crime and punishment in the cloud
play

Crime and Punishment in the Cloud Accountability, Transparency, and - PowerPoint PPT Presentation

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold , Simone Fischer-Hbner, Leonardo A. Martucci, and T obias Pulls Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad,


  1. Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold , Simone Fischer-Hübner, Leonardo A. Martucci, and T obias Pulls Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad, Sweden 6th June 2013 stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 1 / 7

  2. ISO/IEC 29100 Accountability document policies, procedures and practices, assign the duty to implement privacy policies to specified individuals in the organization, provide suitable training, inform about privacy breaches, give access to effective sanctions and procedures for compensations in case of privacy breaches. Implications accountability ← transparency + liability for privacy + · · · privacy breaches (crime) � punishment. Reference. ISO/IEC: Privacy framework. ISO/IEC 29100, ISO/IEC (2011). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 2 / 7

  3. ISO/IEC 29100 Accountability document policies, procedures and practices, assign the duty to implement privacy policies to specified individuals in the organization, provide suitable training, inform about privacy breaches, give access to effective sanctions and procedures for compensations in case of privacy breaches. Implications accountability ← transparency + liability for privacy + · · · privacy breaches (crime) � punishment. Reference. ISO/IEC: Privacy framework. ISO/IEC 29100, ISO/IEC (2011). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 2 / 7

  4. ISO/IEC 29100 Accountability document policies, procedures and practices, assign the duty to implement privacy policies to specified individuals in the organization, provide suitable training, inform about privacy breaches, give access to effective sanctions and procedures for compensations in case of privacy breaches. Implications accountability ← transparency + liability for privacy + · · · privacy breaches (crime) � punishment. Reference. ISO/IEC: Privacy framework. ISO/IEC 29100, ISO/IEC (2011). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 2 / 7

  5. Privacy & Transparency privacy transparency � accountability stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

  6. Privacy & Transparency + − privacy transparency � accountability stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

  7. Privacy & Transparency + − privacy transparency � accountability stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

  8. Privacy & Transparency + − confidentiality privacy transparency � accountability stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

  9. Privacy & Transparency + − unrestricted confidentiality privacy transparency data access � accountability stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

  10. Privacy & Transparency + − unrestricted confidentiality privacy transparency data access � ? accountability stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 3 / 7

  11. ✄ � � � � Transparency Transparency of the next move. rZblkans Definition � � opopZpop 0ZnZ0Z0Z Transparency is the state when every ☎ ✌ Z0Z0o0Z0 party in the target group possesses 0Z0ZPZ0Z perfect knowledge about the Z0Z0ZNZ0 observable of interest. In other POPO0OPO SNAQJBZR words, no party in the target group could learn any information (in Shannon’s sense) about the observable of interest. Reference. Shannon, C. E.: A mathematical theory of communications. Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

  12. ✄ � � � � Transparency Transparency of the next move. � p � rZblkans Definition � � opopZpop 0ZnZ0Z0Z Transparency is the state when every ☎ ✌ Z0Z0o0Z0 party in the target group possesses 0Z0ZPZ0Z perfect knowledge about the Z0Z0ZNZ0 observable of interest. In other POPO0OPO SNAQJBZR words, no party in the target group could learn any information (in � Shannon’s sense) about the observable of interest. knowledge Reference. Shannon, C. E.: A mathematical theory of communications. Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

  13. ✄ � � � � Transparency Transparency of the next move. � p � � B � rZblkans Definition � � opopZpop 0ZnZ0Z0Z Transparency is the state when every ☎ ✌ Z0Z0o0Z0 party in the target group possesses 0Z0ZPZ0Z perfect knowledge about the Z0Z0ZNZ0 observable of interest. In other POPO0OPO SNAQJBZR words, no party in the target group could learn any information (in � Shannon’s sense) about the observable of interest. knowledge Reference. Shannon, C. E.: A mathematical theory of communications. Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

  14. � � � � Transparency Transparency of the next move. � p � � B � rZblkans Definition � � opopZpop 0ZnZ0Z0Z Transparency is the state when every ☎ ✌ Z0Z0o0Z0 party in the target group possesses 0Z0ZPZ0Z perfect knowledge about the Z0Z0ZNZ0 observable of interest. In other POPO0OPO SNAQJBZR words, no party in the target group ✄ could learn any information (in B � Shannon’s sense) about the information observable of interest. knowledge oracle Reference. Shannon, C. E.: A mathematical theory of communications. Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

  15. � � � � Transparency Transparency of the next move. � B � � B � rZblkans Definition � � opopZpop 0ZnZ0Z0Z Transparency is the state when every ☎ ✌ Z0Z0o0Z0 party in the target group possesses 0Z0ZPZ0Z perfect knowledge about the Z0Z0ZNZ0 observable of interest. In other POPO0OPO SNAQJBZR words, no party in the target group ✄ could learn any information (in B B Shannon’s sense) about the zero information observable of interest. knowledge oracle Reference. Shannon, C. E.: A mathematical theory of communications. Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

  16. � � � � Transparency Transparency of the next move. � B � � B � rZblkans Definition � � opopZpop 0ZnZ0Z0Z Transparency is the state when every ☎ ✌ ZBZ0o0Z0 party in the target group possesses 0Z0ZPZ0Z perfect knowledge about the Z0Z0ZNZ0 observable of interest. In other POPO0OPO SNAQJ0ZR words, no party in the target group ✄ could learn any information (in B B Shannon’s sense) about the zero information observable of interest. knowledge oracle Reference. Shannon, C. E.: A mathematical theory of communications. Bell System T echnical Journal 27, 379–423, 623–656 (1948). stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 4 / 7

  17. Privacy p. data · · · Definition CSP 2 · · · p. data · · · · · · Privacy is the right of individuals to user CSP 1 · · · · · · · · · control the flow and use of their CSP n · · · p. data · · · personal data. subcontracting subcontracting requires informed decisions about CSP 1 CSP 2 CSP 3 data disclosure, PIA PIA PIA data storage, and dependency dependency data processing, resolution resolution and their enforcement. Reference. EU: Data Protecting Directive 95/46/EC. . stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 5 / 7

  18. Conclusions Accountability for end-users. Challenges. accountability: composing Definition privacy and transparency. A data controller is accountable, if the cloud doesn’t make that privacy breaches are transparent to challenge easier. the respective data subjects and the solutions exist for accountability data controller is sanctioned and/or where privacy is end-user control. the data subject is compensated in hard conflicts between case of privacy breaches. transparency and privacy when privacy is confidentiality. stefan berthold <stefan.berthold@kau.se> crime and punishment in the cloud tafc workshop, málaga, spain, 6th june 2013 6 / 7

Recommend


More recommend