Private Rank Aggregation under Local Differential Privacy

As a method for answer aggregation in crowdsourced data management, rank aggregation aims to combine different agents' answers or preferences over the given alternatives into an aggregate ranking which agrees the most with the preferences. However, since the aggregation procedure relies on a data curator, the privacy within the agents' preference data could be compromised when the curator is untrusted. Existing works that guarantee differential privacy in rank aggregation all assume that the data curator is trusted. In this paper, we formulate and address the problem of locally differentially private rank aggregation, in which the agents have no trust in the data curator. By leveraging the approximate rank aggregation algorithm KwikSort, the Randomized Response mechanism, and the Laplace mechanism, we propose an effective and efficient protocol LDP-KwikSort. Theoretical and empirical results show that the solution LDP-KwikSort:RR can achieve the acceptable trade-off between the utility of aggregate ranking and the privacy protection of agents' pairwise preferences.

[1]  Toshihiro Kamishima,et al.  Nantonac collaborative filtering: recommendation based on order responses , 2003, KDD '03.

[2]  Josep Domingo-Ferrer,et al.  Individual Differential Privacy: A Utility-Preserving Formulation of Differential Privacy Guarantees , 2016, IEEE Transactions on Information Forensics and Security.

[3]  Lirong Xia,et al.  How Private Is Your Voting? A Framework for Comparing the Privacy of Voting Mechanisms , 2018, ArXiv.

[4]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[5]  Andrew Zimmer,et al.  Hoeffding's Inequality , 2014 .

[6]  Nir Ailon,et al.  Aggregating inconsistent information: Ranking and clustering , 2008 .

[7]  Ariel D. Procaccia,et al.  Better Human Computation Through Principled Voting , 2013, AAAI.

[8]  W. R. Simmons,et al.  The Unrelated Question Randomized Response Model: Theoretical Framework , 1969 .

[9]  Daniel Burton Shank,et al.  Using Crowdsourcing Websites for Sociological Research: The Case of Amazon Mechanical Turk , 2016 .

[10]  Xintao Wu,et al.  Using Randomized Response for Differential Privacy Preserving Data Collection , 2016, EDBT/ICDT Workshops.

[11]  Philip S. Yu,et al.  Differentially Private Data Publishing and Analysis: A Survey , 2017, IEEE Transactions on Knowledge and Data Engineering.

[12]  Dan Cosley,et al.  "It was a shady HIT": Navigating Work-Related Privacy Concerns on MTurk , 2018, CHI Extended Abstracts.

[13]  Tara S. Behrend,et al.  The viability of crowdsourcing for survey research , 2011, Behavior research methods.

[14]  A. Acquisti,et al.  Beyond the Turk: Alternative Platforms for Crowdsourcing Behavioral Research , 2016 .

[15]  Martin J. Wainwright,et al.  Local privacy and statistical minimax rates , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[16]  Chenglin Miao,et al.  Towards Differentially Private Truth Discovery for Crowd Sensing Systems , 2018, 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS).

[17]  Wenliang Du,et al.  OptRR: Optimizing Randomized Response Schemes for Privacy-Preserving Data Mining , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[18]  Sofya Raskhodnikova,et al.  Smooth sensitivity and sampling in private data analysis , 2007, STOC '07.

[19]  Stephanie Forrest,et al.  Application and analysis of multidimensional negative surveys in participatory sensing applications , 2013, Pervasive Mob. Comput..

[20]  Lawrence G. Sager Handbook of Computational Social Choice , 2015 .

[21]  Jiqiang Liu,et al.  DPWeVote: differentially private weighted voting protocol for cloud-based decision-making , 2019, Enterp. Inf. Syst..

[22]  Ninghui Li,et al.  Locally Differentially Private Protocols for Frequency Estimation , 2017, USENIX Security Symposium.

[23]  Akihiko Ohsuga,et al.  Differential Private Data Collection and Analysis Based on Randomized Multiple Dummies for Untrusted Mobile Crowdsensing , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Guoliang Li,et al.  Crowdsourced Data Management: A Survey , 2016, IEEE Transactions on Knowledge and Data Engineering.

[25]  Ian A. Kash,et al.  Truthful mechanisms for agents that value privacy , 2013, EC '13.

[26]  Alain Denise,et al.  Rank aggregation with ties: Experiments and Analysis , 2015, Proc. VLDB Endow..

[27]  Michael S. Bernstein,et al.  Mechanical Turk is Not Anonymous , 2013 .

[28]  C. L. Mallows NON-NULL RANKING MODELS. I , 1957 .

[29]  Raef Bassily,et al.  Practical Locally Private Heavy Hitters , 2017, NIPS.

[30]  Martin J. Wainwright,et al.  Privacy Aware Learning , 2012, JACM.

[31]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[32]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[33]  Douglas J. Leith,et al.  Optimal Differentially Private Mechanisms for Randomised Response , 2016, IEEE Transactions on Information Forensics and Security.

[34]  Gerome Miklau,et al.  Differentially Private Rank Aggregation , 2017, SDM.

[35]  Ninghui Li,et al.  Differential Privacy: From Theory to Practice , 2016, Differential Privacy.

[36]  J. A. Lozano,et al.  PerMallows: An R Package for Mallows and Generalized Mallows Models , 2016 .

[37]  Michael L. Crowe,et al.  Using Online, Crowdsourcing Platforms for Data Collection in Personality Disorder Research: The Example of Amazon’s Mechanical Turk , 2017, Personality disorders.

[38]  Liusheng Huang,et al.  Aggregating Votes with Local Differential Privacy: Usefulness, Soundness vs. Indistinguishability , 2019, ArXiv.

[39]  Sanjeev R. Kulkarni,et al.  The application of differential privacy for rank aggregation: Privacy and accuracy , 2014, 17th International Conference on Information Fusion (FUSION).

[40]  Chenglin Miao,et al.  An Efficient Two-Layer Mechanism for Privacy-Preserving Truth Discovery , 2018, KDD.

[41]  Arijit Chaudhuri,et al.  Randomized Response and Indirect Questioning Techniques in Surveys , 2010 .

[42]  WangYang,et al.  Our Privacy Needs to be Protected at All Costs , 2017 .

[43]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[44]  Laura A. Dabbish,et al.  Privacy Attitudes of Mechanical Turk Workers and the U.S. Public , 2014, SOUPS.

[45]  A KashIan,et al.  Truthful Mechanisms for Agents That Value Privacy , 2016 .

[46]  John A. Bates,et al.  Conducting Psychology Student Research Via the Mechanical Turk Crowdsourcing Service , 2013 .