Examining Threats to Location Privacy in Geographically Aggregated Data with the Protection of Differential Privacy
Topics: Spatial Analysis & Modeling
, Population Geography
, Geographic Information Science and Systems
Keywords: Geoprivacy, Spatial reidentification, Census, Disclosure avoidence
Session Type: Virtual Paper Abstract
Day: Monday
Session Start / End Time: 2/28/2022 11:20 AM (Eastern Time (US & Canada)) - 2/28/2022 12:40 PM (Eastern Time (US & Canada))
Room: Virtual 23
Authors:
Yue Lin, The Ohio State University
Ningchuan Xiao, The Ohio State University
,
,
,
,
,
,
,
,
Abstract
Geographically aggregated demographic, social, and economic data (such as census data) are often sensitive because they are susceptible to multiple attacks. One example is the reconstruction attack, where the underlying individual records can be recovered from a combination of the published statistics. Another example is spatial reidentification, where the quasi-identifier of an individual (such as race) is unique in a geographic unit and can be exactly matched against the records in an external database. To secure such datasets, a strong disclosure avoidance technique called differential privacy has been adopted to produce many data products, and recent use of it is the 2020 United States Census. However, differential privacy is designed against the reconstruction attacks instead of the spatial reidentification attacks, and it remains unclear how much this mechanism can protect the unique geo-identities from being reidentified. In this paper, we evaluate the spatial reidentification risks in differential privacy using two simulated individual-level datasets in Franklin and Guernsey Counties, Ohio. We compare the risks under different values of the differential privacy parameter, known as the privacy budget, that measures the trade-off between privacy protection and data accuracy. The impact of population sizes in urban and rural areas as well as different geographical scales (block, block group, and tract) are also investigated. In addition, we examine how quasi-identifiers formed by varying combinations of attributes affect the reidentification risks of differentially private data.
Examining Threats to Location Privacy in Geographically Aggregated Data with the Protection of Differential Privacy
Category
Virtual Paper Abstract
Description
This abstract is part of a session. Click here to view the session.
| Slides