Ignore These At Your Peril: Ten principles for trust design

Online trust has been discussed for more than 10 years, yet little practical guidance has emerged that has proven to be applicable across contexts or useful in the long run. 'Trustworthy UI design guidelines' created in the late 90ies to address the then big question of online trust: how to get shoppers online, are now happily employed by people preparing phishing scams. In this paper we summarize, in practical terms, a conceptual framework for online trust we've established in 2005. Because of its abstract nature it is still useful as a lens through which to view the current big questions of the online trust debate - large focused on usable security and phishing attacks. We then deduct practical 10 rules for providing effective trust support to help practitioners and researchers of usable security

Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

Secure tenure for home ownership and economic development on land subject to native title

The public policy debate on land rights, the struggle of Indigenous peoples to have their pre-colonial possession of land recognised and interests in how land rights might be exercised to fulfil Indigenous peoples’ hopes for economic development and home ownership.Those people who have had their native title rights and interests in land legally recognised are contemplating the implications for their future prosperity. They are pondering the types of investments they can make to develop their land for social and economic purposes, the use and development rights they might temporarily exchange for income, or, as a last resort, the rights and interests they are prepared to relinquish in return for compensation. Western Australia (WA) presents a unique case in the Australian context because, unlike other states and the Northern Territory, WA does not have a statutory Aboriginal land rights system despite its large and remote Aboriginal population. What is termed ‘Aboriginal land’ in Western Australia covers approximately 12 per cent of the state but has generally been granted at the discretion of the Minister for Lands, or else is held in trust as a reserve for the ‘use and benefit of Aboriginal inhabitants’.1 This estate has not been transferred to Aboriginal ownership under state legislation on the basis of statutory rights conferred on Aboriginal people as the result of a formal claim based on their cultural connections to the land or waters. According to the former Aboriginal and Torres Strait Islander Social Justice Commissioner Tom Calma (AHRC 2005), this reflects ‘protection’ style legislation from the 19th century, which has been the basis of calls for reform of the system since the early 1980s (Seaman 1984; Bonner 1996; Casey 2007)

Online advertising: analysis of privacy threats and protection approaches

Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft

The mechanics of trust: a framework for research and design

With an increasing number of technologies supporting transactions over distance and replacing traditional forms of interaction, designing for trust in mediated interactions has become a key concern for researchers in human computer interaction (HCI). While much of this research focuses on increasing users’ trust, we present a framework that shifts the perspective towards factors that support trustworthy behavior. In a second step, we analyze how the presence of these factors can be signalled. We argue that it is essential to take a systemic perspective for enabling well-placed trust and trustworthy behavior in the long term. For our analysis we draw on relevant research from sociology, economics, and psychology, as well as HCI. We identify contextual properties (motivation based on temporal, social, and institutional embeddedness) and the actor's intrinsic properties (ability, and motivation based on internalized norms and benevolence) that form the basis of trustworthy behavior. Our analysis provides a frame of reference for the design of studies on trust in technology-mediated interactions, as well as a guide for identifying trust requirements in design processes. We demonstrate the application of the framework in three scenarios: call centre interactions, B2C e-commerce, and voice-enabled on-line gaming

Words Speak Louder Than Money

This paper reports on an experiment studying the effectiveness of two types of mechanisms for promoting trust: pecuniary and non-pecuniary as well as their mutual interaction. Our data provide evidence that both mechanisms significantly enhance trust in comparison to the standard investment game. However, we find that the pecuniary mechanism performs significantly worse than the non-pecuniary one. Our results also point to the fact that pecuniary mechanism, which depends on monetary incentives, can be counterproductive when combined with mechanism which relies primarily on psychological incentives.Communication; Deposit; Experimental economics; Trust; Trustworthiness

Integrating security solutions to support nanoCMOS electronics research

The UK Engineering and Physical Sciences Research Council (EPSRC) funded Meeting the Design Challenges of nanoCMOS Electronics (nanoCMOS) is developing a research infrastructure for collaborative electronics research across multiple institutions in the UK with especially strong industrial and commercial involvement. Unlike other domains, the electronics industry is driven by the necessity of protecting the intellectual property of the data, designs and software associated with next generation electronics devices and therefore requires fine-grained security. Similarly, the project also demands seamless access to large scale high performance compute resources for atomic scale device simulations and the capability to manage the hundreds of thousands of files and the metadata associated with these simulations. Within this context, the project has explored a wide range of authentication and authorization infrastructures facilitating compute resource access and providing fine-grained security over numerous distributed file stores and files. We conclude that no single security solution meets the needs of the project. This paper describes the experiences of applying X.509-based certificates and public key infrastructures, VOMS, PERMIS, Kerberos and the Internet2 Shibboleth technologies for nanoCMOS security. We outline how we are integrating these solutions to provide a complete end-end security framework meeting the demands of the nanoCMOS electronics domain