EPIC Urges NIST to Emphasize Differential Privacy in Paper on De-Identifying Government Data Sets

In comments to the National Institute of Standards and Technology, EPIC urged NIST to endorse the adoption of differential privacy in its revised paper on de-identifying government data sets. The paper will provide guidance to federal agencies on deidentification techniques, strategy, and implementation.

EPIC commended NIST on its recommendations, which include detailed guidance for federal Data Review Boards that would evaluate risk and probability of reidentification. But EPIC urged NIST to go further by emphasizing differential privacy as a preferred privacy-enhancing technique and “identifying specific circumstances where differential privacy should be used or strongly favored.” Differential privacy, which is achieved through the controlled injection of statistical noise into a published study or analysis of a dataset, is a mathematically rigorous means of controlling privacy risk while preserving the research value of the information.

EPIC has long worked to secure the confidentiality of personal data held by government agencies and often has advocated for the adoption of differential privacy. In 2021, EPIC filed an amicus brief defending the Census Bureau’s use of differential privacy, calling it “the only credible technique to protect against [reidentification] attacks, including those that may be developed in the future.” EPIC noted that differential privacy “is not the enemy of statistical accuracy,” but rather “vital to securing robust public participation in Census Bureau surveys[.]”

In September, EPIC bestowed a Champion of Freedom Award on John Abowd, chief scientist of the U.S. Census Bureau, for “making remarkable strides for privacy and civil rights by transforming the disclosure avoidance system at the U.S. Census Bureau through the introduction of differential privacy.” And in recent comments to the White House Office of Science and Technology Policy, EPIC urged federal agencies to prioritize the adoption of differential privacy and to increase funding across the board for privacy-enhancing technologies.