Minimax randomized response methods for protecting respondent's privacy

• Published in: Communications in statistics. Theory and methods Vol. 52; no. 10; pp. 3429 - 3451
• Main Authors: Chai, Jichong, Nayak, Tapan K.
• Format: Journal Article
• Language: English
• Published: Philadelphia Taylor & Francis 19.05.2023; Taylor & Francis Ltd
• Subjects: Admissibility; linear unbiased estimator; local differential privacy; Minimax technique; Privacy; RAPPOR algorithm; squared error loss; transition probability matrix
• ISSN: 0361-0926; 1532-415X
• DOI: 10.1080/03610926.2021.1973503

Randomized response (RR) is a common privacy protection tool. It perturbs each true response using a probabilistic mechanism. Local differential privacy (LDP) is a rigorous privacy protection criterion that demands a guarantee that no intruder will get much new information about any respondent's true value from its perturbed value. Considering linear unbiased estimation of multinomial probabilities under LDP and squared error loss, we derive minimax RR methods. We address optimal choices for both the RR mechanism (or design) and the estimator. Our minimax design has a particular structure, which is used to define t-subset designs. We describe and study properties of t-subset designs including their practical implementation. We also study mixtures of t-subset designs and examine the RAPPOR method, which is used notably by Google and Apple. We note inadmissibility of the RAPPOR design and offer some suggestions for improving both the design and the customary estimator.