What’s Driving Conflicts Around Differential Privacy for the U.S. Census

Priyanka Nanayakkara, Jessica Hullman

IEEE Security & Privacy Magazine

paper-banner-dp-census

An internal team at the bureau first reconstructed individual-level 2010 Census records by solving a system of linear equations consistent with several published 2010 Census tables. They then linked reconstructed records to commercial data to attempt to reidentify individuals. Results from this process were used in determining and explaining the switch to differential privacy for the 2020 Census. ethn: ethnicity; DOB: date of birth; addr: address.

Abstract

The U.S. Census Bureau’s use of differential privacy has been fiercely debated among interested parties. Accuracy loss has been at the forefront, but conflicting confidentiality notions help explain why common ground is lacking. We propose three ways of understanding confidentiality conflicts and offer suggestions for researchers and organizations adopting formal privacy.