Abstract
Differential privacy (DP) is a privacy model that was designed for interactive queries to databases. Its use has then been extended to other data release formats, including microdata. In this paper we show that setting a certain \(\epsilon \) in DP does not determine the confidentiality offered by DP microdata, let alone their utility. Confidentiality refers to the difficulty of correctly matching original and anonymized data, and utility refers to anonymized data preserving the correlation structure of original data. Specifically, we present two methods for generating \(\epsilon \)-differentially private microdata. One of them creates DP synthetic microdata from noise-added covariances. The other relies on adding noise to the cumulative distribution function. We present empirical work that compares the two new methods with DP microdata generation via prior microaggregation. The comparison is in terms of several confidentiality and utility metrics. Our experimental results indicate that different methods to enforce \(\epsilon \)-DP lead to very different utility and confidentiality levels. Both confidentiality and utility seem rather dependent on the amount of permutation performed by the particular SDC method used to enforce DP. Thus suggests that DP is not a good privacy model for microdata releases.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Domingo-Ferrer, J., Muralidhar, K.: New directions in anonymization: permutation paradigm, verifiability by subjects and intruders, transparency to users. Information Sciences 337–338, 11–24 (2016)
Domingo-Ferrer, J., Muralidhar, K., Bras-Amorós, M. General confidentiality and utility metrics for privacy-preserving data publishing based on the permutation model. IEEE Transactions on Dependable and Secure Computing, to appear
Domingo-Ferrer, J., Sánchez, D., Blanco-Justicia, A. The limits of differential privacy (and its misuse in data release and machine learning). Communications of the ACM, to appear
Dwork, Cynthia: Differential Privacy. In: Bugliesi, Michele, Preneel, Bart, Sassone, Vladimiro, Wegener, Ingo (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1
Dwork, C.: A firm foundation for private data analysis. Communications of the ACM 54(1), 86–95 (2011)
Greenberg, A. How one of Apple’s key privacy safeguards falls short. Wired, Sep. 15 (2017). https://www.wired.com/story/apple-differential-privacy-shortcomings/
Liew, C.K., Choi, U.J., Liew, C.J.: A data distortion by probability distribution. ACM Transactions on Database Systems 10(3), 395–411 (1985)
McClure, D., Reiter, J.P.: Differential privacy and statistical disclosure risk measures: an investigation with binary synthetic data. Transactions on Data Privacy 5(3), 535–552 (2012)
Ruggles, S., Fitch, C., Magnuson, D., Schroeder, J.: Differential privacy and Census data: implications for social and economic research. AEA Papers and Proceedings 109, 403–408 (2019)
Samarati, P., Sweeney, L.: Protecting Privacy When Disclosing Information: k-Anonymity and Its Enforcement Through Generalization and Suppression. Technical report, SRI International (1998)
Soria-Comas, Jordi, Domingo-Ferrer, Josep, Sánchez, David, Martínez, Sergio: Enhancing data utility in differential privacy via microaggregation-based \(k\)-anonymity. The VLDB Journal 23(5), 771–794 (2014). https://doi.org/10.1007/s00778-014-0351-4
Xiao, Y., Xiong, L., Yuan, C. Differentially private data release through multidimensional partitioning. In: Proceedings of the 7th VLDB Conference on Secure Data Management-SDM’10 (2010), 150–168
Xu, J., Zhang, Z., Xiao, X., Yang, Y., Yu, G. Differentially private histogram publication. In: IEEE International Conference on Data Engineering-ICDE 2012 (2012), 32-43.
Acknowledgments
Partial support to this work has been received from the European Commission (project H2020-871042 “SoBigData++”), the Government of Catalonia (ICREA Acadèmia Prize to J. Domingo-Ferrer and grant 2017 SGR 705), and from the Spanish Government (project RTI2018-095094-B-C21 “Consent”). The second and third authors are with the UNESCO Chair in Data Privacy, but the views in this paper are their own and are not necessarily shared by UNESCO.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Muralidhar, K., Domingo-Ferrer, J., Martínez, S. (2020). \(\epsilon \)-Differential Privacy for Microdata Releases Does Not Guarantee Confidentiality (Let Alone Utility). In: Domingo-Ferrer, J., Muralidhar, K. (eds) Privacy in Statistical Databases. PSD 2020. Lecture Notes in Computer Science(), vol 12276. Springer, Cham. https://doi.org/10.1007/978-3-030-57521-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-57521-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57520-5
Online ISBN: 978-3-030-57521-2
eBook Packages: Computer ScienceComputer Science (R0)