Privacy Consensus in Anonymization Systems via Game Theory

  • Rosa Karimi Adl
  • Mina Askari
  • Ken Barker
  • Reihaneh Safavi-Naini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7371)


Privacy protection appears as a fundamental concern when personal data is collected, stored, and published. Several anonymization methods have been proposed to address privacy issues in private datasets. Every anonymization method has at least one parameter to adjust the level of privacy protection considering some utility for the collected data. Choosing a desirable level of privacy protection is a crucial decision and so far no systematic mechanism exists to provide directions on how to set the privacy parameter. In this paper, we model this challenge in a game theoretic framework to find consensual privacy protection levels and recognize the characteristics of each anonymization method. Our model can potentially be used to compare different anonymization methods and distinguish the settings that make one anonymization method more appealing than the others. We describe the general approach to solve such games and elaborate the procedure using k-anonymity as a sample anonymization method. Our simulations of the game results in the case of k-anonymity reveals how the equilibrium values of k depend on the number of quasi-identifiers, maximum number of repetitive records, anonymization cost, and public’s privacy behaviour.


Privacy Protection Data Anonymization Privacy/Utility Trade-off Privacy Parameter Setting Game Theory k-Anonymity 


  1. 1.
    Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information (abstract). In: PODS, p. 188. ACM Press (1998)Google Scholar
  2. 2.
    Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 557–570 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 24 pages (2007)Google Scholar
  4. 4.
    Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: ICDE 2007, pp. 106–115 (2007)Google Scholar
  5. 5.
    Dwork, C.: Differential Privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Osborne, M.J.: 8,9,16. In: An Introduction to Game Theory. Oxford University Press, USA (2003)Google Scholar
  7. 7.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Workload-aware anonymization. In: KDD, pp. 277–286 (2006)Google Scholar
  8. 8.
    Bayardo Jr., R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: ICDE, pp. 217–228 (2005)Google Scholar
  9. 9.
    Fung, B.C.M., Wang, K., Yu, P.S.: Top-down specialization for information and privacy preservation. In: ICDE, pp. 205–216 (2005)Google Scholar
  10. 10.
    Sramka, M., Safavi-Naini, R., Denzinger, J., Askari, M.: A practice-oriented framework for measuring privacy and utility in data sanitization systems. In: EDBT/ICDT Workshops (2010)Google Scholar
  11. 11.
    Machanavajjhala, A., Korolova, A., Sarma, A.D.: Personalized social recommendations - accurate or private? CoRR abs/1105.4254 (2011)Google Scholar
  12. 12.
    Loukides, G., Shao, J.: Data utility and privacy protection trade-off in k-anonymisation. In: PAIS 2008, pp. 36–45. ACM (2008)Google Scholar
  13. 13.
    Anderson, H.E.: The privacy gambit: Toward a game theoretic approach to international data protection. bepress Legal Series (2006)Google Scholar
  14. 14.
    Böhme, R., Koble, S., Dresden, T.U.: On the viability of privacy-enhancing technologies in a self-regulated business-to-consumer market: Will privacy remain a luxury good? In: WEIS 2007 (2007)Google Scholar
  15. 15.
    Kleinberg, J., Papadimitriou, C.H., Raghavan, P.: On the value of private information. In: TARK 2001, pp. 249–257. Morgan Kaufmann Publishers Inc. (2001)Google Scholar
  16. 16.
    Calzolari, G., Pavan, A.: Optimal design of privacy policies. Technical report, Gremaq, University of Toulouse (2001)Google Scholar
  17. 17.
    Preibusch, S.: Implementing Privacy Negotiations in E-Commerce. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 604–615. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Gianini, G., Damiani, E.: A Game-Theoretical Approach to Data-Privacy Protection from Context-Based Inference Attacks: A Location-Privacy Protection Case Study. In: Jonker, W., Petković, M. (eds.) SDM 2008. LNCS, vol. 5159, pp. 133–150. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Kargupta, H., Das, K., Liu, K.: Multi-party, Privacy-Preserving Distributed Data Mining Using a Game Theoretic Framework. In: Kok, J.N., Koronacki, J., Lopez de Mantaras, R., Matwin, S., Mladenič, D., Skowron, A. (eds.) PKDD 2007. LNCS (LNAI), vol. 4702, pp. 523–531. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 3(1), 26–33 (2005)CrossRefGoogle Scholar
  21. 21.
    Culnan, M.J., Armstrong, P.K.: Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science 10, 104–115 (1999)CrossRefGoogle Scholar
  22. 22.
    Singer, E., Mathiowetz, N.A., Couper, M.P.: The impact of privacy and confidentiality concerns on survey participation: The case of the 1990 U.S. census. The Public Opinion Quarterly 57(4), 465–482 (1993)CrossRefGoogle Scholar
  23. 23.
    Milne, G.R., Gordon, M.E.: Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy & Marketing 12(2), 206–215 (1993)Google Scholar
  24. 24.
    Adl, R.K., Askari, M., Barker, K., Safavi-Naini, R.: Privacy consensus in anonymization systems via game theory. Technical Report 2012-1021-04, University of Calgary (2012)Google Scholar
  25. 25.
    Sydsaeter, K., Hammond, P.: Mathematics for economic analysis. Prentice-Hall International (1995)Google Scholar
  26. 26.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: ICDE 2006, p. 25. IEEE Computer Society (2006)Google Scholar
  27. 27.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Workload-aware anonymization techniques for large-scale datasets. ACM Trans. Database Syst. 33, 17:1–17:47 (2008)Google Scholar
  28. 28.
    Kumaraguru, P., Cranor, L.F.: Privacy indexes: A survey of westin’s studies. ISRI Technical Report (2005)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Rosa Karimi Adl
    • 1
  • Mina Askari
    • 1
  • Ken Barker
    • 1
  • Reihaneh Safavi-Naini
    • 1
  1. 1.Department of Computer ScienceUniversity of CalgaryCalgaryCanada

Personalised recommendations