Categorizing, Analyzing, and Managing Third Party Trust

25 Pages Posted: 3 May 2016 Last revised: 30 Sep 2016

See all articles by Andy Sayler

Andy Sayler

affiliation not provided to SSRN

Date Written: April 30, 2016


The modern computing ecosystem requires users to trust a variety of third parties to complete even the most basic of digital tasks. From system administers to service providers to device manufactures, which third parties computer users must trust and the capabilities with which they must trust them is a critical component underpinning the privacy and security of our digital data. The rise of the “cloud” as the preferred platform for most modern computing applications makes questions of trust even more complicated and pressing. A lack of understanding or misplacement of such trust has the potential to lead to data leaks, questionable surveillance practices, and a wide range of related privacy-harming events.

It is thus desirable from a public policy perspective to help individuals understand and control third party trust and to minimize the likelihood of such trust being violated. Toward these ends, this paper presents a model for describing third party trust and the likelihood of trust violations. It applies this model to analyze the nature of third party trust across of a variety of popular cloud services and uses it to categorize the common manners in which third parties violate this trust. Finally, this paper presents a number of proposed techniques, both technological and policy-based, to minimize the degree of trust users must place in third parties as well as to decrease the likelihood of violation of this trust.

This paper has been endorsed for submission to the TPRC 2016 student paper competition by Prof. Dirk Grunwald of the Dept. of Computer Science, University of Colorado, Boulder.

Keywords: Security, Privacy, Trust, Cloud Computing, Third Party, Trusted Third Party, SSaaS

Suggested Citation

Sayler, Andy, Categorizing, Analyzing, and Managing Third Party Trust (April 30, 2016). TPRC 44, 2016. Available at SSRN:

Andy Sayler (Contact Author)

affiliation not provided to SSRN

Register to save articles to
your library


Paper statistics

Abstract Views
PlumX Metrics