Differential Privacy in Cooperative Multiagent Planning

Privacy-aware multiagent systems must protect agents' sensitive data while simultaneously ensuring that agents accomplish their shared objectives. Towards this goal, we propose a framework to privatize inter-agent communications in cooperative multiagent decision-making problems. We study sequential decision-making problems formulated as cooperative Markov games with reach-avoid objectives. We apply a differential privacy mechanism to privatize agents' communicated symbolic state trajectories, and then we analyze tradeoffs between the strength of privacy and the team's performance. For a given level of privacy, this tradeoff is shown to depend critically upon the total correlation among agents' state-action processes. We synthesize policies that are robust to privacy by reducing the value of the total correlation. Numerical experiments demonstrate that the team's performance under these policies decreases by only 3 percent when comparing private versus non-private implementations of communication. By contrast, the team's performance decreases by roughly 86 percent when using baseline policies that ignore total correlation and only optimize team performance

Applying Bourdieu to socio-technical systems: The importance of affordances for social translucence in building 'capital' and status to eBay's success

This paper introduces the work of Sociologist Pierre Bourdieu and his concepts of ‘the field’ and ‘capital’ in relation to eBay. This paper considers eBay to be a socio-technical system with its own set of social norms, rules and competition over ‘capital’. eBay is used as a case study of the importance of using a Bourdieuean approach to create successful socio-technical systems.Using a two-year qualitative study of eBay users as empirical illustration, this paper argues that a large part of eBay’s success is in the social and cultural affordances for social translucence and navigation of eBay’s website - in supporting the Bourdieuean competition over capital and status. This exploration has implications for wider socio-technical systems design which this paper will discuss - in particular, the importance of creating socially translucent and navigable systems, informed by Bourdieu’s theoretical insights, which support competition for ‘capital’ and status

Proving Differential Privacy with Shadow Execution

Recent work on formal verification of differential privacy shows a trend toward usability and expressiveness -- generating a correctness proof of sophisticated algorithm while minimizing the annotation burden on programmers. Sometimes, combining those two requires substantial changes to program logics: one recent paper is able to verify Report Noisy Max automatically, but it involves a complex verification system using customized program logics and verifiers. In this paper, we propose a new proof technique, called shadow execution, and embed it into a language called ShadowDP. ShadowDP uses shadow execution to generate proofs of differential privacy with very few programmer annotations and without relying on customized logics and verifiers. In addition to verifying Report Noisy Max, we show that it can verify a new variant of Sparse Vector that reports the gap between some noisy query answers and the noisy threshold. Moreover, ShadowDP reduces the complexity of verification: for all of the algorithms we have evaluated, type checking and verification in total takes at most 3 seconds, while prior work takes minutes on the same algorithms.Comment: 23 pages, 12 figures, PLDI'1