Location Tracing and Potential Risks in Interaction Data Sets
Tóm tắt
Location-aware mobile phone handsets have become increasingly common in recent years, giving rise to a wide variety of location based services that rely on a person’s mobile phone reporting its current location to a remote service provider. Previous research has demonstrated that services that geo-code status updates may permit the estimation of both the rough location of users’ home locations and those of their workplaces. The paper investigates the disclosure risks of a priori knowledge of a person’s home and workplace locations, or of their current and previous home locations. Detailed interaction data sets published from censuses or other sources are characterised by the sparsity of the contained data, such that unique combinations of two locations may often be observed. In the most detailed 2011 migration data 37% of migrants had a unique combination of origin and destination, whilst in the most detailed journey to work data, 58% of workers had a unique combination of home and workplace. The amount of additional attribute data that might be disclosed is limited. When more coarse geographies are used their still remain a non-trivial number of persons with unique location combinations, with considerably more attributes potentially disclosable.
Tài liệu tham khảo
Allan, A., & Wardle, P. (2011). iPhone tracking "what your iPhone knows about you", Where 2.0 Conference, April 19–21 2011 Santa Clara CA, http://where2conf.com/where2011/public/schedule/detail/20340.
Bell, M., Blake, M., Boyle, P., Duke-Williams, O., Rees, P., Stillwell, J., & Hugo, G. (2002). Cross-national comparison of internal migration: issues and measures. Journal of the Royal Statistical Society: Series A (Statistics in Society), 165(3), 435–464.
Cole, K., Frost, M., & Thomas, F. (2002). Workplace data from the census. In P. Rees, D. Martin, & P. Williamson (Eds.), The census data system (pp. 269–280). Chichester: Wiley.
Courgeau, D. (1973). Migrations et découpages du territoire. Population, 28, 511–537.
Duke-Williams, O., & Stillwell, J. (2007). Investigating the potential effects of small cell adjustment on interaction data from the 2001 census. Environment and Planning A, 39(5), 1079–1100.
Duke-Williams, O., Routsis, V., & Stillwell, J. (2018). Census interaction data and the means of access. In J. Stillwell (Ed.), The Routledge handbook of census resources, methods and applications unlocking the UK 2011 census. New York: Routledge. Forthcoming.
Fellegi, I. (1972). On the question of statistical confidentiality. Journal of the American Statistical Association, 67(337), 7–18.
Golle, P. (2006). Revisiting the uniqueness of simple demographics in the US population. In Proceedings of the 5th ACM workshop on Privacy in electronic society (pp. 77–80). ACM.
Golle, P., & Partridge, K. (2009). On the anonymity of home/work location pairs. In: Pervasive computing (pp. 390-397).
Krumm, J. (2007). Inference attacks on location tracks. In Pervasive Computing (pp. 127–143).
Küpper, A. (2005). Location-based services: Fundamentals and operation. Wiley.
Levinson, A., Stackpole, B., & Johnson, D. (2011). Third party application forensics on apple mobile devices. In System Sciences (HICSS), 2011 44th Hawaii International Conference on (pp. 1-9). IEEE.
Martin, D., Cockings, S., & Harfoot, A. (2013). Development of a geographical framework for census workplace data. Journal of the Royal Statistical Society: Series A (Statistics in Society), 176(2), 585–602.
Poynter, K. (2008). Review of information security at HM revenue and customs, final report, June. Available at: www.hm-treasury.gov.uk/media/0/1/poynter_review250608.pdf.
Rees P. & Duke-Williams O. (1995). The story of the British special migration statistics. Scottish Geographical Magazine, 111(1), 13–26.
Rees, P. H., & Duke-Williams, O. (1997). Methods for estimating missing data on migrants in the 1991 British census. Population, Space and Place, 3(4), 323–368.
Rees, P., Thomas, F., & Duke-Williams, O. (2002). Migration data from the census. In P. Rees, D. Martin, & P. Williamson (Eds.), The census data system (pp. 245–267). Chichester: Wiley.
Singer, E., Mathiowetz, N. A., & Couper, M. P. (1993). The impact of privacy and confidentiality concerns on survey participation the case of the 1990 US census. Public Opinion Quarterly, 57(4), 465–482.
Stillwell & Duke-Williams. (2007). Understanding the 2001 UK census migration and commuting data: the effect of small cell adjustment and problems of comparison with 1991. Journal of the Royal Statistical Society Series A, 170(2), 425–455.
Sweeney, L. (2000). Uniqueness of simple demographics in the U.S. Population. Laboratory for International Data Privacy, Carnegie Mellon University, Pittsburgh.
Sweeney, L. (2002). k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5), 557–570.
The Guardian. (2010). People worry about over-sharing location from mobiles, study finds. http://www.guardian.co.uk/technology/blog/2010/jul/12/geolocation-foursquare-gowalla-privacy-concerns.
Willenborg, L., & De Waal, T. (2012). Elements of statistical disclosure control (Vol. 155). Springer Science & Business Media.