Geo-indistinguishable masking: enhancing privacy protection in spatial point mapping

Abstract

ABSTRACT Spatial point mapping is a useful practice in exploratory point pattern analysis, but it poses significant privacy risks as the identity of individuals may be revealed from the maps. Geomasking methods have been developed to mitigate the risks by displacing spatial points before mapping. However, many of these methods rely on a weak privacy notion called spatial k-anonymity, which is insufficient to withstand the growing amount of spatial data (e.g. land use) that adversaries can use as side information to infer the actual locations of individuals. We proposes a method called geo-indistinguishable masking to address this issue by relying on a strong privacy notion called geo-indistinguishability. This notion ensures consistent levels of privacy protection regardless of any side information. The method consists of two steps. The first step involves creating a masking area for each spatial point to include a set of candidate locations to which the point can be relocated. In the second step, we formulate an optimization model to ensure the masked locations satisfy geo-indistinguishability while minimizing the distance displaced. Computational experiments on a synthetic dataset demonstrate that our proposed method is both efficient and effective in providing strong privacy protection while preserving the spatial point patterns.