{"id":169518,"date":"2003-11-24T13:44:35","date_gmt":"2003-11-24T21:44:35","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/project\/database-privacy\/"},"modified":"2020-03-12T16:39:21","modified_gmt":"2020-03-12T23:39:21","slug":"database-privacy","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/database-privacy\/","title":{"rendered":"Database Privacy"},"content":{"rendered":"
The problem of statistical disclosure control\u2014revealing accurate statistics about a population while preserving the privacy of individuals\u2014has a venerable history. An extensive literature spans multiple disciplines: statistics, theoretical computer science, security, and databases.\u00a0 Nevertheless, despite this extensive literature, \u00abprivacy breaches\u00bb are common, both in the literature and in practice, even when security and data integrity are not compromised.<\/p>\n
This project revisits private data analysis from the perspective of modern cryptography.\u00a0 We address many previous difficulties by obtaining a strong, yet realizable, definition of privacy. Intuitively, differential privacy<\/em> ensures that the system behaves the essentially same way, independent of whether any individual, or small group of individuals, opts in to or opts out of the database.\u00a0 More precisely, for every possible output of the system, the probability of this output is almost unchanged by the addition or removal of any individual, where the probabilities are taken over the coin flips of the mechanism (and not the data set). Moreover, this holds even in the face of arbitrary existing or future knowledge available to a \u00abprivacy adversary,\u00bb completely solving the problem of database linkage attacks.<\/p>\n Databases can serve many social goals, such as fair allocation of resources, and identifying genetic markers for disease.\u00a0 Better participation means better information, and the \u00abin vs out\u00bb aspect of differential privacy encourages participation.<\/p>\n For a general overview of differential privacy\u2014the problems to be solved, the definition, the formal impossibility results that lead to the definition, general techniques for achieving differential privacy, and some recent directions, see \u00abA firm foundation for private data analysis\u00bb<\/a> (to appear in Communications of ACM).<\/p>\n For selected publications organized by topic and chronological ordered scroll down.<\/p>\n\t\t\t