1. De-anonymizing, Preserving
and Democratizing Data Privacy
and Ownership
Saurabh Gupta, PhD18001

2. Agenda
1. Motivation
a. Why privacy?
b. Privacy breaches associated with anonymized data releases.
2. Research Overview
3. De-anonymization
a. Voter Privacy Leaks
4. Privacy Preservation
a. Privacy Protection for heterogeneous data releases
b. ImdpGAN Architecture: for private synthetic image data release
c. Pyadel: for private multi table synthetic data release
d. Counterfactual generation for treatment effect inference data release
5. Democratization of Ownership
a. Owned: a consent first architecture that gives ownership back to the user
2

3. Privacy is Paramount
Having privacy enforces a limit on power that others have over you
- Personal data can be used to affect our reputations.
- It can be used to influence our decisions and shape our behavior.
- It can be used as a tool to exercise control over us.
- In the wrong hands, personal data can be used to cause us great harm.
3

4. Privacy is Paramount
Freedom of Thought and Speech
- Privacy is key to protecting speaking unpopular messages.
- Privacy allows open and healthy criticism.
Freedom of Social and Political Activities
- Privacy helps protect our ability to associate with other people and engage in political activity.
- We protect privacy at the ballot because of the concern that failing to do so would chill people’s voting
their true conscience.
- A watchful eye can disrupt and unduly influence these activities.
4

5. Privacy is Paramount
Ability to Change and Have Second Chances
- Privacy nurtures the ability to grow and mature without being shackled with all the foolish things they
might have done in the past.
- Many people are not static; they change and grow throughout their lives. There is a great value in the
ability to have a second chance, to be able to move beyond a mistake, to be able to reinvent oneself.
- Privacy encourages and facilitates growth and improvement.
5

6. Privacy is Paramount
Trust
- In relationships, whether personal, professional, governmental, or commercial, we depend upon
trusting the other party.
- Breaches of confidentiality are breaches of that trust.
- Privacy is a great enabler of trust.
6

7. Reasons of Privacy Breaches
- Hacking
- Poor Security
- Misconfigurations
- Stolen/Lost Media
- Accidentally published
- Data collected and Sold (Data Brokers)
- Public Anonymized Releases and De-anonymization
We focus on privacy breaches that occur due to sold data/public anonymized
releases
7

8. Examples of
Breaches
8
Due to anonymized public
release or data trades

9. Location data collected by LIFE360 and sold to brokers
9

10. Knowing just 15 attributes can identify almost the whole American
population
10

11. AOL’s anonymized data release…
11

12. …leads to re identification of Therma Arnold -> using search queries
like numb fingers, 60s single men, dog that urinates on everything
12

13. towerd@ata identifying users correctly without requiring any
identifier
13

14. Cross linking newspaper stories and anonymized health records
14

15. Netflix Deanonymization
15

16. 16
Research Overview

17. De-Anonymizing
Cross linking publicly available
information from multiple sources is a
“CAT AND MOUSE GAME”.
It will go on endlessly. To show that it is
possible we cross-linked data from two
sources to reveal PII of users.
17

18. Privacy Preservation
For the attacker named Jerry, data is
cheese.
Jerry is a turophile, they will always
look for cheese, especially when it
belongs to someone else.
We built tools for Tom protect the
cheese from getting stolen or
accidentally spilled.
18
Someone who loves cheese

19. Democratization
In the long run, for a successful
technological advancement, we want
Tom and Jerry to communicate and
have a peaceful and healthy
relationship with mutual respect of
choices.
Privacy should be a default setting. Any
organization collecting/using user data
must reach out and ask for consent.
19

20. De-Anonymizing
20

21. Voter Privacy leaks: Definition and Examples
Twitter users reveal their political inclinations, directly or indirectly, by tweeting
the party or candidate they voted for. We call the phenomena as [Voter Privacy
Leaks].
21

22. Voter Privacy Leak: Successfully cross linked to corresponding
Electoral roll
22

23. Voter Privacy Leak: Browser based nudge to prevent users from
posting
23

24. Privacy
Preservation
24

25. Limitations of anonymization techniques
If completely random values are assigned (i.e. anonymization using substitution
and random shuffling)
- Loss of data utility.
- Resulting data cannot provide intelligent insights.
If values are anonymized by masking real values
- Prone to cross-linking attacks resulting in deanonymization.
25

26. Differential Privacy is the solution
- Adds ‘noise’ to an aggregate query result to protect privacy without significantly affecting
the outcome.
- If there are two identical databases, one with the required information, and another without,
DP ensures that the probability of a statistical query to produce a given result is nearly the
same for both the databases.
- It adds noise to individual data, which is averaged out when the data is aggregated to deliver
results much closer to the original.
26

27. Differential Privacy is the solution
27

28. Differential Privacy is the solution
Privacy versus Utility Tradeoff
28

29. Privacy Preservation for heterogeneous data release
- Survey paper to understand how
differential privacy is used with different
types of data formats to create synthetic
data for public releases.
- Our work focuses on using differential
privacy with machine learning
(specifically generative models).
29

30. Privacy Preservation for heterogeneous data release
Researchers in most cases have
provided an interface equipped with
differential privacy mechanisms that
induces noise to query results.
30

31. We contribute towards providing
technologies that can generate a synthetic
and private dataset (sanitized dataset) that
can be shared with public without facing the
consequence of cross linking attacks and
putting individual’s private information at
risk.
31
Privacy Preservation for heterogeneous data release

32. Differential Privacy + Generative Models
32

33. Research Gap
We realized there’s a gap in technologies that can generate synthetic datasets for
public release and guarantee privacy protection even when the dataset is
vulnerable to cross-linking attacks.
Differential privacy adds the factor of “plausible deniability” in individual
samples. In simpler terms, one can always say that the sample does not belong to
them with a certain probability.
33

34. Example…
Survey of individuals to collect
information on whether they smoke or
not.
No response can be linked to an
individual participating in the survey
with absolute certainty (100%
probability).
34

35. ImdpGAN Architecture: for private synthetic image data release
35

36. ImdpGAN Architecture: for private synthetic image data release
36

37. Utility vs Privacy Tradeoff
37
ImdpGAN Architecture: for private synthetic image data release

38. Pyadel: for private multi table synthetic data release
Generating single table data privately works well, but the problem arises when we have multiple
tables, where the relationship between attributes from multiple tables might or not might be
explicitly defined.
Two challenges:
- Generated data must have the same statistics as the original data.
- Generated data must satisfy the functional dependencies present in the original data.
38

39. Pyadel: for private multi table synthetic data release
39

40. Counterfactual generation for treatment effect inference data
release
- In treatment effect studies, it is not always
possible to analyze alternate paths of
treatment.
- Therefore, we are trying to build a robust
classifier along with private counterfactuals
that represent alternate treatment paths.
- We want to statistically show that the
generated counterfactuals can be used as a
precursor to a Randomized Controlled
Trials.
(Domain Knowledge + Synthetic Data
Generation)
40

41. Two steps for generating counterfactuals
Step 1: Building a robust classifier
41
Step 2: Use the classifier and synthetic
generation techniques to generate treatment
paths.

42. Building a
Robust
Classifier
42

43. Building a
Robust
Classifier
43

44. Building a
Robust
Classifier
44

45. Building a
Robust
Classifier
45

46. Counterfactual Generation
46
Planning to use statistical correlations and domain knowledge to validate
counterfactuals.

47. Democratization
47

48. EU has forced applications to disclose the use of cookies and
provide an option to opt-out.
48

49. Survey suggests that cookie banners are boring
49

50. Owned: a consent first architecture
that gives ownership back to the user
- A consent first framework.
- Gives granular control over each
attribute of data.
- Provides maximum privacy as a default
setting.
50

51. Thank you for your time!
51