Categorizing, Analyzing, and Managing Third Party Trust
25 Pages Posted: 3 May 2016 Last revised: 30 Sep 2016
Date Written: April 30, 2016
The modern computing ecosystem requires users to trust a variety of third parties to complete even the most basic of digital tasks. From system administers to service providers to device manufactures, which third parties computer users must trust and the capabilities with which they must trust them is a critical component underpinning the privacy and security of our digital data. The rise of the “cloud” as the preferred platform for most modern computing applications makes questions of trust even more complicated and pressing. A lack of understanding or misplacement of such trust has the potential to lead to data leaks, questionable surveillance practices, and a wide range of related privacy-harming events.
It is thus desirable from a public policy perspective to help individuals understand and control third party trust and to minimize the likelihood of such trust being violated. Toward these ends, this paper presents a model for describing third party trust and the likelihood of trust violations. It applies this model to analyze the nature of third party trust across of a variety of popular cloud services and uses it to categorize the common manners in which third parties violate this trust. Finally, this paper presents a number of proposed techniques, both technological and policy-based, to minimize the degree of trust users must place in third parties as well as to decrease the likelihood of violation of this trust.
This paper has been endorsed for submission to the TPRC 2016 student paper competition by Prof. Dirk Grunwald of the Dept. of Computer Science, University of Colorado, Boulder.
Keywords: Security, Privacy, Trust, Cloud Computing, Third Party, Trusted Third Party, SSaaS
Suggested Citation: Suggested Citation