Large organizations that collect data about populations (like the US Census Bureau) release summary statistics that are used by multiple stakeholders for resource allocation and policy making problems. These organizations are also legally required to protect the privacy of individuals from whom they collect data. Differential Privacy (DP) provides a solution to release useful summary data while preserving privacy. Most DP mechanisms are designed to answer a single set of queries. In reality, there are often multiple stakeholders that use a given data release and have overlapping but not-identical queries. This introduces a novel joint optimization problem in DP where the privacy budget must be shared among different analysts. We initiate study into the problem of DP query answering across multiple analysts. To capture the competing goals and priorities of multiple analysts, we formulate three desiderata that any mechanism should satisfy in this setting -- The Sharing Incentive, Non-Interference, and Adaptivity -- while still optimizing for overall error. We demonstrate how existing DP query answering mechanisms in the multi-analyst settings fail to satisfy at least one of the desiderata. We present novel DP algorithms that provably satisfy all our desiderata and empirically show that they incur low error on realistic tasks.
翻译:收集人口数据的大型组织(如美国人口普查局)发布关于人口的数据的简要统计数据,这些统计数据被多个利益攸关方用于资源分配和决策问题。这些组织在法律上也需要保护个人隐私,以保护他们收集数据的个人的隐私。不同隐私(DP)提供了在保护隐私的同时发布有用的简要数据的解决方案。大多数DP机制旨在回答一套单一的询问。在现实中,经常有多个利益攸关方使用特定的数据发布,并有重叠但非同质的查询。这在DP中引入了一个新颖的共同优化问题,其中隐私预算必须由不同分析家共享。我们开始研究多个分析家对DP查询的回答问题。为了捕捉多个分析家的相竞目标和优先事项,我们制定了三个分立法,任何机制都应满足这一环境的兼容性 -- -- 共享鼓励性、非干涉性和适应性 -- -- 同时仍然优化总体错误。我们证明在多角度环境中现有的DP查询回答机制如何至少不能满足一个不相容的不全局。我们提出了新的DP算法,可以肯定我们所有不相容和实验性任务中出现低误差。
相关内容
微信扫码咨询专知VIP会员