Trust in ICT: Towards a common understanding - notes from the meeting "In ICT we trust?"
On 29 June 2018, the University of Graz organised a workshop gathering some sister projects for the H2020 DS-01 call. TRUESSEC.eu, SCOTT, CANVAS, euSEC and TITANIUM projects' representatives shared their viewpoints on Trust in ICT. These personal notes summarise some of the main topics...
Monday, September 3, 2018 - 10:46
- TRUESSEC.eu is well aligned with the SCOTT and CANVAS projects in the definition of high-level desired properties / values (even if slightly different).
- There are trade-offs in the set of project values -> You cannot have them all.
- Context matters and must be considered to fine-tune the trust decision.
- Values set the grounds for trust -> Design should deliver that:
- Through transparency-by-design -> Embed transparency in the design to be perceived by the users (difficult to achieve);
- With labels (and certification) -> When the former fails you need labels to deliver that trust and let users know what's behind the product;
- Personal agents might be required to make things even simpler to users, in order to match and balance all values-context-designs.
As for the specific projects:
- This project focuses on trustable (trustworthy?) wireless systems (IoT?) taking a human-center design perspective (usability + UX).
- They have identified a set of high-level trust factors, similar to the TRUESSEC.eu technical attributes that map to the core areas (security, safety, privacy, usability...).
- They are working on how to translate the high-level factors into designs -> Are they also assessing / validating the outcomes? This might become a methodlogical recommendations for self-assessment of technical designs.
- Context matters, and they have introduced this as 'calibrated trust' -> Humans calibrate their trust depending on the interaction context (e.g. because the perceived risk for the task at hand is different).
- Transparency is a key enabler for trust.
- This project focuses on multi-party certifications, i.e. how different certification schemes can interoperate so as to allow an organizaion certified by scheme A to also gain certification by scheme B by demonstrating they have met the gaps between A and B (and without needing to go through the whole certification process for scheme B).
- They introduce the topic of continuos auditing, though there is no results for the time being in this area.
- The relation between EU-SEC and TRUESSEC.eu is not clear, as EU-SEC focusses on certification (certification & audits targeting B2B) and TRUESSEC.eu focusses on labels (self-assessment targeting B2C).
- This project is a multi-disciplinary EU Coordination and Support Action focused on value-driven cybersecurity. The project has identified a set of 'desiderata': high-level goals to achieve, close to the TRUESSEC.eu core areas of trustworthiness, e.g. beneficence, autonomy, justice or non-maleficence. They seem to focus on the trade-offs among these and the need to make choices, as well as how to design for these properties.
- Although they identify a set of core areas of trustworthiness, they seem to focus on design aspects, and not that much on assessment or how to deliver trust to users.
- During this presentation we discussed over the value of 'transparency' and whether too much transparency may lead to false sense of trust, as humans have limited capacity to assess huge amounts of information. In this regard, the development of personal agents may support humans in taking decisions by assessing different factors and providing simplified outputs (as a label does, but dynamically). Somehow this idea is explored in the paper 'Designing ethical personal agents' by N. Ajmeri et al., where the trade-offs in ethical values are analyzed. We should consider whether this idea should be the basis for the TRUESSEC.eu roadmap to be delivered as Task 7.5.
- Finantial transactions analysis (virtual currencies) for policy enforcements.
- Difficult to appreciate a close relationship with TRUESSEC.eu, but for the definition of a set of high-level goals.