Development and Analysis of Deterministic Privacy-Preserving Policies Using Non-Stochastic Information Theory

TL;DR

This paper introduces a deterministic privacy metric based on non-stochastic information theory, deriving optimal privacy-preserving policies that are piecewise constant functions, and critically analyzes the privacy guarantees of k-anonymity.

Contribution

It develops a new deterministic privacy measure using non-stochastic information theory and derives optimal policies as quantization operators, also evaluating k-anonymity's effectiveness.

Findings

Optimal privacy-preserving policies are piecewise constant functions.

The proposed privacy measure reveals limitations of k-anonymity.

The policies maximize privacy under response quality constraints.

Abstract

A deterministic privacy metric using non-stochastic information theory is developed. Particularly, minimax information is used to construct a measure of information leakage, which is inversely proportional to the measure of privacy. Anyone can submit a query to a trusted agent with access to a non-stochastic uncertain private dataset. Optimal deterministic privacy-preserving policies for responding to the submitted query are computed by maximizing the measure of privacy subject to a constraint on the worst-case quality of the response (i.e., the worst-case difference between the response by the agent and the output of the query computed on the private dataset). The optimal privacy-preserving policy is proved to be a piecewise constant function in the form of a quantization operator applied on the output of the submitted query. The measure of privacy is also used to analyze the performance of $k$-anonymity methodology (a popular deterministic mechanism for privacy-preserving release of datasets using suppression and generalization techniques), proving that it is in fact not privacy-preserving.