However that’s a different problem than the difficulty with other definitions. Not having a magic value of epsilon does not make differential privacy any difficult to enforce once you do pick epsilon.

It would seem that a discussion group for everyone implementing or thinking of implementing differential privacy would be valuable.

The organization I’m working with (The Common Data Project) is experimenting with using differential privacy to “automate” the release of sensitive data to the public.

One hurdle we’ve run up against is that there doesn’t seem to be an agreed upon “magic number” to quantify the “negligable impact” or “almost indiscernible” language in the guarantee?

Without such a quantity, we’re concerned that the differential privacy guarantee runs into some of the same problems that plague current definitions? (ie. vagueness which translates into difficult to enforce)

Does anyone here happen to know of any papers or discussions on this particular aspect of differential privacy? Any leads would be greatly appreciated!

We’ve documented our quest for the quantifiable guarantee in excruciating detail here: http://bit.ly/bj8gWF

But whatever. The burden of proof is not on me; the burden of proof is on you, to prove convincingly that it is possible to anonymize/privatize this kind of data, without loss of utility. So far, you haven’t done so. The ball’s in your court. Let’s see the proof.

For instance, how about demonstrating how you would have anonymized the first Netflix data set. Prove that your method preserves anonymity, and doesn’t eliminate utility. Then we can talk.

You seem to misunderstand differential privacy — I recommend sitting down and reading one of these papers. I don’t know what you mean when you say it “won’t actually work”. If you read the mathematical definition, you will see that it offers quite a strong privacy guarantee. And there are many papers showing that for a surprisingly large number of tasks, it does work — you get useful algorithms (including for netflix recommender systems) that -provably- preserve differential privacy.

TunedIT (http://tunedit.org) is a challenge platform where online data analysis is possible, without releasing the data. Participants may submit executable code of their learning algorithm, which is then trained and tested on a dataset that’s kept secret on the server.

This approach was used recently in Advanced Track of RSCTC Discovery Challenge that concerned DNA microarray data analysis (http://tunedit.org/challenge/RSCTC-2010-A) – online scoring of algorithms allowed for more precise evaluation, because every algorithm could have been trained multiple times on the same dataset, using different splits – something like cross-validation or leave-one-out approach. This was important because microarray data are very sparse by nature and single train+test evaluation doesn’t work pretty well.

Oh come on. The first thing I saw when I clicked that link was:

===
Unlike prior privacy work concerned with cryptographically securing the computation of recommendations, differential privacy constrains a computation in a way that precludes any inference about the underlying records from its output.
===

In other words, a better way of anonymizing data, such that its release does not impact privacy — something we both know won’t actually work.

Look. I’m totally sympathetic to your position. I’ll even grant that, if you hadn’t done all this, someone else would have, and people probably shouldn’t be angry at you for this inevitable happening. But, it’s where we are.