Association for Computing Machinery
The authors posit that access control, the dominant model for modeling and managing privacy in today's online world, is fundamentally inadequate. With access control, users must a priori specify precisely who can or cannot access information by enumerating users, groups, or roles - a task that is difficult to get right. Access control fails to separate who can access information from who actually does, because it ignores the difficulty of finding information. Access control does not capture if and how a person who has access to some information redistributes that information. Access control fails to account for information that can be inferred from other, public information.