Related papers: What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy

What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy

URL: http://arxiv.org/abs/2303.00738v1
Date: Wed, 1 Mar 2023 18:53:25 GMT
Title: What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy
Authors: Priyanka Nanayakkara, Mary Anne Smart, Rachel Cummings, Gabriel Kaptchuk, Elissa Redmiles
Abstract summary: Differential privacy (DP) is a mathematical privacy notion increasingly deployed across government and industry. We develop three methods to convey probabilistic DP guarantees to end users. We find that odds-based explanation methods are more effective than output-based methods.
Score: 17.201862983773662
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Differential privacy (DP) is a mathematical privacy notion increasingly deployed across government and industry. With DP, privacy protections are probabilistic: they are bounded by the privacy budget parameter, $\epsilon$. Prior work in health and computational science finds that people struggle to reason about probabilistic risks. Yet, communicating the implications of $\epsilon$ to people contributing their data is vital to avoiding privacy theater -- presenting meaningless privacy protection as meaningful -- and empowering more informed data-sharing decisions. Drawing on best practices in risk communication and usability, we develop three methods to convey probabilistic DP guarantees to end users: two that communicate odds and one offering concrete examples of DP outputs. We quantitatively evaluate these explanation methods in a vignette survey study ($n=963$) via three metrics: objective risk comprehension, subjective privacy understanding of DP guarantees, and self-efficacy. We find that odds-based explanation methods are more effective than (1) output-based methods and (2) state-of-the-art approaches that gloss over information about $\epsilon$. Further, when offered information about $\epsilon$, respondents are more willing to share their data than when presented with a state-of-the-art DP explanation; this willingness to share is sensitive to $\epsilon$ values: as privacy protections weaken, respondents are less likely to share data.

Related papers

From Theory to Comprehension: A Comparative Study of Differential Privacy and $k$-Anonymity [2.66269503676104]
We study users' comprehension of privacy protection provided by a differential privacy mechanism. Our findings suggest that participants' comprehension of differential privacy protection is enhanced by the privacy risk model. Our results confirm our intuition that privacy protection provided by $k$-anonymity is more comprehensible.
arXiv Detail & Related papers (2024-04-05T10:30:26Z)
Why Does Differential Privacy with Large Epsilon Defend Against Practical Membership Inference Attacks? [19.21246519924815]
For small privacy parameter $epsilon$, $epsilon$-differential privacy (DP) provides a strong worst-case guarantee. Existing DP theory cannot explain empirical findings. We propose a new privacy notion called practical membership privacy (PMP)
arXiv Detail & Related papers (2024-02-14T19:31:45Z)
Private Fine-tuning of Large Language Models with Zeroth-order Optimization [54.24600476755372]
We introduce DP-ZO, a new method for fine-tuning large language models that preserves the privacy of training data by privatizing zeroth-order optimization. We show that DP-ZO exhibits just $1.86%$ performance degradation due to privacy at $ (1,10-5)$-DP when fine-tuning OPT-66B on 1000 training samples from SQuAD.
arXiv Detail & Related papers (2024-01-09T03:53:59Z)
Privacy Constrained Fairness Estimation for Decision Trees [2.9906966931843093]
Measuring the fairness of any AI model requires the sensitive attributes of the individuals in the dataset. We propose a novel method, dubbed Privacy-Aware Fairness Estimation of Rules (PAFER) We show that using the Laplacian mechanism, the method is able to estimate SP with low error while guaranteeing the privacy of the individuals in the dataset with high certainty.
arXiv Detail & Related papers (2023-12-13T14:54:48Z)
To share or not to share: What risks would laypeople accept to give sensitive data to differentially-private NLP systems? [14.586789605230672]
We argue that determining the $varepsilon$ value should not be solely in the hands of researchers or system developers. We conduct a behavioral experiment (311 lay participants) to study the behavior of people in uncertain decision-making situations.
arXiv Detail & Related papers (2023-07-13T12:06:48Z)
A Randomized Approach for Tight Privacy Accounting [63.67296945525791]
We propose a new differential privacy paradigm called estimate-verify-release (EVR) EVR paradigm first estimates the privacy parameter of a mechanism, then verifies whether it meets this guarantee, and finally releases the query output. Our empirical evaluation shows the newly proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning.
arXiv Detail & Related papers (2023-04-17T00:38:01Z)
Breaking the Communication-Privacy-Accuracy Tradeoff with $f$-Differential Privacy [51.11280118806893]
We consider a federated data analytics problem in which a server coordinates the collaborative data analysis of multiple users with privacy concerns and limited communication capability. We study the local differential privacy guarantees of discrete-valued mechanisms with finite output space through the lens of $f$-differential privacy (DP) More specifically, we advance the existing literature by deriving tight $f$-DP guarantees for a variety of discrete-valued mechanisms.
arXiv Detail & Related papers (2023-02-19T16:58:53Z)
Analyzing Privacy Leakage in Machine Learning via Multiple Hypothesis Testing: A Lesson From Fano [83.5933307263932]
We study data reconstruction attacks for discrete data and analyze it under the framework of hypothesis testing. We show that if the underlying private data takes values from a set of size $M$, then the target privacy parameter $epsilon$ can be $O(log M)$ before the adversary gains significant inferential power.
arXiv Detail & Related papers (2022-10-24T23:50:12Z)
Individual Privacy Accounting for Differentially Private Stochastic Gradient Descent [69.14164921515949]
We characterize privacy guarantees for individual examples when releasing models trained by DP-SGD. We find that most examples enjoy stronger privacy guarantees than the worst-case bound. This implies groups that are underserved in terms of model utility simultaneously experience weaker privacy guarantees.
arXiv Detail & Related papers (2022-06-06T13:49:37Z)
Privacy Amplification via Shuffling for Linear Contextual Bandits [51.94904361874446]
We study the contextual linear bandit problem with differential privacy (DP) We show that it is possible to achieve a privacy/utility trade-off between JDP and LDP by leveraging the shuffle model of privacy. Our result shows that it is possible to obtain a tradeoff between JDP and LDP by leveraging the shuffle model while preserving local privacy.
arXiv Detail & Related papers (2021-12-11T15:23:28Z)

This list is automatically generated from the titles and abstracts of the papers in this site.