DIFFERENTIAL PRIVACY FOR SOCIAL SCIENCE RESEARCH

Salil VadhanHarvard Universitysalil-privacytools@g.harvard.edu[salil_vadhan@harvard.edu bounces mail from census.gov, google.com, …]

NAS CNSTAT Privacy workshopJune 6, 2019Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of our funders.

with support from:

Computer Science, Law, Social Science, Statistics

http://privacytools.seas.harvard.edu/

The Privacy Tools Project (2012-present)

Our Goal

computerscience

socialscience

data science

law &policy

privacy

utility

Achieve: &

Via:

Chong Vadhan

Gasser Sweeney

King Crosas

Airoldi

Altman Nissim

(Georgetown)

Gaboardi(Buffalo)

Honaker

O’Brien

Program on Information ScienceMIT Libraries

Smith (BU) Dwork

Ullman(NEU)

Wood

Dataverse Repositories around the world: 27 installations

Harvard Dataverse Repository:2400 dataverses with 75,000 datasetsand 2.9 million downloads

Target: Data Repositories

Datasets are restricted due to privacy concerns

Goal: enable wider sharing while protecting privacy

Approach: Integrated Privacy Tools

RobotLawyers

DataTagsInterview

SensitiveData Set

Deposit in repository

SensitiveData Set

RestrictedAccessData Set w/DUA

PSI: DifferentialPrivacy

Public Access Statistics

Tools we are working on

PSI: Differential Privacy Tool

RobotLawyers

DataTagsInterview

SensitiveData Set

Deposit in repository

SensitiveData Set

RestrictedAccessData Set w/DUA

PSI: DifferentialPrivacy

Public Access Statistics

Statistical summaries andexploratory data analysis withstrong privacy guarantees

PSI: Differential Privacy Tool

http://psiprivacy.org/about

• Generality: applicable to datasets across social science.• Accessible: no differential privacy expert optimizing

algorithms for a particular dataset or application• Workflow-compatible: fits into workflow of practicing

social scientists, using familiar concepts & tools• Tiered access: DP interface for wide access to rough

statistical information; users can still apply for raw data (cf. Census PUMS vs RDCs)

Hope: Beta version deployed in Dataverse by end of 2019

Goals of PSI

Intervene at time of deposit in repository

Allow depositor to make DP releases

Others can explore releases & make DP queries

Regression, Inference, and Machine Learning

Theorem [KLNRS08,S11]: Differential privacy for vast array of machine learning and statistical estimation problems with little loss in asymptotic convergence rate as → ∞. • Optimizations & practical implementations for logistic regression, ERM,

LASSO, SVMs in [RBHT09,CMS11,ST13,JT14].

DPHypothesis or model about world, e.g. rule for predicting disease from attributes

Sex Blood ⋯ HIV?F B ⋯ YM A ⋯ NM O ⋯ NM O ⋯ YF A ⋯ NM B ⋯ Y

Case Study: Small-Area Regressions• Opportunity Atlas [Chetty, Friedman, Hendren, Jones, Porter 2018]:

linear regressions on Census & IRS data to predict child income rank from parent income rank in each Census tract, broken up by race & gender.

• Challenging for DP: • small sample sizes (10’s to 1000’s)• sometimes very small variance in explanatory variable

• OA gets good results with a DP-inspired method.• See John Friedman’s presentation tomorrow!

0

20

40

60

80

100

Varia

nce

TotalVariance

SignalVariance

Sampling NoiseVariance Variance

Variance Decomposition for Tract-Level EstimatesTeenage Birth Rate For Black Women With Parents at 25th Percentile

Source: Chetty, Friedman, Hendren, Jones, Porter (2018)

3% increase in noise var.

Privacy Noise

Well-chosen DP methods almost as good[preliminary results, in collaboration with Alabi, McMillan, Sarathy, Smith]

Some challenges

• Managing privacy-loss budget in a query system.• Global budget for all analysts: can be exhausted quickly• Per-analyst budgets: need to ensure no collusion, limit publication

• “Good” accuracy for small (e.g. Opportunity Atlas)• requires high privacy loss (e.g. 8).• and carefully engineered DP algorithms

Theoretical possibility: rich synthetic data

Utility: preserves fraction of people with every set of attributes!

“fake” people

[Blum-Ligett-Roth ’08….]

Problem: uses computation time exponential in .(necessary in the worst case [DNNRV09,UV11])

CDP

Sex Blood ⋯ HIV?F B ⋯ YM A ⋯ NM O ⋯ NM O ⋯ YF A ⋯ NM B ⋯ Y

Sex Blood ⋯ HIV?M B ⋯ NF B ⋯ YM O ⋯ YF A ⋯ NF O ⋯ N

≪