https://journalprivacyconfidentiality.org/index.php/jpc <p>The <em>Journal of Privacy and Confidentiality</em>&nbsp;is an open-access multi-disciplinary journal whose purpose is to facilitate the coalescence of research methodologies and activities in the areas of privacy, confidentiality, and disclosure limitation. The JPC seeks to publish a wide range of research and review papers, not only from academia, but also from government (especially official statistical agencies) and industry, and to serve as a forum for exchange of views, discussion, and news.</p> Cornell University, ILR School en-US Journal of Privacy and Confidentiality 2575-8527 <p>Copyright is retained by the authors. By submitting to this journal, the author(s) license the article under the <a href="https://creativecommons.org/licenses/by-nc-nd/4.0/">Creative Commons License – Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)</a>, unless choosing a more lenient license (for instance, public domain). For situations not allowed under CC BY-NC-ND, short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source.</p> <p>Authors of articles published by the journal grant the journal the right to store the articles in its databases for an unlimited period of time and to distribute and reproduce the articles electronically.</p> https://journalprivacyconfidentiality.org/index.php/jpc/article/view/813 <p class="p1">Despite recent widespread deployment of differential privacy, relatively little is known about what users think of differential privacy. In this work, we seek to explore users' privacy expectations related to differential privacy. Specifically, we investigate (1) whether users care about the protections afforded by differential privacy, and (2) whether they are therefore more willing to share their data with differentially private systems. Further, we attempt to understand (3) users' privacy expectations of the differentially private systems they may encounter in practice and (4) their willingness to share data in such systems. To answer these questions, we use a series of rigorously conducted surveys (n=2424).</p> <p class="p2">&nbsp;</p> <p class="p1">We find that users care about the kinds of information leaks against which differential privacy protects and are more willing to share their private information when the risks of these leaks are less likely to happen.<span class="Apple-converted-space">&nbsp; </span>Additionally, we find that the ways in which differential privacy is described in-the-wild haphazardly set users' privacy expectations, which can be misleading depending on the deployment. We synthesize our results into a framework for understanding a user's willingness to share information with differentially private systems, which takes into account the interaction between the user's prior privacy concerns and how differential privacy is described.</p> Rachel Cummings Gabriel Kaptchuk Elissa Redmiles Copyright (c) 2022 Rachel Cummings, Gabriel Kaptchuk, Elissa Redmiles http://creativecommons.org/licenses/by-nc-nd/4.0 2023-08-31 2023-08-31 13 1 10.29012/jpc.813 https://journalprivacyconfidentiality.org/index.php/jpc/article/view/808 <p>Protecting the privacy of people whose data is used by machine learning algorithms is important. Differential Privacy is the appropriate mathematical framework for formal guarantees of privacy, and boosted decision trees are a popular machine learning technique. So we propose and test a practical algorithm for boosting decision trees that guarantees differential privacy. Privacy is enforced because our booster never puts too much weight on any one example; this ensures that each individual's data never influences a single tree "too much." Experiments show that this boosting algorithm can produce better model sparsity and accuracy than other differentially private ensemble classifiers.</p> Mohammadmahdi Jahanara Vahid Asadi Marco Carmosino Akbar Rafiey Bahar Salamatian Copyright (c) 2023 Mohammadmahdi Jahanara, Vahid Asadi, Marco Carmosino, Akbar Rafiey, Bahar Salamatian http://creativecommons.org/licenses/by-nc-nd/4.0 2023-08-31 2023-08-31 13 1 10.29012/jpc.808 https://journalprivacyconfidentiality.org/index.php/jpc/article/view/791 <p>In this work we describe the High-Dimensional Matrix Mechanism (HDMM),<br>a differentially private algorithm for answering a workload of predicate counting queries.&nbsp; HDMM represents query workloads using a compact implicit matrix representation and exploits this representation to efficiently optimize over (a subset of) the space of differentially private algorithms for one that is unbiased and answers the input query workload with low expected error. HDMM can be deployed for both ϵ-differential privacy (with Laplace noise) and (<span class="mwe-math-element">ϵ,</span>&nbsp;δ)-differential privacy (with Gaussian noise), although the core techniques are slightly different for each. We demonstrate empirically that HDMM can efficiently answer queries with lower expected error than state-of-the-art techniques, and in some cases, it nearly matches existing lower bounds for the particular class of mechanisms we consider.</p> Ryan McKenna Gerome Miklau Michael Hay Ashwin Machanavajjhala Copyright (c) 2023 Ryan McKenna, Gerome Miklau, Michael Hay, Ashwin Machanavajjhala http://creativecommons.org/licenses/by-nc-nd/4.0 2023-08-31 2023-08-31 13 1 10.29012/jpc.791 https://journalprivacyconfidentiality.org/index.php/jpc/article/view/767 <p>As the Census Bureau strives to modernize its disclosure avoidance efforts in all of its outputs, synthetic data has become a successful way to provide external researchers a chance to conduct a wide variety of analyses on microdata while still satisfying the legal objective of protecting privacy of survey respondents. Some of the most useful variables for researchers are some of the trickiest to model: relationships between records. These can be family relationships, household relationships, or employer-employee relationships to name a few. This paper describes a method to match synthetic records together in a way that mimics the covariation between related records in the underlying, protected data.</p> Gary Benedetto Evan Totty Copyright (c) 2023 Gary Benedetto, Evan Totty http://creativecommons.org/licenses/by-nc-nd/4.0 2023-08-31 2023-08-31 13 1 10.29012/jpc.767