Locational privacy

Locational privacy (aka "location privacy") refers to the the ability of an individual to move in public space with the reasonable expectation that their location will not be systematically and secretly recorded for later use.

For instance, naive implementations of automated tolling, congestion pricing, and automated traffic enforcement violate locational privacy --- they inadvertently create a pervasive surveillance infrastructure that cheaply and silently aggregates tremendous amounts of data about drivers' locations. Data that could be used for all sorts of unpleasant applications, later.

Modern crypographic protocols allow us to build systems which both satisfy the needs of the tolling agencies and/or law enforcement but also respect locational privacy. Here are two technical papers that outline such protocols at a high level:

Congestion pricing that respects driver privacy.
Andrew J. Blumberg and Robin Chase. (Appeared in the proceedings of ITSC 2005.)

Automated traffic enforcement that respects driver privacy.
Andrew J. Blumberg, Lauren S. Keeler, abhi shelat. (Appeared in the proceedings of ITSC 2004.)

Hari Balakrishnan and Raluca Popa and I produced a practical implementation of these protocols suitable for use on in-car devices (e.g., in the context of the CarTel project).

VPriv: Protecting Privacy in Location-Based Vehicular Services
Raluca A. Popa, Hari Balakrishnan, and Andrew J. Blumberg. (To appear in Usenix Security 2009.)

Robin Chase writes often about this subject on her transportation blog in the context of a great vision of open in-car networked devices.
Recently, we wrote an article for the Huffington Post on about the need for locational privacy.
We have also produced some brief FAQ-style handouts on the subject.

Congestion pricing poses a threat to locational privacy: What this means and why you should care

Electronic tolling and locational privacy: How to make EZ-pass preserve locational privacy

An overview of a system for implementing congestion pricing that preserves locational privacy

Additionally, there are some slides to accompany the previous handout.
(We thank Marnie Riddle for invaluable assistance with the text of these handouts).
There has also recently been some excellent work on this subject at Berkeley, in the context of aggregate traffic statistic collection.