The £1.2m Research Councils UK (RCUK)-funded CONTriVE (Control and Trust as Moderating Mechanisms in addressing Vulnerability for the Design of Business and Economic Models) is the HALL’s anchor research project. Personal data holds great potential to benefit commerce and society. At the institutional level however, concerns are increasing over the risks associated with data access, ownership, privacy and confidentiality. CONTriVE’s main purpose is to investigate whether and how these institutional concerns are reflected in the perceptions of individual users.
CONTriVE will establish a new programme of research in digital economy by understanding how individual subjective perceptions of users with regard to cybersecurity relate to organisational and institutional views on cybersecurity. By gaining this understanding, we seek to develop new business models that would allow businesses to minimise individual perceptions of vulnerability with regard to issues of privacy, security, and trust. Ultimately, the focus is on how companies can design products and services that address an individual’s vulnerability.
What CONTriVE aims to do
- Test for individuals’ perception of vulnerability for a set of digital purchases under conditions of low control and low/high trust and vice versa (with institutional perception of individual vulnerability as low and communicated to be low)
- Test for individuals’ perception of vulnerability for a set of digital purchases under conditions of low control and low/high trust and vice versa (with institutional perception of individual vulnerability as high and communicated to be high)
- Redesign Service on the HAT, where individuals own and control their own data and re‐test for individuals’ perception of vulnerability in live environment as indicated above.
- Create business model design principles from the perceived control and trust mechanisms that can be used by businesses to de‐risk business model innovation.
- Support the production of new product/service offerings ‘in the wild’ that can help mitigate individuals’ perceived vulnerability requirements.
- Develop policy recommendations for regulators.
CONTriVE goes beyond a simple understanding of user technology consumption patterns and economic outcomes through use data. We aim to create impact by working with users, businesses, and policy makers . We will engage users directly (by recruiting them for experimental studies) and indirectly (through outreach to the wider HAT community and general public). Our proposed research will improve user decision‐making by applying social‐science concepts and principles to HCI (Human-Computer Interaction) and HDI (Human Data Interaction) problems. At the same time, it will make new contributions to theory in decision science and service systems, by understanding how perceived vulnerability is used by decision makers, how it can be reduced to allow for making more optimal decisions in the future, and how providers can understand vulnerability to better serve the users through development of new products and services.
Our research has impact at three levels:
User Level: We will model and quantify how well users perceive privacy risks, and the interaction between vulnerability and trust, vulnerability and security, vulnerability and control, and vulnerability and privacy. This will provide a much deeper understanding of the importance of perceived vulnerability amongst different users in different contexts, and help overcome the gross over‐simplification of the problem addressed by purely technical solutions.
Business Level: We will explore how different cybersecurity protocols and disclosure mechanisms can impact the levels of user‐perceived control and vulnerability. We will also investigate how businesses can present cybersecurity information to enable better user choice (i.e., how businesses can nudge users into making better and more informed decisions) and explore the development of a privacy index.
Policy Level: We will investigate how we can learn from the well‐developed laws, regulations and social conventions around privacy between users and groups of users, and apply this to decrease self‐perceived vulnerability.
Achieving project aims
Individual subjective vulnerability with regard to cybersecurity issues is an important factor that impacts upon business models and the development of the digital economy. With CONTriVE, we consider vulnerability from the perspectives of three entities, all of which are likely to assess individual vulnerabilities in different ways and would have separate sets of trade-offs against the risks:
- An individual’s perspective of their own vulnerability;
- The perspective of the entity with whom the individual is interacting in the digital domain (ie.another individual, or a business); and
- The institution tasked to regulate and protect all entities within the system (e.g., the state, regulatory body, etc)
CONTRIVE will address this in three stages:
First stage: Creation of a business insights lab within a live environment of volunteer technology users, where individuals’ perception of vulnerability will be measured through digital applications on their mobile phones.
Second stage: Introduction of two types of manipulations within the digital applications that could alleviate vulnerability concerns – Perceived Control mechanisms and Trust‐based mechanisms – to be tested whether and how vulnerability concerns can be moderated and/or mediated.
Third stage: Based on the obtained experimental evidence, the creation of a set of design principles for Business Model design that addresses an individual’s vulnerability concerns.
All of these ‘in the wild’ experiments will be tested on the HAT ecosystem, developed through the RCUK-funded HAT project and now being rolled out by HAT Data Exchange Ltd, a social enterprise that would be licensing commercial HPPs and tasked to manage and regulate the HAT ecosystem.
CONTriVE will implement this “in-the-wild” strategy in order to:
- Measure individual vulnerability with regard to cybersecurity issues, using different contexts and taking into account individual heterogeneity;
- Using these context-dependent measures, propose new business models that would mitigate perceptions of cybersecurity risks;
- Suggest tools for policy makers and regulators to decrease cybersecurity risks via bridging the gap between subjective vulnerability of users and objective vulnerability measured by businesses and other institutions
CONTriVE and the HALL
The rationale behind CONTriVE’s principles is to support the involvement of real users in real‐life environments, where these users, together with researchers, developers, and companies work together in the development of new solutions, products, services and business models.
By using the business and innovation Living Lab principles, CONTriVE will conceptualise integrated solutions in socio‐technical terms, where these solutions are regarded not only as a stand‐alone piece of technology, but also as something that is incorporated with economic, organisational and social elements, and related logics
HALL will support the innovation process for all involved stakeholders, especially end‐users, and aims to do that in real‐life settings with the potential users and their needs as a driving force for innovation. CONTriVE will sit as a sandbox within the HAT live ecosystem in collaboration with the Digital Catapult.