Differentially-Private Counting of Users' Spatial Regions

TL;DR

This paper introduces a differentially-private method for releasing spatial region data that supports range queries, addressing unique challenges like duplicate counting and increased sensitivity, with theoretical guarantees and practical validation.

Contribution

It is the first to apply the Euler characteristic with differential privacy for spatial regions and proposes a constrained inference to reduce noise and ensure consistency.

Findings

Effective privacy-utility trade-offs demonstrated on real datasets

Novel use of Euler characteristic to prevent duplicate counting

Reduced noise through constrained inference

Abstract

Mining of spatial data is an enabling technology for mobile services, Internet-connected cars, and the Internet of Things. But the very distinctiveness of spatial data that drives utility, can cost user privacy. Past work has focused upon points and trajectories for differentially-private release. In this work, we continue the tradition of privacy-preserving spatial analytics, focusing not on point or path data, but on planar spatial regions. Such data represents the area of a user's most frequent visitation---such as "around home and nearby shops". Specifically we consider the differentially-private release of data structures that support range queries for counting users' spatial regions. Counting planar regions leads to unique challenges not faced in existing work. A user's spatial region that straddles multiple data structure cells can lead to duplicate counting at query time. We provably avoid this pitfall by leveraging the Euler characteristic for the first time with differential privacy. To address the increased sensitivity of range queries to spatial region data, we calibrate privacy-preserving noise using bounded user region size and a constrained inference that uses robust least absolute deviations. Our novel constrained inference reduces noise and promotes covertness by (privately) imposing consistency. We provide a full end-to-end theoretical analysis of both differential privacy and high-probability utility for our approach using concentration bounds. A comprehensive experimental study on several real-world datasets establishes practical validity.