Journal of Geographical Systems

, Volume 19, Issue 3, pp 197–220 | Cite as

Geospatial cryptography: enabling researchers to access private, spatially referenced, human subjects data for cancer control and prevention

  • Geoffrey M. JacquezEmail author
  • Aleksander Essex
  • Andrew Curtis
  • Betsy Kohler
  • Recinda Sherman
  • Khaled El Emam
  • Chen Shi
  • Andy Kaufmann
  • Linda Beale
  • Thomas Cusick
  • Daniel Goldberg
  • Pierre Goovaerts
Original Article


As the volume, accuracy and precision of digital geographic information have increased, concerns regarding individual privacy and confidentiality have come to the forefront. Not only do these challenge a basic tenet underlying the advancement of science by posing substantial obstacles to the sharing of data to validate research results, but they are obstacles to conducting certain research projects in the first place. Geospatial cryptography involves the specification, design, implementation and application of cryptographic techniques to address privacy, confidentiality and security concerns for geographically referenced data. This article defines geospatial cryptography and demonstrates its application in cancer control and surveillance. Four use cases are considered: (1) national‐level de‐duplication among state or province‐based cancer registries; (2) sharing of confidential data across cancer registries to support case aggregation across administrative geographies; (3) secure data linkage; and (4) cancer cluster investigation and surveillance. A secure multi-party system for geospatial cryptography is developed. Solutions under geospatial cryptography are presented and computation time is calculated. As services provided by cancer registries to the research community, de-duplication, case aggregation across administrative geographies and secure data linkage are often time-consuming and in some instances precluded by confidentiality and security concerns. Geospatial cryptography provides secure solutions that hold significant promise for addressing these concerns and for accelerating the pace of research with human subjects data residing in our nation’s cancer registries. Pursuit of the research directions posed herein conceivably would lead to a geospatially encrypted geographic information system (GEGIS) designed specifically to promote the sharing and spatial analysis of confidential data. Geospatial cryptography holds substantial promise for accelerating the pace of research with spatially referenced human subjects data.


Geospatial cryptography Geographic information science Spatial methods Human subjects research Privacy 

JEL Classification

C63 I18 


Financial support

This study was supported by the National Library of Medicine Grant R21 LM011132-01A1 (PI G. M. Jacquez).

Compliance with ethical standards

Conflict of interest

The authors declare no potential conflicts of interest.


  1. Abowd JM, Lane J (2004) New approaches to confidentiality protection: synthetic data, remote access and research data centers. In: Domingo-Ferrer J, Torra V (eds) Privacy in statistical databases, proceedings, vol 3050., Annals of the New York Academy of SciencesSpringer-Verlag, Berlin, pp 282–289CrossRefGoogle Scholar
  2. Amin R, Hendryx M, Shull M, Bohnert A (2014) A Cluster analysis of pediatric cancer incidence rates in Florida: 2000–2010. Stat Public Policy 1(1):69–77. doi: 10.1080/2330443x.2014.928245 CrossRefGoogle Scholar
  3. Anselin L, Bera A (1998) Spatial dependence in linear regression models with an introduction to spatial econometrics. In: Giles D, Ullah A (eds) Handbook of economic statistics. Marcel Dekker, New York, pp 237–289Google Scholar
  4. Aslett LJ, Esperança PM, Holmes CC (2015) A review of homomorphic encryption and software tools for encrypted statistical machine learning. arXiv preprint arXiv:150806574
  5. Barker E, Roginsky A (2011) Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication 800:131AGoogle Scholar
  6. Bell BS, Hoskins R, Pickle L, Wartenberg D (2006) Current practices in spatial analysis of cancer data: mapping health statistics to inform policymakers and the public. Int J Health Geogr 5(1):49CrossRefGoogle Scholar
  7. Boulos MNK, Curtis AJ, AbdelMalik P (2009) Musings on privacy issues in health research involving disaggregate geographic data about individuals. Int J Health Geogr 8:8. doi: 10.1186/1476-072x-8-46 CrossRefGoogle Scholar
  8. Ciriani V, Di Vimercati SD, Foresti S, Jajodia S, Paraboschi S, Samarati P (2010) Combining fragmentation and encryption to protect privacy in data storage. ACM Trans Inf Syst Secur 13(3):33. doi: 10.1145/1805974.1805978 CrossRefGoogle Scholar
  9. Curtis A, Mills JW, Leitner M (2006a) Keeping an eye on privacy issues with geospatial data. Nature 441(7090):150. doi: 10.1038/441150d CrossRefGoogle Scholar
  10. Curtis A, Mills JW, Leitner M (2006b) Spatial confidentiality and GIS: re-engineering mortality locations from published maps about Hurricane Katrina. Int J Health Geogr 5:44CrossRefGoogle Scholar
  11. Curtis A, Mills JW, Augustin L, Cockburn M (2011) Confidentiality risks in fine scale aggregations of health data. Comput Environ Urban Syst 35:57–64CrossRefGoogle Scholar
  12. Cuzick J, Edwards R (1990) Spatial clustering for inhomogeneous populations. J R Stat Soc Ser B Methodol 52(1):73–104Google Scholar
  13. Diez-Roux AV (1998) Bringing context back into epidemiology: variables and fallacies in multilevel analysis. Am J Public Health 88(2):216–222CrossRefGoogle Scholar
  14. El Emam K, Hu J, Mercer J, Peyton L, Kantarcioglu M, Malin B, Buckeridge D, Samet S, Earle C (2011) A secure protocol for protecting the identity of providers when disclosing data for disease surveillance. J Am Med Inf Assoc 18(3):212–217. doi: 10.1136/amiajnl-2011-000100 CrossRefGoogle Scholar
  15. El Emam K, Samet S, Hu J, Peyton L, Earle C, Jayaraman G, Wong T, Kantarcioglu M, Dankar F, Essex A (2012) A protocol for the secure linking of registries for HPV surveillance. PLoS One 7(7):e39915CrossRefGoogle Scholar
  16. Fefferman NH, O’Neil EA, Naumova EN (2005) Confidentiality and confidence: is data aggregation a means to achieve both? J Public Health Policy 26(4):430–449. doi: 10.1057/palgrave.jphp.3200029 CrossRefGoogle Scholar
  17. Fontaine C, Galand F (2007) A survey of homomorphic encryption for nonspecialists. EURASIP J Inf Secur 1:013801CrossRefGoogle Scholar
  18. Fotheringham AS, Brunsdon C, Charlton M (2002) Geographically weighted regression: the analysis of spatially varying relationships. Wiley, West SussexGoogle Scholar
  19. Gentry C (2009) Fully homomorphic encryption using ideal lattices. Stoc’09: Proceedings of the 2009 ACM symposium on theory of computing. Annual ACM symposium on theory of computing. Assoc Computing Machinery, New York, pp 169–178Google Scholar
  20. Gentry C, Halevi S (2011) Implementing Gentry’s fully-homomorphic encryption scheme. In: Paterson KG (ed) Advances in cryptology—Eurocrypt 2011, vol 6632., Lecture notes in computer scienceSpringer-Verlag, Berlin, pp 129–148CrossRefGoogle Scholar
  21. Goovaerts P (1997) Geostatics for natural resources evaluation. Oxford University Press, New YorkGoogle Scholar
  22. Gutmann MP, Witkowski K, Colyer C, O’Rourke JM, McNally J (2008) Providing spatial data for secondary analysis: issues and current practices relating to confidentiality. Popul Res Policy Rev 27(6):639–665. doi: 10.1007/s11113-008-9095-4 CrossRefGoogle Scholar
  23. Jacquez GM (2004) Current practices in the spatial analysis of cancer: flies in the ointment. Int J Health Geogr 3(1):22. doi: 10.1186/1476-072X-3-22 CrossRefGoogle Scholar
  24. Jacquez GM, Meliker J, Kaufmann A (2007) In search of induction and latency periods: space–time interaction accounting for residential mobility, risk factors and covariates. Int J Health Geogr 6:11. doi: 10.1186/1476-072x-6-35 CrossRefGoogle Scholar
  25. Kantarcioglu M, Jiang W, Liu Y, Malin B (2008) A cryptographic approach to securely share and query genomic sequences. IEEE T Inf Technol Biomed 12(5):606–617. doi: 10.1109/titb.2007.908465 CrossRefGoogle Scholar
  26. Kim J, Mu Y, Obaidat MS (2013) Advanced computer mathematics based cryptography and security technologies. Int J Comput Math 90(12):2512–2514CrossRefGoogle Scholar
  27. Knox EG (1964) The detection of space–time interactions. Appl Stat 13(1):25–30CrossRefGoogle Scholar
  28. Kulldorff M (1997) A spatial scan statistic. Commun Stat Theory Methods 26(6):1481–1496CrossRefGoogle Scholar
  29. Lawson AB (2006) Statistical methods in spatial epidemiology, 2nd edn. Wiley, New YorkCrossRefGoogle Scholar
  30. Mantel N (1967) The detection of disease clustering and a generalized regression approach. Cancer Res 27(2 Part 1):209–220Google Scholar
  31. Marshall RJ (1991) A review of methods for the statistical analysis of spatial patterns of disease. J R Stat Soc Ser A Stat Soc 154:421–441. doi: 10.2307/2983152 CrossRefGoogle Scholar
  32. Meliker JR, Goovaerts P, Jacquez GM, AvRuskin GA, Copeland G (2009) Breast and prostate cancer survival in Michigan. Cancer 115(10):2212–2221. doi: 10.1002/cncr.24251 CrossRefGoogle Scholar
  33. Mouffron M (2008) Transitive q-ary functions over finite fields or finite sets: counts, properties and applications. In: von zur Gathen J, Imaña JL, Koç ÇK (eds) Arithmetic of finite fields: 2nd international workshop, WAIFI 2008 Siena, Italy, July 6–9, 2008 proceedings. Springer, Berlin, pp 19–35. doi: 10.1007/978-3-540-69499-1_3
  34. National Research Council (2007) Putting people on the map: protecting confidentiality with linked social-spatial data. The National Academies Press, Washington, DCGoogle Scholar
  35. Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In: Stern J (ed) Advances in cryptology—Eurocrypt’99, vol 1592., Lecture notes in computer scienceSpringer-Verlag, Berlin, pp 223–238Google Scholar
  36. Richardson DB, Volkow ND, Kwan M-P, Kaplan RM, Goodchild MF, Croyle RT (2013) Spatial turn in health research. Science 339(6126):1390–1392. doi: 10.1126/science.1232257 CrossRefGoogle Scholar
  37. Richardson DB, Kwan M-P, Alter G, McKendry JE (2015) Replication of scientific research: addressing geoprivacy, confidentiality, and data sharing challenges in geospatial research. Ann GIS 21(2):101–110CrossRefGoogle Scholar
  38. Rushton G, Armstrong MP, Gittler J, Greene BR, Pavlik CE, West MM, Zimmerman DL (2006) Geocoding in cancer research—a review. Am J Prev Med 30(2):S16–S24. doi: 10.1016/j.amepre.2005.09.011 CrossRefGoogle Scholar
  39. Samet H (1990) The design and analysis of spatial data structures, vol 85. Addison-Wesley, ReadingGoogle Scholar
  40. Santos LCD, Bilar GR, Dac F, Pereira FD (2015) Implementation of the fully homomorphic encryption scheme over integers with shorter keys. In: 2015 7th International conference on new technologies, mobility and security (NTMS), 27–29 July 2015, pp 1–5. doi: 10.1109/ntms.2015.7266495
  41. Smart NP, Vercauteren F (2010) Fully homomorphic encryption with relatively small key and ciphertext sizes. In: Nguyen PQ, Pointcheval D (eds) Public key cryptography—Pkc 2010, proceedings, vol 6056., Lecture notes in computer scienceSpringer-Verlag, Berlin, pp 420–443CrossRefGoogle Scholar
  42. Subramanian SV (2010) Multilevel modeling. In: Fischer MM, Getis A (eds) Handbook of applied spatial analysis: software tools, methods and applications. Springer, BerlinGoogle Scholar
  43. VanWey LK, Rindfuss RR, Gutmann MP, Entwisle B, Balk DL (2005) Confidentiality and spatially explicit data: concerns and challenges. Proc Natl Acad Sci USA 102(43):15337–15342. doi: 10.1073/pnas.0507804102 CrossRefGoogle Scholar
  44. Verykios VS, Karakasidis A, Mitrogiannis VK (2009) Privacy preserving record linkage approaches. Int J Data Min Model Manag 1(2):206–221Google Scholar
  45. Waller L, Gotway C (2004) Applied spatial statistics for public health data. John Wiley and Sons, New JerseyCrossRefGoogle Scholar
  46. Wartenberg D, Thompson WD (2010) Privacy versus public health: the impact of current confidentiality rules. Am J Public Health 100(3):407–412. doi: 10.2105/ajph.2009.166249 CrossRefGoogle Scholar
  47. Wieland SC, Cassa CA, Mandl KD, Berger B (2008) Revealing the spatial distribution of a disease while preserving privacy. Proc Natl Acad Sci USA 105(46):17608–17613. doi: 10.1073/pnas.0801021105 CrossRefGoogle Scholar
  48. Zandbergen PA (2014) Ensuring confidentiality of geocoded health data: assessing geographic masking strategies for individual-level data. Adv Med. doi: 10.1155/2014/567049 Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  • Geoffrey M. Jacquez
    • 1
    • 2
    Email author
  • Aleksander Essex
    • 3
  • Andrew Curtis
    • 4
  • Betsy Kohler
    • 5
  • Recinda Sherman
    • 5
  • Khaled El Emam
    • 6
  • Chen Shi
    • 1
  • Andy Kaufmann
    • 2
  • Linda Beale
    • 7
  • Thomas Cusick
    • 8
  • Daniel Goldberg
    • 9
    • 10
  • Pierre Goovaerts
    • 2
  1. 1.Department of GeographyState University of New York at BuffaloBuffaloUSA
  2. 2.BioMedwareAnn ArborUSA
  3. 3.Department of Electrical and Computer EngineeringWestern UniversityLondonCanada
  4. 4.Department of GeographyKent State UniversityKentUSA
  5. 5.North American Association of Central Cancer RegistriesSpringfieldUSA
  6. 6.Faculty of MedicineUniversity of OttawaOttawaCanada
  7. 7.EsriRedlandsUSA
  8. 8.Department of MathematicsUniversity at BuffaloBuffaloUSA
  9. 9.Department of GeographyTexas A&M UniversityCollege StationUSA
  10. 10.Department of Computer Science & EngineeringTexas A&M UniversityCollege StationUSA

Personalised recommendations