User-driven trustworthiness as a design principle for ICT systems
TRUESSEC.eu is approaching ICT trustworthiness from a Social Sciences and Humanities viewpoint, including experts from Sociology, Ethics, Law and Business. The project is first trying to understand what tensions exist that prevent end-users trust in ICT systems. Following, a set of trustworthiness measures have been identified, described as high-level principles to be met and demonstrated by ICT products and services in order to engender users trust. Among others, these are 6 most relevant trustworthiness properties that ICT systems should expose in order to meet high-level ethical and legal principles satisfying users’ needs:
- Transparency: The ICT product or service is provided in line with information duties regarding personal data processing and the product/service itself.
- Privacy: The ICT product or service allows the user to control access to and use of their personal information and it respects the protection of personal data.
- Anti-bias: The ICT product or service does not include any discriminative practices and biases.
- Autonomy: The ICT product or service gives users the opportunity to make decisions and respects those decisions. The ICT product or service also respects other parties’/persons’ rights and freedoms.
- Respect: ICT products or services are to be provided in accordance with the legitimate expectations related to them.
- Protection: ICT products and services are provided in accordance with safety and cybersecurity standards.
Our vision is that these principles can be (partially) realized by technology. To this end, the abstract, high-level principles need to be operationalized/translated into a set of technical requirements that can be met through designs, and then systematically assured and certified. However, to realize this vision a set of challenges need to be tackled, for which we would like to receive your insight.
For the principles-to-requirements operationalization process:
- Do you think any of those principles cannot be met by technology?
Which and for what reasons?
If you are a technology provider or researcher:
- What high-level principle(s) may your technology contribute to meet? How?
If you are providing an ICT product or service:
- What high-level principles your product/service already satisfies?
- How are you able to demonstrate that?
- For the remaining principles:
- Do you think that any of them may not apply to your product/service?
- What are the barrier your product/service may find to meet the others?
- How can these barriers be mitigated or avoided?
- What would be the required incentives?
Finally, it would be desirable if the products/services that meet these high-level principles can be certified/labelled, so that their users are able to perceive that. In this regard:
- Do you agree that certification represent a better way to certify compliance?
- If yes, do you think that compliance with any of these principles can be assured and certified?
- If not why?