research-article

Open access

From Theory to Comprehension: A Comparative Study of Differential Privacy and k-Anonymity

Authors:

Saskia Nuñez von Voigt,

Florian TschorschAuthors Info & Claims

CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy

Pages 221 - 232

https://doi.org/10.1145/3626232.3653261

Published: 19 June 2024 Publication History

Abstract

The notion of \varepsilon-differential privacy is a widely used concept of providing quantifiable privacy to individuals. However, it is unclear how to explain the level of privacy protection provided by a differential privacy mechanism with a set \varepsilon. In this study, we focus on users' comprehension of the privacy protection provided by a differential privacy mechanism. To do so, we study three variants of explaining the privacy protection provided by differential privacy: (1) the original mathematical definition; (2) \varepsilon translated into a specific privacy risk; and (3) an explanation using the randomized response technique. We compare users' comprehension of privacy protection employing these explanatory models with their comprehension of privacy protection of k-anonymity as baseline comprehensibility. Our findings suggest that participants' comprehension of differential privacy protection is enhanced by the privacy risk model and the randomized response-based model. Moreover, our results confirm our intuition that privacy protection provided by k-anonymity is more comprehensible.

References

[1]

Brooke Bullek, Stephanie Garboski, Darakhshan J. Mir, and Evan M. Peck. 2017. Towards Understanding Differential Privacy: When Do People Trust Randomized Response Technique?. In CHI '17: Proceedings of the 2017 Conference on Human Factors in Computing Systems. ACM, 3833--3837. https://doi.org/10.1145/3025453.3025698

Digital Library

[2]

Chris Clifton and Tamir Tassa. 2013. On syntactic anonymity and differential privacy. In ICDEW '13: IEEE 29th International Conference on Data Engineering Workshops. 88--93. https://doi.org/10.1109/ICDEW.2013.6547433

[3]

Rachel Cummings, Gabriel Kaptchuk, and Elissa M. Redmiles. 2021. "I need a better description": An Investigation Into User Expectations For Differential Privacy. In CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021. ACM, 3037--3052. https://doi.org/10.1145/3460120.3485252

Digital Library

[4]

Cynthia Dwork. 2006. Differential Privacy. In ICALP '06: Automata, Languages and Programming, 33rd International Colloquium, Proceedings, Part II (Lecture Notes in Computer Science, Vol. 4052). Springer, 1--12. https://doi.org/10.1007/11787006_1

Digital Library

[5]

Cynthia Dwork. 2008. Differential Privacy: A Survey of Results. In TAMC '08: Theory and Applications of Models of Computation, 5th International Conference (Lecture Notes in Computer Science, Vol. 4978). Springer, 1--19. https://doi.org/10.1007/978--3--540--79228--4_1

[6]

Angela Fagerlin, Brian Zikmund-Fisher, Peter Ubel, Aleksandra Jankovic, Holly Derry, and Dylan Smith. 2007-09. Measuring Numeracy Without a Math Test: Development of the Subjective Numeracy Scale. Medical decision making : an international journal of the Society for Medical Decision Making, Vol. 27 (2007-09), 672--80. https://doi.org/10.1177/0272989X07304449

[7]

Daniel Franzen, Saskia Nu nez von Voigt, Peter Sörries, Florian Tschorsch, and Claudia Müller-Birn. 2022. Am I Private and If So, how Many?: Communicating Privacy Guarantees of Differential Privacy with Risk Communication Formats. In CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, November 7--11, 2022. ACM, 1125--1139. https://doi.org/10.1145/3548606.3560693

Digital Library

[8]

Arik Friedman, Ran Wolff, and Assaf Schuster. 2008. Providing k-anonymity in data mining. The VLDB Journal, Vol. 17, 4 (2008), 789--804. https://doi.org/10.1007/S00778-006-0039--5

Digital Library

[9]

Benjamin C. M. Fung, Ke Wang, Rui Chen, and Philip S. Yu. 2010. Privacy-preserving data publishing: A survey of recent developments. Comput. Surveys, Vol. 42, 4 (2010), 14:1--14:53. https://doi.org/10.1145/1749603.1749605

Digital Library

[10]

Justin Hsu, Marco Gaboardi, Andreas Haeberlen, Sanjeev Khanna, Arjun Narayan, Benjamin C. Pierce, and Aaron Roth. 2014. Differential Privacy: An Economic Method for Choosing Epsilon. In CSF '14: IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society, 398--410. https://doi.org/10.1109/CSF.2014.35

Digital Library

[11]

Farzaneh Karegar, Ala Sarah Alaqra, and Simone Fischer-Hübner. 2022. Exploring User-Suitable Metaphors for Differentially Private Data Analyses. In SOUPS '22: Proceedings of the Eighteenth Symposium on Usable Privacy and Security, Boston, MA, USA, August 7--9, 2022. USENIX Association, 175--193. https://www.usenix.org/conference/soups2022/presentation/karegar

[12]

Carmen Keller and Michael Siegrist. 2009. Effect of Risk Communication Formats on Risk Perception Depending on Numeracy. Medical Decision Making, Vol. 29, 4 (2009), 483--490. https://doi.org/10.1177/0272989X09333122

[13]

Justin Kruger and David Dunning. 1999. Unskilled and unaware of it: how difficulties in recognizing one's own incompetence lead to inflated self-assessments. Journal of personality and social psychology, Vol. 77, 6 (1999), 1121.

[14]

Johannes A Landsheer, Peter Van Der Heijden, and Ger Van Gils. 1999. Trust and understanding, two psychological aspects of randomized response. Quality and Quantity, Vol. 33, 1 (1999), 1--12. https://doi.org/10.1023/A:1004361819974

[15]

Jaewoo Lee and Chris Clifton. 2011. How Much Is Enough? Choosing ε for Differential Privacy. In ISC '11: Information Security, 14th International Conference. Springer, 325--340. https://doi.org/10.1007/978--3--642--24861-0_22

[16]

Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. 2007. t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. In ICDE '07: Proceedings of the 23rd International Conference on Data Engineering. IEEE Computer Society, 106--115. https://doi.org/10.1109/ICDE.2007.367856

[17]

Isaac Lipkus, Greg Samsa, and Barbara Rimer. 2001-02. General Performance on a Numeracy Scale Among Highly Educated Samples. Medical decision making : an international journal of the Society for Medical Decision Making, Vol. 21 (2001-02), 37--44. https://doi.org/10.1177/0272989X0102100105

[18]

Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer, and Muthuramakrishnan Venkitasubramaniam. 2006. l-Diversity: Privacy Beyond k-Anonymity. In ICDE '06: Proceedings of the 22nd International Conference on Data Engineering. IEEE Computer Society, 24. https://doi.org/10.1109/ICDE.2006.1

Digital Library

[19]

Naresh K. Malhotra, Sung S. Kim, and James Agarwal. 2004. Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research, Vol. 15, 4 (2004), 336--355. https://doi.org/10.1287/isre.1040.0032

Digital Library

[20]

Luise Mehner, Saskia Nu nez von Voigt, and Florian Tschorsch. 2021. Towards Explaining Epsilon: A Worst-Case Study of Differential Privacy Risks. In EuroS&P '21: IEEE European Symposium on Security and Privacy Workshops, Vienna, Austria, September 6--10, 2021. IEEE, 328--331. https://doi.org/10.1109/EUROSPW54576.2021.00041

[21]

Maurizio Naldi and Giuseppe D'Acquisto. 2015. Differential Privacy: An Estimation Theory-Based Method for Choosing Epsilon. arXiv preprint, Vol. abs/1510.00917 (2015).

[22]

Priyanka Nanayakkara, Johes Bater, Xi He, Jessica Hullman, and Jennie Rogers. 2022. Visualizing Privacy-Utility Trade-Offs in Differentially Private Data Releases. Proceedings on Privacy Enhancing Technologies, Vol. 2022, 2 (2022), 601--618. https://doi.org/10.2478/popets-2022-0058

[23]

Priyanka Nanayakkara, Mary Anne Smart, Rachel Cummings, Gabriel Kaptchuk, and Elissa M. Redmiles. 2023. What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9--11, 2023. USENIX Association. https://www.usenix.org/conference/usenixsecurity23/presentation/nanayakkara

[24]

K. Patel and G. B. Jethava. 2018. Privacy Preserving Techniques for Big Data: A Survey. In ICICCT '18: Proceedings of the 2018 Second International Conference on Inventive Communication and Computational Technologies. 194--199. https://doi.org/10.1109/ICICCT.2018.8473289

[25]

Sarina B. Schrager. 2018. Five Ways to Communicate Risks So That Patients Understand. Family practice management, Vol. 25 6 (2018), 28--31.

[26]

Mary Anne Smart, Dhruv Sood, and Kristen Vaccaro. [n.,d.]. Understanding Risks of Privacy Theater with Differential Privacy. Proceedings of the ACM on Human-Computer Interactio,6, number = CSCW2, 1--24,2022, doi = 10.1145/3555762, ( [n.,d.]).

Digital Library

[27]

Latanya Sweeney. 2002. k-Anonymity: A Model for Protecting Privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, Vol. 10 (2002), 557--570.

Digital Library

[28]

André Calero Valdez and Martina Ziefle. 2019. The users' perspective on the privacy-utility trade-offs in health recommender systems. International Journal of Human-Computer Studies, Vol. 121 (2019), 108--121. https://doi.org/10.1016/j.ijhcs.2018.04.003

[29]

Teng Wang, Xuefeng Zhang, Jingyu Feng, and Xinyu Yang. 2020. A Comprehensive Survey on Local Differential Privacy toward Data Statistics and Analysis. Sensors, Vol. 20, 24 (2020), 7030. https://doi.org/10.3390/s20247030

[30]

Stanley L. Warner. 1965. Randomized response: A survey technique for eliminating evasive answer bias. J. Amer. Statist. Assoc., Vol. 60.309 (1965), 63--69.

[31]

Aiping Xiong, Tianhao Wang, Ninghui Li, and Somesh Jha. 2020. Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension. In SP '20: IEEE Symposium on Security and Privacy. IEEE, 392--410. https://doi.org/10.1109/SP40000.2020.00088 endthebibl

Cited By

Schneider MBuchmann ERahm E(2024)Distributed, Privacy-Aware Location Data Aggregation2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)10.1109/TPS-ISA62245.2024.00014(31-40)Online publication date: 28-Oct-2024
https://doi.org/10.1109/TPS-ISA62245.2024.00014

Index Terms

From Theory to Comprehension: A Comparative Study of Differential Privacy and k-Anonymity
1. General and reference
  1. Document types
    1. Surveys and overviews
2. Security and privacy
  1. Database and storage security
    1. Data anonymization and sanitization
  2. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

( $k, ε, δ$ )-Anonymization: privacy-preserving data release based on k-anonymity and differential privacy
Abstract
The General Data Protection Regulation came into effect on May 25, 2018, and has rapidly become a touchstone model for modern privacy law. It empowers consumers with unprecedented control over the use of their personal information. However, new ...
Enhancing data utility in differential privacy via microaggregation-based k-anonymity

It is not uncommon in the data anonymization literature to oppose the "old" k-anonymity model to the "new" differential privacy model, which offers more robust privacy guarantees. Yet, it is often disregarded that the utility of the anonymized results ...
An Emerging Strategy for Privacy Preserving Databases: Differential Privacy
HCI for Cybersecurity, Privacy and Trust
Abstract
Data De-identification and Differential Privacy are two possible approaches for providing data security and user privacy. Data de-identification is the process where the personal identifiable information of individuals is extracted to create ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy

June 2024

429 pages

ISBN:9798400704215

DOI:10.1145/3626232

General Chair:
João P. Vilela
University of Porto, Portugal
,
Program Chairs:
Haya Schulmann
Goethe-Universität Frankfurt | National Research Center for Applied Cybersecurity ATHENE, Germany
,
Ninghui Li
Purdue University, USA

Copyright © 2024 Owner/Author.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 June 2024

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Bundesministerium für Bildung und Forschung
Bundesministeriums für Bildung und Forschung

Conference

CODASPY '24

Sponsor:

SIGSAC

CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto, Portugal

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
196
Total Downloads

Downloads (Last 12 months)196
Downloads (Last 6 weeks)33

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Schneider MBuchmann ERahm E(2024)Distributed, Privacy-Aware Location Data Aggregation2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)10.1109/TPS-ISA62245.2024.00014(31-40)Online publication date: 28-Oct-2024
https://doi.org/10.1109/TPS-ISA62245.2024.00014

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten