Adaptive Voronoi Masking: A Method to Protect Confidential Discrete Spatial Data

Authors Fiona Polzin, Ourania Kounadi



PDF
Thumbnail PDF

File

LIPIcs.GIScience.2021.II.1.pdf
  • Filesize: 5.04 MB
  • 17 pages

Document Identifiers

Author Details

Fiona Polzin
  • ITC-Faculty of Geoinformation and Earth Observation, University of Twente, Enschede, The Netherlands
Ourania Kounadi
  • Department of Geography and Regional Research, University of Vienna, Austria

Cite As Get BibTex

Fiona Polzin and Ourania Kounadi. Adaptive Voronoi Masking: A Method to Protect Confidential Discrete Spatial Data. In 11th International Conference on Geographic Information Science (GIScience 2021) - Part II. Leibniz International Proceedings in Informatics (LIPIcs), Volume 208, pp. 1:1-1:17, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021) https://doi.org/10.4230/LIPIcs.GIScience.2021.II.1

Abstract

Geomasks assure the protection of individuals in a discrete spatial point data set by aggregating, transferring or altering original points. This study develops an alternative approach, referred to as Adaptive Voronoi Masking (AVM), which is based on the concepts of Adaptive Aerial Elimination (AAE) and Voronoi Masking (VM). It considers the underlying population density by establishing areas of K-anonymity in which Voronoi polygons are created. Contrary to other geomasks, AVM considers the underlying topography and displaces data points to street intersections thus decreasing the risk of false-identification since residences are not endowed with a data point.
The geomasking effects of AVM are examined by various spatial analytical results and are compared with the outputs of AAE, VM, and Donut Masking (DM). VM attains the best efficiency for the mean centres whereas DM does for the median centres. Regarding the Nearest Neighbour Hierarchical Cluster Analysis and Ripley’s K-function, DM demonstrates the strongest performance since its cluster ellipsoids and clustering distance are the most similar to those of the original data. The extend of the original data is preserved the most by VM, while AVM retains the topology of the point pattern. Overall, AVM was ranked as 2nd in terms of data utility (i) and also outperforms all methods regarding the risk of false re-identification (ii) because no data point is moved to a residence. Furthermore, AVM maintains the Spatial K-anonymity (iii) which is also done by AAE and partly by DM. Based on the performance combination of these factors, AVM is an advantageous technique to mask geodata.

Subject Classification

ACM Subject Classification
  • Security and privacy → Privacy protections
  • Security and privacy → Data anonymization and sanitization
  • Information systems → Geographic information systems
  • Mathematics of computing → Exploratory data analysis
Keywords
  • Geoprivacy
  • location privacy
  • geomasking
  • Adaptive Voronoi Masking
  • Voronoi Masking
  • Adaptive Aerial Elimination
  • Donut Geomasking
  • ESDA

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Jayakrishnan Ajayakumar, Andrew J Curtis, and Jacqueline Curtis. Addressing the data guardian and geospatial scientist collaborator dilemma: how to share health records for spatial analysis while maintaining patient confidentiality. International Journal of Health Geographics, 18(1):1-12, 2019. Google Scholar
  2. William B Allshouse, Molly K Fitch, Kristen H Hampton, Dionne C Gesink, Irene A Doherty, Peter A Leone, Marc L Serre, and William C Miller. Geomasking sensitive health data and privacy protection: an evaluation using an e911 database. Geocarto international, 25(6):443-452, 2010. Google Scholar
  3. Marc P Armstrong, Gerard Rushton, and Dale L Zimmerman. Geographically masking health data to preserve confidentiality. Statistics in medicine, 18(5):497-525, 1999. Google Scholar
  4. John S Brownstein, Christopher A Cassa, and Kenneth D Mandl. No place to hide—reverse identification of patients from published maps. New England Journal of Medicine, 355(16):1741-1742, 2006. Google Scholar
  5. Christopher A Cassa, Shaun J Grannis, J Marc Overhage, and Kenneth D Mandl. A context-sensitive approach to anonymizing spatial surveillance data: impact on outbreak detection. Journal of the American Medical Informatics Association, 13(2):160-165, 2006. Google Scholar
  6. Spencer Chainey, Lisa Tompson, and Sebastian Uhlig. The utility of hotspot mapping for predicting spatial patterns of crime. Security journal, 21(1-2):4-28, 2008. Google Scholar
  7. National Research Council et al. Putting people on the map: Protecting confidentiality with linked social-spatial data. National Academies Press, 2007. Google Scholar
  8. Philip M Dixon. R ipley’s k function. Wiley StatsRef: Statistics Reference Online, 2014. Google Scholar
  9. Matt Duckham and Lars Kulik. Location privacy and location-aware computing. Dynamic & mobile GIS: investigating change in space and time, 3:35-51, 2006. Google Scholar
  10. Weijung J Fu, Peikun K Jiang, Guomo M Zhou, and Keli L Zhao. Using moran’s i and gis to study the spatial pattern of forest litter carbon density in a subtropical region of southeastern china. Biogeosciences, 11(8):2401, 2014. Google Scholar
  11. Song Gao, Jinmeng Rao, Xinyi Liu, Yuhao Kang, Qunying Huang, and Joseph App. Exploring the effectiveness of geomasking techniques for protecting the geoprivacy of twitter users. Journal of Spatial Information Science, 2019(19):105-129, 2019. Google Scholar
  12. Christopher Graham. Anonymisation: managing data protection risk code of practice. Information Commissioner’s Office, 2012. Google Scholar
  13. Ruchika Gupta and Udai Pratap Rao. Preserving location privacy using three layer rdv masking in geocoded published discrete point data. World Wide Web, 23(1):175-206, 2020. Google Scholar
  14. Danielle F Haley, Stephen A Matthews, Hannah LF Cooper, Regine Haardörfer, Adaora A Adimora, Gina M Wingood, and Michael R Kramer. Confidentiality considerations for use of social-spatial data on the social determinants of health: Sexual and reproductive health case study. Social Science & Medicine, 166:49-56, 2016. Google Scholar
  15. Kristen H Hampton, Molly K Fitch, William B Allshouse, Irene A Doherty, Dionne C Gesink, Peter A Leone, Marc L Serre, and William C Miller. Mapping health data: improved privacy protection with donut method geomasking. American journal of epidemiology, 172(9):1062-1069, 2010. Google Scholar
  16. Carsten Keßler and Grant McKenzie. A geoprivacy manifesto. Transactions in GIS, 22(1):3-19, 2018. Google Scholar
  17. Ourania Kounadi and Michael Leitner. Why does geoprivacy matter? the scientific publication of confidential data presented on maps. Journal of Empirical Research on Human Research Ethics, 9(4):34-45, 2014. Google Scholar
  18. Ourania Kounadi and Michael Leitner. Spatial information divergence: Using global and local indices to compare geographical masks applied to crime data. Transactions in GIS, 19(5):737-757, 2015. Google Scholar
  19. Ourania Kounadi and Michael Leitner. Adaptive areal elimination (aae): A transparent way of disclosing protected spatial datasets. Computers, Environment and Urban Systems, 57:59-67, 2016. Google Scholar
  20. Ourania Kounadi and Bernd Resch. A geoprivacy by design guideline for research campaigns that use participatory sensing data. Journal of Empirical Research on Human Research Ethics, 13(3):203-222, 2018. Google Scholar
  21. Mei-Po Kwan, Irene Casas, and Ben Schmitz. Protection of geoprivacy and accuracy of spatial information: How effective are geographical masks? Cartographica: The International Journal for Geographic Information and Geovisualization, 39(2):15-28, 2004. Google Scholar
  22. Michael Leitner and Andrew Curtis. Cartographic guidelines for geographically masking the locations of confidential point data. Cartographic Perspectives, (49):22-39, 2004. Google Scholar
  23. Gerard Rushton, Marc P Armstrong, Josephine Gittler, Barry R Greene, Claire E Pavlik, Michele M West, and Dale L Zimmerman. Geocoding health data: the use of geographic codes in cancer prevention and control, research and practice. CRC Press, 2007. Google Scholar
  24. Pierangela Samarati. Protecting respondents identities in microdata release. IEEE transactions on Knowledge and Data Engineering, 13(6):1010-1027, 2001. Google Scholar
  25. Bill Schilit, Jason Hong, and Marco Gruteser. Wireless location privacy protection. Computer, 36(12):135-137, 2003. Google Scholar
  26. Klaus Schwab, Alan Marcus, JO Oyola, William Hoffman, and Michele Luzi. Personal data: The emergence of a new asset class. In An Initiative of the World Economic Forum, 2011. Google Scholar
  27. Dara E Seidl, Piotr Jankowski, and Keith C Clarke. Privacy and false identification risk in geomasking techniques. Geographical Analysis, 50(3):280-297, 2018. Google Scholar
  28. Dara E Seidl, Piotr Jankowski, and Atsushi Nara. An empirical test of household identification risk in geomasked maps. Cartography and Geographic Information Science, 46(6):475-488, 2019. Google Scholar
  29. Dara E Seidl, Gernot Paulus, Piotr Jankowski, and Melanie Regenfelder. Spatial obfuscation methods for privacy protection of household-level data. Applied Geography, 63:253-263, 2015. Google Scholar
  30. Paul A Zandbergen. Ensuring confidentiality of geocoded health data: assessing geographic masking strategies for individual-level data. Advances in medicine, 2014, 2014. Google Scholar
  31. Su Zhang, Scott M Freundschuh, Kate Lenzer, and Paul A Zandbergen. The location swapping method for geomasking. Cartography and Geographic Information Science, 44(1):22-34, 2017. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail