Exposing Hidden Vulnerabilities: A privacy audit of algorithmic fairness

Algorithmic fairness and privacy are cornerstones of trustworthy machine learning. Prior research suggests that mitigating bias may amplify membership inference risks for underrepresented groups. However, evaluations based on average-case metrics, such as attack success rate, often obscure vulnerabilities at low false-positive rates-an regime critical for real-world privacy. In this paper, we present an in-depth empirical study of membership inference under low false positive rate conditions, across three fair machine learning algorithms. Our analysis on the Law School, Bank Marketing, and COMPAS datasets reveal that standard threshold-based and population-based attacks underestimate privacy leaks, especially for sensitive subgroups. Motivated by this gap, we propose a subgroup-specific membership inference attack based on pairwise likelihood ratio tests. Our method models the null hypothesis more accurately: a target sample’s outputs are statistically indistinguishable from those of non-members within the same sensitive subgroup. Our experiments show that a simple modification of an existing attack can achieve superior test power across the TPR-FPR curve-even at extremely low false positive rates, given an adversary with the same computational resources and access to data-establishing a robust foundation for more powerful, fine-grained privacy audits of fair learning algorithms.