An information theoretic privacy and utility measure for data sanitization mechanisms

Askari, Mina; Barker, Ken

doi:10.1145/2133601.2133637

Cited by 15 publications

(17 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been many proposals for measuring utility (e.g., [22,13,4,6,11]). Which of these are suitable for measuring the amount of information preserved by a sanitizing algorithm?…”

Section: Problematic Measuresmentioning

confidence: 99%

“…We leave open the question of general methods for computing measures of information preservation and optimizing algorithms based on them (this is a long-standing open problem for almost all utility measures; currently almost all utility results in the literature depend on highly inefficient/intractable algorithms or customized hand-crafted analyses [32,29,22,5,4,6]). Another open problem is quantifying the tradeoff between usability and information preservation.…”

Section: Open Problemsmentioning

confidence: 99%

“…It was used by Askari et al [6], who observed that a sanitized output ω can provide information about the original inputs via maximum likelihood inference. Askari et al [6] originally used this observation to define privacy loss, but the same formula can be used to define a utility measure as well.…”

Section: Expected Error Of Most Likely Datasetmentioning

confidence: 99%

“…That is, they treat measures of information preservation as optimization criteria in algorithm design [32,29,22,5,4,6]. Once an algorithm is chosen, it is used to generate sanitized data and the data users must then process it to extract useful information.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Information preservation in statistical privacy and bayesian estimation of unattributed histograms

Lin

Kifer

2013

Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data

View full text Add to dashboard Cite

In statistical privacy, utility refers to two concepts: information preservation -how much statistical information is retained by a sanitizing algorithm, and usability -how (and with how much difficulty) does one extract this information to build statistical models, answer queries, etc. Some scenarios incentivize a separation between information preservation and usability, so that the data owner first chooses a sanitizing algorithm to maximize a measure of information preservation and, afterward, the data consumers process the sanitized output according to their needs [22,46].We analyze a variety of utility measures and show that the average (over possible outputs of the sanitizer) error of Bayesian decision makers forms the unique class of utility measures that satisfy three axioms related to information preservation. The axioms are agnostic to Bayesian concepts such as subjective probabilities and hence strengthen support for Bayesian views in privacy research. In particular, this result connects information preservation to aspects of usability -if the information preservation of a sanitizing algorithm should be measured as the average error of a Bayesian decision maker, shouldn't Bayesian decision theory be a good choice when it comes to using the sanitized outputs for various purposes? We put this idea to the test in the unattributed histogram problem where our decisiontheoretic post-processing algorithm empirically outperforms previously proposed approaches.

show abstract

“…There have been many proposals for measuring utility (e.g., [22,13,4,6,11]). Which of these are suitable for measuring the amount of information preserved by a sanitizing algorithm?…”

Section: Problematic Measuresmentioning

confidence: 99%

Section: Open Problemsmentioning

confidence: 99%

Section: Expected Error Of Most Likely Datasetmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Information preservation in statistical privacy and bayesian estimation of unattributed histograms

Lin

Kifer

2013

Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data

View full text Add to dashboard Cite

show abstract

“…That is, they treat measures of information preservation as optimization criteria in algorithm design Li et al 2010;Ghosh et al 2009;Alvim et al 2011aAlvim et al , 2011bAskari et al 2012]. The resulting algorithm is used to generate sanitized data, which users must process to extract useful information.…”

Section: Introductionmentioning

confidence: 99%

Information Measures in Statistical Privacy and Data Processing Applications

Lin

Kifer

2015

ACM Trans. Knowl. Discov. Data

View full text Add to dashboard Cite

In statistical privacy, utility refers to two concepts: information preservation, how much statistical information is retained by a sanitizing algorithm, and usability, how (and with how much difficulty) one extracts this information to build statistical models, answer queries, and so forth. Some scenarios incentivize a separation between information preservation and usability, so that the data owner first chooses a sanitizing algorithm to maximize a measure of information preservation, and, afterward, the data consumers process the sanitized output according to their various individual needs [Ghosh et al. 2009;Williams and McSherry 2010].We analyze the information-preserving properties of utility measures with a combination of two new and three existing utility axioms and study how violations of an axiom can be fixed. We show that the average (over possible outputs of the sanitizer) error of Bayesian decision makers forms the unique class of utility measures that satisfy all of the axioms. The axioms are agnostic to Bayesian concepts such as subjective probabilities and hence strengthen support for Bayesian views in privacy research. In particular, this result connects information preservation to aspects of usability-if the information preservation of a sanitizing algorithm should be measured as the average error of a Bayesian decision maker, shouldn't Bayesian decision theory be a good choice when it comes to using the sanitized outputs for various purposes? We put this idea to the test in the unattributed histogram problem where our decision-theoretic postprocessing algorithm empirically outperforms previously proposed approaches.

show abstract