How Much Is Enough? Choosing ε for Differential Privacy
نویسندگان
چکیده
Differential privacy is a recent notion, and while it is nice conceptually it has been difficult to apply in practice. The parameters of differential privacy have an intuitive theoretical interpretation, but the implications and impacts on the risk of disclosure in practice have not yet been studied, and choosing appropriate values for them is non-trivial. Although the privacy parameter in differential privacy is used to quantify the privacy risk posed by releasing statistics computed on sensitive data, is not an absolute measure of privacy but rather a relative measure. In effect, even for the same value of , the privacy guarantees enforced by differential privacy are different based on the domain of attribute in question and the query supported. We consider the probability of identifying any particular individual as being in the database, and demonstrate the challenge of setting the proper value of given the goal of protecting individuals in the database with some fixed probability.
منابع مشابه
Personalised Differential Privacy
Differential privacy provides a way to get useful information about sensitive data without revealing much about any one individual. It enjoys many nice compositionality properties not shared by other approaches to privacy, including, in particular, robustness against side-knowledge. Designing differentially private mechanisms from scratch can be a challenging task. One way to make it easier to ...
متن کاملDifferential Privacy: An Estimation Theory-Based Method for Choosing Epsilon
Differential privacy is achieved by the introduction of Laplacian noise in the response to a query, establishing a precise trade-off between the level of differential privacy and the accuracy of the database response (via the amount of noise introduced). However, the amount of noise to add is typically defined through the scale parameter of the Laplace distribution, whose use may not be so intu...
متن کاملLower Bounds in Differential Privacy
This paper is about private data analysis, in which a trusted curator holding a confidential database responds to real vector-valued queries. A common approach to ensuring privacy for the database elements is to add appropriately generated random noise to the answers, releasing only these noisy responses. A line of study initiated in [7] examines the amount of distortion needed to prevent priva...
متن کاملPublishing Search Logs - A Comparative Study of Privacy Guarantees
Search engine companies collect the “database of intentions”, the histories of their users’ search queries. These search logs are a gold mine for researchers. Search engine companies, however, are wary of publishing search logs in order not to disclose sensitive information. In this paper we analyze algorithms for publishing frequent keywords, queries and clicks of a search log. We first show h...
متن کاملConcentrated Differential Privacy
The Fundamental Law of Information Recovery states, informally, that “overly accurate” estimates of “too many” statistics completely destroys privacy ([DN03] et sequelae). Differential privacy is a mathematically rigorous definition of privacy tailored to analysis of large datasets and equipped with a formal measure of privacy loss [DMNS06, Dwo06]. Moreover, differentially private algorithms ta...
متن کامل