Haifang Yang,Mingzheng Wang,Xiangpei Hu,Xiaobai Li

2019-01-01

Abstract:The Facebook/Cambridge Analytica data scandal shows a type of privacy threat where an adversary attacks on a massive number of people without prior knowledge about their background information. Existing studies typically assume that the adversary knew the background information of the target individuals. This study examines the disclosure risk issue in privacy breaches without such an assumption. We define the background disclosure risk and re-identification risk based on the notion of prior and conditional probabilities respectively, and integrate the two risk measures into a composite measure using the Minimum Description Length principle. We then develop a decision-tree pruning algorithm to find an appropriate group size considering the tradeoff between disclosure risk and data utility. Furthermore, we propose a novel tiered generalization method for anonymizing data at the group level. An experimental study has been conducted to demonstrate the effectiveness of our approach.

Salman Salamatian,Amy Zhang,Flavio du Pin Calmon,Sandilya Bhamidipati,Nadia Fawaz,Branislav Kveton,Pedro Oliveira,Nina Taft

DOI: https://doi.org/10.1109/jstsp.2015.2442227

IF: 7.695

2015-10-01

IEEE Journal of Selected Topics in Signal Processing

Abstract:We propose a practical methodology to protect a user's private data, when he wishes to publicly release data that is correlated with his private data, to get some utility. Our approach relies on a general statistical inference framework that captures the privacy threat under inference attacks, given utility constraints. Under this framework, data is distorted before it is released, according to a probabilistic privacy mapping. This mapping is obtained by solving a convex optimization problem, which minimizes information leakage under a distortion constraint. We address practical challenges encountered when applying this theoretical framework to real world data. On one hand, the design of optimal privacy mappings requires knowledge of the prior distribution linking private data and data to be released, which is often unavailable in practice. On the other hand, the optimization may become untractable when data assumes values in large size alphabets, or is high dimensional. Our work makes three major contributions. First, we provide bounds on the impact of a mismatched prior on the privacy-utility tradeoff. Second, we show how to reduce the optimization size by introducing a quantization step, and how to generate privacy mappings under quantization. Third, we evaluate our method on two datasets, including a new dataset that we collected, showing correlations between political convictions and TV viewing habits. We demonstrate that good privacy properties can be achieved with limited distortion so as not to undermine the original purpose of the publicly released data, e.g., recommendations.

engineering, electrical & electronic

Isabel Wagner,Eerke Boiten

DOI: https://doi.org/10.1007/978-3-030-00305-0_17

2018-09-09

Abstract:Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the "correct" risk level on e.g. a five-point scale. In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.

Cryptography and Security

John Abowd,Lorenzo Alvisi,Cynthia Dwork,Sampath Kannan,Ashwin Machanavajjhala,Jerome Reiter

DOI: https://doi.org/10.48550/arXiv.1701.00752

2017-01-03

Computers and Society

Abstract:Government statistical agencies collect enormously valuable data on the nation's population and business activities. Wide access to these data enables evidence-based policy making, supports new research that improves society, facilitates training for students in data science, and provides resources for the public to better understand and participate in their society. These data also affect the private sector. For example, the Employment Situation in the United States, published by the Bureau of Labor Statistics, moves markets. Nonetheless, government agencies are under increasing pressure to limit access to data because of a growing understanding of the threats to data privacy and confidentiality. "De-identification" - stripping obvious identifiers like names, addresses, and identification numbers - has been found inadequate in the face of modern computational and informational resources. Unfortunately, the problem extends even to the release of aggregate data statistics. This counter-intuitive phenomenon has come to be known as the Fundamental Law of Information Recovery. It says that overly accurate estimates of too many statistics can completely destroy privacy. One may think of this as death by a thousand cuts. Every statistic computed from a data set leaks a small amount of information about each member of the data set - a tiny cut. This is true even if the exact value of the statistic is distorted a bit in order to preserve privacy. But while each statistical release is an almost harmless little cut in terms of privacy risk for any individual, the cumulative effect can be to completely compromise the privacy of some individuals.

Qinbo Li,Adam G. D'Souza,Cason Schmit,Hye-Chung Kum

DOI: https://doi.org/10.48550/arXiv.1906.03345

2019-06-08

Abstract:Record linkage refers to the task of integrating data from two or more databases without a common identifier. MINDFIRL (MInimum Necessary Disclosure For Interactive Record Linkage) is a software system that demonstrates the tradeoff between utility and privacy in interactive record linkage. Due to the need to access personally identifiable information (PII) to accurately assess whether different records refer to the same person in heterogeneous databases, privacy is a major concern in interactive record linkage. MINDFIRL supports interactive record linkage while minimizing the privacy risk by (1) using pseudonyms to separate the identifying information from the sensitive information, (2) dynamically disclosing only the minimum necessary information incrementally, as needed on-demand at the point of decision, and (3) quantifies the risk due to the needed information disclosure to support transparency, the reasoning, communication, and decisions on the privacy and utility trade off. In this paper we present an overview of the MINDFIRL system and the k-Anonymized Privacy Risk (KAPR) score used to measure the privacy risk based on the disclosed information. We prove that KAPR score is a norm meeting all the desirable properties for a risk score for interactive record linkage.

Databases

Marmar Orooji,Gerald M. Knapp

DOI: https://doi.org/10.48550/arXiv.1901.07311

2019-01-02

Cryptography and Security

Abstract:A tremendous amount of individual-level data is generated each day, of use to marketing, decision makers, and machine learning applications. This data often contain private and sensitive information about individuals, which can be disclosed by adversaries. An adversary can recognize the underlying individual's identity for a data record by looking at the values of quasi-identifier attributes, known as identity disclosure, or can uncover sensitive information about an individual through attribute disclosure. In Statistical Disclosure Control, multiple disclosure risk measures have been proposed. These share two drawbacks: they do not consider identity and attribute disclosure concurrently in the risk measure, and they make restrictive assumptions on an adversary's knowledge by assuming certain attributes are quasi-identifiers and there is a clear boundary between quasi-identifiers and sensitive information. In this paper, we present a novel disclosure risk measure that addresses these limitations, by presenting a single combined metric of identity and attribute disclosure risk, and providing flexibility in modeling adversary's knowledge. We have developed an efficient algorithm for computing the proposed risk measure and evaluated the feasibility and performance of our approach on a real-world data set from the domain of social work.

Mousa Alfalayleh,Ljiljana Brankovic

DOI: https://doi.org/10.48550/arXiv.1409.2112

2014-09-07

Abstract:It is well recognised that data mining and statistical analysis pose a serious treat to privacy. This is true for financial, medical, criminal and marketing research. Numerous techniques have been proposed to protect privacy, including restriction and data modification. Recently proposed privacy models such as differential privacy and k-anonymity received a lot of attention and for the latter there are now several improvements of the original scheme, each removing some security shortcomings of the previous one. However, the challenge lies in evaluating and comparing privacy provided by various techniques. In this paper we propose a novel entropy based security measure that can be applied to any generalisation, restriction or data modification technique. We use our measure to empirically evaluate and compare a few popular methods, namely query restriction, sampling and noise addition.

Cryptography and Security

Antonio Borrero-Foncubierta,Mercedes Rodriguez-Garcia,Andrés Muñoz,Juan Manuel Dodero

DOI: https://doi.org/10.1007/s10207-024-00944-7

2024-12-05

International Journal of Information Security

Abstract:This paper explores the limitations faced by current solutions for selecting quasi-identifying attributes in the context of Privacy-Preserving Data Publishing (PPDP). PPDP stipulates that any published personal data should not be linkable to other available data sources in a manner that could potentially lead to individual re-identification or compromise sensitive data. The state-of-the-art methods for selecting quasi-identifying attributes commonly rely on heuristic evaluations to assess the risk of re-identification associated with each attribute. We hypothesize that these heuristic-based methods could be significantly improved by complementing them with empirical methods capable of quantifying the external linkability of dataset attributes. This empirical layer would enable a fine-tuning of the obfuscation of attributes within the dataset, thereby preventing the unnecessary privatization of attributes beyond potential attackers' reach while ensuring privatization of those easily accessible. For this purpose, we explore recent advancements in identifying semantically related datasets across heterogeneous data sources. Although initially developed for purposes beyond privacy preservation, these methods support our initiative by uncovering potential links with external data and thus providing empirical evidence for the identification of attributes as quasi-identifiers. Finally, we discuss potential pathways to implement this empirical layer in quasi-identifier identification systems.

computer science, information systems, theory & methods, software engineering

Sebastian Rehms,Stefan Köpsell,Verena Klös,Florian Tschorsch

2024-05-14

Abstract:This paper proposes a reasoning framework for privacy properties of systems and their environments that can capture any knowledge leaks on different logical levels of the system to answer the question: which entity can learn what? With the term knowledge we refer to any kind of data, meta-data or interpretation of those that might be relevant. To achieve this, we present a modeling framework that forces the developers to explicitly describe which knowledge is available at which entity, which knowledge flows between entities and which knowledge can be inferred from other knowledge. In addition, privacy requirements are specified as rules describing forbidden knowledge for entities. Our modeling approach is incremental, starting from an abstract view of the system and adding details through well-defined transformations. This work is intended to complement existing approaches and introduces steps towards more formal foundations for privacy oriented analyses while keeping them as accessible as possible. It is designed to be extensible through schemata and vocabulary to enable compatibility with external requirements and standards.

Cryptography and Security

Andrea Gadotti,Luc Rocher,Florimond Houssiau,Ana-Maria Creţu,Yves-Alexandre de Montjoye

DOI: https://doi.org/10.1126/sciadv.adn7053

IF: 13.6

2024-07-18

Science Advances

Abstract:Information about us, our actions, and our preferences is created at scale through surveys or scientific studies or as a result of our interaction with digital devices such as smartphones and fitness trackers. The ability to safely share and analyze such data is key for scientific and societal progress. Anonymization is considered by scientists and policy-makers as one of the main ways to share data while minimizing privacy risks. In this review, we offer a pragmatic perspective on the modern literature on privacy attacks and anonymization techniques. We discuss traditional de-identification techniques and their strong limitations in the age of big data. We then turn our attention to modern approaches to share anonymous aggregate data, such as data query systems, synthetic data, and differential privacy. We find that, although no perfect solution exists, applying modern techniques while auditing their guarantees against attacks is the best approach to safely use and share data today.

multidisciplinary sciences

Caelin G. Kaplan,Chuan Xu,Othmane Marfoq,Giovanni Neglia,Anderson Santana de Oliveira

2023-10-19

Abstract:Within the realm of privacy-preserving machine learning, empirical privacy defenses have been proposed as a solution to achieve satisfactory levels of training data privacy without a significant drop in model utility. Most existing defenses against membership inference attacks assume access to reference data, defined as an additional dataset coming from the same (or a similar) underlying distribution as training data. Despite the common use of reference data, previous works are notably reticent about defining and evaluating reference data privacy. As gains in model utility and/or training data privacy may come at the expense of reference data privacy, it is essential that all three aspects are duly considered. In this paper, we first examine the availability of reference data and its privacy treatment in previous works and demonstrate its necessity for fairly comparing defenses. Second, we propose a baseline defense that enables the utility-privacy tradeoff with respect to both training and reference data to be easily understood. Our method is formulated as an empirical risk minimization with a constraint on the generalization error, which, in practice, can be evaluated as a weighted empirical risk minimization (WERM) over the training and reference datasets. Although we conceived of WERM as a simple baseline, our experiments show that, surprisingly, it outperforms the most well-studied and current state-of-the-art empirical privacy defenses using reference data for nearly all relative privacy levels of reference and training data. Our investigation also reveals that these existing methods are unable to effectively trade off reference data privacy for model utility and/or training data privacy. Overall, our work highlights the need for a proper evaluation of the triad model utility / training data privacy / reference data privacy when comparing privacy defenses.

Cryptography and Security,Artificial Intelligence,Machine Learning

Úlfar Erlingsson,Vitaly Feldman,Ilya Mironov,Ananth Raghunathan,Shuang Song,Kunal Talwar,Abhradeep Thakurta

2020-01-01

Abstract:Recently, a number of approaches and techniques have been introduced for reporting software statistics with strong privacy guarantees. These range from abstract algorithms to comprehensive systems with varying assumptions and built upon local differential privacy mechanisms and anonymity. Based on the Encode-Shuffle-Analyze (ESA) framework, notable results formally clarified large improvements in privacy guarantees without loss of utility by making reports anonymous. However, these results either comprise of systems with seemingly disparate mechanisms and attack models, or formal statements with little guidance to practitioners. Addressing this, we provide a formal treatment and offer prescriptive guidelines for privacy-preserving reporting with anonymity. We revisit the ESA framework with a simple, abstract model of attackers as well as assumptions covering it and other proposed systems of anonymity. In light of new formal privacy bounds, we examine the limitations of sketch-based encodings and ESA mechanisms such as data-dependent crowds. We also demonstrate how the ESA notion of fragmentation (reporting data aspects in separate, unlinkable messages) improves privacy/utility tradeoffs both in terms of local and central differential-privacy guarantees. Finally, to help practitioners understand the applicability and limitations of privacy-preserving reporting, we report on a large number of empirical experiments. We use real-world datasets with heavy-tailed or near-flat distributions, which pose the greatest difficulty for our techniques; in particular, we focus on data drawn from images that can be easily visualized in a way that highlights reconstruction errors. Showing the promise of the approach, and of independent interest, we also report on experiments using anonymous, privacy-preserving reporting to train high-accuracy deep neural networks on standard tasks---MNIST and CIFAR-10.

Rina Foygel Barber,John C. Duchi

DOI: https://doi.org/10.48550/arXiv.1412.4451

2014-12-15

Abstract:We explore and compare a variety of definitions for privacy and disclosure limitation in statistical estimation and data analysis, including (approximate) differential privacy, testing-based definitions of privacy, and posterior guarantees on disclosure risk. We give equivalence results between the definitions, shedding light on the relationships between different formalisms for privacy. We also take an inferential perspective, where---building off of these definitions---we provide minimax risk bounds for several estimation problems, including mean estimation, estimation of the support of a distribution, and nonparametric density estimation. These bounds highlight the statistical consequences of different definitions of privacy and provide a second lens for evaluating the advantages and disadvantages of different techniques for disclosure limitation.

Statistics Theory,Information Theory

Nicolas Ruiz

DOI: https://doi.org/10.48550/arXiv.1701.08419

2017-01-30

Abstract:Recently, the permutation paradigm has been proposed in data anonymization to describe any micro data masking method as permutation, paving the way for performing meaningful analytical comparisons of methods, something that is difficult currently in statistical disclosure control research. This paper explores some consequences of this paradigm by establishing some class of universal measures of disclosure risk and information loss that can be used for the evaluation and comparison of any method, under any parametrization and independently of the characteristics of the data to be anonymized. These measures lead to the introduction in data anonymization of the concepts of dominance in disclosure risk and information loss, which formalise the fact that different parties involved in micro data transaction can all have different sensitivities to privacy and information.

Cryptography and Security

Ruijun Deng,Shijing Hu,Junxiong Lin,Jirui Yang,Zhihui Lu,Jie Wu,Shih-Chia Huang,Qiang Duan

DOI: https://doi.org/10.1109/tce.2024.3370764

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Mobile Edge Computing (MEC) has great potential to facilitate cheap and fast customer behavior analysis (CBA). Model splitting, widely adopted in collaborative learning of MEC, partitions the CBA models between customer devices and the edge servers in a layer-wise manner to support efficient distributed learning. However, the split-model architecture (SMA) is vulnerable to data reconstruction attacks for privacy leakage in intermediate data, of which the risk measurements remain unexplored. In this paper, we propose a privacy risk measurement framework, called InvMetrics, for split model–based CBA systems, which assess the degree of privacy leakage from both the CBA owners’ and the regulators’ perspectives. For CBA owners, we propose a privacy metric, Distance Loss (DLoss), based on distance correlation, which is computationally efficient, and thus eligible for being deployed on the customers’ devices. For third-party evaluators, we propose Uncertainty Loss (ULoss) based on entropy, which can measure privacy risk without accessing raw data. Evaluation results on three CBA datasets and one image dataset demonstrate that InvMetrics framework with DLoss and ULoss can accurately measure privacy risk and is more efficient than the state-of-the-art.

telecommunications,engineering, electrical & electronic

Julian Schneider,Marvin Walter,Karen Otte,Thierry Meurers,Ines Perrar,Ute Nöthlings,Tim Adams,Holger Fröhlich,Fabian Prasser,Juliane Fluck,Lisa Kühnel

DOI: https://doi.org/10.3233/SHTI240867

2024-08-30

Abstract:Introduction: A modern approach to ensuring privacy when sharing datasets is the use of synthetic data generation methods, which often claim to outperform classic anonymization techniques in the trade-off between data utility and privacy. Recently, it was demonstrated that various deep learning-based approaches are able to generate useful synthesized datasets, often based on domain-specific analyses. However, evaluating the privacy implications of releasing synthetic data remains a challenging problem, especially when the goal is to conform with data protection guidelines. Methods: Therefore, the recent privacy risk quantification framework Anonymeter has been built for evaluating multiple possible vulnerabilities, which are specifically based on privacy risks that are considered by the European Data Protection Board, i.e. singling out, linkability, and attribute inference. This framework was applied to a synthetic data generation study from the epidemiological domain, where the synthesization replicates time and age trends previously found in data collected during the DONALD cohort study (1312 participants, 16 time points). The conducted privacy analyses are presented, which place a focus on the vulnerability of outliers. Results: The resulting privacy scores are discussed, which vary greatly between the different types of attacks. Conclusion: Challenges encountered during their implementation and during the interpretation of their results are highlighted, and it is concluded that privacy risk assessment for synthetic data remains an open problem.

Matteo Giomi,Franziska Boenisch,Christoph Wehmeyer,Borbála Tasnádi

DOI: https://doi.org/10.48550/arXiv.2211.10459

2022-11-19

Abstract:Synthetic data is often presented as a method for sharing sensitive information in a privacy-preserving manner by reproducing the global statistical properties of the original data without disclosing sensitive information about any individual. In practice, as with other anonymization methods, privacy risks cannot be entirely eliminated. The residual privacy risks need instead to be ex-post assessed. We present Anonymeter, a statistical framework to jointly quantify different types of privacy risks in synthetic tabular datasets. We equip this framework with attack-based evaluations for the singling out, linkability, and inference risks, the three key indicators of factual anonymization according to the European General Data Protection Regulation (GDPR). To the best of our knowledge, we are the first to introduce a coherent and legally aligned evaluation of these three privacy risks for synthetic data, and to design privacy attacks which model directly the singling out and linkability risks. We demonstrate the effectiveness of our methods by conducting an extensive set of experiments that measure the privacy risks of data with deliberately inserted privacy leakages, and of synthetic data generated with and without differential privacy. Our results highlight that the three privacy risks reported by our framework scale linearly with the amount of privacy leakage in the data. Furthermore, we observe that synthetic data exhibits the lowest vulnerability against linkability, indicating one-to-one relationships between real and synthetic data records are not preserved. Finally, we demonstrate quantitatively that Anonymeter outperforms existing synthetic data privacy evaluation frameworks both in terms of detecting privacy leaks, as well as computation speed. To contribute to a privacy-conscious usage of synthetic data, we open source Anonymeter at <a class="link-external link-https" href="https://github.com/statice/anonymeter" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security

Wei-Han Lee,Changchang Liu,Shouling Ji,Prateek Mittal,Ruby B. Lee

DOI: https://doi.org/10.1007/978-3-319-93354-2_5

2018-01-01

Abstract:An increasing amount of data are becoming publicly available over the Internet. These data are released after applying some anonymization techniques. Recently, researchers have paid significant attention to analyzing the risks of publishing privacy-sensitive data. Even if data anonymization techniques were applied to protect privacy-sensitive data, several de-anonymization attacks have been proposed to break their privacy. However, no theoretical quantification for relating the data vulnerability against de-anonymization attacks and the data utility that is preserved by the anonymization techniques exists. In this paper, we first address several fundamental open problems in the structure-based de-anonymization research by establishing a formal model for privacy breaches on anonymized data and quantifying the conditions for successful de-anonymization under a general graph model. To the best of our knowledge, this is the first work on quantifying the relationship between anonymized utility and de-anonymization capability. Our quantification works under very general assumptions about the distribution from which the data are drawn, thus providing a theoretical guide for practical de-anonymization/anonymization techniques. Furthermore, we use multiple real-world datasets including a Facebook dataset, a Collaboration dataset, and two Twitter datasets to show the limitations of the state-of-the-art de-anonymization attacks. From these experimental results, we demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future, by comparing the theoretical de-anonymization capability proposed by us with the practical experimental results of the state-of-the-art de-anonymization methods.

Gábor Erdélyi,Olivia J. Erdélyi,Andreas W. Kempa-Liehr

DOI: https://doi.org/10.48550/arXiv.2111.13304

2021-11-26

Computers and Society

Abstract:This paper focuses on some shortcomings in current privacy and data protection regulations' ability to adequately address the ramifications of AI-driven data processing practices, in particular where data sets are combined and processed by AI systems. We raise attention to two regulatory anomalies related to two fundamental assumptions underlying traditional privacy and data protection approaches: (1) Only Personally Identifiable Information (PII) and Personal Data (PD) require privacy protection: Privacy and data protection regulations are only triggered with respect to PII/PD, but not anonymous data. This is not only problematic because determining whether data falls in the former or latter category is no longer straightforward, but also because privacy risks associated with data processing may exist whether or not an individual can be identified. (2) Given sufficient information provided in a transparent and understandable manner, individuals are able to adequately assess the privacy implications of their actions and protect their privacy interests: However, relying on human privacy expectations fails to address important privacy threats, because those expectations are at odds with the actual privacy implications of data processing practices, as most people lack the necessary technical literacy to understand the sophisticated technologies at play, and to correctly assess their privacy implications. To tackle these anomalies we recommend regulatory reform in two directions: (1) Abolishing the distinction between personal and anonymized data for the purposes of triggering the application of privacy and data protection regulations and (2) developing methods to prioritize regulatory intervention based on the level of privacy risk posed by individual data processing actions.

Gillian M Raab

DOI: https://doi.org/10.48550/arXiv.2409.04257

2024-09-06

Abstract:This paper proposes and compares measures of identity and attribute disclosure risk for synthetic data. Data custodians can use the methods proposed here to inform the decision as to whether to release synthetic versions of confidential data. Different measures are evaluated on two data sets. Insight into the measures is obtained by examining the details of the records identified as posing a disclosure risk. This leads to methods to identify, and possibly exclude, apparently risky records where the identification or attribution would be expected by someone with background knowledge of the data. The methods described are available as part of the \textbf{synthpop} package for \textbf{R}.

Applications