling real world applications, especially around synthetic data and federated learning. I gained different expert perspectives from these sessions and learned about technical barriers to unlocking these emerging technologies. 

Organizers announced the launch of the challenge, along with the exact problem statements in the summer of 2022, after what I imagine was a daunting effort from multiple institutions. The challenge would focus on privacy-preserving federated learning solutions for tackling financial crime and responding to public health emergencies. Privitar’s team worked on a   financial crime use case, detecting anomalous transactions that potentially indicate fraud, money laundering, or other criminal activity. The objective was to leverage information that’s normally distributed across different financial institutions to improve anomaly detection models, all while ensuring that sensitive information about individuals remains confidential. 

Phase I – Putting concepts on paper

Protecting privacy in federated analysis and federated learning is something we’ve been interested in for some time at Privitar. We set aside a two week sprint to develop our ideas and narrow in on a solution for the challenge use cases. We had to be agile and fast-moving. We started to outline a solution to the financial crime detection problem and quickly realized a mixture of advanced PETs in both cryptographic and statistical privacy was needed. 

We joined forces with academic partners at UCL and Cardiff University, world-renowned experts in this domain. The team eventually expanded to include two doctoral students from UCL. Given the tight timelines, we distributed the tasks based on our expertise. We had to cover a variety of areas, and all at a frantic pace: ML algorithms for outlier detection, their private equivalents, novel improvements we could make, availability of open source code to build on, understanding the datasets, features that could help us detect financial crime, and various architectures for solving the problem.

We captured our design in a concept paper that describes how a solution would protect sensitive information, scale, and adapt to use cases beyond the challenge, and our novel contributions. A panel of experts evaluated the paper based on factors including depth of technical understanding, feasibility, innovation, and usability. The feedback was overwhelmingly positive and encouraging, with useful advice that we could put into practice in the next phase. 

“The white paper demonstrates an excellent understanding of existing and leading solutions/approaches and makes a number of suggestions on how to incorporate SoA features in their solution.”

“The proposed solution is applicable to use cases with a data distribution that is challenging for conventional federated learning algorithms.”

Our paper was selected as one of nine winners in phase-I and we were awarded a solution development grant to participate in phase-II of the challenge. 

Phase II – Developing the solution

Then it was time to turn paper proposals into working prototypes. 

It took us a combination of significant engineering effort and novel research to find optimal privacy mechanisms and build an end-to-end solution.

We stuck to  privacy by design principles in our architecture, ensuring only minimal, necessary, and appropriate information would ever be exchanged among different parties. We protected sensitive information throughout the entire machine learning lifecycle with a mixture of cryptography and statistical privacy techniques (including private set intersection, partial homomorphic encryption, and local differential privacy). 

Building the solution was  the most exciting and enjoyable phase of the challenge for me. Since the timeline overlapped with the Christmas holiday season, we were often sharing meetings with teammates visiting family homes across three continents. It was a reward in itself to collaborate with a group of smart and motivated colleagues towards a well-defined objective; having in-depth design and technical conversations; iterating and refining our ideas. 

Unexpected hurdles in software engineering left us tight on time and not a little afraid of missing the deadline. We had to make adjustments to get our design compatible with the runtime environment and federated framework provided by the organisers. After a string of test runs, we finally had a working submission with only a day spare to select and improve some of our parameters for the optimal run. We ran a large batch of experiments and everything fell into place just a couple of hours before the deadline. Our final submission used a random seed collected digit by digit from some helpful Privitar colleagues who were participating in an office party while we worked!

At the end of phase II, we submitted our prototype and an updated technical report with our design approach, performance measurements, clear privacy claims, and evaluation of privacy-utility trade-offs. 

Only a small selection of submissions progressed to the next, which involved evaluation by red teams. 

Phase III – Standing up to attacks

A defense is only as good as the best attack it can protect against. In the final phase of the challenge, red teams attacked the shortlisted solutions to see what  sensitive information about individuals could be revealed. Their feedback would influence the final evaluation to determine the team rankings and winners. 

It was at this point I realised that waiting on the sidelines, job done, unable to influence the results any further, is often the toughest part of competition!

Winners announcement at the Summit for Democracy

The wait ended on 30th of March, when the winners of the challenge were  announced at the second summit for democracy . We are the winning UK team (jointly with the University of Cambridge). 

I’m honoured our efforts found room at such a great venue. I can’t think of a more distinguished stage for our work to be profiled than the Summit for Democracy. It was a surreal feeling given the effort we all put in and the anticipation afterwards. I’m convinced our team’s perseverance at the most challenging points contributed more than any component of our solution in taking us to the top spot.

Our success in the PETs prize challenge embodies everything that makes me proud to work in the research team at Privitar. We’re using technology to do the right thing, applying state of the art academic research to solve impactful problems, and working across disciplines to address the multi-faceted nature of data privacy.

PETs can’t stand still. Rapid progress will be necessary to enjoy the benefits of AI without compromising our rights to privacy, which are hand in hand with freedom and self-determination. You can bet Privitar will be at the forefront of meeting this challenge and I hope to continue contributing my part. 

See it for yourself

We’ll present our solution to industry innovators, government officials, regulators, and investors at CDEI’s PETs Demo Day event at the Royal Society in London on 22nd May. Reserve a spot and join us if you are in town on the day.