2014 Twelfth Annual Conference on Privacy, Security and Trust (PST) (2014)
Toronto, ON, Canada
July 23, 2014 to July 24, 2014
Oshani Seneviratne , Decentralized Information Group, MIT CSAIL, USA
Lalana Kagal , Decentralized Information Group, MIT CSAIL, USA
Many access control systems, particularly those utilized in hospital environments, exercise optimistic security, because preventing access to information may have undesirable consequences. However, in the wrong hands, these over-broad permissions may result in privacy violations. To circumvent this issue, we have developed Privacy Enabling Transparent Systems (PETS) that makes transparency a key component in systems architectures. PETS is built on open web standards and introduces the Provenance Tracking Network (PTN), an open global trusted network of peer servers, to the traditional web stack. Websites that conform to the architecture communicate information about transactions for any sensitive data items with the PTN. These usage logs are stored in a decentralized manner and can later be queried to check compliance with individual usage restrictions that assert no unauthorized data transfer or usage has taken place. PETS enables data consumers to be transparent with regard to data usages and determine if there has been privacy violations after the fact. We conducted a user study on a healthcare data application built using PETS to see if transparency on access and usage data satisfies expectations of user privacy.
Positron emission tomography, Privacy, Servers, Hospitals, Peer-to-peer computing, Data privacy
O. Seneviratne and L. Kagal, "Enabling privacy through transparency," 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST), Toronto, ON, Canada, 2014, pp. 121-128.