Differential privacy with partial knowledge

Differential privacy offers formal quantitative guarantees for privacy mechanisms, but in its associative interpretation, it assumes an attacker who knows all records but one in the database. This assumption often vastly overapproximates an attacker's actual strength, which can lead to unnecessarily poor utility. Recent work has made significant steps towards privacy in the presence of partial background knowledge, which models a realistic attacker's uncertainty. However, we show that existing approaches have definitional problems when used on data containing correlations and that the capabilities of the attacker have not been specified precisely. We propose a practical criterion to prevent correlation problems, and delineate the cases of a passive versus an active attacker. This allows us to apply these concepts in practical contexts: we significantly improve known results about the privacy of counting queries under partial knowledge, and we show that thresholding can provide formal guarantees against passive attackers; even where there is little randomness in the data.