差分隐私用于个人信息保护的实践难点及化解方案

doi:10.12267/j.issn.2096-5931.2024.01.006

摘要/Abstract

摘要：

梳理差分隐私用于人口普查、数字广告和大型语言模型中的个人信息保护案例,发现通过差分隐私实现个人信息保护仍然存在概念定义不一、隐私单元不明、参数难以选定、隐私记账困难、缺乏简明解释、造成不公平问题和法律效果不确定7个难点,并逐个探讨了突破这些难点的思路。化解差分隐私的实践难点不仅可以加强个人信息保护,也可以促进数据要素流通利用。

关键词: 差分隐私, 个人信息保护, 隐私记账, 交互设计, 数据要素流通利用

Abstract:

By examining cases where differential privacy(DP) is used for personal information protection in census, digital advertising and large language model, this paper finds that there are still seven practical difficulties in realizing personal information protection through DP, such as unclear definition, unmatched privacy unit, excessively high parameter value, difficulty in accounting, lack of concise explanation, difficulty in verification and audit, and uncertainty of DP’s legal effect. And this paper discusses how to tackle with these difficulties one by one. Solving the practical difficulties of differential privacy can not only strengthen the protection of personal information, but also promote the circulation and utilization of data.

Key words: differential privacy, personal data protection, privacy accounting, interactive design, data circulation and use

中图分类号:

TP309.2

朱悦. 差分隐私用于个人信息保护的实践难点及化解方案[J]. 信息通信技术与政策, 2024, 50(1): 37-44.

ZHU Yue. Practical difficulties and solutions of differential privacy for personal information protection[J]. Information and Communications Technology and Policy, 2024, 50(1): 37-44.

导出引用管理器 EndNote|Ris|BibTeX

链接本文:

http://ictp.caict.ac.cn/CN/10.12267/j.issn.2096-5931.2024.01.006

http://ictp.caict.ac.cn/CN/Y2024/V50/I1/37

参考文献 38

[1]	DWORK C, ROTH A. The algorithmic foundations of differential privacy[J]. Foundations and Trends in Theoretical Computer Science, 2014: 211-407.
[2]	Article 29 Data Protection Working Party. Opinion 05/2014 on anonymisation techniques[R], 2014.
[3]	ALTMAN M, COHEN A, NISSIM K, et al. What a hybrid legal-technical analysis teaches us about privacy regulation: the case of singling out[J]. Social Science Electronic Publishing, 2021(27): 1-63.
[4]	COHEN A NISSIM K. Towards formalizing the GDPR’s notion of singling out[J]. Proceedings of the National Academy of Sciences, 2020, 117(15): 8344-8352. doi: 10.1073/pnas.1914598117 URL
[5]	STEINKE T. Composition of differential privacy & privacy amplification by subsampling[J]. arXiv Preprint,arXiv: 2210.00597, 2022.
[6]	ABOWD J. Declaration of John Abowd, State of Alabama v. United States department of commerce. Case no. 3:21-CV-211-RAH-ECM-KCN[EB/OL]. (2022-10-13)[2023-12-10]. https://www.documentcloud.org/documents/21018464-fair-lines-america-foundation-july-26-2021-declaration-of-john-m-abowd.
[7]	ABOWD J, ASHMEAD R, GARFINKEL S, et al. Census topdown: differentially private data, incremental schemas, and consistency with public knowledge[EB/OL]. 2019[2023-12-10]. https://github.com/uscensusbureau/census2020-das-e2e/blob/master/doc/20190711_0945_Consistency_for_Large_Scale_Differentially_Private_Histograms.pdf..
[8]	TEAN C, FIORETTO F, HENTENRYCK P V. Decision making with differential privacy under a fairness lens[J]. arXiv Preprint,arXiv: 2105.07513, 2021.
[9]	DWORK C. Differential privacy and the 2020 US census[C]// The 38th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems (PODS’19). New York: Association for Computing Machinery, 2022.
[10]	LUKASZ O. On the governance of privacy-preserving systems for the web: should privacy sandbox be governed?[M]// Andrej Zwitter & Oskar J. Gstrein, Handbook on the Politics and Governance of Big Data and Artificial Intelligence: Chapter 10. London: Edward Elgar Publishing, 2023: 279-314.
[11]	MAUD N. Understanding noise in summary reports[EB/OL]. (2023-06-24)[2023-12-10]. https://chrome-developer.pages.dev/en/docs/privacy-sandbox/attribution-reporting/understanding-noise/.
[12]	Competition and Markets Authority. Decision to accept commitments offered by Google in relation to its Privacy Sandbox Proposals[EB/OL]. (2022-02-11)[2023-12-10]. https://assets.publishing.service.gov.uk/media/62052c52e90e0f7881c975/Google_Sandbox_.pdf.
[13]	SHEN X Y, CHEN Z Y, BACKES M, et al. In ChatGPT we trust? measuring and characterizing the reliability of ChatGPT[J]. arXiv Preprint,arXiv: 2304.08979, 2023.
[14]	CARLINI N, CHIEN S, NASR M, et al. Membership inference attacks from first principles[C]// 2022 IEEE Symposium on Security and Privacy (SP). San Francisco: IEEE Press, 2022:1897-1914.
[15]	CARLINI N, TRAMER F, WALLACE E, et al. Extracting training data from large language models[J]. arXiv Preprint, arXiv:2012.07805, 2021.
[16]	LI X C, TRAMER F, LIANG P, et al. Large language models can be strong differentially private learners[J]. arXiv Preprint,arXiv: 2110.05679, 2021.
[17]	CUMMINGS R, DESFONTAINES D, EVANS D, et al. Challenges towards the next frontier in privacy[J]. arXiv Preprint,arXiv: 2304.06929, 2023.
[18]	DUCHI J C, JORDAN M I, WAINWRIGHT M J, et al. Local privacy and statistical minimax rates[C]// 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS). Berkeley: IEEE Press, 2013:429-438.
[19]	MIRONOV I. Rényi Differential Privacy[C]// 2017 IEEE 30th Computer Security Foundations Symposium (CSF). Santa Barbara: IEEE Press, 2017:263-275.
[20]	PONOMAREVA N, HAZIMEH H, KURAKIN A, et al. How to dp-fy ml: a practical guide to machine learning with differential privacy[J]. Journal of Artificial Intelligence Research, 2023(77): 1113-1201.
[21]	DWORK C. Differential privacy: a survey of results[C]// Theory and Applications of Models of Computation:5th International Conference, TAMC 2008. Xi’an: Springer, 2008.
[22]	CHIN A, KLINEFELTER A. Differential privacy as a response to the reidentification threat: the facebook advertiser case study[J]. North Carolina Law Review, 2011, 90(5):1417.
[23]	CUMMINGS RKAPTCHUK G, REDMILES E M. “I need a better description”: an investigation into user expectations for differential privacy[J]. arXiv Preprint, arXiv:2110.06452, 2021.
[24]	COHEN A, DUCHIN M, MATTHEWS J, et al. Private numbers in public policy: census, differential privacy, and redistricting[J]. Harvard Data Science Review, 2022.
[25]	SANTOS-LOZADA A R, HOWARD J T, VERDERY A M. How differential privacy will affect our understanding of health disparities in the United States[J]. Proceedings of the National Academy of Sciences, 2020, 117(24): 13405-13412. doi: 10.1073/pnas.2003714117 URL
[26]	LI Y, COULL B A, KRIEGER N, et al. Impacts of census differential privacy for small-area disease mapping to monitor health inequities[J]. arXiv Preprint, arXiv:2209.04316, 2023.
[27]	MUELLERA T, SANTOS-LOZADAB A. Proposed US census bureau differential privacy method is biased against rural and non-white[J]. American Academy of Political and Social Science, 2021, 672(1): 26-45. doi: 10.1177/0002716217708560 URL
[28]	DWORK C, KOHLI N, MULLIGAN D. Differential privacy in practice: expose your epsilons![J]. Journal of Privacy and Confidentiality, 2019, 9(2).
[29]	ZHAO Y, CHEN J J. A survey on differential privacy for unstructured data content[J]. ACM Computing Surveys (CSUR), 2022(54): 1-28.
[30]	Personal Data Protection Commission Singapore. Guide to basic anonymisation[EB/OL]. 2022[2023-12-10]. https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/Guide-to-Basic-Anonymisation-31-March-2022.pdf.
[31]	FLUITT A COHEN A, ALTMAN M, et al. Data protection’s composition problem[J]. Social Science Electronic Publishing, 2019(5): 285.
[32]	LU F, MUNOZ J, FUCHS M, et al. A general framework for auditing differentially private machine learning[J]. Advances in Neural Information Processing Systems, 2022(35): 4165-4176.
[33]	KIFER D, MESSING S, ROTH A, et al. Guidelines for implementing and auditing differentially private systems[J]. arXiv Preprint,arXiv: 2002.04049, 2020.
[34]	LEE J, CLIFTON C. How much is enough? Choosing ε for differential privacy[C]//Information Security: 14th International Conference, ISC 2011. Xi’an: Springer Berlin Heidelberg, 2011.
[35]	NANAYALLARA P, BATER J, HE X, et al. Visualizing privacy-utility trade-offs in differentially private data releases[J]. arXiv Preprint, arXiv:2201.05964, 2022.
[36]	AKASH N. Experiment with summary report design decisions[EB/OL]. 2023[2023-12-10]. https://web-dev-staging.appspot.com/docs/privacy-sandbox/summary-reports/design-decisions/.
[37]	Agencia Española Protección Datos. Resolucion de archive de actuaciones[EB/OL]. 2020[2023-12-10]. https://www.aepd.es/documento/e-03690-2020.pdf.
[38]	全国信息安全标准技术委员会. 信息安全技术个人信息安全影响评估指南:GB/J 39335—2020[S]. 北京: 中国标准出版社, 2020.