Optimal Privacy-Constrained Mechanisms

Modern information technologies make it possible to store, analyze and trade unprecedented amounts of detailed information about individuals. This has led to public discussions on whether individuals' privacy should be better protected by restricting the amount or the precision of information that is collected by commercial institutions on its participants. We contribute to this discussion by proposing a Bayesian approach to measure loss of privacy and applying it to the design of optimal mechanisms. Specifically, we define the loss of privacy associated with a mechanism as the difference between the designer's prior and posterior beliefs about an agent's type, where this difference is calculated using Kullback-Leibler divergence, and where the change in beliefs is triggered by actions taken by the agent in the mechanism. We consider both ex-ante (the expected difference in beliefs over all type realizations cannot exceed some threshold k) and ex-post (for every realized type, the maximal difference in beliefs cannot exceed some threshold k) measures of privacy loss. Using these notions we study the properties of optimal privacy-constrained mechanisms and the relation between welfare/profits and privacy levels.

[1]  S. Rosen,et al.  Monopoly and product quality , 1978 .

[2]  Theodore Groves,et al.  Information, Incentives, and Economic Mechanisms: Essays in Honor of Leonid Hurwicz , 1987 .

[3]  Michal Feldman,et al.  Mechanism design with a restricted action space , 2013, Games Econ. Behav..

[4]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[5]  Dilip Mookherjee,et al.  A theory of responsibility centers , 1992 .

[6]  Viatcheslav V. Vinogradov,et al.  Mathematics for Economists , 2010 .

[7]  Yu-Han Lyu,et al.  Approximately optimal auctions for selling privacy when costs are correlated with data , 2012, EC '12.

[8]  Jerry R. Green,et al.  Incentive Theory with Data Compression , 1986 .

[9]  Ronen Gradwohl,et al.  Privacy in implementation , 2012, Social Choice and Welfare.

[10]  Filip Matejka,et al.  Rational Inattention to Discrete Choices: A New Foundation for the Multinomial Logit Model , 2011 .

[11]  Lei Ying,et al.  On the relation between identifiability, differential privacy, and mutual-information privacy , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[12]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[13]  Noam Nisan,et al.  Auctions with Severely Bounded Communication , 2007, J. Artif. Intell. Res..

[14]  Aaron Roth,et al.  Take It or Leave It: Running a Survey When Privacy Comes at a Cost , 2012, WINE.

[15]  Curtis R. Taylor,et al.  The Economics of Privacy , 2016 .

[16]  Filip Matějka,et al.  Rationally Inattentive Seller: Sales and Discrete Pricing , 2010 .

[17]  Aaron Roth,et al.  Mechanism design in large games: incentives and privacy , 2012, ITCS.

[18]  Nenad Kos,et al.  Communication and E¢ ciency in Auctions , 2011 .

[19]  KokolakisSpyros Privacy attitudes and privacy behaviour , 2017 .

[20]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[21]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[22]  Spyros Kokolakis,et al.  Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon , 2017, Comput. Secur..

[23]  Moshe Babaioff,et al.  The communication burden of payment determination , 2013, Games Econ. Behav..

[24]  Moshe Tennenholtz,et al.  Approximately optimal mechanism design via differential privacy , 2010, ITCS '12.

[25]  Josep Domingo-Ferrer,et al.  From t-Closeness-Like Privacy to Postrandomization via Information Theory , 2010, IEEE Transactions on Knowledge and Data Engineering.

[26]  Bartosz Mackowiak,et al.  Business Cycle Dynamics Under Rational Inattention , 2011, SSRN Electronic Journal.

[27]  Timothy Van Zandt COMMUNICATION COMPLEXITY AND MECHANISM DESIGN , 2007 .

[28]  Aaron Roth,et al.  Selling privacy at auction , 2010, EC '11.

[29]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[30]  C. Sims Implications of rational inattention , 2003 .

[31]  Menno D. T. de Jong,et al.  The privacy paradox - Investigating discrepancies between expressed privacy concerns and actual online behavior - A systematic literature review , 2017, Telematics Informatics.

[32]  Ilya Segal,et al.  The Communication Cost of Sel shness , 2007 .

[33]  Yun Xu,et al.  Multi-dimensional mechanism design with limited information , 2012, EC '12.

[34]  Thomas M. Cover,et al.  Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing) , 2006 .

[35]  Dilip Mookherjee,et al.  Mechanism Design with Communication Constraints , 2014, Journal of Political Economy.

[36]  Theodore Groves,et al.  Limited Communication and Incentive-Compatibility , 1987 .