An in-depth examination of requirements for disclosure risk assessment

Ron S. Jarmin; John M. Abowd; Robert Ashmead; Ryan Cumings-Menon; Nathan Goldschlag; Michael B. Hawes; Sallie Ann Keller; Daniel Kifer; Philip Leclerc; Jerome P. Reiter; Rolando A. Rodríguez; Ian Schmutte; Victoria A. Velkoff; Pavel Zhuravlev

doi:10.1073/pnas.2220558120

An in-depth examination of requirements for disclosure risk assessment

Ron S. Jarmin, John M. Abowd, Robert Ashmead, Ryan Cumings-Menon, Nathan Goldschlag, Michael B. Hawes, Sallie Ann Keller, Daniel Kifer, Philip Leclerc, Jerome P. Reiter, Rolando A. Rodríguez, Ian Schmutte, Victoria A. Velkoff, Pavel Zhuravlev

Research output: Contribution to journal › Article › peer-review

10 Scopus citations

Abstract

The use of formal privacy to protect the confidentiality of responses in the 2020 Decennial Census of Population and Housing has triggered renewed interest and debate over how to measure the disclosure risks and societal benefits of the published data products. We argue that any proposal for quantifying disclosure risk should be based on prespecified, objective criteria. We illustrate this approach to evaluate the absolute disclosure risk framework, the counterfactual framework underlying differential privacy, and prior-to-posterior comparisons. We conclude that satisfying all the desiderata is impossible, but counterfactual comparisons satisfy the most while absolute disclosure risk satisfies the fewest. Furthermore, we explain that many of the criticisms levied against differential privacy would be levied against any technology that is not equivalent to direct, unrestricted access to confidential data. More research is needed, but in the near term, the counterfactual approach appears best-suited for privacy versus utility analysis.

Original language	English (US)
Article number	e2220558120
Journal	Proceedings of the National Academy of Sciences of the United States of America
Volume	120
Issue number	43
DOIs	https://doi.org/10.1073/pnas.2220558120
State	Published - 2023

All Science Journal Classification (ASJC) codes

General

Access to Document

10.1073/pnas.2220558120

Cite this

Jarmin, R. S., Abowd, J. M., Ashmead, R., Cumings-Menon, R., Goldschlag, N., Hawes, M. B., Keller, S. A., Kifer, D., Leclerc, P., Reiter, J. P., Rodríguez, R. A., Schmutte, I., Velkoff, V. A., & Zhuravlev, P. (2023). An in-depth examination of requirements for disclosure risk assessment. Proceedings of the National Academy of Sciences of the United States of America, 120(43), Article e2220558120. https://doi.org/10.1073/pnas.2220558120

@article{e410bdb3343440c796f4210d3980af6b,

title = "An in-depth examination of requirements for disclosure risk assessment",

abstract = "The use of formal privacy to protect the confidentiality of responses in the 2020 Decennial Census of Population and Housing has triggered renewed interest and debate over how to measure the disclosure risks and societal benefits of the published data products. We argue that any proposal for quantifying disclosure risk should be based on prespecified, objective criteria. We illustrate this approach to evaluate the absolute disclosure risk framework, the counterfactual framework underlying differential privacy, and prior-to-posterior comparisons. We conclude that satisfying all the desiderata is impossible, but counterfactual comparisons satisfy the most while absolute disclosure risk satisfies the fewest. Furthermore, we explain that many of the criticisms levied against differential privacy would be levied against any technology that is not equivalent to direct, unrestricted access to confidential data. More research is needed, but in the near term, the counterfactual approach appears best-suited for privacy versus utility analysis.",

author = "Jarmin, {Ron S.} and Abowd, {John M.} and Robert Ashmead and Ryan Cumings-Menon and Nathan Goldschlag and Hawes, {Michael B.} and Keller, {Sallie Ann} and Daniel Kifer and Philip Leclerc and Reiter, {Jerome P.} and Rodr{\'i}guez, {Rolando A.} and Ian Schmutte and Velkoff, {Victoria A.} and Pavel Zhuravlev",

note = "Publisher Copyright: Copyright {\textcopyright} 2023 the Author(s). Published by PNAS. This article is distributed under Creative Commons Attribution-NonCommercial-NoDerivatives License 4.0 (CC BY-NC-ND).",

year = "2023",

doi = "10.1073/pnas.2220558120",

language = "English (US)",

volume = "120",

journal = "Proceedings of the National Academy of Sciences of the United States of America",

issn = "0027-8424",

publisher = "National Academy of Sciences",

number = "43",

}

Jarmin, RS, Abowd, JM, Ashmead, R, Cumings-Menon, R, Goldschlag, N, Hawes, MB, Keller, SA, Kifer, D, Leclerc, P, Reiter, JP, Rodríguez, RA, Schmutte, I, Velkoff, VA & Zhuravlev, P 2023, 'An in-depth examination of requirements for disclosure risk assessment', Proceedings of the National Academy of Sciences of the United States of America, vol. 120, no. 43, e2220558120. https://doi.org/10.1073/pnas.2220558120

TY - JOUR

T1 - An in-depth examination of requirements for disclosure risk assessment

AU - Jarmin, Ron S.

AU - Abowd, John M.

AU - Ashmead, Robert

AU - Cumings-Menon, Ryan

AU - Goldschlag, Nathan

AU - Hawes, Michael B.

AU - Keller, Sallie Ann

AU - Kifer, Daniel

AU - Leclerc, Philip

AU - Reiter, Jerome P.

AU - Rodríguez, Rolando A.

AU - Schmutte, Ian

AU - Velkoff, Victoria A.

AU - Zhuravlev, Pavel

PY - 2023

Y1 - 2023

N2 - The use of formal privacy to protect the confidentiality of responses in the 2020 Decennial Census of Population and Housing has triggered renewed interest and debate over how to measure the disclosure risks and societal benefits of the published data products. We argue that any proposal for quantifying disclosure risk should be based on prespecified, objective criteria. We illustrate this approach to evaluate the absolute disclosure risk framework, the counterfactual framework underlying differential privacy, and prior-to-posterior comparisons. We conclude that satisfying all the desiderata is impossible, but counterfactual comparisons satisfy the most while absolute disclosure risk satisfies the fewest. Furthermore, we explain that many of the criticisms levied against differential privacy would be levied against any technology that is not equivalent to direct, unrestricted access to confidential data. More research is needed, but in the near term, the counterfactual approach appears best-suited for privacy versus utility analysis.

AB - The use of formal privacy to protect the confidentiality of responses in the 2020 Decennial Census of Population and Housing has triggered renewed interest and debate over how to measure the disclosure risks and societal benefits of the published data products. We argue that any proposal for quantifying disclosure risk should be based on prespecified, objective criteria. We illustrate this approach to evaluate the absolute disclosure risk framework, the counterfactual framework underlying differential privacy, and prior-to-posterior comparisons. We conclude that satisfying all the desiderata is impossible, but counterfactual comparisons satisfy the most while absolute disclosure risk satisfies the fewest. Furthermore, we explain that many of the criticisms levied against differential privacy would be levied against any technology that is not equivalent to direct, unrestricted access to confidential data. More research is needed, but in the near term, the counterfactual approach appears best-suited for privacy versus utility analysis.

UR - http://www.scopus.com/inward/record.url?scp=85175023378&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85175023378&partnerID=8YFLogxK

U2 - 10.1073/pnas.2220558120

DO - 10.1073/pnas.2220558120

M3 - Article

C2 - 37831744

AN - SCOPUS:85175023378

SN - 0027-8424

VL - 120

JO - Proceedings of the National Academy of Sciences of the United States of America

JF - Proceedings of the National Academy of Sciences of the United States of America

IS - 43

M1 - e2220558120

ER -

An in-depth examination of requirements for disclosure risk assessment

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this