Inferring Accountability from Trust Perceptions

  • Koen Decroix
  • Denis Butin
  • Joachim Jansen
  • Vincent Naessens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8880)

Abstract

Opaque communications between groups of data processors leave individuals out of touch with the circulation and use of their personal information. Empowering individuals in this regard requires supplying them — or auditors on their behalf — with clear data handling guarantees. We introduce an inference model providing individuals with global (organization-wide) accountability guarantees which take into account user expectations and varying levels of usage evidence, such as data handling logs. Our model is implemented in the IDP knowledge base system and demonstrated with the scenario of a surveillance infrastructure used by a railroad company. We show that it is flexible enough to be adapted to any use case involving communicating stakeholders for which a trust hierarchy is defined. Via auditors acting for them, individuals can obtain global accountability guarantees, providing them with a trust-dependent synthesis of declared and proven data handling practices for an entire organization.

Keywords

Accountability IDP Trust Privacy Surveillance 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    PrivAcy pReserving Infrastructure for Surveillance (PARIS), http://www.paris-project.org
  2. 2.
    Bella, G., Paulson, L.C.: Accountability Protocols: Formalized and Verified. ACM Trans. Inf. Syst. Secur. 9(2), 138–161 (2006)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Yee, B.S.: Forward Integrity for Secure Audit Logs. Tech. rep., University of California at San Diego (1997)Google Scholar
  4. 4.
    Butin, D., Chicote, M., Le Métayer, D.: Log Design for Accountability. In: 2013 IEEE Security & Privacy Workshop on Data Usage Management, pp. 1–7. IEEE Computer Society (2013)Google Scholar
  5. 5.
    Butin, D., Le Métayer, D.: Log Analysis for Data Protection Accountability. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 163–178. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  6. 6.
    Bennett, C.J.: Implementing Privacy Codes of Practice. Canadian Standards Association (1995)Google Scholar
  7. 7.
    De Hert, P.: Accountability and System Responsibility: New Concepts in Data Protection Law and Human Rights Law. In: Managing Privacy through Accountability, pp. 193–232. Palgrave Macmillan (2012)Google Scholar
  8. 8.
    De Pooter, S., Wittocx, J., Denecker, M.: A Prototype of a Knowledge-based Programming Environment. In: Proceedings of the 19th International Conference on Applications of Declarative Programming and Knowledge Management (INAP 2011), pp. 191–196 (2011)Google Scholar
  9. 9.
    Decroix, K., Lapon, J., De Decker, B., Naessens, V.: A Formal Approach for Inspecting Privacy and Trust in Advanced Electronic Services. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 155–170. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. 10.
    Decroix, K., Lapon, J., De Decker, B., Naessens, V.: A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services. In: Bagchi, A., Ray, I. (eds.) ICISS 2013. LNCS, vol. 8303, pp. 106–120. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Denecker, M.: A Knowledge Base System Project for FO(.). In: Hill, P.M., Warren, D.S. (eds.) ICLP 2009. LNCS, vol. 5649, p. 22. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    European Commission: Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), inofficial consolidated version after LIBE committee vote (2013)Google Scholar
  13. 13.
    Gebser, M., Kaufmann, B., Schaub, T.: Conflict-Driven Answer Set Solving: From Theory to Practice. Artif. Intell. 187, 52–89 (2012)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Guagnin, D., Hempel, L., Ilten, C.: Managing Privacy Through Accountability. Palgrave Macmillan (2012)Google Scholar
  15. 15.
    Haeberlen, A.: A Case for the Accountable Cloud. Operating Systems Review 44(2), 52–57 (2010)CrossRefGoogle Scholar
  16. 16.
    The IDP system (2014), http://dtai.cs.kuleuven.be/krr/idp
  17. 17.
    KRR Software: IDP examples (2014), http://dtai.cs.kuleuven.be/krr/software/idp-examples
  18. 18.
    Ierusalimschy, R., de Figueiredo, L.H., Celes, W.: Lua – an extensible extension language. Software: Practice and Experience 26(6), 635–652 (1996)Google Scholar
  19. 19.
    Jackson, D.: Alloy: A Lightweight Object Modelling Notation. ACM Transactions on Software Engineering and Methodology (TOSEM 2002) 11(2), 256–290 (2002)CrossRefGoogle Scholar
  20. 20.
    Jackson, D.: Alloy: a language & tool for relational models (2012), http://alloy.mit.edu/alloy/
  21. 21.
    Lee, L., Grimson, W.E.L.: Gait Analysis for Recognition and Classification. In: IEEE International Conference on Automatic Face and Gesture Recognition, pp. 148–155 (2002)Google Scholar
  22. 22.
    Leone, N., Pfeifer, G., Faber, W., Eiter, T., Gottlob, G., Perri, S., Scarcello, F.: The DLV system for knowledge representation and reasoning. ACM Trans. Comput. Log. 7(3), 499–562 (2006)CrossRefMathSciNetGoogle Scholar
  23. 23.
    Mecocci, A., Pannozzo, M., Fumarola, A.: Automatic detection of anomalous behavioural events for advanced real-time video surveillance. In: IEEE International Symposium on Computational Intelligence for Measurement Systems and Applications (CIMSA 2003), pp. 187–192 (2003)Google Scholar
  24. 24.
    Organisation for Economic Co-operation and Development: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980)Google Scholar
  25. 25.
    Raab, C.: The Meaning of ‘Accountability’ in the Information Privacy Context. In: Managing Privacy through Accountability, pp. 15–32. Palgrave Macmillan (2012)Google Scholar
  26. 26.
    Van Gelder, A., Ross, K.A., Schlipf, J.S.: The Well-Founded Semantics for General Logic Programs. Journal of the ACM 38(3), 620–650 (1991)CrossRefMATHMathSciNetGoogle Scholar
  27. 27.
    Viola, P., Jones, M.: Robust Real-Time Face Detection. International Journal of Computer Vision 57(2), 137–154 (2004)CrossRefGoogle Scholar
  28. 28.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)CrossRefGoogle Scholar
  29. 29.
    Wittocx, J., Mariën, M., Denecker, M.: The IDP system: A model expansion system for an extension of classical logic. In: Denecker, M. (ed.) Proceedings of the 2nd Workshop on Logic and Search, Logic and Search, pp. 153–165. ACCO (2008)Google Scholar
  30. 30.
    Wright, D., de Hert, P.: Introduction to Privacy Impact Assessment. In: Wright, D., Hert, P. (eds.) Privacy Impact Assessment, pp. 3–32. Springer (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Koen Decroix
    • 1
  • Denis Butin
    • 2
  • Joachim Jansen
    • 3
  • Vincent Naessens
    • 1
  1. 1.Technology Campus Ghent, Department of Computer ScienceKU LeuvenGhentBelgium
  2. 2.InriaUniversité de LyonFrance
  3. 3.Department of Computer ScienceKU LeuvenBelgium

Personalised recommendations