DOCSLIB.ORG

STAR: Statistical Tests with Auditable Results

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
STAR: Statistical Tests with Auditable Results STAR: Statistical Tests with Auditable Results System for Tamper-proof Hypothesis Testing Sacha Servan-Schreiber Olga Ohrimenko MIT CSAIL Microsoft Research Tim Kraska Emanuel Zgraggen MIT CSAIL MIT CSAIL ABSTRACT The replication crisis is, in part, a direct result of these We present STAR: a novel system aimed at solving the com- problems and what is formally known as the Multiple Com- plex issue of “p-hacking” and false discoveries in scientific parisons Problem (MCP). With every hypothesis tested over studies. STAR provides a concrete way for ensuring the ap- a dataset (using any type statistical testing procedure), there plication of false discovery control procedures in hypothesis is a small probability of a chance, i.e., false positive, discov- testing, using mathematically provable guarantees, with the ery with no real basis to the population being studied. With goal of reducing the risk of data dredging. STAR generates every additional statistical test performed on the data, the an efficiently auditable certificate which attests to theva- chance of encountering such a random correlation increases. lidity of each statistical test performed on a dataset. STAR This can be intentionally exploited to “fabricate” signifi- achieves this by using several cryptographic techniques cant discoveries and, if done in systematically, is referred to which are combined specifically for this purpose. Under- as “HARKing“ [35], “p-hacking” [25] or “data dredging”. the-hood, STAR uses a decentralized set of authorities (e.g., While a variety of statistical techniques exist to control research institutions), secure computation techniques, and for the MCP by setting threshold on the false discovery rate an append-only ledger which together enable auditing of (FDR), i.e., the ratio of false-positives to true-positives over a scientific claims by 3rd parties and matches real world trust sequence of hypotheses [4, 17], there is surprisingly almost assumptions. We implement and evaluate a construction no support to ensure that researchers and analysts actually of STAR using the Microsoft SEAL encryption library and use them. Rather individual research groups rely on often SPDZ multi-party computation protocol. Our experimental varying data analysis guidelines and trust in their group evaluation demonstrates the practicality of STAR in multi- members to abide by the control procedures correctly which, ple real world scenarios as a system for certifying scientific unfortunately, rarely works in the real world. This is because discoveries in a tamper-proof way. 1) making even one simply mistake in the application of the control procedure can result in a false discovery and 2) there is no means of guaranteeing that each researcher carefully applied the control procedure (or, didn’t intention- ally deviate from the procedure to get a “significant” (false) 1 INTRODUCTION discovery). Things get even worse when the same data is According to a 2016 Nature Magazine survey, over 70% of analyzed by several institutions or teams since guarding researchers failed to reproduce published results of other against false discoveries requires a coordinated effort. It is scientists and over 50% failed to reproduce their own published currently close to impossible to reliably employ statistical results [2]. The “Replication Crisis”, plaguing almost all sci- procedures, such as the Bonferroni [17] method, that guard arXiv:1901.10875v2 [cs.CR] 23 Oct 2019 entific domains, has serious and far reaching consequences against p-hacking across collaborators. It only requires one on the continued progress of scientific discoveries. Unfortu- member to “misuse” the data (intentionally or otherwise) and nately, solutions addressing the problem are few and often detecting, let alone recovering from such incidents is next to ineffective for two reasons: 1) current solutions either fail impossible. This problem is perhaps further exacerbated by to take into account real world trust assumptions (e.g., by the pressure on PhD students and PIs to publish [40], “publi- trusting researchers to carefully apply false discovery con- cation bias” [15] as papers with significant results are more trol protocols) or 2) are overly restrictive (e.g., by requiring likely to be published, and the increasing trend to share and independent replication of results prior to publishing or pre- make datasets publicly available for any researchers to use registration of hypotheses). Moreover, these solutions fail to in studies. Therefore, after examining the state of affairs, it is take into account modern approaches to data analysis, specif- perhaps not surprising that scientific community is plagued ically the abundance of existing data and means by which to by false discoveries [3, 27, 28, 30]. explore it, and impose overly stringent requirements. To illustrate this problem concretely, consider a publicly 1.1 Contributions available dataset such as MIMIC III [32]. This dataset con- • We present a novel system for preventing p-hacking tains de-identified health data associated with ≈ 40; 000 using cryptographic techniques which provide (math- critical care patients. MIMIC III has already been used in ematical) guarantees on the validity of each tested various studies [23, 26, 38] and it is probably one of the hypotheses during analysis, even in settings where re- most (over)analyzed clinical datasets and therefore prone searchers are not trusted to apply control procedures to “dataset decay” [46]. As such, any new discovery made correctly, while also ensuring full auditability of all on MIMIC runs the risk of being a false discovery. Even if a results obtained through STAR. particular group of researchers follow a proper FDR control • We implement and evaluate STAR on four widely used protocol, there is no control over happens across different statistical tests (Student’s t-test, Pearson’s correlation, groups and tracking hypotheses at a global scale poses many Chi-squared and ANOVA F-test) to demonstrate the of its own challenges. It is therefore hard to judge the validity applicability of STAR to real world scenarios. of any insight derived from such a dataset [46]. • We describe how a common false discovery control A solution to guarantee validity of insights commonly procedure known as α-investing can be applied with used in clinical trials — preregistration of hypotheses [12] STAR to provide full control over the data analysis — falls short in these scenarios since the data is collected phase in a certifiable manner. upfront without knowing what kind of analysis will be done To the best of our knowledge, is the first crypto- later on. Perhaps more promising is the use of a hold-out STAR graphic solution to the problem of p-hacking by providing dataset. The MIMIC author, for example, could have released guarantees (in the form of tamper-proof certificates) on the only 30K patient records as an “exploration” dataset and hold validity of all insights gleaned from a dataset. We believe back 10K records as a “validation” dataset. The exploration that is the first system to address the long standing dataset can then be used in arbitrary ways to find interest- STAR problem of discovery certification across scientific domains ing hypotheses. However, before any publication is made and achieves this with minimal overhead on researchers and by a research group using the dataset, all hypotheses must data providers. be (re)tested for statistical significance over the validation dataset. Unfortunately, in order to use the validation dataset more than once, we run into the same probem: every hy- 2 DESIGN pothesis over the validation dataset has to be tracked and Our design of STAR is motivated by the following obser- controlled for. Furthermore, the data owner (the MIMIC au- vations. The data owner cannot release a dataset D to the thor in this case) needs to provide this hypothesis validation researchers directly since it creates a possibility for p-hacking service. This is both a burden for the data owner as well as a (e.g., researchers can run tests privately and report only favor- potential risk. Researchers need to trust the data owner to able results without controlling for false discoveries). There- apply necessary control procedures and to objectively evalu- fore, any system which addresses p-hacking must “hide” the ate their hypotheses, which, unfortunately does not always raw data from researchers. With this in mind, we begin by align with real world incentive structures. describing several initial design ideas and discuss their limi- The above example illustrates the motivation behind the tations. This will serve as a motivation for why we choose need for a system that addresses these problems. With STAR, the design and construction described in § 2.2 and § 5. We our goal is to create a system that guarantees the va- then describe use some foreseeable use cases of our design lidity of statistical test outcomes and allows readers in § 3. (and/or reviewers) of publications to audit them for correctness, all without introducing unnecessary bur- 2.1 Strawman Designs dens on data provider and researchers. Using crypto- graphic techniques to certify outcomes of statistical tests The Trusted Authority Scheme. and by introducing a decentralized authority, we eliminate The simplest scheme is to assume a trusted authority (3rd the risk of data-dredging (intentional and otherwise) by re- party) which has full access to the unencrypted dataset. Re- searchers using a dataset. STAR can be used in various set- searchers then perform statistical tests on the dataset by tings, including cases where the data is public and only the querying the authority who executes the computations on hold-out data is fed into STAR (as in the example above), in their behalf and returns only the result of the test. settings where a few research groups collaborate on com- Unfortunately, there are two immediate problems with bined data, or even within single teams where lab managers such a design. The solution requires that the data owner, can opt to use STAR as a way to prevent unintentional false the researchers, and the auditors trust the authority when it discoveries, assign accountability and foster reproducibility.
Load more

Recommended publications
  • Downloading of a Human Consciousness Into a Digital Computer Would Involve ‘A Certain Loss of Our Finer Feelings and Qualities’89
    When We Can Trust Computers (and When We Can’t) Peter V. Coveney1,2* Roger R. Highfield3 1Centre for Computational Science, University College London, Gordon Street, London WC1H 0AJ, UK, https://orcid.org/0000-0002-8787-7256 2Institute for Informatics, Science Park 904, University of Amsterdam, 1098 XH Amsterdam, Netherlands 3Science Museum, Exhibition Road, London SW7 2DD, UK, https://orcid.org/0000-0003-2507-5458 Keywords: validation; verification; uncertainty quantification; big data; machine learning; artificial intelligence Abstract With the relentless rise of computer power, there is a widespread expectation that computers can solve the most pressing problems of science, and even more besides. We explore the limits of computational modelling and conclude that, in the domains of science and engineering that are relatively simple and firmly grounded in theory, these methods are indeed powerful. Even so, the availability of code, data and documentation, along with a range of techniques for validation, verification and uncertainty quantification, are essential for building trust in computer generated findings. When it comes to complex systems in domains of science that are less firmly grounded in theory, notably biology and medicine, to say nothing of the social sciences and humanities, computers can create the illusion of objectivity, not least because the rise of big data and machine learning pose new challenges to reproducibility, while lacking true explanatory power. We also discuss important aspects of the natural world which cannot be solved by digital means. In the long-term, renewed emphasis on analogue methods will be necessary to temper the excessive faith currently placed in digital computation.
    [Show full text]
  • Caveat Emptor: the Risks of Using Big Data for Human Development
    1 Caveat emptor: the risks of using big data for human development Siddique Latif1,2, Adnan Qayyum1, Muhammad Usama1, Junaid Qadir1, Andrej Zwitter3, and Muhammad Shahzad4 1Information Technology University (ITU)-Punjab, Pakistan 2University of Southern Queensland, Australia 3University of Groningen, Netherlands 4National University of Sciences and Technology (NUST), Pakistan Abstract Big data revolution promises to be instrumental in facilitating sustainable development in many sectors of life such as education, health, agriculture, and in combating humanitarian crises and violent conflicts. However, lurking beneath the immense promises of big data are some significant risks such as (1) the potential use of big data for unethical ends; (2) its ability to mislead through reliance on unrepresentative and biased data; and (3) the various privacy and security challenges associated with data (including the danger of an adversary tampering with the data to harm people). These risks can have severe consequences and a better understanding of these risks is the first step towards mitigation of these risks. In this paper, we highlight the potential dangers associated with using big data, particularly for human development. Index Terms Human development, big data analytics, risks and challenges, artificial intelligence, and machine learning. I. INTRODUCTION Over the last decades, widespread adoption of digital applications has moved all aspects of human lives into the digital sphere. The commoditization of the data collection process due to increased digitization has resulted in the “data deluge” that continues to intensify with a number of Internet companies dealing with petabytes of data on a daily basis. The term “big data” has been coined to refer to our emerging ability to collect, process, and analyze the massive amount of data being generated from multiple sources in order to obtain previously inaccessible insights.
    [Show full text]
  • Reproducibility: Promoting Scientific Rigor and Transparency
    Reproducibility: Promoting scientific rigor and transparency Roma Konecky, PhD Editorial Quality Advisor What does reproducibility mean? • Reproducibility is the ability to generate similar results each time an experiment is duplicated. • Data reproducibility enables us to validate experimental results. • Reproducibility is a key part of the scientific process; however, many scientific findings are not replicable. The Reproducibility Crisis • ~2010 as part of a growing awareness that many scientific studies are not replicable, the phrase “Reproducibility Crisis” was coined. • An initiative of the Center for Open Science conducted replications of 100 psychology experiments published in prominent journals. (Science, 349 (6251), 28 Aug 2015) - Out of 100 replication attempts, only 39 were successful. The Reproducibility Crisis • According to a poll of over 1,500 scientists, 70% had failed to reproduce at least one other scientist's experiment or their own. (Nature 533 (437), 26 May 2016) • Irreproducible research is a major concern because in valid claims: - slow scientific progress - waste time and resources - contribute to the public’s mistrust of science Factors contributing to Over 80% of respondents irreproducibility Nature | News Feature 25 May 2016 Underspecified methods Factors Data dredging/ Low statistical contributing to p-hacking power irreproducibility Technical Bias - omitting errors null results Weak experimental design Underspecified methods Factors Data dredging/ Low statistical contributing to p-hacking power irreproducibility Technical Bias - omitting errors null results Weak experimental design Underspecified methods • When experimental details are omitted, the procedure needed to reproduce a study isn’t clear. • Underspecified methods are like providing only part of a recipe. ? = Underspecified methods Underspecified methods Underspecified methods Underspecified methods • Like baking a loaf of bread, a “scientific recipe” should include all the details needed to reproduce the study.
    [Show full text]
  • Rejecting Statistical Significance Tests: Defanging the Arguments
    Rejecting Statistical Significance Tests: Defanging the Arguments D. G. Mayo Philosophy Department, Virginia Tech, 235 Major Williams Hall, Blacksburg VA 24060 Abstract I critically analyze three groups of arguments for rejecting statistical significance tests (don’t say ‘significance’, don’t use P-value thresholds), as espoused in the 2019 Editorial of The American Statistician (Wasserstein, Schirm and Lazar 2019). The strongest argument supposes that banning P-value thresholds would diminish P-hacking and data dredging. I argue that it is the opposite. In a world without thresholds, it would be harder to hold accountable those who fail to meet a predesignated threshold by dint of data dredging. Forgoing predesignated thresholds obstructs error control. If an account cannot say about any outcomes that they will not count as evidence for a claim—if all thresholds are abandoned—then there is no a test of that claim. Giving up on tests means forgoing statistical falsification. The second group of arguments constitutes a series of strawperson fallacies in which statistical significance tests are too readily identified with classic abuses of tests. The logical principle of charity is violated. The third group rests on implicit arguments. The first in this group presupposes, without argument, a different philosophy of statistics from the one underlying statistical significance tests; the second group—appeals to popularity and fear—only exacerbate the ‘perverse’ incentives underlying today’s replication crisis. Key Words: Fisher, Neyman and Pearson, replication crisis, statistical significance tests, strawperson fallacy, psychological appeals, 2016 ASA Statement on P-values 1. Introduction and Background Today’s crisis of replication gives a new urgency to critically appraising proposed statistical reforms intended to ameliorate the situation.
    [Show full text]
  • The Statistical Crisis in Science
    The Statistical Crisis in Science Data-dependent analysis— a "garden of forking paths"— explains why many statistically significant comparisons don't hold up. Andrew Gelman and Eric Loken here is a growing realization a short mathematics test when it is This multiple comparisons issue is that reported "statistically sig expressed in two different contexts, well known in statistics and has been nificant" claims in scientific involving either healthcare or the called "p-hacking" in an influential publications are routinely mis military. The question may be framed 2011 paper by the psychology re Ttaken. Researchers typically expressnonspecifically as an investigation of searchers Joseph Simmons, Leif Nel the confidence in their data in terms possible associations between party son, and Uri Simonsohn. Our main of p-value: the probability that a per affiliation and mathematical reasoning point in the present article is that it ceived result is actually the result of across contexts. The null hypothesis is is possible to have multiple potential random variation. The value of p (for that the political context is irrelevant comparisons (that is, a data analysis "probability") is a way of measuring to the task, and the alternative hypoth whose details are highly contingent the extent to which a data set provides esis is that context matters and the dif on data, invalidating published p-val- evidence against a so-called null hy ference in performance between the ues) without the researcher perform pothesis. By convention, a p-value be two parties would be different in the ing any conscious procedure of fishing low 0.05 is considered a meaningful military and healthcare contexts.
    [Show full text]
  • Replicability Problems in Science: It's Not the P-Values' Fault
    The replicability problems in Science: It’s not the p-values’ fault Yoav Benjamini Tel Aviv University NISS Webinar May 6, 2020 1. The Reproducibility and Replicability Crisis Replicability with significance “We may say that a phenomenon is experimentally demonstrable when we know how to conduct an experiment which will rarely fail to give us statistically significant results.” Fisher (1935) “The Design of Experiments”. Reproducibility/Replicability • Reproduce the study: from the original data, through analysis, to get same figures and conclusions • Replicability of results: replicate the entire study, from enlisting subjects through collecting data, and analyzing the results, in a similar but not necessarily identical way, yet get essentially the same results. (Biostatistics, Editorial 2010, Nature Editorial 2013, NSA 2019) “ reproducibilty is the ability to replicate the results…” in a paper on “reproducibility is not replicability” We can therefore assure reproducibility of a single study but only enhance its replicability Opinion shared by 2019 report of National Academies on R&R Outline 1. The misguided attack 2. Selective inference: The silent killer of replicability 3. The status of addressing evident selective inference 6 2. The misguided attack Psychological Science “… we have published a tutorial by Cumming (‘14), a leader in the new-statistics movement…” • 9. Do not trust any p value. • 10. Whenever possible, avoid using statistical significance or p- values; simply omit any mention of null hypothesis significance testing (NHST). • 14. …Routinely report 95% CIs… Editorial by Trafimow & Marks (2015) in Basic and Applied Social Psychology: From now on, BASP is banning the NHSTP… 7 Is it the p-values’ fault? ASA Board’s statement about p-values (Lazar & Wasserstein Am.
    [Show full text]
  • Just How Easy Is It to Cheat a Linear Regression? Philip Pham A
    Just How Easy is it to Cheat a Linear Regression? Philip Pham A THESIS in Mathematics Presented to the Faculties of the University of Pennsylvania in Partial Fulfillment of the Requirements for the Degree of Master of Arts Spring 2016 Robin Pemantle, Supervisor of Thesis David Harbater, Graduate Group Chairman Abstract As of late, the validity of much academic research has come into question. While many studies have been retracted for outright falsification of data, perhaps more common is inappropriate statistical methodology. In particular, this paper focuses on data dredging in the case of balanced design with two groups and classical linear regression. While it is well-known data dredging has pernicious e↵ects, few have attempted to quantify these e↵ects, and little is known about both the number of covariates needed to induce statistical significance and data dredging’s e↵ect on statistical power and e↵ect size. I have explored its e↵ect mathematically and through computer simulation. First, I prove that in the extreme case that the researcher can obtain any desired result by collecting nonsense data if there is no limit on how much data he or she collects. In practice, there are limits, so secondly, by computer simulation, I demonstrate that with a modest amount of e↵ort a researcher can find a small number of covariates to achieve statistical significance both when the treatment and response are independent as well as when they are weakly correlated. Moreover, I show that such practices lead not only to Type I errors but also result in an exaggerated e↵ect size.
    [Show full text]
  • Distributional Null Hypothesis Testing with the T Distribution Arxiv
    Distributional Null Hypothesis Testing with the T distribution Fintan Costello School of Computer Science and Informatics, University College Dublin and Paul Watts Department of Theoretical Physics, National University of Ireland Maynooth arXiv:2010.07813v1 [stat.ME] 15 Oct 2020 Distributional Nulls 2 Abstract Null Hypothesis Significance Testing (NHST) has long been central to the scien- tific project, guiding theory development and supporting evidence-based intervention and decision-making. Recent years, however, have seen growing awareness of serious problems with NHST as it is typically used, and hence to proposals to limit the use of NHST techniques, to abandon these techniques and move to alternative statistical approaches, or even to ban the use of NHST entirely. These proposals are premature, because the observed problems with NHST all arise as a consequence of a contingent and in many cases incorrect choice: that of NHST testing against point-form nulls. We show that testing against distributional, rather than point-form, nulls is bet- ter motivated mathematically and experimentally, and that the use of distributional nulls addresses many problems with the standard point-form NHST approach. We also show that use of distributional nulls allows a form of null hypothesis testing that takes into account both the statistical significance of a given result and the probability of replication of that result in a new experiment. Rather than abandoning NHST, we should use the NHST approach in its more general form, with distributional rather than point-form nulls. Keywords: NHST; Replication; Generalisation Distributional Nulls 3 In relation to the test of significance, we may say that a phenomenon is experimentally demonstrable when we know how to conduct an experiment which will rarely fail to give us a statistically significant result.
    [Show full text]
  • Responsible Use of Statistical Methods Larry Nelson North Carolina State University at Raleigh
    University of Massachusetts Amherst ScholarWorks@UMass Amherst Ethics in Science and Engineering National Science, Technology and Society Initiative Clearinghouse 4-1-2000 Responsible Use of Statistical Methods Larry Nelson North Carolina State University at Raleigh Charles Proctor North Carolina State University at Raleigh Cavell Brownie North Carolina State University at Raleigh Follow this and additional works at: https://scholarworks.umass.edu/esence Part of the Engineering Commons, Life Sciences Commons, Medicine and Health Sciences Commons, Physical Sciences and Mathematics Commons, and the Social and Behavioral Sciences Commons Recommended Citation Nelson, Larry; Proctor, Charles; and Brownie, Cavell, "Responsible Use of Statistical Methods" (2000). Ethics in Science and Engineering National Clearinghouse. 301. Retrieved from https://scholarworks.umass.edu/esence/301 This Teaching Module is brought to you for free and open access by the Science, Technology and Society Initiative at ScholarWorks@UMass Amherst. It has been accepted for inclusion in Ethics in Science and Engineering National Clearinghouse by an authorized administrator of ScholarWorks@UMass Amherst. For more information, please contact [email protected]. Responsible Use of Statistical Methods focuses on good statistical practices. In the Introduction we distinguish between two types of activities; one, those involving the study design and protocol (a priori) and two, those actions taken with the results (post hoc.) We note that right practice is right ethics, the distinction between a mistake and misconduct and emphasize the importance of how the central hypothesis is stated. The Central Essay, I dentification of Outliers in a Set of Precision Agriculture Experimental Data by Larry A. Nelson, Charles H. Proctor and Cavell Brownie, is a good paper to study.
    [Show full text]
  • P-Hacking' Now an Insiders' Term for Scientific Malpractice Has Worked Its Way Into Pop Culture
    CHRISTIE ASCHWANDEN 11.26.2019 09:00 AM We're All 'P-Hacking' Now An insiders' term for scientific malpractice has worked its way into pop culture. Is that a good thing? PHOTOGRAPH: YULIA REZNIKOV/GETTY IMAGES IT’S GOT AN entry in the Urban Dictionary, been discussed on Last Week Tonight with John Oliver, scored a wink from Cards Against Humanity, and now it’s been featured in a clue on the TV game show Jeopardy. Metascience nerds rejoice! The term p-hacking has gone mainstream. https://www.wired.com/stor/were-all-p-hacking-now/ Results from a study can be analyzed in a variety of ways, and p-hacking refers to a practice where researchers select the analysis that yields a pleasing result. The p refers to the p-value, a ridiculously complicated statistical entity that’s essentially a measure of how surprising the results of a study would be if the effect you’re looking for wasn’t there. Suppose you’re testing a pill for high blood pressure, and you find that blood pressures did indeed drop among people who took the medicine. The p-value is the probability that you’d find blood pressure reductions at least as big as the ones you measured, even if the drug was a dud and didn’t work. A p-value of 0.05 means there’s only a 5 percent chance of that scenario. By convention, a p-value of less than 0.05 gives the researcher license to say that the drug produced “statistically significant” reductions in blood pressure.
    [Show full text]
  • Investigating the Effect of the Multiple Comparisons Problem in Visual Analysis
    Investigating the Effect of the Multiple Comparisons Problem in Visual Analysis Emanuel Zgraggen1 Zheguang Zhao1 Robert Zeleznik1 Tim Kraska1, 2 Brown University1 Massachusetts Institute of Technology2 Providence, RI, United States Cambridge, MA, United States {ez, sam, bcz}@cs.brown.edu [email protected] ABSTRACT Similar to others [9], we argue that the same thing happens The goal of a visualization system is to facilitate data-driven when performing visual comparisons, but instead of winning, insight discovery. But what if the insights are spurious? Fea- an analyst “loses” when they observe an interesting-looking tures or patterns in visualizations can be perceived as relevant random event (e.g., two sixes). Instead of being rewarded for insights, even though they may arise from noise. We often persistence, an analyst increases their chances of losing by compare visualizations to a mental image of what we are inter- viewing more data visualizations. This concept is formally ested in: a particular trend, distribution or an unusual pattern. known as the multiple comparisons problem (MCP) [5]. Con- As more visualizations are examined and more comparisons sider an analyst looking at a completely random dataset. As are made, the probability of discovering spurious insights more comparisons are made, the probability rapidly increases increases. This problem is well-known in Statistics as the mul- of encountering interesting-looking (e.g., data trend, unex- tiple comparisons problem (MCP) but overlooked in visual pected distribution, etc.), but still random events. Treating analysis. We present a way to evaluate MCP in visualization such inevitable patterns as insights is a false discovery (Type I tools by measuring the accuracy of user reported insights on error) and the analyst “loses” if they act on such false insights.
    [Show full text]
  • Reproducibility and Privacy: Research Data Use, Reuse, and Abuse
    Reproducibility and Privacy: Research Data Use, Reuse, and Abuse Daniel L. Goroff Opinions here are his own. But based on the work of grantees. Alfred P. Sloan • Organized and ran GM • Sloan School, Sloan Kettering, too • Foundation (public goods business) • Emphasized role of data in decision making Privacy Protecting Research How can work on private data be reproducible? Protocols can impose obfuscation at 3 stages: input, computation, or output. Data Enclave • Work there • Data stays • Release write up if approved • Irreproducible results! • Same problem for NDA’s. Privacy Protecting Protocols De-Identification? • William Weld, while Governor of Massachusetts, approved the release of de-identified medical records of state employees. • Latania Sweeney, then a graduate student at MIT, re-identified Weld’s records and delivered a list of his diagnoses and prescriptions to his office. • Try stripping out names, SSNs, addresses, etc. • But 3 facts–gender, birthday, and zip code–are enough to uniquely identify over 85% of U.S. citizens. • Including my assistant, a male from 60035 born on 9/30/1988 as above. • See www.aboutmyinfo.org Netflix Challenge • Offered $1m prize for improving prediction algorithm. • Release “anonymized” training set of >100m records. • In 2007, researchers began identifying video renters by linking with public databases like IMDB. • Suite settled in 2010. NYC Taxi Records • Last year, NYC’s 187m cab trips were compiled and released, complete with GPS start and finish data, distance traveled, fares, tips, etc. • But the dataset also included hashed but poorly anonymized driver info, including license and medallion numbers, making it possible to determine driver names, salaries, tips, and embarrassing facts about some riders.
    [Show full text]