A Framework for Extracting Semantic Guarantees from Privacy

TL;DR

This paper introduces a novel framework that extracts semantic guarantees from privacy definitions by analyzing how they influence an attacker's beliefs, providing a deeper understanding of what privacy protections are actually offered.

Contribution

It presents the first framework for deriving semantic guarantees from privacy definitions using the concept of row cones, enabling analysis of privacy protections beyond narrow questions.

Findings

Derived new semantics for several privacy algorithms

Identified the types of inferences defended by privacy definitions

Applied the framework to analyze randomized response and other algorithms

Abstract

Statistical privacy views privacy definitions as contracts that guide the behavior of algorithms that take in sensitive data and produce sanitized data. For most existing privacy definitions, it is not clear what they actually guarantee. In this paper, we propose the first (to the best of our knowledge) framework for extracting semantic guarantees from privacy definitions. That is, instead of answering narrow questions such as "does privacy definition Y protect X?" the goal is to answer the more general question "what does privacy definition Y protect?" The privacy guarantees we can extract are Bayesian in nature and deal with changes in an attacker's beliefs. The key to our framework is an object we call the row cone. Every privacy definition has a row cone, which is a convex set that describes all the ways an attacker's prior beliefs can be turned into posterior beliefs after observing an output of an algorithm satisfying that privacy definition. The framework can be applied to privacy definitions or even to individual algorithms to identify the types of inferences they defend against. We illustrate the use of our framework with analyses of several definitions and algorithms for which we can derive previously unknown semantics. These include randomized response, FRAPP, and several algorithms that add integer-valued noise to their inputs.