Enhancing Transparency with Distributed Privacy-Preserving Logging
نویسندگان
چکیده
Transparency of data processing is often a requirement for compliance to legislation and/or business requirements. Furthermore, it has recognised as a key privacy principle, for example in the European Data Protection Directive. At the same time, transparency of the data processing should be limited to the users involved in order to minimise the leakage of sensitive business information and privacy of the employees (if any) performing the data processing. We propose a cryptographic logging solution, making the resulting log data publicly accessible, that can be used by data subjects to gain insight in the data processing that takes place on their personal data, without disclosing any information about data processing on other users‟ data. Our proposed solution can handle arbitrary distributed processes, dynamically continuing the logging from one data processor to the next. Committing to the logged data is irrevocable, and will result in log data that can be verified by the data subject, the data processor and a third party with respect to integrity. Moreover, our solution allows data processors to offload storage and interaction with users to dedicated log servers. Finally, we show that our scheme is applicable in practice, providing performance results for a prototype implementation.
منابع مشابه
Insynd: Privacy-Preserving Transparency Logging Using Balloons
Insynd is a cryptographic scheme for privacy-preserving transparency logging. In the setting of transparency logging, a service provider continuously logs descriptions of its data processing on its users’ personal data, where each description is intended for a particular user. Our work focuses on protecting the privacy of users. Insynd provides secrecy of messages, message integrity and authent...
متن کاملAdding Secure Transparency Logging to the PRIME Core
This paper presents a secure privacy preserving log. These types of logs are useful (if not necessary) when constructing transparency services for privacy enhancement. The solution builds on and extends previous work within the area and tries to address the shortcomings of previous solutions regarding privacy issues.
متن کاملInsynd: Improved Privacy-Preserving Transparency Logging
Service providers collect and process more user data then ever, while users of these services remain oblivious to the actual processing and utility of the processed data to the service providers. This leads users to put less trust in service providers and be more reluctant to share data. Transparency logging is about service providers continuously logging descriptions of the data processing on ...
متن کاملHow can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used?
Transparency is a basic privacy principle and factor of social trust. However, the processing of personal data along a cloud chain is often rather intransparent to the data subjects concerned. Transparency Enhancing Tools (TETs) can help users in deciding on, tracking and controlling their data in the cloud. However, TETs for enhancing privacy also have to be designed to be both privacy-preserv...
متن کاملCrime and Punishment in the Cloud
DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) 2013 Abstract. The goal of this work is to reason on the complexity of the relationship between three non-functional requirements in cloud computing; privacy, accountability, and transparency. We provide insights on the complexity of this relationship from the perspectives of end-u...
متن کامل