1 / 22

Locational privacy: a new challenge for geographic information science

Locational privacy: a new challenge for geographic information science. Jonathan Raper http://www.soi.city.ac.uk/~raper raper@soi.city.ac.uk. The impact of LBS on GIS. GIS make LBS functionally possible LBS are a rapidly growing part of GIS BUT, LBS and GIS are qualitatively different

kaiya
Download Presentation

Locational privacy: a new challenge for geographic information science

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Locational privacy: a new challenge for geographic information science Jonathan Raper http://www.soi.city.ac.uk/~raper raper@soi.city.ac.uk

  2. The impact of LBS on GIS • GIS make LBS functionally possible • LBS are a rapidly growing part of GIS • BUT, LBS and GIS are qualitatively different • The experience of Hypergeo and Webpark IST projects demonstrates this

  3. LBS will be personal GIS • Individual mapping in real time • Interactive guide adapted to your preferences • Geographic information retrieval • Tracking service? • Geographic diary linked to e.g. your camera

  4. Our day sailing, tracked

  5. Streams of data • Current position • Location, time of transactions • Movement trends A 10km car journey at 1 minute sampling interval

  6. Challenge • Lots of GIS functionality to offer LBS • Context-aware mapping • Proximity searches • Routing • Spatio-temporal data mining • Must persuade users to allow us to provide it • Must also persuade users to allow us to collect data • Need to demonstrate that we are responsible with LBS data

  7. User power • Need to put the users in control • Webpark study of 1200 potential LBS users: • 31% would like to get all information by request (pull) • 26% want to define the way they get information (pull+controlled push) • 18% would be prepared to have safety info pushed • 6% prepared to have all kinds of information pushed • Providing and managing push and pull modes at user discretion makes new demands on GIS • LBS and GIS are different functionally and in terms of the relationship between user and producer

  8. GIS vs LBS collected data generated data offline real time analysis oriented transaction oriented b2b b2c professionals public aggregated data personal data LBS can only develop within a privacy framework

  9. Privacy • What is privacy? • an individual human right preventing intrusion, appropriation, breach of confidence • ECHR: Article 8: right to respect for private/family life • 1. Everyone has the right to respect for their private and family life, their home and their correspondence • 2. There shall be no interference by a public authority with the exercise of this right except ... in accordance with the law and (as) is necessary in a democratic society • Data protection • European Directive (95/46/EC)

  10. Information privacy • What is privacy in information? • Human rights (EHCR) • Private communication (needs encyption?) • Authentication of identity/ right to anonymity • Data protection (EU Directive 95/46/EC) • Fairly and lawfully processed • Processed for limited purposes and according to rights • Adequate, relevant and not excessive • Accurate and secure • Not kept longer than necessary • Not transferred to third countries without protection

  11. Information privacy provisions • Dutch Constitution Article 10 (2): • Rules to protect privacy shall be laid down by Act of Parliament in connection with the recording and dissemination of personal data • Spanish Constitution Article 18 (4): • The law shall limit the use of data processing in order to guarantee the honour and personal and family privacy of citizens and the full exercise of their rights • Canadian Personal Information Protection and Electronic Documents Act 2001 • US Bill of Rights- privacy ‘implicit’: Supreme Court

  12. Sensitive data • Data Protection Directive as implemented in all EU states gives extra protection to ‘sensitive data’ requiring explicit informed consent to release • Racial • Political • Health • Religious • Trade union affiliation • BUT: Location ‘traffic’ data is not defined ‘sensitive’ • Can be used in compliance with general principles

  13. Use of location ‘traffic’ data • More than half the population of the UK carries a tracking device. Its records can be accessed by police officers, intelligence authorities, customs officials and Inland Revenue inspectors. Crimes, unpaid taxes or government dues can be investigated using this information. The data is held for several months: in some cases, for several years. We carry these devices voluntarily. They are called mobile phones. • Guardian, London, November 29th, 2001

  14. How sensitive is location? • For some, very: • Those in fear of harassment • For some, not at all • Exhibitionists e.g. gpsdrawing.com • There is though a natural suspicion of services • A survey at personalisation.org suggested that <50% of people were prepared to give personal information to service providers • There is tolerance of mobile phone location data • At current levels of accuracy (between 50m & 20km) • At future levels of accuracy (5-20m), then perhaps not?

  15. Jonathan’s weekly movement 1km Each colour= 1 day Darker= later in the day

  16. Implications for LBS data • Security- how is identity verified? Who has device? • Consent- to who can streams of data be given? • Usage- how can the data be processed? • Linkage- with what can this data be linked • Inference- what can be stored in the profile? • Limits on transfers of data • Privacy issues must be addressed by LBS

  17. Spatio-temporal data mining Processing location data: Location trends knowledge discovery tool from Hypergeo

  18. Locational behaviour analysis • Where you are usually (envelopes) • Guess current activity (movement styles) • Locational profile defines geographic relevance • Movement- direction, minimum effort direction • Constraint- path options, accessibility, perspective • Association- contiguity, place • Setting- what has influence over, focus • Geographic relevance defines spatial privacy as the inverse?

  19. Transaction logging example Subscription database Transaction log Transaction profile Georeferenced Postcodes Electoral roll Location/household profile Neighbourhood characterisation Socio-economic profile

  20. Locational profiling Linkage: Location data Plotted over Poverty map

  21. Locational privacy • Locational persona- identity defined by location? • GIS/LBS should explore this hypothesis • Access to tracking- only for applications + consent? • Which applications are compelling enough? • Resolution- how much resolution is sensitive? • Once resolution reaches ‘street level’ • Locational profiling • Home range distinction, conjectured activity by movement? • Information needs • geographic patterns in requests revealed?

  22. Agenda for GI/LBS research • LBS require personal data safeguards • Need to engage with consumer world view • Browsing, retrieving and analysing GI • (locational) privacy pragmatism? • How to sell GIS functionality for micropayments?

More Related