Privacy and spatial pattern preservation in masked GPS trajectory data

ABSTRACT Personal trajectory data are increasingly collected for a variety of academic and recreational pursuits. As access to location data widens and locations are linked to other information repositories, individuals become increasingly vulnerable to identification. The quality and precision of spatially linked attributes are essential to accurate analysis; yet, there is a trade-off between privacy and geographic data resolution. Obfuscation of point data, or masking, is a solution that aims to protect privacy and maximize preservation of spatial pattern. Trajectory data, with multiple locations recorded for an entity over time, is a strong personal identifier. This study explores the balance between privacy and spatial pattern resulting from two methods of obfuscation for personal GPS data: grid masking and random perturbation. These methods are applied to travel survey GPS data in the greater metropolitan regions of Chicago and Atlanta. The rate of pattern correlation between the original and masked data sets declines as the distance thresholds for masking increase. Grid masking at the 250-m threshold preserves route anonymity better than other methods and distance thresholds tested, but preserves spatial pattern least. This study also finds via linear regression that median trip speed and road density are significant predictors of trip anonymity.

[1]  Vania Bogorny,et al.  A model for enriching trajectories with semantic geographical information , 2007, GIS.

[2]  Christopher A Cassa,et al.  Re-identification of home addresses from spatial locations anonymized by Gaussian skew , 2008, International journal of health geographics.

[3]  Kenneth D Mandl,et al.  Privacy protection versus cluster detection in spatial epidemiology. , 2006, American journal of public health.

[4]  M. Leitner,et al.  A first step towards a framework for presenting the location of confidential point data on maps—results of an empirical perceptual study , 2006, Int. J. Geogr. Inf. Sci..

[5]  William B Allshouse,et al.  Geomasking sensitive health data and privacy protection: an evaluation using an E911 database , 2010, Geocarto international.

[6]  Stefan Wrobel,et al.  Visual analytics tools for analysis of movement data , 2007, SKDD.

[7]  G. Rushton,et al.  Geographically masking health data to preserve confidentiality. , 1999, Statistics in medicine.

[8]  Gerald Friedland,et al.  Cybercasing the Joint: On the Privacy Implications of Geo-Tagging , 2010, HotSec.

[9]  M. Boulos,et al.  Musings on privacy issues in health research involving disaggregate geographic data about individuals , 2009, International journal of health geographics.

[10]  Xun Shi,et al.  Kernel density estimation with geographically masked points , 2009, 2009 17th International Conference on Geoinformatics.

[11]  Xing Xie,et al.  Destination prediction by sub-trajectory synthesis and privacy protection against such prediction , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[12]  Dimitrios Gunopulos,et al.  Discovering similar multidimensional trajectories , 2002, Proceedings 18th International Conference on Data Engineering.

[13]  Yücel Saygin,et al.  Towards trajectory anonymization: a generalization-based approach , 2008, SPRINGL '08.

[14]  Eric Horvitz,et al.  Predestination: Inferring Destinations from Partial Trajectories , 2006, UbiComp.

[15]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[16]  Gerard Rushton,et al.  Geocoding in cancer research: a review. , 2006, American journal of preventive medicine.

[17]  Zhen Liu,et al.  Performances of Different Global Positioning System Devices for Time-Location Tracking in Air Pollution Epidemiological Studies , 2010, Environmental health insights.

[18]  Lars Kulik,et al.  Location privacy and location-aware computing , 2006 .

[19]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[20]  Irene Casas,et al.  Protection of Geoprivacy and Accuracy of Spatial Information: How Effective Are Geographical Masks? , 2004, Cartogr. Int. J. Geogr. Inf. Geovisualization.

[21]  Katie Shilton,et al.  Participatory personal data: An emerging research challenge for the information sciences , 2012, J. Assoc. Inf. Sci. Technol..

[22]  Chi-Yin Chow,et al.  Trajectory privacy in location-based services and data publication , 2011, SKDD.

[23]  Maged N Kamel Boulos,et al.  The perceived impact of location privacy: A web-based survey of public health perspectives and requirements in the UK and Canada , 2008, BMC public health.

[24]  P. Zandbergen Ensuring Confidentiality of Geocoded Health Data: Assessing Geographic Masking Strategies for Individual-Level Data , 2014, Advances in medicine.

[25]  Shannon C. Wieland,et al.  Revealing the spatial distribution of a disease while preserving privacy , 2008, Proceedings of the National Academy of Sciences.

[26]  Ephrem Eyob Social Implications of Data Mining and Information Privacy: Interdisciplinary Frameworks and Solutions , 2008 .

[27]  Sébastien Gambs,et al.  Show me how you move and I will tell you who you are , 2010, SPRINGL '10.

[28]  B. Kar,et al.  The Myth of Location Privacy in the United States: Surveyed Attitude Versus Current Practices , 2013 .

[29]  Jianwen Su,et al.  One Way Distance: For Shape Based Similarity Search of Moving Object Trajectories , 2008, GeoInformatica.

[30]  A. Curtis,et al.  Spatial confidentiality and GIS: re-engineering mortality locations from published maps about Hurricane Katrina , 2006, International journal of health geographics.

[31]  S. Elwood,et al.  Privacy, reconsidered: New representations, data practices, and the geoweb , 2011 .

[32]  Andrew Curtis,et al.  Confidentiality risks in fine scale aggregations of health data , 2011, Comput. Environ. Urban Syst..

[33]  Steven M. Bellovin,et al.  When Enough is Enough: Location Tracking, Mosaic Theory, and Machine Learning , 2014 .

[34]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[35]  Aris Gkoulalas-Divanis,et al.  Privacy in Trajectory Data , 2009 .

[36]  Sébastien Gambs,et al.  GEPETO: A GEoPrivacy-Enhancing TOolkit , 2010, 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops.

[37]  Nirvana Meratnia,et al.  Aggregation and comparison of trajectories , 2002, GIS '02.

[38]  Christian S. Jensen,et al.  Location-Related Privacy in Geo-Social Networks , 2011, IEEE Internet Computing.

[39]  Michael F. Goodchild,et al.  Is privacy still an issue in the era of big data? — Location disclosure in spatial footprints , 2013, 2013 21st International Conference on Geoinformatics.

[40]  William B Allshouse,et al.  Practice of Epidemiology Mapping Health Data: Improved Privacy Protection With Donut Method Geomasking , 2010 .

[41]  M. Rand,et al.  National Crime Victimization Survey: Stalking Victimization in the United States , 2009 .