Locational privacy
Locational privacy (aka "location privacy") refers to the the ability
of an individual to move in public space with the reasonable
expectation that their location will not be systematically and
secretly recorded for later use.
For instance, naive implementations of automated tolling, congestion
pricing, and automated traffic enforcement violate locational privacy
--- they inadvertently create a pervasive surveillance
infrastructure that cheaply and silently aggregates tremendous amounts
of data about drivers' locations. Data that could be used for all
sorts of unpleasant applications, later.
Modern crypographic protocols allow us to build systems which both
satisfy the needs of the tolling agencies and/or law enforcement but
also respect locational privacy. Here are two technical papers that
outline such protocols at a high level:
Congestion pricing that respects driver privacy.
Andrew J. Blumberg and Robin Chase. (Appeared in the proceedings of ITSC 2005.)
Automated traffic
enforcement that respects driver privacy.
Andrew J. Blumberg, Lauren S. Keeler, abhi shelat. (Appeared in the proceedings of ITSC 2004.)
Hari Balakrishnan and Raluca Popa and I produced a
practical implementation of these protocols suitable for use on in-car
devices (e.g., in the context of the CarTel project).
VPriv: Protecting Privacy in Location-Based Vehicular Services
Raluca A. Popa, Hari Balakrishnan, and Andrew J. Blumberg. (To appear
in Usenix Security 2009.)
Robin Chase
writes often about this subject on her transportation blog
in the context of a great vision of open in-car networked devices.
Recently, we wrote an article
for the Huffington Post on about the need for locational privacy.
We have also produced some brief FAQ-style handouts on the subject.
Congestion pricing poses a threat to locational privacy: What this means and why you should care
Electronic tolling and locational privacy:
How to make EZ-pass preserve locational privacy
An overview of a system for implementing congestion pricing that
preserves locational privacy
Additionally, there are some slides to accompany the
previous handout.
(We thank Marnie Riddle for invaluable assistance with the text of
these handouts).
There has also recently been some excellent work on this subject at
Berkeley, in the context of aggregate traffic statistic collection.