Confidence-ranked reconstruction of census microdata from published statistics.

A reconstruction attack on a private dataset takes as input some publicly accessible information about the dataset and produces a list of candidate elements of . We introduce a class of data reconstruction attacks based on randomized methods for nonconvex optimization. We empirically demonstrate that our attacks can not only reconstruct full rows of from aggregate query statistics ()∈ℝ but can do so in a way that reliably ranks reconstructed rows by their odds of appearing in the private data, providing a signature that could be used for prioritizing reconstructed rows for further actions such as identity theft or hate crime.

STATISTICS. The reusable holdout: Preserving validity in adaptive data analysis.

Misapplication of statistical data analysis is a common cause of spurious discoveries in scientific research. Existing approaches to ensuring the validity of inferences drawn from data assume a fixed procedure to be performed, selected before the data are examined. In common practice, however, data analysis is an intrinsically adaptive process, with new analyses generated on the basis of data exploration, as well as the results of previous analyses on the same data.

Toward practicing privacy.

Private data analysis-the useful analysis of confidential data-requires a rigorous and practicable definition of privacy. Differential privacy, an emerging standard, is the subject of intensive investigation in several diverse research communities. We review the definition, explain its motivation, and discuss some of the challenges to bringing this concept to practice.