Achieving Privacy-Utility Trade-off in existing Software Systems

Abstract

Privacy and utility of data are two aspects of a system that are often diagonally opposite to each other. Privacy concerns drive design decisions that can reduce the ability to make deductions or correlations from a given dataset (e.g. reducing the probability that an individual could be recognised from a given set of health records). Utility, on the other hand, tries to maximise the chances of finding essential relationships in the real world, that can then be used for making smarter systems (e.g. the ability to predict that an individual is at higher risk of being affected by a terminal disease). A term that is often used to explain this paradox is called the Privacy-Utility trade-off. Software practitioners have often ignored the privacy aspects due to lack of legal obligations, and have generally concentrated on achieving functionality. But with a renewed interest in Artificial Intelligence, privacy concerns are going to become more critical in the near future. This will force the software providers to reevaluate their existing products and services from a privacy perspective. In this work, we analyse some of the challenges that a typical software provider would face while doing so. We present a privacy model that can be applied to existing systems, which in turn can suggest first-cut privacy solutions requiring minimal alterations in deployed applications. To the best of our knowledge, no open-source initiative has been started until now to cater to these requirements. We briefly introduce the prototype of an open-source tool that we are developing, which is aimed at facilitating this analysis. The initial results were obtained over some standard datasets, as well as a real-world credit card fraud dataset, which seemed to collate with our intuitions.