Bayesian Adversarial Privacy

TL;DR

This work introduces a new quantitative notion of privacy that is both contextual and specific and provides a more meaningful notion of privacy than the widely utilised framework of differential privacy and a more explicit and rigorous formulation than what is commonly used in statistical disclosure theory.

Abstract

Theoretical and applied research into privacy encompasses an incredibly broad swathe of differing approaches, emphasis and aims. This work introduces a new quantitative notion of privacy that is both contextual and specific. We argue that it provides a more meaningful notion of privacy than the widely utilised framework of differential privacy and a more explicit and rigorous formulation than what is commonly used in statistical disclosure theory. Our definition relies on concepts inherent to standard Bayesian decision theory, while departing from it in several important respects. In particular, the party controlling the release of sensitive information should make disclosure decisions from the prior viewpoint, rather than conditional on the data, even when the data is itself observed. Illuminating toy examples and computational methods are discussed in high detail in order to highlight the specificities of the method.

Figures (9)

• Figure 1: Integrated risk $R_A$ for the coin-toss example. The black curve represents $R_A\!\left(q^{(\omega)}\right)$ as a function of $\omega$. The horizontal dotted black line indicates the optimal value obtained from the linear program, while the dashed grey line shows the calibrated reference level $R_A(\pi,q^{\dagger}) = R_A(\pi,q^{\mathrm{full}})$, which coincide here since $\lambda=1/3$.
• Figure 2: Integrated risk $R_A$ as a function of the noise level $\sigma$ for the noisy full release $q^{\mathrm{full}}_\sigma$ (solid), noisy mean release $q^{\mathrm{mean}}_\sigma$ (dash-dotted), and noisy median release $q^{\mathrm{med}}_\sigma$ (dotted), when Eve targets the sample mean. The horizontal grey line indicates the calibrated reference level $R_A(\pi,q^{\dagger}) = R_A(\pi,q^{\mathrm{full}})$.
• Figure 3: Integrated risk $R_A$ as a function of the threshold $\tau$ for the one-bit release $q^{1\mathrm{bit}}_\tau$, when Eve targets the sample mean. The horizontal grey line indicates the calibrated reference level $R_A(\pi,q^{\dagger}) = R_A(\pi,q^{\mathrm{full}})$.
• Figure 4: Integrated risk $R_A$ as a function of the noise level $\sigma$ for the noisy full release $q^{\mathrm{full}}_\sigma$ (solid), noisy mean release $q^{\mathrm{mean}}_\sigma$ (dash-dotted), and noisy median release $q^{\mathrm{med}}_\sigma$ (dotted), when Eve targets the sample maximum. The horizontal grey line indicates the calibrated reference level $R_A(\pi,q^{\dagger}) = R_A(\pi,q^{\mathrm{full}})$.
• Figure 5: Integrated risk $R_A$ as a function of the threshold $\tau$ for the one-bit release $q^{1\mathrm{bit}}_\tau$, when Eve targets the sample maximum. The horizontal grey line indicates the calibrated reference level $R_A(\pi,q^{\dagger}) = R_A(\pi,q^{\mathrm{full}})$.