Differentially private facial obfuscation via generative adversarial networks

From smartphones owned by the majority of teenage and adult populations to omnipresent closed-circuit television systems, the ubiquity of image-capturing devices in our everyday lives ensures that digital images of individuals are taken in the hundreds of millions on a daily basis. Many of these images capture individuals' faces which, through facial recognition techniques, identify the individuals and thus represent a major privacy concern. Many countries and companies require facial obfuscation to conform to privacy laws or policies. Since images should be useful and look realistic, a trade-off arises between privacy and utility. The task is therefore to find a method of obfuscation that offers a formal privacy guarantee while preserving visual quality and maintaining facial attributes deemed acceptable for release (e.g., the pose of the head, gender, etc.). We address this task by proposing facial identity obfuscation through the application of differential privacy to image encodings in a generative adversarial network. We provide details on the design of the model architecture and training process that allow for the generation of photo-realistic obfuscated images. Through the use of principal component analysis, we control the application of noise to the model encodings in order to achieve a favourable trade-off between privacy and utility. We demonstrate the effectiveness of our approach through an experimental comparison against other methods of obfuscation which also offer a formal guarantee of privacy. (c) 2021 Elsevier B.V. All rights reserved.