Information Accountability
Communications of the ACM (06/08) Vol. 51, No. 6, P. 82; Weitzner, Daniel J.; Abelson, Harold; Berners-Lee, Tim
Accountability for the misuse of personal information must be enforced by systems and statutes, as the openness of the information environment makes protection via encryption and access control impossible. "Information accountability means the use of information should be transparent so it is possible to determine whether a particular use is appropriate under a given set of rules and that the system enables individuals and institutions to be held accountable for misuse," write the authors. Rules are needed, both in the United States and internationally, to address the permissible use of certain types of information, in addition to simple access and collection restrictions. The authors say that the information-accountability framework is more reflective of the relationship between the law and human behavior than the various initiatives to enforce policy compliance via access control over information. Supporting information accountability requires a technical architecture that features policy-aware transaction logs, a common framework for representing policy rules, and policy-reasoning tools. "One possible approach to designing accountable systems is to place a series of accountable appliances throughout the system that communicate through Web-based protocols," the authors suggest. The authors conclude that perfect compliance should not be the standard for evaluating laws and systems that aid the enforcement of information accountability. "Rather we should ask how to build systems that encourage compliance and maximize the possibility of accountability for violations," they write.
Click Here to View Full Article - Web Link to Publication Homepage
No comments:
Post a Comment