Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Trust and security technologies: Lessons from the CRISP project


Published on

These slides present findings from Work Package 3 of the CRISP project. CRISPaims to develop an innovative evaluation and certification methodology for security products. This talk was given at the 7th Biennial Surveillance & Society Conference in Barcelona in April 2016.

  • Login to see the comments

  • Be the first to like this

Trust and security technologies: Lessons from the CRISP project

  1. 1. Can Trust in Security Technologies be Enhanced through Certification?: Lessons from the CRISP project. Thordis Sveinsdottir Trilateral Research Ltd 7th Biennial Surveillance & Society Conference Barcelona 20-23 April 2016
  2. 2. Security Certification – European Context  The EU security market, which is strong and fast growing:  Includes very different types of products and services  Is supplied by very varied stakeholder group  There is also a plethora of assorted standards and certification schemes for security products, systems and services and there is a distinct lack of harmonisation and mutual recognition of these schemes across Europe.  CRISP project objectives are to:  Aid in the harmonisation of the European security market through pan- European certification  Increase citizen trust in security products, systems and services through integrating social dimensions in the evaluation phase
  3. 3. The CRISP project  Evaluation and Certification Schemes for Security Products (CRISP)  36 Month project  1st April 2014-1st March 2017  Website:  Twitter: @CRISP_Project
  4. 4. RRI approach to security RD&I  There is a need to align security technologies, especially those which breech citizens’ fundamental rights and privacy, with societal needs and values to a greater extent (von Schomberg, 2011)  RRI focus allows for seeing tensions between security and fundamental rights:  as a set of practices and issues that can be addressed with an approach where a concern for ethical and social consequences of technologies are weaved into the R&D process  as a process where users and other stakeholders are engaged with producers early on, to allow for adjustments to security processes, products and systems.
  5. 5. CRISP evaluation of social dimensions  CRISP will contribute a holistic evaluation methodology for security products, systems and services that encompasses :  A defined use scenario  Multiple stakeholder perspectives on any one security technology  At the highest level the four dimensions, Security, Trust, Efficiency and Freedom Infringement (S-T-E-Fi) are each used for evaluation, and consideration is also paid to their interrelations and potential conflicts.  Within each evaluation dimension, a number of evaluation criteria are defined, which are further narrowed down to specific evaluation questions for each product
  6. 6. The CRISP Web tool A project manager sets up a scenario, which serves as basis for evaluation. Information providers answer questions for each of the STEFi dimensions
  7. 7. Stakeholder Analysis  Stakeholders included: Security industry, certification bodies, standardisation organisations, accreditation bodies, insurers, DPAs, policy makers and end users  Questions to ascertain the opportunities, needs and challenges of current evaluation and certification of security systems. Ascertaining the need for a scheme such as CRISP  Stakeholder analysis consisted of case study research of three technology areas.  Video Surveillance  Alarm Systems  Remotely Piloted Aircraft Systems (drones).  The case studies included: Desk research, Interviews with stakeholders, Web surveys
  8. 8. Stakeholder needs from certification  It provides clear added value (Security industry, certification bodies):  Low administrative burden  Low cost  One-stop certification  Transparency at all levels (e.g., documentation, evaluation, certification processes)  A robust scheme (minimum allowance for difference)  Flexibility of scheme (e.g., to allow for technological innovation)
  9. 9. Possible limitations of the CRISP scheme  The contextual nature of security  National security cultures/specificities  Different users/use contexts  Different use possibilities of any one product  The subjectivity of the STEFi dimensions  Too “soft” to serve as effective evaluation criteria  Concern over key dimensions and their definitions
  10. 10. Trust through certification?  Case study findings indicate that certification of a product, system or service enhances feelings of trust, e.g.:  The notion of certification as a ‘seal of quality’ or assurance to end users’ ranked as the most important benefit of certification by 85% of supply-side respondents and 82% of demand-side respondents*.  Certification was also seen to have the benefit of “improving service and product standards” and was selected by 42,6% of supply and 57,1% of demand side stakeholders  However:  Certification needs to be a transparent process – currently too opaque and confusing  Certification seal needs to be well known to be respected/trusted
  11. 11. Contact  Full findings can be found in the Work Package Report - Sveinsdottir, T., Finn, R., Wadhwa K., Rodrigues, R., van Zetten, J. Wurster, S., Murphy, P., Hirschmann, N., Rallo, A., Garcia, R., Pauner, C., Viguri, J., Kalan, E. and Kolar, I. (2015) D3.1 Stakeholder Analysis. Available at: content/uploads/2015/03/CRISP-D3.1-Stakeholder-Analysis-FINAL.pdf  Thordis Sveinsdottir –