Table of Contents
Fetching ...

Persuasive Privacy

Joshua J Bon, James Bailie, Judith Rousseau, Christian P Robert

TL;DR

The paper tackles the challenge of interpreting and applying privacy guarantees beyond standard differential privacy by introducing Persuasive Privacy, a Bayesian Stackelberg game between a Sender who releases data and a Receiver who makes privacy-related decisions. It unifies existing privacy guarantees as special cases, provides a composition rule, and clarifies post-processing distinctions, including receiver and sender post-processing, within a rigorous game-theoretic framework. It further demonstrates privacy guarantees for deterministic mechanisms using privacy scores and robust priors, bridging differential privacy variants with a semantics-first perspective. The approach offers a flexible, robust methodology for designing purpose-driven privacy definitions and assessing guarantees in contexts where traditional DP may be inadequate or inapplicable.

Abstract

We propose a novel framework for measuring privacy from a Bayesian game-theoretic perspective. This framework enables the creation of new, purpose-driven privacy definitions that are rigorously justified, while also allowing for the assessment of existing privacy guarantees through game theory. We show that pure and probabilistic differential privacy are special cases of our framework, and provide new interpretations of the post-processing inequality in this setting. Further, we demonstrate that privacy guarantees can be established for deterministic algorithms, which are overlooked by current privacy standards.

Persuasive Privacy

TL;DR

The paper tackles the challenge of interpreting and applying privacy guarantees beyond standard differential privacy by introducing Persuasive Privacy, a Bayesian Stackelberg game between a Sender who releases data and a Receiver who makes privacy-related decisions. It unifies existing privacy guarantees as special cases, provides a composition rule, and clarifies post-processing distinctions, including receiver and sender post-processing, within a rigorous game-theoretic framework. It further demonstrates privacy guarantees for deterministic mechanisms using privacy scores and robust priors, bridging differential privacy variants with a semantics-first perspective. The approach offers a flexible, robust methodology for designing purpose-driven privacy definitions and assessing guarantees in contexts where traditional DP may be inadequate or inapplicable.

Abstract

We propose a novel framework for measuring privacy from a Bayesian game-theoretic perspective. This framework enables the creation of new, purpose-driven privacy definitions that are rigorously justified, while also allowing for the assessment of existing privacy guarantees through game theory. We show that pure and probabilistic differential privacy are special cases of our framework, and provide new interpretations of the post-processing inequality in this setting. Further, we demonstrate that privacy guarantees can be established for deterministic algorithms, which are overlooked by current privacy standards.
Paper Structure (26 sections, 9 theorems, 40 equations)

This paper contains 26 sections, 9 theorems, 40 equations.

Key Result

proposition 1

If $\ell = \rho$, then Sender attains the worst-case data-averaged privacy value. That is, $\mathbb{E}_{X \sim P}[ \rho(d^P_\rho,X)] \leq \mathbb{E}_{X \sim P}[ \rho(d^P_\ell,X)]$ for any $\ell: (\mathcal{D}, \mathsf{X}) \rightarrow \mathbb{R}$.

Theorems & Definitions (31)

  • definition 1
  • definition 2: Privacy function
  • example 1
  • example 2
  • remark
  • proposition 1
  • proposition 2
  • example 3: continues=ex:interval
  • example 4: continues=ex:neglogprobprivfunc
  • definition 3: Persuasive Privacy
  • ...and 21 more