The "obvious" techniques for reducing the threat of compromise -e.g., limiting the range of allowable responses, restricting the amount of overlap between query sets, and certain rounding schemes are easily circumvented. Other techniques -e.g., partitioning- may be robust, but at the price of limiting the usefulness of the data base. The conclusion is that complete privacy cannot be enforced without severely restricting the free flow of information.
Abstract