Interpreting Network Differential Privacy
Jonathan Hehir, Xiaoyue Niu, Aleksandra Slavkovic
TL;DR
This work addresses the problem of interpreting differential privacy guarantees for network data, with a focus on $\varepsilon$-edge DP, and shows that many common interpretations are flawed unless strong, often unrealistic assumptions are made. It reframes edge DP through adversarial hypothesis testing and recasts it as an instantiation of Pufferfish privacy, clarifying which secrets are protected under what distributional assumptions. A key contribution is demonstrating that edge DP is equivalent to $\varepsilon$-Pufferfish$(\mathbb S, \mathbb S_{pairs}, \Theta)$, and that meaningful edge-level inferences are guaranteed only under restrictive conditions such as independent edges (as illustrated by ERGM results where $\alpha=0$ for independent-edge models). The findings provide a principled framework for interpreting and communicating network DP, guiding the design of privacy mechanisms for networks and highlighting open questions related to attributed graphs, node privacy, and approximate or local forms of network DP.
Abstract
How do we interpret the differential privacy (DP) guarantee for network data? We take a deep dive into a popular form of network DP ($\varepsilon$--edge DP) to find that many of its common interpretations are flawed. Drawing on prior work for privacy with correlated data, we interpret DP through the lens of adversarial hypothesis testing and demonstrate a gap between the pairs of hypotheses actually protected under DP (tests of complete networks) and the sorts of hypotheses implied to be protected by common claims (tests of individual edges). We demonstrate some conditions under which this gap can be bridged, while leaving some questions open. While some discussion is specific to edge DP, we offer selected results in terms of abstract DP definitions and provide discussion of the implications for other forms of network DP.