A dialogue exploring public attitudes towards trust in information communication technologies (ICT). Trustguide's dialogue influenced organizers' (HP, BT) internal practices to address public cyber trust needs and influenced Parliament's personal internet security inquiry.
Problems and Purpose
TrustGuide is a collaborative research project between British Telecom (BT) Group Chief Technology Office Research and Venturing and Hewlett Packard (HP) Labs, partly funded by the DTI Sciencewise programme. The research seeks to build on the previous government-sponsored Foresight project concerned with where responsibilities lie in making our future ICT-enabled world safer. The objectives are:
- To establish a dialogue between those that use and shape technology to enhance cyber trust
- To produce and champion guidelines for those engaged in the research, development, and delivery of ICT on how cyber trust might be enhanced
Trustguide takes a “citizen-centric” approach to understanding the beliefs and needs of users in relation to trust, security and privacy in ICT mediated activities. It has established a dialogue with the public through facilitated focus group discussions among selected groups across the UK. Topics covered in these groups include:
- Trust versus risk
- E-Commerce: Risk and Responsibility
- Factors that impact on risk taking
- Mitigated risk
- ID cards: An aid to security?
- Use of Biometric data
- Privacy and health information
- E-Government and Public Sector IT
- Awareness and education
- Use of public access terminals [2]
The aims of the Sciencewise-funded part of the TrustGuide project were to:
- engage members of the public in ICT issues
- establish a dialogue between those who use and shape technology to enhance cyber trust
- produce and champion guidelines for those engaged in the research, development and delivery of ICT about how cyber trust might be enhanced [1]
Background History and Context
Know what events lead up to this initiative? Help us complete this section!
Organizing, Supporting, and Funding Entities
Cost of project; £140 (Sciencewise contribution £40 000)
Hewlett Packard (HP) and British Telecom (BT) delivered the project with assistance from Plymouth University Information Security & Network Research Group and Knowledge West (UWE Bristol. [3] Sciencewise provided expertise and contributed to the funding of the project.
Sciencewise-ERC
Sciencewise-ERC is a Department for Business, Innovation and Skills funded programme to bring scientists, government and the public together to explore the impact of science and technology in our lives. It helps Government departments and agencies commission and use public dialogue to inform policy making, involving science and technology issues. Its core aim is to develop the capacity of Government to carry out good dialogue, to gather and disseminate good practice, have successful two-way communications with the public and other stakeholders, and to embed the principles of good dialogue into internal Government processes.
Participant Recruitment and Selection
Number of participants: 300 at 29 workshops
The project involved 29 workshops with the following groups:
- Students
- General public
- Farmers
- SMEs
- Expert groups (corporates, academics and researchers engaged in this area)
- ICT novices
- E-Gov service providers
- Schoolchildren
Recruitment for the workshops
The final report describes a number of attempts to recruit participants and makes the following observation:
What is extremely apparent is that ‘cold calling’ and expecting people to want to attend workshops is unlikely to merit much success. Early recruitment attempts that were carried out via postal invitations and similar were not at all successful. Greater successes in recruitment were through the value of viral dissemination and the exploitation of established, or known groups within the population. While the immediate concern with recruitment through personal contacts is the amount of bias in the sample that might result, the viral element that was included meant that while one or two key personnel might be known to one or more of the researchers, the majority were not. [2]
Methods and Tools Used
The engagement process involved:
- semi-structured facilitated workshops employing a mix of ‘hands-on’ experience and discussions based on relevant topic areas
- an online forum enabling groups to comment on the workshop outcomes of other groups
- producing a summary and final report containing recommendations and guidelines highly relevant to Government, industry and the public sector market
The semi-structured discussions were professionally facilitated and covered relevant topic areas that were identified via the outputs of the Foresight project and a wider literature search:
- Awareness and education in ICT-mediated activities
- Establishing identity
- Current and future means of identification and authentication processes (including biometrics and ID cards)
- Identity management, theft, and fraud
- Data storage, collection, security and privacy
- Trust and use of online services including e-Government and e-commerce
- Trust in organisations gathering private data
In addition to the workshops, the project also used a website and online discussion forum to give workshop participants an opportunity to monitor and contribute to the progress of the project. Membership of the forum was restricted to those who had attended a workshop, and typically on-line discussions started where a workshop ended. [2]
What Went On: Process, Interaction, and Participation
Each workshop took the form of an introduction, followed by a demonstration, and finally a focus group discussion that would feed into a living document presenting an appropriate set of recommendations and guidelines.
The workshops addressed the following issues
- Authentication and Identification technologies
- Privacy, Confidentiality and Security of Health Information
- Public Surveillance
- Improving data privacy and security
- Use of public access terminals
- Mobile and location based services
- E-government and public sector IT
- Awareness and education
- School children and Internet Awareness
Key messages from the public
People are willing to take risks online, as long as they are informed, and it is clear how consequences will be addressed. People use specific services not because they trust them, but because they in some way provide a benefit to the individual and they know that if something goes wrong, restitution will be made.
The data collected through Trustguide has enabled the development of a set of guidelines to inform policy making and service development for ICT mediated services.
Influence, Outcomes, and Effects
Key impacts
- "Influenced House of Lords inquiry into personal internet security
- Influenced Lords Constitution Committee on the impact of surveillance and data upon privacy of citizens
- BT and HP project managers presented at industry events in UK, Australia and America
- Led to Trustguide2, funded by HP, involving further public dialogue" [3]
The project revealed core cross-cutting themes and these have been developed into a set of guidelines designed to be accessible to, and used by educators, policy makers and service providers alike. The guidelines address issues concerning education, the value of experimentation, restitution measures, guarantees, control and increased transparency in the use of personal data, and openness.
While an initial impression may be that people do not engage with online services because they do not trust them, the project found that trust is not as significant a measure as at first thought. In fact, people are willing to take risks online as long as they are informed and it is clear how any undesired consequences will be addressed.
The project revealed that education is failing both in the adult world and among schoolchildren. Mass media campaigns have had far less impact than expected and the report’s authors suggest a multiple method approach that is appropriate to different groups of users.
Benefits to the public
The project highlighted the need to understand the deeper social context and the attendant risks and benefits for the development and delivery of trustworthy ICT.
Observations suggest that where people can ‘try’ a service without any risk of potential loss they are more likely to build a degree of trust that will influence future behaviour. Consumers are more likely to place their trust in something that provides safeguards, rather than something that claims nothing can go wrong in the first place.
Benefits for HP and BT
One of the key benefits for HP and BT is a deeper understanding of public perceptions of ICT. As a result, Trustguide has influenced HP’s internal practices to address these needs.
BT has used the findings to influence internal policy and practice and to inform its corporate customers.
HP and BT learned a great deal about the process of engaging with the public and HP has taken this forward in a follow-on project, Trustguide2. BT is using this work to support major bid teams and shape new proposals for strategic development.
Dissemination of results
Trustguide is making a major contribution to Government thinking on ICT. The report has been included in two submissions - to the House of Lords Select Committee on Personal Internet Security and to the Lords Constitution Committee on the Impact of Surveillance and Data Collection.
The HP and BT Project Managers have spoken at significant events in the UK including the Cabinet Office’s roadshow on Information Assurance that toured the UK in 2006. The authors have delivered the findings to audiences in the US and Australia and have published several papers in relevant journals including Computers & Security, BTTJ and the IEC Annual Review of Communications. [1]
Analysis and Lessons Learned
In engaging the participants with the issues, HP and BT found a mixed methodological approach was best. Technological demonstrations providing ‘hands-on’ experience together with discussions focusing on current stories in the media and provocative quotes on issues of security, privacy and trust acted as a catalyst to discussion.
Participants found it more difficult to engage with issues that were not current, or outside their experience, and with technologies that required projecting 2-5 years in the future.
The project highlights the need to ask the right questions. The project began by trying to tease out which ICT services and technologies were generally considered most trustworthy, what signified that trustworthiness, and why. It was very quickly discovered that these were the wrong questions. While BT and HP talked about trust, the participants talked back about risk and hence the direction of the research was changed to reflect this.
What would be done differently?
- Identify beforehand Government departments with whom to work
- Secure input from policy makers on the questions they want answered
- Enlist the support of an independent public facilitation group to contribute to the organisation, design and delivery of the public dialogue
- Engage an external evaluator to give ongoing feedback on the processes [1]
See Also
References
[1] Sciencewise (2006) “Case Study: TrustGuide”, Sciencewise
[2] (2006) Lacohee, H, Crane, S, Phippen, A (2006) “Trustguide: Final Report”, Trustguide, October 2006
[3] Sciencewise (2017) “TrustGuide” [ONLINE] Available at: https://webarchive.nationalarchives.gov.uk/20170110133006/http://www.sciencewise-erc.org.uk/cms/trustguide-2/