Differentially private analysis of transportation data

Abstract

To optimize the planning and operations of transportation systems, engineers analyze large amounts of data related to individual travelers, obtained through an increasing number and variety of sensors and data sources. For example, location traces collected from personal smartphones or smart cards in public transit systems can now cost-effectively complement or replace traditional data collection mechanisms such as phone surveys or vehicle detectors on highways, allowing to significantly increase the sensor coverage as well as the spatial and temporal resolution of the collected data. This trend allows formore accurate statistical estimates of the state and evolution of a transportation system, and improved responsiveness. At the same time, it raises privacy concerns, due to the possibility of making inferences on the history of visited locations and activities of individual citizens. This chapter presents some of the issues related to the privacy-preserving analysis of transportation data. We first illustrate the well-known difficulty of publishing location microdata (i.e., individual location traces) with privacy guarantees, though a case study based on the “MTL Trajet” dataset, a smartphone-based travel survey carried out in recent years in the city of Montréal. In contrast, the publication of aggregate statistics can be protected formally using state-of-the-art tools such as differential privacy, a formal notion of privacy that prevents certain types of inferences by adversaries with arbitrary side information. To illustrate the application of differential privacy to transportation data, the chapter presents a methodology for estimating the dynamic macroscopic traffic state (density, velocity) along a highway segment in real-time from single-loop detector and floating car data, while providing privacy guarantees for the individual driver trajectories. Enforcing privacy constraints impacts estimation performance (depending on the desired privacy level), but the effect is mitigated here by using a nonlinear model of the traffic dynamics, fused with the sensor measurements using data assimilation methods such as nonlinear Kalman filters.