Final Report Summary - PACT (PUBLIC PERCEPTION OF SECURITY AND PRIVACY: ASSESSING KNOWLEDGE, COLLECTING EVIDENCE, TRANSLATING RESEARCH INTO ACTION)
Privacy and data protection are fundamental rights that play a crucial role in contemporary democratic societies. Thus the use of surveillance technology walks a fine line regarding public trust and concerns for privacy, on the one hand, and perceptions of security needs, on the other.
PACT, Public perception of security and privacy: Assessing knowledge, Collecting evidence, Translating research into action (Grant Agreement n°285635), is a 36 month (February 2012- January 2015) collaborative project funded by the European Commission in the scope of the 7th Framework Programme - Security Theme. PACT has one strategic objective, to assist end-users and policy makers to consider privacy and fundamental rights, as well as societal implications, when they evaluate pros and cons of specific security investments. This is done through collecting empirical evidence through a pan-European survey, and further, the development of a Privacy Reference Framework for Security which is the core of the Decision Support System, a hands- on tool that can be used by policy makers in their decision making process about security technology investments. The main PACT strategic objective is articulated into three more specific R&D goals: (1) to carry out a root and branch review (RBR) in order to assess existing knowledge about the relation between security and privacy and the role played by trust and concern; (2) to collect empirical evidence through a pan-European survey on the public perception of the relation between privacy, fundamental rights, and security, and to analyze the main factors that affect public assessment of the privacy implications of security technology; and (3), to develop and validate an evidence-based Privacy Reference Framework for Security Technology (PRFST) and Decision Support System (DSS), that may assist end users and policy makers to consider privacy and fundamental rights when they evaluate pros and cons of specific security investments.
The first objective is realized through the theoretical analysis and the Root and Branch Review (RBR), referring to the PACT baseline study. The RBR provides an analysis of the privacy-security debate which questions the traditional trade-off model. The RBR has been an essential precursor to PACT’s pioneering survey of EU citizens’ perceptions of privacy and security, which is the novel empirical research carried out by the project, and which represents the second objective. PACT survey covers 27 EU Member States and was conducted both through an online and face to face methodology (including a Stated Preference Discrete Choice Experiments approach- SPDCE). The third objective is the development of the PRFST and the DSS, using results from the theoretical and empirical work. Throughout the project, dissemination and networking activities play a central role in the project architecture, where the core objectives are the wide distribution of project results, and the establishment of close cooperation with potential end-users, the scientific community and stakeholder groups.
The structure of this Final Report is as follows. Chapter 1 will present a longer summary of the project objectives and context. Chapter 2 includes a description of the main S&T results, and explanations of the different Work Packages and their attributed Deliverables. Chapter 3 presents a statement of the potential impact of PACT, while Chapter 4 includes information on the PACT consortium and the contact details of the partners. The final section gives some final conclusions and recommendations.
Project Context and Objectives:
Privacy and data protection are fundamental rights that play a crucial role in contemporary democratic societies. Thus the use of surveillance technology walks a fine line regarding public trust and concerns for privacy, on the one hand, and perceptions of security needs, on the other. The relation and tension between privacy and security have come to the forefront of both political and academic debates in the last years. In particular, the growing development and the implementation of new surveillance and security measures at European as well as at national level have raised concerns about their effects on democracy and fundamental rights.
PACT, Public perception of security and privacy: Assessing knowledge, Collecting evidence, Translating research into action (Grant Agreement n°285635), is a 36 month collaborative project funded by the European Commission in the scope of the 7th Framework Programme - Security Theme. PACT has run from February 2012 to January 2015, and it is a unique and innovative project that has one strategic objective, i.e. to assist end users and policy makers to consider privacy and fundamental rights, as well as societal implications, when they evaluate pros and cons of specific security investments.
The project assesses knowledge of the relationship between security and privacy. Empirical evidence is gathered regarding public perceptions on the topic at a pan-European level. On the backdrop of this evidence, a Privacy Reference Framework for Security Technologies is developed and validated. In turn, this framework functions as the core of a Decision Support System, a tool that can be used by policy makers in their decision making process about security technology investments.
The project has accomplished its objectives through by implementing and assessing the pan-European survey, and through meetings with experts, focus groups and other dissemination activities. In particular, a specific approach has been developed and implemented, so as to allow survey respondents to react to realistic situations in making choices. In terms of project output, the project provides information and guidance to end users such as security providers, border control authorities, law enforcement agencies, intelligence agencies and crisis managers. As such, it provides insights into how privacy and fundamental rights challenges associated with the use of security technologies should be taken into account. Additionally, a Decision Support System (a non-abstract, hands-on tool) that addresses security technologies as they relate to privacy issues while at the same time remaining context-aware will be designed and evaluated in relation to real-life environments.
The main PACT strategic objective is articulated into three more specific R&D goals:
(1) to carry out a root and branch review (RBR) in order to assess existing knowledge about the relation between security and privacy and the role played by trust and concern;
(2) to collect empirical evidence through a pan-European survey on the public perception of the relation between privacy, fundamental rights, and security, and to analyze the main factors that affect public assessment of the privacy implications of security technology;
(3) and, to develop and validate an evidence-based Privacy Reference Framework for Security Technology (PRFST) and Decision Support System (DSS) that may assist end users and policy makers to consider privacy and fundamental rights when they evaluate pros and cons of specific security investments.
The three strategic objectives of PACT have been encapsulated into specific work packages (WPs). Objective 1 on progressing the theoretical discussion on privacy and security was met by WP1, Root and Branch Review, RBR. Objective 2 on the pan-European survey is related to WP 2, Survey design, WP3, Fieldwork and WP4, Data Analysis. Objective 3 on developing the PRFST and the DSS have been accomplished through the work carried out in WP5, New Conceptualization and Framework, and WP6, Decision Support System (DSS). Furthermore, dissemination and networking activities have been carried out throughout the whole duration of the project in WP7, Dissemination and Stakeholder Involvement. More details on the work performed and the main results achieved in the project are presented in the next chapter. Also, the results and the reports of the main activities carried out through the project are publicly accessible through the PACT website.
Objective 1 (theoretical analysis) – WP1 Root and Branch Review
The Root and Branch Review (RBR) refers to PACT baseline study: it has provided an analysis of the privacy-security debate which has also questioned the traditional trade-off model; an up-to-date taxonomy of security technologies and a review of the state of the art in decision support systems; an analysis of the societal impact of selected surveillance technologies; and the identification and mapping of relevant stakeholder categories, which may be interested in PACT outcomes. Based on this extensive research, a set of Use Cases relevant for PACT have been proposed, and three of them have translated into the survey scenarios (see objective 2 below). Detailed accounts of PACT’s research findings are published in the project’s related deliverables and a summary is available in a dedicated discussion paper.
Objective 2 (empirical research) – WP2 Design; WP3 Fieldwork; WP4 Analysis
The RBR has been an essential precursor to PACT’s pioneering survey of EU citizens’ perceptions of privacy and security. PACT survey covers 27 EU Member States – all but Croatia, who was not yet member of the EU in autumn 2013, and it has been conducted both through an online and face-to-face methodology.
The survey’s questionnaire includes “traditional” closed questions which measure respondents’ attitudes, life-style, and demographic information. Moreover, at its heart the survey implements a Stated Preference Discrete Choice Experiments approach (SPDCE). In the SPDCE approach, respondents are presented with several configurations of a realistic scenario in which security technologies or related policy measures affect privacy and fundamental rights. The respondent indicates their preferences among the different configurations of a scenario. By observing reactions to the different configurations, the SPDCE approach is used, alongside the contextual and background information gleaned from the “traditional” questions, to assess the factors guiding respondents’ preferences. The SPDCE methodology will be applied for the first time at this scale in the domain of security, privacy and trust. This approach moves away from the “trade-off model” of privacy and security, the validity of which was questioned in PACT’s RBR, since the survey’s scenarios does not focus on achieving optimality of either privacy or security, but instead allows respondents to react to multi-dimensional, realistic situations, in which many factors can be taken into account when making choices. The PACT survey includes three scenarios based around Internet service providers and surveillance; the use of CCTV in metro/train stations; and health records data mining and profiling. These scenarios directly resulted from three of the six use cases developed in WP1.
Objective 3 (development of the PRFST and the DSS) – WP5 (PRFST); WP6 (DSS)
Results from the theoretical work and empirical research feed into the development of a new conceptual Privacy Reference Framework for Security Technology (PRFST), and the design of the PACT Decision Support System (DSS). These are the two key outcomes of PACT. The PRFST will be of particular interest to all who are directly involved in setting and implementing security measures: it informs the Decision Support System (DSS), a non-abstract, hands-on tool addressing the opacity of security technologies regarding their implications on privacy issues. The PACT DSS is empowered by a model which will quantifies relevant parameters, including trust, privacy and data protection, civil liberty, perceived risks, security concerns, for a given security risk that a specific technology investment aims to mitigate. The model is context aware, adapting the security investment parameters to the situation, time and area/location, of application, while it will take into account the internal cultural and national boundaries, being able to provide both national and comparative outcomes. PACT DSS also provides forecasts for a given security technology investment in terms of wider social acceptance, concerns and reactions. Finally, given the sensitive role that a DSS tool may acquire, PACT also carried out both a “socio-economic impact study” and a “political impact study”, so to analyse the expected impact of such a system from these perspectives.
Dissemination and networking
Running throughout the whole duration of the project, dissemination and networking activities play a central role in the architecture of PACT. The core objectives of these activities are the wide diffusion and distribution of the project results, and the establishment of a close cooperation with potential end-users, the scientific community and stakeholder groups.
PACT benefits from the input of the project’s three advisory panels: the Stakeholder Advisory Group (SAG), the High Level Policy Panel (HLPP), and the Privacy Advocacy Panel (PAP). The three panels have been kept updated on the project’s activities through regular meetings.
Through the project, three main other events were organised. First, the project Launching Conference (at the European Parliament, Brussels, June 2012) aimed at officially presenting the project in front of the EU policy makers. Then, an Internal Seminar on “Media communication, security and privacy” (Pordenone, Italy, June 2013) aimed at understanding the dynamics of media communication in order to refine PACT communication strategy, and particularly to pave the way for communicating results of the PACT survey to the media and public in the best possible way. Finally, a Joint International Conference (Vienna, November 2014) was organized with together with the other two EU project funded under the same theme: PRISMS and SurPRISE. The international conference focused on: Citizens’ Perspectives on Surveillance, Security and Privacy: Controversies, Alternatives and Solutions, and it included both speakers from the three EU projects and experts from academia and different European and national institutions. The conference provided an important occasion to share and disseminate the results of the different research teams.
Additional dissemination activities include the establishment of the project website and the press centre, the production of dissemination material such as the project logo and brochure, the release of the PACT newsletter. It also includes scientific dissemination, with partners presenting PACT results in academic journals and conferences. PACT Research paper Series on “Privacy and Security” also releases its working papers, available on the project’s website.
Lessons learned
The PACT project has contributed to the further understanding of the sensitivity of the privacy-security relations, not merely criticizing the security-privacy trade-off model from a theoretical perspective but showing its limits through empirical research. The power dimension of these relations, which is often side-lined by policy discourses, emerged in several instances of the project, and invites for further exploration in different domains.
Also, it is important to note a certain consistency between the findings of PACT and of the parallel project PRISMS, despite the different methodologies adopted. While PACT provided insights on the tensions and arrangements brokered by individuals in different fields (public transport, health, etc), further research is needed when it comes to aspects of everyday life that are often left out of the academic and political discussions on privacy and surveillance.
Finally, a practical lesson learned concerns the importance of dissemination and popularisation. When it comes to surveillance, fundamental rights and everyday life in technology-dense societies, issues are often complex. Not only the privacy-security trade-off is a too simplistic image of the issues at stake, but researchers, policy-makers and other key actors should consider put further efforts in explaining what is stake, and engage in discussion with the potential public of security technologies.
Project Results:
The general strategic objective of PACT was to assist users and policy makers in considering privacy and fundamental rights when evaluating the pros and cons of specific security investments or policy decisions.
In order to achieve this strategic objective, PACT aimed at:
(1) Carrying out a comprehensive analysis of the current knowledge about the relation between privacy and security – which was performed in WP1 (Root and Branch Review, RBR);
(2) Conducting a large-scale survey to collect data across Europe, on the citizen’s perceptions of privacy and security technologies – which was done through WP2 (Survey design), WP3 (Fieldwork), WP4 (Data Analysis);
(3) Translating the abovementioned theoretical research and empirical evidence into:
i) a Privacy Reference Framework for Security Technologies (PRFST) – carried out in WP5 (New conceptualization and framework);
ii) a prototype Decision Support System (DSS) – which was done in WP6 (Decision Support System).
The dissemination and networking activities, whose role is crucial within the architecture of PACT, in order to collect feedback from potential end users and disseminate PACT outcomes to a broader audience, are performed in a dedicated WP which ran throughout the whole duration of the project (WP7 – Dissemination and Stakeholder Involvement).
An overview of the full structure of the project looks as follows:
WP1 aimed at defining and providing the theoretical background to the project. In a nutshell, the research showed the importance of thinking (or re-thinking) the complex relationship between security, surveillance, new technologies, and privacy and data protection, also from the perspective of other fundamental rights and societal implications. WP1 also aimed at mapping stakeholder categories which may be interested in PACT. The specific outcomes of WP1 informed the survey design in WP2, and was translated into the PACT decisional tools, the PRFST (WP5) and the DSS (WP7).
WP1 consisted of seven tasks which resulted in seven deliverables, the majority of them submitted on time, a few with minor delays without impacting the further progress of the project. The major milestone of WP1 was the Root and Branch Review Workshop in month 8 (September 2012), which validated the outcomes of previous WP1 tasks. A challenge for WP1 was that the majority of tasks (T1.1 T1.2 T1.3 T1.4 T1.5) ran in parallel the first four months of the project, and therefore many partners were responsible for leading or contributing to more than one task. This was successfully turned into the opportunity of having different tasks informing each other, resulting in a harmonisation of the whole WP.
WP1 overall results showed:
• the importance of dealing with theoretical foundations in order to understand the nuances of the concepts of privacy, data protection, security, and the need to have an overview of available security related decision support systems and of current and emerging surveillance technologies, and to map and preliminary assess PACT stakeholders’ views;
• that security should not be purely understood as national security, but as a human security that includes the widest notion of fundamental human rights and societal issues;
• that the trade-off-model of privacy and security has numerous problems and that the relationship between privacy and security should be considered within the context of the human security concept, which does not look at privacy and security as two opposite or even contradictory values;
• that understanding societal and ethical impacts of security and surveillance technologies is crucial, and that such an understanding needs to be grounded in an analysis of power structures and relationships in society, which is wider than a mere privacy impact assessment (PIA), which is helpful although it cannot be considered exhaustive;
• that seven basic categories of security technologies can be identified: visual surveillance, dataveillance, communications surveillance, biometrics and identification, sensors, location determination, emergent and futuristic surveillance technologies;
• that a use-case approach based on a few exemplary security scenarios (airport control, CCTV, Internet and social media, health records, RFID/NFC) is helpful, and can allow for the enlightening of the main features of the relationship between privacy and security, and that such an approach was able to inform the second stage of the project (i.e. the development of the survey questionnaire).
WP2 aimed at designing the instrument for the empirical research, i.e. the survey scenarios and questionnaire. This activity was carried out in strict collaboration with Task 3.1 (Review and testing the questionnaire) and consultation with the field experts. It also benefited from feedback from PACT partners through a preliminary Knowledge Consolidation Workshop and through two rounds of comments on the initial drafts of the questionnaire, as well as from feedback received during the meetings of the three project’s advisory panels (Stakeholder Advisory Group, SAG; Privacy Advocates Panel, PAP; and the High Level Policy Panel, HLPP; see WP7 for further details).
The main objectives of WP2 were:
(1) To develop an appropriate, suitable, robust and effective instrument to collect quantitative and qualitative empirical data on how individuals understand the different factors associated with the relationship between privacy and security. This objective refers to Task 2.1 Knowledge Consolidation Workshop, and Task 2.2 Design of the questionnaire and scenarios;
(2) To review and analyse the findings of the testing phase. This objective refers to Task 2.3 Analysis of Pilot Data (including an additional pilot in Romania).
A great challenge of WP2 was the design of a robust and effective instrument to collect empirical evidence on citizen perspectives on the relation between privacy and security. The PACT survey is unique in both the approach used (the Stated Preference Discrete Choice Experiments, SPDCE) and its scale (pan-European, nationally representative across the 27 EU countries). It has to be mentioned that through PACT, for the first time, the SPDCE approach will be implemented in a large scale survey and in such a complex, context-dependent, and nuanced domain such as the one of the relationship between privacy and security. The goal and the main challenge of the survey design phase were to achieve a balance between the levels of detail in the survey, and its accessibility to common public.
The main results of WP2 have been:
• The successful integration of WP1 key findings and of PACT partners feedback on the initial drafts of the questionnaire into an appropriate and effective instrument to collect empirical evidence. Three out of the five Use Cases as developed in T1.6 was translated into the survey’s three real life scenarios used for implementation of the stated choice experiments. In each of these choice contexts, respondents provided their preferred alternative which after analysis revealed the preferences related to various security and privacy aspects involved in these contexts. During the methodological workshop (T2.1) the PACT consortium identified the list of relevant attributes or characteristics which were used to describe alternatives in each of the choice contexts. PACT partners and external advisory panels had also the opportunity to comment on the initial drafts of the questionnaire in several occasions. The design process has been documented in detail in D2.1 Knowledge Consolidation Workshop Report, and in D2.2 Survey questionnaire.
• The integration of the outcomes of the survey testing phase (see WP3) into the questionnaire. The survey design phase was followed by cognitive testing and pilot data collection. In general, the survey was well received by the respondents. Results from cognitive interviews and pilot data analysis identified a need to reduce the questionnaire length, and to simplify the choice scenarios further. The questionnaire was modified accordingly, but this was considered as a significant revision of the survey instrument, and therefore required an additional testing before conducting the main stage survey. The results of pilot data have been analysed and documented as a part of the D2.3 Analysis of pilot data.
The WP2 tasks resulted in three deliverables, two of them submitted with minor delays with respect to the deadlines agreed during the project’s KoM (D2.1 due by m9 and submitted in m11; D2.2 due by m15, and delivered in m16), and the last one submitted with a three month delay (D2.3 due by m15, and actually submitted in m18, see section below on minor deviations for further details).
WP3 centred on the application of the methodological design for data collection. The main objective was to gather and analyse data on the public perception of security and privacy from across Europe (EU27) for a representative sample of the population in each country. The research was conducted via a self-administered methodology using a combination of online methodologies and face-to-face approaches.
T3.1 (Review and Testing the Questionnaire) and T3.2 (Sampling) were conducted in the first reporting period. The two tasks involved reviewing and testing the questionnaire (designed by RAND), through various qualitative and quantitative methods (focus groups, cognitive interviews and a two-stage pilot study) – as part of Task 3.1 as well as designing the sampling for each of the countries where the survey was carried out – as part of Task 3.2.
In the second reporting period, T3.1 (Review/Testing the questionnaire-reopened due the additional pilot testing), T3.3 (Data Collection) and T3.4 (Specific liaison activities with the PRISMS study) were completed, and the objectives fully achieved.
T3.3 (data collection) – involved carrying out a survey on public perceptions of privacy and security across 27 European countries. The survey was carried out in 27 countries of the European Union. Approximately 1000 people aged 18 and older were interviewed in each country. In 12 of the countries, the survey took place online, while in 13 countries face-to-face interviews were carried out. In two of the countries (Germany and Italy) the survey was conducted through a mixed approach (500 interviews conducted online, and 500 face-to-face). Ipsos carried out the fieldwork and data processing, while RAND was in charge of designing the questionnaire, and analysing the survey results.
Throughout the entire process, the Ipsos team in charge of the PACT survey remained in close contact with the Ipsos team working on the PRISMS survey (exchanging key documents and sharing regular updates), in order to ensure that the two studies were coordinated as an integrated learning process. Liaison activities between the two projects formed T3.4 of the work package.
Due to the complexity of the previous work package (WP2: survey design), an additional pilot testing of the survey questionnaire was conducted to ensure the robustness of the questionnaire. The motivations for the additional pilot testing, notified to the Project Scientific Officer on 02 August 2014 in a WP2 ad-hoc scientific report, are summarized in the progress description for T3.1 Data Collection.
WP4 aimed to provide empirical evidence on the relationship between privacy and security through the analysis of the data collected in WP3. The data analysis included analysis of preferences related to security and privacy, analysis of underlying attitudes, perceptions and contextual information related to privacy and security.
WP4 was organised in two tasks, headline findings and whole data analysis. Two separate reports documenting the findings were the result of this task.
The main results of WP4 have been:
The descriptive analysis of the data confirmed the robustness of the survey instrument and sampling approach. Analysis on the attitudes related to institutional trust, general distrust and context specific privacy and security related factors revealed important cross country differences. For example, Scandinavian countries (Denmark and Sweden) have a higher proportion of respondents with low distrust than other countries. Emerging findings from the analysis of stated preferences did not support the simplistic assumption of an inverse relationship between security and privacy as proposed by the trade-off model but pointed out towards a more nuanced understanding of privacy and security by respondents. More information regarding the headline findings can be found in D4.1 – Headline Findings.
When it comes to the ‘whole data analysis’, the study highlights that references for security, surveillance and privacy depend on the context. Acceptability of surveillance and security measures depends on level of access to personal information. Comparison of findings across contexts points to different preferences relating to different layers of privacy. While respondents are more willing to accept surveillance in the Travel context, they are averse to it in the Internet context. Preferences are not too different across Europe, but differ along socio-economic variables such as age, gender, income and education. Findings also suggest that attitudes play a role in shaping preferences. Synthesis of these findings confirms the rejection of an inverse relationship between security and privacy assumed by the trade-off model. More information regarding the Whole Data Analysis can be found in D4.2 – Survey Report.
WP5 aimed at translating the theoretical and empirical findings into a Privacy Reference Framework for Security Technologies (PRFST), a set of tools which aimed at supporting different types of decision makers in the making of choices related to security technology investments, as well as policy makers, to support them considering aspects of privacy and other fundamental rights when evaluating pros and cons of different available options.
Specific objectives of WP5 were to define, design, develop and validate the PRFST. The process of definition of the PRFST (T5.1) started in the first reporting period, while the other objectives of development (T5.2) and validation (T5.3) was carried out in the second reporting period.
Results from the T5.1 T5.2 and T5.3 have been described in 3 deliverables as summarised below:
• D5.1: Report on the Definition and Design of the PRFST: The PRFTS framework was prepared. A very important input for it was the PACT privacy reference framework and decision support system workshop which took place in Madrid on 17th and 18th of October 2013, in the premises of Atos in Spain. The aims of this joint PRFST and DSS Workshop were to present the key design elements to the PACT expert groups (Stakeholder Advisory Group, Privacy Advocates Panel, High Level Policy Panel) in order to compile their feedback and take it into account for the next activities.
• D5.2 PACT PRFST: Key concepts were explained and a user manual was provided covering the most important concepts to make them clear to potential end-users. The Privacy Threat Index was specially addressed due to the importance of it in the methodology. A technical approach to the DSS prototype was also produced.
• D5.3 Validation Report: The report was performed considering as main inputs two focus groups, one organised in the UK and one in Israel. Also, feedback received during the SurPRISE, PRISMS and PACT Joint Conference along with the PRFST and DSS Validation Workshop was analysed.
The PRFST was prepared while considering different kind of inputs from different events to enrich the initial approach the consortium had. The PRSFT was presented in some public events such as the international conference arranged jointly with the EU FP7 research projects SurPRISE and PRISMS on the 13th and 14th of November 2014 in Vienna.
WP6 aimed at developing a prototype DSS, whose goal was to help end users evaluate the pros and cons of specific security investments, also on the basis of the societal perception of privacy and liberty.
A significant result of WP6 was the PACT DSS software tool, an online application consisting of an intuitive and simple to use graphical user interface and a knowledge base containing in a structured and extensible format the theoretical and empirical knowledge collected within PACT. ATOS and NCSRD keep the PACT DSS online and maintain the HMI and Knowledge Base servers after the end of the project. In parallel, exploitation opportunities are sought both in the form of follow-up research activities as well as commercial exploitation planning, towards optimising the PACT DSS and progressing from the prototype version of PACT to a commercially exploitable product version. Even in the prototype version, the PACT DSS software tool provides the necessary knowledge platform for future research projects in the area of Secure Societies and value-sensitive technological innovations. Besides the generation of privacy, ethics and social impact assessment reports, using the tool as a platform, research communities can further build upon and expand the knowledge base with more scenarios, empirical data updates and context-based knowledge.
During T6.1 by analysing user needs and defining the DSS behaviour and characteristics (as these are expressed in terms of functional and technical requirements), PACT placed a significant effort in clearly defining the DSS scope, establishing a common understanding and consensus early and throughout the PACT consortium and strengthening appropriate premises within legal and ethical boundaries. T6.1 firmly established the connection with WP4 and WP5 and promoted inter-WP collaboration to efficiently integrate corresponding input. Finally, WP6 provided a comprehensive report including both technical and conceptual information and definitions needed for both technical and End User context. D6.1 DSS Architecture, Technical Requirements and Definition of Validation Criteria included nine different partners in the contributors list, which is exemplary in terms of multi-disciplinary collaboration.
Deliverable D6.2 DSS Functional Specifications was the main outcome of task 6.2 of the PACT Project, ‘DSS Knowledge Base, Decision Context and Engine Functional Design’ providing functional specifications covering the following:
• The DSS HMI Dialogue Management: HMI, Human Machine Interface, also known as GUI, Graphical User Interface. Those are the screens shown to the user in order for him to interact with the system for introducing data and displaying the results.
• The Knowledge Base: consisting of an extensible data model and knowledge management framework, storing and providing efficient access to PACT’s theoretical and empirical findings. The knowledge base can be initiated as a structure and then maintained and updated by any experts’ community. In the context of PACT, the knowledge base was populated according to the project’s theoretical and empirical findings.
• Decision Engine: the business logic underneath the screens, thus what the system actually does to process the information introduced as input in order to generate the output.
T6.3 provided the software prototype including the DSS user application, knowledge base and dataset which were deployed on ATOS and NCSRD servers and available online upon request and via authorised access. T6.3 also provided a complementary executive report providing the functional highlights, example dialogs and functionalities for the Human Machine Interface & Dialogue Management component as well as an insight into the accompanying DSS Knowledge Base key design aspects and schema. The report comes also with an Annex containing the description of the DSS dataset. ATOS and NCSRD plan to keep the PACT DSS online and maintain the HMI and Knowledge Base servers after the end of the project. In parallel, exploitation opportunities are sought either in the form of follow-up research activities as well as commercial exploitation planning, towards optimising the PACT DSS and progressing from the prototype version of PACT to a commercially exploitable product version.
Finally, in the framework of T6.4 the PACT DSS software tool, its successful operation was evaluated and validated through a number of criteria including user requirement-based validation and acceptance as well as performance and technical success measures for the system and individual components. Based on D.6.1 the validation criteria were divided in four major categories:
• User Perspective Criteria;
• Component Specific Validation Criteria and Success Measures;
• Functionality Validation Criteria and
• Performance Validation Criteria
Depending on the criteria type, the evaluation and validation was performed by either by experts or by end users, using both qualitative and quantitative methods. Chronologically, the technical evaluation was performed in parallel to the intermediate user evaluation and provided feedback and constructive criticism on the interim version, and input for further development and refinement of the final prototype. Even as an intermediate prototype, the presented DSS tool was appreciated and well-received for its novelty and practical, context-specific and extensible approach.
During its demonstration in the Joint International conference that was organized 13th – 14th November 2014 in Vienna, Austria, it was widely agreed that the tool allowed for the measurement of usually qualitative concepts and the displaying in different colors, the usage of the knowledge base to display by default security alternatives, privacy risks, including their corresponding description, and controls. The same concepts were also imprinted in the online review of the tool, which was performed after the conference through questionnaires; both the questions related to the implementation of the functional flow of the PRFST and the ones related to usability metrics, even those deemed more critical by the end users during the PACT DSS Workshop, received an average aggregated score of 8 in a Likert 0 -10 scale.
The validation of the final prototype took place in a dedicated workshop that the PAP, SAG and HLPP members participated in and had the opportunity to acquire hands-on experience of the tool through different scenarios demonstrations. All of them were excited by the prospect that the tool could be used in future scenarios as a risk assessment tool in policy proposals ahead of the introduction of a new law: where values could be plugged into the model and the policymaker could directly see impacts and outcomes. Additionally it was also proposed that the tool developed should also engage with the expert security community, as it is ultimately the community with the most to offer in terms of potential uptake.
WP7 aimed at communicating the findings and outcomes of the project while allowing stakeholders and policy makers to interact and directly participate, by injecting their perspective into the project. The overall goal was to make as visible as possible PACT; the PACT objectives and the PACT results. WP7 aimed at widely explaining what is at stake with the PACT project; widely disseminating what has been achieved so far and widely promoting interaction with policy makers, stakeholders, potential end-users, opinion leaders, civil society representatives as well as academics and other FP7 related projects such as PRISMS and SurPRISE.
Considering the PACT objectives, the communication and networking activities performed during the project’s lifecycle are of crucial importance for achieving the objectives and for making them in line with end users’ needs. Throughout the project, significant results were achieved:
• The establishment of several PACT panels such as the Stakeholder Advisory Group (SAG, ST7.1.1) the High Level Policy Panel (HLPP, ST7.1.2) and the Privacy Advocates Panel (PAP, ST7.1.4) as well as the organisation of regular meetings of these panels;
• Distribution of the project’s main findings to academic journals and conferences, and the creation of the PACT Privacy & Security Research Paper Series (ST7.1.3);
• Release of broader-dissemination instruments such as the project’s logo and brochure, the website, newsletters and press releases on the project launching conference and the survey (ST 7.1.5);
• Organisation of a training seminar on communicating with the press (ST7.1.5).
Furthermore, contacts were established with the twin FP7 projects SurPRISE and PRISMS, which resulted in the organization of a joint international conference in Vienna on the 13th and 14th November 2014. The conference brought together not only partners from the three consortia, but also researchers, experts, policy makers and other stakeholders from across Europe. A book project, collecting works presented at the conference, is currently under preparation, which will result in a further dissemination activity. Furthermore, through the Second Reporting Period, partners have presented their PACT related work in different fora.
WP7 was carried out through three activities; T7.1 on Dissemination and Communication, T7.2 on Networking activities, and T7.3 Promotion of the exploitation of the projects’ foreground, and related subtasks, as described below.
2.8 WP8 Management
The financial and administrative aspects of the PACT Project were prepared according to the following reference documents:
• Grant Agreement number 285635;
• PACT Consortium agreement;
• Guide to Financial Issues relating to FP7 Indirect Actions, Version : 2013-03-18;
• Annex II “General Conditions” of the FP7 Grant Agreement;
• Guidance Notes on Project Reporting, version June 2010;
• Template for Periodic Report.
All the partners in the Project used project netboard, the internet-based management system, for which they have personal logins. The information collected from the partners is as follows:
Monthly time sheets identified per person, Task, Work package and activity. Each time sheet was updated with the actual labour cost of the person concerned according to the data provided by the respective accounting systems of the partners. The actual time consumption and the corresponding labour costs were thus identified, controlled and compared to the provisional figures set in the Technical Annex.
Expenses incurred in the project for the various project cost categories such as:
• Travel and per diem identified per person and per activity;
• Other specific costs identified per partner and per activity;
• Consumables identified per partner and per activity ;
• Subcontracting costs identified per partner and per activity ;
• Indirect cost, automatically calculated according to the partners’ respective indirect cost models.
The above information were analysed by the project Coordinator and its services. Any significant deviations from the budgeted figures were documented with the partners concerned and, wherever the case, actions are taken at the level of the Coordinator.
Management reporting was based on views and tables automatically generated by the Project netboard Internet-based management system in the .xls and .doc formats for the period concerned. The standardisation of the figures and tables, according to the updated guidelines provided by the Commission services is meant to ensure the overall consistency of the Periodic Report over time.
During the first project reporting period (Month 1-18) the following management aspects have been addressed: The project Handbook was drafted and validated by all consortium members. The Consortium Agreement was signed and distributed to the partners. A collaborative platform was set up. This private area linked to the public web site was used for knowledge management. The collaborative platform archived all documents related to the project while offering a working space for document/file exchange to project partners. The collaborative platform is accessible through the web-site. A management tool (Project netboard- PNB) was set up to allow the monitoring of effort and expenses consumption as well as activity reporting at the task level. Following the setting-up of PNB, web-conferences were organised with each partner to explain the procedure and calendar of the project and to teach the partners how to use PNB for their activity and financial reporting. Guidelines for the use of PNB were drawn up and transmitted to the partners together with their access code.
In the second period, beneficiary n°11 CSSC, original promoter and scientific coordinator exited the project due to force majeure event (entry into liquidation). In order not to affect the project, the consortium members approved the proposition made the P01 ABSISKEY to nominate P09 PRIO as new Scientific Coordinator of the project. P09 PRIO, led by Peter Burgess has had significant experience in coordinating EU projects (FP5, FP6, FP7). Peter Burgess and his team had the critical skills and methodology required to keep ensuring the overall scientific quality of the project. In addition, their experience put them in a unique position to interact with scientific coordinators of sister projects such as PRISMS and SURPRISE, some of which, they have already worked with in the past.
Apart from that, no major problem has been noticed in management. Adjustments were however required in the timeline.
Potential Impact:
PACT has resulted in 30 scientific publications and 54 academic talks and dissemination activities. It has thereby created a very significant academic impact of its foreground. The project has also organized three major events: a Launching Conference hosted in the Brussels’ venue of the European Parliament, an internal seminar with several invited speakers on Seminar on “Media communication, security and privacy”, and a final Joint International Conference with the twin EU projects PRISMS and SurPRISE, on “Citizens’ Perspectives on Surveillance, Security and Privacy: Controversies, Alternatives and Solutions”.
The dissemination of the PACT research results contributes to on-going social, political and academic debates concerning the tensions between security and fundamental rights. It does so in a novel way: it provides both empirical and theoretical original research, with a strong focus on citizens’ perspectives.
However, the impact of PACT foregrounds is to be expected well beyond the academic field. Indeed, among PACT’s ambitions is the design of a Decision Support System (DSS), that could be eventually further developed and used by public authorities, civil society, and private companies (cf. Deliverable D6.1). Then, the PACT DSS, or similar instruments, may come to play an important role in decision-making processes concerning security technologies. Therefore, the potential socio-economic and political impacts of DSS need to be assessed already at this stage.
It should be reminded again that both the socio-economic and the political impact studies are exploratory in nature. Their main findings are based on the current features of the PACT DSS: on their potential functioning and not on their actual functioning in specific socio-economic and political environments. Therefore, similar exercises (socio-economic and political assessments) should be carried on again before any further development and implementation, and then again at regular intervals.
3.1 Socio-Economic impact
The PACT DSS is an online software tool for assessing the impact of future security technology investments and deployments in terms of privacy, ethics, social acceptance and public perception.
Socio-economic variables that are crucial for assessing PACT’s DSS are the access to public goods and services, the adequacy of physical, social and communicational infrastructure, and socio-economic equality. They relate to questions of ownership, access, and openness/closure. In this context the distinction between free and proprietary software matters.
The study formulates 5 recommendations:
1. Do not commercialise the DSS: Given that the PACT project has been funded by public taxpayers’ money, it is feasible not to commercialise PACT DSS, i.e. to sell access to it or to grant licensing possibilities to companies or other organisations or individuals. Such endeavours could be interpreted as the misuse of publicly provided resources.
2. Provide research results in an open manner: The general tendency of the European Union is to try to make research results open, so it is a good practice to think if this principle can also be applied to software.
3. Make the DSS available online: The best possible and easy availability of the PACT DSS is as online software, which saves distribution costs and allows broad access possibilities.
4. Keep access to the DSS open: Another question is what the target audience for the PACT DSS is. If one assumes that these are exclusively security professionals making decisions about the use of specific security systems, then it may seem feasible to restrict access to the PACT DSS with a login and password and to provide passwords only to specific organisations after request. Such a restriction and closed access requires maintenance after the project, for which PACT provides no resources, and it rather excludes the possibility that stakeholder groups beyond security experts, such as privacy advocates, citizens, researchers, research communities, research funding bodies, etc., gain interest. Closed access requires that someone is available, who actively targets stakeholders in order for them to take up the DSS. Otherwise it is likely to remain a non-used software. An open approach without password restriction to specific groups or an approach that accepts all registrations in contrast allows broader access and dissemination and use that spreads by word-of-mouth online and offline.
5. Consider the options and potentials of free software: Besides the question of free or restricted access to the PACT DSS, another important question is the question if the source code should be free or restricted. Given that more and more open data requirements tend to emerge and the European Union goes more and more into the direction of open research, an argument can be made for turning the PACT DSS into a free software that uses a GPL or Creative Commons license. If this is done, then all the advantages identified by proponents of free software can be harnessed: equality, education possibilities, fostering the public and common good, collaboration, evolutionary software quality improvement (after the PACT project’s end), efficient resource use, avoiding monopolies, freedom.
A good practice example can be found in the FP7 DESSI (Decision Support on Security Investment) project. The DESSI tool is comparable to the PACT DSS. It is freely accessible and useable for everyone. Access requires registration, but everyone can do so. The DESSI tool’s source code can be downloaded a website. It uses a Creative Commons Attribution-Non Commercial-ShareAlike 3.0 Unported License, which means that users can change and reuse the source code for non-commercial purposes as long as they attribute the original creator and grant the same rights to others.
3.2 Empirical and methodological implications of public perceptions of security and privacy
The PACT project has had three primary stages, all contributing directly and indirectly to a more precise understanding of the the relationship between security and privacy. First, it has carried out a survey of scientific research on the role of trust and concern in the relation between security and privacy in Europe. Second, and most visibly it has carrie out a significant pan-European survey on public perceptions between privacy, fundamental rights and security. Third, in relation to the survey it sets out an analysis of the facttors that lead to and impact such perceptions.
The input to the survey of public perceptions consisted of three phases. First, the project carried out a full analysis of the cases chosen. This comprises consideration of cases of surveillance in public transport, surveillance as a form of management and interpellation of internet-based information delivery systems, and surveillance through intervention i the management of health data.
The transport surveillance case reviled that the CCTV is basically supported across European nations, with some variation according to age and some variation according to context. In short there is all-in-all consistency across Europe. In the case concerning the surveillance of internet-based information the survey discovered more general scepticism to surveillance, and at at the same time larger variation according to age. The pattern is generally consistent across the EU. When it comes to surveillance of health data stored in aggregated data bases, there is in general support, with little variation according to age and less variation across the EU.
These empirical results support the development of several analytical tools and mechanisms. A ‘Privacy reference framework for security technologies [PRFST]’ was developed, inciting of a step-by-step guide for assessing the cultural, social and value-based factors that should be taken into account when making empirical studies of the kind carried out in PACT. It also developed a ‘Privacy threat index (PFI)’ and a ‘Privacy reference architecture (PRA)’ in order to assist analysis and the distillation of policy results. It also served to develop the principles of a so-called ‘stated preference discrete choice experiment (SPDCE)’. Finally, as discussed at length above, the survey analysis provide the empirical basis and structure for modelling a Decision support system (DSS).
Several general lessons have been learned from the research, development and application of the methodology. The primary finding is the one that was least expected. It is much methodological as empirical and analytical. This is, namely that there is considerable national variation in the premisses for understanding the relationship between security and privacy. Moreover, trust is a key component in understanding this variation and the differences to which they correspond. The results also made clear that the ‘trade-off’ metaphor between security and privacy is limited. Rather, elements of certain ‘negotiable’ conditions of invasive security measures vary also in relation to ‘non-negotiable’ elements. Overall, the results show that debates on these and similar issues are contextual, reflected to a large degree in the in the way that security and ‘privacy’ are expressed and conceptualised. Indeed computer and data professionals are highly critical to the companies and security agencies conducting such surveillance, often calling for political changes at the nation, European and global level. Research findings also indicate a highly problematic self-understanding of companies producing such technologies.
In an analogous finding the project brought into focus research concerning biometric identification, and showed how they create ‘fine-tuning’ of the issues, bring into better focus the utility of biometric ID cards, weighed against common privacy issues.
In methodological term the project successfully tested the deployment of SPDCE to capture individuals preferences with regard to privacy, security and surveillance at scale in Europe. In this regard its finds correlated to some degree with this of the sister PRISM project. The project’s theoretical foundations stress the importance of analysing aspects of power and advanced the need for a critical approach when assessing the ethical and societal impacts of information technology. As a secondary impact the project itself heightened sensitivity, enhanced conceptualisation of privacy issues and contributed to expanding its analytic discourse to medical, academic, and policy venues.
3.3 Wider societal implications
Besides the socio-economic impact of the PACT DSS, it is also important to provide an analysis of the potential political implications of the PACT DSS. To do so, we draw from Barry a working definition of what is political: “[a]n index of the degree to which a problem or object is open to contestation and dissensus” (Barry 2001, 268-269). Based on this definition, the guiding principle of this assessment is the ability of the PACT DSS to contribute to political discussions among different actors on the introduction of new security technologies.
First, it should be noted that different forms of manipulation could arise. They range from the feeding of fake information or the withholding of undesired data, to the exclusion of other concerned actors from the very use of the system. Manipulation could also happen if some users use the PACT DSS to claim (pseudo- ) scientific knowledge about the issues at stake.
Second, while the PACT DSS has a clear purpose – supporting investment in the field of security technology – its target audience is less well defined. It is not evident if its use will remain an internal process of private companies, or if it will be made public, or if other actors will be able to run the system providing their own information.
Third, the PACT DSS will probably enter a policy-making landscape in which other impact assessment tools will be used, voluntarily or compulsory: Privacy and Data Protection Impact Assessments, Surveillance Impact Assessments, Societal Impact Assessments, etc. The way in which it will integrate this landscape will also contribute to define its possibilities, its use and its political role.
Based on these insights and the analysis carried out above, four main recommendations can be advanced.
1. While further efforts should be done to make explicit the main audience of the PACT DSS, it is advisable to further develop the PACT DSS so to ease its use by a wide number of concerned actors. If diverse users become familiar with this tool, understanding its rationale, its functioning, as well as its main flaws and bias, they may come to appreciate its potential in signaling issues and informing political debates. This will probably reduce expectations, but could make the PACT DSS a more ‘reliable’ tool, narrowing the scope to the main forms of manipulation identified above.
2. If the PACT DSS is to be further developed, or adjusted for actual use in specific contexts, it is important to take into consideration the evolving policy-making landscape, and in particular the way in which it will relate to other meta-policy tools and impact assessment instruments. The PACT DSS will have to clarify not only its added value, but also its specific contribution to political discussions, and its ability to speak to concerned actors that are not used to its risk management language.
3. The PACT DSS is conceived to be scalable and, to some extent, customizable. As already mentioned in the Social Impact Assessment above, it is recommendable that its source code remains open. This would help avoiding the marginalization of several actors, and it can contribute to the transparency of the decision support process. Furthermore, it can also permit identify existing bias and take action to correct them. In turn, it would promote confidence in the tool (which would not perceived as merely business system).
Finally, it is strongly recommended to keep assessing the PACT DSS in the near future. A proper analysis of its political implications can be meaningful only if regularly carried on, and if the actual uses of the PACT DSS are studies. Therefore, we advise to plan systematic assessments and to create a system to collect feedback from actual users and from actors that refuse to use it, or have finally decided to discard it.
3.4 Main dissemination activities & Exploitation of results
The full reports of the main dissemination and networking activities carried out through the project duration have been presented in four deliverables of WP7. In this section, it is important to note that the full consortium made continuous effort to ensure a wider, and yet consistent, dissemination of the results, exploring a variety of different fora – from meetings with specific stakeholders to academic conferences – in order to receive the most relevant feedback and reach the most adequate audience.
As mentioned above, dissemination was achieved through meetings, conferences, seminars as well as different kinds of publications: peer-reviewed articles, press-releases, papers, etc. Still, the exploitation of the PACT results is an ongoing activity, which continues beyond the end of the project itself. Several partners are currently engaged in the finalization and submission of publications, including the co-edited book that builds upon the presentations done at the Joint International Conference. Other partners plan to further exploit the results for their own research or for drafting new research proposals (at European or national level).
As mentioned above, the PACT DSS, as well as the PRFST, will probably further developed both by project partners and potential end-users. Their uptake will also depend on the future evolution of the European policy and legal landscape concerning data protection, in particular the accomplishment of the data protection reform. Given the growing attention towards ‘impact assessment methodologies’, the PACT DSS and PRFST can play an important role in the implementation of specific provisions or policy choices.
List of Websites:
• PACT Consortium contact details:
Scientific Coordinator: Prof. J. Peter Burgess - jpeterburgess@prio.org
Management Coordinator: Olivier DE BARDONNECHE
List of beneficiaries:
P1 ABSISKEY (VITAMIB)
Rue Colonel Dumont 26, Grenoble 38000, France
P2 ATOS SPAIN SA (ATOS)
Calle de Albarracin 25, Madrid 28037, SPAIN
P3 CENTRE FOR IRISH AND EUROPEAN SECURITY LIMITED (CIES)
Clan William Terrace 3, Dublin 2, Ireland
P4 MARKET & OPINION RESEARCH INTERNATIONAL LIMITED (IPSOS MORI)
Borough Road 79-81, London SE1 1FY, United Kingdom
P5 CENTER FOR SECURITY STUDIES (KEMEA)
P. Kanellopoulou St 4, Athens 10177, Greece
P6 MINISTRY OF PUBLIC SECURITY (MOPS/IP) (TERMINATED ON JUNE 17TH 2012)
Israel National Police HQ, Haim, Bar-Lev St., Jerusalem 91906, Israel
P7 NATIONAL CENTER FOR SCIENTIFIC RESEARCH "DEMOKRITOS" (NCSRD)
Patriarchou Gregoriou Str., Aghia Paraskevi 15310, Greece
P8 RAND EUROPE COMMUNITY INTEREST COMPANY (RAND)
Westbrook Centre Milton Road, Cambridge CB4 1YG, United Kingdom
P9 INSTITUTT FOR FREDSFORSKNING STIFTELSE (PRIO)
Hausmanns gate 7, Oslo 0186, Norway
P10 UPPSALA UNIVERSITET (UU) (TERMINATED ON JANUARY 31TH 2013)
St Olofsgatan 10B, Uppsala 751 05, Sweden
P11 CENTRE FOR SCIENCE, SOCIETY AND CITIZENSHIP (CSSC)
Via Paolucci de Calboli 5, Roma 00195, Italy
P12 HEBREW UNIVERSITY OF JERUSALEM (HUJI) (INTRODUCED ON JUNE 18TH 2012)
Givat Ram Campus N/A, Jerusalem, 91904, Israel
P13 UNIVERSITY OF WESTMINSTER (INTRODUCED ON FEBRUARY 1ST 2013)
Regent Street 309, London, W1B 2UW, United Kingdom