Date and time: Wednesday, 22 April 2026, 14:00-15:00 CEST
Speaker: Annabelle McIver, Macquarie University, Sydney
Title: What makes a good definition for privacy?
Location: Harry Nyquist room in Malvinas väg 10, floor 7, KTH main campus, Stockholm
Bio: Annabelle McIver is a professor of Computer Science at Macquarie University in Sydney, and co-director of the Future Communications Research Centre. Annabelle trained as a mathematician at Cambridge and Oxford Universities, and her research uses mathematics to prove quantitative properties of programs.
More recently she has worked on foundations for quantitative information flow for analysing security and privacy properties in complex systems. She is co-author of the book “Abstraction, Refinement and Proof for Probabilistic Systems”, and “The Science of Quantitative Information Flow”.
Abstract: f-differential privacy(f-DP) is a recent definition for privacy based on statistical hypothesis testing. It can offer improved predictions of “privacy loss”. It has been used to analyse specific privacy mechanisms, such as the popular Gaussian mechanism. Whilst in theory this enables more nuanced analysis of privacy risks, it does not support explicit composition theorems making it challenging to apply to the analysis of complex privacy-preserving implementations.
In this talk we show how f-DP’s foundation in statistical hypothesis testing implies equivalence to the channel model of Quantitative Information Flow (QIF). We demonstrate this equivalence as a Galois connection between two partially-ordered sets, namely f-DP’s trade-off functions, and a class of information channels. This equivalence enables novel general composition theorems for f-DP, supporting improved analysis for complex privacy designs. We apply our results to the popular privacy mechanisms such as sub-sampling and purification, to produce novel f-DP profiles for these general privacy-enhancing algorithms.
