We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers’ privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

中文翻译：

---

具有外部性的移动人群感知的隐私保护数据聚合：一种拍卖方法

我们开发了一个拍卖框架，用于移动众包中的隐私保护数据聚合，该平台扮演拍卖师的角色，为传感任务招募工人。允许工人报告其数据的嘈杂版本以保护隐私；平台根据感知能力选择工作者，保证聚合结果的准确度。观察到，当将数据隐私的控制权从数据聚合器转移到工人时，数据聚合器的市场力量有限，因为它只能通过根据工人的隐私偏好明智地选择工人子集来部分控制噪音。这介绍外部性因为每个工人的隐私取决于聚合结果中的总噪音，而后者又取决于选择了哪些工人。具体来说，我们首先考虑一个隐私被动的场景，如果他们的隐私损失可以通过奖励得到充分补偿，那么工人就会参与其中。我们明确地描述了问题的外部性和隐藏的单调性，从而有可能设计出真实的、个人理性的和计算效率高的激励机制。然后，我们将结果扩展到隐私主动场景，在该场景中，工作人员对其可感知的数据隐私级别有个人要求。我们针对这两种情况提出的机制可以选择一个工作人员子集，以（几乎）最小化购买他们的私人传感数据的成本，这取决于聚合结果的准确性要求。