Environmental Insights Explorer (EIE) is a Google product that reports aggregate statistics about human mobility, including various methods of transit used by people across roughly 50,000 regions globally. These statistics are used to estimate carbon emissions and provided to policymakers to inform their decisions on transportation policy and infrastructure. Due to the inherent sensitivity of this type of user data, it is crucial that the statistics derived and released from it are computed with appropriate privacy protections. In this work, we use a combination of federated analytics and differential privacy to release these required statistics, while operating under strict error constraints to ensure utility for downstream stakeholders. In this work, we propose a new mechanism that achieves $ \epsilon \approx 2 $-DP while satisfying these strict utility constraints, greatly improving over natural baselines. We believe this mechanism may be of more general interest for the broad class of group-by-sum workloads.

翻译：环境洞察探索器（EIE）是谷歌的一款产品，用于报告关于人类移动的聚合统计数据，包括全球约50,000个区域内人们使用的各种交通方式。这些统计数据用于估算碳排放，并提供给政策制定者，为其交通政策和基础设施决策提供信息。由于此类用户数据固有的敏感性，从其中计算并发布的统计数据必须采用适当的隐私保护措施。在本工作中，我们结合使用联邦分析和差分隐私来发布这些必需的统计数据，同时在严格的误差约束下运行，以确保对下游利益相关者的实用性。我们提出了一种新机制，在满足这些严格实用性约束的同时，实现约 $ \epsilon \approx 2 $ 的差分隐私，相比自然基线有显著提升。我们相信该机制对于更广泛的“分组求和”类工作负载可能具有更普遍的参考价值。