quantitative methods to measure the risk of re
play

Quantitative Methods to Measure the Risk of Re-identification: - PowerPoint PPT Presentation

Oct 31, 2022 •125 likes •489 views

Quantitative Methods to Measure the Risk of Re-identification: Methodology Review Bradley Malin, Ph.D. November 30, 2017 Vanderbilt University, Professor (Biomedical Informatics, Biostatistics, & Computer Science) A Very Simplified View on

  1. Quantitative Methods to Measure the Risk of Re-identification: Methodology Review Bradley Malin, Ph.D. November 30, 2017 Vanderbilt University, Professor (Biomedical Informatics, Biostatistics, & Computer Science)

  2. A Very Simplified View on Risk P( reid ) ≈ • Distinguishability • Replicability • Availability Data 2

  3. Risk is Contextual Bill Mike Brad Sample 3

  4. Risk is Contextual Population (Multiple clinical Mitch trials) Bill Will Mike Brad Sample Abe 4

  5. Risk is Contextual Population (All Eligible Mitch People) Bill Will Mike Brad Sample Abe 5

  6. Risk Measures ● Worst Case Risk Measures ● Prosecutor: Most risky record in the sample ● Journalist: Most risky record in the population ● Amortized (or Average) Measure ● Marketer: Expected risk of an arbitrary record 6

  7. A Very Simplified View on Risk Prior • Neighbor (friend) P( reid ) ≈ • Prosecutor • Journalist P( knowledge ) * • … pick a framework P( reid | knowledge ) • Distinguishability • Replicability • Availability Data 7

  8. Prosecutor Risk 1 (Because of Mike) Bill Mike Brad Sample 8

  9. Journalist Risk ½ = 0.5 (Because of Bill & Brad) Population Mitch Bill Will Mike Brad Sample Abe 9

  10. ½ + ½ + 1 Marketer Risk (Sample) ------------- = 2/3 3 ½ Bill ½ Brad 1 Mike Sample Sample 10

  11. .5 + .5 + .33 Marketer Risk (Population) ------------- = .44 3 3 1/2 Bill 1/2 Brad Mike 1/3 Will Abe Population Sample 11

  12. Central Dogma of Re-identification Anonymised Identified Linking Mechanism Data Data Necessary Necessary Necessary Condition Condition Condition Malin, Benitez, Loukides, & Clayton. Human Genetics. 2011. 12

  13. A Famous Linkage Attack High Profile Name Ethnicity Re-identification Address Visit date Date registered ZIP Code Diagnosis Party affiliation Birthdate Procedure Date last voted Gender Medication Total charge U.S. Hospital U.S. Voter List Discharge Data Sweeney, JLME. 1997 13

  14. But availability of Demographics Varies… IL MN TN WA WI WHO Registered Political MN Voters Anyone Anyone Anyone Committees (ANYONE – In Person) Format Disk Disk Disk Disk Disk Cost $500 $46; “use ONLY for $2500 $30 $12,500 elections, political activities, or law enforcement”      Name      Address     Date of Birth    Sex  Race   Phone Number Benitez & Malin. JAMIA. 2010. 14

  15. Adversaries are Not All Knowing ● Research subject demographics ● Unique (potential) ● Replicable ● Available ● Series of drug doses administered ● Unique (potential) ● Not replicable ● Not available 15

  16. Adversaries are Not All Knowing (Assume knowledge between x and y features) Feature Observation Feature Observation Date of Birth 1/1/1970 Date of Birth 1/1/1970 Gender Male Gender Male Feature Observation Race White Race White Country France Country France Date of Birth 1/1/1970 Death Yes Death Yes Gender Male Occupation Teacher Occupation Teacher Married Yes Married Yes Race White Country France Feature Observation Feature Observation Death Yes Date of Birth 1/1/1970 Date of Birth 1/1/1970 Occupation Teacher Gender Male Gender Male Race White Race White Married Yes Country France Country France Death Yes Death Yes Occupation Teacher Occupation Teacher Married Yes Married Yes 16

  17. … Which Means No Single Risk Score Feature Observation Feature Observation Date of Birth 1/1/1970 Date of Birth 1/1/1970 Gender Male Gender Male Race White Race White Country France Country France Death Yes Death Yes Frequency Occupation Teacher Occupation Teacher Married Yes Married Yes Feature Observation Feature Observation Date of Birth 1/1/1970 Date of Birth 1/1/1970 Gender Male Gender Male Race White Race White Country France Country France Re-identification Risk Death Yes Death Yes Occupation Teacher Occupation Teacher Married Yes Married Yes 17

  18. You May Not See Everything ● Field structured databases – you can issue exact queries! ● Semi-structured reports and narratives – you must rely on a mix of ● Artificial intelligence ● Human review ● Sampling ● Problem has become a bit more tricky because leaks can now include explicitly identifying values 18

  19. A Natural Language Setting ● Create a Gold Standard Dataset ● Ask X humans to read and label a selection of records ● Ensure concordance between human annotations Original PHI (e.g., via a Cohen’s Kappa) ● Apply (manual or automated) identifier detection Smith , 61 yo ... daughter, Lynn , to ... strategy oncologist Dr. White ... 5/13/10 to consider ... SWOG protocol 1811 , ... was randomized 5/10 ... ● Compute performance in terms of: to call Mr. Smith on ... PLAN: Dr White and I ... ● (R)ecall – rate at which real identifier instances were detected ● (P)recision – rate at which claimed identifiers are in fact real ● F-measure – weighted average of R and P 19

  20. A Natural Language Setting ● A leak is not necessarily a re-identification **Redacted PHI & Original PHI ● Need to assess the Leaked PHI potential given the leak rates Smith , 61 yo ... **pt_name<A> , **age<60s> yo ... daughter, Lynn , to ... daughter, Lynn , to ... oncologist Dr. White ... oncologist Dr. **MD_name<C> ... 5/13/10 to consider ... **date<5/28/10> to consider ... ● Can assess on a per SWOG protocol 1811 , ... SWOG protocol **other_id , ... was randomized 5/10 ... was randomized 5/10 ... research subject level (if to call Mr. Smith on ... to call Mr. **pt_name<A> on ... labels are person specific) PLAN: Dr White and I ... PLAN: Dr White and I ... P(date of birth leak, date of death leak) ● Alternatively, may assume each feature leaks at ≈ P(date of birth leak) * P(date of death leak) random 20

  21. Hiding in Plain Sight (Carrell et al, 2013) ● Must be careful – this is a relatively new technique ● Also evidence to suggest a computer may mimic the initial detection strategy… and redact the fakes situated in a pattern (Li et al, 2016) **Redacted PHI & Surrogate PHI & Original PHI Leaked PHI Hidden PHI Smith , 61 yo ... **pt_name<A> , **age<60s> yo ... Jones , a 64 yo ... daughter, Lynn , to ... daughter, Lynn , to ... daughter, Lynn , for ... oncologist Dr. White ... oncologist Dr. **MD_name<C> ... oncologist Dr. Howe ... 5/13/10 to consider ... **date<5/28/10> to consider ... 5/28/10 to consider ... SWOG protocol 1811 , ... SWOG protocol **other_id , ... SWOG protocol 1798, ... was randomized 5/10 ... was randomized 5/10 ... was randomized 5/10 ... to call Mr. Smith on ... to call Mr. **pt_name<A> on ... to call Mr. Jones on ... PLAN: Dr White and I ... PLAN: Dr White and I ... PLAN: Dr White and I ... ● In this case, we would need two risk measures ● Human recognition risk ● Computer-assisted recognition risk ● Recent approach to prevent this problem, but comes at a massive loss in precision (Li et al, 2017) 21

  22. If Time Permits… If Not… 22

  23. Latest Development ● Methods presented model data sharer and adversary separately ● New approaches use game theory to consider their interactions (Wan et al 2015) ● Game theory requires robust estimates of many parameters, such as ● benefit the sharer gets in providing data ● benefit the attacker gets in re-identifying the data 23

  24. Stackelberg Game Sharing Strategy 1 Attack Strategy A Utility 1 Utility A Risk ??? Risk A Attack Strategy B Strategies: Utility B - Generalize Age Risk B - Suppress Dates … - Perturb Geography Attack Strategy C Utility C Risk C Publisher Recipient 24

  25. Stackelberg Game Sharing Strategy 1 Attack Strategy A Utility 1 Utility A Risk ??? Risk A Attack Strategy B Utility B Risk B Recipient’s Best Strategy Attack Strategy C Utility C Risk C Publisher Recipient 25

  26. Stackelberg Game Sharing Strategy 1 Attack Strategy A Utility 1 Utility A Risk B Risk A Attack Strategy B Utility B Risk B Recipient’s Best Strategy Attack Strategy C Utility C Risk C Publisher Recipient 26

  27. Stackelberg Game Sharing Strategy 1 Attack Strategy A Utility 1 Utility A Risk B Risk A Sharing Strategy 2 Attack Strategy B Utility 2 Utility B Risk ??? Risk B Attack Strategy C Utility C Risk C Publisher Recipient 27

  28. Stackelberg Game Sharing Strategy 1 Attack Strategy A Recipient’s Best Strategy Utility 1 Utility A Risk B Risk A Sharing Strategy 2 Attack Strategy B Utility 2 Utility B Risk A Risk B Attack Strategy C Utility C Risk C Publisher Recipient 28

  29. Stackelberg Game Sharing Strategy 1 Utility 1 Risk B Sharing Strategy 2 Utility 2 Risk A Sharing Strategy Z Utility Z Risk Z Publisher 29

  30. Stackelberg Game Sharing Strategy 1 Utility 1 Risk B Choose strategy that maximizes Sharing Strategy 2 overall benefit Utility 2 Risk A Optimizes the Risk-Utility tradeoff Sharing Strategy Z Utility Z Risk Z Publisher 30

  31. Demographic Case Study ● $1200: Benefit per record ● ~30,000 Census records ● $300: Cost per violation ● Average Payoff Per Record ● $4: Access cost per record $3.00 $2.50 $2.00 Attacker $1.50 $1.00 US Safe Harbor $0.50 $0.00 $0.00 $500.00 $1,000.00 $1,500.00 Publisher 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to the course! Quantitative Risk Management in R About me Professor in

Welcome to the course! Quantitative Risk Management in R About me Professor in

QUANTITATIVE RISK MANAGEMENT IN R Welcome to the course! Quantitative Risk Management in R About me Professor in mathematical statistics, actuarial science, and quantitative finance Author of Quantitative Risk Management: Concepts,

733 views • 23 slides
Why not Quantitative Methods? Why not Quantitative Methods? division into variables:

Why not Quantitative Methods? Why not Quantitative Methods? division into variables:

Why not Quantitative Methods? Why not Quantitative Methods? division into variables: destroys the connections among actions and events destroys the links to context measuring: imposes the researcher's categories imposes a

242 views • 3 slides
On the nature of financial risk: Why risk is so hard to measure and why risk models fail so often

On the nature of financial risk: Why risk is so hard to measure and why risk models fail so often

Case study Model risk Measure risk Nature of risk Minsky Conclusion On the nature of financial risk: Why risk is so hard to measure and why risk models fail so often J on Dan elsson Systemic Risk Centre London School of Economics

1.12k views • 89 slides
SPECIAL MOBILITY STRAND QUALITATIVE AND QUANTITATIVE STATISTICAL METHODS IN RISK MANAGEMENT

SPECIAL MOBILITY STRAND QUALITATIVE AND QUANTITATIVE STATISTICAL METHODS IN RISK MANAGEMENT

SPECIAL MOBILITY STRAND QUALITATIVE AND QUANTITATIVE STATISTICAL METHODS IN RISK MANAGEMENT SNJEANA MAKSIMOVI NOVI SAD 25.02.2020. Snje ana Maksimovi 1 Faculty of Architecture, Civil Engineering and Geodesy The European Commission

397 views • 37 slides
201ab Quantitative methods L.13: ANOVA (b) ANalysis Of VAriance E D V UL | UCSD Psychology

201ab Quantitative methods L.13: ANOVA (b) ANalysis Of VAriance E D V UL | UCSD Psychology

201ab Quantitative methods L.13: ANOVA (b) ANalysis Of VAriance E D V UL | UCSD Psychology Psych 201ab: Quantitative methods Three ways to think about factors Cell organization: Data frame/table: Matrix notation: This is the common way

940 views • 83 slides
Monitoring and data filtering I. Classical Methods Advanced Quantitative Methods in Herd

Monitoring and data filtering I. Classical Methods Advanced Quantitative Methods in Herd

Monitoring and data filtering I. Classical Methods Advanced Quantitative Methods in Herd Management Dan Brge Jensen, IPH Dias 1 Outline Framework and Introduction Shewart Control chart Basic principles Examples: milk yield and

515 views • 33 slides
Session 4: Measurement Quantitative indicators are usually easy to measure -this simply

Session 4: Measurement Quantitative indicators are usually easy to measure -this simply

Session 4: Measurement Quantitative indicators are usually easy to measure -this simply involves counting things (e.g. number of people trained, amount of seed delivered) Qualitative indicators are of ten perceived as more difficult to

318 views • 9 slides
Empirical Methods Empirical Methods t= a +b Research Landscape Quantitative =

Empirical Methods Empirical Methods t= a +b Research Landscape Quantitative =

Empirical Methods Empirical Methods t= a +b Research Landscape Quantitative = Positivist/post-positivist approach Evaluate hypotheses via experimentation Qualitative = Constructivist approach Build theory from data Overview:

435 views • 25 slides
Characteristics of volatile return series Quantitative Risk Management in R Log-returns compared

Characteristics of volatile return series Quantitative Risk Management in R Log-returns compared

QUANTITATIVE RISK MANAGEMENT IN R Characteristics of volatile return series Quantitative Risk Management in R Log-returns compared with iid data Can financial returns be modeled as independent and identically distributed (iid)? Random

519 views • 20 slides
201ab Quantitative methods L.12 Linear model: Categorical predictors E D V UL | UCSD Psychology

201ab Quantitative methods L.12 Linear model: Categorical predictors E D V UL | UCSD Psychology

201ab Quantitative methods L.12 Linear model: Categorical predictors E D V UL | UCSD Psychology Psych 201ab: Quantitative methods Overly specific named procedures Response ~null ~binary ~category ~numerical ~numerical + category

863 views • 67 slides
Moodys Analytics Risk Practitioner Conference 2014 Quantitative Modeling Approaches for Mid

Moodys Analytics Risk Practitioner Conference 2014 Quantitative Modeling Approaches for Mid

Moodys Analytics Risk Practitioner Conference 2014 Quantitative Modeling Approaches for Mid size Institutions Thomas L Thomas Quantitative Portfolio Manager City National Bank Development of Commercial Stress Testing Process We chose to

417 views • 19 slides
(Tentative) Summary of the different methods to measure the spin in H J. Schaarschmidt,

(Tentative) Summary of the different methods to measure the spin in H J. Schaarschmidt,

(Tentative) Summary of the different methods to measure the spin in H J. Schaarschmidt, JB. de Vivie (LAL), S. Laplace (LPNHE) HSG1 meeting, September 13 th 2012 1 jeudi 13 septembre 2012 Introduction Steps to measure spin in H

608 views • 22 slides
A Quantitative Measure of Relevance Based on Kelly Gambling Theory Mathias Winther Madsen

A Quantitative Measure of Relevance Based on Kelly Gambling Theory Mathias Winther Madsen

A Quantitative Measure of Relevance Based on Kelly Gambling Theory Mathias Winther Madsen Institute for Logic, Language, and Computation University of Amsterdam PLAN Why? How? Examples Why? Why? How? Why not use Shannon

692 views • 51 slides
Quantitative Parkinsons Gait Assessment: A high resolution measure of change in impairment

Quantitative Parkinsons Gait Assessment: A high resolution measure of change in impairment

Quantitative Parkinsons Gait Assessment: A high resolution measure of change in impairment Tuesday July 22 th , 2014 Starts at 12:00 PM EST Presented by Elizabeth Brokaw, PhD Outline Impairment due to Parkinsons Disease Deep

563 views • 35 slides
W HAT IS AN SPS MEASURE ? Annex A.1 (paragraph 1) Focus on purpose: Any measure applied to

W HAT IS AN SPS MEASURE ? Annex A.1 (paragraph 1) Focus on purpose: Any measure applied to

T RAINING P ROGRAMME F OR T HE G OVERNMENT O F I NDONESIA The SPS Agreement Jogjakarta, Indonesia 26-29 March 2019 A GENDA 1. What is an SPS measure? 2. Main obligations under the SPS Agreement Risk assessment and sufficient scientific

562 views • 32 slides
Quantitative Information Security Risk Management Effective risk management for small/medium

Quantitative Information Security Risk Management Effective risk management for small/medium

Realistic and Affordable Quantitative Information Security Risk Management Effective risk management for small/medium businesses Walter Williams Who am I Walt Williams, CISSP, SSCP, CEH, CPT, MCP Director of Security and Compliance at

756 views • 50 slides
Quantitative and Qualitative Data Analyses and Presentation Prof Lester M. Davids

Quantitative and Qualitative Data Analyses and Presentation Prof Lester M. Davids

Quantitative and Qualitative Data Analyses and Presentation Prof Lester M. Davids (lesterdavids@gmail.com) There are two important days in ones LIFE the DAY that you are BORN, and the DAY you find out WHY! CHANGE will not come if we

553 views • 30 slides
HSRC MONITORING THE L.E.D. FUND IN SOUTH AFRICA LESSONS FROM A BRAVE NEW PROGRAMME Dr Doreen

HSRC MONITORING THE L.E.D. FUND IN SOUTH AFRICA LESSONS FROM A BRAVE NEW PROGRAMME Dr Doreen

Human Sciences Research Council Group: Democracy and Governance Lekgotla la Dinyakisio ta Semahlale ta Setho Sehlopa sa: Temokrasie le Puo Raad vir Geesteswetenskaplike Navorsing Groep: Demokrasie en Staatsbestuur Umkhandlu

674 views • 23 slides
The The power power of of white white supremacy supremacy and and colonialism colonialism in

The The power power of of white white supremacy supremacy and and colonialism colonialism in

The The power power of of white white supremacy supremacy and and colonialism colonialism in in post post- liberation liberation societies: societies: The The case case of of South South Africa Africa Not yet Uhuru, not

370 views • 12 slides
THE THE DOMES OMESTIC &amp; R TIC &amp; RESIDENT ESIDENTIAL IAL CLEANING SPE LEANING

THE THE DOMES OMESTIC &amp; R TIC &amp; RESIDENT ESIDENTIAL IAL CLEANING SPE LEANING

THE THE DOMES OMESTIC &amp; R TIC &amp; RESIDENT ESIDENTIAL IAL CLEANING SPE LEANING SPECIALIS CIALIST CONTENTS CONT NTS ABO ABOUT U US

314 views • 18 slides
Chapter 8 Data Analysis, Interpretation and Presentation Aims Discuss the difference between

Chapter 8 Data Analysis, Interpretation and Presentation Aims Discuss the difference between

Chapter 8 Data Analysis, Interpretation and Presentation Aims Discuss the difference between qualitative and quantitative data and analysis. Enable you to analyze data gathered from: Questionnaires. Interviews.

724 views • 19 slides
Gathering Research Data Stephen E. Brock, Ph.D., NCSP California State University, Sacramento 1

Gathering Research Data Stephen E. Brock, Ph.D., NCSP California State University, Sacramento 1

Stephen E. Brock, Ph.D., NCSP Gathering Research Data Stephen E. Brock, Ph.D., NCSP California State University, Sacramento 1 What is Quantitative Data? The different types of data gathered as part of an empirical study are referred to

470 views • 14 slides
BRAND JOURNEY WE SEE THE FUTURE IN YOU - OUR BRAND JOURNEY 2 Show you where we started

BRAND JOURNEY WE SEE THE FUTURE IN YOU - OUR BRAND JOURNEY 2 Show you where we started

1 WE SEE THE FUTURE IN YOU BRAND JOURNEY WE SEE THE FUTURE IN YOU - OUR BRAND JOURNEY 2 Show you where we started and how we got there Share our results Share what we learned along the way Time for discussion 3 WHAT

429 views • 42 slides
West Seattle and Ballard Link Extensions Stakeholder Advisory Group | March 14, 2018 Agenda

West Seattle and Ballard Link Extensions Stakeholder Advisory Group | March 14, 2018 Agenda

West Seattle and Ballard Link Extensions Stakeholder Advisory Group | March 14, 2018 Agenda Introductions What we heard during early scoping Alternatives evaluation framework Neighborhood Forums Next steps &amp; Next Meeting 2 What we

965 views • 52 slides

More recommend