Sanitization of Call Detail Records via Differentially-private Summaries

TL;DR

This paper introduces a privacy-preserving method for analyzing human mobility using sanitized call detail records, employing differentially-private Bloom filters to enable secure, accurate mobility pattern summaries.

Contribution

The paper presents a novel, efficient approach using differentially-private Bloom filters to securely summarize mobility data from CDRs, improving privacy without sacrificing utility.

Findings

Method achieves high utility comparable to non-private solutions

Ensures strong differential privacy guarantees

Efficient in time and space for real-world datasets

Abstract

In this work, we initiate the study of human mobility from sanitized call detail records (CDRs). Such data can be extremely valuable to solve important societal issues such as the improvement of urban transportation or the understanding on the spread of diseases. One of the fundamental building block for such study is the computation of mobility patterns summarizing how individuals move during a given period from one area e.g., cellular tower or administrative district) to another. However, such knowledge cannot be published directly as it has been demonstrated that the access to this type of data enable the (re-)identification of individuals. To answer this issue and to foster the development of such applications in a privacy-preserving manner, we propose in this paper a novel approach in which CDRs are summarized under the form of a differentially-private Bloom filter for the purpose of privately counting the number of mobile service users moving from one area (region) to another in a given time frame. Our sanitization method is both time and space efficient, and ensures differential privacy while solving the shortcomings of a solution recently proposed to this problem. We also report on experiments conducted with the proposed solution using a real life CDRs dataset. The results obtained show that our method achieves - in most cases - a performance similar to another method (linear counting sketch) that does not provide any privacy guarantees. Thus, we conclude that our method maintains a high utility while providing strong privacy guarantees.