Trusting privacy in the cloud

Cloud computing technologies have the potential to increase innovation and economic growth considerably. But many users worry that data in the cloud can be accessed by others, thereby damaging the data owner. Consequently, they do not use cloud technologies up to the efficient level. I design an institution that attenuates this problem. The scheme is built around a private, nonprofit organization called cloud association, which is governed by representatives of both cloud service providers and users, and which sources the actual auditing and certification tasks out to independent certifiers. I show how this institution incentivizes providers to produce high data security, and users to trust them and pay a premium for their services. The cloud association simultaneously solves providers’ adverse selection problem and certifiers’ moral hazard problem. By credibly implementing certified/not certified decisions, it drastically reduces the technological complexity faced by users, which boosts trust in cloud services.

[1]  George A. Akerlof The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .

[2]  Benjamin Edelman,et al.  Adverse selection in online "trust" certifications and search results , 2011, Electron. Commer. Res. Appl..

[3]  Avinash Dixit,et al.  Governance Institutions and Economic Activity , 2009 .

[4]  Alexandre de Corniere,et al.  Online Advertising and Privacy , 2014 .

[5]  Chrysanthos Dellarocas,et al.  The Digitization of Word-of-Mouth: Promise and Challenges of Online Feedback Mechanisms , 2003, Manag. Sci..

[6]  Jean-Charles Rochet,et al.  Rating the raters: Are reputation concerns powerful enough to discipline rating agencies?☆☆☆ , 2009 .

[7]  Terrence August,et al.  Cloud Implications on Software Network Structure and Security Risks , 2014, Inf. Syst. Res..

[8]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[9]  Ramnath K. Chellappa,et al.  Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma , 2005, Inf. Technol. Manag..

[10]  Roland Strausz,et al.  Honest certification and the threat of capture , 2005 .

[11]  H. Rao The Social Construction of Reputation: Certification Contests, Legitimation, and the Survival of Organizations in the American Automobile Industry: 1895–1912 , 1994 .

[12]  O. Williamson The Lens of Contract: Private Ordering , 2002 .

[13]  Jens Pr Business Associations and Private Ordering , 2012 .

[14]  C. Shapiro,et al.  Equilibrium Unemployment as a Worker Discipline Device , 1984 .

[15]  D. Hambrick,et al.  Upper Echelons: The Organization as a Reflection of Its Top Managers , 1984 .

[16]  Bart J. Bronnenberg,et al.  A Spatiotemporal Analysis of the Global Diffusion of ISO 9000 and ISO 14000 Certification , 2007, Manag. Sci..

[17]  Luís M. B. Cabral,et al.  The Dynamics of Seller Reputation: Evidence from Ebay , 2006 .

[18]  Jens Prüfer,et al.  Faithful Strategies: How Religion Shapes Nonprofit Management , 2014, Manag. Sci..

[19]  M. Spence Job Market Signaling , 1973 .

[20]  O. Williamson Comparative Economic Organization: The Analysis of Discrete Structural Alternatives , 1994 .

[21]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[22]  Curtis R. Taylor Consumer Privacy and the Market for Customer Information , 2004 .

[23]  Wolter Pieters,et al.  Privacy Penetration Testing: How to Establish Trust in Your Cloud Provider , 2012, European Data Protection.

[24]  M. Culnan,et al.  Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation , 1999 .

[25]  H. Varian,et al.  Conditioning Prices on Purchase History , 2005 .

[26]  Intermediaries, Credibility and Incentives to Collude , 2011 .

[27]  Mara Lederman,et al.  Contract Form and Technology Adoption in a Network Industry , 2013 .

[28]  Credit rating initiation and accounting quality for emerging-market firms , 2013 .

[29]  Charles J. Corbett,et al.  The Financial Impact of ISO 9000 Certification in the United States: An Empirical Analysis , 2005, Manag. Sci..

[30]  Chong Liu,et al.  More Trusting, Less Trust? An Investigation of Early E-Commerce in China , 2013 .

[31]  David M. Rahman But Who Will Monitor the Monitor , 2012 .

[32]  Jens Prüfer,et al.  Business Associations and Private Ordering , 2012 .

[33]  Petra Christmann,et al.  Firm self-regulation through international certifiable standards: determinants of symbolic versus substantive implementation , 2006 .

[34]  Jens Prufer,et al.  Consumers' Privacy Choices in the Era of Big Data , 2018, Games Econ. Behav..

[35]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[36]  A. Shaked,et al.  Relaxing price competition through product differentiation , 1982 .

[37]  Avinash Dixit,et al.  Trade Expansion and Contract Enforcement , 2003, Journal of Political Economy.

[38]  Chrysanthos Dellarocas,et al.  The Sound of Silence in Online Feedback: Estimating Trading Risks in the Presence of Reporting Bias , 2006, Manag. Sci..

[39]  Avi Goldfarb,et al.  Shifts in Privacy Concerns , 2011 .

[40]  Ramon Casadesus-Masanell,et al.  Competing with Privacy , 2015, Manag. Sci..

[41]  Alessandro Pavan,et al.  On the Optimality of Privacy in Sequential Contracting , 2006, J. Econ. Theory.

[42]  Aseem Prakash,et al.  Information Asymmetries as Trade Barriers: ISO 9000 Increases International Commerce. , 2009 .

[43]  R. Hinde,et al.  Governing the Commons: The Evolution of Institutions for Governing the Commons: The Evolution of Institutions for Collective Action Collective Action , 2010 .

[44]  Avi Goldfarb,et al.  Privacy Regulation and Market Structure , 2013 .

[45]  N. Persico The Political Economy of Occupational Licensing Associations , 2015 .

[46]  Rebecca Henderson,et al.  Relational Contracts and Organizational Capabilities , 2011, Organ. Sci..

[47]  Benno Buehler,et al.  Certification and Minimum Quality Standards When Some Consumers are Uninformed , 2012 .

[48]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[49]  Huseyin Cavusoglu,et al.  Outsourcing Information Security: Contracting Issues and Security Implications , 2014, WEIS.

[50]  Jens Prüfer,et al.  Trade Associations, Lobbying, and Endogenous Institutions , 2015 .

[51]  Jens Prüfer,et al.  How to Govern the Cloud? Characterizing the Optimal Enforcement Institution that Supports Accountability in Cloud Computing , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[52]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[53]  Barry R. Weingast,et al.  Coordination, Commitment, and Enforcement: The Case of the Merchant Guild , 1994, Journal of Political Economy.

[54]  S. Masten,et al.  On the Evolution of Collective Enforcement Institutions: Communities and Courts , 2014, The Journal of Legal Studies.

[55]  Lars Wächter,et al.  Akerlof, George A. , 2020, Ökonomen auf einen Blick.

[56]  Christina Aperjis,et al.  Optimal Windows for Aggregating Ratings in Electronic Marketplaces , 2010, Manag. Sci..

[57]  Christopher Soghoian,et al.  Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era , 2009, J. Telecommun. High Technol. Law.

[58]  J. Ganuza,et al.  Product Liability versus Reputation , 2016 .

[59]  Chrysanthos Dellarocas,et al.  Cooperation Without Enforcement? A Comparative Analysis of Litigation and Online Reputation as Quality Assurance Mechanisms , 2003, ICIS.

[60]  Lingfang Li,et al.  Money Talks: Rebate Mechanisms in Reputation System Design , 2010, Manag. Sci..