Entropy as a Measure of Average Loss of Privacy

Abstract

Privacy means that not everything about a person is known, that we need to ask additional questions to get the full information about the person. It therefore seems to reasonable to gauge the degree of privacy in each situation by the average number of binary (``yes''-``no'') questions that we need to ask to determine the full information -- which is exactly Shannon's entropy. The problem with this idea is that it is possible, by asking two binary questions -- and thus, strictly speaking, getting only two bits of information -- to sometimes learn a large amount of information. In this paper, we show that while entropy is not always an adequate measure of the {\em absolute} loss of privacy, it is a good idea for gauging the {\em average} loss of privacy. To properly evaluate different privacy-preserving schemes, so also propose to supplement the average privacy loss with the standard deviation of privacy loss -- to see how much the actual privacy loss cab deviate from its average value.