Optimal Utility-Privacy Trade-off with Total Variation Distance as a Privacy Measure

TL;DR

This paper introduces total variation distance as a privacy measure in data disclosure, enabling a linear programming approach to optimize utility while ensuring privacy of sensitive information.

Contribution

It demonstrates that total variation distance satisfies key privacy properties and provides a tractable method for utility-privacy trade-off optimization.

Findings

Total variation distance satisfies post-processing and linkage inequalities.

The utility-privacy trade-off can be formulated as a linear program.

Provides bounds on privacy leakage measured by mutual information and other metrics.

Abstract

The total variation distance is proposed as a privacy measure in an information disclosure scenario when the goal is to reveal some information about available data in return of utility, while retaining the privacy of certain sensitive latent variables from the legitimate receiver. The total variation distance is introduced as a measure of privacy-leakage by showing that: i) it satisfies the post-processing and linkage inequalities, which makes it consistent with an intuitive notion of a privacy measure; ii) the optimal utility-privacy trade-off can be solved through a standard linear program when total variation distance is employed as the privacy measure; iii) it provides a bound on the privacy-leakage measured by mutual information, maximal leakage, or the improvement in an inference attack with a bounded cost function.