Differential Privacy of Hierarchical Census Data: An Optimization Approach

TL;DR

This paper introduces a polynomial-time optimization-based differential privacy mechanism for releasing hierarchical census data, ensuring consistency across levels while significantly improving efficiency and accuracy over existing methods.

Contribution

It presents a novel optimization approach that efficiently ensures hierarchical consistency in differentially private data releases, outperforming prior techniques.

Findings

Up to 100x improvements in computational efficiency

Significant accuracy gains over existing methods

Effective for large-scale real datasets

Abstract

This paper is motivated by applications of a Census Bureau interested in releasing aggregate socio-economic data about a large population without revealing sensitive information about any individual. The released information can be the number of individuals living alone, the number of cars they own, or their salary brackets. Recent events have identified some of the privacy challenges faced by these organizations. To address them, this paper presents a novel differential-privacy mechanism for releasing hierarchical counts of individuals. The counts are reported at multiple granularities (e.g., the national, state, and county levels) and must be consistent across all levels. The core of the mechanism is an optimization model that redistributes the noise introduced to achieve differential privacy in order to meet the consistency constraints between the hierarchical levels. The key technical contribution of the paper shows that this optimization problem can be solved in polynomial time by exploiting the structure of its cost functions. Experimental results on very large, real datasets show that the proposed mechanism provides improvements of up to two orders of magnitude in terms of computational efficiency and accuracy with respect to other state-of-the-art techniques.