Designing a Location Trace Anonymization Contest

Takao Murakami; Hiromi Arai; Koki Hamada; Takuma Hatano; Makoto Iguchi; Hiroaki Kikuchi; Atsushi Kuromasa; Hiroshi Nakagawa; Yuichi Nakamura; Kenshiro Nishiyama; Ryo Nojima; Hidenobu Oguri; Chiemi Watanabe; Akira Yamada; Takayasu Yamaguchi; Yuji Yamaoka

Designing a Location Trace Anonymization Contest

Authors: Takao Murakami (AIST), Hiromi Arai (RIKEN), Koki Hamada (NTT), Takuma Hatano (NSSOL), Makoto Iguchi (Kii Corporation), Hiroaki Kikuchi (Meiji University), Atsushi Kuromasa (Data Society Alliance), Hiroshi Nakagawa (RIKEN), Yuichi Nakamura (SoftBank Corp.), Kenshiro Nishiyama (LegalForce), Ryo Nojima (NICT), Hidenobu Oguri (Fujitsu Limited), Chiemi Watanabe (Tsukuba University of Technology), Akira Yamada (Kobe University), Takayasu Yamaguchi (Akita Prefectural University), Yuji Yamaoka (Fujitsu Limited)

Volume: 2023
Issue: 1
Pages: 225–243
DOI: https://doi.org/10.56553/popets-2023-0014

Download PDF

Abstract: For a better understanding of anonymization methods for location traces, we have designed and held a location trace anonymization contest that deals with a long trace (400 events per user) and fine-grained locations (1024 regions). In our contest, each team anonymizes her original traces, and then the other teams perform privacy attacks against the anonymized traces. In other words, both defense and attack compete together, which is close to what happens in real life. Prior to our contest, we show that re-identification alone is insufficient as a privacy risk and that trace inference should be added as an additional risk. Specifically, we show an example of anonymization that is perfectly secure against re-identification and is not secure against trace inference. Based on this, our contest evaluates both the re-identification risk and trace inference risk and analyzes their relationship. Through our contest, we show several findings in a situation where both defense and attack compete together. In particular, we show that an anonymization method secure against trace inference is also secure against re-identification under the presence of appropriate pseudonymization. We also report defense and attack algorithms that won first place, and analyze the utility of anonymized traces submitted by teams in various applications such as POI recommendation and geo-data analysis.

Keywords: location privacy, contest, re-identification, trace inference

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.