Privacy-Preserving AI

The dual-layer inference framework pairs a language-level extractor performing joint intent and slot modeling on raw text with a probabilistic reasoner that maintains a belief distribution over plausible goal hypotheses. Rather than 6 follow-up questions, the system reasons internally — estimating likelihoods that extracted variables match system states, quantifying uncertainty under partial observability, and iteratively narrowing hypotheses until a confident booking decision emerges.

The work engages closely with the active-clarification literature (Ask-to-Clarify; AT-CoT by Tang & Soulier; BALI by Ghose et al.) but leans architecturally toward minimizing user disruption: clarification only when expected information gain exceeds interaction cost (the dual-mode formulation of Fang et al.). Token-level confidence calibration (FineCE, Han et al.) mitigates hallucinated overconfidence; the Planner-Composer-Evaluator (PCE) framework structures fragmented implicit assumptions into an evaluable probabilistic decision tree; counterfactual reasoning (CRED, Tung et al.) generates "what-if" hypotheses to proactively narrow the belief distribution.

The same architecture stores user history as statistical aggregates rather than retaining raw dialogue or personally identifying information. Empirical work from the LMP2 audit framework (Staufer) shows large language models memorize sensitive personal data by default — the matching architecture here is designed to make that memorization structurally impossible. The thesis studies dual-tower retrieval (PrivGemo-style, keeping raw user knowledge graphs strictly local while transmitting only de-identified views to cloud reasoners), temporal decay of stale preferences (Stability and Safety Governed Memory, Lam et al.), and Bayesian trust scoring against memory poisoning.

This thesis tackles the techniques side of privacy-preserving AI: anonymization, differential privacy, and synthetic data generation. The goal is a privacy-engineering toolkit applicable across the platform — from analytics to recommendations to research datasets — without exposing the individuals behind the signals.

On the architectural side it studies design principles for a centralized data-sharing platform on a social-booking surface: privacy-by-design, GDPR alignment, and the specific system components needed to make opt-in meaningful in production rather than only at prototype size. It investigates how privacy-engineering principles translate from research literature into a real architecture — and how ε-differential privacy, anonymization patterns, and synthetic data generation combine into a production-grade toolkit.