Hardware-level encryption during processing changes the risk side of the privacy calculus. IS privacy models were built for a world that no longer exists.
The privacy calculus model in IS research has been doing the same thing for almost twenty years. Dinev and Hart (2006) made the mechanism explicit. People weigh perceived benefits against perceived risks when they decide whether to disclose personal information. When the benefit side wins, they share. When the risk side wins, they withhold. The model has generated hundreds of studies and it explains a lot about why people accept cookies, join loyalty programs, or upload health data to fitness apps. But I kept noticing something missing. Both sides of the equation are about what happens before and after processing. The benefit is the service. The risk is what might happen to the stored data later. The actual moment of processing, when a cloud provider's CPU touches your data, is an empty space in the model. That empty space is what confidential computing fills.
Confidential computing uses hardware-based Trusted Execution Environments, or TEEs, to encrypt data while it is being processed, not just while it is stored or in transit. The cloud provider's operating system cannot see the data. The hypervisor cannot see it. Even the system administrator with full root access cannot see it. Only the authorized application code inside the TEE can decrypt and process the data, and the TEE provides cryptographic attestation that the code is exactly what it claims to be. Gartner projects that by 2029, three-quarters of processing in untrusted infrastructure will be secured this way. Whether the exact number holds matters less than what it signals. Data in use is finally being treated as a protection domain, not just a vulnerability window.
The reason this changes the privacy calculus is straightforward. Perceived risk in the Dinev and Hart model includes the possibility that data will be mishandled by the party collecting or processing it. When a hospital sends patient records to a cloud platform for analysis, the risk side of the tradeoff includes the possibility that the provider might access, leak, or misuse the data during computation. That risk perception has been one of the main reasons regulated industries stalled on cloud adoption. Healthcare and financial services knew they could not trust the cloud with data in use because the data had to be decrypted in memory, where the provider could access it. Confidential computing removes that specific risk. The provider cannot access the data even during processing. The perceived risk side of the calculus shrinks, the benefit side stays the same, and the decision tips.
Malhotra et al. (2004) structured privacy concern around three IUIPC dimensions: collection, control, and awareness. Each one shifts when TEEs are in place. Collection risk changes because the data is never visible to the collector in decrypted form; the provider collects encrypted inputs and returns encrypted outputs without ever having a plaintext copy. Control changes because the data owner can specify exactly which code may process the data, and the TEE enforces that boundary at the hardware level, not through a contractual promise. Awareness changes because attestation provides cryptographic proof of the processing conditions, replacing vague privacy policies with verifiable evidence. The dimension that shifts most, I think, is control. IUIPC measures perceived control as a subjective feeling. Confidential computing turns control from a perception into a technical fact. The data owner no longer has to hope the cloud provider will behave. They can verify that the provider cannot behave otherwise, at least for the data inside the TEE. That is a different kind of control from what IUIPC was designed to measure, and it suggests the privacy calculus model needs to account for a new category of risk mitigation that operates at the infrastructure level rather than the decision level.
Leidner and Tona (2021) add a deeper layer through CARE theory. I wrote about this before in CARE Is Not About Privacy, so I will keep the connection brief. CARE frames personal data practices through dignity rather than only through information control. When a cloud provider processes your data in opaque infrastructure that you cannot see or audit, that opacity is an affront. It reduces your agency and recognition because you cannot know what is happening to your data or challenge it. Confidential computing reduces this affront by making the processing attestable. The data owner can ask whether their data ran through the authorized code, and the TEE can answer with a cryptographic signature. In CARE terms, TEEs reduce a specific class of affronts that come from opaque processing by third parties, and that reduction shifts the dignity calculus toward equilibrium. The technology does not fully restore dignity because attestation does not solve every problem a cloud provider might create. But it changes the relationship from blind trust to verifiable processing, and that is a real change.
I also wrote about the privacy calculus itself in The Privacy Paradox Is Rational If You Stop Calling It Irrational. The confidential computing angle extends that argument. The original privacy paradox framing assumed people were irrational because they disclosed data despite expressing concern. The correction is that the calculus is rational when perceived benefits are properly modeled. Confidential computing makes the risk side more transparent, which means the calculus becomes more accurate. The person can now perceive that their data is protected during processing, and that perception correctly reflects the technical reality. That is a better information environment for a rational decision, not a more confused one.
My own view is that confidential computing is the first privacy technology that addresses the data in use gap that IS privacy research has been flagging for years. The APCO model from Smith et al. (2011) maps antecedents to privacy concerns to outcomes, but it treats processing as a black box. The privacy calculus treats processing risk as an aggregate perception. IUIPC measures concern about collection and control without specifying the technical mechanism that makes either one meaningful. All of these models were built in a world where encryption existed only at rest and in transit. Data in use was, by hardware design, unencrypted. That assumption was so fundamental that it never appeared as a boundary condition in the models. The models just assumed that processing meant exposure, because that was the technological reality of the time.
TEEs break that assumption. And I think IS theory needs to catch up. The privacy calculus still works, but it needs an additional variable. The perceived risk side now has a subcomponent that varies independently: processing exposure risk. When a user knows that data is processed inside a TEE, that subcomponent drops to near zero. The overall perceived risk drops proportionally. Collection risk and storage risk remain, because data still enters and leaves the TEE, but the processing window is no longer a vulnerability by default.
The same logic applies to CARE. Leidner and Tona name three forms of dignity: behavioral, meritocratic, and inherent. The affront of opaque processing targets all three. Your behavioral dignity is reduced because you acted to provide data but cannot verify what happened to it. Your meritocratic dignity is reduced because you earned access to a service and the system can still process your data without accountability. Your inherent dignity is reduced because you are treated as a data source rather than as a person with a right to know how your data is used. Confidential computing addresses all three by making processing verifiable. It cannot restore agency around every data practice, but it removes the specific affront of invisible processing, and that removal is a dignity improvement that CARE theory can recognize.
I am not sure the IS field has fully processed what TEEs mean for privacy research. Most privacy papers still treat data in use as a theoretical blind spot, which made sense when there was no technical solution. That blind spot is closing. The models that assumed processing equals exposure need to be updated with a parameter for whether the processing environment provides hardware-enforced confidentiality. The privacy calculus can absorb this change. IUIPC can absorb it. CARE can absorb it. But the models need to be asked to do that work, and I have not seen it happen yet in the published literature.
The privacy calculus has been a stable model for nearly two decades because it captures a real mechanism. People weigh benefits against risks. Confidential computing changes one of the risk components so fundamentally that the equilibrium of the model shifts. The theoretical apparatus is still correct. But the world it describes has changed, and the models need to be re-calibrated to the new technical reality.
About the author
Share
More notes
Related notes