zlacker

[parent] [thread] 4 comments
1. shusso+(OP)[view] [source] 2019-07-24 11:38:32
do you have some examples?
replies(2): >>majos+L >>polski+e6
2. majos+L[view] [source] 2019-07-24 11:43:34
>>shusso+(OP)
Of a differentially private algorithm? Frank McSherry (one of the authors of the original differential privacy paper) has a nice blog post introducing the idea and giving many examples with code [1].

Or even more briefly, if you want to know how many people in your database have characteristic X, you can compute that number and add Laplace(1/epsilon) noise [2] and output the result. That's epsilon-differentially private. In general, if you're computing a statistic that has sensitivity s (one person can change the statistic by at most s), then adding Laplace(s/epsilon) noise to the statistic makes it epsilon-differentially private (see e.g. Theorem 3.6 here [3]). The intuition is that, by scaling the added noise to the sensitivity, you cover up the presence or absence of any one individual.

[1] https://github.com/frankmcsherry/blog/blob/master/posts/2016...

[2] https://en.wikipedia.org/wiki/Laplace_distribution

[3] http://cis.upenn.edu/~aaroth/privacybook.html

replies(1): >>shusso+w2
◧◩
3. shusso+w2[view] [source] [discussion] 2019-07-24 12:00:27
>>majos+L
Thanks for the links. I'm still a little confused by how differential privacy can be applied to non-aggregated fields. Can differentially private algorithms also be applied to mask/anonymise non-aggregated fields?
replies(1): >>majos+J3
◧◩◪
4. majos+J3[view] [source] [discussion] 2019-07-24 12:11:11
>>shusso+w2
You could, but if your statistic is a function of one person's data, differential privacy will force you to add enough noise to mask that one person's data, i.e. destroy almost all of the utility of the statistic.

It's possible to learn something by aggregating a bunch of those individually-privatized statistics. Randomized response [1] is a canonical example. More generally, local differential privacy is a stronger privacy model where users privatize their own data before releasing it for (arbitrary) analysis. As you might expect, the stronger privacy guarantee means worse utility, sometimes much worse [2].

[1] https://en.wikipedia.org/wiki/Randomized_response

5. polski+e6[view] [source] 2019-07-24 12:30:20
>>shusso+(OP)
There was a keynote about Differential Privacy and Census example at the recent PODS/SIGMOD by Cynthia Dwork.

I recommend watching it if you're interested at https://homepages.cwi.nl/~boncz/sigmod-pods2019.html (top-left vid)

(as a side-note Frank McSherry received SIGMOD Test Of Time Award for his Differential Privacy paper at the same conference).

[go to top]