Anonymity: Formalisation of Privacy – k-anonymity

Microdata is the basis of statistical studies. If microdata is released, it can leak sensitive information about the participants, even if identifiers like name or social security number are removed. A proper anonymization for statistical microdata is essential. K-anonymity has been intensively discussed as a measure for anonymity in statistical data. Quasi identifiers are attributes that might be used to identify single participating entities in a study. Linking different tables can leak sensitive information. Therefore k-anonymity requires that each combination of values for the quasi identifiers appears at least k times in the data. When subsequent data is released certain limitations have to be followed for the complete data to adhere to k-anonymity. In this paper, we depict the anonymity level of k-anonymity. We show, how l-diversity and t-closeness provide a stronger level of anonymity as k-anonymity. As microdata has to be anonymized, free toolboxes are available in the internet to provide k-anonymity, l-diversity and t-closeness. We present the Cornell Anonymization Toolkit and the UTD Anonymization Toolbox. Together with Kern, we analyzed geodata gathered from android devices due to its anonymity level. Therefore, we transferred the data into an sqlite database for easier data manipulation. We used SQL-queries to show how this data is not anonymous. We provide a value generalization hierarchy based on the attributes model, device, version and network. Using the UTD Anonymization Toolbox, we transferred the data into a k-anonymous state. For different values of k there are different possibilities of generalizations. We show parts of a 3-anonymous version of the input data in this paper.