Crime and Punishment in the Cloud - Accountability, Transparency, and Privacy
The goal of this work is to reason on the complexity of the relationship between three non-functional requirements in cloud computing; privacy, accountability, and transparency. We provide insights on the complexity of this relationship from the perspectives of end-users, cloud service providers, and third parties, such as auditors. We shed light on the real and perceived conflicts between privacy, transparency, and accountability, using a formal definition of transparency and an analysis on how well a privacy-preserving transparency-enhancing tool may assist in achieving accountability. Furthermore, we highlight the importance of the privacy impact assessment process for the realisation of both transparency and accountability.
Berthold S., Fischer-Hubner S., Martucci L. A., Pulls T,, "Crime and Punishment in the Cloud - Accountability, Transparency, and Privacy", Pre-Proceedings of International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC), Organised by DIMACS/BIC/A4Cloud/CSA UK Chapter and CSA Irish Chapter, June 6 - 7, 2013, Malaga, Spain held in conjunction with 7th IFIP WG 11.11 International Conference on Trust Management, ISSN: 2079-2247.