Abstract
To optimize the planning and operations of transportation systems, engineers analyze large amounts of data related to individual travelers, obtained through an increasing number and variety of sensors and data sources. For example, location traces collected from personal smartphones or smart cards in public transit systems can now cost-effectively complement or replace traditional data collection mechanisms such as phone surveys or vehicle detectors on highways, allowing to significantly increase the sensor coverage as well as the spatial and temporal resolution of the collected data. This trend allows for more accurate statistical estimates of the state and evolution of a transportation system, and improved responsiveness. At the same time, it raises privacy concerns, due to the possibility of making inferences on the history of visited locations and activities of individual citizens. This chapter presents some of the issues related to the privacy-preserving analysis of transportation data. We first illustrate the well-known difficulty of publishing location microdata (i.e., individual location traces) with privacy guarantees, though a case study based on the “MTL Trajet” dataset, a smartphone-based travel survey carried out in recent years in the city of Montréal. In contrast, the publication of aggregate statistics can be protected formally using state-of-the-art tools such as differential privacy, a formal notion of privacy that prevents certain types of inferences by adversaries with arbitrary side information. To illustrate the application of differential privacy to transportation data, the chapter presents a methodology for estimating the dynamic macroscopic traffic state (density, velocity) along a highway segment in real-time from single-loop detector and floating car data, while providing privacy guarantees for the individual driver trajectories. Enforcing privacy constraints impacts estimation performance (depending on the desired privacy level), but the effect is mitigated here by using a nonlinear model of the traffic dynamics, fused with the sensor measurements using data assimilation methods such as nonlinear Kalman filters.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
André H (2017) Estimation de trafic routier par filtre de Kalman d’ensemble sous contrainte de confidentialité différentielle. Master’s thesis, Polytechnique Montreal
André H, Le Ny J (2017) A differentially private ensemble Kalman filter for road traffic estimation. In: IEEE international conference on acoustics, speech and signal processing (ICASSP), pp 6409–6413
Andrés ME, Bordenabe N, Chatzikokolakis K, Palamidessi C (2013) Geo-indistinguishability: differential privacy for location-based systems. In: Proceedings of the ACM SIGSAC conference on computer and communications security (CCS’13)
Blum A, Dwork C, McSherry F, Nissim K (2005) Practical privacy: the SuLQ framework. In: Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (PODS). New York, NY, USA, pp 128–138
Canepa ES, Claudel CG (2013) A framework for privacy and security analysis of probe-based traffic information systems. In: Proceedings of the 2nd ACM international conference on High confidence networked systems (HiCoNS), pp 25–32
City of Montreal: results of 2017 study | MTL trajet (2018). https://ville.montreal.qc.ca/mtltrajet/en/etude/
City of Montreal: déplacements MTL trajet (2019). http://donnees.ville.montreal.qc.ca/dataset/mtl-trajet
Daganzo CF (1994) The cell transmission model: a dynamic representation of highway traffic consistent with the hydrodynamic theory. Trans Res Part B Methodol 28(4):269–287
de Montjoye YA, Hidalgo CA, Verleysen M, Blondel VD (2013) Unique in the crowd: the privacy bounds of human mobility. Scientific Reports 3
Douriez M, Doraiswamy H, Freire J, Silva CT (2016) Anonymizing NYC taxi data: does it matter? In: 2016 IEEE international conference on data science and advanced analytics (DSAA). IEEE, pp 140–148
Dwork C (2006) Differential privacy. In: Proceedings of the 33rd international colloquium on automata, languages and programming (ICALP), Lecture notes in computer science, vol 4052. Venice, Italy
Dwork C, Kenthapadi K, McSherry F, Mironov I, Naor M (2006) Our data, ourselves: privacy via distributed noise generation. In: Proceedings of the 24th annual international conference on the theory and applications of cryptographic techniques (EUROCRYPT). St. Petersburg, Russia, pp 486–503
Dwork C, McSherry F, Nissim K, Smith A (2006) Calibrating noise to sensitivity in private data analysis. In: Proceedings of the third theory of cryptography conference. New York, NY, pp 265–284
Dwork C, Roth A (2014) The algorithmic foundations of differential privacy. Found Trends Theor Comput Sci 9(3–4):211–407
Evensen G (2003) The ensemble Kalman filter: theoretical formulation and practical implementation. Ocean Dyn 53(4):343–367
Fan L, Xiong L, Sunderam V (2013) Differentially private multi-dimensional time series release for traffic monitoring. In: 27th conference on data and applications security and privacy, Lecture notes in computer science, vol 7964. Springer, pp 33–48
Gambs S, Killijian MO, del Prado Cortez MN (2014) De-anonymization attack on geolocated data. J Comput Syst Sci 80(8):1597–1614. (Special issue on theory and applications in parallel and distributed computing systems)
Ghinita G (2013) Privacy for location-based services. Morgan & Claypool Publishers
Herrera JC, Work DB, Herring R, Ban X, Jacobson Q, Bayen AM (2010) Evaluation of traffic data obtained via GPS-enabled mobile phones: the Mobile Century field experiment. Trans Res Part C Emerg Technol 18(4):568–583
Ho SS, Ruan S (2011) Differential privacy for location pattern mining. In: Proceedings of ACM SPRINGL, pp 17–24
Hoh B, Iwuchukwu T, Jacobson Q, Gruteser M, Bayen A, Herrera JC, Herring R, Work D, Annavaram M, Ban J (2012) Enhancing privacy and accuracy in probe vehicle based traffic monitoring via virtual trip lines. IEEE Trans Mobile Comput 11(5)
Jia Z, Chen C, Coifman B, Varaiya P (2001) The PeMS algorithms for accurate, real-time estimates of g-factors and speeds from single-loop detectors. In: Proceedings of the 4th IEEE conference on intelligent transportation systems
Le Ny J, Pappas GJ (2014) Differentially private filtering. IEEE Trans Autom Control 59(2):341–354
Le Ny J, Touati A, Pappas GJ (2014) Real-time privacy-preserving model-based estimation of traffic flows. In: Proceedings of the fifth international conference on cyber-physical systems (ICCPS)
Li N, Li T, Venkatasubramanian S (2007) t-closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd IEEE international conference on data engineering
Machanavajjhala A, Kifer D, Abowd JM, Gehrke J, Vilhuber L (2008) Privacy: theory meets practice on the map. In: Proceedings of IEEE ICDE, pp 277–286
Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets (how to break anonymity of the Netflix Prize dataset). In: Proceedings of the IEEE symposium on security and privacy
Pelletier MP, Trépanier M, Morency C (2011) Smart card data use in public transit: a literature review. Trans Res Part C Emerg Technol 19(4):557–568
Pyrgelis A, Troncoso C, Cristofaro ED (2017) What does the crowd say about you? evaluating aggregation-based location privacy. Proc Priv Enhanc Technol 4:156–176
Shokri R, Troncoso C, Diaz C, Freudiger J, Hubaux JP (2010) Unraveling an old cloak: k-anonymity for location privacy. In: Proceedings of the 9th annual ACM workshop on privacy in the electronic society. ACM, pp 115–118
Sweeney L (1997) Weaving technology and policy together to maintain confidentiality. J Law Med Ethics 25:98–110
Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 10(05):557–570
Treiber M, Kesting A (2013) Traffic flow dynamics. Traffic flow dynamics: data, models and simulation. Springer, Berlin
Work DB, Tossavainen OP, Blandin S, Bayen AM, Iwuchukwu T, Tracton K (2008) An ensemble Kalman filtering approach to highway traffic estimation using GPS enabled mobile devices. In: Proceedings of the 47th IEEE conference on decision and control, pp 5062–5068
Xin W, Chang J, Muthuswamy S, Talas M (2013)“Midtown in Motion”: a new active traffic management methodology and its implementation in New York City. In: Transportation research board annual meeting
Xu F, Tu Z, Li Y, Zhang P, Fu X, Jin D (2017) Trajectory recovery from ash: user privacy is not preserved in aggregated mobility data. In: Proceedings of the 26th international conference on world wide web, pp 1241–1250
Zhang H, Bolot J (2011) Anonymization of location data does not work: a large-scale measurement study. In: Proceedings of the 17th annual international conference on mobile computing and networking
Acknowledgements
The authors thank H. André for his work on the differentially private Ensemble Kalman filter [1, 2], which formed the basis for Sect. 7.4 of this chapter. The authors also thank François Bélisle for his help with the MTL Trajet dataset and SQL queries. This work was supported in part by FRQNT through Grant 2015-NC-181370 and by NSERC through Grant RGPAS-507950.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Pelletier, M., Saunier, N., Le Ny, J. (2020). Differentially Private Analysis of Transportation Data. In: Farokhi, F. (eds) Privacy in Dynamical Systems. Springer, Singapore. https://doi.org/10.1007/978-981-15-0493-8_7
Download citation
DOI: https://doi.org/10.1007/978-981-15-0493-8_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0492-1
Online ISBN: 978-981-15-0493-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)