Geospatial cryptography: enabling researchers to access private, spatially referenced, human subjects data for cancer control and prevention
As the volume, accuracy and precision of digital geographic information have increased, concerns regarding individual privacy and confidentiality have come to the forefront. Not only do these challenge a basic tenet underlying the advancement of science by posing substantial obstacles to the sharing of data to validate research results, but they are obstacles to conducting certain research projects in the first place. Geospatial cryptography involves the specification, design, implementation and application of cryptographic techniques to address privacy, confidentiality and security concerns for geographically referenced data. This article defines geospatial cryptography and demonstrates its application in cancer control and surveillance. Four use cases are considered: (1) national‐level de‐duplication among state or province‐based cancer registries; (2) sharing of confidential data across cancer registries to support case aggregation across administrative geographies; (3) secure data linkage; and (4) cancer cluster investigation and surveillance. A secure multi-party system for geospatial cryptography is developed. Solutions under geospatial cryptography are presented and computation time is calculated. As services provided by cancer registries to the research community, de-duplication, case aggregation across administrative geographies and secure data linkage are often time-consuming and in some instances precluded by confidentiality and security concerns. Geospatial cryptography provides secure solutions that hold significant promise for addressing these concerns and for accelerating the pace of research with human subjects data residing in our nation’s cancer registries. Pursuit of the research directions posed herein conceivably would lead to a geospatially encrypted geographic information system (GEGIS) designed specifically to promote the sharing and spatial analysis of confidential data. Geospatial cryptography holds substantial promise for accelerating the pace of research with spatially referenced human subjects data.
KeywordsGeospatial cryptography Geographic information science Spatial methods Human subjects research Privacy
JEL ClassificationC63 I18
This study was supported by the National Library of Medicine Grant R21 LM011132-01A1 (PI G. M. Jacquez).
Compliance with ethical standards
Conflict of interest
The authors declare no potential conflicts of interest.
- Abowd JM, Lane J (2004) New approaches to confidentiality protection: synthetic data, remote access and research data centers. In: Domingo-Ferrer J, Torra V (eds) Privacy in statistical databases, proceedings, vol 3050., Annals of the New York Academy of SciencesSpringer-Verlag, Berlin, pp 282–289CrossRefGoogle Scholar
- Anselin L, Bera A (1998) Spatial dependence in linear regression models with an introduction to spatial econometrics. In: Giles D, Ullah A (eds) Handbook of economic statistics. Marcel Dekker, New York, pp 237–289Google Scholar
- Aslett LJ, Esperança PM, Holmes CC (2015) A review of homomorphic encryption and software tools for encrypted statistical machine learning. arXiv preprint arXiv:150806574
- Barker E, Roginsky A (2011) Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication 800:131AGoogle Scholar
- Cuzick J, Edwards R (1990) Spatial clustering for inhomogeneous populations. J R Stat Soc Ser B Methodol 52(1):73–104Google Scholar
- Fotheringham AS, Brunsdon C, Charlton M (2002) Geographically weighted regression: the analysis of spatially varying relationships. Wiley, West SussexGoogle Scholar
- Gentry C (2009) Fully homomorphic encryption using ideal lattices. Stoc’09: Proceedings of the 2009 ACM symposium on theory of computing. Annual ACM symposium on theory of computing. Assoc Computing Machinery, New York, pp 169–178Google Scholar
- Goovaerts P (1997) Geostatics for natural resources evaluation. Oxford University Press, New YorkGoogle Scholar
- Mantel N (1967) The detection of disease clustering and a generalized regression approach. Cancer Res 27(2 Part 1):209–220Google Scholar
- Mouffron M (2008) Transitive q-ary functions over finite fields or finite sets: counts, properties and applications. In: von zur Gathen J, Imaña JL, Koç ÇK (eds) Arithmetic of finite fields: 2nd international workshop, WAIFI 2008 Siena, Italy, July 6–9, 2008 proceedings. Springer, Berlin, pp 19–35. doi: 10.1007/978-3-540-69499-1_3
- National Research Council (2007) Putting people on the map: protecting confidentiality with linked social-spatial data. The National Academies Press, Washington, DCGoogle Scholar
- Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In: Stern J (ed) Advances in cryptology—Eurocrypt’99, vol 1592., Lecture notes in computer scienceSpringer-Verlag, Berlin, pp 223–238Google Scholar
- Samet H (1990) The design and analysis of spatial data structures, vol 85. Addison-Wesley, ReadingGoogle Scholar
- Santos LCD, Bilar GR, Dac F, Pereira FD (2015) Implementation of the fully homomorphic encryption scheme over integers with shorter keys. In: 2015 7th International conference on new technologies, mobility and security (NTMS), 27–29 July 2015, pp 1–5. doi: 10.1109/ntms.2015.7266495
- Subramanian SV (2010) Multilevel modeling. In: Fischer MM, Getis A (eds) Handbook of applied spatial analysis: software tools, methods and applications. Springer, BerlinGoogle Scholar
- Verykios VS, Karakasidis A, Mitrogiannis VK (2009) Privacy preserving record linkage approaches. Int J Data Min Model Manag 1(2):206–221Google Scholar