Prior-itizing Privacy: A Bayesian Approach to Setting the Privacy Budget in Differential Privacy

• URL: http://arxiv.org/abs/2306.13214v2
• Date: Wed, 22 May 2024 16:10:54 GMT
• Title: Prior-itizing Privacy: A Bayesian Approach to Setting the Privacy Budget in Differential Privacy
• Authors: Zeki Kazan, Jerome P. Reiter,
• Abstract summary: We provide a framework for setting $varepsilon$ based on its relationship with Bayesian posterior probabilities of disclosure. The agency responsible for the data release decides how much posterior risk it is willing to accept at various levels of prior risk.
• Score: 0.3683202928838613
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: When releasing outputs from confidential data, agencies need to balance the analytical usefulness of the released data with the obligation to protect data subjects' confidentiality. For releases satisfying differential privacy, this balance is reflected by the privacy budget, $\varepsilon$. We provide a framework for setting $\varepsilon$ based on its relationship with Bayesian posterior probabilities of disclosure. The agency responsible for the data release decides how much posterior risk it is willing to accept at various levels of prior risk, which implies a unique $\varepsilon$. Agencies can evaluate different risk profiles to determine one that leads to an acceptable trade-off in risk and utility.

Related papers

• Calibrating Practical Privacy Risks for Differentially Private Machine Learning [5.363664265121231]
  We study the approaches that can lower the attacking success rate to allow for more flexible privacy budget settings in model training. We find that by selectively suppressing privacy-sensitive features, we can achieve lower ASR values without compromising application-specific data utility.
  arXiv  Detail & Related papers  (2024-10-30T03:52:01Z)
• Privacy Amplification for the Gaussian Mechanism via Bounded Support [64.86780616066575]
  Data-dependent privacy accounting frameworks such as per-instance differential privacy (pDP) and Fisher information loss (FIL) confer fine-grained privacy guarantees for individuals in a fixed training dataset. We propose simple modifications of the Gaussian mechanism with bounded support, showing that they amplify privacy guarantees under data-dependent accounting.
  arXiv  Detail & Related papers  (2024-03-07T21:22:07Z)
• To share or not to share: What risks would laypeople accept to give sensitive data to differentially-private NLP systems? [14.586789605230672]
  We argue that determining the $varepsilon$ value should not be solely in the hands of researchers or system developers. We conduct a behavioral experiment (311 lay participants) to study the behavior of people in uncertain decision-making situations.
  arXiv  Detail & Related papers  (2023-07-13T12:06:48Z)
• A Randomized Approach for Tight Privacy Accounting [63.67296945525791]
  We propose a new differential privacy paradigm called estimate-verify-release (EVR) EVR paradigm first estimates the privacy parameter of a mechanism, then verifies whether it meets this guarantee, and finally releases the query output. Our empirical evaluation shows the newly proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning.
  arXiv  Detail & Related papers  (2023-04-17T00:38:01Z)
• What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy [17.201862983773662]
  Differential privacy (DP) is a mathematical privacy notion increasingly deployed across government and industry. We develop three methods to convey probabilistic DP guarantees to end users. We find that odds-based explanation methods are more effective than output-based methods.
  arXiv  Detail & Related papers  (2023-03-01T18:53:25Z)
• Breaking the Communication-Privacy-Accuracy Tradeoff with $f$-Differential Privacy [51.11280118806893]
  We consider a federated data analytics problem in which a server coordinates the collaborative data analysis of multiple users with privacy concerns and limited communication capability. We study the local differential privacy guarantees of discrete-valued mechanisms with finite output space through the lens of $f$-differential privacy (DP) More specifically, we advance the existing literature by deriving tight $f$-DP guarantees for a variety of discrete-valued mechanisms.
  arXiv  Detail & Related papers  (2023-02-19T16:58:53Z)
• Analyzing Privacy Leakage in Machine Learning via Multiple Hypothesis Testing: A Lesson From Fano [83.5933307263932]
  We study data reconstruction attacks for discrete data and analyze it under the framework of hypothesis testing. We show that if the underlying private data takes values from a set of size $M$, then the target privacy parameter $epsilon$ can be $O(log M)$ before the adversary gains significant inferential power.
  arXiv  Detail & Related papers  (2022-10-24T23:50:12Z)
• Individual Privacy Accounting for Differentially Private Stochastic Gradient Descent [69.14164921515949]
  We characterize privacy guarantees for individual examples when releasing models trained by DP-SGD. We find that most examples enjoy stronger privacy guarantees than the worst-case bound. This implies groups that are underserved in terms of model utility simultaneously experience weaker privacy guarantees.
  arXiv  Detail & Related papers  (2022-06-06T13:49:37Z)
• Privacy Amplification via Shuffling for Linear Contextual Bandits [51.94904361874446]
  We study the contextual linear bandit problem with differential privacy (DP) We show that it is possible to achieve a privacy/utility trade-off between JDP and LDP by leveraging the shuffle model of privacy. Our result shows that it is possible to obtain a tradeoff between JDP and LDP by leveraging the shuffle model while preserving local privacy.
  arXiv  Detail & Related papers  (2021-12-11T15:23:28Z)
• Differential Privacy at Risk: Bridging Randomness and Privacy Budget [5.393465689287103]
  We analyse roles of the sources of randomness, namely the explicit randomness induced by the noise distribution and the implicit randomness induced by the data-generation distribution. We propose privacy at risk that is a probabilistic calibration of privacy-preserving mechanisms. We show that composition using the cost optimal privacy at risk provides stronger privacy guarantee than the classical advanced composition.
  arXiv  Detail & Related papers  (2020-03-02T15:44:14Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.