On differentially private filtering for event streams

Rigorous privacy mechanisms that can cope with dynamic data are required to encourage a wider adoption of large-scale monitoring and decision systems relying on end user information. A promising approach to develop these mechanisms is to specify quantitative privacy requirements at design time rather than as an afterthought, and to rely on signal processing techniques to achieve satisfying trade-offs between privacy and performance specifications. This paper discusses, from the signal processing point of view, an event stream analysis problem introduced in the database and cryptography literature. A discrete-valued input signal describes the occurrence of events contributed by end users, and a system is supposed to provide some output signal based on this information, while preserving the privacy of the participants. The notion of privacy adopted here is that of event-level differential privacy, which provides strong privacy guarantees and has important operational advantages. Several mechanisms are described to provide differentially private output signals while minimizing the impact on performance. These mechanisms demonstrate the benefits of leveraging system theoretic techniques to provide privacy guarantees for dynamic systems.