Designing Confidentiality on the Fly Methodology – Three Aspects

  • Tobias EnderleEmail author
  • Sarah Giessing
  • Reinhard Tent
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11126)


In the development of so called “Confidentiality on the fly” methodology building on random noise implemented with a cell key method, a number of issues have to be addressed. First, there is the choice of the probability distributions for the noise. Of course parameter sets yielding a low loss of information are desirable, but the disclosure risk avoidance potential of a parametrization should also be taken into account. This requires benchmarking of the risk avoidance potential of candidate settings.

Another issue is the communication of the potential effects of the noise on published results. The paper looks at the effect noise may have on estimates resulting from a division of two noisy counts.

Thirdly, a cell key method produces in the first place consistent, but non-additive results which might be difficult to communicate. One is tempted to restore additivity which – amongst other challenges – raises the issue of a technical solution.



The research leading to these results has partially received funding from the EU project “Open Source tools for perturbative confidentiality methods” (Specific grant agreement N° 2018.0108) under the Framework partnership agreement n° 11112.2014.005-2014.533


  1. 1.
    Antal, L., Enderle, T., Giessing, S.: Statistical disclosure control methods for harmonised protection of census data (2017).
  2. 2.
    Buzzigoli, L., Giusti, A.: An algorithm to calculate the lower and upperbounds of the elements of an array given its marginals. In: Statistical Data Protection (SDP 1998) Proceedings, pp. 131–147. Eurostat, Luxembourg ((1998)Google Scholar
  3. 3.
    Castro, J., Gonzalez, J.A., Baena, D., Jimenez, X.: User’s and programmer’s manual of the RCTA package (v.2). Technical report DR 2013-06 (2013).
  4. 4.
    De Wolf, P.-P., Hundepool, A., Giessing, S., Castro, J., Salazar, J.J.: t-ARGUS User’s Manual (2014).
  5. 5.
    Enderle, T., Giessing, S.: Testing CTA as additivity module for perturbed census 2021 EU Hypercube Data. In: Joint UNECE/Eurostat Work Session on Statistical Data Confidentiality, Skopje, 20–22 September 2017 (2017).
  6. 6.
    Enderle, T., Giessing, S., Tent, R.: Designing confidentiality on the fly methodology – some aspects. Unpublished manuscript (2018)Google Scholar
  7. 7.
    Eurostat Unit F2: Commission implementing Regulation laying down rules for the application of Regulation (EC) No 763/2008 of the European Parliament and of the Council on population and housing censuses as regards the technical specifications of the topics and of their breakdowns, Item 2 of the agenda. In: 30th Meeting of the European Statistical System Committee, 28th September 2016, ESSC 2016/30/3/EN (2016)Google Scholar
  8. 8.
    Fischetti, M., Salazar-González, J.J.: Models and algorithms for optimizing cell suppression problem in tabular data with linear constraints. J. Am. Stat. Assoc. 95, 916–928 (2000)CrossRefGoogle Scholar
  9. 9.
    Fraser, B., Wooton, J.: A proposed method for confidentialising tabular output to protect against differencing. In: Monographs of Official Statistics. Work Session on Statistical Data Confidentiality, Eurostat-Office for Official Publications of the European Communities, Luxembourg, pp. 299–302 (2006)Google Scholar
  10. 10.
    Giessing, S., Höhne, J.: Eliminating small cells from census counts tables: some considerations on transition probabilities. In: Domingo-Ferrer, J., Magkos, E. (eds.) PSD 2010. LNCS, vol. 6344, pp. 52–65. Springer, Heidelberg (2010). Scholar
  11. 11.
    Giessing, S.: Computational issues in the design of transition probabilities and disclosure risk estimation for additive noise. In: Domingo-Ferrer, J., Pejić-Bach, M. (eds.) PSD 2016. LNCS, vol. 9867, pp. 237–251. Springer, Cham (2016). Scholar
  12. 12.
    Hundepool, A., et al.: Statistical Disclosure Control. Wiley, Chichester (2012)CrossRefGoogle Scholar
  13. 13.
    Johnson, S.G.: The NLopt nonlinear-optimization package (2015).
  14. 14.
    Marley, J.K., Leaver, V.L.: A method for confidentialising user-defined tables: statistical properties and a risk-utility analysis. In: Proceedings of 58th World Statistical Congress, pp. 1072–1081 (2011)Google Scholar
  15. 15.
    Thompson, G., Broadfoot, S., Elazar, D.: Methodology for the automatic confidentialisation of statistical outputs from remote servers at the Australian Bureau of Statistics. Paper presented at the Joint UNECE/Eurostat Work Session on Statistical Data Confidentiality, Ottawa, 28–30 Oktober 2013 (2013).

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Federal Statistical Office of GermanyWiesbadenGermany

Personalised recommendations