Privacy: Theory meets practice on the map

Ashwin Machanavajjhala; Daniel Kifer; John Abowd; Johannes Gehrke; Lars Vilhuber

doi:10.1109/ICDE.2008.4497436

Privacy: Theory meets practice on the map

Ashwin Machanavajjhala, Daniel Kifer, John Abowd, Johannes Gehrke, Lars Vilhuber

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

416 Scopus citations

Abstract

In this paper, we propose the first formal privacy analysis of a data anonymization process known as the synthetic data generation, a technique becoming popular in the statistics community. The target application for this work is a mapping program that shows the commuting patterns of the population of the United States. The source data for this application were collected by the U.S. Census Bureau, but due to privacy constraints, they cannot be used directly by the mapping program. Instead, we generate synthetic data that statistically mimic the original data while providing privacy guarantees. We use these synthetic data as a surrogate for the original data. We find that while some existing definitions of privacy are inapplicable to our target application, others are too conservative and render the synthetic data useless since they guard against privacy breaches that are very unlikely. Moreover, the data in our target application is sparse, and none of the existing solutions are tailored to anonymize sparse data. In this paper, we propose solutions to address the above issues.

Original language	English (US)
Title of host publication	Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, ICDE'08
Pages	277-286
Number of pages	10
DOIs	https://doi.org/10.1109/ICDE.2008.4497436
State	Published - 2008
Event	2008 IEEE 24th International Conference on Data Engineering, ICDE'08 - Cancun, Mexico Duration: Apr 7 2008 → Apr 12 2008

Publication series

Name	Proceedings - International Conference on Data Engineering
ISSN (Print)	1084-4627

Other

Other	2008 IEEE 24th International Conference on Data Engineering, ICDE'08
Country/Territory	Mexico
City	Cancun
Period	4/7/08 → 4/12/08

All Science Journal Classification (ASJC) codes

Software
Signal Processing
Information Systems

Access to Document

10.1109/ICDE.2008.4497436

Cite this

@inproceedings{de4f4dced40844189a3b7b19de44d8d8,

title = "Privacy: Theory meets practice on the map",

abstract = "In this paper, we propose the first formal privacy analysis of a data anonymization process known as the synthetic data generation, a technique becoming popular in the statistics community. The target application for this work is a mapping program that shows the commuting patterns of the population of the United States. The source data for this application were collected by the U.S. Census Bureau, but due to privacy constraints, they cannot be used directly by the mapping program. Instead, we generate synthetic data that statistically mimic the original data while providing privacy guarantees. We use these synthetic data as a surrogate for the original data. We find that while some existing definitions of privacy are inapplicable to our target application, others are too conservative and render the synthetic data useless since they guard against privacy breaches that are very unlikely. Moreover, the data in our target application is sparse, and none of the existing solutions are tailored to anonymize sparse data. In this paper, we propose solutions to address the above issues.",

author = "Ashwin Machanavajjhala and Daniel Kifer and John Abowd and Johannes Gehrke and Lars Vilhuber",

year = "2008",

doi = "10.1109/ICDE.2008.4497436",

language = "English (US)",

isbn = "9781424418374",

series = "Proceedings - International Conference on Data Engineering",

pages = "277--286",

booktitle = "Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, ICDE'08",

note = "2008 IEEE 24th International Conference on Data Engineering, ICDE'08 ; Conference date: 07-04-2008 Through 12-04-2008",

}

Machanavajjhala, A, Kifer, D, Abowd, J, Gehrke, J & Vilhuber, L 2008, Privacy: Theory meets practice on the map. in Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, ICDE'08., 4497436, Proceedings - International Conference on Data Engineering, pp. 277-286, 2008 IEEE 24th International Conference on Data Engineering, ICDE'08, Cancun, Mexico, 4/7/08. https://doi.org/10.1109/ICDE.2008.4497436

TY - GEN

T1 - Privacy

T2 - 2008 IEEE 24th International Conference on Data Engineering, ICDE'08

AU - Machanavajjhala, Ashwin

AU - Kifer, Daniel

AU - Abowd, John

AU - Gehrke, Johannes

AU - Vilhuber, Lars

PY - 2008

Y1 - 2008

N2 - In this paper, we propose the first formal privacy analysis of a data anonymization process known as the synthetic data generation, a technique becoming popular in the statistics community. The target application for this work is a mapping program that shows the commuting patterns of the population of the United States. The source data for this application were collected by the U.S. Census Bureau, but due to privacy constraints, they cannot be used directly by the mapping program. Instead, we generate synthetic data that statistically mimic the original data while providing privacy guarantees. We use these synthetic data as a surrogate for the original data. We find that while some existing definitions of privacy are inapplicable to our target application, others are too conservative and render the synthetic data useless since they guard against privacy breaches that are very unlikely. Moreover, the data in our target application is sparse, and none of the existing solutions are tailored to anonymize sparse data. In this paper, we propose solutions to address the above issues.

AB - In this paper, we propose the first formal privacy analysis of a data anonymization process known as the synthetic data generation, a technique becoming popular in the statistics community. The target application for this work is a mapping program that shows the commuting patterns of the population of the United States. The source data for this application were collected by the U.S. Census Bureau, but due to privacy constraints, they cannot be used directly by the mapping program. Instead, we generate synthetic data that statistically mimic the original data while providing privacy guarantees. We use these synthetic data as a surrogate for the original data. We find that while some existing definitions of privacy are inapplicable to our target application, others are too conservative and render the synthetic data useless since they guard against privacy breaches that are very unlikely. Moreover, the data in our target application is sparse, and none of the existing solutions are tailored to anonymize sparse data. In this paper, we propose solutions to address the above issues.

UR - http://www.scopus.com/inward/record.url?scp=52649169678&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=52649169678&partnerID=8YFLogxK

U2 - 10.1109/ICDE.2008.4497436

DO - 10.1109/ICDE.2008.4497436

M3 - Conference contribution

AN - SCOPUS:52649169678

SN - 9781424418374

T3 - Proceedings - International Conference on Data Engineering

SP - 277

EP - 286

BT - Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, ICDE'08

Y2 - 7 April 2008 through 12 April 2008

ER -

Privacy: Theory meets practice on the map

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this