Contextually Private Mechanisms

TL;DR

This paper introduces a framework for evaluating and designing mechanisms that maximize contextual privacy, focusing on how protocols can minimize unnecessary information disclosure during decision-making processes.

Contribution

It proposes a formal framework for comparing privacy levels in mechanisms and introduces a maximally contextually private protocol for Vickrey auctions.

Findings

The ascending-join protocol achieves maximal contextual privacy.

Delaying queries to certain bidders enhances privacy.

The framework identifies privacy violations related to pivotal agents.

Abstract

We introduce a framework for comparing the privacy of different mechanisms. A mechanism designer employs a dynamic protocol to elicit agents' private information. Protocols produce a set of contextual privacy violations -- information learned about agents that may be superfluous given the context. A protocol is \emph{maximally contextually private} if there is no protocol that produces a proper subset of the violations it produces, while still implementing the choice rule. Contextual privacy violations arise when a choice rule makes some agents collectively, but not individually, pivotal. In auctions, designing for contextual privacy requires choosing an initial question posed to each agent and the order in which agents are queried. We study a particular maximally contextually private protocol for $k$-item Vickrey auctions -- the ascending-join protocol -- and show that it achieves maximal contextual privacy by delaying queries to bidders whose privacy it protects.