Differentially private filtering

Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, we introduce privacy concerns in a system theoretic context, and address here the problem of releasing filtered signals that respect the privacy of the input data stream.We rely on a formal notion of privacy introduced in the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information, and extend this notion to dynamic systems. We then describe methods to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered, where users either provide independent input signals or contribute events to a single integer-valued stream.