No abstract available.

No abstract available.

We describe a role for differential privacy in open data repositories handling sensitive data. Archival repositories in the human sciences balance discoverability and replicability with their legal liabilities and ethical constraints to protect sensitive information. The ability to explore differentially private releases of archived data allows a curve-bending change in this trade-off. We further describe PSI, an implementation of a curator system for differentially private queries and statistical models, and its integration with the Dataverse repository. We describe some of the pragmatics of implementing a general purpose curator that works across a wide variety of types of data and types of uses, and of presenting differential privacy to an applied audience new to these concepts.

Federated learning has become an exciting direction for both research and practical training of models with user data. Although data remains decentralized in federated learning, it is common to assume that the model updates are sent in the clear from the devices to the server. Differential privacy has been proposed as a way to ensure the model remains private, but this does not address the issue that model updates can be seen on the server, and lead to leakage of user data. Local differential privacy is one of the strongest forms of privacy protection so that each individual's data is privatized. However, local differential privacy, as it is traditionally used, may prove to be too stringent of a privacy condition in many high dimensional problems, such as in distributed model fitting. We propose a new paradigm for local differential privacy by providing protections against certain adversaries. Specifically, we ensure that adversaries with limited prior information cannot reconstruct, with high probability, the original data within some prescribed tolerance. This interpretation allows us to consider larger privacy parameters. We then design (optimal) DP mechanisms in this large privacy parameter regime. In this work, we combine local privacy protections along with central differential privacy to present a practical approach to do model training privately. Further, we show that these privacy restrictions maintain utility in image classification and language models that is comparable to federated learning without these privacy restrictions.

No abstract available.

Differential privacy provides a mathematical definition for the privacy loss to individuals when aggregated data is released. Unfortunately, the growing popularity of differential privacy is accompanied by an increase in the development of incorrect algorithms. Hence, formal verification of differential privacy is critical to its success.

In this talk, I will present LightDP, a simple imperative language for proving differential privacy for sophisticated algorithms. LightDP is built on a proof technique, called randomness alignment, which can be automated via a relational type system assuming little annotation in the source code. The type system is powerful enough to verify sophisticated algorithms, such as Sparse Vector, where the composition theorem falls short. Moreover, the type system converts differential privacy into a safety property in a target program where the privacy cost is explicit. This novel feature makes it possible to verify the target program by off-the-shelf verification tools. Finally, I will present a recent extension of LightDP that enables the verification of Report Noisy Max based on relational types. With the extension, we show that various sophisticated algorithms can be type-checked and verified in seconds.

From using health data for medical research to using location traces for location-based services, the seemingly different applications have one characteristic in common – the data are spatiotemporally correlated. Such correlations, if not modeled and addressed carefully, challenge the utility of traditional differential privacy mechanisms and even the privacy guarantee of standard definitions. For aggregate health data learning and release, I will present case studies of applying differential privacy for deep learning and computational phenotyping using wearable data and Electronic Health Records (EHRs) considering their spatiotemporal characteristics, and a study quantifying privacy leakage of traditional data release mechanisms under spatiotemporal correlations. For individual location-based services, I will present new privacy notions and mechanisms extending traditional differential privacy for location and spatiotemporal event protection under spatiotemporal correlations. I will conclude the talk with a discussion of open challenges.

No abstract available.

Knexus Research is a small R&D company located in the DC area at National Harbor, MD.   We have over 13 years of experience moving research in AI and Data Science through the math, science and engineering steps necessary to make the jump from theory to practice.   We have three active projects in data privacy: As technical lead for the NIST Differentially Private Synthetic Data Challenge, Knexus is providing oversight and technical direction for the first national challenge in Differential Privacy.   For the US Census Bureau, the Knexus CenSyn team is providing evaluation, research, engineering and production software development support for Census privacy efforts.   And, with the DARPA Brandeis Program, Knexus is tackling the problem of developing noise-resistant decision metrics that can operate reliably over privatized data in critical contexts such as crisis detection.   At Knexus, our priority is to develop the tools and technologies necessary to facilitate safe, successful public adoption of new research concepts.  In this talk we'll describe our ongoing work and share lessons we've learned managing the challenges of data privacy applications.

We propose a method to release differentially private synthetic datasets using any parametric synthesizing model. Synthetic data, one of the popular methods in the disclosure control literature and among statistical agencies, releases alternative data values in place of the original ones. We guarantee ε-DP by sampling the parameters for the synthesizing distribution from the exponential mechanism, and we produce synthetic data that maximizes the distributional similarity of the synthetic data relative to the original data using a measure known as the pMSE. The flexibility of the framework allows for a variety of modeling choices given schematic or prior information. We also relax common DP assumptions concerning the distribution and boundedness of the original data, allowing for the release of differentially private data that is unbounded or continuous without additional assumptions. We prove theoretical results for the privacy guarantee, give simulation results for the accuracy of linear regression coefficients, and discuss two computational limitations.

This talk will start with an overview of the traditional statistical disclosure limitation (SDL) framework implemented at statistical agencies for standard outputs, including types of disclosure risks, how disclosure risk and information loss are quantified, and some common SDL methods. Traditional SDL approaches were developed to protect against the risk of re-identification which is grounded in legislation and statistics acts. In recent years, however, we have seen the digitalization of all aspects of our society leading to new and linked data sources offering unprecedented opportunities for research and evidence-based policies. These developments have put pressure on statistical agencies to provide broader and more open access to their data. On the other hand, with detailed personal information easily accessible from the internet, traditional SDL methods for protecting individuals may no longer be sufficient and this has led to agencies relying more on restricting and licensing data. With increasing demands for more open and accessible data, the  disclosure risk of concern for statistical agencies has shifted from  the risk of re-identification  to inferential disclosure where  confidential information may be revealed exactly or to a close approximation. Statistical agencies are now revisiting their intruder scenarios and types of disclosure risks and assessing new privacy models with more rigorous data protection (perturbative) mechanisms for more open strategies of dissemination. Statisticians are now  investigating the possibilities of incorporating Differential Privacy (Dwork, et al 2006) into their SDL framework, especially for web-based dissemination applications where outputs are generated and protected on-the-fly without the need for human intervention to check for disclosure risks. We discuss these dissemination strategies and the potential for Differential Privacy to provide privacy guarantees against inferential disclosure.

As a philosophical theory, contextual integrity has been persuasive. With some degree of success, it has informed law and policy both directly and indirectly. An open challenge is how well it can be operationalized in practice. This talk will survey a few promising collaborative research projects in social science, theory, and design (systems) that have taken up this challenge.

With the deployment of large sensor-actuator networks, Cyber-Physical Systems (CPSs), such as smart buildings, smart grids, and transportation systems, are producing massive amounts of data often in real-time. These data are being used collectively to inform decision-making of the entities that engage with the CPSs. However, the collection and analysis of the data present a privacy risk that needs to be addressed. Moreover, the impact of these systems on people's lives requires us to be particularly mindful of the privacy-utility tradeoff when designing privacy mechanisms.

In this talk, I will share two perspectives on mitigating the privacy issues in CPSs. In the first part of the talk, I will discuss how to fairly compensate people for using their private data. I will formalize the notion of the "data value" and present various efficient algorithms to compute it. In the second part of the talk, I will discuss how to accommodate the high demand for data utility through the design of more sophisticated privacy mechanisms. To that end, I will discuss an approach to modeling privacy loss and utility of sensor data collected from CPSs. I will also illustrate the approach via an example of privacy enhancement in smart buildings.

No abstract available.

I will pitch and try to rally support for launching a community effort to build a system of tools for enabling privacy-protective analysis of sensitive personal data.  Key among them will be an open-source library of algorithms for generating differentially private statistical releases, vetted and cumulated from leading researchers in differential privacy, and implemented for easy adoption by custodians of large-scale sensitive data.  The hope is that this will become a standard body of trusted and open-source implementations of differentially private algorithms for statistical analysis and machine learning on sensitive data.  It will magnify the impact of academic research on differential privacy, by providing a channel that brings algorithmic developments to a wide array of practitioners.