skip to main content
research-article
Free Access

GLOVE: Towards Privacy-Preserving Publishing of Record-Level-Truthful Mobile Phone Trajectories

Authors Info & Claims
Published:03 September 2021Publication History
Skip Abstract Section

Abstract

Datasets of mobile phone trajectories collected by network operators offer an unprecedented opportunity to discover new knowledge from the activity of large populations of millions. However, publishing such trajectories also raises significant privacy concerns, as they contain personal data in the form of individual movement patterns. Privacy risks induce network operators to enforce restrictive confidential agreements in the rare occasions when they grant access to collected trajectories, whereas a less involved circulation of these data would fuel research and enable reproducibility in many disciplines. In this work, we contribute a building block toward the design of privacy-preserving datasets of mobile phone trajectories that are truthful at the record level. We present GLOVE, an algorithm that implements k-anonymity, hence solving the crucial unicity problem that affects this type of data while ensuring that the anonymized trajectories correspond to real-life users. GLOVE builds on original insights about the root causes behind the undesirable unicity of mobile phone trajectories, and leverages generalization and suppression to remove them. Proof-of-concept validations with large-scale real-world datasets demonstrate that the approach adopted by GLOVE allows preserving a substantial level of accuracy in the data, higher than that granted by previous methodologies.

References

  1. V. Blondel, A. Decuyper, and G. Krings. 2015. A survey of results on mobile phone datasets analysis. EPJ Data Sci. 4, 10 (2015).Google ScholarGoogle Scholar
  2. D. Naboulsi, M. Fiore, S. Ribot, and R. Stanica. 2016. Large-scale mobile traffic analysis: A survey. IEEE Communications Surveys & Tutorials 18, 1 (2016), 124–161.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. L. Sweeney. 2002. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 105 (2002), 557–570.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Narayanan and V. Shmatikov. 2008. Robust de-anonymization of large sparse datasets. In IEEE SP 2008.Google ScholarGoogle Scholar
  5. H. Zang and J. Bolot. 2011. Anonymization of location data does not work: A large-scale measurement study. In Proceedings of the 17th annual international conference on Mobile computing and networking (MobiCom’11). Association for Computing Machinery, New York, NY, USA, 145–156.Google ScholarGoogle Scholar
  6. Y. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Nature Scientific Reports 3(2013), 1376.Google ScholarGoogle ScholarCross RefCross Ref
  7. A. Cecaj, M. Mamei, and N. Bicocchi. 2014. Re-identification of anonymized CDR datasets using social network data. In IEEE PerCom Workshops 2014.Google ScholarGoogle Scholar
  8. C. Riederer, Y. Kim, A. Chaintreau, N. Korula, and S. Lattanzi. 2016. Linking users across domains with location data: Theory and validation. In ACM WWW 2016.Google ScholarGoogle Scholar
  9. D. Kondor, B. Hashemian, Y.-A. de Montjoye, and C. Ratti. 2017. Towards matching user mobility traces in large-scale datasets. Retrieved on 27-May-2021 from https://arxiv.org/abs/1709.05772.Google ScholarGoogle Scholar
  10. B. C. M. Fung, K. Wang, R. Chen, and P. S. Yu. 2010. Privacy-preserving data publishing: A survey of recent developments. ACM Comput. Surv. 42, 4, Article 14 (June 2010), 53 pages.Google ScholarGoogle Scholar
  11. R. Agrawal and R. Srikant. 2000. Privacy-preserving data mining. SIGMOD Record 29,2 (2000), 439–450.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Y. Song, D. Dahlmeier, and S. Bressan. 2014. Not so unique in the crowd: A simple and effective algorithm for anonymizing location data. In PIR 2014.Google ScholarGoogle Scholar
  13. J. Salas, D. Megías, and V. Torra. 2018. Swapmob: Swapping trajectories for mobility anonymization. Privacy in Statistical Databases, J. Domingo-Ferrer and F. Montes.331–346, Springer International Publishing.Google ScholarGoogle Scholar
  14. R. Chen, B. C. M. Fung, B. C. Desai, and N. M. Sossou. 2012. Differentially private transit data publication: A case study on the Montreal transportation system. In Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD’12). Association for Computing Machinery, New York, NY, USA, 213–221.Google ScholarGoogle Scholar
  15. D. J. Mir, S. Isaacman, R. Cáceres, M. Martonosi, and R. N. Wright. 2013. DP-WHERE: Differentially private modeling of human mobility. In IEEE International Conference on Big Data. 580–588.Google ScholarGoogle Scholar
  16. A. Tockar. 2014. Riding with the stars: Passenger privacy in the NYC taxicab dataset. Technical Report. Neustar Research, Sep.Google ScholarGoogle Scholar
  17. R. Trujillo-Rasua and J. Domingo-Ferrer. 2013. On the privacy offered by (k,δ)-anonymity. Information Systems 38 (2013), 491–494.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. F. Bonchi, L. V. S. Lakshmanan, and H. Wang. 2011. Trajectory anonymity in publishing personal mobility data. SIGKDD Explorations Newsletter, 13,1(2011), 30–42.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. 2007. l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data 1, 1 (2007), 3.Google ScholarGoogle Scholar
  20. R. Shokri, G. Theodorakopoulos, J.-Y. Le Boudec, and J.-P. Hubaux. 2011. Quantifying location privacy. In IEEE SP 2011.Google ScholarGoogle Scholar
  21. N. Li, T. Li, and S. Venkatasubramanian. 2007. t-Closeness: Privacy beyond k-anonymity and l-diversity. In IEEE ICDE 2007.Google ScholarGoogle Scholar
  22. M. Gramaglia, M. Fiore, A. Tarable, and A. Banchs. 2017. Preserving mobile subscriber privacy in open datasets of spatiotemporal trajectories. IEEE Conference on Computer Communications. 1–9. DOI:10.1109/INFOCOM.2017.8056979Google ScholarGoogle Scholar
  23. C. Dwork. 2006. Differential privacy. In ICALP 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. Hay, G. Miklau, D. Jensen, D. Towsley, and P. Weis. 2008. Resisting structural re-identification in anonymized social networks. Proc. VLDB Endow. 1, 1 (August 2008), 102–114.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. L. Sweeney. 2016. Practical differentially private modeling of human movement data. In IFIP DBSec 2016.Google ScholarGoogle Scholar
  26. M. Fiore, P. Katsikouli, E. Zavou, M. Cunche, F. Fessant, D. Le Hello, U. Matchi Aivodji, B. Olivier, T. Quertier, and R. Stanica. 2020. Privacy in trajectory micro-data publishing: A survey transactions on data privacy, IIIA-CSIC, 2020, 13, 91–149.Google ScholarGoogle Scholar
  27. M. Gruteser and D. Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In ACM MobiSys 2003.Google ScholarGoogle Scholar
  28. H. Kido, Y. Yanagisawa, and T. Satoh. 2005. Protection of location privacy using dummies for location-based services. In 21st International Conference on Data Engineering Workshops (ICDEW’05). 1248–1248.Google ScholarGoogle Scholar
  29. B. Gedik and L. Liu. 2008. Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Transactions on Mobile Computing 7, 1 (2008), 1–18.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Herrmann, A. Rial, C. Diaz, and B. Preneel. 2014. Practical privacy-preserving location-sharing based services with aggregate statistics. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec’14). Association for Computing Machinery, New York, NY, USA, 87–98.Google ScholarGoogle Scholar
  31. M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In 20th ACM Conference on Computer and Communications Security, ACM, Nov 2013, Berlin, Germany. 901–914.Google ScholarGoogle Scholar
  32. R. Assam, M. Hassani, and T. Seidl. 2012. Differential private trajectory protection of moving objects. In Proceedings of the 3rd ACM SIGSPATIAL International Workshop on GeoStreaming (IWGS’12). Association for Computing Machinery, New York, NY, USA, 68–77.Google ScholarGoogle Scholar
  33. N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. 2014. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS’14). Association for Computing Machinery, New York, NY, USA, 251–262.Google ScholarGoogle Scholar
  34. Y. Xiao and L. Xiong. 2015. Protecting locations with differential privacy under temporal correlations. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). Association for Computing Machinery, New York, NY, USA, 1298–1309.Google ScholarGoogle Scholar
  35. J. C. Duchi, M. I. Jordan, and M. J. Wainwright. 2013. Local privacy and statistical minimax rates. In IEEE 54th Annual Symposium on Foundations of Computer Science. 429–438.Google ScholarGoogle Scholar
  36. A. R. Beresford and F. Stajano. 2004. Mix zones: User privacy in location-aware services. In Proceedings of the IEEE Annual Conference on Pervasive Computing and Communications Workshops. 127–131.Google ScholarGoogle Scholar
  37. B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady. 2007. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). Association for Computing Machinery, New York, NY, USA, 161–171.Google ScholarGoogle Scholar
  38. J. Meyerowitz and R. R. Choudhury. 2009. Hiding stars with fireworks: Location privacy through camouflage. In Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (MobiCom’09). Association for Computing Machinery, New York, NY, USA, 345–356.Google ScholarGoogle Scholar
  39. A. Monreale, G. Andrienko, N. Andrienko, F. Giannotti, D. Pedreschi, S. Rinzivillo, and S. Wrobel. Movement data anonymity through generalization. Transactions on Data Privacy 3,2 (2010), 91–121.Google ScholarGoogle Scholar
  40. O. Abul, F. Bonchi, and M. Nanni. 2010. Never walk alone: Uncertainty for anonymity in moving objects databases. In IEEE ICDE 2008.Google ScholarGoogle Scholar
  41. J. Domingo-Ferrer and R. Trujillo-Rasúa. 2012. Microaggregation- and permutation-based anonymization of movement data. Information Science, 208 (2012), 55–80.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. B. C. M. Fung, M. Cao, B. C. Desai, and H. Xu. 2009. Privacy protection for RFID data. In Proceedings of the 2009 ACM Symposium on Applied Computing (SAC’09). Association for Computing Machinery, New York, NY, USA, 1528–1535.Google ScholarGoogle Scholar
  43. R. Yarovoy, F. Bonchi, L. V. S. Lakshmanan, and W. H. Wang. 2009. Anonymizing moving objects: How to hide a mob in a crowd? In Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology (EDBT’09). Association for Computing Machinery, New York, NY, USA, 72–83.Google ScholarGoogle Scholar
  44. M. E. Nergiz, M. Atzori, Y. Saygin, and B. Güç. 2009. Towards trajectory anonymization: A generalization-based approach. Transactions on Data Privacy 2,1 (2009), 47–75.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. O. Abul, F. Bonchi, and M. Nanni. 2010. Anonymization of moving objects databases by clustering and perturbation. Information Systems, 35,8 (2010), 884–910.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. G. Cormode, C. Procopiuc, D. Srivastava, E. Shen, and T. Yu. 2012. Differentially private spatial decompositions. In IEEE 28th International Conference on Data Engineering. 20–31.Google ScholarGoogle Scholar
  47. G. Acs and C. Castelluccia. 2014. A case study: Privacy preserving release of spatio-temporal density in Paris. In Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD’14). Association for Computing Machinery, New York, NY, USA, 1679–1688.Google ScholarGoogle Scholar
  48. M. Alaggan, S. Gambs, S. Matwin, and M. Tuhin. 2015. Sanitization of call detail records via differentially-private bloom filters. In 29th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2015, Fairfax, VA, United States. 223–230.Google ScholarGoogle Scholar
  49. S. Brunet, S. Canard, S. Gambs, and B. Olivier. 2016. Novel differentially private mechanisms for graphs. IACR Cryptology, 2016 (2016), 745.Google ScholarGoogle Scholar
  50. M. Hay, A. Machanavajjhala, G. Miklau, Y. Chen, and D. Zhang. 2015. Principled evaluation of differentially private algorithms using dpbench. In Proceedings of the 2016 International Conference on Management of Data (SIGMOD’16). Association for Computing Machinery, New York, NY, USA, 139–154.Google ScholarGoogle Scholar
  51. D. Shao, K. Jiang, T. Kister, S. Bressan, and K.-L. Tan. 2013. Publishing trajectory with differential privacy: A priori vs. a posteriori sampling mechanisms. In DEXA 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. J. Zhang, X. Xiao, and X. Xie. 2016. Privtree: A differentially private algorithm for hierarchical decompositions. In Proceedings of the 2016 International Conference on Management of Data (SIGMOD’16). Association for Computing Machinery, New York, NY, USA, 155–170.Google ScholarGoogle Scholar
  53. X. He, G. Cormode, A. Machanavajjhala, C. M. Procopiuc, and D. Srivastava. 2015. DPT: Differentially private trajectory synthesis using hierarchical reference systems. Proc. VLDB Endow. 8, 11 (July 2015), 1154–1165.Google ScholarGoogle Scholar
  54. R. Chen, G. Acs, and C. Castelluccia. 2012. Differentially private sequential data publication via variable-length n-grams. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS’12). Association for Computing Machinery, New York, NY, USA, 638–649.Google ScholarGoogle Scholar
  55. M. E. Gursoy, L. Liu, S. Truex, and L. Yu. 2018. Differentially private and utility preserving publication of trajectory data. IEEE Transactions on Mobile Computing 18, 10 (2018), 2315–2329.Google ScholarGoogle ScholarCross RefCross Ref
  56. V. T. de Almeida and R. H. Güting. 2005. Indexing the trajectories of moving objects in networks. In Proceedings of the 16th International Conference on Scientific and Statistical Database Management. 115–118.Google ScholarGoogle Scholar
  57. V. D. Blondel, M. Esch, C. Chan, F. Clerot, P. Deville, E. Huens, F. Morlot, Z. Smoreda, and C. Ziemlicki. Data for development: The D4D challenge on mobile phone data. Retrieved on 27 May 2021 from https://arxiv.org/abs/1210.0137.Google ScholarGoogle Scholar
  58. D. Hoaglin, F. Mosteller, and J. W. Tukey. 1983. Understanding Robust and Exploratory Data Analysis. Wiley.Google ScholarGoogle Scholar
  59. C. Bettini, X. S. Wang, and S. Jajodia. 1983. Protecting privacy against location-based personal identification. In SDM 2005.Google ScholarGoogle Scholar
  60. Code of conduct applying to the processing of personal data for statistical and scientific research purposes within the framework of the national statistical system. Article 5 – Criteria to Assess the Identification Risk. Retrieved from on 27 May 2021 from https://www.garanteprivacy.it/documents/10160/0/Codice+in+materia+di+protezione+dei+dati+personali+%28Testo+coordinato%29.Google ScholarGoogle Scholar
  61. H. Zang and J. Bolot. 2007. Mining call and mobility data to improve paging efficiency in cellular networks. In Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking (MobiCom’07). Association for Computing Machinery, New York, NY, USA, 123–134.Google ScholarGoogle Scholar
  62. M. Coscia, S. Rinzivillo, F. Giannotti, and D. Pedreschi. 2012. Optimal spatial resolution for the analysis of human mobility. In IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. 248–252.Google ScholarGoogle Scholar
  63. C. Iovan, A.-M. Olteanu-Raimond, T. Couronne, and Z. Smoreda. 2013. Moving and calling: Mobile phone data quality measurements and spatiotemporal uncertainty in human mobility studies. Geographic Information Science at the Heart of Europe, D. Vandenbroucke, B. Bucher, and J. Crompvoets.Springer, 2013.Google ScholarGoogle Scholar

Index Terms

  1. GLOVE: Towards Privacy-Preserving Publishing of Record-Level-Truthful Mobile Phone Trajectories

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM/IMS Transactions on Data Science
          ACM/IMS Transactions on Data Science  Volume 2, Issue 3
          August 2021
          302 pages
          ISSN:2691-1922
          DOI:10.1145/3465442
          Issue’s Table of Contents

          Copyright © 2021 Association for Computing Machinery.

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 3 September 2021
          • Revised: 1 February 2021
          • Accepted: 1 February 2021
          • Received: 1 October 2019
          Published in tds Volume 2, Issue 3

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Refereed
        • Article Metrics

          • Downloads (Last 12 months)142
          • Downloads (Last 6 weeks)16

          Other Metrics

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!