Читать книгу Database Anonymization - David Sánchez - Страница 9

Preface

If jet airplanes ushered in the first dramatic reduction of our world’s perceived size, the next shrinking came in the mid 1990s, when the Internet became widespread and the Information Age started to become a reality. We now live in a global village and some (often quite powerful) voices proclaim that maintaining one’s privacy is as hopeless as it used to be in conventional small villages. Should this be true, the ingenuity of humans would have created their own nightmare.

Whereas security is essential for organizations to survive, individuals and sometimes even companies need also some privacy to develop comfortably and lead a free life. This is the reason individual privacy is mentioned in the Universal Declaration of Human Rights (1948) and data privacy is protected by law in most Western countries. Indeed, without privacy, other fundamental rights, like freedom of speech and democracy, are impaired. The outstanding challenge is to create technology that implements those legal guarantees in a way compatible with functionality and security.

This book is devoted to privacy preservation in data releases. Indeed, in our era of big data, harnessing the enormous wealth of information available is essential to increasing the progress and well-being of humankind. The challenge is how to release data that are useful for administrations and companies to make accurate decisions without disclosing sensitive information on specific identifiable individuals.

This conflict between utility and privacy has motivated research by several communities since the 1970s, both in official statistics and computer science. Specifically, computer scientists contributed the important notion of the privacy model in the late 1990s, with k-anonymity being the first practical privacy model. The idea of a privacy model is to state ex ante privacy guarantees that can be attained for a particular data set using one (or several) anonymization methods.

In addition to k-anonymity, we survey here its extensions l-diversity and t-closeness, as well as the alternative paradigm of differential privacy. Further, we draw on our recent research to report connections and synergies between all these privacy models: in fact, the k-anonymity-like models and differential privacy turn out to be more related than previously thought. We also show how microaggregation, a well-known family of anonymization methods that we have developed to a large extent since the late 1990s, can be used to create anonymization methods that satisfy most of the surveyed privacy models while improving the utility of the resulting protected data.

We sincerely hope that the reader, whether academic or practitioner, will benefit from this piece of work. On our side, we have enjoyed writing it and also conducting the original research described in some of the chapters.

Josep Domingo-Ferrer, David Sánchez, and Jordi Soria-Comas

January 2016