Differential Privacy for Whistleblowers: When Audit Choices Leak Signals
Introduction
Whistleblower systems are meant to surface misconduct, but their effectiveness depends on whether reporters can avoid retaliation. A new arXiv paper, “Plausible Deniability Guarantees for Whistleblowers,” focuses on a subtle channel of leakage: not the content of a report, but the sequence of audit decisions made after reports arrive.
The threat model is direct. If the organization being audited can observe which organizations are selected for review over time, it may infer that a new report changed the odds of being audited. That observation can become a clue for identifying or retaliating against a whistleblower.
Key points
-
A stronger and more realistic adversary. The paper models the audited organization as an observer of the audit-selection transcript. This matters because audit priorities are often visible, or at least inferable, to the organizations affected by them.
-
Plausible deniability via differential privacy. The authors define protection as per-report $(0, \delta)$-differential privacy over the transcript of audit selections. In plain terms, adding or removing one report should not make the visible sequence of audit choices reliably distinguishable, except with a small failure probability.
-
Randomized response hits a wall. A seemingly natural approach is to randomize the selection decision itself, blending report-driven choices with noise. The paper proves that, in this framework, randomized response at the selection step can never outperform uniform random auditing by more than $\delta$ at any horizon. That is a strong limitation: it suggests that simply adding randomization to the final audit choice is not enough.
-
Private auditing as private continual counting. The proposed mechanism instead reduces the problem to continual counting. A $(0, \delta)$-differentially private continual counter tracks report counts, and the audit decision is computed as a post-processing step. Because differential privacy is preserved under post-processing, the audit transcript inherits the same per-report guarantee.
-
Improved utility over time. Instantiating the reduction with recent continual-counting work gives noise that scales as $O(\sqrt{\log T})$ across a horizon of $T$ audit decisions. The paper’s utility theorem states that selection error vanishes when the noisy gap between the most-reported organization and the runner-up grows faster than $\sqrt{\log T}$. Simulations show a substantial improvement over randomized response.
Why it matters
The paper’s broader message is that governance systems can leak information through their actions, even if the underlying reports remain hidden. In compliance, platform safety, public-sector oversight, and AI governance, investigations often follow signals submitted by insiders. If the investigation pattern is too tightly coupled to a specific report, the system may reveal the very person it aims to protect.
The work also highlights the importance of privacy over sequential decision-making. An auditor does not make one public release; it makes repeated choices, and adversaries can accumulate observations over time. Continual counting is therefore a better fit than a one-shot privacy mechanism.
This is not a full operational whistleblower program. Legal safeguards, organizational separation, evidence handling, and institutional trust still matter. But technically, the paper gives a clearer foundation for designing audit systems that can respond to reports without making reporters easier to identify.
Source: arXiv
Comments
Checking sign-in status...
Loading comments...