Privacy Amplification by Subsampling in Time Domain

TL;DR

This paper introduces a new approach to enhance differential privacy in time-series data by using subsampling and filtering, significantly reducing noise requirements and improving data utility.

Contribution

It presents a novel analysis showing how subsampling and filtering reduce sensitivity in time-series privacy, along with new privacy mechanisms tailored for such data.

Findings

Sensitivity reduction through subsampling and filtering

Improved privacy-utility trade-offs demonstrated empirically

Effective privacy mechanisms for real-world time-series data

Abstract

Aggregate time-series data like traffic flow and site occupancy repeatedly sample statistics from a population across time. Such data can be profoundly useful for understanding trends within a given population, but also pose a significant privacy risk, potentially revealing e.g., who spends time where. Producing a private version of a time-series satisfying the standard definition of Differential Privacy (DP) is challenging due to the large influence a single participant can have on the sequence: if an individual can contribute to each time step, the amount of additive noise needed to satisfy privacy increases linearly with the number of time steps sampled. As such, if a signal spans a long duration or is oversampled, an excessive amount of noise must be added, drowning out underlying trends. However, in many applications an individual realistically cannot participate at every time step. When this is the case, we observe that the influence of a single participant (sensitivity) can be reduced by subsampling and/or filtering in time, while still meeting privacy requirements. Using a novel analysis, we show this significant reduction in sensitivity and propose a corresponding class of privacy mechanisms. We demonstrate the utility benefits of these techniques empirically with real-world and synthetic time-series data.