Anonymity and Accountability in Self-OrganizingElectronic CommunitiesCsilla FarkasInformation Security LaboratoryDept. of Computer Science and EngineeringUniversity of South Carolina, SC, [email protected]´abor ZieglerHigh Speed Networks LaboratoryDept. of Telecommunication & TelematicsBp. Univ. of Techn. and Economics, [email protected] MereteiNeural Information Processing GroupDepartment of Information SystemsE¨otv¨os Lor´and University, Budapest, [email protected]´as L¨orincz∗Neural Information Processing GroupDepartment of Information SystemsE¨otv¨os Lor´and University, Budapest, Hungary+36-1-209-0555/[email protected] this paper we study the problem of anonymity versus account-ability in electronic communities. We argue that full anonymitymay present a security risk that is unacceptable in certain appli-cations; therefore, anonymity and accountability are both needed.To resolve the inherent contradiction between anonymity and ac-countability in a flexible manner, we introduce the concepts of in-ternal and external accountabilities. Intuitively, internal account-ability applies to virtual users only, and is governed by the policyof a group (a community). In contrast, external accountability isneeded to address issues related to misuse if the activity is to be pe-nalized in real life according to internal rules or external laws. Weprovide a set of protocols to ensure that users’ virtual and real iden-tities cannot be disclosed unnecessarily, and allow users to monitorthe data collected about them as well as to terminate their member-ship (both real and virtual) under certain conditions. We developa general conceptual model of electronic Editorial Board (e-EB).In our thinking, there are deep connections between anonymityand self-organization. In turn, the concept of self-organizing e-EB (SO-eEB) is introduced here, and a robotic example is pro-vided. Finally, SO-eEB is specialized to Anonymous and Account-able Self-Organizing Communities (A2SOCs), that fully supportsinternal and external accountability while providing anonymity.Categories and Subject DescriptorsC.2.0 [General]: Security and protection; K.4.3 [Computer andSociety]: Organizational Impacts—Computer supported collabo-rative work∗Corresponding authorPermission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.WPES’02, November 21, 2002, Washington, DC, USA.Copyright 2002 ACM 1-58113-633-1/02/0011 ...$5.00.General TermsAlgorithms, Security, Privacy, Human Factors, Legal AspectsKeywordsaccountability, anonymity, authentication, privacy, self-organizingcommunity1. INTRODUCTIONRapid development of Internet technologies increases the use ofthis unique medium for collaboration. Efforts to provide interoper-ability focus mainly on enabling collaboration and privacy protec-tion. Nevertheless, reputation management and accountability arealso in demand. Recently, several works have emerged that addressthese latter problems (see [1, 8, 13, 19, 2, 31, 29] for representativeexamples). In this paper we focus on issues related to anonymity.We argue that total anonymity and unlinkability may lead to in-creased misuse by anonymous users. Furthermore, profit or rewarddriven applications cannot be maintained without the users beingresponsible for their actions. Accountable anonymity, ensuring thata virtual user’s real identity cannot be disclosed unnecessarily, is inneed.Current technologies that provide full anonymity lack account-ability, thus the possibility of misuse and the lack of controllabilityexist. Clearly, there is a trade-off between anonymity and control-lability; however, there is a set of applications, where these contra-dictory concepts are both needed. One example is the co-operationbetween clinical practitioners, who would need to share some oftheir patients’ data. These data accesses may be governed by par-ticular requirements, like (i) Personal data of the patient can not bedisclosed and (ii) personal data of the person who has access to thepersonal data of a patient can not be disclosed.Works presented by [4, 10, 25, 30] are the closest to ours inthat they address the problem of accountable anonymity. However,their solutions are based on fully trusted mediators (e.g., certificateauthority, customer care agency, etc.), thus increasing the possibil-ity of abuse if this mediator is compromised. Furthermore, theyonly provide one layer of anonymity in which the need to vali-date whether two virtual entities belong to the same real user (i.e.,81they are linked) requires the disclosure of the real user’s identity.Finally, they do not allow users to monitor their personal data orterminate their personal records if they do not want to participatein a given community any longer. We believe that providing thesefeatures would increase the confidence in the privacy protectionprovided by a system. In our example provided above, protectionof the patient is targeted.In this paper we address the above shortcomings and provide so-lutions in a common framework. In particular, we study the func-tionality, accountability and anonymity needs of cooperating andself-organizing communities. It has been shown [17] that indi-vidual entities of such communities can be more effective at cer-tain tasks (such as information harvesting from the Internet) thana single centralized entity. There are numerous examples of self-organizing collaborating groups, including software developers [24],experts of non-governmental organizations (NGOs), stock-exchangeday-traders, and clinical practitioners.Cooperation is crucial for these groups, while unidentifiability(such as anonymity, or pseudonymity) and accountability must besupported. We propose a two-layered approach to address the ac-countability requirements: the concept of distinguishing betweeninternal and external accountability.1. We speak of internal accountability when the virtual (pseudo-nym1) member of a group is identifiable within the group andcan be held responsible for his/her actions according to the“ethic”, or policy of the
View Full Document