Geographic Information and Society: An International Conference
DOI of Published Version
The widespread availability of low-cost desktop GIS software now enables an unprecedented number of individuals to produce point-symbol maps from information considered confidential in its original, tabular, form. These maps, which are made by address-matching individual-level administrative records to street centerline files (e.g. TIGER) can be easily (and perhaps inadvertently) distributed in HTML format. These “raw” maps comprised of abstract map symbols do not directly disclose confidential information. However, a determined data spy can use GIS technology and other knowledge to “hack” the maps and make an estimate of the actual address (and hence, a good guess as the identity of an individual) associated with each point symbol. Though this process, called inverse address-matching, is supported by widely available GIS software, there has been almost no discussion in the GIS literature about factors that are important in successfully inverting the address-matching transformation. In this paper, we situate our work within current debates on privacy, and then conduct a set of controlled experiments that are designed to evaluate the performance of the address inversion process. We do this with the full understanding that such knowledge could be used for nefarious purposes. Such knowledge, however, can also be used to guard against individual-level identity disclosure by guiding the design and use of effective cartographic masking techniques.
Copyright © 1999 Marc P. Armstrong and Amy J. Ruggles