Alex Kulesza, Google
Differential privacy has become the standard for private data analysis, and an extensive literature now offers differentially private algorithms for a wide variety of problems. However, translating these algorithms into practical systems often requires confronting details that the literature ignores or abstracts away: users may contribute multiple records, the domain of possible records may be unknown, and the eventual system must scale to large volumes of data. Failure to account for such issues can severely impair quality and usability. We present Plume, a system built to address these challenges. We describe a number of subtle implementation issues and offer practical solutions that, together, make an industrial-scale system for differentially private data analysis possible. Plume is currently deployed at Google and is routinely used to process datasets with trillions of records.
Alex Kulesza, Google
Alex Kulesza is a research scientist at Google studying the theory and practice of differential privacy.
author = {Alex Kulesza},
title = {Plume: Differential Privacy at Scale},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = sep
}