location intelligence. privacy - anto aasa,...
TRANSCRIPT
Location Intelligence.Privacy
Augsburg 2020
Anto Aasa
http://aasa.ut.ee/augsburg
Location intelligence (LI)
• or spatial intelligence
• process of deriving meaningful insight from geospatial data relationships to solve a particular problem.
• It involves layering multiple data sets spatially and/or chronologically, for easy reference on a map.
• John Snow (London 1854)
http://aasa.ut.ee/augsburg
• Using IT services– Collecting of the personal information
• Sensitive data
• Preferences
• Behaviour, attitudes, social situation
• Tracking– Recording
– Processing
– Communicating
http://aasa.ut.ee/augsburg
• Acceptance of IT services strongly depends on the existence of technical mechanisms for protecting the user’s privacy
– Data protection law
2011
Data protection law 2014
http://aasa.ut.ee/augsburg
6
https://static.ftitechnology.com/docs/third-party/forrester-2015-data-privacy.pdf
www.privacyinternational.org
http://aasa.ut.ee/augsburg
• Cloud computing
• Server parks
• Who’s law?
http://aasa.ut.ee/augsburg
http://aasa.ut.ee/augsburg
http://aasa.ut.ee/augsburg
Game of drones
http://aasa.ut.ee/augsburg
• Compared to conventional IT services LBSs impose much higher requirements on mechanisms for saving privacy:
– Location information passes many actors along the LBS supply chain
– Tracking during everyday activities
– Location information is often desired to be saved more than other personal information
http://aasa.ut.ee/augsburg
dilemma in privacy protection for LBSs
• Positioning and tracking represent inherent key functionswithout which LBSs will not work and even make any sense at all.
• The same functions represent a potential source for misuseand are therefore the reason LBSs are often exposed to distrustin public, which may prevent the success of LBSs in general.
Desired
functionMisuse
http://aasa.ut.ee/augsburg
What is privacy?
http://aasa.ut.ee/augsburg
Different meaning
http://aasa.ut.ee/augsburg
Google Street View
Land Board orthophoto
http://aasa.ut.ee/augsburg
Google Street View
http://ring24.positium.com
Privacy
• Many definitions
• Privacy is often equated with confidentiality or anonymity
• „Privacy is the claim of individuals, groups, and institutions to determine for themselves, when, how, and to what extent information about them is communicated to others“ (Westin, 1970)
http://aasa.ut.ee/augsburg
Privacy principles
• Collection limitation
• Data Quality
• Purpose specification
• Use limitation
• Security safeguards
• Openness
• Individual participation
• Accountability
Personal data is
• any information relating to an identified or identifiable natural person ('data subject');
• an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity– (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with
regard to the processing of personal data and on the free movement of such data)
– link
Surveillance process
• Content
– Interception, reading SMS messages, bank operations, internet preferences, …
• Dynamics
– Regularities in movement, behaviour
Guidelines for Location-Based Services
• to promote and protect user privacy as new and exciting LBSsare developed and deployed.
http://files.ctia.org/pdf/CTIA_LBS_Best_Practices_Adopted_03_10.pdf
Fundamental principles:
• LBS Providers must ensure that users receive meaningful notice about how location information will be used, disclosed and protected so that users can make informed decisions whether or not to use the LBS and thus will have control over their location information.
• LBS Providers must ensure that users consent to the use or disclosure of location information, and LBS Providers bear the burden of demonstrating such consent. Users must have the right to revoke consent or terminate the LBS at any time.
Guidelines for Location-Based Services
Notice
• Potential users must be informed about how their location information will be used, disclosed and protected.
• If, LBS Providers want to use location information for a new purpose not disclosed in the original notice, they must provide users with further notice and obtain consent to the new or other use.
Guidelines for Location-Based Services
Notice
• how long any location information will be retained, if at all
• LBS Providers that share location information with third parties must disclose what information will be provided
• LBS Providers must inform users how they may terminate the LBS
Guidelines for Location-Based Services
Consent
• LBS Providers must obtain user consent to the use or disclosure of location information before initiating an LBS
• LBS Providers must allow users to revoke their prior consent
Guidelines for Location-Based Services
Safeguards
1. Security of Location Information
2. Storage of Location Information
3. Reporting Abuse
4. Compliance with Laws
5. Compliance with Guidelines
Guidelines for Location-Based Services
Four states of privacy:
• Anonymity permits the engagement and interaction with others without being identified
• Solitude is the right of being alone and secure from intrusion, interruption, and observation.
• Intimacy is the right to decide with whom, how much, and when to interact.
• Reserve is the freedom to withhold a personal information or the option to choose when to express it
http://aasa.ut.ee/augsburg
Concepts and Mechanisms for Privacy Protection
• Secure communications
• Privacy policies
• Anonymization
• Identifier abstraction
• Information content abstraction
http://aasa.ut.ee/augsburg
Secure Communications
• Location dissemination
• Negotiating and enforcing privacy policies
• Managing anonymity
• Identifier abstraction
http://aasa.ut.ee/augsburg
Privacy Policies
1. Actor constraints
2. Service constraints
3. Time constraints
4. Location constraints
5. Notification constraints
6. Accuracy constraints
7. Identity constraints
http://aasa.ut.ee/augsburg
Target must have full control on how location information is treated.
1) the target must be able to identify LBS users and providers that haveaccess to its location information;
2) target may identify a set of LBSs or types of LBSs for which it either grantsor denies acces to its location information and allows or not to process itfor service operation;
3) target must be able to restrict positioning to a certain period of time; 4) must be possible to limit positioning and location information access to
predefined locations; 5) target can specify whether or not it wishes to be informed about
positioning attempts. Upon arrival of such notification, it can authorize ordeny positioning;
6) target can degrade the accuracy of location information; 7) target can determine to pass location informatin to other actors either by
using a pseudonym insted of its true identity or without any identity at all.
http://aasa.ut.ee/augsburg
Anonymization
• Policies are efficient if all actors are trustworthy
• LBS actor may „talk about the target behind its back“
– Misbehavior or negligence of an actor
– Attacks from hackers
– Unauthorized access from insiders
– Technical & human errors
• Pseudonymization
http://aasa.ut.ee/augsburg
Identifier abstraction
• Identifier is replaced by a pseudonym
– Permanent pseudonym
– Temporary pseudonym
http://aasa.ut.ee/augsburg
Information content abstraction
• Degrading the the resolution of location information in space, time, or both
• To make a certain target’s location data indistinguishable from other persons staying close
• K-anonymity
http://aasa.ut.ee/augsburg
K-anonymity
http://aasa.ut.ee/augsburg
LBS
pri
vacy
pro
tect
ion
Secure communication
Authentication
Integrity
Confidentiality
Policies
Specification
Enforcement
Anonymization
Identifier abstraction
Content astraction
http://aasa.ut.ee/augsburg
• Communication
• Location
• Habits
• Identification
http://aasa.ut.ee/augsburg
Location intelligence
• Spatial intelligence
• Meaningful insight from geospatial data relationships to solve a particular problem
• Layering multiple datasets
• London 1854, John Snow
http://aasa.ut.ee/augsburg
https://www.forbes.com/sites/louiscolumbus/2018/02/11/what-new-in-location-intelligence-for-2018/#679b157f14b5
Crowd sensing
• Evacuation plan
– Real time emergency GIS
• Mass events
• Commuting
• Transportation
http://aasa.ut.ee/augsburg
Evacuation plan?
http://aasa.ut.ee/augsburg
Mobile Positioning Data for theMobility Studies
http://aasa.ut.ee/augsburg
• Call detail records (CDR) – location, time of call and user id.
• Database: 2006 … today.
Passive Mobile Positioning:
Memory files of mobile operators
Spatial resolution of CDR
100km
Data processing &
Modelling…
Anchor points model:• Home• Work• Other
• leisure, • household,• second home• etc
Mobile
Census
Distribution of mobile calls
http://aasa.ut.ee/augsburg
Commuting
Routing,
OD-matrix
Central places & hinterlands
Commuters
Central place
Urban region
Migration patterns
http://aasa.ut.ee/augsburg
Movement during Christmas Eve
Metallica concert in Tallinn
http://aasa.ut.ee/augsburg
Tourism: Estonians abroad
Latvian fishermen on lake Peipsi
Behavioural rhythms, physiology
Diurnal
Weekly
Seasonal
Chronotypes
Weekday
Tim
e, h
Seasonality of mobile calls
http://aasa.ut.ee/augsburg
Social networks
Mirror of wealthy world?
GPS-data– App MobilityLog
– Agreement with user
– Different sensors
– Algorithms detect:
• Stop
• Move
• Mode
• Regularity
• …
What mobility?
Boring life…
Individual tracking
• LBS
• Location bank
http://aasa.ut.ee/augsburg
http://aasa.ut.ee/augsburg
Activity space
Tracing E-mail location
http://aasa.ut.ee/augsburg
Street cameras
http://aasa.ut.ee/augsburg
Face detection
http://aasa.ut.ee/augsburg
Google Street View
http://aasa.ut.ee/augsburg
Phone tracking
http://aasa.ut.ee/augsburg
Flickr
http://www.girardin.org/fabien/tracing/
http://aasa.ut.ee/augsburg
Identification of photocamera
http://www.geek.com/news/facebook-developing-way-to-fingerprint-the-camera-you-used-to-take-a-photo-1634542/http://aasa.ut.ee/augsburg
Self exposure
http://aasa.ut.ee/augsburg
Location intelligence application areas
• Location-based advertising;• Mobility of people;• Transportation and traffic;• Urban and rural planning;• Tourism;• Marketing;• Social-media;• Participatory democracy;• Safety and security;• Scientific research;
http://aasa.ut.ee/augsburg
0
10
20
30
40
50
60
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
kell (h)
hu
lk
mehed
naised
Differences of visiting dating portals between gender.
ICT records everything
MaleFemale
Time
Nu
mb
er
of
visi
ts
http://aasa.ut.ee/augsburg
Diurnal patterns of visiting gender-oriented portals
0
5
10
15
20
25
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
auto24
perekool
CarFamily
http://aasa.ut.ee/augsburg
Time when people start to move
0%
5%
10%
15%
20%
25%
30%
35%
40%
0 1 2 3 4 5 6 7 8 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
mees
naine
Mobile positioning data
MaleFemale
http://aasa.ut.ee/augsburg
Diurnal rhythm of bank card usage
0
5
10
15
20
25
30
35
40
45
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
http://aasa.ut.ee/augsburg
Weekly rhythm of bank card usage
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6 7
http://aasa.ut.ee/augsburg
http://aasa.ut.ee/augsburg
https://www.r-bloggers.com/what-programming-languages-are-used-most-on-weekends/
http://aasa.ut.ee/augsburg
http://aasa.ut.ee/augsburg
http://aasa.ut.ee/augsburg/literature