Project Leader: Farhad Farokhi
Collaborators: Ni Ding (School of Computing and Information Systems), Girish Nair (Department of Electrical and Electronic Engineering)
Sponsors: The University of Melbourne
Primary Contact: Farhad Farokhi (firstname.lastname@example.org)
Keywords: control and signal processing; information theory; optimisation; signal processing; signals and systems
Disciplines: Electrical & Electronic Engineering
A common thread or assumption among all provable privacy frameworks, such as information-theoretic privacy and differential privacy, is randomisation for safeguarding privacy. The definition of differential privacy assumes the use of randomised functions and information theoretic tools used so far have been based on randomised random variables. However, many popular heuristic-based privacy-preserving methods, such as k-anonymity and l-diversity, are deterministic (ie, deterministic mappings, such as suppression and generalisation, applied to non-stochastic datasets). This is because randomised, or stochastic, privacy-preserving policies have been shown to cause problems, such as un-truthfulness. For instance, randomised privacy-preserving policies in financial auditing have been criticised for complicating fraud detection. Also, generation of unreasonable and unrealistic outputs by randomness can cause undesirable financial outcomes (eg, misleading investors or market operators by reporting noisy outputs that point to lack of liquidity in a bank). Randomised privacy-preserving policies, in general, have also encountered difficulties in health and social sciences.
Finally, undesirable properties of differentially-private additive noise, especially the Laplace noise, might make it less appealing. For instance, optimal variable estimation in the presence of privacy-preserving Laplace noise is computationally expensive and probability of returning impossible reports (eg, negative median income) could be relatively high due to slow-decaying nature of Laplace noise.
In addition to negative consequences associated with randomised policies, the popularity of non-stochastic methods might also be caused by the simplicity of implementing deterministic policies, in the sense of not requiring a working knowledge of random variables and their generation by laymen. This motivates development of non-stochastic privacy frameworks.
Further information: http://farokhi.xyz/2020/02/24/non-stochastic-privacy/