Is Entropy enough for measuring Privacy?
Sevgi Arca, Rattikorn Hewett
Abstract
Anonymization is critical to privacy. It helps protect the identity and sensitive information of individuals from their profile data. Knowing the degree of anonymity attained is an important step to advance privacy and anonymization techniques. However, little research has focused on articulating a measure to quantify the quality of anonymization. On the other hand, many have used popular Shannon's entropy, a well-established measure from information theory, as a way to measure anonymity. In this paper, we take a closer look at the meaning, the distinction and the relationship between anonymity and entropy with respect to privacy. We argue that, even though information entropy is used amply as a metric for anonymity, it is not a befitting measure. Furthermore, although parts of the entropy's information theory are relevant, they alone are not adequate to be a proper measure for anonymity. This paper presents a simple, intuitive, and theoretically grounded measure for anonymity. We provide a comparison analysis between our measure with other entropy-based metrics along with experiments to show the effectiveness of our proposed measure.