21 research outputs found
Empirical Differential Privacy
We show how to achieve differential privacy with no or reduced added noise,
based on the empirical noise in the data itself. Unlike previous works on
noiseless privacy, the empirical viewpoint avoids making any explicit
assumptions about the random process generating the data.Comment: more precise definitions and theorem
How Private Are Commonly-Used Voting Rules?
Differential privacy has been widely applied to provide privacy guarantees by
adding random noise to the function output. However, it inevitably fails in
many high-stakes voting scenarios, where voting rules are required to be
deterministic. In this work, we present the first framework for answering the
question: "How private are commonly-used voting rules?" Our answers are
two-fold. First, we show that deterministic voting rules provide sufficient
privacy in the sense of distributional differential privacy (DDP). We show that
assuming the adversarial observer has uncertainty about individual votes, even
publishing the histogram of votes achieves good DDP. Second, we introduce the
notion of exact privacy to compare the privacy preserved in various
commonly-studied voting rules, and obtain dichotomy theorems of exact DDP
within a large subset of voting rules called generalized scoring rules
Optimization of privacy-utility trade-offs under informational self-determination
The pervasiveness of Internet of Things results in vast volumes of personal data generated by smart devices of users (data producers) such as smart phones, wearables and other embedded sensors. It is a common requirement, especially for Big Data analytics systems, to transfer these large in scale and distributed data to centralized computational systems for analysis. Nevertheless, third parties that run and manage these systems (data consumers) do not always guarantee users’ privacy. Their primary interest is to improve utility that is usually a metric related to the performance, costs and the quality of service. There are several techniques that mask user-generated data to ensure privacy, e.g. differential privacy. Setting up a process for masking data, referred to in this paper as a ‘privacy setting’, decreases on the one hand the utility of data analytics, while, on the other hand, increases privacy. This paper studies parameterizations of privacy settings that regulate the trade-off between maximum utility, minimum privacy and minimum utility, maximum privacy, where utility refers to the accuracy in the estimations of aggregation functions. Privacy settings can be universally applied as system-wide parameterizations and policies (homogeneous data sharing). Nonetheless they can also be applied autonomously by each user or decided under the influence of (monetary) incentives (heterogeneous data sharing). This latter diversity in data sharing by informational self-determination plays a key role on the privacy-utility trajectories as shown in this paper both theoretically and empirically. A generic and novel computational framework is introduced for measuring privacy-utility trade-offs and their Pareto optimization. The framework computes a broad spectrum of such trade-offs that form privacy-utility trajectories under homogeneous and heterogeneous data sharing. The practical use of the framework is experimentally evaluated using real-world data from a Smart Grid pilot project in which energy consumers protect their privacy by regulating the quality of the shared power demand data, while utility companies make accurate estimations of the aggregate load in the network to manage the power grid. Over
20,000 differential privacy settings are applied to shape the computational trajectories that in turn provide a vast potential for data consumers and producers to participate in viable participatory data sharing systems
Distribution inference risks: Identifying and mitigating sources of leakage
A large body of work shows that machine learning (ML) models can leak
sensitive or confidential information about their training data. Recently,
leakage due to distribution inference (or property inference) attacks is
gaining attention. In this attack, the goal of an adversary is to infer
distributional information about the training data. So far, research on
distribution inference has focused on demonstrating successful attacks, with
little attention given to identifying the potential causes of the leakage and
to proposing mitigations. To bridge this gap, as our main contribution, we
theoretically and empirically analyze the sources of information leakage that
allows an adversary to perpetrate distribution inference attacks. We identify
three sources of leakage: (1) memorizing specific information about the
(expected label given the feature values) of interest to the
adversary, (2) wrong inductive bias of the model, and (3) finiteness of the
training data. Next, based on our analysis, we propose principled mitigation
techniques against distribution inference attacks. Specifically, we demonstrate
that causal learning techniques are more resilient to a particular type of
distribution inference risk termed distributional membership inference than
associative learning methods. And lastly, we present a formalization of
distribution inference that allows for reasoning about more general adversaries
than was previously possible.Comment: 14 pages, 8 figure
Being damned if you do and damned if you don't - a qualitative study about the life situation of Romanian women who beg in the streets of Malmö.
Title: Being damned if you do and damned if you don’t - a qualitative study about the life situation of Romanian women who beg in the streets of Malmö. Background: Health is unevenly distributed within and among the countries of the world, and usually follows a population’s socio-economic status. The lower this is, in comparison to others’, the poorer the health. Romania is one of the poorest countries in Europe. Its Roma minority live under more deprived socio-economic conditions than its majority population. During the past years Scandinavia has experienced an influx of poor EU-citizens, who beg in the streets. Most of these are from Romania, and the majority is Roma. While debates on this phenomenon are vivid, the research body on the experiences of the population in question is scarce. Aim: The specific aim of this study was to explore the experience of Romanian women who beg in the streets of Malmö, Sweden, focusing on socio-economic living conditions in Romania, daily life in Malmö and coping strategies to deal with their current situation. Methods: This qualitative study was guided by a Grounded Theory approach. Eight semi-structured individual interviews were conducted. These were audio recorded and transcribed verbatim. Codes, categories and a conceptual model were constructed and memos were written, in parallel with and after data collection. Results: The living conditions of the study population, both in Romania and in Sweden, were characterized by a continuous struggle to fulfill basic needs for themselves and their families. They coped with the situation through trying to make a living abroad, through cherishing their social relations and through engaging in a mental act of seesawing. Conclusion: The study population lives with multiple determinants of poor health, regardless of their efforts to improve their situation. Policy makers should therefore urgently take action to target both underlying and immediate causes of their poor health.During the past years the Scandinavian countries have experienced an influx of people from Eastern Europe, who beg in the streets. A lot of these persons are from Romania, and many are Roma. This phenomenon is frequently discussed in society, but there is a lack of research about the experience of the ‘beggars’, themselves. What are their living conditions like, and what do they do in order to deal with their situation? Those are the questions that this thesis aims to answer. The data were collected in Malmö, Sweden. Eight women were interviewed. The interviews were then analyzed and categories, explaining the situation of the women, were created. The results of the study showed that the women come to Sweden in order to make money, because that’s the best option at hand for supporting their families. In Sweden, their living conditions are very difficult. They are worried and stressed, they struggle to be able to satisfy their basic needs and are frequently harassed. This has negative effects on their physical and mental health. Maintaining and creating new social relations is one way for them to endure their situation. Their ways to reason/think about their situation is also important for enduring. These findings underline just how limited the possibilities are for the group in question to improve its health deteriorating situation. This calls for policy makers to take urgent action to improve the living conditions for the group. This should be done both in Romania, where the roots of the problems lie, and in the host country, where simple measures could make the situation more endurable
SoK: Differential Privacies
Shortly after it was first introduced in 2006, differential privacy became
the flagship data privacy definition. Since then, numerous variants and
extensions were proposed to adapt it to different scenarios and attacker
models. In this work, we propose a systematic taxonomy of these variants and
extensions. We list all data privacy definitions based on differential privacy,
and partition them into seven categories, depending on which aspect of the
original definition is modified.
These categories act like dimensions: variants from the same category cannot
be combined, but variants from different categories can be combined to form new
definitions. We also establish a partial ordering of relative strength between
these notions by summarizing existing results. Furthermore, we list which of
these definitions satisfy some desirable properties, like composition,
post-processing, and convexity by either providing a novel proof or collecting
existing ones.Comment: This is the full version of the SoK paper with the same title,
accepted at PETS (Privacy Enhancing Technologies Symposium) 202