Large Language Model-Driven Intelligent Text Anonymization Technology

This project is based on the ICLR 2025 paper Large Language Models are Advanced Anonymizers, using large language models to achieve automatic anonymization of Reddit comments and European Court of Human Rights (ECHR) cases. It demonstrates the application potential of LLMs in the field of privacy protection and provides new ideas for automated desensitization of sensitive data. Addressing the limitations of traditional anonymization technologies, the project leverages the deep semantic understanding and generation capabilities of LLMs to strike a balance between privacy protection and text usability preservation.

Traditional text anonymization mostly uses rule-driven methods (such as Named Entity Recognition (NER), regular expression matching, keyword blacklists), which have limitations like insufficient context understanding (unable to identify indirectly identifying information), over-anonymization (undermining semantic coherence), high rule maintenance costs, and cross-language difficulties. In contrast, LLMs have inherent advantages such as deep semantic understanding, world knowledge, generation capabilities, and multilingual capabilities, providing a new direction for solving text anonymization challenges.

The core methodology models anonymization as a conditional text generation problem, which needs to meet three conditions: privacy protection (attackers cannot identify the original subject), semantic preservation (retaining main semantics), and natural fluency. A two-stage processing approach is adopted: 1. Sensitive information identification (direct identifiers like names/ID numbers, quasi-identifiers like age/zip code, background clues like location/relationship descriptions); 2. Semantically equivalent replacement (generating natural alternative content instead of simple placeholders).

The project was validated on two representative datasets: 1. Reddit comment dataset (informal colloquial text with implicit identity information); 2. European Court of Human Rights (ECHR) case dataset (formal legal text with strict privacy requirements). Evaluation metrics include privacy protection strength (membership/attribute inference attack tests), semantic similarity (BERTScore, BLEU), readability, and information loss.

Supports multiple model backends (OpenAI GPT series, open-source models like Llama2/Mistral, local models deployed via Ollama); carefully designed prompt templates (including task descriptions, example demonstrations, constraints, output formats); implements optimizations such as batch API calls, result caching, error retries, and progress tracking.

Application scenarios include medical data sharing (preserving the medical value of medical records), social media data analysis (protecting user privacy), legal document processing (automated privacy protection), and internal enterprise data (balancing privacy and business value).

Technical limitations include model hallucinations (introducing non-existent information), consistency issues (inconsistent processing of similar texts), poor interpretability, and adversarial attack risks; ethical and legal considerations include third-party API data leakage risks, gaps between anonymization adequacy and legal standards, responsibility attribution, and model bias issues.

Future directions include differential privacy integration, multimodal expansion, real-time processing, and domain adaptation; application expansions such as combination with privacy computing, synthetic data generation, and verifiable anonymization. The conclusion points out that LLM anonymization is an important direction for privacy protection, requiring collaboration between technology, law, and processes, and users need to understand its capabilities and limitations when using it.