Crime and Punishment in the Cloud Accountability, Transparency, and - - PowerPoint PPT Presentation

Crime and Punishment in the Cloud

Accountability, Transparency, and Privacy Stefan Berthold, Simone Fischer-Hübner, Leonardo A. Martucci, and T

• bias Pulls

Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad, Sweden

6th June 2013

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 1 / 7

ISO/IEC 29100

Accountability document policies, procedures and practices, assign the duty to implement privacy policies to specified individuals in the organization, provide suitable training, inform about privacy breaches, give access to effective sanctions and procedures for compensations in case of privacy breaches. Implications accountability ← transparency + liability for privacy + · · · privacy breaches (crime) punishment.

• Reference. ISO/IEC: Privacy framework.

ISO/IEC 29100, ISO/IEC (2011). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 2 / 7

ISO/IEC 29100

Accountability document policies, procedures and practices, assign the duty to implement privacy policies to specified individuals in the organization, provide suitable training, inform about privacy breaches, give access to effective sanctions and procedures for compensations in case of privacy breaches. Implications accountability ← transparency + liability for privacy + · · · privacy breaches (crime) punishment.

• Reference. ISO/IEC: Privacy framework.

ISO/IEC 29100, ISO/IEC (2011). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 2 / 7

ISO/IEC 29100

Accountability document policies, procedures and practices, assign the duty to implement privacy policies to specified individuals in the organization, provide suitable training, inform about privacy breaches, give access to effective sanctions and procedures for compensations in case of privacy breaches. Implications accountability ← transparency + liability for privacy + · · · privacy breaches (crime) punishment.

• Reference. ISO/IEC: Privacy framework.

ISO/IEC 29100, ISO/IEC (2011). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 2 / 7

Privacy & Transparency

privacy

• accountability

transparency

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

Privacy & Transparency

privacy

• accountability

transparency

− +

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

Privacy & Transparency

privacy

• accountability

transparency

− +

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

Privacy & Transparency

privacy

• accountability

transparency

− +

confidentiality

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

Privacy & Transparency

privacy

• accountability

transparency

− +

confidentiality unrestricted data access

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

Privacy & Transparency

privacy

• accountability

transparency

− +

confidentiality unrestricted data access

?

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

Transparency

Transparency of the next move.

☎

• ✌

rZblkans

• popZpop

0ZnZ0Z0Z Z0Z0o0Z0 0Z0ZPZ0Z Z0Z0ZNZ0 POPO0OPO SNAQJBZR

• ✄

Definition

Transparency is the state when every party in the target group possesses perfect knowledge about the

• bservable of interest. In other

words, no party in the target group could learn any information (in Shannon’s sense) about the

• bservable of interest.
• Reference. Shannon, C. E.: A mathematical theory of communications.

Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

Transparency

Transparency of the next move.

☎

• ✌

rZblkans

• popZpop

0ZnZ0Z0Z Z0Z0o0Z0 0Z0ZPZ0Z Z0Z0ZNZ0 POPO0OPO SNAQJBZR

• knowledge

p

• ✄

Definition

Transparency is the state when every party in the target group possesses perfect knowledge about the

• bservable of interest. In other

words, no party in the target group could learn any information (in Shannon’s sense) about the

• bservable of interest.
• Reference. Shannon, C. E.: A mathematical theory of communications.

Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

Transparency

Transparency of the next move.

☎

• ✌

rZblkans

• popZpop

0ZnZ0Z0Z Z0Z0o0Z0 0Z0ZPZ0Z Z0Z0ZNZ0 POPO0OPO SNAQJBZR

• knowledge

p B

• ✄

Definition

Transparency is the state when every party in the target group possesses perfect knowledge about the

• bservable of interest. In other

words, no party in the target group could learn any information (in Shannon’s sense) about the

• bservable of interest.
• Reference. Shannon, C. E.: A mathematical theory of communications.

Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

Transparency

Transparency of the next move.

☎

• ✌

rZblkans

• popZpop

0ZnZ0Z0Z Z0Z0o0Z0 0Z0ZPZ0Z Z0Z0ZNZ0 POPO0OPO SNAQJBZR

• knowledge

p B

• ✄
• racle

B

information

Definition

Transparency is the state when every party in the target group possesses perfect knowledge about the

• bservable of interest. In other

words, no party in the target group could learn any information (in Shannon’s sense) about the

• bservable of interest.
• Reference. Shannon, C. E.: A mathematical theory of communications.

Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

Transparency

Transparency of the next move.

☎

• ✌

rZblkans

• popZpop

0ZnZ0Z0Z Z0Z0o0Z0 0Z0ZPZ0Z Z0Z0ZNZ0 POPO0OPO SNAQJBZR

B

knowledge

B B

• ✄
• racle

B

zero information

Definition

Transparency is the state when every party in the target group possesses perfect knowledge about the

• bservable of interest. In other

words, no party in the target group could learn any information (in Shannon’s sense) about the

• bservable of interest.
• Reference. Shannon, C. E.: A mathematical theory of communications.

Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

Transparency

Transparency of the next move.

☎

• ✌

rZblkans

• popZpop

0ZnZ0Z0Z ZBZ0o0Z0 0Z0ZPZ0Z Z0Z0ZNZ0 POPO0OPO SNAQJ0ZR

B

knowledge

B B

• ✄
• racle

B

zero information

Definition

Transparency is the state when every party in the target group possesses perfect knowledge about the

• bservable of interest. In other

words, no party in the target group could learn any information (in Shannon’s sense) about the

• bservable of interest.
• Reference. Shannon, C. E.: A mathematical theory of communications.

Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

Privacy

user CSP 1 CSP 2 CSP n

• p. data
• p. data
• p. data

· · · · · · · · · · · · · · · · · · · · · · · · · · ·

CSP 1 CSP 2 CSP 3

PIA PIA PIA

subcontracting subcontracting dependency resolution dependency resolution

Definition

Privacy is the right of individuals to control the flow and use of their personal data. requires informed decisions about data disclosure, data storage, and data processing, and their enforcement.

• Reference. EU: Data Protecting Directive 95/46/EC.

. stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 5 / 7

Conclusions

Accountability for end-users.

Definition

A data controller is accountable, if privacy breaches are transparent to the respective data subjects and the data controller is sanctioned and/or the data subject is compensated in case of privacy breaches. Challenges. accountability: composing privacy and transparency. the cloud doesn’t make that challenge easier. solutions exist for accountability where privacy is end-user control. hard conflicts between transparency and privacy when privacy is confidentiality.

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 6 / 7

Conclusions

Accountability for end-users.

Definition

A data controller is accountable, if privacy breaches are transparent to the respective data subjects and the data controller is sanctioned and/or the data subject is compensated in case of privacy breaches. Challenges. accountability: composing privacy and transparency. the cloud doesn’t make that challenge easier. solutions exist for accountability where privacy is end-user control. hard conflicts between transparency and privacy when privacy is confidentiality.

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 6 / 7

Crime and Punishment in the Cloud

Q&A

Stefan Berthold, Simone Fischer-Hübner, Leonardo A. Martucci, and T

• bias Pulls

[firstname.lastname]@kau.se

stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 7 / 7