ABSTRACT
Given the ubiquity of data on the web, and the lack of usage restriction enforcement mechanisms, stories of personal, creative and other kinds of data misuses are on the rise. There should be both sociological and technological mechanisms that facilitate accountability on the web that would prevent such data misuses. Sociological mechanisms appeal to the data consumer's self-interest in adhering to the data provider's desires. This involves a system of rewards such as recognition and financial incentives, and deterrents such as prohibitions by laws for any violations and social pressure. Bur there is no well-defined technological mechanism for the discovery of accountability or the lack of it on the web. As part of my PhD thesis I propose a solution to this problem by designing a web protocol called HTTPA (Accountable HTTP). This protocol will enable data consumers and data producers to agree to specific usage restrictions, preserve the provenance of data transferred from a web server to a client and back to another web server, and more importantly provide a mechanism to derive an `audit trail' for the data reuse with the help of a trusted intermediary called a `Provenance Tracker Network'.
- Ching man Au Yeung, Ilaria Liccardi, Kanghao Lu, Oshani Seneviratne, and Tim Berners-Lee, "Decentralization: The Future of Online Social Networking," in W3C Mobile Social Network Workshop, September 2008.Google Scholar
- Wanhong Xu, Xi Zhou, and Lei Li, "Inferring privacy information via social relations," in Data Engineering Workshop, 2008. ICDEW 2008. IEEE 24th International Conference on, april 2008, pp. 525 --530.Google Scholar
- Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay Sussman, "Information Accountability," Communications of the ACM, vol. 51, pp. 82--87, June 2008. Google ScholarDigital Library
- Ronald Leenes, "Context is everything: Sociality and Privacy in Online Social Network Sites," Privacy and Identity, IFIP AICT 320, pp. 48--65, 2010.Google ScholarCross Ref
- Picot, Arnold and Fiedler, Marina, "Impacts of DRM on Internet Based Innovation," in Digital Rights Management, Becker, Eberhard and Buhse, Willms and Günnewig, Dirk and Rump, Niels, Ed. 2003, vol. 2770 of Lecture Notes in Computer Science, pp. 288--300, Springer Berlin / Heidelberg.Google Scholar
- Lorrie Faith Cranor, "Web privacy with Platform for Privacy Preferences," Oreilly Books, Jan 2002.Google Scholar
- Electronic Privacy Information Center, "Pretty Poor Privacy: An Assessment of P3P and Internet Privacy," June 2000.Google Scholar
- P. Kumari, A. Pretschner, J. Peschla, , and J.-M. Kuhn, "Distributed data usage control for web applications: a social network implementation.," in Proceedings of the First ACM Conference on Data and Application Security and Privacy, 2011, pp. 85--96. Google ScholarDigital Library
- Susan Landau, "Support for Fair Use with Project DReaM," Sun Microsystems Laboratories, vol. Version 1.0 Rev A, April 2008.Google Scholar
- Jorge R. Cuellar, John B. Morris, Deirdre K. Mulligan, Jon Peterson, and James M. Polk, "Geopriv Requirements. Internet RFC 3693," . Google ScholarDigital Library
- Andrei Popescu, "Geolocation API Specification," .Google Scholar
- Nick Doty and Erik Wilde, "Geolocation privacy and application platforms," in Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS, New York, NY, USA, 2010, SPRINGL '10, pp. 65--69, ACM. Google ScholarDigital Library
- E Wilde, "Simple policy negotiation for location disclosure," w3.org.Google Scholar
- Aza Raskin and Arun Ranganathan, "Privacy: A Pictographic Approach," W3C Workshop on Privacy for Advanced Web APIs, 2010.Google Scholar
- Primelife, "D. Dashboard," http://www.primelife.eu/results/opensource/76-dashboard.Google Scholar
- Manu Sporny, Toby Inkster, Henry Story, Bruno Harbulot, and Reto Bachmann-Gmur, "Web Identification and Discovery," W3C Editor's Draft, 2011.Google Scholar
- Ted Kang and Lalana Kagal, "Enabling Privacy-awareness in Social Networks," in Intelligent Information Privacy Management Symposium at the AAAI Spring Symposium 2010, March 2010.Google Scholar
- Brent Chun, David Culler, Timothy Roscoe, Andy Bavier, Larry Peterson, Mike Wawrzoniak, and Mic Bowman, "Planetlab: an overlay testbed for broad-coverage services," SIGCOMM Comput. Commun. Rev., vol. 33, pp. 3--12, July 2003. Google ScholarDigital Library
- Mark Kinsey, "Keeping Count of Sharing Across the Web," The Facebook Blog, 2009.Google Scholar
- Oshani Seneviratne, Lalana Kagal, and Tim Berners-Lee, "Policy-Aware Content Reuse on the Web," in ISWC 2009, 2009, pp. 553--568. Google ScholarDigital Library
- Oshani Seneviratne and Andres Monroy-Hernandez, "Remix culture on the web: A survey of content reuse on different User-Generated content websites," in Web Science Conference at World Wide Web Conference 2010, April 2010.Google Scholar
- Oshani Seneviratne and Lalana Kagal, "Addressing Data Reuse Issues at the Protocol Level," in POLICY 2011, IEEE International Symposium on Policies for Distributed Systems and Networks, 2011, pp. 141--144. Google ScholarDigital Library
- Marc Langheinrich and Lorrie Cranor and Massimo Marchiori, "APPEL: A P3P Preference Exchange Language," W3C Working Draft, 2002.Google Scholar
- Owen Sacco and Alexandre Passant, "A Privacy Preference Ontology (PPO) for Linked Data," in Linked Data on the Web Workshop at the World Wide Web Conference 2011, April 2011.Google Scholar
- Doc Searls, "Emancipay: A Relationship Management and Voluntary Payment Framework," Harvard Law Blog, 2010.Google Scholar
- Berners-Lee, Timothy J, "Information Management: A proposal -- oai:cds.cern.ch:369245," Tech. Rep. CERN-DD-89-001-OC, CERN, Geneva, Mar 1989.Google Scholar
- Catherine Dwyer, Starr Hiltz, and Katia Passerini, "Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace," in Proceedings of the Thirteenth Americas Conference on Information Systems, Keystone, Colorado, 2007.Google Scholar
- danah m. boyd and Nicole B. Ellison, "Social Network Sites: Definition, History, and Scholarship," Journal of Computer-Mediated Communication, vol. 13, no. 1, pp. 210--230, 2007.Google ScholarDigital Library
- Prema Nakra, "Consumer privacy rights: CPR and the age of the Internet," Management Decision, vol. 39, no. 4, pp. 272--279, 2001.Google ScholarCross Ref
- Mozilla, "Privacy Icons," https://wiki.mozilla.org/Drumbeat/Challenges/Privacy_Icons.Google Scholar
Index Terms
- Augmenting the web with accountability
Recommendations
Developing foundations for accountability systems: informational norms and context-sensitive judgments
GTIP '10: Proceedings of the 2010 Workshop on Governance of Technology, Information and PoliciesAdequately protecting informational privacy in an increasingly interconnected world poses two problems. What are the appropriate privacy polices? And, how should one ensure compliance with them?
Accountability systems are an attractive solution to both ...
POSTER: Preserving privacy and accountability for personal devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityUsing personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring ...
Anonymity and accountability in self-organizing electronic communities
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyIn this paper we study the problem of anonymity versus accountability in electronic communities. We argue that full anonymity may present a security risk that is unacceptable in certain applications; therefore, anonymity and accountability are both ...
Comments