The fields of law and computer science incorporate contrasting notions of the privacy risks associated with the analysis and release of statistical data about individuals and groups of individuals. Emerging concepts from the theoretical computer science literature provide formal mathematical models for quantifying and mitigating privacy risks, where the set of risks they take into account is much broader than the privacy risks contemplated by many privacy laws. An example of such a model is differential privacy, which provides a provable guarantee of privacy against a wide range of potential attacks, including types of attacks currently unknown or unforeseen. The subject of much theoretical investigation, new privacy technologies based on formal models have recently been making significant strides towards practical implementation. For these tools to be used with sensitive personal information, it is important to demonstrate that they satisfy relevant legal requirements for privacy protection. However, making such an argument is challenging due to the conceptual gaps between the legal and technical approaches to defining privacy. Notably, information privacy laws are generally subject to interpretation and some degree of flexibility, which creates uncertainty for the implementation of more formal approaches. This Article articulates the gaps between legal and technical approaches to privacy and presents a methodology for rigorously arguing that a technological method for privacy protection satisfies the requirements of a particular law. The proposed methodology has two main components: (i) extraction of a formal mathematical requirement of privacy based on a legal standard found in an information privacy law, and (ii) construction of a rigorous mathematical proof for establishing that a technological privacy solution satisfies the mathematical requirement derived from the law. To handle ambiguities that can lead to different interpretations of a legal standard, the methodology takes a conservative “worst-case” approach and attempts to extract a mathematical requirement that is robust to potential ambiguities. Under this approach, the mathematical proof demonstrates that a technological method satisfies a broad range of reasonable interpretations of a legal standard. The Article demonstrates the application of the proposed methodology with an example bridging between the requirements of the Family Educational Rights and Privacy Act of 1974 and differential privacy.

%7 2
%I Harvard Journal of Law & Technology
%V 31
%P 687-780
%8 2016
%G eng
%U https://jolt.law.harvard.edu/assets/articlePDFs/v31/02.-Article-Wood-7.21.pdf
%0 Conference Paper
%B Theory of Cryptography Conference (TCC 2016)
%D 2018
%T The Complexity of Computing the Optimal Composition of Differential Privacy
%A Jack Murtagh
%A Salil Vadhan
%X In the study of differential privacy, composition theorems (starting with the original paper of Dwork, McSherry, Nissim, and Smith (TCC'06)) bound the degradation of privacy when composing several differentially private algorithms. Kairouz, Oh, and Viswanath (ICML'15) showed how to compute the optimal bound for composing k arbitrary (ϵ,δ)-differentially private algorithms. We characterize the optimal composition for the more general case of k arbitrary (ϵ1,δ1),…,(ϵk,δk)-differentially private algorithms where the privacy parameters may differ for each algorithm in the composition. We show that computing the optimal composition in general is #P-complete. Since computing optimal composition exactly is infeasible (unless FP=#P), we give an approximation algorithm that computes the composition to arbitrary accuracy in polynomial time. The algorithm is a modification of Dyer's dynamic programming approach to approximately counting solutions to knapsack problems (STOC'03).

%B Theory of Cryptography Conference (TCC 2016) %7 8 %I Theory of Computing (2018) %V 14 %P 1-35 %G eng %U http://theoryofcomputing.org/articles/v014a008/ %0 Generic %D 2018 %T Composable and Versatile Privacy via Truncated CDP (Poster) %A Mark Bun %A Cynthia Dwork %A Guy Rothblum %A Thomas Steinke %B ACM Symposium on the Theory of Computing (STOC 2018) %G eng %0 Journal Article %D 2018 %T Computational Two-Party Correlation: A Dichotomy for Key-Agreement Protocols %A Iftach Haitner %A Ronen Shaltiel %A Jad Silbak %A Kobbi Nissim %A Eran Omri %G eng %U https://www.irif.fr/~focs2018/accepted/ %0 Journal Article %J Vanderbilt Journal of Entertainment and Technology Law %D 2018 %T Differential Privacy: A Primer for a Non-technical Audience %A Kobbi Nissim %A Thomas Steinke %A Alexandra Wood %A Micah Altman %A Aaron Bembenek %A Mark Bun %A Marco Gaboardi %A O'Brien, David %A Salil Vadhan %XThis document is a primer on differential privacy, which is a formal mathematical framework for guaranteeing privacy protection when analyzing or releasing statistical data. Recently emerging from the theoretical computer science literature, differential privacy is now in initial stages of implementation and use in various academic, industry, and government settings. Using intuitive illustrations and limited mathematical formalism, this document provides an introduction to differential privacy for non-technical practitioners, who are increasingly tasked with making decisions with respect to differential privacy as it grows more widespread in use. In particular, the examples in this document illustrate ways in which social scientists can conceptualize the guarantees provided by differential privacy with respect to the decisions they make when managing personal data about research subjects and informing them about the privacy protection they will be afforded.

%B Vanderbilt Journal of Entertainment and Technology Law %I a product of the "Bridging Privacy Definitions" working group, part of the Privacy Tools for Sharing Research Data project at Harvard University %C Cambridge, MA %V 21 %P 209-276 %8 2018 %G eng %N 1 %0 Journal Article %J 9th Innovations in Theoretical Computer Science Conference (ITCS 2018) %D 2018 %T Finite Sample Differentially Private Confidence Intervals %A Vishesh Karwa %A Salil Vadhan %X We study the problem of estimating finite sample confidence intervals of the mean of a normal population under the constraint of differential privacy. We consider both the known and unknown variance cases and construct differentially private algorithms to estimate confidence intervals. Crucially, our algorithms guarantee a finite sample coverage, as opposed to an asymptotic coverage. Unlike most previous differentially private algorithms, we do not require the domain of the samples to be bounded. We also prove lower bounds on the expected size of any differentially private confidence set showing that our the parameters are optimal up to polylogarithmic factors. %B 9th Innovations in Theoretical Computer Science Conference (ITCS 2018) %G eng %U https://arxiv.org/abs/1711.03908 %0 Journal Article %J IEEE Security & Privacy %D 2018 %T A Harm-Reduction Framework for Algorithmic Accountability over Personal Information %A Micah Altman %A Alexandra Wood %A Effy Vayena %B IEEE Security & Privacy %V 16 %P 34-45 %G eng %U https://ieeexplore.ieee.org/document/8395114/ %N 3 %0 Journal Article %J Philosophical Transaction of the Royal Society A %D 2018 %T Is Privacy