Differential Privacy – Mental Models 4 Life

On the Semantics of Differential Privacy and Its Responsible Use

September 15, 2025

Differential Privacy (DP) is one of the most widely adopted formal model of privacy protection but its semantics, especially in the presence of correlated data and in the adversarial interactive setting, is still not broadly understood among data science practitioners. In this paper, we first look at how DP originated from research on database-reconstruction attacks … More On the Semantics of Differential Privacy and Its Responsible Use

Data Security vs Cyber Security

July 20, 2025

Cyber security and data security are closely related concepts that operate at different levels and provide different safeguards. Cyber security is primarily about controlling access to systems and data through different security protection mechanisms, from the physical network layer all the way to the application layer. These security mechanisms come primarily in the form of … More Data Security vs Cyber Security

Dealing with Linkage Attacks using Differential Privacy

September 13, 2024

A key claim of differential privacy in [DR14] is that it provides “automatic neutralization of linkage attacks, including all those attempted with all past, present, and future datasets and other forms and sources of auxiliary information”. This is an important and often repeated claim — see e.g. [N17, Section E] and [PR23] — but the … More Dealing with Linkage Attacks using Differential Privacy

What Can Differential Privacy Actually Protect?

July 6, 2024

Differential Privacy (DP) is, by now, the most widely adopted formal model of privacy protection used in industry [L23] and government [ABS22] but my sense is that its “semantics”, especially in the presence of correlated data and in the adversarial interactive setting, is still not broadly understood in the community, especially among practitioners. In the … More What Can Differential Privacy Actually Protect?

How To Deal with Database Reconstruction Attacks

March 9, 2024

I have been thinking about data security issues, in particular database-reconstruction attacks. To quote Wikipedia, a reconstruction attack is any method for partially reconstructing a private database from public aggregate information. The question I am specifically interested in is this: Can an attacker with general interactive query access to a dataset recover a piece of … More How To Deal with Database Reconstruction Attacks

FinTracer and Friends

June 25, 2023

About 5 years ago, Tania Churchill and I assembled a team of researchers and engineers across AUSTRAC and ANU to work on privacy technologies for detecting criminal activities across the financial system, funded by the Fintel Alliance Expansion budget measure, the Investigative Analytics NPP (led by CSIRO’s Data61), and an ANU Translational Fellowship. The overall … More FinTracer and Friends

Split Count and Share: A Differentially Private Set Intersection Cardinality Algorithm

June 11, 2023

My colleagues Mike Purcell, Kelvin Yang Li and I have a new paper on differentially private set intersection cardinality algorithm accepted at this year’s Uncertainty in Artificial Intelligence conference. Here is the abstract:We describe a simple two-party protocol in which each party contributes a set as input. The output of the protocol is an estimate … More Split Count and Share: A Differentially Private Set Intersection Cardinality Algorithm

Private Graph Data Release using Differential Privacy

July 13, 2021

A few colleagues and I have just put on arXiv a new survey paper on Private Graph Data Release, which took us nearly 9 months to write. Here’s the abstract: The application of graph analytics to various domains have yielded tremendous societal and economical benefits in recent years. However, the increasingly widespread adoption of graph … More Private Graph Data Release using Differential Privacy

Distributed Privacy-Preserving Prediction

November 3, 2019

Another day, another paper, this time by my postdoc Lingjuan Lyu and a few collaborators. Here’s the abstract: In privacy-preserving machine learning, individual parties are reluctant to share their sensitive training data due to privacy concerns. Even the trained model parameters or prediction can pose serious privacy leakage. To address these problems, we demonstrate a … More Distributed Privacy-Preserving Prediction