You are here: Resources > FIDIS Deliverables > Interoperability > D4.4: Survey on Citizen's trust in ID systems and authorities > 
Background  Title:
CONCEPTUAL FRAMEWORK
 The Survey

 

Conceptual Framework

 

As the objective of the current survey was to examine citizen’s trust in the institutions responsible for identity management, the literature on trust therefore served as the conceptual starting point for the study.  

 

The concept of trust is seen as a multidimensional construct and has been studied by many different disciplines and defined in many different ways .  The definitions of trust range from ethics-based approaches, at the qualitative end of the spectrum, to economics-based, at the numerical end.  One way to move past the variety of interpretations and categorisations is to focus on a higher-level conceptualisation of trust as a three-part concept involving a truster, attributes of a trustee and a specific context over which trust is conferred .  In the case of the current survey, the trusters are the citizens of the EU, the trustees are the Member State governments and the context is an eID card scheme.   

 

Institution-based Trust. Zucker (1986) grouped trust production into three broad categories; character, process and institutional trust.  Character-based trust is normally on an interpersonal level, where one person decides to trust another on the basis of shared social norms.  Process-based trust depends on reciprocity, or in-kind exchanges.  Finally, institution-based trust is a judgement of institutions rather than of interactions.  Institutional trust works on a broader scope and the decision to trust is made on the basis of signals rather than prior encounters.  Institutional trust is different from interpersonal trust in the sense that when an individual trusts an institution, such as the government of an EU Member State, they do not necessarily trust it to carry out a political act for which they have chosen themselves specifically .  Instead, they are considering the extent to which they trust the government of an EU Member State to fulfil its role in a satisfactory manner. Another way to put it is that an individual does not weigh the potential gains and losses of engaging in an implicit contract with the government, but rather bases trust decisions on expectations that the institutions will ‘do what is right’ .  In dealing with the government and other institutions, process and institutional trust are the two relevant types of trust ; however, this study focus only on institution-based trust.

 

An issue of trust that has implications for an eID card scheme is the often-cited decline in trust.  There is substantial evidence to suggest that over the past several decades society has become less trusting both as a whole, and of government specifically .  Upon further investigation into the decline of trust, it seems that people are not becoming less trustworthy, and that whilst they may say that they do not trust a particular institution, their actions often indicate otherwise.  O’Neill suspects that this so-called decline of trust is actually a culture of suspicion.  Suspicion is a component of distrust and is defined as “when people actively entertain, multiple, possibly rival, hypotheses about the motives or genuineness of a person’s behaviour” (Kramer 1999 p. 587).  Here, suspicion and mistrust could be triggered by being wronged by the government, by bad press about the government or by people not agreeing with government policy .  The current culture of suspicion is another factor that could cause difficulty in gaining support for a government eID scheme.

 

Trust and Risk. According to O’Hara et al. , trust is a method of dealing with uncertainty.  Following this, risk is inherent in trust in that by trusting an institution, you can work more efficiently; however, there is always the risk that you will suffer a loss because your trust was misplaced.  Here, O’Hara defines an institution as, “a group of people organised into roles that, in the case of a guarantor of trust, must perform the checks on behaviour that a reasonably suspicious person would ordinarily wish to do on his own account” (O’Hara p. 85).  From the perspective of a potential eID card user, this means that while there are benefits to be gained from putting trust in such a scheme, such as more efficient travel and convenient health care, if governments of EU Member States do not support a secure and reliable system, users will be faced with a number of identity-related risks. In particular, risks associated with privacy loss, identity fraud and function creep as discussed below.  

 

While there is a growing concern about issues of privacy ,  data protection laws often leave citizens unable to properly manage their data .  So, in the case of ID cards, because citizens find it difficult to manage their data, Bennett and Raab  suggest that they may be willing to give away more control of their data, depending on the extent to which they trust the government .  

 

Concern with function creep was expressed in reports of citizen’s fears that an eID card scheme would be expanded beyond its original scope , thereby infringing upon privacy rights.  Finally, the risk of identity fraud is exacerbated by the very permanence of biometric data.  If citizens are to take a risk with such data, they will need to trust the ability of the governments of EU Member States to secure its use.

 

Trust in ID authorities emerges as a critical issue in implementing interoperable ID cards in Europe.  It is suggested that trust in the government is needed before informal barriers to an interoperable eID card scheme can be overcome. The present survey was thus designed to study the current state of citizens’ institutional trust in the context of a proposed EU-wide eID card scheme.  

 

Drawing from the literature on institutional-based trust, a set of 17 relevant constructs were identified and served as the basis for constructing a further set of 32 statements to which the survey’s respondents indicated their level of agreement.  Grouped into three categories of (1) sources of Trust; (2) Levels of Trust; and (3) Consequences of Trust, the research constructs are introduced in turn, together with the survey’s statements associated with them.

 

 

 

 

Sources of Trust 

The constructs associated with the first category Sources of Trust include: governance, policy, monitoring security, control, understanding, ease of use, and, usefulness. 

Governance, policy and monitoring are, by definition, inter-related constructs that represent a way for the ID card system to be supervised and regulated, thereby providing a form of institution-based structural assurance.  In the survey conducted, these constructs were operationalized using the following statements:

 

Governance 

I believe that my interests will be represented in deciding how ID-ralated data will be exchanged. 

Policy 

I believe that there will be an appropriate legal environment to regulate how my ID data will be exchanged.  

Monitoring 

I believe that the exchange of ID data will be monitored by competent authorities. 

 

The constructs of security, control and understanding have been identified as dimensions of concern for information privacy  and, as such, the perception that these concerns are adequately managed in the ID card system provides structural assurance on an institutional level. In the survey conducted, these constructs were operationalized using the following statements:

 

Security 

I believe that the systems used by the authorities to issue and manage ID cards will not be technically secure. 

Control 

I believe that citizens will be able to keep a good level of control over their personal ID data. 

Understanding 

I feel that I will be able to assess the benefits and risks when allowing my personal data to be shared by ID authorities. 

 

Finally, ease of use and usefulness make up the main body of the Technology Acceptance Model (TAM), which denotes them as necessary factors in the adoption of new technologies .  The perception that ID cards are both useful and easy to use on an EU-wide scope would signify that the proposed system is both needed and reliable, and thusly provide structural assurance. In the survey conducted, these constructs were operationalized using the following statements:

 

Ease of Use 

I feel that I will find the electronic cards difficult to use. 

Usefulness 

I understand the need to exchange ID data across government departments. 

I understand the need to exchange ID data between government and business. 

I understand the need to exchange ID data across different EU countries. 

 

Levels of Trust 

The concepts of trust and trustworthiness are differentiated in that trustworthiness is an attribute of a person while trust is a belief of one person about another person or entity .  Mayer et al.  reviewed the trust literature extensively and found ability, benevolence and integrity to be the most commonly cited factors of perceived trustworthiness.  However, his study had a focus on organisational, rather than institutional trust.  Past work on perceptions of trustworthiness in institutional settings indicate that it is also a two- to three-dimensional concept .  Following this, McKnight et al. (2002) adapted the factors of perceived trustworthiness to institutional trust under the heading of situational normality.  Adapted to the current study, this means that a citizen who perceives high situational normality would believe that, in general, the government exhibits competence, benevolence and integrity.  As such, the sub-constructs for level of trust are perceived competence, benevolence and integrity of the government of an EU Member State in implementing and running an eID scheme. In the current study, these constructs were operationalized using the following statements:

 

Trustworthiness 

I will always be able to rely on ID authorities for help if problems arise with my ID data. 

Competence 

I believe that the authorities that will manage my ID data are professional and competent.  

ID authorities will be competent in dealing with the data they hold on me. 

Benevolence 

I believe that ID authorities will always act in my best interest. 

Integrity 

I believe that ID authorities will be truthful and honest when dealing with my data. 

 

 

 

 

 

 

Consequence of Trust 

The benefits from institutional trust have been widely studied.  From a sociological perspective, institutional trust is necessary for the cohesion of society as a whole .  It is especially important in the information society because it reduces complexity and allows for enough social capital to ensure that society is able to get the most out of globalisation (O’Hara, 2004).  

 

While previous research has clearly shown the benefits of institutional trust, it is still necessary to show whether it has a positive effect on context-specific outcomes.  There is a risk that the lack of institutional trust in the government will cause a general unwillingness to participate in an interoperable ID card scheme.  Thus, sub-constructs to determine the willingness of individuals to participate in different aspects of the scheme were devised.  They are largely based on O’Hara (2004) and Kramer’s (1999) respective findings that institutional trust increases cooperation and deference to authorities.  The sub-constructs for consequences of trust include willingness to share data with authorities, to trade personal data for convenience, and to share data across different governments and institutions.

In the current study, constructs related to consequences of trust were operationalized using the following statements: 

 

Willingness 

I will reveal some of my personal data in exchange for convenience, security and a speedy response. 

 

Interoperability 

I will feel comfortable for my ID data to be shared across government institutions. 

I will feel comfortable for my ID data to be shared between government and businesses. 

I will feel comfortable for my ID data to be shared between different countries in Europe. 

 

Reluctance 

I will be reluctant to apply for something like a job, credit, or insurance because I do not want to provide certain kinds of information about myself 

I will refuse to give information to ID authorities because I think it is too personal. 

I will take action to have my name removed from any list for which I haven’t authorized access to my personal data 

 

Secondary Use 

I believe that ID authorities will not use personal information for any purpose unless they have been authorized by the individuals who provided the information. 

I believe that when people give personal information to ID authorities for a specific purpose, the ID authorities may use the information for another purpose. 

I believe that ID authorities will never share personal information with other authorities unless they have been authorized by the individuals who provided the information. 

 

Unauthorised Access 

I believe that ID authorities will devote sufficient time and effort towards the prevention of unauthorized access to personal information. 

 

Comfort in Relying on Authorities 

I will feel comfortable in relying upon ID authorities to look after my personal data in the ID card system. 

I will feel comfortable in sharing personal data with the ID authorities. 

 

 

Background  D4.4_fidis_deliverable_1.0_final_02.sxw  The Survey
5 / 23