Frank McSherryResearcherMicrosoft Research, Silicon Valley

Setting: collect data, think, and say something.

1. Most Privacy Technology is not Great.Privacy guarantees are sketchy at best.

2. Good Alternatives DO Exist.Many settings with near optimal accuracy/privacy.

3. Use the Strongest Possible Privacy.For reasons practical, legal, and ethical.

HMO removes names, releases data. (ZIP, Age, Gender)Unfortunately, (Z,A,G) enough to uniquely ID people.

[Sweeney] observes, and responds! (k-anonymity)

Unfortunately, can still make inferences about secrets.

[MGK] observes, and responds! (l-diversity)

Unfortunately, multiple releases can compromise all.[Xiao and Tao] observes, and responds! (m-invariance)

Tune in next year…

No/Vague guarantees. Guarantees are Important!

Lesson learned from Cryptography, Systems Security, etc…

Not much thought about attack/threat model.Assumptions about prior info, type of attack. Often wrong

Limited protection that does not generalize.Understanding which techniques are appropriate is hard.

Many, many other issues…

Ideally: Whether/what you submit should not (much) affect the analysis, or consequences of the analysis.

Whether an adversary estimates your data accurately.Whether you receive phone calls selling magazines.

Differential Privacy: The probability of any outcome of the analysis is (almost) unaffected by your data.

Consequences of outcome are equally agnostic to your data.

Consider US IP addresses in searches for “Vista”:

Very accurate, and with differential privacy guarantee.

Getting it wrong has consequences.No “undo” button for unintended disclosures.

Vicious / Virtuous cycles.Bad privacy leads to bad data. Good privacy, to good data.

Privacy is a Natural Resource.It’s non-renewable, and it’s not yours. Conserve it.

Acks: Cynthia Dwork, Ilya Mironov, Kunal Talwar, Udi Wieder.

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of

this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Research Faculty Summit 2007