For a company that’s in the business of tracking users’ online activities, Google sure is going all out to prove it’s dead serious about privacy.
To that effect, the internet behemoth is open-sourcing a library that it uses to glean insights from aggregate data in a privacy-preserving manner.
Called Differentially Private SQL, the library leverages the idea of differential privacy (DP) — a statistical technique that makes it possible to collect and share aggregate information about users, while safeguarding individual privacy.
This allows developers and organizations to build tools that can learn from aggregate user data without revealing any personally identifiable information.
The technique can be particularly useful if companies want to share confidential data sets with one another without being exposed to de-anonymization (or re-identification) attacks.
Limiting exposure to personal information
“If you are a health researcher, you may want to compare the average amount of time patients remain admitted across various hospitals in order to determine if there are differences in care,” said Miguel Guevara. “Differential privacy is a high-assurance, analytic means of ensuring that use cases like this are addressed in a privacy-preserving manner.”
For those uninitiated, DP works by adding random noise to an individual’s information before it’s uploaded to the cloud. As a result, the total dataset can still reveal meaningful results — that, while not exact — is accurate enough without spilling that individual’s sensitive data.
What Google has open-sourced is essentially a technique that allows organizations to perform differentially private aggregations on databases. In addition to allowing multiple records to be associated with an individual user, “developers can compute counts, sums, averages, medians, and percentiles using our library,” the search giant said.
Google is not the only player
Differential Privacy undergirds the entirety of Apple’s machine learning algorithms that it uses to statistically anonymize iPhone user data and still draw useful results. But a study in 2017 found flaws in its approach especially with regards to the privacy budget (or privacy loss parameter) — that determines the tradeoff between accuracy and privacy.
One of Google’s own earliest initiatives with DP was RAPPOR, a method for anonymously crowdsourcing statistics from apps such as Chrome with “strong privacy guarantees.”
In addition, Google uses DP methods to protect all different types of information, like location data of its Google Fi mobile customers, and in and in designing features that help identify how popular is a restaurant’s dish in Google Maps.
Uber, likewise, has its own DP equivalent called FLEX that’s employed to limit queries from revealing too much about any individual Uber rider or driver.
A big list of open-source initiatives
Part of the reason why rolling out a DP scheme is not easy is because it requires the mechanism to be foolproof and ensure the data is safeguarded from all kinds of unintended consequences post release.
By making it open-source, Google hopes to seek extensive feedback from academia and the general tech community and improve its offering.
Differentially-private data analysis library also joins a long list of privacy-focused open-source initiatives — Federated Learning, TensorFlow Privacy, Private Join and Compute, Private Set Intersection, and confidential computing — all geared around improving privacy and security at different levels of the internet machinery.
“From medicine, to government, to business, and beyond, it’s our hope that these open-source tools will help produce insights that benefit everyone,” said Guevara.
In the end, jury is still out on the benefits of differential privacy. But even if it helps fix a few of the data security and protection problems ailing big tech today, it’s worth pursuing it.
Read next:
Facebook just launched its Dating service