Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2018 | Book

Introduction to Mobility Data Privacy Read chapter Read first chapter

Handbook of Mobile Data Privacy

Editors: Aris Gkoulalas-Divanis, Claudio Bettini

Publisher: Springer International Publishing

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

This handbook covers the fundamental principles and theory, and the state-of-the-art research, systems and applications, in the area of mobility data privacy. It is primarily addressed to computer science and statistics researchers and educators, who are interested in topics related to mobility privacy. This handbook will also be valuable to industry developers, as it explains the state-of-the-art algorithms for offering privacy. By discussing a wide range of privacy techniques, providing in-depth coverage of the most important ones, and highlighting promising avenues for future research, this handbook also aims at attracting computer science and statistics students to this interesting field of research.

The advances in mobile devices and positioning technologies, together with the progress in spatiotemporal database research, have made possible the tracking of mobile devices (and their human companions) at very high accuracy, while supporting the efficient storage of mobility data in data warehouses, which this handbook illustrates. This has provided the means to collect, store and process mobility data of an unprecedented quantity, quality and timeliness. As ubiquitous computing pervades our society, user mobility data represents a very useful but also extremely sensitive source of information. On one hand, the movement traces that are left behind by the mobile devices of the users can be very useful in a wide spectrum of applications such as urban planning, traffic engineering, and environmental pollution management. On the other hand, the disclosure of mobility data to third parties may severely jeopardize the privacy of the users whose movement is recorded, leading to abuse scenarios such as user tailing and profiling.

A significant amount of research work has been conducted in the last 15 years in the area of mobility data privacy and important research directions, such as privacy-preserving mobility data management, privacy in location sensing technologies and location-based services, privacy in vehicular communication networks, privacy in location-based social networks, privacy in participatory sensing systems which this handbook addresses.. This handbook also identifies important privacy gaps in the use of mobility data and has resulted to the adoption of international laws for location privacy protection (e.g., in EU, US, Canada, Australia, New Zealand, Japan, Singapore), as well as to a large number of interesting technologies for privacy-protecting mobility data, some of which have been made available through open-source systems and featured in real-world applications.

Table of Contents

Frontmatter
Chapter 1. Introduction to Mobility Data Privacy
Abstract
The recent advances in mobile computing and positioning technologies have resulted in a tremendous increase to the amount and accuracy in which human location data can be collected and processed. Human mobility traces can be used to support a number of real-world applications spanning from urban planning and traffic engineering, to studying the spread of diseases and managing environmental pollution. At the same time, research studies have shown that individual mobility is highly predictable and mostly unique, thus information about individuals’ movement can be used by adversaries to re-identify them and to learn sensitive information about their whereabouts. To address such privacy concerns, a significant body of research has emerged in the last 15 years, studying privacy issues related to human mobility and location information, in a number of contexts and real-world applications. This work has led to the adoption of privacy laws worldwide, for location privacy protection, as well as to the proposal of novel privacy models and techniques for technically protecting user privacy, while maintaining data utility. This chapter provides an introduction to the field of mobility data privacy, discusses the emerging research directions, along with the real-world systems and applications that have been proposed.
Aris Gkoulalas-Divanis, Claudio Bettini

Fundamentals for Privacy in Mobility Data

Frontmatter
Chapter 2. Modeling and Understanding Intrinsic Characteristics of Human Mobility
Abstract
Humans are intrinsically social creatures and our mobility is central to understanding how our societies grow and function. Movement allows us to congregate with our peers, access things we need, and exchange information. Human mobility has huge impacts on topics like urban and transportation planning, social and biologic spreading, and economic outcomes. Modeling these processes has however been hindered so far by a lack of data. This is radically changing with the rise of ubiquitous devices. In this chapter, we discuss recent progress deriving insights from the massive, high resolution data sets collected from mobile phone and other devices. We begin with individual mobility, where empirical evidence and statistical models have shown important intrinsic and universal characteristics about our movement: we as human are fundamentally slow to explore new places, relatively predictable, and mostly unique. We then explore methods of modeling aggregate movement of people from place to place and discuss how these estimates can be used to understand and optimize transportation infrastructure. Finally, we highlight applications of these findings to the dynamics of disease spread, social networks, and economic outcomes.
Jameson L. Toole, Yves-Alexandre de Montjoye, Marta C. González, Alex (Sandy) Pentland
Chapter 3. Privacy in Location-Sensing Technologies
Abstract
Data analysis is becoming a popular tool to gain marketing insights from heterogeneous and often unstructured sensor data. Online stores make use of click stream analysis to understand customer intentions. Meanwhile, retail companies transition to locating technologies like RFID to gain better control and visibility of the inventory in a store. To further exploit the potential of these technologies, retail companies invest in novel services for their customers, such as smart fitting rooms or location of items in real time. In such a setting, a company can not only get insights similar to online stores, but can potentially also monitor customers. In this chapter, we discuss various location-sensing technologies used in retail and identify possible direct and indirect privacy threats that arise with their use. Subsequently, we present technological and organizational privacy controls that can help to minimize the identified privacy threats without losing on relevant marketing insights.
Andreas Solti, Sushant Agarwal, Sarah Spiekermann-Hoff

Main Research Directions in Mobility Data Privacy

Frontmatter
Chapter 4. Privacy Protection in Location-Based Services: A Survey
Abstract
Location awareness has enabled efficient and accurate geo-localised Internet services. Mobile apps exploiting these services have changed our way of navigating and searching for resources in geographical space. This chapter provides a classification of location based services (LBS) and illustrates the privacy aspects involved in releasing our location information as part of a service request. It includes a discussion about legal obligations of the LBS provider and about ways to specify personal location privacy preferences. The chapter also provides a systematic survey of the main approaches that have been proposed for protecting the user’s privacy while using these services.
Claudio Bettini
Chapter 5. Analyzing Your Location Data with Provable Privacy Guarantees
Abstract
The ubiquity of smartphones and wearable devices coupled with the ability to sense locations through these devices has brought location privacy into the forefront of public debate. Location information is actively collected to help improve ad targeting, provide useful services to users (e.g., traffic prediction), or study human mobility/activity patterns and correlate them to the health of individuals. In this chapter, we highlight the privacy concerns in large-scale collections of location data from user-centric mobile devices and explain how simple cloaking based techniques might be ineffective. This motivates the need for algorithms that collect and analyze location data with formal provable privacy guarantees. We discuss the state of the art in specifying formal privacy guarantees for location data, as well as algorithms that achieve these formal privacy guarantees. We conclude with open research directions in this area.
Ashwin Machanavajjhala, Xi He
Chapter 6. Opportunities and Risks of Delegating Sensing Tasks to the Crowd
Abstract
Mobile phones and tablets have long become ubiquitous with billions of devices sold worldwide. Equipped with a myriad of embedded sensors, these devices have enabled the rise of a new sensing paradigm: participatory sensing. While different terminologies, such as crowdsensing or mobile sensing, are used to define and refine different facets of this new paradigm, they share a common denominator—volunteers collect sensors readings using their personal devices as sensor platforms. The delegation of sensing tasks to a wide public offers multiple opportunities from the perspectives of applications, end users, and participants. However, the introduction of volunteers in the sensing loop also introduces some risks for these stakeholders. In this chapter, we hence provide an overview of existing applications and detail both the opportunities and risks raised by the contributions of volunteers to the sensing process.
Delphine Reinhardt, Frank Dürr
Chapter 7. Location Privacy in Spatial Crowdsourcing
Abstract
Spatial crowdsourcing (SC) is a new platform that engages individuals in collecting and analyzing environmental, social and other spatiotemporal information. With SC, requesters outsource their spatiotemporal tasks (tasks associated with location and time) to a set of workers, who will perform the tasks by physically traveling to the tasks’ locations. However, current solutions require the locations of the workers and/or the tasks to be disclosed to untrusted entities (SC server) for effective assignments of tasks to workers.
This chapter first identifies privacy threats toward both workers and tasks during the two main phases of spatial crowdsourcing, tasking and reporting. Tasking is the process of identifying which tasks should be assigned to which workers. This process is handled by a spatial crowdsourcing server (SC server). The latter phase is reporting, in which workers travel to the tasks’ locations, complete the tasks and upload their reports to the server. The challenge is to enable effective and efficient tasking as well as reporting in SC without disclosing the actual locations of workers (at least until they agree to perform a task) and the tasks themselves (at least to workers who are not assigned to those tasks).
This chapter aims to provide an overview of the state-of-the-art in protecting users’ location privacy in spatial crowdsourcing. We provide a comparative study of a diverse set of solutions in terms of task publishing modes (push vs. pull), problem focuses (tasking and reporting), threats (server, requester and worker), and underlying technical approaches (from pseudonymity, cloaking, and perturbation to exchange-based and encryption-based techniques). The strengths and drawbacks of the techniques are highlighted, leading to a discussion of open problems and future work.
Hien To, Cyrus Shahabi
Chapter 8. Privacy in Geospatial Applications and Location-Based Social Networks
Abstract
The use of location data has greatly benefited from the availability of location-based services, the popularity of social networks, and the accessibility of public location data sets. However, in addition to providing users with the ability to obtain accurate driving directions or the convenience of geo-tagging friends and pictures, location is also a very sensitive type of data, as attested by more than a decade of research on different aspects of privacy related to location data.
In this chapter, we focus on two domains that rely on location data as their core component: Geospatial applications (such as thematic maps and crowdsourced geo-information) and location-based social networks. We discuss the increasing relevance of geospatial applications to the current location-aware services, and we describe relevant concepts such as volunteered geographic information, geo-surveillance and how they relate to privacy. Then, we focus on a subcategory of geospatial applications, location-based social networks, and we introduce the different entities (such as users, services and providers) that are involved in such networks, and we characterize their role and interactions. We present the main privacy challenges and we discuss the approaches that have been proposed to mitigate privacy risks in location-based social networks. Finally, we conclude with a discussion of open research questions and promising directions that will contribute to improve privacy for users of location-based social networks.
Igor Bilogrevic
Chapter 9. Privacy of Connected Vehicles
Abstract
By enabling vehicles to exchange information with infrastructure and other vehicles, connected vehicles enable new safety applications and services. Because this technology relies on vehicles to broadcast their location in clear text, it also raises location privacy concerns. In this chapter, we discuss the connected-car ecosystem and its underlying privacy threats. We further present the privacy protection approach of short-term identifiers, called pseudonyms, that is currently foreseen for emerging standards in car-to-X communication. To that end, we discuss the pseudonym lifecycle and analyze the trade-off between dependability and privacy requirements. We give examples of other privacy protection approaches for pay-as-you-drive insurance, sharing of trip data, and electric vehicle charging. We conclude the chapter by an outlook on open challenges.
Jonathan Petit, Stefan Dietzel, Frank Kargl
Chapter 10. Privacy by Design for Mobility Data Analytics
Abstract
Privacy is an ever-growing concern in our society and is becoming a fundamental aspect to take into account when one wants to use, publish and analyze data involving human personal sensitive information, like data referring to individual mobility. Unfortunately, it is increasingly hard to transform the data in a way that it protects sensitive information: we live in the era of big data characterized by unprecedented opportunities to sense, store and analyze social data describing human activities in great detail and resolution. This is especially true when we work on mobility data, that are characterized by the fact that there is no longer a clear distinction between quasi-identifiers and sensitive attributes. Therefore, protecting privacy in this context is a significant challenge. As a result, privacy preservation simply cannot be accomplished by de-identification alone. In this chapter, we propose the Privacy by Design paradigm to develop technological frameworks for countering the threats of undesirable, unlawful effects of privacy violation, without obstructing the knowledge discovery opportunities of social mining and big data analytical technologies. Our main idea is to inscribe privacy protection into the knowledge discovery technology by design, so that the analysis incorporates the relevant privacy requirements from the start. We show three applications of the Privacy by Design principle on mobility data analytics. First we present a framework based on a data-driven spatial generalization, which is suitable for the privacy-aware publication of movement data in order to enable clustering analysis. Second, we present a method for sanitizing semantic trajectories, using a generalization of visited places based on a taxonomy of locations. The private data then may be used for extracting frequent sequential patterns. Lastly, we show how to apply the idea of Privacy by Design in a distributed setting in which movement data from individual vehicles is made private through differential privacy manipulations and then is collected, aggregated and analyzed by a centralized station.
Francesca Pratesi, Anna Monreale, Dino Pedreschi

Usability, Systems and Applications

Frontmatter
Chapter 11. Systems for Privacy-Preserving Mobility Data Management
Abstract
The increasing availability of data due to the explosion of mobile devices and positioning technologies has led to the development of efficient management and mining techniques for mobility data. However, the analysis of such data may result in significant risks regarding individuals’ privacy. A typical approach for privacy-aware mobility data sharing aims at publishing an anonymized version of the mobility dataset, operating under the assumption that most of the information in the original dataset can be disclosed without causing any privacy violation. On the other hand, an alternative strategy considers that data stays in-house to the hosting organization and privacy-preserving mobility data management systems are in charge of privacy-aware sharing of the mobility data. In this chapter, we present the state-of-the-art of the latter approach, including systems such as HipStream, Hermes++, and Private-Hermes.
Despina Kopanaki, Nikos Pelekis, Yannis Theodoridis
Chapter 12. Privacy-Preserving Release of Spatio-Temporal Density
Abstract
In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.
Gergely Acs, Gergely Biczók, Claude Castelluccia
Chapter 13. Context-Adaptive Privacy Mechanisms
Abstract
Sensing and context awareness are integral features of mobile computing and emerging Internet of Things systems. While context-aware systems enable smarter and more adaptive applications, they also cause privacy concerns due to the extensive collection of detailed information about individuals and their behavior, as well as the difficulties for individuals to understand and manage information flows. However, context awareness also holds significant potential for supporting users in managing their privacy more effectively. Context-adaptive privacy mechanisms can inform users about how changes in context may impact their privacy, recommend privacy-preserving actions tailored to the respective situation, as well as automate certain privacy configuration changes for the user. This chapter provides an overview of research on context-adaptive privacy mechanisms, including an introduction to context-aware computing and the context dependency of personal privacy; a discussion and model for operationalizing context awareness for privacy management, including privacy-relevant context features; as well as an overview of existing context-adaptive privacy mechanisms with various applications. The chapter concludes with a discussion of research challenges for context-adaptive privacy mechanisms.
Florian Schaub
Chapter 14. Location Privacy-Preserving Applications and Services
Abstract
Mobile location-based applications have recently prevailed due to the massive growth of the mobile devices and the mobile network. Such applications give the opportunity to the users to share content with the community which is coupled with their current geographical location. However, sharing such information might have serious privacy implications as an adversary might monitor the system and use such information to expose sensitive user information including user mobility traces and sensitive locations. This problem has led both the research community and the commercial mobile applications to develop several solutions to handle these privacy implications so as to enable users to disclose content without compromising their privacy. This chapter provides a survey of the state-of-the-art location-based mobile applications, describes the privacy implications that arise from contributing information in such applications and the respective existing countermeasures to deal with the privacy preservation issues. Furthermore, we describe our experiences from deploying a real-world location-based application that aims to allow the user contribute content and protect the user’s privacy.
Ioannis Boutsis, Vana Kalogeraki
Backmatter
Metadata
Title
Handbook of Mobile Data Privacy
Editors
Aris Gkoulalas-Divanis
Claudio Bettini
Copyright Year
2018
Electronic ISBN
978-3-319-98161-1
Print ISBN
978-3-319-98160-4
DOI
https://doi.org/10.1007/978-3-319-98161-1

Premium Partner

    Image Credits