HTTPa: Accountable HTTP

Most discussions of Internet privacy, both policy and technology, tend to assume Alan Westin’s perspective [20], which defines privacy as the ability for people to determine for themselves “when, how, and to what extent, information about them is communicated to others”. However, this focus on controlling information access has been found to be flawed [7]. This year’s technology press is filled with announcements by social networking sites about their new privacy controls, i.e. new ways for users to define access rules [18, 22]; followed by embarrassment when the choices prove to be inadequate or too complex for people to deal with [16, 21, 15, 5, 12]. Even when access control systems are successful in restricting access to particular users, they are ineffective as privacy protection for systems like the World Wide Web, where it is easy to copy or aggregate information. These days, it is also possible to infer sensitive information such as social security numbers (SSN) [11], political affiliations [10], and even sexual orientation [6] from publicly available information. Another problem with using up-front access control systems is that it is the users’ responsibility to define and maintain their privacy policies in every domain they participate in. Lastly, in a pure access restriction system, those who obtain access to the data, legitimately or not, can use the data without restriction. Instead of enforcing privacy policies through restricted access, we suggest using “information accountability”. Weitzner et al define information accountability in terms of usage–when information has been used, it should be possible to determine whether the usage was appropriate, identify the violator and hold him accountable [19]. Lampson argues that to be practical, accountability needs an ecosystem that makes it easy for senders to become accountable and the receivers to demand it [9]. In our accountability research, we focus on helping users conform to policies by making them aware of the usage restrictions associated with the data [14, 8] and helping them understand the implications of their actions and of violating the policy, and encouraging transparency and accountability in how user data is collected and used. In this position paper, we discuss our ideas on adding accountability to the HTTP protocol level. By adding policy-awareness, negotiation of access and usage restrictions, and logging of the access and intent directly into this protocol, we hope to make it easier for Web users to track how their data was used and identify inappropriate usage.