A Remote Analysis Server - What Does Regression Output Look Like?

This paper is concerned with the problem of balancing the competing objectives of allowing statistical analysis of confidential data while maintaining standards of privacy and confidentiality. Remote analysis servers have been proposed as a way to address this problem by delivering results of statistical analyses without giving the analyst any direct access to data. Several national statistical agencies operate successful remote analysis servers, see for example [1,12]. Remote analysis servers are not free from disclosure risk, and current implementations address this risk by "confidentialising" the underlying data and/or by denying some queries. In this paper we explore the alternative solution of "confidentialising" the output of a server so that no confidential information is revealed or can be inferred. In this paper we first review relevant results on remote analysis servers, and provide an explicit list of measures for confidentialising the output from a single regression query to a remote server, as suggested by Sparks et al. [22,23]. We give details of a fully worked example, and compare the confidentialised output from the query to a remote server with the output from a traditional statistical package.

[1]  George T. Duncan,et al.  Enhancing Access to Microdata while Protecting Confidentiality: Prospects for the Future , 1991 .

[2]  L. Speroff,et al.  The heart and estrogen/progestin replacement study (HERS). , 1998, Maturitas.

[3]  Damien McAullay,et al.  Remote access methods for exploratory data analysis and statistical modelling: Privacy-Preserving Analytics® , 2008, Comput. Methods Programs Biomed..

[4]  Jerome P. Reiter,et al.  Data Dissemination and Disclosure Limitation in a World Without Microdata: A Risk-Utility Framework for Remote Access Analysis Servers , 2005 .

[5]  P. Doyle,et al.  Confidentiality, Disclosure and Data Access: Theory and Practical Applications for Statistical Agencies , 2001 .

[6]  Alan F. Karr,et al.  Table servers protect confidentiality in tabular data releases , 2003, CACM.

[7]  George T. Duncan,et al.  Microdata disclosure limitation in statistical databases: query size and random sample query control , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Alan F. Karr,et al.  Web-Based Systems that Disseminate Information from Databases but Protect Confidentiality , 2002, Advances in Digital Government.

[9]  Jerome P. Reiter,et al.  New Approaches to Data Dissemination: A Glimpse into the Future (?) , 2004 .

[10]  Ramesh A. Dandekar,et al.  Maximum Utility-Minimum Information Loss Table Server Design for Statistical Disclosure Control of Tabular Data , 2004, Privacy in Statistical Databases.

[11]  Barry Schouten,et al.  Remote access systems for statistical analysis of microdata , 2003, Stat. Comput..

[12]  L. Willenborg,et al.  Elements of Statistical Disclosure Control , 2000 .

[13]  Jerome P. Reiter,et al.  Categorical data regression diagnostics for remote access servers , 2005 .

[14]  Arnold P. Reznek,et al.  Recent Confidentiality Research Related to Access to Enterprise Microdata , 2006 .

[15]  Jerome P. Reiter,et al.  Model Diagnostics for Remote Access Regression Servers , 2003, Stat. Comput..

[16]  S B Hulley,et al.  Heart and Estrogen/progestin Replacement Study (HERS): design, methods, and baseline characteristics. , 1998, Controlled clinical trials.