Information accountability

International Journal of E-Health and Medical Communications, 2014

Information accountability is seen as a mode of usage control on the Web. Due to its many dimensions, information accountability has been expressed in various ways by computer scientists to address security and privacy in recent times. Information accountability is focused on how users participate in a system and the underlying policies that govern the participation. Healthcare is a domain in which the principles of information accountability can be utilised well. Modern health information systems are Internet based and the discipline is called eHealth. In this paper, the authors identify and discuss the goals of accountability systems and present the principles of information accountability. They characterise those principles in eHealth and discuss them contextually. They identify the current impediments to eHealth in terms of information privacy issues of eHealth consumers together with information usage requirements of healthcare providers and show how information accountability ...

While technologies for anonymous communication have been thoroughly researched and despite the existence of several protection services, the deployment of such services has not yet reached the mass market of end users. So far only a very small fraction of users are using anonymity services and early adopters, which are necessary to reach a critical mass of adopters, have not been attracted. Consequently, there is no beneficial market today for anonymity services. In this paper we conduct an analysis grounded in the diffusion of innovations theory on the reasons for the slow diffusion of anonymity services. We conclude that an unclear relative advantage, a high complexity and the inability to observe or demonstrate that the communication is really anonymous are major hindrances. Furthermore, we discuss several possibilities on how to stimulate the adoption.

Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing - CSCW '16, 2016

While the web contains many social websites, people are generally left in the dark about the activities of other people traversing the web as a whole. In this paper, we explore the potential benefits and privacy considerations around generating a real-time, publicly accessible stream of web activity where users can publish chosen parts of their web browsing data. Taking inspiration from social media systems, we describe individual benefits that can be unlocked by such sharing and that may incentivize users to publish aspects of their browsing. We ask whether and how these benefits outweigh potential costs in lost privacy. We conduct our study of public web activity sharing through scenario-based interviews and a field deployment of a tool for web activity sharing.

Heterogeneous Data Management, Polystores, and Analytics for Healthcare, 2019

GDPR in Europe and similar regulations, such as the California CCPA, require new levels of privacy support for consumers. Most challenging to IT departments is the "right to be forgotten". Hence, an enterprise must ensure that ALL information about a specific consumer be deleted from enterprise storage, when requested. Since enterprises are internally heavily "siloed", sharing of information is usually accomplished by copying data between systems. This makes finding and deleting all copies of data on a particular consumer difficult. GDPR also requires the notion of purposes, which is an access control model orthogonal to the one customarily in SQL. Herein, we sketch an implementation of purposes and show how it fits within a conventional access control framework. We then propose two solutions to supporting GDPR in a DBMS. When a "green field" environment is present, we propose a solution which directly supports the process of ensuring GDPR compliance at enterprise-scale. Specifically, it is designed to store every fact about a consumer exactly once. Therefore, the right to be forgotten is readily supported by deleting that fact. On the other hand, when dealing with legacy systems in the enterprise, we propose a second solution which tracks all copies of personal information, so they can be deleted on request. Of course, this solution entails additional overhead in the DBMS. Once data leaves the DBMS, it is in some application. We propose "sandboxing" applications in a novel way that will prevent them from leaking data to the outside world when inappropriate. Lastly, we discuss the challenges associated with auditing and logging of data. This paper sketches the design of the above GDPR compliant facilities, which we collectively term SchengenDB.

2020

BACKGROUND There is substantial prior research on patient perspectives relating to the use of health information for research. Numerous communication barriers challenge transparency between researchers and data subjects in secondary database research (e.g., waived informed consent, knowledge gaps). Individual concerns and misconceptions challenge trust in researchers despite efforts to protect data. Technical software used to protect research data can further complicate public understanding of research. For example, MiNDFIRL (MInimum Necessary Disclosure For Interactive Record Linkage) is a prototype software that can be used to enhance confidentiality of datasets by restricting disclosures of identifying information during the record linkage process. However, researchers communicating how a software like MINDFIRL is used to protect data must overcome the previously mentioned communication barriers. One proposed solution is the creation of an interactive web-based Frequently Asked Q...

Lecture Notes in Computer Science, 2017

Despite regulatory efforts to protect personal data online, users knowingly consent to disclose more personal data than they intend, and they are also prone to disclose more than they know. We consider that a reliance on cognitive heuristics is key to explaining these aspects of users' disclosure decisions. Also, that the cues underpinning these heuristics can be exploited by organisations seeking to extract more data than is required. Through the lens of an existing credibility heuristic framework, we qualitatively analyse 23, one-to-one, semi-structured interviews. We identify six super-ordinate classes of heuristics that users rely upon during disclosures: PROMINENCE, NETWORK, RELIABILITY , ACCORDANCE, NARRATIVE, MODALITY, and a seventh nonheuristics TRADE class. Our results suggest that regulatory efforts seeking to increase the autonomy of the informed user are inapt. Instead the key to supporting users during disclosure decisions could be to positively nudge users through the cues underpinning these simple heuristics.

Personal and Ubiquitous Computing, 2017

Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal data satisfy regulatory and user requirements. Thus, components handling personal data should be audited to demonstrate that their actions comply with all such policies and requirements. A valuable side-effect of this approach is that such an auditing process will highlight areas where technical enforcement has been incompletely or incorrectly specified. There is a clear role for technical assistance in aligning privacy policy enforcement mechanisms with data protection regulations. The first step necessary in producing technology to accomplish this alignment is to gather evidence of data flows. We describe our work producing, representing and querying audit data and discuss outstanding challenges.

Metaphilosophy, 2012

The Web initially emerged as an "antidote" to accumulated scientific knowledge, since it enables global representation and communication at a minimum cost. Its gigantic scale and interdependence allow us our ability to find relevant information and develop trustworthy contexts. It is time for science to compensate by providing an epistemological "antidote" to Web issues. Philosophy should be in the front line by forming the salient questions and analysis. We need a theory about Web being that will bridge philosophical thinking and engineering. This article analyzes existence and spatiotemporality in the Web and how it transforms the traditional actualities. The resulting issues concern the selfdetermination of a being and the way in which the Web could be a free and open platform for innovation and participation.

ACM Transactions on Internet Technology, 2018

Data sharing and access control management is one of the issues still hindering the development of decentralized online social networks (DOSNs), which are now gaining more research attention with the recent developments in P2P computing, such as the secure public ledger–based protocols (Blockchains) for monetary systems. In a previous work, we proposed an initial audit–based model for access control in DOSNs. In this article, we focus on enhancing the audit strategies and the privacy issues emerging from records kept for audit purposes. We propose enhanced audit and collaboration strategies, for which experimental results, on a real online social network graph with simulated sharing behavior, show an improvement in the detection rate of bad behavior of more than 50% compared to the basic model. We also provide an analysis of the related privacy issues and discuss possible privacy-preserving alternatives.

Semantic Services, Interoperability and Web Applications

The term “Linked Data” refers to a set of best practices for publishing and connecting structured data on the Web. These best practices have been adopted by an increasing number of data providers over the last three years, leading to the creation of a global data space containing billions of assertions— the Web of Data. In this article, the authors present the concept and technical principles of Linked Data, and situate these within the broader context of related technological developments. They describe progress to date in publishing Linked Data on the Web, review applications that have been developed to exploit the Web of Data, and map out a research agenda for the Linked Data community as it moves forward.

Towards a Service-Based Internet, 2010

As data integration proliferates, private information can be spread across the system extensively. Striving for protection of possessed sensitive information, enterprises thus need comprehensive means to control such propagation. As shown in the paper, approaches to date do not address this need sufficiently. We, therefore, propose a private data propagation control framework (Providence), which aims to give a comprehensive view on private data usage throughout the system and to facilitate privacy-related decision making.

Electronic Proceedings in Theoretical Computer Science, 2017

Modern socio-technical systems are increasingly complex. A fundamental problem is that the borders of such systems are often not well-defined a-priori, which among other problems can lead to unwanted behavior during runtime. Ideally, unwanted behavior should be prevented. If this is not possible the system shall at least be able to help determine potential cause(s) a-posterori, identify responsible parties and make them accountable for their behavior. Recently, several algorithms addressing these concepts have been proposed. However, the applicability of the corresponding approaches, specifically their effectiveness and performance, is mostly unknown. Therefore, in this paper, we propose ACCBench, a benchmark tool that allows to compare and evaluate causality algorithms under a consistent setting. Furthermore, we contribute an implementation of the two causality algorithms by [7] and [6] as well as of a policy compliance approach based on some concepts of [16]. Lastly, we conduct a case study of an Intelligent Door Control System, which exposes concrete strengths and weaknesses of all algorithms under different aspects. In the course of this, we show that the effectiveness of the algorithms in terms of cause detection as well as their performance differ to some extent. In addition, our analysis reports on some qualitative aspects that should be considered when evaluating each algorithm. For example, the human effort needed to configure the algorithm and model the use case is analyzed.

Principles and Applications of Distributed Event-Based Systems

The scalability properties of event-based communication paradigms make them suitable for building large-scale distributed systems. For effective management at the application level, such systems often comprise multiple administrative domains, although their underlying communication infrastructure can be shared. Examples of such systems include those required by government and public bodies for domains such as healthcare, police, transport and environmental monitoring. We investigate how to build security into these systems. We outline point-to-point and publish/subscribe event-based communication, and examine security implications in each. Publish/subscribe decouples communicating entities. This allows for efficient event dissemination, however it makes controlling data visibility more difficult. Some data is sensitive and must be protected for personal and legal reasons. Large pub/sub systems distribute events using intermediate broker nodes. Some brokers may not be fully trusted. ...

Lecture Notes in Computer Science, 2017

Privacy audit logs are used to capture the actions of participants in a data sharing environment in order for auditors to check compliance with privacy policies. However, collusion may occur between the auditors and participants to obfuscate actions that should be recorded in the audit logs. In this paper, we propose a Linked Data based method of utilizing blockchain technology to create tamper-proof audit logs that provide proof of log manipulation and non-repudiation. We also provide experimental validation of the scalability of our solution using an existing Linked Data privacy audit log model.

John Wiley & Sons, Ltd eBooks, 2013

The Web initially emerged as an "antidote" to accumulated scientific knowledge, since it enables global representation and communication at a minimum cost. Its gigantic scale and interdependence allow us our ability to find relevant information and develop trustworthy contexts. It is time for science to compensate by providing an epistemological "antidote" to Web issues. Philosophy should be in the front line by forming the salient questions and analysis. We need a theory about Web being that will bridge philosophical thinking and engineering. This article analyzes existence and spatiotemporality in the Web and how it transforms the traditional actualities. The resulting issues concern the selfdetermination of a being and the way in which the Web could be a free and open platform for innovation and participation.