You are here: Resources > FIDIS Deliverables > Interoperability > D4.4: Survey on Citizen's trust in ID systems and authorities >

Resources

Title:

Table of Contents

Executive Summary

Note: This section is mandatory for all deliverables and should help to give an overview of the topics covered in the document.

This report from the FIDIS project has been created from within the Work Package 4 on Interoperability of Identity and Identity Management Systems. It emerges as the third in a series of investigations into the broadly social aspects concerned with sharing data, especially personal information, in respect of plans for interoperable European electronic ID systems. This survey was designed to investigate attitudes towards a number of issues involved in making eIDs interoperable that were drawn from an underlying theoretical framework of institutional trust. The survey questionnaire used 17 constructs, grouped into three broad categories of (1) sources of trust; (2) levels of trust; and (3) consequences of trust.

A web-based survey was translated into 8 European languages and was made available online over a period of one month in June 2006. Overall there were 1,906 valid responses to the survey with respondents from 23 out of the 25 EU countries. A limitation of the survey was, however, that the response rate from some countries was very low. In this respect, the survey cannot be said to represent all European citizens as such. In addition, this biased response rate prevented a valid comparison across countries.

Findings arising from the analysis of the survey point to an overall negative perception of the ID authorities by EU citizens. The vast majority of the respondents do not trust the institutions; they are seriously critical about the competence of the authorities, and are dubious about their ability to handle personal data. Moreover, they are suspicious of the authorities misusing their identity data. These negative attitudes of citizens hold important implications for any future attempts at implementing eID cards, as these perceptions may well be translated into consequent behaviour, namely, resistance to use or, indeed, non-use. The most negative attitudes were found in respondents from the UK and Ireland, and the least negative in Central and Eastern Europe.

Introduction

The objective of the survey reported in this deliverable was to examine citizen’s trust in the institutions responsible for Identity Management Systems to exchange data in an appropriate manner across government departments, between governments and commerce and between different European countries.

The survey forms part of a research effort to deepen understanding of the social and cultural questions associated with interoperable ID systems. Whilst many of the EU projects in the interoperability domain tend to privilege the engineering and legal perspectives for harmonising and interoperating identity management systems, the place of the citizen’s feelings and perceptions has not been sufficiently considered. This study represents a step in this direction.

The conceptual basis upon which the survey was developed draws from the concept of institution-based trust and in the findings from the interviews of experts in a previous report (FIDIS Deliverable 4.2). The constructs for assessing trust in the survey relate to user’s perceptions of the institutional environment surrounding the issuance and management of an EU-wide eID card scheme.

A web-based survey was translated into 8 European languages and was made available online for a period of one month in June 2006. Respondents of the survey were asked to rate their agreement with a set of 32 statements using a scale from 1 (=strongly agree) to 7 (=strongly disagree). Overall there were 2,918 respondents to the survey, however, the number of respondents used in the analysis was reduced to N=1,906 after omitting invalid responses. Respondents came from 23 out of the 25 EU countries.

This report is organised as follows. The next section (3) provides a brief background to the survey. We outline ID schemes in the different EU countries, highlighting the current diversification. We conclude by re-stating the objective of the survey, arising as it does from the EU desire to facilitate a high level of interconnection and use of new identity management technologies. Section 4 focuses on the conceptual foundation of the survey. The notion of institutional trust and the constituents that served to guide the construction of the survey are introduced. The next section (5) moves on to describing the survey itself, providing information about the structure and questions, and how the survey was delivered and promoted. Then, in section 6, the results of the survey are presented. Demographics as well as overall results pertaining to each of the survey’s statements are provided. This is followed by an analysis, in section 7 which further interrogates the results and draws particular attention to prevailing differences across countries and regions. Finally, section 8 concludes the report with an assessment of some limitations of the survey conducted, and a review of the implications and lessons for the European Community.

Background

In 1919, in the aftermath of World War I, Belgium became the first European country to have identity cards. Today, 21 out of the present 25 EU countries have some form of ID card scheme , which are paper-based systems. The four countries currently with no ID cards are the UK, Ireland, Denmark and Latvia. Of the 21 countries with ID cards, 10 have voluntary schemes; however, the degree to which they are actually voluntary varies. For example, although people residing in France are not technically required to hold an ID card, it is virtually impossible to get by without one as they are connected to important administrative systems, such as state benefits (Beck and Broadhurst 1995).

ID card schemes in the EU vary along other dimensions, such as powers given to authorities demanding to see them and in their functionality. In Germany and Belgium, failure to provide an ID card can lead to a short period in jail while a person’s identity is determined, whereas in Austria and Sweden there is no obligation to carry the cards. While the right to demand to see an ID card is reserved to government officials in most countries, in Luxembourg, Italy and Portugal, other officials, such as bank and post office workers, also have this right .

As for functionality, most ID cards only hold basic information such as name, address and a numerical identifier and are not linked to a central database. The UK Home Office in 2004 caused uproar by proposing an “entitlement card” holding highly personal information such as biometric data and health care records, with the possibility of adding other items such as bank details. The UK plans for the entitlement card have now been scaled back to include only basic personal and biometric data, and the government is moving away from hosting the only ID card scheme that includes a central database.

Though this report focuses on a single, EU-wide eID card scheme, it is important to realise the implications of the variety of European ID cards schemes in implementing an interoperable system. Citizens of states where ID cards are already established are likely to be more ready to accept an EU-wide eID card than states such as the UK. The rights and functionality associated with ID cards in a person’s home state will also have a bearing on their opinion toward such a scheme.

Presently, the EC has stayed away from the issue of interoperable eIDs owing to these varying national and privacy issues. However, it has a desire to integrate public administration and health systems to support the mobility of EU citizens . As in the UK, eID projects from the EC plan for a high level of interconnection and use of new technology.

In light of this trend, this survey was designed to examine citizen’s trust in the institutions responsible for Identity Management Systems to exchange data in an appropriate manner across government departments, between governments and commerce and across European countries. In contrast to many of the EC projects in the interoperability domain which tend to privilege the engineering and legal perspectives for harmonising and interoperating identity management systems, the focus in the present study is placed instead on the citizen’s attitudes and perceptions, issues that have not as yet been sufficiently considered.

Conceptual Framework

As the objective of the current survey was to examine citizen’s trust in the institutions responsible for identity management, the literature on trust therefore served as the conceptual starting point for the study.

The concept of trust is seen as a multidimensional construct and has been studied by many different disciplines and defined in many different ways . The definitions of trust range from ethics-based approaches, at the qualitative end of the spectrum, to economics-based, at the numerical end. One way to move past the variety of interpretations and categorisations is to focus on a higher-level conceptualisation of trust as a three-part concept involving a truster, attributes of a trustee and a specific context over which trust is conferred . In the case of the current survey, the trusters are the citizens of the EU, the trustees are the Member State governments and the context is an eID card scheme.

Institution-based Trust. Zucker (1986) grouped trust production into three broad categories; character, process and institutional trust. Character-based trust is normally on an interpersonal level, where one person decides to trust another on the basis of shared social norms. Process-based trust depends on reciprocity, or in-kind exchanges. Finally, institution-based trust is a judgement of institutions rather than of interactions. Institutional trust works on a broader scope and the decision to trust is made on the basis of signals rather than prior encounters. Institutional trust is different from interpersonal trust in the sense that when an individual trusts an institution, such as the government of an EU Member State, they do not necessarily trust it to carry out a political act for which they have chosen themselves specifically . Instead, they are considering the extent to which they trust the government of an EU Member State to fulfil its role in a satisfactory manner. Another way to put it is that an individual does not weigh the potential gains and losses of engaging in an implicit contract with the government, but rather bases trust decisions on expectations that the institutions will ‘do what is right’ . In dealing with the government and other institutions, process and institutional trust are the two relevant types of trust ; however, this study focus only on institution-based trust.

An issue of trust that has implications for an eID card scheme is the often-cited decline in trust. There is substantial evidence to suggest that over the past several decades society has become less trusting both as a whole, and of government specifically . Upon further investigation into the decline of trust, it seems that people are not becoming less trustworthy, and that whilst they may say that they do not trust a particular institution, their actions often indicate otherwise. O’Neill suspects that this so-called decline of trust is actually a culture of suspicion. Suspicion is a component of distrust and is defined as “when people actively entertain, multiple, possibly rival, hypotheses about the motives or genuineness of a person’s behaviour” (Kramer 1999 p. 587). Here, suspicion and mistrust could be triggered by being wronged by the government, by bad press about the government or by people not agreeing with government policy . The current culture of suspicion is another factor that could cause difficulty in gaining support for a government eID scheme.

Trust and Risk. According to O’Hara et al. , trust is a method of dealing with uncertainty. Following this, risk is inherent in trust in that by trusting an institution, you can work more efficiently; however, there is always the risk that you will suffer a loss because your trust was misplaced. Here, O’Hara defines an institution as, “a group of people organised into roles that, in the case of a guarantor of trust, must perform the checks on behaviour that a reasonably suspicious person would ordinarily wish to do on his own account” (O’Hara p. 85). From the perspective of a potential eID card user, this means that while there are benefits to be gained from putting trust in such a scheme, such as more efficient travel and convenient health care, if governments of EU Member States do not support a secure and reliable system, users will be faced with a number of identity-related risks. In particular, risks associated with privacy loss, identity fraud and function creep as discussed below.

While there is a growing concern about issues of privacy , data protection laws often leave citizens unable to properly manage their data . So, in the case of ID cards, because citizens find it difficult to manage their data, Bennett and Raab suggest that they may be willing to give away more control of their data, depending on the extent to which they trust the government .

Concern with function creep was expressed in reports of citizen’s fears that an eID card scheme would be expanded beyond its original scope , thereby infringing upon privacy rights. Finally, the risk of identity fraud is exacerbated by the very permanence of biometric data. If citizens are to take a risk with such data, they will need to trust the ability of the governments of EU Member States to secure its use.

Trust in ID authorities emerges as a critical issue in implementing interoperable ID cards in Europe. It is suggested that trust in the government is needed before informal barriers to an interoperable eID card scheme can be overcome. The present survey was thus designed to study the current state of citizens’ institutional trust in the context of a proposed EU-wide eID card scheme.

Drawing from the literature on institutional-based trust, a set of 17 relevant constructs were identified and served as the basis for constructing a further set of 32 statements to which the survey’s respondents indicated their level of agreement. Grouped into three categories of (1) sources of Trust; (2) Levels of Trust; and (3) Consequences of Trust, the research constructs are introduced in turn, together with the survey’s statements associated with them.

Sources of Trust

The constructs associated with the first category Sources of Trust include: governance, policy, monitoring security, control, understanding, ease of use, and, usefulness.

Governance, policy and monitoring are, by definition, inter-related constructs that represent a way for the ID card system to be supervised and regulated, thereby providing a form of institution-based structural assurance. In the survey conducted, these constructs were operationalized using the following statements:

Governance

I believe that my interests will be represented in deciding how ID-ralated data will be exchanged.

Policy

I believe that there will be an appropriate legal environment to regulate how my ID data will be exchanged.

Monitoring

I believe that the exchange of ID data will be monitored by competent authorities.

The constructs of security, control and understanding have been identified as dimensions of concern for information privacy and, as such, the perception that these concerns are adequately managed in the ID card system provides structural assurance on an institutional level. In the survey conducted, these constructs were operationalized using the following statements:

Security

I believe that the systems used by the authorities to issue and manage ID cards will not be technically secure.

Control

I believe that citizens will be able to keep a good level of control over their personal ID data.

Understanding

I feel that I will be able to assess the benefits and risks when allowing my personal data to be shared by ID authorities.

Finally, ease of use and usefulness make up the main body of the Technology Acceptance Model (TAM), which denotes them as necessary factors in the adoption of new technologies . The perception that ID cards are both useful and easy to use on an EU-wide scope would signify that the proposed system is both needed and reliable, and thusly provide structural assurance. In the survey conducted, these constructs were operationalized using the following statements:

Ease of Use

I feel that I will find the electronic cards difficult to use.

Usefulness

I understand the need to exchange ID data across government departments.

I understand the need to exchange ID data between government and business.

I understand the need to exchange ID data across different EU countries.

Levels of Trust

The concepts of trust and trustworthiness are differentiated in that trustworthiness is an attribute of a person while trust is a belief of one person about another person or entity . Mayer et al. reviewed the trust literature extensively and found ability, benevolence and integrity to be the most commonly cited factors of perceived trustworthiness. However, his study had a focus on organisational, rather than institutional trust. Past work on perceptions of trustworthiness in institutional settings indicate that it is also a two- to three-dimensional concept . Following this, McKnight et al. (2002) adapted the factors of perceived trustworthiness to institutional trust under the heading of situational normality. Adapted to the current study, this means that a citizen who perceives high situational normality would believe that, in general, the government exhibits competence, benevolence and integrity. As such, the sub-constructs for level of trust are perceived competence, benevolence and integrity of the government of an EU Member State in implementing and running an eID scheme. In the current study, these constructs were operationalized using the following statements:

Trustworthiness

I will always be able to rely on ID authorities for help if problems arise with my ID data.

Competence

I believe that the authorities that will manage my ID data are professional and competent.

ID authorities will be competent in dealing with the data they hold on me.

Benevolence

I believe that ID authorities will always act in my best interest.

Integrity

I believe that ID authorities will be truthful and honest when dealing with my data.

Consequence of Trust

The benefits from institutional trust have been widely studied. From a sociological perspective, institutional trust is necessary for the cohesion of society as a whole . It is especially important in the information society because it reduces complexity and allows for enough social capital to ensure that society is able to get the most out of globalisation (O’Hara, 2004).

While previous research has clearly shown the benefits of institutional trust, it is still necessary to show whether it has a positive effect on context-specific outcomes. There is a risk that the lack of institutional trust in the government will cause a general unwillingness to participate in an interoperable ID card scheme. Thus, sub-constructs to determine the willingness of individuals to participate in different aspects of the scheme were devised. They are largely based on O’Hara (2004) and Kramer’s (1999) respective findings that institutional trust increases cooperation and deference to authorities. The sub-constructs for consequences of trust include willingness to share data with authorities, to trade personal data for convenience, and to share data across different governments and institutions.

In the current study, constructs related to consequences of trust were operationalized using the following statements:

Willingness

I will reveal some of my personal data in exchange for convenience, security and a speedy response.

Interoperability

I will feel comfortable for my ID data to be shared across government institutions.

I will feel comfortable for my ID data to be shared between government and businesses.

I will feel comfortable for my ID data to be shared between different countries in Europe.

Reluctance

I will be reluctant to apply for something like a job, credit, or insurance because I do not want to provide certain kinds of information about myself

I will refuse to give information to ID authorities because I think it is too personal.

I will take action to have my name removed from any list for which I haven’t authorized access to my personal data

Secondary Use

I believe that ID authorities will not use personal information for any purpose unless they have been authorized by the individuals who provided the information.

I believe that when people give personal information to ID authorities for a specific purpose, the ID authorities may use the information for another purpose.

I believe that ID authorities will never share personal information with other authorities unless they have been authorized by the individuals who provided the information.

Unauthorised Access

I believe that ID authorities will devote sufficient time and effort towards the prevention of unauthorized access to personal information.

Comfort in Relying on Authorities

I will feel comfortable in relying upon ID authorities to look after my personal data in the ID card system.

I will feel comfortable in sharing personal data with the ID authorities.

The Survey

An online survey was uploaded to a Web Server and was made available between June 1st and June 30th, 2006.

The aim of the survey was put forward in the opening page as shown below. This was followed by a privacy policy statement.

Survey respondents were asked to rate their agreement with 32 statements on a seven-point Likert scale specified in 5.1 below. Each statement was designed to correspond with one of the trust-related constructs as indicated in section 4 above.

Citizens were also asked to respond to 10 demographic questions based on those asked on the well established Euro-barometer survey . These are specified in section 5.2 below.

Respondents were also given the option of making an open free-text response at the end of the survey.

We requested that only EU citizens should respond to the survey which was offered in eight different languages in order to maximise the diversity of respondents. The languages offered were: English, German, French, Spanish, Hungarian, Greek, Czech and Polish.

The chosen survey provider was surveymonkey.com and screenshots of the survey can be found in Annex 1 below.

The survey was promoted by all the participating organisations of FIDIS and in all eight languages. The basic promotion strategy was to have members of the research team use their personal contacts, professional groups and the mailing lists of groups to which they belong. Links to the survey were also placed on the LSE (www.lse.ac.uk) and FIDIS (www.fidis.net) websites and in various press releases.

Survey Statements

Q1: I believe that the authorities that will manage my ID data are professional and competent.

Q2: I believe that citizens will be able to keep a good level of control over their personal ID data

Q3: I believe that there will be an appropriate legal environment to regulate how my ID data will be exchanged.

Q4: I believe that my interests will be represented in deciding how ID data will be exchanged

Q5: I believe that the exchange of ID data will be monitored by competent authorities

Q6: I believe that the systems used by the authorities to issue and manage ID cards will not be technically secure

Q7: I feel that I will be able to assess the benefits and risks when allowing my personal data to be shared by ID authorities

Q8: I feel that I will find the electronic cards difficult to use.

Q9: I understand the need to exchange ID data across government departments

Q10: I understand the need to exchange ID data between government and business

Q11: I understand the need to exchange ID data across different EU countries

Q12: I believe that ID authorities will not use personal information for any purpose unless they have been authorized by the individuals who provided the information

Q13: I believe that when people give personal information to ID authorities for a specific purpose, the ID authorities may use the information for another purpose

Q14: I believe that ID authorities will never share personal information with other authorities unless they have been authorized by the individuals who provided the information

Q15: I believe that ID authorities will devote sufficient time and effort towards the prevention of unauthorized access to personal information

Q16: Companies will take enough steps to make sure that unauthorized people cannot access personal information in their computers

Q17: Companies will take enough steps to make sure that the personal information in their files is accurate

Q18: I will have little control over my data but I will rely on the authorities that manage it

Q19: I will feel comfortable in relying upon ID authorities to look after my personal data in the ID card system

Q20: I will confidently accept the guarantees offered by the ID authorities for protecting my data.

Q21: I will always be able to rely on ID authorities for help if problems arise with my ID data

Q22: I believe that ID authorities will always act in my best interest

Q23: I believe that ID authorities will be truthful and honest when dealing with my data

Q24: ID authorities will be competent in dealing with the data they hold on me.

Q25: I will feel comfortable in sharing personal data with the ID authorities.

Q26: I will reveal some of my personal data in exchange for convenience, security and a speedy response

Q27: I will feel comfortable for my ID data to be shared across government institutions

Q28: I will feel comfortable for my ID data to be shared between government and businesses

Q29: I will feel comfortable for my ID data to be shared between different countries in Europe

Q30: I will be reluctant to apply for something like a job, credit, or insurance because I do not want to provide certain kinds of information about myself

Q31: I will refuse to give information to ID authorities because I think it is too personal.

Q32: I will take action to have my name removed from any list for which I haven’t authorised access to my personal data

5.2 Demographic Questions

1. In political matters people talk of “the left” and “the right”. On a scale of 1 to 10 (1 being the farthest left and 10 being the farthest right), please rate your views.

2. Please select the option that best corresponds to your current situation (Married, Divorced, Widowed, Single, Living with Partner).

3. What is your main occupation?

4. How old were you when you stopped full-time education?

5. What is your gender?

6. Please enter your age.

7. In which European country do you live?

8. Would you say you live in a rural village, small town or large town?

Results

Response rate

Overall, there were 2,918 responses to the survey. Respondents came from 23 out of the current 25 EU member countries. After omitting those that were incomplete or were completed by individuals not from a member country of the EU, the number of responses was eventually reduced to the 1,907 used in the analysis. The breakdown of responses by country is provided in table 1 below.

Table 1: Breakdown of Respondents by Country

Country	Responses
Austria	34
Belgium	26
Czech Republic	24
Denmark	4
Estonia	3
Finland	5
France	17
Germany	1206
Greece	17
Hungary	112
Ireland	8
Italy	7
Latvia	1
Lithuania	2
Luxembourg	3
Malta	1
Netherlands	4
Poland	5
Portugal	2
Slovakia	6
Spain	33
Sweden	8
UK and Ireland	379

The overall results of the survey are provided in the tables that follow. Demographic characteristics of the respondents are provided here.

6.2 Demographics

Minimum: 15 years of age

Maximum: 77 years of age

Mean: 33,85 years of age

The survey respondents is dominated by a relatively young population.

1. 1. Size of the settlement

Type of settlement	Percentage
Rural area or village	12,6
Small or middle sized town	35,1
Large town	52,2

1. 1. Gender

Sex	Frequency	Percentage
Female	327	17,14735
Male	1579	82,80021

Male respondents are heavily over-represented in the survey.

Political view

Mean: 4,53 on a 10 number scale

Overall results

The tables below represent overall results as they relate to the 32 statements of the survey.

For each statement, the distribution of responses in terms of level of agreement is indicated in percentage. Results pertain to the entire sample that include a total of N=1906 valid completed questionnaires.

Analysis

Having introduced the overall results of the survey in the previous chapter, this chapter presents an analysis of the survey data. As mentioned in section 5.1 above, survey respondents were asked to rate their agreement with a list of statements on a seven-point Likert scale. The advantage of using this scale is that valid responses can be represented by numbers ranging from 1 to 7. In our case, 1 represents strong agreement with the statement and 7 strong disagreement. In the analysis, we treated the Likert scale as an interval-scale for which mean and standard deviation can be interpreted. The midpoint of the scale is at 4 (as the scale starts at 1). In the presentation that follows, we maintain the original structure of answers, where numbers less than 4 show degrees of agreement with the statement and numbers greater than 4 show disagreement. Four is the middle point of the scale, which we interpret here as neither agree nor disagree.

Using the conceptual framework discussed in chapter 3 above, the analysis is organized in 17 sections representing the research constructs. The 32 statements comprising the survey are discussed in relation to their respective constructs hence some of the sections are composed of only one statement, while some others have two or more.

While respondents to the survey came from 23 out of the 25 EU countries, low response rates from some of the countries prevented a valid comparison across countries.

UK & Ireland
Austria, Germany & Scandinavia
Benelux & France
Central and Eastern Europe
Southern Europe

Besides systematically comparing response means across these five regions, aspects of demographic variation were analyzed for most of the questions. Those variables were not used for groups that were highly under-represented. The following demographic variables were used for this analysis:

age,
gender,
settlement size
education.

The questionnaire also contained a question about the extent to which users provide personal data online in the past month. Similar comparisons by region were carried out for this variable.

The following sections present regional analysis pertaining to each of the research constructs. In cases of reversed questions, we reverse the scale’s polarity for the analysis. The values higher than four will now mean a positive attitude towards the e ID, similar to other, non-reversed items. This way, the charts will be easier to compare. Clearly, we indicate cases in which the scale has been reversed.

Competence

I believe that the authorities that will manage my ID data are professional and competent.

ID authorities will be competent in dealing with the data they hold on me.

Competence of ID authorities in dealing with or managing ID data received a negative overall evaluation. UK and Ireland rate highest and the mean for Southern Europe is around the scale midpoint. The only exception is Central and Eastern Europe, where the response mean is slightly below 4 for both statements.

One of the statements about the competence of ID authorities was compared across types of settlement. For each settlement type the percentage of those respondents who disagree is above 70%. It is interesting that respondents from large towns have shown slightly less negative attitude.

Control

I believe that citizens will be able to keep a good level of control over their personal ID data.

The level of citizen control over ID data was considered generally low, with an overall mean of 5.7. Here again, UK and Ireland rated highest (6.1), and Central and Eastern Europe was lowest. It may also be noted that there is more pessimism on this issue in Southern Europe than in the case of ID authorities’ control.

We asked the respondents how old they were when they finished their studies. In addition, 28 percent of our respondents declared themselves current students. In most of the 32 questions the students were more positive than those respondents who had already finished their studies. The number of ‘strongly disagree’ answers was lower in the group of respondents with fewer years of education.

Policy

I believe that there will be an appropriate legal environment to regulate how my ID data will be exchanged.

The majority of respondents did not agree that there will be an appropriate legal environment for regulating the exchange of ID data, but this area was seen in a more positive light than either ID authorities’ competence or citizen control over personal ID data, with Southern Europe below the midpoint. The mean for Central and Eastern Europe was again the lowest.

It is particularly interesting to look at the effect of the number of recent ID data transactions on expectations about an appropriate legal environment. An important difference can be discerned on the basis of whether the respondent had made a transaction or not. The majority of those who had made no transaction did not agree that there will be an appropriate legal environment, while disagreement was lower among those who had made at least one transaction. For those respondents having made at least 6 transactions, there is an important group in agreement.

Male respondents turned out to be more pessimistic about creating the appropriate legal environment than female respondents. A very similar gender bias was found in the majority of the 32 statements.

Governance

I believe that my interests will be represented in deciding how ID data will be exchanged.

Respondents tend to disagree that their interests will be represented in deciding how ID data will be exchanged. Respondents from UK and Ireland are the most pessimistic, but Austria, Germany and Scandinavia come very close. The average for Central and Eastern Europe is at the midpoint of the agreement scale.

Gender differences were again important for the issue of governance, woman respondents were slightly more optimistic about their chances of influencing decisions.

The size of settlement has little effect on opinions about the issue of governance. Irrespective of settlement size, more than two thirds of respondents disagree that their interests will be taken into consideration.

Monitoring

I believe that the exchange of ID data will be monitored by competent authorities.

Respondents are slightly more optimistic about monitoring the exchange of ID data, but overall responses are still negative. Central and Eastern Europe show an important level of optimism, with a mean of 3.3.

Here again, males are more pessimistic than females.

Security

I believe that the systems used by the authorities to issue and manage ID cards will not be technically secure.

The majority of respondents consider that forthcoming ID data systems will be technically insecure. Here again, UK and Ireland rate the highest, and the mean of Southern Europe is close to that of the Benelux countries and France taken together. In Central and Eastern Europe the response mean is slightly below 4.

In all types of settlements the chances for a technically secure system are deemed generally low, and in rural and village areas the percentage of disagreement was stronger than in larger settlements.

Understanding

I feel that I will be able to assess the benefits and risks when allowing my personal data to be shared by ID authorities.

Respondents are divided in their perceptions as to whether they will be able to assess the benefits and risks when allowing their personal data to be shared by ID authorities. The mean for this statement was near the midpoint. Opinions about their own abilities were especially positive in Austria, Germany and Scandinavia as well as the recent accession EU member states.

Other than regional effects, age is also an important factor for agreement with this statement. Younger respondents tend to consider that they will indeed be able to assess the benefits and risks of sharing personal data with ID authorities, while older respondents feel this will be more difficult for them.

Ease of Use

I feel that I will find the electronic cards difficult to use.

Originally, response values for the statement about usability were reversed, since respondents were asked to consider a negative statement. For the sake of clarity, the scale has been changed, so higher values mean negative attitude in this chart as well. Respondents from the UK or Ireland were the most optimistic about being able to use the electronic cards. The majority of respondents from Central and Eastern Europe thought that the future cards will be rather difficult to use.

The effect of age on the perceived difficulty of card usage is relatively strong. Interestingly, the younger respondents were slightly more negative about the difficulty of the future electronic cards.

1. Usefulness

I understand the need to exchange ID data across government departments.

I understand the need to exchange ID data between government and business.

I understand the need to exchange ID data across different EU countries.

In all five regions the exchange of ID data between government and business received the highest disagreement score, with an overall mean of 6.2 on the seven grade scale. Austria, Germany and Scandinavia together were the most negative about the exchange of ID data. The overall mean of data exchange across government departments (4.4) is surprisingly positive. Data exchange between government departments as well as between different EU countries comes out well supported, especially in the new member countries and the southern part of Europe.

In all types of settlements the acceptance of data exchange between the government and the private sector was strongly declined. The number of ‘strongly disagree’ answers is close to 70 percent in each groups of settlement.

The vast majority of the respondents did not agree with the need to exchange ID data within the EU. In this particular question it is interesting to examine the effect of home settlement size. In the rural area, the amount of strong disagreement was higher than in large towns.

Approximately two thirds of those who had made no transaction had negative attitudes about the exchange of ID data between the different European countries. However the amount of positive attitude towards the exchange of ID data gets higher with the growing number of online transactions made in the last month. A small majority of those respondents having made more then 10 transactions did not support the idea of data exchange in European level.

I believe that ID authorities will not use personal information for any purpose unless they have been authorized by the individuals who provided the information.

I believe that when people give personal information to ID authorities for a specific purpose, the ID authorities may use the information for another purpose.

I believe that ID authorities will never share personal information with other authorities unless they have been authorized by the individuals who provided the information.

A high number of respondents rejected the unauthorized usage of personal data, and many believe that ID authorities will indeed use the personal information without permission. However the respondents were divided as to whether authorities will use personal data for a purpose different from the original, with an overall mean at the midpoint. The differences between the five regions were smaller for this specific question, only the United Kingdom and Ireland had a stronger negative response mean (5.3) while most others notably Austria, Germany and Scandinavia tend to trust slightly more their governments.

A majority of respondents does not believe that ID authorities will not use their personal information for a purpose different from the original. In the 15-24 age range the amount of answers ‘strongly disagree’ are much lower then in the group of older respondents.

A vast majority of the respondents do not believe that the ID authorities will manage their data with goodwill. However, the respondents still studying seem to be more positive about ID authorities. The amount of ‘strongly disagree’ answers is still 28 percent in this group.

Respondents tend to disagree that the ID authorities will devote sufficient time and effort towards the prevention of unauthorized access to personal information. Here again, UK and Ireland rated highest (5.6), and Central and Eastern Europe and Southern Europe were lowest.

I will always be able to rely on ID authorities for help if problems arise with my ID data.

The ability of ID authorities to help if problems arise received an overall negative evaluation with a 5.0 score mean. Here UK and Ireland had the most sceptical view, the mean for Central and Eastern Europe was again the lowest.

We found an interesting effect of age on relying on ID authorities for help if problems arise. In contrast, younger respondents agreed with the statement more often, when compared to the older respondents.

I believe that ID authorities will always act in my best interest.

I believe that ID authorities will be truthful and honest when dealing with my data.

As we can see from the diagram above, the majority of respondents did not believe that ID authorities would act in their interest or deal fairly with their data, with an overall mean of 6.0 and 5.4. UK and Ireland rate highest together with the group of Austria, Germany and Scandinavia.

In this question respondents who declared themselves students were more positive than other respondents who had already finished their studies. The number of ‘strongly disagree’ answers was much lower in the group of students. Still, more than two thirds of the students did not believe that authorities will deal with their data fairly. Among the students, 71 percent chose 5 to 7 on the 7 grade scale, while 82 percent had the same attitudes in the group of respondents who finished their studies younger then 21.

I will feel comfortable in relying upon ID authorities to look after my personal data in the ID card system.

I will feel comfortable in sharing personal data with the ID authorities.

The questions about trust received a negative overall evaluation. The mean of responses about the ID authorities’ effort to look after personal data received 5.9 score overall on the seven point scale. Some of the respondents were more positive about sharing their data with the authorities. UK and Ireland showed a high mean in both questions, while the respondents from new EU member states were the most optimistic.

The number of online transactions made in the last month correlates positively with the acceptance of ID authorities’ efforts; the respondents with recent experience of online transactions tended to report willingness to share their personal data more comfortably.

I will reveal some of my personal data in exchange for convenience, security and a speedy response.

Respondents showed some willingness to reveal their personal data, with an overall mean of 4.8. Central and Eastern Europe has the lowest mean, which indicates the most positive attitude towards the system. In this question Austria, Germany and Scandinavia gain the higher mean, followed closely by UK and Ireland. Southern Europe and the group of the Benelux states and France were close to the midpoint.

Almost half of the respondents without experience of online transactions from the last month strongly disagreed with the statement about their willingness to reveal personal data. At the same time, the overall representation of the question was much more positive in the group of people who in the past month had provided their details online.

I will feel comfortable for my ID data to be shared across government institutions.

I will feel comfortable for my ID data to be shared between government and businesses.

I will feel comfortable for my ID data to be shared between different countries in Europe.

The responses regarding the interoperability of the provided ID data had an interesting distribution. The overall reception of the cooperation between government and business was very low (6.4), while there was only some reluctance to share data within the government (5.1) or across different European countries (5.3). This pattern can be found in all the five regions.

The age of respondents created highly visible differences in the judgment of ID data sharing across European member states. The level of strong disagreement was only 30 percent in the age group 15-24, while 51 percent measured in the age group 55 years and older. The values of agreement were slightly higher in the group of younger respondents, but still the overall mean showed rejection.

I will be reluctant to apply for something like a job, credit, or insurance because I do not want to provide certain kinds of information about myself

I will refuse to give information to ID authorities because I think it is too personal.

I will take action to have my name removed from any list for which I haven’t authorized access to my personal data

Despite the fact that respondents generally seem to be dissatisfied with the future ID card system and the ID authorities, the majority of respondents do not take steps to remove personal data from any unauthorized list, neither do they refuse to give personal information in some situations when asked.

Female respondents reported reservation more frequently about giving their personal information in certain situations, such as when applying for a job or for banking and insurance purposes.

The resistance to supplying certain kinds of personal information is not differentiated by the types of settlement. In all sizes of settlement the vast majority of respondents disagree or strongly disagree with the statement offered.

7. 18

The analysis of the survey’s results presented in this chapter points to an overall negative reputation of the ID authorities as perceived by EU citizens. A vast majority of the respondents do not have trust in the institutions; they are seriously critical about the competency of the authorities, and are dubious about the authorities’ ability to handle personal data.

Of the 25 European Union countries, we received answers from 23 countries. However, the low number of responses from some of the countries and the lack of representativeness did not allow us to compare individual countries, but only regions.

A systematic comparison of response means across the five regions indicates that respondents from UK and Ireland were the most negative in almost all attitudinal questions. Germany, Austria, Finland and the Scandinavian countries were quite close to the mean of the responses from UK & Ireland in all cases. Since these were the two biggest groups, the overall mean of the answers was close to the mean in the above two regions.

At the same time, respondents form Central and Eastern Europe were at the other end of the attitudinal scale. For these countries responses to most of the questions were the most positive. Respondents from this region were less critical about the ID authorities in general.

The southern part of Europe shows the most interesting structure of answers, the standard deviation was the highest here. In other words, the answers show the biggest variance in these countries. A possible reason for the big variance is the cultural diversity of the region we called Southern Europe.

Central and Eastern Europe, by contrast, presented the highest level of acceptance. Respondents from this region appear much less worried about the way in which their personal ID data will be managed. For example, they accept that the ID authorities may use the information for purposes different from the original.

Gender differences feature strongly in some of the responses. In general, male respondents were more negative in their views. In the questions about the legal framework, the difference was 20 percent between the number of “strongly disagree” answers for the groups of women and men respectively.

Besides gender, the age of respondents showed a strong effect on responses. Younger respondents generally tended to report much more openness about the new ID card, and less criticism on ID authorities. Older respondents form a special group, especially the age group 40 and 54, who were the most negative in all questions.

The size of the settlement and the years spent in education had much smaller effects. The answers were typically divided into two groups: respondents from large towns had slightly more pessimistic ideas about the future of ID cards, while the respondents who live in the countryside were more optimistic.

Finally, education has almost no effect on the answers. This result may be link to the lack of data sampling in the survey. Current involvement in education made a clearly visible difference, as the students had much lower values, that is, they generally accept the new technology and the authorities who are to manage ID data.

Conclusion

The objective of the survey reported in this deliverable was to examine citizen’s trust in the authorities responsible for Identity Management Systems in the context of an EU-wide eID scheme. In light of the EU desire to facilitate a high level of interconnection and to use new identity management technologies, focus was placed on the extent to which citizens trust the authorities to exchange data in an appropriate manner across government departments, between governments and commerce and across European countries.

Drawing on the literature on institutional-based trust, a set of relevant constructs were identified and used as the basis for constructing a further set of statements on which the survey’s respondents indicated their level of agreement. These were grouped into three broad categories of (1) sources of trust; (2) levels of trust; and (3) consequences of trust. The constructs for assessing trust in the survey relate to the citizen’s perceptions of the institutional environment surrounding the issuance and management of an eID card scheme.

A web-based survey was translated into 8 European languages and was made available online over a period of one month in June 2006. Respondents of the survey were asked to rate their agreement with a set of 32 statements using a Likert scale from 1 (=strongly agree) to 7 (=strongly disagree). Overall there were 1,906 valid responses to the survey with respondents from 23 out of the 25 EU countries. A limitation of the survey was, however, that the response rate from some countries was very low. In this respect, the survey cannot be said to represent European citizens as such. In addition, this biased response rate prevented a valid comparison across countries.

Further analysis of the survey results point to the role of demographic characteristics. It was found that gender features strongly in citizens’ perception of trust; in general, male respondents were more negative in their views. In the questions about the legal framework, the difference was 20 percent between the number of “strongly disagree” answers for the groups of women and men respectively. The age group of respondents has shown a strong effect on responses. Younger respondents generally tended to exhibit more openness towards the new ID card and less criticism towards the ID authorities. Older respondents form a special group, especially the age group 40 and 54, which came out as the most negative in all questions. Nevertheless, extensive use of the Internet tends to lower perceptions of strong disagreement. Gender and age group are independent variables that cannot be manipulated, nevertheless implications of the findings related to these variables suggest practical considerations if targeted intervention to influence public opinion is to be undertaken.

Similar implications may be drawn from the systematic comparison of response means across five European regions. Findings indicate that respondents from UK and Ireland were the most negative in almost all attitudinal questions. This may be linked with the particular ID policy and practice mainly, the lack of ID cards in these countries and the public debates currently taking place in the UK. On the other hand, Germany, Austria, Finland and the Scandinavian countries were quite close to the mean of the responses from UK & Ireland in all cases. Since these were the two biggest groups, the overall mean of the answers was close to the mean in the above two regions. At the same time, respondents from Central and Eastern Europe were at the other end of the attitudinal scale. For these countries responses to most of the questions were the most positive. Respondents from this region were less critical about the ID authorities in general. The southern part of Europe shows the most diverse structure of answers, the standard deviation was the highest here. In other words, the answers show the biggest variance in these countries.

Within the group of respondents from UK and Ireland the strongest negative attitude is found in the judgement of ability to assess the benefits and risks when giving personal data to ID authorities. These respondents did not believe that the companies involved in the ID card project will be able to protect the citizens´ personal data. Thus, the general level of institutional trust was very low in this region. Central and Eastern Europe, in contrast, presented the highest level of acceptance. Respondents from this region appear much less worried about the way in which their personal ID data will be managed.