disclosure avoidance at scale
play

Disclosure Avoidance At-Scale William Sexton, Mathematical - PowerPoint PPT Presentation

Jul 29, 2023 •255 likes •491 views

Disclosure Avoidance At-Scale William Sexton, Mathematical Statistician Center for Enterprise Dissemination - Disclosure Avoidance United States Census Bureau william.n.sexton@census.gov JSM, Denver, CO July, 2019 This presentation is

  1. Disclosure Avoidance At-Scale William Sexton, Mathematical Statistician Center for Enterprise Dissemination - Disclosure Avoidance United States Census Bureau william.n.sexton@census.gov JSM, Denver, CO July, 2019 This presentation is released to inform interested parties of ongoing research and to encourage discussion of work in progress. Any views expressed on statistical, methodological, technical, or operational issues are those of the author and not those of the U.S. Census Bureau. The Census Bureau’s Disclosure Review Board and Disclosure Avoidance Officers have reviewed this data product for unauthorized disclosure of confidential information and have approved the disclosure avoidance practices applied 2020CENSUS.GOV 1/23 to this release. (DRB Approval # CBDRB-FY19-446)

  2. Acknowledgements 2020 Disclosure Avoidance System (DAS) Project Lead: John Abowd; U.S. Census Bureau & Cornell University 2020 DAS Scientific Lead: Daniel Kifer, Pennsylvania State University 2020 DAS Team: Robert Ashmead (former), Simson Garfinkel, Phil Leclerc, Brett Moran, Pavel Zhuravlev; U.S. Census Bureau 2020CENSUS.GOV 2/23

  3. The Dual Mandate of the Census Bureau ◮ Collect data and disseminate accurate statistics about the US population. ◮ Protect the privacy of individual data. 1 0 . 8 0 . 6 Accuracy 0 . 4 0 . 2 0 0 Privacy Loss ( ε ) 2020CENSUS.GOV 3/23

  4. Overview of TopDown and Trade-off ◮ The 2020 Disclosure Avoidance System (DAS), in particular its core TopDown algorithm, provides a production technology. The production activity is up to policy makers, however the choice is constrained by the given technology. ◮ Empirical results are useful for modeling the production possibility frontier (PPF). Understanding the privacy-loss, accuracy trade-off specifically associated with the technology at hand is necessary for informed decision making. ◮ Empirical results measure fitness-for-use against important use-cases such as redistricting. 2020CENSUS.GOV 4/23

  5. Disclosure Avoidance System (DAS) ◮ The DAS is a small component of the entire 2020 Census operation. ◮ The codomain of the DAS needs to lie in the domain of any system it left composes with. ◮ Historically, this implied DAS must output microdata. TAB CEF Privacy Parameters DAS GRF POP Review 2020CENSUS.GOV 5/23

  6. Rethinking the Microdata Requirement ◮ Historically, all the major data products were sourced by microdata. ◮ Improperly constrains production technology that defines the PPF. Simple example: Laplace Mechanism vs NoisyMax. ◮ The end-goal is high utility data products. Allowing for greater flexibility in the algorithm design will lead to better production technologies. ◮ Don’t need to abandon microdata completely though. What can be produced well as microdata? 2020CENSUS.GOV 6/23

  7. Redesign of Data Products ◮ Microdata supported products (PL94, DHC-Persons and DHC-Households, Demo Profile). ◮ Other Products (Detailed Race/AIAN, Person-Household Joins) - Out of scope for TopDown. ◮ Table classification: ◮ by geography. ◮ by universe: what is the item being counted (person or household)? 2020CENSUS.GOV 7/23

  8. Rethinking the Microdata Detail File (MDF) Specifications ◮ Historically, wide variety of variables were preserved through the DA process (date of birth, mafid, allocation flags). ◮ Reverse engineer microdata schema to meet demands of revised data products. ◮ Attributes/attribute domains should have as much detail as necessary but no more. ◮ Microdata will consist of two disjoint files (one for each universe: person and household). ◮ Each record universe is the Cartesian product of its attribute domains, after eliminating structural zeros. 2020CENSUS.GOV 8/23

  9. MDF Person ◮ Naive cardinality of Person Record Universe (excluding block id) = 83,311,200 ≈ 83 million. 2020CENSUS.GOV 9/23

  10. MDF Unit ◮ Naive cardinality of the Unit Record Universe (excluding block id) = 7,188,480,000,000 ≈ 7 trillion. 2020CENSUS.GOV 10/23

  11. Refining the Record Universes ◮ Removing structural zeros/merging variables: ◮ A person cannot reside simultaneously in a household and GQ. ◮ A 1-person household cannot be a married family household. ◮ Managing corner cases separately: ◮ Vacancy status does not cross with occupied household attributes. ◮ Person and Household histograms are both under 3 million cells. ◮ For comparison, the 2018 E2E code ran on a 2,000 cell histogram. ◮ Largest successful runs have been on a subset of the person variables, roughly 467k cells. 2020CENSUS.GOV 11/23

  12. Initializing the DAS ◮ The core TopDown algorithm will run twice (once for Persons and once for Households). ◮ One consequence is that it is difficult to maintain consistency accross universes. ◮ We strive for within universe consistency. Stakeholder input is vital here. ◮ Primary input is the confidential Census Edited File (CEF). ◮ The CEF is treated as ground truth. That is, our privacy analysis does not account for operations preceeding the DAS including edit and imputation procedures. ◮ Assumption: Input data are clean. No missing values, out of range values, etc. 2020CENSUS.GOV 12/23

  13. 2010 Test Products: Intro ◮ The DAS team is generating test products that demonstrate the computational capabilities of the DAS at present. ◮ The DAS is capable of processing the 2010 CEF and producing protected microdata adhering to (slightly simplified) 2020 MDF specifications. ◮ The test MDF can be used to tabulate about 70% of the tables in the proposed 2020 DHC data product. 2020CENSUS.GOV 13/23

  14. 2010 Test Products: Scale ◮ The DAS is capable of processing the entire nation ( ∼ 310 million person records and ∼ 120 million household records) rather than a small test area (such as Providence, RI in the 2018 End-to-End (E2E) test). ◮ The “slightly simplified” 2020 MDF specification translates to roughly 200 times the scale of the 2018 E2E test in terms of histogram size. ◮ The DAS can produce microdata for persons and households. Households characteristics were essentially non-existent in the 2018 E2E test. 2020CENSUS.GOV 14/23

  15. 2010 Test Products: Resource constraints ◮ The DAS operates on Amazon Web Services Elastic Map Reduce computer clusters. ◮ Operating at-scale requires about 18 worker nodes (r4.16xLarge, 64 core - 488 gb RAM) ◮ Observed run times: ∼ 20 hours to produce the household microdata and ∼ 60 hours to produce the person microdata. 2020CENSUS.GOV 15/23

  16. 2010 Test Products: Privacy-loss, Accuracy Tradeoff Statistic: Total Population Only Accuracy as a Fxn of Privacy-Loss Budget (for New Mexico), Geolevel (Data Product: DHC-P) 1.0 0.8 0.6 1-TVD 0.4 0.2 Geolevels 0.0 State Tract_Group Block_Group County Tract Block 0 1 2 3 4 5 6 7 8 Privacy Loss Budget (PLB) 2020CENSUS.GOV 16/23

  17. 2010 Test Products: Privacy-loss, Accuracy Tradeoff Statistic: (raceAlone & 2+ races) x HISP Accuracy as a Fxn of Privacy-Loss Budget (for New Mexico), Geolevel (Data Product: DHC-P) 1.0 0.8 0.6 1-TVD 0.4 0.2 Geolevels 0.0 State Tract_Group Block_Group County Tract Block 0 1 2 3 4 5 6 7 8 Privacy Loss Budget (PLB) 2020CENSUS.GOV 17/23

  18. 2010 Test Products: Privacy-loss, Accuracy Tradeoff Statistic: CENRACE x HISP Sub-Histogram Accuracy as a Fxn of Privacy-Loss Budget (for New Mexico), Geolevel (Data Product: DHC-P) 1.0 0.8 0.6 1-TVD 0.4 0.2 Geolevels 0.0 State Tract_Group Block_Group County Tract Block 0 1 2 3 4 5 6 7 8 Privacy Loss Budget (PLB) 2020CENSUS.GOV 18/23

  19. References 1. Ios Kotsogiannis, Yuchao Tao, Xi He, Maryam Fanaeepour, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau ”PrivateSQL: A Differentially Private SQL Query Engine”, To appear PVLDB 2019 2020CENSUS.GOV 19/23

  20. Thanks! william.n.sexton@census.gov 2020CENSUS.GOV 20/23

  21. Backup: Artificial Geolevels 2020CENSUS.GOV 21/23

  22. Backup: Artificial Geolevels ◮ Introduce artificial geolevels into main hierarchy to help with scaling. Reduces maximum number of children at a given level - a known bottleneck in scaling. ◮ Prelimary results are promising, especially between county and tracts, with regard to improving tractibility of large scale runs. Full impact on accuracy still being analyzed. 2020CENSUS.GOV 22/23

  23. Backup: Detailed Race/AIAN and Person-Household Joins ◮ Why not microdata? ◮ High sensitivity. ◮ Complex consistency requirements. ◮ Non-standard geographies. ◮ TopDown scalibility. ◮ Fundamentally different algorithms required for joins. ◮ Small count bias will look even worse. ◮ For joins, considering PrivateSQL: produces a privatized view from a relational database from which tables can be published [KTHFMHM19]. ◮ For Detailed Races/AIAN, considering a variant of TopDown that relaxes many of the consistency requirements, and only crosses race with select other variables. 2020CENSUS.GOV 23/23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Modern Disclosure Avoidance Methods Could Change the Way Statistical Agencies Operate John M.

How Modern Disclosure Avoidance Methods Could Change the Way Statistical Agencies Operate John M.

How Modern Disclosure Avoidance Methods Could Change the Way Statistical Agencies Operate John M. Abowd Chief Scientist and Associate Director for Research and Methodology U.S. Census Bureau Federal Economic Statistics Advisory Committee December

216 views • 20 slides
2020 Disclosure Avoidance System (DAS) Presenter: John L. El?nge Assistant Director for Research

2020 Disclosure Avoidance System (DAS) Presenter: John L. El?nge Assistant Director for Research

2020 Disclosure Avoidance System (DAS) Presenter: John L. El?nge Assistant Director for Research and Methodology Presen?ng materials originally from: Simson L. Garfinkel Senior Computer Scien:st for Confiden:ality and Data Access John M. Abowd

640 views • 45 slides
Peculiar velocity flow field in the Zone of Avoidance Khaled Said Large Scale

Peculiar velocity flow field in the Zone of Avoidance Khaled Said Large Scale

at low Galactic latitude Peculiar velocity flow field in the Zone of Avoidance Khaled Said Large Scale Structure and Galaxy Flows, Tuesday, July 5, 2016 Supervisors: Rene C. Kraan-Korteweg & Thomas H. Jarrett (UCT)

525 views • 25 slides
Pattern avoidance Definitions in rook monoids Rook Monoids Avoidance 1d Avoidance All 0/No 0

Pattern avoidance Definitions in rook monoids Rook Monoids Avoidance 1d Avoidance All 0/No 0

Pattern avoidance in rook monoids Lara Pudwell Pattern avoidance Definitions in rook monoids Rook Monoids Avoidance 1d Avoidance All 0/No 0 Dan Daly (Southeast Missouri State University) patterns Other patterns Lara Pudwell (Valparaiso

890 views • 32 slides
But I Dont Wanna go to School!: Strategies for Addressing School Avoidance Objectives

But I Dont Wanna go to School!: Strategies for Addressing School Avoidance Objectives

But I Dont Wanna go to School!: Strategies for Addressing School Avoidance Objectives Define school avoidance as a target problem Review of interventions for school avoidance Tips from the trenches SCH School Avoidance Group

557 views • 27 slides
CS 557 Congestion Avoidance Congestion Avoidance and Control Jacobson and Karels, 1988 Spring

CS 557 Congestion Avoidance Congestion Avoidance and Control Jacobson and Karels, 1988 Spring

CS 557 Congestion Avoidance Congestion Avoidance and Control Jacobson and Karels, 1988 Spring 2013 The Story So Far . Some Essential Apps: DNS (naming) and NTP (time). Transport layer: End to End communication, Multiplexing,

929 views • 39 slides
Energy Forum: Demand Side Management & DSE2 Avoidance DSE2 Avoidance May 6, 2010 Ohio

Energy Forum: Demand Side Management & DSE2 Avoidance DSE2 Avoidance May 6, 2010 Ohio

Energy Forum: Demand Side Management & DSE2 Avoidance DSE2 Avoidance May 6, 2010 Ohio Legislation S.B. 221 responds to concerns about rising electricity prices seen in states with expiring price caps S.B. 221 became effective in

645 views • 26 slides
Tax Fraud: W hen is Tax Avoidance a Crim inal Offence? By Craig Elliffe 2 July 2 0 1 0 Tax

Tax Fraud: W hen is Tax Avoidance a Crim inal Offence? By Craig Elliffe 2 July 2 0 1 0 Tax

Tax Fraud: W hen is Tax Avoidance a Crim inal Offence? By Craig Elliffe 2 July 2 0 1 0 Tax Avoidance and Crim inal Acts The difference between tax avoidance and tax evasion is the thickness of a prison wall. Denis Healey, former

313 views • 14 slides
Hospital Avoidance Sharon Madden Oak Ward Manager and Hospital Avoidance Lead Denise Walker

Hospital Avoidance Sharon Madden Oak Ward Manager and Hospital Avoidance Lead Denise Walker

Hospital Avoidance Sharon Madden Oak Ward Manager and Hospital Avoidance Lead Denise Walker Accreditation Project Co-ordinator mpftnhs @mpftnhs Together we are making life better for our communities @mpftnhs www.mpft.nhs.uk Background

509 views • 21 slides
Avoidance Coupling Ohad N. Feldheim Institute of Mathematics and its Applications, UMN Jan 2015

Avoidance Coupling Ohad N. Feldheim Institute of Mathematics and its Applications, UMN Jan 2015

Avoidance Coupling Ohad N. Feldheim Institute of Mathematics and its Applications, UMN Jan 2015 Ohad N. Feldheim Avoidance Coupling Avoidance Coupling Let G = ( V , E ) be a finite graph (loops and multi-edges are OK). k agents, a 0 , . . . ,

1.38k views • 113 slides
Theo Keijzer a few slides with examples Article 6.1: tax avoidance term is used

Theo Keijzer a few slides with examples Article 6.1: tax avoidance term is used

Theo Keijzer a few slides with examples Article 6.1: tax avoidance term is used Expl.statement: para 80: no explanation, only says in French it is vitement fiscal The term tax avoidance for politicians is very broad. What is

68 views • 5 slides
Seminar on Anti-avoidance Provisions relating to Income Tax Analysis of the provisions of

Seminar on Anti-avoidance Provisions relating to Income Tax Analysis of the provisions of

Seminar on Anti-avoidance Provisions relating to Income Tax Analysis of the provisions of General Anti Avoidance Rule (GAAR) Presentation by: July 15, 2017 Gautam Doshi 2 Methods of Reducing Tax Liability Tax Evasion Unlawful and

760 views • 47 slides
Obstacle Avoidance for Monocular Drones Table of Contents I. Technological context II. Neural

Obstacle Avoidance for Monocular Drones Table of Contents I. Technological context II. Neural

Obstacle Avoidance for Monocular Drones Table of Contents I. Technological context II. Neural Networks for obstacle avoidance i. Deep Reinforcement Learning ii. The two axis of development III. . Depth Net i. FOE Extraction pretraining ii.

509 views • 48 slides
Motorcycle Rider Training and Collision Avoidance Jim Ouellet Head Protection Research

Motorcycle Rider Training and Collision Avoidance Jim Ouellet Head Protection Research

Motorcycle Rider Training and Collision Avoidance Jim Ouellet Head Protection Research Laboratory Paramount, CA 90723 Vira Kasantikul Silpakorn University Nakhon-Pathom, Thailand Does rider training improve collision avoidance performance?

804 views • 15 slides
e t u b i r t s i D - e R Generating Microdata with Complex Invariants under

e t u b i r t s i D - e R Generating Microdata with Complex Invariants under

e t u b i r t s i D - e R Generating Microdata with Complex Invariants under Differential Privacy Philip Leclerc, Mathematical Statistician t Center for Enterprise Dissemination-Disclosure Avoidance United States Census Bureau o

443 views • 28 slides
CS 356: Computer Network Architectures Lecture 20: Congestion Avoidance Chap. 6.4 and related

CS 356: Computer Network Architectures Lecture 20: Congestion Avoidance Chap. 6.4 and related

CS 356: Computer Network Architectures Lecture 20: Congestion Avoidance Chap. 6.4 and related papers Xiaowei Yang xwy@cs.duke.edu TCP Congestion Control History The original TCP/IP design did not include congestion control and avoidance

685 views • 33 slides
Shaken but Not Stirred: an Example of Subject Classification using Multidimensional Scaling

Shaken but Not Stirred: an Example of Subject Classification using Multidimensional Scaling

PhUSE US Connect 2018 AB06 Shaken but Not Stirred: an Example of Subject Classification using Multidimensional Scaling /////////// 05Jun2018 / Manuel Sandoval / V1.0 Agenda Multidimensional Scaling Definition Dissimilarity Functions

515 views • 20 slides
MOTION RECORDS FOR SEISMIC ANALYSIS Dr Dr. H. R. MagarP garPatil atil Associate ociate

MOTION RECORDS FOR SEISMIC ANALYSIS Dr Dr. H. R. MagarP garPatil atil Associate ociate

SELECTION AND SCALING OF GROUND MOTION RECORDS FOR SEISMIC ANALYSIS Dr Dr. H. R. MagarP garPatil atil Associate ociate Profess fessor or Struct uctura ral l En Engineering ineering De Depa partme rtment nt Maharash harashtra

487 views • 45 slides
Scaling up Development Assistance for LDCs and Vulnerable Countries By Patrick Guillaumont

Scaling up Development Assistance for LDCs and Vulnerable Countries By Patrick Guillaumont

Scaling up Development Assistance for LDCs and Vulnerable Countries By Patrick Guillaumont Forum mondial sur le dveloppement 2015 Financement Post-2015 pour un dveloppement durable Technical session Making LDCs count in the count down to

344 views • 18 slides
Texas Pathways Scale of Adoption Assessment Results April 17, 2018 Essential Practices:

Texas Pathways Scale of Adoption Assessment Results April 17, 2018 Essential Practices:

Texas Pathways Scale of Adoption Assessment Results April 17, 2018 Essential Practices: Mapping Pathways to Student End Goals 1a. Every program is well-designed to guide and prepare students to enter employment and further education in

762 views • 26 slides
Scaling NFV - Are containers the answer? Azhar Sayeed - asayeed@redhat.com Doug Smith -

Scaling NFV - Are containers the answer? Azhar Sayeed - asayeed@redhat.com Doug Smith -

Scaling NFV - Are containers the answer? Azhar Sayeed - asayeed@redhat.com Doug Smith - dosmith@redhat.com Acknowledgements This is a result of mul7ple efforts in Red Hat on Containers and Container Networking. We would like thank everyone who

389 views • 35 slides
Offsetting demand challenges and opportunities Scaling voluntary action across the private

Offsetting demand challenges and opportunities Scaling voluntary action across the private

Moving towards carbon neutrality : Offsetting demand challenges and opportunities Scaling voluntary action across the private sector beyond 2020 Presented by : Mathilde Mignot, Portfolio Manager 07/06/2019 EcoAct. Introduction. EcoAct

245 views • 8 slides
New Generic Top-Level Domains: Root Scaling Issues New York/London City July 2009 1 ICANN DNS

New Generic Top-Level Domains: Root Scaling Issues New York/London City July 2009 1 ICANN DNS

New Generic Top-Level Domains: Root Scaling Issues New York/London City July 2009 1 ICANN DNS Root Scaling Study SSAC Security and Stability Advisory Committee RSSAC Root Server System Advisory Committee ICANN Staff 2 1 Root Zone

294 views • 5 slides
Modeling the Stream Rate of Vehicular Networks for Predictable Auto-Scaling of Edge-Cloud Systems

Modeling the Stream Rate of Vehicular Networks for Predictable Auto-Scaling of Edge-Cloud Systems

Modeling the Stream Rate of Vehicular Networks for Predictable Auto-Scaling of Edge-Cloud Systems Edgar ROMO, NDS Laboratory, CIC-IPN KerData Team, INRIA Introduction Context: Vehicular Networks connected to the Cloud Resources for APP x

304 views • 19 slides

More recommend