How to protect privacy in floating car data systems

Abstract

Floating Car Data (FCD) is a valuable source of up-to-date traffic information, with a wide range of applications. Active floating car data techniques require drivers to have their vehicles equipped with on-board units regularly transmitting position and velocity information to a central server. Many potential participants are hence reluctant to join FCD projects because of violations of their privacy due to permanent traceability or possible liability in case of speed limit violations. We present a general method for anonymization of floating car data by deriving pseudonyms for trips and samples with the optional ability of relating samples to trips and trips to each other, whilst hiding the identity of a driver, hence protecting his privacy. The resulting concepts are easy to implement and can be used as building blocks for any FCD system with stringent security constraints. The main advantage of our approach is the guaranteed uniqueness of pseudonyms that can be achieved efficiently, i.e. without any communication between vehicles.