Advanced search
Publication Cover
Cartography and Geographic Information Science Volume 50, 2023 - Issue 6
Submit an article Journal homepage
238
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Geo-indistinguishable masking: enhancing privacy protection in spatial point mapping

Yue LinCenter for Spatial Data Science, The University of Chicago, IL, USACorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0001-8568-7734
ORCID Icon
Pages 608-623 | Received 16 May 2023, Accepted 03 Oct 2023, Published online: 31 Oct 2023

References

  • Allshouse, W. B., Fitch, M. K., Hampton, K. H., Gesink, D. C., Doherty, I. A., Leone, P. A., Serre, M. L., & Miller, W. C. (2010). Geomasking sensitive health data and privacy protection: An evaluation using an e911 database. Geocarto International, 25(6), 443–452. https://doi.org/10.1080/10106049.2010.496496
  • Andrés, M. E., Bordenabe, N. E., Chatzikokolakis, K., & Palamidessi, C. (2013). Geo-indistinguishability: Differential privacy for location-based systems. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 901–914). Association for Computing Machinery.
  • Armstrong, M. P., & Ruggles, A. J. (1999). Map hacking: On the use of inverse address-matching to discover individual identities from point-mapped information sources. In Geographic Information and Society: An International Conference. University of Minnesota.
  • Armstrong, M. P., & Ruggles, A. J. (2005). Geographic information technologies and personal privacy. Cartographica: The International Journal for Geographic Information and Geovisualization, 40(4), 63–73. https://doi.org/10.3138/RU65-81R3-0W75-8V21
  • Armstrong, M. P., Rushton, G., & Zimmerman, D. L. (1999). Geographically masking health data to preserve confidentiality. Statistics in Medicine, 18(5), 497–525.
  • Baddeley, A., Rubak, E., & Turner, R. (2015). Spatial point patterns: Methodology and applications with R. CRC press.
  • Bakillah, M., Liang, S., Mobasheri, A., Jokar Arsanjani, J., & Zipf, A. (2014). Fine-resolution population mapping using openStreetMap points-of-interest. International Journal of Geographical Information Science, 28(9), 1940–1963. https://doi.org/10.1080/13658816.2014.909045
  • Bordenabe, N. E., Chatzikokolakis, K., & Palamidessi, C. (2014). Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 251–262). Association for Computing Machinery.
  • Boulos, M. N. K., Curtis, A., & AbdelMalik, P. (2009). Musings on privacy issues in health research involving disaggregate geographic data about individuals. International Journal of Health Geographics, 8(1), 1–8. https://doi.org/10.1186/1476-072X-8-46
  • Brownstein, J. S., Cassa, C. A., Kohane, I. S., & Mandl, K. D. (2005). Reverse geocoding: Concerns about patient confidentiality in the display of geospatial health data. In AMIA Annual Symposium Proceedings (pp. 905). American Medical Informatics Association.
  • Brownstein, J. S., Cassa, C. A., Kohane, I. S., & Mandl, K. D. (2006). An unsupervised classification method for inferring original case locations from low-resolution disease maps. International Journal of Health Geographics, 5(1), 1–7. https://doi.org/10.1186/1476-072X-5-56
  • Brownstein, J. S., Cassa, C. A., & Mandl, K. D. (2006). No place to hide—reverse identification of patients from published maps. New England Journal of Medicine, 355(16), 1741–1742. https://doi.org/10.1056/NEJMc061891
  • Cassa, C. A., Grannis, S. J., Overhage, J. M., & Mandl, K. D. (2006). A context-sensitive approach to anonymizing spatial surveillance data: Impact on outbreak detection. Journal of the American Medical Informatics Association, 13(2), 160–165. https://doi.org/10.1197/jamia.M1920
  • Chainey, S., & Ratcliffe, J. (2013). GIS and crime mapping. John Wiley & Sons.
  • Charleux, L., & Schofield, K. (2020). True spatial k-anonymity: Adaptive areal elimination vs. adaptive areal masking. Cartography and Geographic Information Science, 47(6), 537–549. https://doi.org/10.1080/15230406.2020.1794975
  • Chatzikokolakis, K., Palamidessi, C., & Stronati, M. (2015). Location privacy via geo-ndistinguishability. ACM SIGLOG News, 2(3), 46–69. https://doi.org/10.1145/2815493.2815499
  • Chen, R., Li, L., Ma, Y., Gong, Y., Guo, Y., Ohtsuki, T., & Pan, M. (2022). Constructing mobile crowdsourced COVID-19 vulnerability map with geo-indistinguishability. IEEE Internet of Things Journal, 9(18), 17403–17416. https://doi.org/10.1109/JIOT.2022.3158895
  • Clarke, K. C. (2016). A multiscale masking method for point geographic data. International Journal of Geographical Information Science, 30(2), 300–315. https://doi.org/10.1080/13658816.2015.1085540
  • Cover, T., & Hart, P. (1967). Nearest neighbor pattern classification. IEEE Transactions on Information Theory, 13(1), 21–27. https://doi.org/10.1109/TIT.1967.1053964
  • Crampton, J. W. (2003). Cartographic rationality and the politics of geosurveillance and security. Cartography and Geographic Information Science, 30(2), 135–148. https://doi.org/10.1559/152304003100011108
  • Crampton, J. W. (2007). The biopolitical justification for geosurveillance. Geographical Review, 97(3), 389–403. https://doi.org/10.1111/j.1931-0846.2007.tb00512.x
  • Cromley, E. K., & McLafferty, S. L. (2011). GIS and public health. Guilford Press.
  • Curry, M. R. (1997). The digital individual and the private realm. Annals of the Association of American Geographers, 87(4), 681–699. https://doi.org/10.1111/1467-8306.00073
  • Curtis, A., Mills, J. W., & Leitner, M. (2006a). Keeping an eye on privacy issues with geospatial data. Nature, 441(7090), 150–150. https://doi.org/10.1038/441150d
  • Curtis, A., Mills, J. W., & Leitner, M. (2006b). Spatial confidentiality and GIS: Re-engineering mortality locations from published maps about hurricane katrina. International Journal of Health Geographics, 5(1), 1–12. https://doi.org/10.1186/1476-072X-5-44
  • Dobson, J. E., & Fisher, P. F. (2003). Geoslavery. IEEE Technology and Society Magazine, 22(1), 47–52. https://doi.org/10.1109/MTAS.2003.1188276
  • Dong, K., Guo, T., Ye, H., Li, X., & Ling, Z. (2018). On the limitations of existing notions of location privacy. Future Generation Computer Systems, 86, 1513–1522. https://doi.org/10.1016/j.future.2017.05.045
  • Dwork, C., McSherry, F., Nissim, K., & Smith, A. (2006). Calibrating noise to sensitivity in private data analysis. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3876, 265–284. https://doi.org/10.1007/11681878_14
  • El Emam, K., & Arbuckle, L. (2013). Anonymizing health data: Case studies and methods to get you started. O’Reilly Media, Inc.
  • Ester, M., Kriegel, H.-P., Sander, J., & Xu, X. (1996). A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (pp. 226–231). AAAI Press.
  • Fisher, P., & Dobson, J. (2003). Who knows where you are, and who should, in the era of mobile geography? Geography, 88(4), 331–337. http://www.jstor.org/stable/40573887
  • Ghinita, G., Zhao, K., Papadias, D., & Kalnis, P. (2010). A reciprocal framework for spatial k-anonymity. Information Systems, 35(3), 299–314. https://doi.org/10.1016/j.is.2009.10.001
  • Gurobi Optimization, LLC. (2021). Gurobi optimizer reference manual. https://www.gurobi.com
  • Hampton, K. H., Fitch, M. K., Allshouse, W. B., Doherty, I. A., Gesink, D. C., Leone, P. A., Serre, M. L., & Miller, W. C. (2010). Mapping health data: Improved privacy protection with donut method geomasking. American Journal of Epidemiology, 172(9), 1062–1069. https://doi.org/10.1093/aje/kwq248
  • Hasanzadeh, K., Kajosaari, A., Häggman, D., & Kyttä, M. (2020). A context sensitive approach to anonymizing public participation gis data: From development to the assessment of anonymization effects on data quality. Computers, Environment and Urban Systems, 83, 101513. https://doi.org/10.1016/j.compenvurbsys.2020.101513
  • Kounadi, O., Lampoltshammer, T. J., Leitner, M., & Heistracher, T. (2013). Accuracy and privacy aspects in free online reverse geocoding services. Cartography and Geographic Information Science, 40(2), 140–153. https://doi.org/10.1080/15230406.2013.777138
  • Kounadi, O., & Leitner, M. (2014). Why does geoprivacy matter? The scientific publication of confidential data presented on maps. Journal of Empirical Research on Human Research Ethics, 9(4), 34–45. https://doi.org/10.1177/1556264614544103
  • Kounadi, O., & Leitner, M. (2016). Adaptive areal elimination (AAE): A transparent way of disclosing protected spatial datasets. Computers, Environment and Urban Systems, 57, 59–67. https://doi.org/10.1016/j.compenvurbsys.2016.01.004
  • Kwan, M.-P., Casas, I., & Schmitz, B. (2004). Protection of geoprivacy and accuracy of spatial information: How effective are geographical masks? Cartographica: The International Journal for Geographic Information and Geovisualization, 39(2), 15–28. https://doi.org/10.3138/X204-4223-57MK-8273
  • Lee, J.-G., & Kang, M. (2015). Geospatial big data: Challenges and opportunities. Big Data Research, 2(2), 74–81. https://doi.org/10.1016/j.bdr.2015.01.003
  • Leitner, M., & Curtis, A. (2004). Cartographic guidelines for geographically masking the locations of confidential point data. Cartographic Perspectives, 49(49), 22–39. https://doi.org/10.14714/CP49.439
  • Leitner, M., & Curtis, A. (2006). A first step towards a framework for presenting the location of confidential point data on maps—results of an empirical perceptual study. International Journal of Geographical Information Science, 20(7), 813–822. https://doi.org/10.1080/13658810600711261
  • Lin, Y. (2023). Privacy and Utility of Geographic Data: Revealing, Evaluating, and Mitigating the Externalities of Geographic Privacy Protection [ Doctoral dissertation, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1681120766846778
  • Lin, Y., & Xiao, N. (2022). Developing synthetic individual-level population datasets: The case of contextualizing maps of privacy-preserving census data. In AutoCarto 2022, The 24th International Research Symposium on Cartography and GIScience.
  • Lin, Y., & Xiao, N. (2023a). A computational framework for preserving privacy and maintaining utility of geographically aggregated data: A stochastic spatial optimization approach. Annals of the American Association of Geographers, 113(5), 1035–1056. https://doi.org/10.1080/24694452.2023.2178377
  • Lin, Y., & Xiao, N. (2023b). Generating small areal synthetic microdata from public aggregated data using an optimization method. The Professional Geographer, 1–11. https://doi.org/10.1080/00330124.2023.2207640
  • Lyon, D. (2010). Surveillance, power and everyday life. In P. Kalantzis-Cope & K. Gherab-Martín (Eds.), Emerging digital spaces in contemporary society: Properties of technology (pp. 107–120). Palgrave Macmillan UK.
  • Machanavajjhala, A., Kifer, D., Abowd, J., Gehrke, J., & Vilhuber, L. (2008). Privacy: Theory meets practice on the map. In 2008 IEEE 24th International Conference on Data Engineering (pp. 277–286). IEEE.
  • McKenzie, G., Romm, D., Zhang, H., & Brunila, M. (2022). PrivyTo: A privacy-preserving location-sharing platform. Transactions in GIS, 26(4), 1703–1717. https://doi.org/10.1111/tgis.12924
  • Polzin, F., & Kounadi, O. (2021). Adaptive voronoi masking: A method to protect confidential discrete spatial data. In K. Janowicz & J. A. Verstegen (Eds.), 11th International Conference on Geographic Information Science (giscience 2021) - part ii (1:1–1:17). Schloss Dagstuhl – Leibniz-Zentrum für Informatik.
  • Richter, W. (2018). The verified neighbor approach to geoprivacy: An improved method for geographic masking. Journal of Exposure Science & Environmental Epidemiology, 28(2), 109–118. https://doi.org/10.1038/jes.2017.17
  • Schubert, E., Sander, J., Ester, M., Kriegel, H. P., & Xu, X. (2017). DBSCAN revisited, revisited: Why and how you should (still) use DBSCAN. ACM Transactions on Database Systems (TODS), 42(3), 1–21. https://doi.org/10.1145/3068335
  • Seidl, D. E., Jankowski, P., & Clarke, K. C. (2018). Privacy and false identification risk in geomasking techniques. Geographical Analysis, 50(3), 280–297. https://doi.org/10.1111/gean.12144
  • Seidl, D. E., Paulus, G., Jankowski, P., & Regenfelder, M. (2015). Spatial obfuscation methods for privacy protection of household-level data. Applied Geography, 63, 253–263. https://doi.org/10.1016/j.apgeog.2015.07.001
  • Shokri, R., Theodorakopoulos, G., Papadimitratos, P., Kazemi, E., & Hubaux, J.-P. (2013). Hiding in the mobile crowd: Locationprivacy through collaboration. IEEE Transactions on Dependable and Secure Computing, 11(3), 266–279.
  • Swanlund, D., Schuurman, N., & Brussoni, M. (2020). Maskmy. xyz: An easy-to-use tool for protecting geoprivacy using geographic masks. Transactions in GIS, 24(2), 390–401. https://doi.org/10.1111/tgis.12606
  • Swanlund, D., Schuurman, N., Zandbergen, P., & Brussoni, M. (2020). Street masking: A network-based geographic mask for easily protecting geoprivacy. International Journal of Health Geographics, 19(1), 1–11. https://doi.org/10.1186/s12942-020-00219-z
  • Sweeney, L. (2002a). Achieving k-anonymity privacy protection using generalization and suppression. International Journal of Uncertainty, Fuzziness & Knowledge-Based Systems, 10(5), 571–588. https://doi.org/10.1142/S021848850200165X
  • Sweeney, L. (2002b). K-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness & Knowledge-Based Systems, 10(5), 557–570. https://doi.org/10.1142/S0218488502001648
  • U.S. Census Bureau. (2019). Public use microdata sample (PUMS) accuracy of the data. https://www2.census.gov/programs-surveys/acs/techdocs/pums/accuracy/2019AccuracyPUMS.pdf
  • U.S. Census Bureau. (2020). Understanding and using American community survey data. https://www.census.gov/content/dam/Census/library/publications/2020/acs/acsgeneral handbook 2020.pdf
  • U.S. Census Bureau. (2021). Understanding and using the American community survey public use microdata sample files. https://www.census.gov/content/dam/Census/library/publications/2021/acs/acspums handbook 2021.pdf
  • U.S. Department of Transportation. (2023). National address database. https://www.transportation.gov/gis/national-address-database
  • Wang, J., Kim, J., & Kwan, M.-P. (2022). An exploratory assessment of the effectiveness of geomasking methods on privacy protection and analytical accuracy for individual-level geospatial data. Cartography and Geographic Information Science, 49(5), 385–406. https://doi.org/10.1080/15230406.2022.2056510
  • Xiao, Y., & Xiong, L. (2015). Protecting locations with differential privacy under temporal correlations. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 1298–1309). Association for Computing Machinery.
  • Yan, Y., Xu, F., Mahmood, A., Dong, Z., & Sheng, Q. Z. (2022). Perturb and optimize users’ location privacy using geo-indistinguishability and location semantics. Scientific Reports, 12(1), 20445. https://doi.org/10.1038/s41598-022-24893-0
  • Zhang, S., Freundschuh, S. M., Lenzer, K., & Zandbergen, P. A. (2017). The location swapping method for geomasking. Cartography and Geographic Information Science, 44(1), 22–34. https://doi.org/10.1080/15230406.2015.1095655
  • Zimmerman, D. L., & Pavlik, C. (2008). Quantifying the effects of mask metadata disclosure and multiple releases on the confidentiality of geographically masked health data. Geographical Analysis, 40(1), 52–76. https://doi.org/10.1111/j.0016-7363.2007.00713.x

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.