[论文解读] What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy
该论文提出三种解释(odds-text、odds-vis、sample reports)以向最终用户传达差分隐私的预算参数 epsilon,并在情景研究中对其进行评估,结果显示基于几率的解释在客观风险理解方面更优,且在披露 epsilon 时提高了数据分享意愿。
Differential privacy (DP) is a mathematical privacy notion increasingly deployed across government and industry. With DP, privacy protections are probabilistic: they are bounded by the privacy budget parameter, $ε$. Prior work in health and computational science finds that people struggle to reason about probabilistic risks. Yet, communicating the implications of $ε$ to people contributing their data is vital to avoiding privacy theater -- presenting meaningless privacy protection as meaningful -- and empowering more informed data-sharing decisions. Drawing on best practices in risk communication and usability, we develop three methods to convey probabilistic DP guarantees to end users: two that communicate odds and one offering concrete examples of DP outputs. We quantitatively evaluate these explanation methods in a vignette survey study ($n=963$) via three metrics: objective risk comprehension, subjective privacy understanding of DP guarantees, and self-efficacy. We find that odds-based explanation methods are more effective than (1) output-based methods and (2) state-of-the-art approaches that gloss over information about $ε$. Further, when offered information about $ε$, respondents are more willing to share their data than when presented with a state-of-the-art DP explanation; this willingness to share is sensitive to $ε$ values: as privacy protections weaken, respondents are less likely to share data.
研究动机与目标
- Motivate the need for better communication of DP to data contributors.
- Develop portable explanations that convey the implications of epsilon without technical details.
- Ground explanations in risk-communication and usability best practices.
- Evaluate the explanations with end users using a vignette survey and multiple metrics.
提出的方法
- Design three explanation methods for epsilon: odds-text, odds-vis, and sample reports.
- Embed explanations in a workplace data-sharing vignette under central DP with Laplace noise.
- Evaluate explanations via a 963-participant online survey on objective risk comprehension, subjective understanding, self-efficacy, and willingness to share.
- Use a 3×4×2 between-subjects design (explanation method × epsilon × scenario type) plus two control explanations.
- Compute objective comprehension with true/false questions; assess subjective understanding and self-efficacy with survey items; analyze willingness to share data across conditions.
实验结果
研究问题
- RQ1RQ1: Which risk-communication practices best improve objective risk comprehension, subjective privacy understanding, and self-efficacy for DP explanations?
- RQ2RQ2: How do the explanation methods influence people’s data-sharing decisions?
- RQ3RQ3: How does providing information about epsilon affect willingness to share and how does this interact with epsilon value?
主要发现
| epsilon | x (Pr[r<r_threshold]) | y (Pr[r>r_threshold]) |
|---|---|---|
| 0.1 | 48 | 52 |
| 0.5 | 39 | 61 |
| 2 | 18 | 82 |
| 4 | 7 | 93 |
- Odds-based explanations (odds-text, odds-vis) improve objective risk comprehension versus sample-output explanations.
- None of the explanations meaningfully improve subjective privacy understanding.
- Odds-based explanations increase respondents’ sense of having enough information to make a data-sharing decision compared to a state-of-the-art explanation that omits epsilon.
- The sample reports approach decreased perceived information sufficiency compared to a simple, non- probabilistic description.
- Providing information about epsilon increases willingness to share data versus explanations that do not mention epsilon.
- Willingness to share is sensitive to epsilon values: weaker protection (larger epsilon) reduces sharing propensity.
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。