1. What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy
- Author
-
Nanayakkara, Priyanka, Smart, Mary Anne, Cummings, Rachel, Kaptchuk, Gabriel, and Redmiles, Elissa
- Subjects
FOS: Computer and information sciences ,Computer Science - Computers and Society ,Computer Science - Cryptography and Security ,Computers and Society (cs.CY) ,Computer Science - Human-Computer Interaction ,Cryptography and Security (cs.CR) ,Human-Computer Interaction (cs.HC) - Abstract
Differential privacy (DP) is a mathematical privacy notion increasingly deployed across government and industry. With DP, privacy protections are probabilistic: they are bounded by the privacy budget parameter, $\epsilon$. Prior work in health and computational science finds that people struggle to reason about probabilistic risks. Yet, communicating the implications of $\epsilon$ to people contributing their data is vital to avoiding privacy theater -- presenting meaningless privacy protection as meaningful -- and empowering more informed data-sharing decisions. Drawing on best practices in risk communication and usability, we develop three methods to convey probabilistic DP guarantees to end users: two that communicate odds and one offering concrete examples of DP outputs. We quantitatively evaluate these explanation methods in a vignette survey study ($n=963$) via three metrics: objective risk comprehension, subjective privacy understanding of DP guarantees, and self-efficacy. We find that odds-based explanation methods are more effective than (1) output-based methods and (2) state-of-the-art approaches that gloss over information about $\epsilon$. Further, when offered information about $\epsilon$, respondents are more willing to share their data than when presented with a state-of-the-art DP explanation; this willingness to share is sensitive to $\epsilon$ values: as privacy protections weaken, respondents are less likely to share data.
- Published
- 2023
- Full Text
- View/download PDF