De-identification Project

Integrating Utility into Face De-Identification

by Ralph Gross, Edoardo Airoldo, Bradley Malin, and Latanya Sweeney


With the proliferation of inexpensive video surveillance and face recognition technologies, it is increasingly possible to track and match people as they move through public spaces. To protect the privacy of subjects visible in video sequences, prior research suggests using ad hoc obfuscation methods, such as blurring or pixelation of the face. How- ever, there has been little investigation into how obfuscation influences the usability of images, such as for classification tasks. In this paper, we demonstrate that at high obfuscation levels, ad hoc methods fail to pre- serve utility for various tasks, whereas at low obfuscation levels, they fail to prevent recognition. To overcome the implied tradeoff between pri- vacy and utility, we introduce a new algorithm, k-Same-Select, which is a formal privacy protection schema based on k-anonymity that provably protects privacy and preserves data utility. We empirically validate our findings through evaluations on the FERET database, a large real world dataset of facial images.

Keywords: Video surveillance, privacy, de-identification, privacy-preserving data mining, k-anonymity, microaggregation

Gross, R. Airoldi, E., Malin, B., and Sweeney, L. Integrating Utility into Face De-Identification. Workshop on Privacy-Enhanced Technologies, 2005. (PDF).

Related Links

Copyright © 2011. President and Fellows Harvard University.   |   IQSS   |    Data Privacy Lab   |    []