TY - GEN
T1 - Congenial Differential Privacy under Mandated Disclosure
AU - Gong, Ruobin
AU - Meng, Xiao Li
N1 - Funding Information:
The authors thank Jeremy Seeman, Salil Vadhan, Guanyang Wang and three anonymous reviewers for helpful suggestions. Ruobin Gong gratefully acknowledges research support by the National Science Foundation (NSF) DMS-1916002. Xiao-Li Meng also thanks NSF for partial financial support while completing this article.
Publisher Copyright:
© 2020 ACM.
PY - 2020/10/19
Y1 - 2020/10/19
N2 - Differentially private data releases are often required to satisfy a set of external constraints that reflect the legal, ethical, and logical mandates to which the data curator is obligated. The enforcement of constraints, when treated as post-processing, adds an extra phase in the production of privatized data. It is well understood in the theory of multi-phase processing that congeniality, a form of procedural compatibility between phases, is a prerequisite for the end users to straightforwardly obtain statistically valid results. Congenial differential privacy is theoretically principled, which facilitates transparency and intelligibility of the mechanism that would otherwise be undermined by ad-hoc post-processing procedures. We advocate for the systematic integration of mandated disclosure into the design of the privacy mechanism via standard probabilistic conditioning on the invariant margins. Conditioning automatically renders congeniality because any extra post-processing phase becomes unnecessary. We provide both initial theoretical guarantees and a Markov chain algorithm for our proposal. We also discuss intriguing theoretical issues that arise in comparing congenital differential privacy and optimization-based post-processing, as well as directions for further research.
AB - Differentially private data releases are often required to satisfy a set of external constraints that reflect the legal, ethical, and logical mandates to which the data curator is obligated. The enforcement of constraints, when treated as post-processing, adds an extra phase in the production of privatized data. It is well understood in the theory of multi-phase processing that congeniality, a form of procedural compatibility between phases, is a prerequisite for the end users to straightforwardly obtain statistically valid results. Congenial differential privacy is theoretically principled, which facilitates transparency and intelligibility of the mechanism that would otherwise be undermined by ad-hoc post-processing procedures. We advocate for the systematic integration of mandated disclosure into the design of the privacy mechanism via standard probabilistic conditioning on the invariant margins. Conditioning automatically renders congeniality because any extra post-processing phase becomes unnecessary. We provide both initial theoretical guarantees and a Markov chain algorithm for our proposal. We also discuss intriguing theoretical issues that arise in comparing congenital differential privacy and optimization-based post-processing, as well as directions for further research.
KW - belief function
KW - conditioning
KW - invariants
KW - monte carlo
KW - post-processing
KW - statistical intelligibility
KW - uncongeniality
UR - http://www.scopus.com/inward/record.url?scp=85096989095&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85096989095&partnerID=8YFLogxK
U2 - 10.1145/3412815.3416892
DO - 10.1145/3412815.3416892
M3 - Conference contribution
AN - SCOPUS:85096989095
T3 - FODS 2020 - Proceedings of the 2020 ACM-IMS Foundations of Data Science Conference
SP - 59
EP - 70
BT - FODS 2020 - Proceedings of the 2020 ACM-IMS Foundations of Data Science Conference
PB - Association for Computing Machinery, Inc
T2 - 2020 ACM-IMS Foundations of Data Science Conference, FODS 2020
Y2 - 19 October 2020 through 20 October 2020
ER -