Some of us spent Thursday discussing about privacy and what makes us give our precious personal information away, drawing on prospect and utility theories, econometric models, theories of cognitive bias in decision making as well as the impact of social class and political beliefs. The facilitator, Spyros Kokolakis from the University of Aegean, presented the case of the brand new Greek national ID scheme. This is based on smartcard technology and intended to be used to monitor every single financial transaction for reasons of tackling tax evasion - ambitious as much as controversial!
It was interesting to explore how perceptions of risk vary, depending on contextual anchors, personal experience etc. and consider how their understanding may have a fundamental role in the success of any technological platform, especially in our area of security and privacy. A key observation was that the planning of any intervention based on schemes such as the IDs above, not only does it require a robust technological platform, but also an appreciation for the factors that may facilitate or inhibit its use (or abuse!): perception of value, comfort, fear, perception of risk to name but a few. These are not always easily captured in quantitative or qualitative models and even then, it may be difficult to integrate those into the security design.
And as for the case of the new Greek IDs, if I had any reservations for their effectiveness against tax evasion before, well, those certainly didn't go away after our discussions. But I'll be certainly looking out for the results of Spyros' evaluative research of the scheme.