Adaptive Privacy of Sequential Data Releases Under Collusion

TL;DR

This paper introduces an adaptive privacy mechanism for sequential data releases that accounts for potential collusion among multiple data recipients, balancing privacy and utility effectively.

Contribution

It develops a novel adaptive algorithm for sequential data release privacy that handles collusion and optimizes privacy-utility trade-offs using mutual information and distortion measures.

Findings

Optimal data releases under expected distortion

Locally optimal releases when using mutual information

Algorithm effectively manages collusion scenarios

Abstract

The fundamental trade-off between privacy and utility remains an active area of research. Our contribution is motivated by two observations. First, privacy mechanisms developed for one-time data release cannot straightforwardly be extended to sequential releases. Second, practical databases are likely to be useful to multiple distinct parties. Furthermore, we can not rule out the possibility of data sharing between parties. With utility in mind, we formulate a privacy-utility trade-off problem to adaptively tackle sequential data requests made by different, potentially colluding entities. We consider both expected distortion and mutual information as measures to quantify utility, and use mutual information to measure privacy. We assume an attack model whereby illicit data sharing, which we call collusion, can occur between data receivers. We develop an adaptive algorithm for data releases that makes use of a modified Blahut-Arimoto algorithm. We show that the resulting data releases are optimal when expected distortion quantifies utility, and locally optimal when mutual information quantifies utility. Finally, we discuss how our findings may extend to applications in machine learning.