cations, and might not require a great
deal of processing to be performed on
the server side. In that case, encrypting
the data before sending it to the cloud
may be realistic. It would require keys
to be managed and shared among users in a practical and efficient way, and
the necessary computations to be done
in a browser plug-in. It is worthwhile to
investigate whether this arrangement
could work for conference management software.
between experiences, people,
and technology, showcasing
emerging innovations and industry
In most countries, legislation exists
to govern the protection of personal
data. In the U.K., the Data Protection
Act is based on eight principles, including the principle that personal data is
obtained only for specified purposes
and is not processed in a manner incompatible with the purposes; and the
principle that the data is not kept longer than is necessary for the purposes.
EasyChair is hosted in the U.K., but the
lack of an accessible purpose statement or evidence of registration under
the Act mean I was unable to determine whether it complies with the legislation. The Data Protection Directive
of the European Union embodies similar principles; personal data can only
be processed for specified purposes
and may not be processed further in a
way incompatible with those purposes.
Processing encrypted data in the
cloud. Policies are a first step, but
alone they are insufficient to prevent
cloud service providers from abusing
the data entrusted to them. Current
research aims to develop technologies
that can give users guarantees that the
agreed policies are adhered to. The following descriptions of research directions are not exhaustive or complete.
Progress has been made in encryption systems that would allow users to
upload encrypted data, and allow the
service providers to perform computations and searches on the encrypted
data without giving them the possibility of decrypting it. Although such encryption has been shown possible in
principle, current techniques are very
expensive in both computation and
bandwidth, and show little sign of becoming practical. But the research is
ongoing, and there are developments
all the time.
Hardware-based security initiatives
such as the Trusted Platform Module
and Intel’s Trusted Execution Technology are designed to allow a remote user
to have confidence that data submitted
to a platform is processed according to
an agreed policy. These technologies
could be leveraged to give privacy guarantees in cloud computing in general,
and conference management software
in particular. However, significant research will be needed before a usable
system could be developed.
Certain cloud computing applications may be primarily storage appli-
Many people with whom I have discussed these issues have argued that
the professional honor of data custodians (and PC chairs and PC members) is
sufficient to guard against the threats
I have described. Indeed, adherence
by professionals to ethical behavior is
essential to ensure all kinds of confidentiality. In practice, system administrators are able to read all the organization’s email, and medical staff can
browse celebrity health records; we
trust our colleagues’ sense of honor to
ensure these bad things don’t happen.
But my standpoint is that we should
still try to minimize the extent to which
we rely on people’s sense of good behavior. We are just at the beginning of
the digital era, and many of the solutions we currently accept won’t be considered adequate in the long term.
The issues raised about cloud-computing-based conference management systems are replicated in
numerous other domains, across all
sectors of industry and academia. The
problem of accumulations of data on
servers is very difficult to solve in any
generality. The particular instance
considered here is interesting because
it may be small enough to be solvable,
and it is also within the control of the
academic community that will directly
benefit—or suffer—according to the
solution we adopt.
Mark D. Ryan ( M.D.Ryan@cs.bham.ac.uk) is Professor
in Computer Security and EPSRC Leadership Fellow
in the School of Computer Science at the University of
Many thanks to the Communications reviewers for
interesting and constructive comments. I also benefited
from discussions with many colleagues at Birmingham,
and also in the wider academic research community.
Thanks to Henning Schulzrinne, administrator of EDAS, for
comments and clarifications. Drafts of this Viewpoint were
sent to Andrei Voronkov, the Easychair administrator, but
he did not respond.
Copyright held by author.