A Customizable k-Anonymity Model for Protecting Location Privacy

Continued advances in mobile networks and positioning technologies have created a strong market push for location-based services (LBSs). Examples include location-aware emergency services, location based service advertisement, and location sensitive billing. One of the big challenges in wide deployment of LBS systems is the privacy-preserving management of location-based data. Without safeguards, extensive deployment of location based services endangers location privacy of mobile users and exhibits significant vulnerabilities for abuse. In this paper, we describe a customizable k-anonymity model for protecting privacy of location data. Our model has two unique features. First, we provide a customizable framework to support k-anonymity with variable k, allowing a wide range of users to benefit from the location privacy protection with personalized privacy requirements. Second, we design and develop a novel spatio-temporal cloaking algorithm, called CliqueCloak, which provides location k-anonymity for mobile users of a LBS provider. The cloaking algorithm is run by the location protection broker on a trusted server, which anonymizes messages from the mobile nodes by cloaking the location information contained in the messages to reduce or avoid privacy threats before forwarding them to the LBS provider(s). Our model enables each message sent from a mobile node to specify the desired level of anonymity as well as the maximum temporal and spatial tolerances for maintaining the required anonymity. We study the effectiveness of the cloaking algorithm under various conditions using realistic location data synthetically generated using real road maps and traffic volume data. Our experiments show that the location k-anonymity model with multi-dimensional cloaking and tunable k parameter can achieve high guarantee of k anonymity and high resilience to location privacy threats without significant performance penalty

“Putting the Child First”: A Necessary Step in the Recognition of the Right to Identity

In recent years, the number of nations which have banned the anonymous character of gamete donations has increased, including nations that once strongly supported such a position. This shift in national legislative policy worldwide has aided a growing recognition of the right to know one\u27s origins in international law and gives a wider effect to this fundamental right. In Canada, while there has been discussion about the importance of the right to know one\u27s biological origins, this right has not been universally guaranteed through legislation, either to adoptees or to the donor-conceived. This article refers mostly to Québec legislation, but combines analyses of Québec civil law and common law with continental European legal developments, which can assist legislative reform across the country. The authors are defending the existence of a fundamental right of the child to know his or her biological origins as part of the right to identity protected by the UN Convention on the Rights of the Child (CRC) and are therefore focusing on the perspective of the child. Pursuant to the recent Supreme Court of Canada decision in Renvoi, which partially invalidated the federal legislation that regulated assisted human reproduction, this article takes a position in favour of provincial and territorial law reform that would explicitly recognize the right of the child to know his or her biological origins and ban anonymity in the context of gamete donation

When and where do you want to hide? Recommendation of location privacy preferences with local differential privacy

In recent years, it has become easy to obtain location information quite precisely. However, the acquisition of such information has risks such as individual identification and leakage of sensitive information, so it is necessary to protect the privacy of location information. For this purpose, people should know their location privacy preferences, that is, whether or not he/she can release location information at each place and time. However, it is not easy for each user to make such decisions and it is troublesome to set the privacy preference at each time. Therefore, we propose a method to recommend location privacy preferences for decision making. Comparing to existing method, our method can improve the accuracy of recommendation by using matrix factorization and preserve privacy strictly by local differential privacy, whereas the existing method does not achieve formal privacy guarantee. In addition, we found the best granularity of a location privacy preference, that is, how to express the information in location privacy protection. To evaluate and verify the utility of our method, we have integrated two existing datasets to create a rich information in term of user number. From the results of the evaluation using this dataset, we confirmed that our method can predict location privacy preferences accurately and that it provides a suitable method to define the location privacy preference

Exploring historical location data for anonymity preservation in location-based services

We present a new approach for K-anonymity protection in Location-Based Services (LBSs). Specifically, we depersonalize location information by ensuring that each location reported for LBSs is a cloaking area that contains K different footprints--- historical locations of different mobile nodes. Therefore, the exact identity and location of the service requestor remain anonymous from LBS service providers. Existing techniques, on the other hand, compute the cloaking area using current locations of K neighboring hosts of the service requestor. Because of this difference, our approach significantly reduces the cloaking area, which in turn decreases query processing and communication overhead for returning query results to the requesting host. In addition, existing techniques also require frequent location updates from all nodes, regardless of whether or not these nodes are requesting LBSs. Most importantly, our approach is the first practical solution that provides K-anonymity trajectory protection needed to ensure anonymity when the mobile host requests LBSs continuously as it moves. Our solution depersonalizes a user\u27s trajectory (a time-series of the user\u27s locations) based on the historical trajectories of other users

Economic location-based services, privacy and the relationship to identity

Mobile telephony and mobile internet are driving a new application paradigm: location-based services (LBS). Based on a person’s location and context, personalized applications can be deployed. Thus, internet-based systems will continuously collect and process the location in relationship to a personal context of an identified customer. One of the challenges in designing LBS infrastructures is the concurrent design for economic infrastructures and the preservation of privacy of the subjects whose location is tracked. This presentation will explain typical LBS scenarios, the resulting new privacy challenges and user requirements and raises economic questions about privacy-design. The topics will be connected to “mobile identity” to derive what particular identity management issues can be found in LBS

Privacy preserving cooperative computation for personalized web search applications

With the emergence of connected objects and the development of Artificial Intelligence (AI) mechanisms and algorithms, personalized applications are gaining an expanding interest, providing services tailored to each single user needs and expectations. They mainly rely on the massive collection of personal data generated by a large number of applications hosted from different connected devices. In this paper, we present CoWSA, a privacy preserving Cooperative computation framework for personalized Web Search peripheral Applications. The proposed framework is multi-fold. First, it provides the empowerment to end-users to control the disclosed personal data to third parties, while leveraging the trade-off between privacy and utility. Second, as a decentralized solution, CoWSA mitigates single points of failures, while ensuring the security of queries, the anonymity of submitting users, and the incentive of contributing nodes. Third, CoWSA is scalable as it provides acceptable computation and communication costs compared to most closely related schemes