Buying Private Data without Verification

We consider the problem of designing a survey to aggregate non-verifiable information from a privacy-sensitive population: an analyst wants to compute some aggregate statistic from the private bits held by each member of a population, but cannot verify the correctness of the bits reported by participants in his survey. Individuals in the population are strategic agents with a cost for privacy, \ie, they not only account for the payments they expect to receive from the mechanism, but also their privacy costs from any information revealed about them by the mechanism's outcome---the computed statistic as well as the payments---to determine their utilities. How can the analyst design payments to obtain an accurate estimate of the population statistic when individuals strategically decide both whether to participate and whether to truthfully report their sensitive information? We design a differentially private peer-prediction mechanism that supports accurate estimation of the population statistic as a Bayes-Nash equilibrium in settings where agents have explicit preferences for privacy. The mechanism requires knowledge of the marginal prior distribution on bits $b_i$, but does not need full knowledge of the marginal distribution on the costs $c_i$, instead requiring only an approximate upper bound. Our mechanism guarantees $\epsilon$-differential privacy to each agent $i$ against any adversary who can observe the statistical estimate output by the mechanism, as well as the payments made to the $n-1$ other agents $j\neq i$. Finally, we show that with slightly more structured assumptions on the privacy cost functions of each agent, the cost of running the survey goes to $0$ as the number of agents diverges.Comment: Appears in EC 201

What proof do we prefer? Variants of verifiability in voting

In this paper, we discuss one particular feature of Internet voting, verifiability, against the background of scientific literature and experiments in the Netherlands. In order to conceptually clarify what verifiability is about, we distinguish classical verifiability from constructive veriability in both individual and universal verification. In classical individual verifiability, a proof that a vote has been counted can be given without revealing the vote. In constructive individual verifiability, a proof is only accepted if the witness (i.e. the vote) can be reconstructed. Analogous concepts are de- fined for universal veriability of the tally. The RIES system used in the Netherlands establishes constructive individual verifiability and constructive universal verifiability, whereas many advanced cryptographic systems described in the scientific literature establish classical individual verifiability and classical universal verifiability. If systems with a particular kind of verifiability continue to be used successfully in practice, this may influence the way in which people are involved in elections, and their image of democracy. Thus, the choice for a particular kind of verifiability in an experiment may have political consequences. We recommend making a well-informed democratic choice for the way in which both individual and universal verifiability should be realised in Internet voting, in order to avoid these unconscious political side-effects of the technology used. The safest choice in this respect, which maintains most properties of current elections, is classical individual verifiability combined with constructive universal verifiability. We would like to encourage discussion about the feasibility of this direction in scientific research

The Essential Role of Securities Regulation

This Article posits that the essential role of securities regulation is to create a competitive market for sophisticated professional investors and analysts (information traders). The Article advances two related theses-one descriptive and the other normative. Descriptively, the Article demonstrates that securities regulation is specifically designed to facilitate and protect the work of information traders. Securities regulation may be divided into three broad categories: (i) disclosure duties; (ii) restrictions on fraud and manipulation; and (iii) restrictions on insider trading-each of which contributes to the creation of a vibrant market for information traders. Disclosure duties reduce information traders\u27 costs of searching and gathering information. Restrictions on fraud and manipulation lower information traders\u27 cost of verifying the credibility of information, and thus enhance information traders\u27 ability to make accurate predictions. Finally, restrictions on insider trading protect information traders from competition from insiders that would undermine information traders\u27 ability to recoup their investment in information. Normatively, the Article shows that information traders can best underwrite efficient and liquid capital markets, and, hence, it is this group that securities regulation should strive to protect. Our account has important implications for several policy debates. First, our account supports the system of mandatory disclosure. We show that, although market forces may provide management with an adequate incentive to disclose at the initial public offering (IPO) stage, they cannot be relied on to effect optimal disclosure thereafter. Second, our analysis categorically rejects calls to limit disclosure duties to hard information and self-dealing by management. Third, our analysis supports the use of the fraud-on-the-market presumption in all fraud cases even when markets are inefficient. Fourth, our analysis suggests that in cases involving corporate misstatements, the appropriate standard of care should, in principle, be negligence, not fraud

The Essential Role of Securities Regulation

This Article posits that the essential role of securities regulation is to create a competitive market for sophisticated professional investors and analysts (information traders). The Article advances two related theses-one descriptive and the other normative. Descriptively, the Article demonstrates that securities regulation is specifically designed to facilitate and protect the work of information traders. Securities regulation may be divided into three broad categories: (i) disclosure duties; (ii) restrictions on fraud and manipulation; and (iii) restrictions on insider trading-each of which contributes to the creation of a vibrant market for information traders. Disclosure duties reduce information traders\u27 costs of searching and gathering information. Restrictions on fraud and manipulation lower information traders\u27 cost of verifying the credibility of information, and thus enhance information traders\u27 ability to make accurate predictions. Finally, restrictions on insider trading protect information traders from competition from insiders that would undermine information traders\u27 ability to recoup their investment in information. Normatively, the Article shows that information traders can best underwrite efficient and liquid capital markets, and, hence, it is this group that securities regulation should strive to protect. Our account has important implications for several policy debates. First, our account supports the system of mandatory disclosure. We show that, although market forces may provide management with an adequate incentive to disclose at the initial public offering (IPO) stage, they cannot be relied on to effect optimal disclosure thereafter. Second, our analysis categorically rejects calls to limit disclosure duties to hard information and self-dealing by management. Third, our analysis supports the use of the fraud-on-the-market presumption in all fraud cases even when markets are inefficient. Fourth, our analysis suggests that in cases involving corporate misstatements, the appropriate standard of care should, in principle, be negligence, not fraud

Blockchain: A Graph Primer

Bitcoin and its underlying technology Blockchain have become popular in recent years. Designed to facilitate a secure distributed platform without central authorities, Blockchain is heralded as a paradigm that will be as powerful as Big Data, Cloud Computing and Machine learning. Blockchain incorporates novel ideas from various fields such as public key encryption and distributed systems. As such, a reader often comes across resources that explain the Blockchain technology from a certain perspective only, leaving the reader with more questions than before. We will offer a holistic view on Blockchain. Starting with a brief history, we will give the building blocks of Blockchain, and explain their interactions. As graph mining has become a major part its analysis, we will elaborate on graph theoretical aspects of the Blockchain technology. We also devote a section to the future of Blockchain and explain how extensions like Smart Contracts and De-centralized Autonomous Organizations will function. Without assuming any reader expertise, our aim is to provide a concise but complete description of the Blockchain technology.Comment: 16 pages, 8 figure

Homo Datumicus : correcting the market for identity data

Effective digital identity systems offer great economic and civic potential. However, unlocking this potential requires dealing with social, behavioural, and structural challenges to efficient market formation. We propose that a marketplace for identity data can be more efficiently formed with an infrastructure that provides a more adequate representation of individuals online. This paper therefore introduces the ontological concept of Homo Datumicus: individuals as data subjects transformed by HAT Microservers, with the axiomatic computational capabilities to transact with their own data at scale. Adoption of this paradigm would lower the social risks of identity orientation, enable privacy preserving transactions by default and mitigate the risks of power imbalances in digital identity systems and markets

Vote buying revisited: implications for receipt-freeness

In this paper, we analyse the concept of vote buying based on examples that try to stretch the meaning of the concept. Which ex- amples can still be called vote buying, and which cannot? We propose several dimensions that are relevant to qualifying an action as vote buy- ing or not. As a means of protection against vote buying and coercion, the concept of receipt-freeness has been proposed. We argue that, in or- der to protect against a larger set of vote buying activities, the concept of receipt-freeness should be interpreted probabilistically. We propose a general definition of probabilistic receipt-freeness by adapting existing definitions of probabilistic anonymity to voting