Presentation by Ashwin Machanavajjhala, Duke University
Privacy definitions provide ways for trading off the privacy of individuals in a statistical database for the utility of downstream analysis of the data. One notion that has become the gold-standard is differential privacy, and it exposes one knob \epsilon for tuning this trade-off. While \epsilon is intuitive, recent work has shown it does not sufficiently capture the diversity in the privacy utility trade-off space - it provides insufficient utility in some applications and insufficient privacy when data are correlated.
In this talk, I will present Blowfish, a class of privacy definitions that provides a richer interface for trading-off privacy for utility. In particular, we allow data publishers to extend differential privacy using a policy, which specifies which information must be kept secret, and what constraints maybe known about the data. While the former allows increased utility by not protecting certain properties about individuals, the latter provides added protection against adversary who know correlations in the data (arising from constraints). I will formalize privacy policies and present novel algorithms that explore new points in the privacy-utility trade-off space.