Many access control systems, particularly those utilized in hospital environments, exercise optimistic security, because preventing access to information may have undesirable consequences. However, in the wrong hands, these over-broad permissions may result in privacy violations. To circumvent this issue, we have developed Privacy Enabling Transparent Systems (PETS) that makes transparency a key component in systems architectures. PETS is built on open web standards and introduces the

more »

... Tracking Network (PTN), an open global trusted network of peer servers, to the traditional web stack. Websites that conform to the architecture communicate information about transactions for any sensitive data items with the PTN. These usage logs are stored in a decentralized manner and can later be queried to check compliance with individual usage restrictions that assert no unauthorized data transfer or usage has taken place. PETS enables data consumers to be transparent with regard to data usages and determine if there has been privacy violations after the fact. We conducted a user study on a healthcare information application built using PETS to see if transparency on access and usage data satisfies expectations of user privacy.