PriPeARL: A Framework for Privacy-Preserving Analytics and Reporting at LinkedIn

Preserving privacy of users is a key requirement of web-scale analytics and reporting applications, and has witnessed a renewed focus in light of recent data breaches and new regulations such as GDPR. We focus on the problem of computing robust, reliable analytics in a privacy-preserving manner, while satisfying product requirements. We present PriPeARL, a framework for privacy-preserving analytics and reporting, inspired by differential privacy. We describe the overall design and architecture, and the key modeling components, focusing on the unique challenges associated with privacy, coverage, utility, and consistency. We perform an experimental study in the context of ads analytics and reporting at LinkedIn, thereby demonstrating the tradeoffs between privacy and utility needs, and the applicability of privacy-preserving mechanisms to real-world data. We also highlight the lessons learned from the production deployment of our system at LinkedIn.Comment: Conference information: ACM International Conference on Information and Knowledge Management (CIKM 2018

Effective Privacy Amplification for Secure Classical Communications

We study the practical effectiveness of privacy amplification for classical key-distribution schemes. We find that in contrast to quantum key distribution schemes, the high fidelity of the raw key generated in classical systems allow the users to always sift a secure shorter key if they have an upper bound on the eavesdropper probability to correctly guess the exchanged key-bits. The number of privacy amplification iterations needed to achieve information leak of 10^-8 in existing classical communicators is 2 or 3 resulting in a corresponding slowdown 4 to 8. We analyze the inherent tradeoff between the number of iterations and the security of the raw key. This property which is unique to classical key distribution systems render them highly useful for practical, especially for noisy channels where sufficiently low quantum bit error ratios are difficult to achieve.Comment: 11 pages, 3 figure

Strongly Secure Privacy Amplification Cannot Be Obtained by Encoder of Slepian-Wolf Code

The privacy amplification is a technique to distill a secret key from a random variable by a function so that the distilled key and eavesdropper's random variable are statistically independent. There are three kinds of security criteria for the key distilled by the privacy amplification: the normalized divergence criterion, which is also known as the weak security criterion, the variational distance criterion, and the divergence criterion, which is also known as the strong security criterion. As a technique to distill a secret key, it is known that the encoder of a Slepian-Wolf (the source coding with full side-information at the decoder) code can be used as a function for the privacy amplification if we employ the weak security criterion. In this paper, we show that the encoder of a Slepian-Wolf code cannot be used as a function for the privacy amplification if we employ the criteria other than the weak one.Comment: 10 pages, no figure, A part of this paper will be presented at 2009 IEEE International Symposium on Information Theory in Seoul, Korea. Version 2 is a published version. The results are not changed from version 1. Explanations are polished and some references are added. In version 3, only style and DOI are edite

Identity principles in the digital age: a closer view

Identity and its management is now an integral part of web-based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. As identity management systems assume functionally equivalent roles, their significance for privacy cannot be underestimated. The Centre for Democracy and Technology has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between 'identity' conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with the key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus applicable to existing and new information communication technologies. The conclusion is that securing compliance with the legislation will prove to be the biggest governance challenge. Standard setting and norms will go some way to ease the need for centralised regulatory oversight