DP-WHERE: Differentially private modeling of human mobility

Models of human mobility have broad applicability in urban planning, ecology, epidemiology, and other fields. Starting with Call Detail Records (CDRs) from a cellular telephone network that have gone through a straightforward anonymization procedure, the prior WHERE modeling approach produces synthetic CDRs for a synthetic population. The accuracy of WHERE has been validated against billions of location samples for hundreds of thousands of cell phones in the New York and Los Angeles metropolitan areas. In this paper, we introduce DP-WHERE, which modifies WHERE by adding controlled noise to achieve differential privacy, a strict definition of privacy that makes no assumptions about the power or background knowledge of a potential adversary. We also present experiments showing that the accuracy of DP-WHERE remains close to that of WHERE and of real CDRs. With this work, we aim to enable the creation and possible release of synthetic models that capture the mobility patterns of real metropolitan populations while preserving privacy.

[1]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[2]  Albert-László Barabási,et al.  Limits of Predictability in Human Mobility , 2010, Science.

[3]  Stavros Papadopoulos,et al.  Practical Differential Privacy via Grouping and Smoothing , 2013, Proc. VLDB Endow..

[4]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[5]  Jillian Anable,et al.  Energy policy , 1974 .

[6]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[7]  Dan Suciu,et al.  Boosting the accuracy of differentially private histograms through consistency , 2009, Proc. VLDB Endow..

[8]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[9]  C. Dwork,et al.  Differential Privacy – A Primer for the Perplexed , 2011 .

[10]  Benjamin C. M. Fung,et al.  Differentially private transit data publication: a case study on the montreal transportation system , 2012, KDD.

[11]  Stephen G. Kobourov,et al.  A tale of two cities , 2010, HotMobile '10.

[12]  F. Girardin,et al.  Understanding of Tourist Dynamics from Explicitly Disclosed Location Information , 2007 .

[13]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[14]  Leonidas J. Guibas,et al.  The Earth Mover's Distance as a Metric for Image Retrieval , 2000, International Journal of Computer Vision.

[15]  Daniel A. Spielman,et al.  Spectral Graph Theory and its Applications , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[16]  Margaret Martonosi,et al.  Identifying Important Places in People's Lives from Cellular Network Data , 2011, Pervasive.

[17]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[18]  Alexandre Gerber,et al.  TOWARDS ESTIMATING THE PRESENCE OF VISITORS FROM THE AGGREGATE MOBILE PHONE NETWORK ACTIVITY THEY GENERATE , 2009 .

[19]  Margaret Martonosi,et al.  Human mobility modeling at metropolitan scales , 2012, MobiSys '12.

[20]  Divesh Srivastava,et al.  Differentially Private Spatial Decompositions , 2011, 2012 IEEE 28th International Conference on Data Engineering.

[21]  Divesh Srivastava,et al.  Differentially private summaries for sparse data , 2012, ICDT '12.

[22]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[23]  Ahmed Helmy,et al.  Modeling Time-Variant User Mobility in Wireless Mobile Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[24]  Kyunghan Lee,et al.  On the Levy-Walk Nature of Human Mobility , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[25]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.

[26]  Eran Omri,et al.  A Practical Application of Differential Privacy to Personalized Online Advertising , 2011, IACR Cryptol. ePrint Arch..

[27]  Ninghui Li,et al.  Differentially private grids for geospatial data , 2012, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[28]  Shen-Shyang Ho,et al.  Differential privacy for location pattern mining , 2011, SPRINGL '11.

[29]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[30]  Margaret Martonosi,et al.  Ranges of human mobility in Los Angeles and New York , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[31]  David Kotz,et al.  Extracting a Mobility Model from Real User Traces , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[32]  Michael Werman,et al.  Fast and robust Earth Mover's Distances , 2009, 2009 IEEE 12th International Conference on Computer Vision.