114,881 research outputs found

    p-probabilistic k-anonymous microaggregation for the anonymization of surveys with uncertain participation

    Get PDF
    We develop a probabilistic variant of k-anonymous microaggregation which we term p-probabilistic resorting to a statistical model of respondent participation in order to aggregate quasi-identifiers in such a manner that k-anonymity is concordantly enforced with a parametric probabilistic guarantee. Succinctly owing the possibility that some respondents may not finally participate, sufficiently larger cells are created striving to satisfy k-anonymity with probability at least p. The microaggregation function is designed before the respondents submit their confidential data. More precisely, a specification of the function is sent to them which they may verify and apply to their quasi-identifying demographic variables prior to submitting the microaggregated data along with the confidential attributes to an authorized repository. We propose a number of metrics to assess the performance of our probabilistic approach in terms of anonymity and distortion which we proceed to investigate theoretically in depth and empirically with synthetic and standardized data. We stress that in addition to constituting a functional extension of traditional microaggregation, thereby broadening its applicability to the anonymization of statistical databases in a wide variety of contexts, the relaxation of trust assumptions is arguably expected to have a considerable impact on user acceptance and ultimately on data utility through mere availability.Peer ReviewedPostprint (author's final draft

    De facto anonymised microdata file on income tax statistics 1998

    Get PDF
    With the data of the de facto anonymised Income Tax Statistics 1998 (FAST 98), the German official statistics are for the first time publishing microdata from the field of fiscal statistics. The scientific community can use these data to analyse politically-relevant questions on the fiscal and transfer system at their own workplace, subject to the premises of article 16 subsection 6 of the Law on Statistics for Federal Purposes, on the basis of "real" assessment data. Passing on individual data to the scientific community is only possible in a de facto anonymised form. This form may impair possibilities for scientific analysis possibilities. So that anonymised data can nevertheless be used by the scientific community, anonymisation must meet two equal challenges: It must firstly guarantee adequate protection of the individual items of data, and secondly it must optimally conserve the possibilities for analysis of the anonymised data. In order to achieve the right balance between these two goals, the Statistical Offices have involved potential scientific users in the anonymisation work in a research project.In the article entitled "De facto anonymised microdata file on income tax statistics 1998", in addition to the anonymisation concept the framework conditions of the project are explained and the analysis possibilities of income tax statistics demonstrated

    On the Measurement of Privacy as an Attacker's Estimation Error

    Get PDF
    A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist systems designers in selecting the most appropriate metric for a given application. In this work we propose a theoretical framework for privacy-preserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability and Bayes decision.Comment: This paper has 18 pages and 17 figure

    Marketing Portfolio Choices by Independent Peach Growers: An Application of the Polychotomous Selection Model

    Get PDF
    In selecting a marketing channel for fresh peach sales, Georgia commercial peach growers choose the channel after accounting for buyers' preferences for quality attributes. Using the polychotomous selection model and survey data we identified external and internal quality attributes as essential factors influencing the choice of a marketing channel and the share of the crop marketed. Other factors influencing the choice and the volume sold through each marketing channel included orchard characteristics and the variety-determined fruit maturity.Marketing,

    De facto anonymised microdata file on income tax statistics 1998

    Get PDF
    With the data of the de facto anonymised Income Tax Statistics 1998 (FAST 98), the German official statistics are for the first time publishing microdata from the field of fiscal statistics. The scientific community can use these data to analyse politically-relevant questions on the fiscal and transfer system at their own workplace, subject to the premises of article 16 subsection 6 of the Law on Statistics for Federal Purposes, on the basis of "real" assessment data. Passing on individual data to the scientific community is only possible in a de facto anonymised form. This form may impair possibilities for scientific analysis possibilities. So that anonymised data can nevertheless be used by the scientific community, anonymisation must meet two equal challenges: It must firstly guarantee adequate protection of the individual items of data, and secondly it must optimally conserve the possibilities for analysis of the anonymised data. In order to achieve the right balance between these two goals, the Statistical Offices have involved potential scientific users in the anonymisation work in a research project.In the article entitled "De facto anonymised microdata file on income tax statistics 1998", in addition to the anonymisation concept the framework conditions of the project are explained and the analysis possibilities of income tax statistics demonstrated.microdata, de facto anonymization, income tax statistic

    A Utility-Theoretic Approach to Privacy in Online Services

    Get PDF
    Online offerings such as web search, news portals, and e-commerce applications face the challenge of providing high-quality service to a large, heterogeneous user base. Recent efforts have highlighted the potential to improve performance by introducing methods to personalize services based on special knowledge about users and their context. For example, a user's demographics, location, and past search and browsing may be useful in enhancing the results offered in response to web search queries. However, reasonable concerns about privacy by both users, providers, and government agencies acting on behalf of citizens, may limit access by services to such information. We introduce and explore an economics of privacy in personalization, where people can opt to share personal information, in a standing or on-demand manner, in return for expected enhancements in the quality of an online service. We focus on the example of web search and formulate realistic objective functions for search efficacy and privacy. We demonstrate how we can find a provably near-optimal optimization of the utility-privacy tradeoff in an efficient manner. We evaluate our methodology on data drawn from a log of the search activity of volunteer participants. We separately assess users’ preferences about privacy and utility via a large-scale survey, aimed at eliciting preferences about peoples’ willingness to trade the sharing of personal data in returns for gains in search efficiency. We show that a significant level of personalization can be achieved using a relatively small amount of information about users
    corecore