# MIDS Differential Privacy Assignment

Definition: We say that a mechanism $M$ is $\epsilon$-differential private if, for all databases $D$ and $D'$ that differ on exactly one element, and all measurable $S \subseteq Codomain(M) $,

$$ \mathbb{P}(M(D) \in S) \le exp(\epsilon)\mathbb{P}(M(D') \in S)$$

By symmetry, an equivalent way to represent this is as

$$ exp(-\epsilon) \le \frac{\mathbb{P}(M(D) \in S)}{\mathbb{P}(M(D') \in S)} \le exp(\epsilon)$$

## Exercise 1

The following questions are conceptual checks. Be as specific as possible with your justifications.

(1) Could differential privacy have neutralized the Personal Project Genome attack?

https://www.forbes.com/sites/adamtanner/2013/04/25/harvard-professor-re-identifies-anonymous-volunteers-in-dna-study/#6992f47e92c9

(2) Suppose a database curator decides to "protect" privacy by randomly selecting one individual's record and publish that entry as the result. Their argument in favor of this is that "there is low risk for an individual to be harmed in this mechanism." Explain how differential privacy protects against this type of information release, and why this type of release is terrible in general.

(3) How does differential privacy address the fact that an individual's risk of identification increases every time the data is queried? How does this relate to the concept of privacy budget?

(4) Suppose you know in advance that $K$ queries will be asked of a differentially private mechanism. What can you do to ensure a total privacy loss of $\epsilon$?

(5) What happens if you don't know how many queries will be asked of your differentially private mechanism. There could be 17 queries, or 3901 queries, or an unlimited amount. What can you do to ensure a total privacy loss of $\epsilon$ over all queries?


#### Solution
-- Write here

## Exercise 2

Suppose we have access to a database of citizens in a county, containing information on whether or not an individual has commited a felony or not. Call this data $X$, such that $X[i] = 1$ if person $i$ has a criminal record. 

You receive a request from a client for information regarding how many people in the county have criminal records. Being the privacy-conscientious data scientist you are, you know the potential privacy implications of returning this true value. 

You explain to the client that you can give them a differentially private answer, but they are on the fence about the inaccuracies introduced via random noise insertion.

### Part A
Explain to the client that there is a tradeoff between privacy and utility using simulaiton using the following array and candidate epsilon values.

In [2]:
## This portion creates a dataset with 1200 folks without a criminal record, and 800 folks with one
import numpy as np
np.random.seed(0)

x = np.asarray([0 for x in range(1200)] + [1 for x in range(800)])
eps_list_1 = [0.010, 0.015, 0.020, 0.025, 0.030]

#### Solution
-- Write here

A suggestion is to implement a `laplace_counter` that returns a DP-answer and then a `simulation` function that calls the `laplace_counter` as many times as specified in order to simulate the result of multiple queries.

Then plot the different results obtained when using each of the epsilons in `eps_list_1`.

### Part B
If we want to choose an $\epsilon$ that is within $10$% of the truth value on average, which $\epsilon$ should we choose? Explain your choice.

#### Solution
-- Write here

### Part C

Suppose we go ahead and use the $\epsilon$ from Part B. We'd like to be able to attach a confidence value that this specific $\epsilon$ will be within $w$% of the truth. Desgin an algorithm to do this. What is the confidence we have for being within 10% of the truth?

#### Solution

-- Write here


## Exercise 3

(Building off of Exercise 2) Suppose now we are interested in the proportion of individuals with a criminal record, as opposed to a count. Furthermore, imagine that we want to build a general query system that takes in (1) the percent error an individual is willing to accept and (2) the confidence level they want for the result. 

Simulations are cool and all, but they are rather computationally expensive. Using elementary probability, create an algorithm that takes in (1) and (2) as inputs, and computes a differentially private estimate of the mean. Show your work for the derivation of the algorithm, and run a few test cases to verify that it indeed works.

#### Solution

-- Write here

## Exercise 4

Suppose we have a dataset of political party affiliation. 

In [3]:
## This portion creates a dataset with 2500 folks - 1K Republicans, 1.1K Democrats, and 400 Independents

x = np.asarray(["REPUB" for x in range(1000)] + ["DEMOC" for x in range(1100)] + ["INDEP" for x in range(400)])

We want to release a differentially private estimate of the mode with $\epsilon$ = 0.1 

(A) Write a function to do this. 

(B) Explain what differential privacy does to the underlying distribution of this categorical data.

(C) Is "INDEP" more likely to occur with a large $\epsilon$ or a small $\epsilon$?

#### Solution
-- Write here

## EXTRA - DIFFERENTIAL PRIVACY WITH THE STOCHASTIC GRADIENT DESCENT

This is an optional exercise that demonstrates how we can use differntial privacy in the machine learning training process.

Using the MNIST dataset, build two classifiers to predict whether a given image is a 2 or a 3: one using logistic regression with stochastic gradient descent, and another using differentially private logistic regression with stochastic gradient descent.

In [None]:
## Note -- may need to do 
## pip install mnist
## first
import mnist

print "Success"

In [None]:
import os
import pandas as pd
import numpy as np

print "Success"

In [None]:
from sklearn.datasets import fetch_mldata
mnist_dataset = fetch_mldata('MNIST original')
Y_2 = mnist_dataset['data'][np.where(mnist_dataset['target'] == 2.)[0]]
Y_3 = mnist_dataset['data'][np.where(mnist_dataset['target'] == 3.)[0]]
print 'number of twos:', Y_2.shape[0]
print 'number of threes:', Y_3.shape[0]


In [None]:
Y_2.shape

In [None]:
data = np.vstack([Y_2, Y_3])
labels = np.asarray([0 for j in range(Y_2.shape[0])] + [1 for j in range(Y_3.shape[0])])

print data.shape
print labels.shape

The following provides a guide of the structure to utilize for implementing Logistic Regression with DP-updates

In [None]:
## Standard Logistic Regression 

## Logistic regression prediction function
def log_reg_predict(coeff, x):
    pass

## Stochastic Gradient Descent for Logistic Regression
def log_reg_coef_sgd(features, labels, l_rate, num_epochs):
    ## remember to RANDOMLY SHUFFLE THE DATASET
    pass

## Differentially Private Stochastic Gradient Descent for Logistic Regression
## http://cseweb.ucsd.edu/~kamalika/pubs/scs13.pdf
## This paper shows the global sensitity for batch gradient descent of size b is 2.0 * learning_rate / b
## Thus, for stochastic gradient descent, b = 1 => sensitivity of 2.0 * learning_rate
def DP_log_reg_coef_sgd(features, labels, l_rate, num_epochs, eps):
    ## remember to RANDOMLY SHUFFLE THE DATASET
    pass

print "Utility functions loaded"

In [None]:
from sklearn.cross_validation import train_test_split

X_train, X_test, y_train, y_test = train_test_split(data, labels, test_size=0.33, random_state=42)

print X_train.shape
print y_train.shape
print X_test.shape
print y_test.shape

In [None]:
coeff = log_reg_coef_sgd(X_train, y_train, 1, 1)

In [None]:
def log_reg_scorer(X_train, y_train, X_test, y_test, l_rate, num_epochs, threshold):
    ## Learn the coefficients    
    ## Predict on the test set
    ## Return the accuracy
    pass

print "Scorer function loaded"

In [None]:
def DP_log_reg_scorer(X_train, y_train, X_test, y_test, l_rate, num_epochs, threshold, epsilon):
    ## Learn the coefficients
    ## Predict on the test set
    ## Return the accuracy
    pass

print "Scorer function loaded"

In [None]:
print log_reg_scorer(X_train, y_train, X_test, y_test, 1, 1, 0.5)

In [None]:
sim_size = 10
score_catcher = []
for k in range(sim_size):
    print "simulation " + str(k+1)  
    score_catcher.append(DP_log_reg_scorer(X_train, y_train, X_test, y_test, 1, 1, 0.5, 0.1))
    
print np.mean(score_catcher)