Abstract
The threat of reconstruction attacks has led the U.S. Census Bureau (USCB) to replace in the Decennial Census 2020 the traditional statistical disclosure limitation based on rank swapping with one based on differential privacy (DP), leading to substantial accuracy loss of released statistics. Yet, it has been argued that, if many different reconstructions are compatible with the released statistics, most of them do not correspond to actual original data, which protects against respondent reidentification. Recently, a new attack has been proposed, which incorporates the confidence that a reconstructed record was in the original data. The alleged risk of disclosure entailed by such confidence-ranked reconstruction has renewed the interest of the USCB to use DP-based solutions. To forestall a potential accuracy loss in future releases, we show that the proposed reconstruction is neither effective as a reconstruction method nor conducive to disclosure as claimed by its authors. Specifically, we report empirical results showing the proposed ranking cannot guide reidentification or attribute disclosure attacks, and hence fails to warrant the utility sacrifice entailed by the use of DP to release census statistical data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abowd, J.: Declaration of John M. Abowd. Case no. 3:21-CV-211-RAH-ECM-KCN (2021)
Abowd, J., Hawes, M.: Confidentiality protection in the 2020 U.S. Census of population and housing. Annu. Rev. Stat. Appl. 10, 119–144 (2023)
Blanco-Justicia, A., Sánchez, D., Domingo-Ferrer, J., Muralidhar, K.: A critical review on the use (and misuse) of differential privacy in machine learning. ACM Comput. Surv. 55(8), 1–16 (2023)
Daily, D.: Disclosure avoidance protection for the American Community Survey (2022). https://www.census.gov/newsroom/blogs/random-samplings/2022/12/disclosure-avoidance-protections-acs.html. Accessed 3 May 2023
Dick, T., et al.: Confidence-ranked reconstruction of census microdata from published statistics. Proc. Natl. Acad. Sci. U.S.A. 120(8), e2218605120 (2023)
Dick, T., et al.: Reply to Sánchez et al.: multiplicity does not protect privacy. Proc. Natl. Acad. Sci. U.S.A. 120(8), e2304263120 (2023)
Domingo-Ferrer, J., Sánchez, D., Blanco-Justicia, A.: The limits of differential privacy (and its misuse in data release and machine learning). Commun. ACM 64(7), 33–35 (2021)
Dove, I.: Applying differential privacy protection to ONS mortality data. Pilot study (2021). https://www.ons.gov.uk/peoplepopulationandcommunity/birthsdeathsandmarriages/deaths/methodologies/applyingdifferentialprivacyprotectiontoonsmortalitydatapilotstudy. Accessed 23 May 2023
Gehrke, J., Hay, M., Lui, E., Pass, R.: Crowd-blending privacy. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology – CRYPTO 2012. CRYPTO 2012. LNCS, vol. 7417, pp. 479–496. Springer, Berlin, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_28
Hawes, M.: Reconstruction and reidentification of the Demographic and Housing Characteristics file (DHC) (2022). https://www2.census.gov/about/partners/cac/sac/meetings/2022-09/presentation-reconstruction-and-re-dentification-of-dhc-file.pdf. Accessed 14 Mar 2023
Hotz, V., et al.: Balancing data privacy and usability in the federal statistical system. Proc. Natl. Acad. Sci. U.S.A. 119(31), e2104906119 (2022)
Keller, S., Abowd, J.: Database reconstruction does compromise confidentiality. Proc. Natl. Acad. Sci. U.S.A. 120(12), e2300976120 (2023)
Kenny, C., Kuriwaki, S., McCartan, C., Rosenman, E., Simko, T., Imai, K.: The use of differential privacy for census data and its impact on redistricting: the case of the 2020 U.S. Census. Sci. Adv. 7(41) (2021)
Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: privacy beyond k-anonymity and l-diversity. In: 23rd IEEE International Conference on Data Engineering (ICDE’07), pp. 106–115 (2007)
Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 3–es (2007)
Menger, G.: Using 2020 Census data (2021). https://appliedgeographic.com/2021/09/using-2020-census-data/. Accessed 9 May 2023
Muralidhar, K.: A Re-examination of the census bureau reconstruction and reidentification attack. In: Domingo-Ferrer, J., Laurent, M. (eds.) Privacy in Statistical Databases. PSD 2022. LNCS, vol. 13463, pp. 312–323. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-13945-1_22
Muralidhar, K., Domingo-Ferrer, J.: Database reconstruction is not so easy and is different from reidentification. J. Off. Stat. 39(3), 381–398 (2023)
Ruggles, S., Riper, D.V.: The role of chance in the Census Bureau database reconstruction experiment. Popul. Res. Policy Rev. 41, 781–788 (2022)
Samarati, P.: Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)
Santos-Lozada, A., Howard, J., Verdery, A.M.: How differential privacy will affect our understanding of health disparities in the united states. Proc. Natl. Acad. Sci. U.S.A. 117(24), 13405–13412 (2020)
Schneider, M.: Researchers ask Census to stop controversial privacy method (2022). https://www.usnews.com/news/business/articles/2022-08-08/researchers-ask-census-to-stop-controversial-privacy-method. Accessed 15 May 2023
U.S. Census Bureau: Developing the DAS: Demonstration data and progress metrics (2020). https://www.census.gov/programs-surveys/decennial-census/decade/2020/planningmanagement/process/disclosure-avoidance/2020-das-development.html
U.S. Census Bureau: Disclosure avoidance for the 2020 Census: An introduction (2021). https://www2.census.gov/library/publications/decennial/2020/2020-census-disclosure-avoidance-handbook.pdf. Accessed 15 May 2023
Zayatz, L., Lucero, J., Massell, P., Ramanayake, A.: Disclosure avoidance for Census 2010 and American Community Survey five-year tabular data products. Technical report. RRS2009-10, Census Bureau (2009). https://www.census.gov/content/dam/Census/library/working-papers/2009/adrm/rrs2009-10.pdf. Accessed 9 Mar 2023
Zayatz, L., Lucero, J., Massell, P., Ramanayake, A.: Disclosure avoidance for Census 2010 and American Community Survey five-year tabular data products (2009), https://www.census.gov/content/dam/Census/library/working-papers/2009/adrm/rrs2009-10.pdf, accessed 9 May 2023
Acknowledgments
This research was funded by the European Commission (project H2020-871042 “SoBigData++”), the Government of Catalonia (ICREA Acadèmia Prizes to J. Domingo-Ferrer and to D. Sánchez and grant 2021SGR-00115), MCIN/AEI/ 10.13039/501100011033 and “ERDF A way of making Europe” under grants PID2021-123637NB-I00 “CURLING” and PRE2019-089210, and INCIBE and European Union NextGenerationEU/PRTR (project “HERMES” and INCIBE-URV Cybersecurity Chair).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sánchez, D., Jebreel, N., Muralidhar, K., Domingo-Ferrer, J., Blanco-Justicia, A. (2024). An Examination of the Alleged Privacy Threats of Confidence-Ranked Reconstruction of Census Microdata. In: Domingo-Ferrer, J., Önen, M. (eds) Privacy in Statistical Databases. PSD 2024. Lecture Notes in Computer Science, vol 14915. Springer, Cham. https://doi.org/10.1007/978-3-031-69651-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-69651-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-69650-3
Online ISBN: 978-3-031-69651-0
eBook Packages: Computer ScienceComputer Science (R0)