An in-depth examination of requirements for disclosure risk assessment-Reference-Cited by-同舟云学术

An in-depth examination of requirements for disclosure risk assessment

Published:2023-10-13 Issue:43 Volume:120 Page:
ISSN:0027-8424
Container-title:Proceedings of the National Academy of Sciences
language:en
Short-container-title:Proc. Natl. Acad. Sci. U.S.A.

Author:

Jarmin Ron S.¹^ORCID,Abowd John M.²^ORCID,Ashmead Robert¹^ORCID,Cumings-Menon Ryan¹^ORCID,Goldschlag Nathan¹,Hawes Michael B.¹,Keller Sallie Ann¹³^ORCID,Kifer Daniel¹⁴^ORCID,Leclerc Philip¹^ORCID,Reiter Jerome P.¹⁵^ORCID,Rodríguez Rolando A.¹^ORCID,Schmutte Ian⁶,Velkoff Victoria A.¹,Zhuravlev Pavel¹^ORCID

Affiliation:

1. U.S. Census Bureau, Office of the Deputy Director, Washington, DC 20233

2. Department of Economics, Cornell University, Ithaca, NY 14853

3. Biocomplexity Institute, University of Virginia, Charlottesville, VA 22904

4. Department of Computer Science and Engineering, Penn State University, University Park, PA 16802

5. Department of Statistical Science, Duke University, Durham, NC 27708

6. Department of Economics, University of Georgia, Athens, GA 30602

Abstract

The use of formal privacy to protect the confidentiality of responses in the 2020 Decennial Census of Population and Housing has triggered renewed interest and debate over how to measure the disclosure risks and societal benefits of the published data products. We argue that any proposal for quantifying disclosure risk should be based on prespecified, objective criteria. We illustrate this approach to evaluate the absolute disclosure risk framework, the counterfactual framework underlying differential privacy, and prior-to-posterior comparisons. We conclude that satisfying all the desiderata is impossible, but counterfactual comparisons satisfy the most while absolute disclosure risk satisfies the fewest. Furthermore, we explain that many of the criticisms levied against differential privacy would be levied against any technology that is not equivalent to direct, unrestricted access to confidential data. More research is needed, but in the near term, the counterfactual approach appears best-suited for privacy versus utility analysis.

Publisher

Proceedings of the National Academy of Sciences

Subject

Multidisciplinary

Link

https://pnas.org/doi/pdf/10.1073/pnas.2220558120

Reference53 articles.

1. Baldridge v. Shapiro 455 U.S. 345 (US Supreme Court 1982). https://supreme.justia.com/cases/federal/us/455/345/. Retrieved 12 September 2023.

2. Privacy in Context

3. Federal Committee on Statistical Policy “Statistical Policy Working Paper 2: Report on statistical disclosure and disclosure-avoidance techniques” (Tech. Rep. 1978).

4. C. Dwork F. McSherry K. Nissim A. Smith “Calibrating Noise to Sensitivity Private Data Analysis” in TCC TCC’06 (Springer-Verlag Berlin Heidelberg 2006) pp. 265–284.

5. C. Dwork, “Differential Privacy” in Automata, Languages and Programming, M. Bugliesi, B. Preneel, V. Sassone, I. Wegener, Eds. (Springer: Berlin Heidelberg, 2006), pp. 1–12.

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. General inferential limits under differential and Pufferfish privacy;International Journal of Approximate Reasoning;2024-09

2. Algorithmic Transparency and Participation through the Handoff Lens: Lessons Learned from the U.S. Census Bureau’s Adoption of Differential Privacy;The 2024 ACM Conference on Fairness, Accountability, and Transparency;2024-06-03

3. Reply to Muralidhar et al., Kenny et al., and Hotz et al.: The benefits of engagement with external research teams;Proceedings of the National Academy of Sciences;2024-03-05

4. Census officials must constructively engage with independent evaluations;Proceedings of the National Academy of Sciences;2024-03-05

5. The counterfactual framework in Jarmin et al. is not a measure of disclosure risk of respondents;Proceedings of the National Academy of Sciences;2024-03-05