The standard technical approach to privacy and security in online life is preventive: Before someone can access confidential data or take any other action that implicates privacy or security, he should be required to prove that he is authorized to do so. As the scale and complexity of online activity has grown, it has become apparent that the preventive approach is inadequate; thus, a growing set of information-security researchers has embraced greater reliance on accountability mechanisms to complement preventive measures. Despite widespread agreement that “accountability” is important in online life, the term has no standard definition. We make three contributions to the study of accountability: (1) We flesh out with realistic examples our claim that a purely preventive approach to security is inadequate; (2) We present, compare, and contrast some existing formal frameworks for accountability; (3) We explore the question of whether "deterrence" may be a better general term in this context than "accountability".