Abstract

In 1977 Dalenius articulated a desideratum for statistical databases: nothing about an individual should be learnable from the database that cannot be learned without access to the database. We give a general impossibility result showing that a formalization of Dalenius’ goal along the lines of semantic security cannot be achieved. Contrary to intuition, a variant of the result threatens the privacy even of someone not in the database. This state of affairs suggests a new measure, differential privacy, which, intuitively, captures the increased risk to one’s privacy incurred by participating in a database. The techniques developed in a sequence of papers [8, 13, 3], culminating in those described in [12], can achieve any desired level of privacy under this measure. In many cases, extremely accurate information about the database can be provided while simultaneously ensuring very high levels of privacy.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adam, N.R., Wortmann, J.C.: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Computing Surveys 21(4), 515–556 (1989)CrossRefGoogle Scholar
  2. 2.
    Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proc, A.S. (ed.) International Conference on Management of Data, pp. 439–450 (2000)Google Scholar
  3. 3.
    Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: The SuLQ framework. In: Proceedings of the 24th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, June 2005, pp. 128–138 (2005)Google Scholar
  4. 4.
    Chawla, S., Dwork, C., McSherry, F., Smith, A., Wee, H.: Toward privacy in public databases. In: Proceedings of the 2nd Theory of Cryptography Conference, pp. 363–385 (2005)Google Scholar
  5. 5.
    Chawla, S., Dwork, C., McSherry, F., Talwar, K.: On the utility of privacy-preserving histograms. In: Proceedings of the 21st Conference on Uncertainty in Artificial Intelligence (2005)Google Scholar
  6. 6.
    Dalenius, T.: Towards a methodology for statistical disclosure control. Statistik Tidskrift 15, 222–429 (1977)Google Scholar
  7. 7.
    Denning, D.E.: Secure statistical databases with random sample queries. ACM Transactions on Database Systems 5(3), 291–315 (1980)MATHCrossRefGoogle Scholar
  8. 8.
    Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proceedings of the 22nd ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 202–210 (2003)Google Scholar
  9. 9.
    Dobkin, D., Jones, A.K., Lipton, R.J.: Secure databases: Protection against user influence. ACM Trans. Database Syst. 4 1, 97–106 (1979)CrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Smith, A.: Correcting Errors Without Leaking Partial Information. In: Proceedings of the 37th ACM Symposium on Theory of Computing, pp. 654–663 (2005)Google Scholar
  12. 12.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Proceedings of the 3rd Theory of Cryptography Conference, pp. 265–284 (2006)Google Scholar
  13. 13.
    Dwork, C., Nissim, K.: Privacy-preserving datamining on vertically partitioned databases. In: Advances in Cryptology: Proceedings of Crypto, pp. 528–544 (2004)Google Scholar
  14. 14.
    Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. In: Proceedings of the 22nd ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, June 2003, pp. 211–222 (2003)Google Scholar
  15. 15.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984); prelminary version appeared in Proceedings 14th Annual ACM Symposium on Theory of ComputingMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the EATCS 77, 67–95 (2002)MATHMathSciNetGoogle Scholar
  18. 18.
    Sweeney, L.: Weaving technology and policy together to maintain confidentiality. J. of Law Med Ethics 25(2-3), 98–110 (1997)CrossRefGoogle Scholar
  19. 19.
    Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5), 571–588 (2002)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Cynthia Dwork
    • 1
  1. 1.Microsoft Research 

Personalised recommendations