Joan Feigenbaum
Rebecca N. Wright
ABSTRACT
The standard technical approach to privacy and security in online life is preventive: Before someone can access confidential data or take any other action that implicates privacy or security, he should be required to prove that he is authorized to do so. As the scale and complexity of online activity has grown, it has become apparent that the preventive approach is inadequate; thus, a growing set of information-security researchers has embraced greater reliance on accountability mechanisms to complement preventive measures. Despite widespread agreement that "accountability" is important in online life, the term has no standard definition. We make three contributions to the study of accountability: (1) We flesh out with realistic examples our claim that a purely preventive approach to security is inadequate; (2) We present, compare, and contrast some existing formal frameworks for accountability; (3) We explore the question of whether "deterrence" may be a better general term in this context than "accountability."
- Bella, G. and L. Paulson, "Accountability Protocols: Formalized and Verified," ACM Transactions on Information and System Security, vol. 9, no. 2, 2006, pp. 138--161. Google Scholar
Digital Library
- Camenisch, J., A. Lysyanskaya, and M. Meyerovich, "Endorsed E-Cash," in Proceedings of the 28th IEEE Symposium on Security and Privacy, 2007, pp. 101--115. Google ScholarDigital Library
- Chaum, D. "Blind signatures for untraceable payments," in CRYPTO '82, Plenum Press, 1982, pp. 199--203.Google Scholar
- Corrigan-Gibbs, H. and B. Ford, ""Dissent: accountable anonymous group messaging," in Proceedings of the 17th ACM Conference on Computer and Communication Security, 2010, pp. 340--350. Google ScholarDigital Library
- Dubnick, M. J. "Clarifying Accountability: An Ethical Theory Framework," in Public Sector Ethics: Finding and Implementing Values, C. Sampford, N. Preston, and C.-A. Bois (eds.), The Federation Press, 1998, pp. 68--81.Google Scholar
- Feigenbaum, J. "Accountability as a Driver of Innovative Privacy Solutions," in Privacy and Innovation Symposium, Yale Law School Information Society Project, October 2010. http://www.law.yale.edu/intellectuallife/Privacy%20Symposium %20Thought%20Pieces.htmGoogle Scholar
- Feigenbaum, J., A. D. Jaggard, and R. N. Wright, "Towards a Formal Model of Accountability," submitted, April 2011.Google Scholar
- Grant, R. and R. Keohane, "Accountability and Abuses of Power in World Politics," American Political Science Review, vol. 99, no. 1, 2005, pp. 29--43.Google ScholarCross Ref
- Halpern, J. "Defaults and Normality in Causal Structures," in Proceedings of the 11th Conference on Principles of Knowledge Representation and Reasoning, 2008, pp. 198--208.Google Scholar
- Jagadeesan, R., A. Jeffrey, C. Pitcher, and J. Riely, "Towards a Theory of Accountability and Audit," in Proceedings of the 14th European Symposium on Research in Computer Security, Lecture Notes in Computer Science, vol. 5789, Springer, Berlin, 2009, pp. 152--167. Google ScholarDigital Library
- Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC), "Break-Glass -- An Approach to Granting Emergency Access to Healthcare Systems," 2004, http://www.medicalimaging.org/wp-content/uploads/2011/02/Break-Glass_-_Emergency_Access_to_Healthcare_Systems.pdfGoogle Scholar
- Jones, G. W. "The search for local accountability," in Strengthening Local Government in the 1990s, S. Leach (ed.), Longman, 1992, pp. 49--78.Google Scholar
- Küsters, R., T. Truderung, and A. Vogt, "Accountability: Definition and Relationship to Verifiability," in Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 526--535. Google ScholarDigital Library
- Lampson, B. Notes for presentation entitled "Accountability and Freedom," http://research.microsoft.com/enus/um/people/blampson/slides/AccountabilityAndFreedom.pptGoogle Scholar
- Lampson, B. "Usable Security: How to Get it," Communications of the ACM, vol. 52, no. 11, November 2009, pp. 25--27. Google ScholarDigital Library
- Mashaw, J. "Structuring a Dense Complexity: Accountability and the Project of Administrative Law," Issues in Legal Scholarship, The Reformation of American Administrative Law, Article 4, 2005. http://www.bepress.com/ils/iss6/art4Google Scholar
- Mulgan, R. "'Accountability': An Ever-Expanding Concept?," Public Administration, vol. 78, no. 3, 2000, pp. 555--573.Google ScholarCross Ref
- Mulgan, R. Holding Power to Account: Accountability in Modern Democracies, Palgrave MacMillan, 2003.Google Scholar
- Nissenbaum, N. Privacy in Context: Technology, Policy, and the Integrity of Social Life, Stanford University Press, 2010. Google ScholarDigital Library
- Nozick, R. Philosophical Explanations, Harvard University Press, 1981.Google Scholar
- Romzek, B. S. and M. J. Dubnick, "Accountability in the Public Sector: Lessons from the Challenger Tragedy," Public Administration Review, vol. 47, 1987, pp. 227--238.Google ScholarCross Ref
- Sloan, R. H. and R. Warner, "Developing Foundations for Accountability Systems: Informational Norms and Context-Sensitive Judgments," in Proceedings of the ACM Workshop on Governance of Technology, Information, and Policies, 2010, pp. 21--26. Google ScholarDigital Library
- Vickrey, W. "Counterspeculation, auctions, and competitive sealed tenders," Journal of Finance, vol. 16, no. 1, 1961, pp. 8--37.Google ScholarCross Ref
- Weitzner, D. J., H. Abelson, T. Berners-Lee, J. Feigenbaum, J. Hendler, and G. Sussman, "Information Accountability," Communications of the ACM, vol. 51, no. 6, June 2008, pp. 82--88. Google ScholarDigital Library
Index Terms
- Accountability and deterrence in online life
Recommendations
Anonymity and accountability in self-organizing electronic communities
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyIn this paper we study the problem of anonymity versus accountability in electronic communities. We argue that full anonymity may present a security risk that is unacceptable in certain applications; therefore, anonymity and accountability are both ...
Balancing accountability and privacy in the network
SIGCOMM'14Though most would agree that accountability and privacy are both valuable, today's Internet provides little support for either. Previous efforts have explored ways to offer stronger guarantees for one of the two, typically at the expense of the other; ...
POSTER: Preserving privacy and accountability for personal devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityUsing personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring ...
Comments