Success Stories of Differential Privacy

Home , Cynthia Dwork

Successes of Differential Privacy

Cynthia Dwork, Harvard University Pre-Modern Cryptography

Propose

Break Modern Cryptography Propose Propose STRONGER STRONGER Definition

Propose Algs Definition algorithms satisfying definition Break Definition

Break Definition Modern Cryptography Propose Propose STRONGER STRONGER Definition

Propose Algs Definition algorithms satisfying definition Break Definition

Break Definition No Algorithm?

Propose Definition ?

Why? Provably No Algorithm? Propose WEAKER/DIFF Definition Propose Definition Alg / ? ?

Bad Definition Scientific Launch

1. Methodology 2. Engaging with negative results  Dinur-Nissim Fundamental Law of Info Recovery

 “Overly accurate” estimates of “too many” statistics destroys privacy. Scientific Launch

1. Methodology 2. Engaging with negative results  Dinur-Nissim; impossibility of semantic security (Terry Gross) 3. Algorithmic Approach  Privacy-preserving programming from a few primitives  RR, symmetric noise, EM: the ORs and ANDs of DP  The astonishing Blum-Ligett-Roth result  Composition  Analytical insights: sparse vector and PMW; geometric view 4. Complexity Fruitful Interplay with Other Fields

 Learning theory, discrepancy theory, cryptography, geometry, complexity theory, mechanism design, pseudorandomness, communication complexity, machine learning, (robust) statistics, fingerprinting codes, coding theory Rich Algorithmic Literature

 Counts, linear queries, histograms, contingency tables (marginals)  Location and spread (eg, median, interquartile range)  Dimension reduction (PCA, SVD), clustering  Support Vector Machines  Sparse regression/LASSO, logistic and linear regression  Gradient descent  Boosting, Multiplicative Weights  Combinatorial optimization, mechanism design  Privacy Under Continual Observation, Pan-Privacy  Kalman filtering  Statistical Queries learning model, PAC learning  False Discovery Rate control  Pan-Privacy, privacy under continual observation … Outreach  Formative engagement with statistics  Led to earliest public deployment Social Science Research Law, Economics, Medicine,…

 PLSC, Berkman, Brussels, Simons Foundation, EC, iDASH,…  Omics: Stanford (past); IPAM (upcoming); Society of Epidemeoligic Research Policy Policy

 CPUC hearings on Energy Data Center, the ruling, the Southern CA power company  Podesta report, PCAST report  Commission on Evidence-Based Policymaking  Consumer Finance Protection Board  … Deployment

 RAPPOR, Google more generally, Apple,…  A couple of startups (Leapyear, Privatar(?))  Census – OnTheMap and upcoming  Help wanted! Deployment

 RAPPOR, Google more generally, Apple,…  Help wanted!  A couple of startups (Leapyear, Privatar(?))  Help wanted!  Census – OnTheMap and upcoming  Help wanted! Deployment

 RAPPOR, Google more generally, Apple,…  Help wanted!  A couple of startups (Leapyear, Privatar(?))  Help wanted!  Census – OnTheMap and upcoming  Help wanted! DP when Privacy is not a Concern

 Markets, Economics, Game Theory  Hartline, McSherry,Talwar; Roth; Pai and Roth; Lykouris, Syrgkanis, and Tardos  Fairness in Algorithmic Classification  Generalizability under adaptive analysis Fairness Through Awareness

Dwork, Hardt, Pitassi, Reingold, Zemel 2012 Individual Fairness

 People who are similar with respect to a specific classification task should be treated similarly  S + math ∼ Sc + finance  “Fairness Through Awareness”

Classifier

M: 푉 → 푂 M푥 푥 O: Classification V: individuals Outcomes Individual Fairness Lipschitz Classifier

푥 tiny d 푦 푀

V O

푀: 푉 → Δ 푂 푀 푥 − 푀 푦 ≤ 푑(푥, 푦) Lipschitz Mappings

Differential Privacy Individual Fairness

Objects Databases Individuals Outcomes Output of statistical analysis Classification outcome

Similarity General purpose metric Task-specific metric

 Can use dp techniques for fairness  Theorem: Exponential mechanism of [MT07] yields individual fairness and small loss when the metric has bounded doubling dimension. Which is “Right”? Statistical Validity in Adaptive Data Analysis

Dwork, Feldman, Hardt, Pitassi, Reingold, Roth q1

a1 q2 M a2 q3

a3 Database curator data analyst

 푞푖 depends on 푎1, 푎2, … , 푎푖−1  Differential privacy neutralizes risks incurred by adaptivity  Hard to find a query for which the data set is not representative The Re-Usable Holdout

 Learn on the training set  Check against holdout via a differentially private mechanism “Training”  Future exploration does not significantly depend on H “Holdout”  H stays fresh 3 Sides of the Same Coin

 Fairness, Privacy, Generalizability  “Keep Up the Good Work” – Moni Naor (by channeling)  Let your research be fruitful and multiply  Build the 휖 registry, formally or informally  Build libraries, continue outreach efforts  Confront Implications of the Fundamental Law  Prioritization? Who decides? Which fields have the tools  Public Understanding  Generalization beyond the sample distribution / transfer learning?  Strong relation to fairness Thank You