Secure Counterfactual Explanations in a Two-party Setting

When multiple parties want to learn from each others’ data, but do not want to share this data becaue it is privacy sensitive, using a federated trained Machine Learning (ML) model is a good option. Explanation of the results are essential to use and and therefore trust the outcome of this trained model. However, explanations reveal sensitive information which is not allowed when using privacy sensitive data. In this paper, we introduce a novel approach generating Counterfactual Explanations (CFEs) in a secure way utilising synthetic data. A CFE provides an example data point, that with the smallest change to the original feature values provides a different outcome. Thereby showcasing what needs to change for a different output. In our case two parties owning different features of the same persons jointly train a ML model. In this setting, one party owns one feature and the other party owns multiple features including the target feature, both data must remain confidential to the other party. A CFE is created by first securely generating vertical distributed synthetic data with the aid of a Split Neural Network (Split-NN). We show that the distributed synthetic data maintain characteristics of the original data in the cases where the predictability is high, and do not reveal sensitive information when under an Attribute Inference Attack. Secondly, synthetic Counterfactuals (CFs) are generated and ranked using secure Multi-Party Computation. The ranking is based on the optimization of a selection of distance metrics from the CFE with respect to the original event. The outcome of the CFE can be revealed to both parties. In this way we provide a complete privacy-preserving pipeline to explain a federated trained ML model on vertically partitioned data.