Providing verifiable oversight for scrutability, assurance and accountability in data-driven systems

The emergence of data-driven systems that inform decisions or offer recommendations impacts all sectors, including high-stakes settings where judgements affecting health,education and security are made. There is little visibility afforded into the qualities of the constituent components of these systems, or how they have been prepared and assembled. This makes it difficult for stakeholders to scrutinise systems and build confidence in system quality – which is important as problems resulting from poorly prepared or mismanaged data can have serious consequences. There is motivation to foster trustworthy systems, based on transparency and accountability, but there are currently shortcomings in tools that offer the desired scrutability onto data-driven systems, whilst protecting confidentiality requirements of providers. This thesis adopts a design research approach to address these shortcomings by designing and demonstrating information systems artefacts that enable providers to take accountability for their contributions to data-driven systems and provide verifiable assertions of the properties and qualities of systems and components to authorised parties. The outcomes are a framework to help identify parties that contribute to the provision of data-driven systems, and a conceptual model that adopts a bill of materials document to record system supply chains. These artefacts are employed in software architectures that provide verifiable assurance of the qualities of digital assets to authorised parties and offer scrutability on data-driven systems. The software architectures adopt decentralised data models and protocols based on self-sovereign identity paradigms to place accountability on providers of assets. This enables domain users and other stakeholders to seek assurance on the qualities of systems and assets, whilst protecting sensitive information from unauthorised access. This thesis contributes to the adoption of self-sovereign identity data models and protocols for parties to ratify qualities and take accountability for digital assets, extending their scope from the current dominant usage for personal identity information