I am currently looking at Federated Learning. Here is a good example from google.
The idea is that training happens on multiple devices. This means on one hand that training data never leaves a user (privacy) and on the other hand that it can be run decentralized (efficiency). The efficiency part is clear. It becomes scalable and therefore performance can be increased.
I am more interested in the privacy part. If I would be able to train for example an image classifier on two mobile phones and merge the models, this would be Federated Learning by definition, right? Are there any special measures taken to keep data on each phone private? Or is this automatically the case because one can not get useful data out of a trained network?
Researching about this I found papers about Neural Network Inversion. E.g. this one. It seems to be possible to make an Inversion of a network. Therefor one could with a trained network make conclusions about the input data. Is this a real privacy threat? I do not see how one would get my images back out of an image classifier. But is this argument good enough to use it for example for patient data?
I ask for the following reason: If I want to implement Federate Learning, do I only have to research the merging/averaging of neural networks or also about data privacy protection?
