Practical Differential Privacy for Location Data Aggregation using a Hadamard Matrix

Location data are very valuable personal information. These private data are frequently sent to servers to query relevant information to the users. Often aggregated location statistics are made publicly available for public resource planning, behavioral studies, or commercial usages. This raises privacy issues. Working under the differential privacy paradigm, Chen, Li, Qin, Kasiviswanathan, and Jin [ICDE'16] proposed a count estimation protocol called PCEP which ensures є-local differential privacy and provides good frequency approximation based on the private succinct histogram protocol by Bassily and Smith [STOC'15]. We observe that, while providing an excellent theoretical guarantee, one of the key steps which essentially reduces location dimension, based on the Johnson-Lindenstrauss Lemma is not very helpful in practice as the actual dimension is even larger than the original dimension. We replace this step with the usage of Hadamard matrix. This results in more communication-efficient protocol (because the Hadamard matrix can be computed efficiently by the users) with theoretically improved approximation guarantee.

[1]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[2]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[3]  Carmela Troncoso,et al.  Unraveling an old cloak: k-anonymity for location privacy , 2010, WPES '10.

[4]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[5]  Raef Bassily,et al.  Local, Private, Efficient Protocols for Succinct Histograms , 2015, STOC.

[6]  Janardhan Kulkarni,et al.  Collecting Telemetry Data Privately , 2017, NIPS.

[7]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[8]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[9]  Raef Bassily,et al.  Practical Locally Private Heavy Hitters , 2017, NIPS.

[10]  Hongxia Jin,et al.  Private spatial data aggregation in the local setting , 2016, 2016 IEEE 32nd International Conference on Data Engineering (ICDE).

[11]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[12]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[13]  Huanyu Zhang,et al.  Hadamard Response: Estimating Distributions Privately, Efficiently, and with Little Communication , 2018, AISTATS.

[14]  Peter Kairouz,et al.  Discrete Distribution Estimation under Local Privacy , 2016, ICML.

[15]  Chunming Qiao,et al.  Mutual Information Optimally Local Private Discrete Distribution Estimation , 2016, ArXiv.

[16]  Fan Yang,et al.  k-Anonymity Location Privacy Algorithm Based on Clustering , 2018, IEEE Access.

[17]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.