VAMS: Verifiable Auditing of Access to Confidential Data

The sharing of personal data has the potential to bring sub-stantial benefits both to individuals and society, but only if people have confidence that their data will not be used in-appropriately. As more sensitive data is considered for sharing (e.g., communication records and medical records) and used to make important decisions, there is a growing need for transparency in the way that the data is processed, while protecting the privacy of individuals and the integrity of their data. We propose a system, VAMS, which allows individuals to check accesses to their personal data, and enables auditors to detect violations of policy. Furthermore, our system protects the privacy of individuals and organizations, while allowing published statistics to be publicly verified. We demonstrate the practicality of our system with two prototypes, based on Hyperledger Fabric and Trillian.