Privug: Quantifying Leakage using Probabilistic Programming for Privacy Risk Analysis

Disclosure of data analytics has important scientific and commercial justifications. However, disclosure should not be allowed without due diligence investigation of the risks that it poses for information privacy of data subjects. Does the data analytics community have the right tools at their disposal to perform such due diligence? We present Privug, a way to explore leakage properties, or information privacy risks, involved with disclosing results of an analytics program. The method uses classical off-the-shelf tools for Bayesian probabilistic programming, exploiting the fact that they can reinterpret a regular program probabilistically. This in turn allows information-theoretic analysis of program behavior. These tools and skills are often available for a data scientist pondering disclosure questions. For privacy researchers, the method provides a fast and lightweight way to experiment with privacy protection measures and mechanisms. We demonstrate that Privug is accurate, scalable, and applicable, and use it to explore parameters of a differential privacy mechanism.