Enabling Privacy through Transparency - MIT Paper

Abstract—Many access control systems, particularly those
utilized in hospital environments, exercise optimistic security,
because preventing access to information may have undesirable
consequences. However, in the wrong hands, these over-broad
permissions may result in privacy violations. To circumvent
this issue, we have developed Privacy Enabling Transparent
Systems (PETS) that makes transparency a key component in
systems architectures. PETS is built on open web standards and
introduces the Provenance Tracking Network (PTN), an open
global trusted network of peer servers, to the traditional web
stack. Websites that conform to the architecture communicate
information about transactions for any sensitive data items with
the PTN. These usage logs are stored in a decentralized manner
and can later be queried to check compliance with individual
usage restrictions that assert no unauthorized data transfer or
usage has taken place. PETS enables data consumers to be
transparent with regard to data usages and determine if there has
been privacy violations after the fact. We conducted a user study
on a healthcare information application built using PETS to see
if transparency on access and usage data satisfies expectations of
user privacy.


Received on Monday, 16 June 2014 08:39:58 UTC