Speaker
Description
ε-Differential privacy (DP) is a popular privacy model that has been promoted as the de facto standard in most data intensive areas. However, the selection of the privacy parameter ε (also called budget) in applications of DP remains an open challenge. Even though the meaning and implications of the value of ε are not fully understood, it is clear that large budget values are less privacy-preserving than small budget values and, since the privacy loss is exponential, when the budget exceeds 4 or 5, DP offers privacy in name only. But so far, it has been accepted that small budget values provide meaningful privacy and, thus, prevent disclosure. In this paper, we challenge this claim. First, we provide a clear and numerically quantifiable interpretation of ε in terms of disclosure. Then, we illustrate how knowledge of the underlying data may allow the adversary to adapt their attack method to result in greater levels of disclosure. We show that, for the same budget value and especially when this budget is small, the disclosure risk varies considerably. Thus, DP cannot offer actual ex ante guarantees against disclosure, no matter the value of ε. We conclude that users should not rely exclusively on the fact that they chose a small budget (or, more generally, on the use of DP), but they should empirically assess the disclosure risks for specific applications, considering both the underlying distribution of the data and the adversarial approach.