No free lunch in data privacy

12 years 5 months ago
No free lunch in data privacy
Differential privacy is a powerful tool for providing privacypreserving noisy query answers over statistical databases. It guarantees that the distribution of noisy query answers changes very little with the addition or deletion of any tuple. It is frequently accompanied by popularized claims that it provides privacy without any assumptions about the data and that it protects against attackers who know all but one record. In this paper we critically analyze the privacy protections offered by differential privacy. First, we use a no-free-lunch theorem, which defines nonprivacy as a game, to argue that it is not possible to provide privacy and utility without making assumptions about how the data are generated. Then we explain where assumptions are needed. We argue that privacy of an individual is preserved when it is possible to limit the inference of an attacker about the participation of the individual in the data generating process. This is different from limiting the inference...
Daniel Kifer, Ashwin Machanavajjhala
Added 17 Sep 2011
Updated 17 Sep 2011
Type Journal
Year 2011
Authors Daniel Kifer, Ashwin Machanavajjhala
Comments (0)