On the Measurement of Privacy as an Attacker's Estimation Error

TL;DR

This paper introduces a theoretical framework for measuring privacy based on an attacker's estimation error, enabling comparison of various privacy metrics under a unified perspective.

Contribution

It provides a general definition of privacy in terms of estimation error and relates multiple existing metrics through a common theoretical foundation.

Findings

Framework unifies privacy metrics under estimation error concept

Allows systematic comparison of privacy measures

Grounded in information theory, probability, and Bayes decision

Abstract

A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist systems designers in selecting the most appropriate metric for a given application. In this work we propose a theoretical framework for privacy-preserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability and Bayes decision.