The UK’s Office for National Statistics (ONS) today published its National Statistician’s Quality Review (NSQR) of Privacy and Data Confidentiality Methods, ‘Privacy and Data Confidentiality Methods: Joining Forces’. The report consists of five chapters, each covering a different theme and which collectively cover the latest and most significant advances in the methods used for preventing unintended disclosure in publicly-released statistics.
Privitar, in collaboration with Professor Kobbi Nissim, McDevitt Chair in Computer Science at Georgetown University and co-creator of differential privacy, was asked to author the chapter on differential privacy. Alongside academic contributors to the report, Privitar brought its experience in real-world privacy protection, in particular in researching the practical application of differential privacy techniques to build its differential privacy product, Privitar Lens.
Recent years have seen an expanding demand for widely-available high-quality statistics, but this demand comes in the face of increasing risks to privacy and public concern over how personal data is used and protected.
In particular, a class of attacks called reconstruction attacks have highlighted how privacy risks may remain even if only aggregate statistics are released. In a reconstruction attack, the attacker uses combinations of statistics to infer the underlying dataset with high accuracy.
This has prompted researchers over the last fifteen years to explore a stronger, formal method for protecting privacy, known as differential privacy.
Differential privacy brings a new approach to managing privacy risk in today’s data-rich world. Its use allows organisations to gain insights into groups of individuals while guaranteeing that nothing significant can be learned about any given individual within the group. Crucially it can defend against reconstruction attacks.
This chapter was a collaboration between Privitar and Professor Nissim, under the guidance and advice of the ONS. This cross-sector working helped to ensure that the chapter focused world-leading expertise on a pressing and specific problem. Privitar believes this type of collaboration will be increasingly necessary to solve complex data problems. It also highlights how organisations are increasingly seeing the need for stronger, formal privacy protections, and as such are looking to differential privacy.
Differential privacy is the ‘gold standard’ in privacy protection: it offers users a mathematical guarantee that a limited amount of information about individuals is leaked. We were thrilled to be invited to use our expertise with differential privacy to help the Government Statistical Service assess how best to apply it, enabling them to continue to make use of rich datasets for the public good without compromising individual privacy.
Hector Page, Research Scientist, Privitar, commented: “Data about groups leaks information about specific individuals, and modern adversaries are able to make use of this fact to perform sophisticated privacy attacks. Public-facing bodies such as the Government Statistical Service (GSS) must rise to increase public and regulatory pressure to address these risks.
Differential privacy is the gold standard in privacy protection: it offers users a mathematical guarantee that a limited amount of information about individuals is leaked. We were thrilled to be invited to use our expertise with differential privacy to help the GSS assess how best to apply it, enabling them to continue to make use of rich datasets for the public good without compromising individual privacy.”
Charlie Cabot, Research Lead, Privitar, added: “Reconstruction attacks are a serious threat to privacy, and recent work by the US Census has proven that they’re a real-world risk. To adequately defend against that threat, we need to consider rigorous data privacy frameworks like differential privacy.”
Gentiana Roarson, Head of GSS Quality Review Programme, ONS added: “Privacy and confidentiality are complex and fast evolving areas of research. Intruder attacks pose an increasing threat exacerbated by technological developments and an increasing availability of additional data sources that may make re-identification easier. On one hand, the producers of statistics face increasing pressure to be more transparent regarding the approaches they use, while on the other hand they are required to ensure privacy and data confidentiality and engender trust. Throughout all this, they also need to be focused on user needs and make sure that the users have sufficiently detailed data to inform policy decisions.
ONS is taking a leading role in developing these methods and ensuring the methods used are not only fit for purpose but among some of the best in the world, by keeping pace with the latest developments and innovation in this field.”
Professor Kobbi Nissim, McDevitt Chair in Computer Science at Georgetown University, said: “With mounting risks to privacy, with an accumulating litany of failures of traditional privacy protection techniques, and with rising public concern, it has become essential that national statistical agencies such as the UK ONS would examine the use of privacy technology that features provable protection guarantees and provides mechanisms for a rigorous management of privacy risks.”