Table of Contents 

Abstract

This research addresses the social aspects associated with sharing data, especially personal information, in respect of plans for interoperable European electronic ID systems. The paper reports on a survey which was designed to investigate EU citizens’ perceptions and attitudes towards issues involved in making eIDs interoperable. The construction of the survey drew from an underlying conceptual framework of institutional trust.  

A web-based survey was translated into 8 European languages and was made available online over a period of one month in June 2006. Overall there were 1,906 valid responses to the survey with respondents from 23 out of the 25 EU countries. A limitation of the survey was, however, that the response rate from some countries was very low. In this respect, the survey cannot be said to be fully representative of all European citizens.  

Findings arising from the analysis of the survey point to an overall negative perception of the ID authorities by EU citizens. The vast majority of the respondents do not trust the relevant institutions; they are seriously critical about the competence of the authorities, and are dubious about their ability to handle personal data with appropriate care. Moreover, they are suspicious of the authorities misusing their identity data. These negative attitudes of citizens hold important implications for any future attempts at implementing eID cards, as these perceptions may well be translated into subsequent behaviours, namely, resistance to use or, indeed, non-use.  The most negative attitudes were found in respondents from the UK and Ireland, and the least negative in Central and Eastern Europe.

Introduction

This paper reports on a survey study that examined citizen’s trust in the institutions responsible for Identity Management Systems to exchange data across government departments, between governments and commerce and between different European countries.  

The survey forms part of a research effort to deepen understanding of the social and cultural questions associated with interoperable ID systems. Whilst many of the EU projects in the interoperability domain tend to privilege the engineering and legal perspectives for harmonising and interoperating identity management systems, the place of the citizen’s feelings and perceptions has not been sufficiently considered. This study represents a step in this direction. 

The conceptual basis upon which the survey was developed draws from the concept of institution-based trust and in the findings from the interviews of experts in a previous report (Backhouse, 2005). The constructs for assessing trust in the survey relate to user’s perceptions of the institutional environment surrounding the issuance and management of an EU-wide eID card scheme. 

A web-based survey was translated into 8 European languages and was made available online for a period of one month in June 2006. Respondents of the survey were asked to rate their agreement with a set of 32 statements using a scale from 1 (=strongly agree) to 7 (=strongly disagree). Overall there were 2,918 respondents to the survey, however, the number of respondents used in the analysis was reduced to N=1,906 after omitting invalid responses. Respondents came from 23 out of the 25 EU countries. 

The paper is organised as follows. The next section provides a brief background to the survey. We outline ID schemes in the different EU countries, highlighting the current diversification. We conclude by re-stating the objective of the survey, arising as it does from the EU desire to facilitate a high level of interconnection and use of new identity management technologies. The next part of the paper (2) focuses on the conceptual foundation of the survey. The notion of institutional trust and the constituents that served to guide the construction of the survey are introduced. This is followed by a section on Method (3), describing the survey itself, providing information about the structure and questions, and how the survey was delivered and promoted. Then, in section 4, key findings from the survey are presented. Finally, section 5 concludes the paper with an assessment of some limitations of the survey conducted, and a review of the implications and lessons for the European Community.  

In 1919, in the aftermath of World War I, Belgium became the first European country to have identity cards. Today, 21 out of the present 25 EU countries have some form of ID card scheme , which are paper-based systems.  The four countries currently with no ID cards are the UK, Ireland, Denmark and Latvia. Of the 21 countries with ID cards, 10 have voluntary schemes; however, the degree to which they are actually voluntary varies.  For example, although people residing in France are not technically required to hold an ID card, it is virtually impossible to get by without one as they are connected to important administrative systems, such as state benefits (Beck and Broadhurst 1995).

ID card schemes in the EU vary along other dimensions, such as powers given to authorities demanding to see them and in their functionality.  In Germany and Belgium, failure to provide an ID card can lead to a short period in jail while a person’s identity is determined, whereas in Austria and Sweden there is no obligation to carry the cards.  While the right to demand to see an ID card is reserved to government officials in most countries, in Luxembourg, Italy and Portugal, other officials, such as bank and post office workers, also have this right .  

As for functionality, most ID cards only hold basic information such as name, address and a numerical identifier and are not linked to a central database.  The UK Home Office in 2004 caused uproar by proposing an “entitlement card” holding highly personal information such as biometric data and health care records, with the possibility of adding other items such as bank details.  The UK plans for the entitlement card have now been scaled back to include only basic personal and biometric data, and the government is moving away from hosting the only ID card scheme that includes a central database.

Though this report focuses on a single, EU-wide eID card scheme, it is important to realise the implications of the variety of European ID cards schemes in implementing an interoperable system.  Citizens of states where ID cards are already established are likely to be more ready to accept an EU-wide eID card than states such as the UK.  The rights and functionality associated with ID cards in a person’s home state will also have a bearing on their opinion toward such a scheme.  

Presently, the EC has stayed away from the issue of interoperable eIDs owing to these varying national and privacy issues.  However, it has a desire to integrate public administration and health systems to support the mobility of EU citizens .  As in the UK, eID projects from the EC plan for a high level of interconnection and use of new technology.

In light of this trend, the survey conducted was designed to examine citizen’s trust in the institutions responsible for Identity Management Systems to exchange data in an appropriate manner across government departments, between governments and commerce and across European countries. In contrast to many of the EC projects in the interoperability domain which tend to privilege the engineering and legal perspectives for harmonising and interoperating identity management systems, the focus in the present study is placed instead on the citizen’s attitudes and perceptions, issues that have not as yet been sufficiently considered.  

Conceptual Framework and Construction of Survey

As the objective of the current survey was to examine citizen’s trust in the institutions responsible for identity management, the literature on trust therefore served as the conceptual starting point for the study.  

The concept of trust is seen as a multidimensional construct and has been studied by many different disciplines and defined in many different ways .  The definitions of trust range from ethics-based approaches, at the qualitative end of the spectrum, to economics-based, at the numerical end.  One way to move past the variety of interpretations and categorisations is to focus on a higher-level conceptualisation of trust as a three-part concept involving a truster, attributes of a trustee and a specific context over which trust is conferred .  In the case of the current survey, the trusters are the citizens of the EU, the trustees are the Member State governments and the context is an eID card scheme.   

Institution-based Trust. Zucker (1986) grouped trust production into three broad categories; character, process and institutional trust.  Character-based trust is normally on an interpersonal level, where one person decides to trust another on the basis of shared social norms.  Process-based trust depends on reciprocity, or in-kind exchanges.  Finally, institution-based trust is a judgement of institutions rather than of interactions.  Institutional trust works on a broader scope and the decision to trust is made on the basis of signals rather than prior encounters.  Institutional trust is different from interpersonal trust in the sense that when an individual trusts an institution, such as the government of an EU Member State, they do not necessarily trust it to carry out a political act for which they have chosen themselves specifically .  Instead, they are considering the extent to which they trust the government of an EU Member State to fulfill its role in a satisfactory manner. Another way to put it is that an individual does not weigh the potential gains and losses of engaging in an implicit contract with the government, but rather bases trust decisions on expectations that the institutions will ‘do what is right’ .  In dealing with the government and other institutions, process and institutional trust are the two relevant types of trust ; however, this study focus only on institution-based trust.

An issue of trust that has implications for an eID card scheme is the often-cited decline in trust.  There is substantial evidence to suggest that over the past several decades society has become less trusting both as a whole, and of government specifically .  Upon further investigation into the decline of trust, it seems that people are not becoming less trustworthy, and that whilst they may say that they do not trust a particular institution, their actions often indicate otherwise.  O’Neill suspects that this so-called decline of trust is actually a culture of suspicion.  Suspicion is a component of distrust and is defined as “when people actively entertain, multiple, possibly rival, hypotheses about the motives or genuineness of a person’s behaviour” (Kramer 1999 p. 587).  Here, suspicion and mistrust could be triggered by being wronged by the government, by bad press about the government or by people not agreeing with government policy .  The current culture of suspicion is another factor that could cause difficulty in gaining support for a government eID scheme.

Trust and Risk. According to O’Hara et al. , trust is a method of dealing with uncertainty.  Following this, risk is inherent in trust in that by trusting an institution, you can work more efficiently; however, there is always the risk that you will suffer a loss because your trust was misplaced.  Here, O’Hara defines an institution as, “a group of people organised into roles that, in the case of a guarantor of trust, must perform the checks on behaviour that a reasonably suspicious person would ordinarily wish to do on his own account” (O’Hara p. 85).  From the perspective of a potential eID card user, this means that while there are benefits to be gained from putting trust in such a scheme, such as more efficient travel and convenient health care, if governments of EU Member States do not support a secure and reliable system, users will be faced with a number of identity-related risks. In particular, risks associated with privacy loss, identity fraud and function creep as discussed below.  

While there is a growing concern about issues of privacy ,  data protection laws often leave citizens unable to properly manage their data .  So, in the case of ID cards, because citizens find it difficult to manage their data, Bennett and Raab  suggest that they may be willing to give away more control of their data, depending on the extent to which they trust the government .  

Concern with function creep was expressed in reports of citizen’s fears that an eID card scheme would be expanded beyond its original scope , thereby infringing upon privacy rights.  Finally, the risk of identity fraud is exacerbated by the very permanence of biometric data.  If citizens are to take a risk with such data, they will need to trust the ability of the governments of EU Member States to secure its use.

Trust in ID authorities emerges as a critical issue in implementing interoperable ID cards in Europe.  It is suggested that trust in the government is needed before informal barriers to an interoperable eID card scheme can be overcome. The present survey was thus designed to study the current state of citizens’ institutional trust in the context of a proposed EU-wide eID card scheme.  

Drawing from the literature on institutional-based trust, a set of 17 relevant constructs were identified and served as the basis for constructing a further set of 32 statements to which the survey’s respondents indicated their level of agreement.  Grouped into three categories of (1) sources of Trust; (2) Levels of Trust; and (3) Consequences of Trust, the research constructs are introduced in turn, together with the survey’s statements associated with them.

Sources of Trust 

The constructs associated with the first category Sources of Trust include: governance, policy, monitoring security, control, understanding, ease of use, and, usefulness. 

Governance, policy and monitoring are, by definition, inter-related constructs that represent a way for the ID card system to be supervised and regulated, thereby providing a form of institution-based structural assurance.  In the survey conducted, these constructs were operationalized using the following statements:

Governance 

I believe that my interests will be represented in deciding how ID-ralated data will be exchanged. 

Policy 

I believe that there will be an appropriate legal environment to regulate how my ID data will be exchanged.  

Monitoring 

I believe that the exchange of ID data will be monitored by competent authorities. 

The constructs of security, control and understanding have been identified as dimensions of concern for information privacy  and, as such, the perception that these concerns are adequately managed in the ID card system provides structural assurance on an institutional level. In the survey conducted, these constructs were operationalized using the following statements:

Security 

I believe that the systems used by the authorities to issue and manage ID cards will not be technically secure. 

Control 

I believe that citizens will be able to keep a good level of control over their personal ID data. 

Understanding 

I feel that I will be able to assess the benefits and risks when allowing my personal data to be shared by ID authorities. 

Finally, ease of use and usefulness make up the main body of the Technology Acceptance Model (TAM), which denotes them as necessary factors in the adoption of new technologies .  The perception that ID cards are both useful and easy to use on an EU-wide scope would signify that the proposed system is both needed and reliable, and thusly provide structural assurance. In the survey conducted, these constructs were operationalized using the following statements:

Ease of Use 

I feel that I will find the electronic cards difficult to use. 

Usefulness 

I understand the need to exchange ID data across government departments. 

I understand the need to exchange ID data between government and business. 

I understand the need to exchange ID data across different EU countries. 

Levels of Trust 

The concepts of trust and trustworthiness are differentiated in that trustworthiness is an attribute of a person while trust is a belief of one person about another person or entity .  Mayer et al.  reviewed the trust literature extensively and found ability, benevolence and integrity to be the most commonly cited factors of perceived trustworthiness.  However, his study had a focus on organisational, rather than institutional trust.  Past work on perceptions of trustworthiness in institutional settings indicate that it is also a two- to three-dimensional concept .  Following this, McKnight et al. (2002) adapted the factors of perceived trustworthiness to institutional trust under the heading of situational normality.  Adapted to the current study, this means that a citizen who perceives high situational normality would believe that, in general, the government exhibits competence, benevolence and integrity.  As such, the sub-constructs for level of trust are perceived competence, benevolence and integrity of the government of an EU Member State in implementing and running an eID scheme. In the current study, these constructs were operationalized using the following statements:

Trustworthiness 

I will always be able to rely on ID authorities for help if problems arise with my ID data. 

Competence 

I believe that the authorities that will manage my ID data are professional and competent.  

ID authorities will be competent in dealing with the data they hold on me. 

Benevolence 

I believe that ID authorities will always act in my best interest. 

Integrity 

I believe that ID authorities will be truthful and honest when dealing with my data. 

Consequence of Trust 

The benefits from institutional trust have been widely studied.  From a sociological perspective, institutional trust is necessary for the cohesion of society as a whole .  It is especially important in the information society because it reduces complexity and allows for enough social capital to ensure that society is able to get the most out of globalisation (O’Hara, 2004).  

While previous research has clearly shown the benefits of institutional trust, it is still necessary to show whether it has a positive effect on context-specific outcomes.  There is a risk that the lack of institutional trust in the government will cause a general unwillingness to participate in an interoperable ID card scheme.  Thus, sub-constructs to determine the willingness of individuals to participate in different aspects of the scheme were devised.  They are largely based on O’Hara (2004) and Kramer’s (1999) respective findings that institutional trust increases cooperation and deference to authorities.  The sub-constructs for consequences of trust include willingness to share data with authorities, to trade personal data for convenience, and to share data across different governments and institutions.

In the current study, constructs related to consequences of trust were operationalized using the following statements: 

Willingness 

I will reveal some of my personal data in exchange for convenience, security and a speedy response. 

Interoperability 

I will feel comfortable for my ID data to be shared across government institutions. 

I will feel comfortable for my ID data to be shared between government and businesses. 

I will feel comfortable for my ID data to be shared between different countries in Europe. 

Reluctance 

I will be reluctant to apply for something like a job, credit, or insurance because I do not want to provide certain kinds of information about myself 

I will refuse to give information to ID authorities because I think it is too personal. 

I will take action to have my name removed from any list for which I haven’t authorized access to my personal data 

Secondary Use 

I believe that ID authorities will not use personal information for any purpose unless they have been authorized by the individuals who provided the information. 

I believe that when people give personal information to ID authorities for a specific purpose, the ID authorities may use the information for another purpose. 

I believe that ID authorities will never share personal information with other authorities unless they have been authorized by the individuals who provided the information. 

Unauthorised Access 

I believe that ID authorities will devote sufficient time and effort towards the prevention of unauthorized access to personal information. 

Comfort in Relying on Authorities 

I will feel comfortable in relying upon ID authorities to look after my personal data in the ID card system. 

I will feel comfortable in sharing personal data with the ID authorities. 

Having introduced the conceptual foundaion informing the construction of the survey and its statements the next section describes the methods used in carrying out the survey and in its analysis. 

Method

An online survey was uploaded to a Web Server (surveymonkey.com) and was made available between June 1st and June 30th, 2006.  

Survey respondents were asked to rate their agreement with 32 statements on a seven-point Likert scale as specified below.  Each statement was designed to correspond with one of the trust-related constructs as indicated in section 2 above.  

Citizens were also asked to respond to 10 demographic questions based on those asked on the well established Euro-barometer survey .  

We requested that only EU citizens should respond to the survey which was offered in eight different languages in order to maximise the diversity of respondents.  The languages offered were: English, German, French, Spanish, Hungarian, Greek, Czech and Polish.  

The survey was promoted by all the participating organisations of FIDIS and in all eight languages.  The basic promotion strategy was to have members of the research team use their personal contacts, professional groups and the mailing lists of groups to which they belong.  Links to the survey were also placed on the LSE (www.lse.ac.uk) and FIDIS (www.fidis.net) websites and in various press releases.

Response rate. Overall, there were 2,918 responses to the survey.

Table 1: Breakdown of Respondents by Country 

While respondents to the survey came from 23 out of the 25 EU countries, low response rates from some of the countries prevented a valid comparison across countries.  Despite efforts to promote the survey, and like most web-based surveys, the current one cannot be said to be representative in this sense. Owing to this obvious bias in the data set, we have decided to analyze the responses by region, rather than by country, so as to allow a valid output. Thus, the analysis contains a regional comparison for each survey statement. In creating the regions for analysis, similarities in cultural background and the legal framework were taken into consideration. The approach resulted in the following regional clusters:

1. UK & Ireland 

2. Austria, Germany & Scandinavia 

3. Benelux & France 

4. Central and Eastern Europe 

5. Southern Europe 

Besides systematically comparing response means across these five regions, aspects of demographic variation were analyzed for some of the questions. Those variables were not used for groups that were highly under-represented. The following demographic variables were used for this analysis: 

1. age  

2. gender  

3. settlement size 

4. education  

The questionnaire also contained a question about the extent to which users provide personal data online in the past month. Similar comparisons by region were carried out for this variable. 

As indicated above, survey respondents were asked to rate their agreement with a list of statements on a seven-point Likert scale. The advantage of using this scale is that valid responses can be represented by numbers ranging from 1 to 7. In our case, 1 represents strong agreement with the statement and 7 strong disagreement. In the analysis, we treated the Likert scale as an interval-scale for which mean and standard deviation can be interpreted. The midpoint of the scale is at 4 (as the scale starts at 1). In the section that follows, we maintain the original structure of answers, where numbers less than 4 indicate degrees of agreement with the statement and numbers greater than 4 indicates disagreement. Four is the middle point of the scale, which we interpret here as neither agree nor disagree. 

Findings

A detailed and comprehensive presentation of the survey’s results can be found in a previous report (Backhouse and Halperin, 2007). In this paper we provide a concise summary and focus instead on key findings emerging from a quntitative analysis of the survey’s data.  

Using the conceptual framework discussed in section 2 above, the analysis pertains to the 17 research constructs of the survey which are grouped into three broad categories of (1) sources of trust; (2) levels of trust; and (3) consequences of trust. 

Sources of Trust 

Control. The level of citizen control over ID data was considered generally low, with an overall mean of 5.7. Here, as in many cases, UK and Ireland rated highest (6.1), and Central and Eastern Europe was lowest (3.9).

Policy. The majority of respondents did not agree that there will be an appropriate legal environment for regulating the exchange of ID data, 5 was the total mean. But this area was seen in a more positive light than either ID authorities’ competence or citizen control over personal ID data, with Southern Europe below the midpoint (3.8). The mean for Central and Eastern Europe was again the lowest (3.1).

Male respondents turned out to be more pessimistic about creating the appropriate legal environment than female respondents. A very similar gender bias was found in the majority of the 32 statements. 

Governance. Respondents tend to disagree that their interests will be represented in deciding how ID data will be exchanged. Respondents from UK and Ireland are the most pessimistic (6.0), but Austria, Germany and Scandinavia come very close (5.9). The average for Central and Eastern Europe is at the midpoint of the agreement scale.

Gender differences were again important for the issue of governance, woman respondents were slightly more optimistic about their chances of influencing decisions. 

Monitoring. Respondents are slightly more optimistic about monitoring the exchange of ID data, but overall responses are still negative (mean of 5.3). Central and Eastern Europe show a level of optimism, with a mean of 3.3. Here again, males are more pessimistic than females.

Security. The majority of respondents consider that forthcoming ID data systems will be technically insecure. Here again, UK and Ireland rate the highest (5.6), and the mean of Southern Europe is close to that of the Benelux countries and France taken together (4.7). In Central and Eastern Europe the response mean is slightly below 4.

In all types of settlements the chances for a technically secure system are deemed generally low, and in rural and village areas the percentage of disagreement was stronger than in larger settlements. 

Understanding. Respondents are divided in their perceptions as to whether they will be able to assess the benefits and risks when allowing their personal data to be shared by ID authorities. The mean for this statement was near the midpoint. Opinions about their own abilities were especially positive in Austria, Germany and Scandinavia as well as the recent accession EU member states.

Other than regional effects, age is also an important factor for agreement with this statement. Younger respondents tend to consider that they will indeed be able to assess the benefits and risks of sharing personal data with ID authorities, while older respondents feel this will be more difficult for them.

Ease of Use. Respondents from the UK or Ireland were the most optimistic about being able to use the electronic cards. The majority of respondents from Central and Eastern Europe thought that the future cards will be rather difficult to use.

The effect of age on the perceived difficulty of card usage is relatively strong. Interestingly, the younger respondents were slightly more negative about the difficulty of the future electronic cards.  

Usefulness. In all five regions the exchange of ID data between government and business received the highest disagreement score, with an overall mean of 6.2 on the seven grade scale. Austria, Germany and Scandinavia together were the most negative about the exchange of ID data. The overall mean of data exchange across government departments (4.4) is surprisingly positive. Data exchange between government departments as well as between different EU countries comes out well supported, especially in the new member countries and the southern part of Europe.

In all types of settlements the acceptance of data exchange between the government and the private sector was strongly declined. The number of ‘strongly disagree’ answers is close to 70 percent in each groups of settlement.  

Levels of Trust 

Competence. Competence of ID authorities in dealing with or managing ID data received a negative overall evaluation. UK and Ireland rate highest (6.0) and the mean for Southern Europe is around the scale midpoint. The only exception is Central and Eastern Europe, where the response mean is slightly below 4 for both statements pertaining to the construct Competence.

Trusworthiness. The ability of ID authorities to help if problems arise received an overall negative evaluation with a 5.0 score mean. Here UK and Ireland had the most sceptical view, the mean for Central and Eastern Europe was again the lowest.

We found an interesting effect of age on relying on ID authorities for help if problems arise. In contrast, younger respondents agreed with the statement more often, when compared to the older respondents.  

Benevolence and Integrity. The majority of respondents did not believe that ID authorities would act in their interest or deal fairly with their data, with an overall mean of 6.0 and 5.4. UK and Ireland rate highest together with the group of Austria, Germany and Scandinavia.

In this question respondents who declared themselves students were more positive than other respondents who had already finished their studies. The number of ‘strongly disagree’ answers was much lower in the group of students. Still, more than two thirds of the students did not believe that authorities will deal with their data fairly. Among the students, 71 percent chose 5 to 7 on the 7 grade scale, while 82 percent had the same attitudes in the group of respondents who finished their studies younger then 21. 

Consequences of Trust

Secondery Use. A high number of respondents rejected the unauthorized usage of personal data, and many believe that ID authorities will indeed use the personal information without permission. However the respondents were divided as to whether authorities will use personal data for a purpose different from the original, with an overall mean at the midpoint. The differences between the five regions were smaller for this specific question, only the United Kingdom and Ireland had a stronger negative response mean (5.3) while most others notably Austria, Germany and Scandinavia tend to trust slightly more their governments.

A majority of respondents does not believe that ID authorities will not use their personal information for a purpose different from the original. In the 15-24 age range the amount of answers ‘strongly disagree’ are much lower then in the group of older respondents.  

A vast majority of the respondents do not believe that the ID authorities will manage their data with goodwill. However, the respondents still studying seem to be more positive about ID authorities. The amount of ‘strongly disagree’ answers is still 28 percent in this group. 

Unauthorized Access. Respondents tend to disagree that the ID authorities will devote sufficient time and effort towards the prevention of unauthorized access to personal information. Here again, UK and Ireland rated highest (5.6), and Central and Eastern Europe and Southern Europe were lowest(3.6).

Comfort in Relying on Authorities. The questions about trust received a negative overall evaluation. The mean of responses about the ID authorities’ effort to look after personal data received 5.9 score overall on the seven point scale. Some of the respondents were more positive about sharing their data with the authorities. UK and Ireland showed a high mean in both questions, while the respondents from new EU member states were the most optimistic.

Willingness. Respondents showed some willingness to reveal their personal data, with an overall mean of 4.8. Central and Eastern Europe has the lowest mean, which indicates the most positive attitude towards the system. In this question Austria, Germany and Scandinavia gain the higher mean, followed closely by UK and Ireland. Southern Europe and the group of the Benelux states and France were close to the midpoint.

Interoperability. The responses regarding the interoperability of the provided ID data had an interesting distribution. The overall reception of the cooperation between government and business was very low (6.4), while there was only some reluctance to share data within the government (5.1) or across different European countries (5.3). This pattern can be found in all the five regions.

The age of respondents created highly visible differences in the judgment of ID data sharing across European member states. The level of strong disagreement was only 30 percent in the age group 15-24, while 51 percent measured in the age group 55 years and older. The values of agreement were slightly higher in the group of younger respondents, but still the overall mean showed rejection. 

Reluctance. Despite the fact that respondents generally seem to be dissatisfied with the future ID card system and the ID authorities, the majority of respondents do not take steps to remove personal data from any unauthorized list, neither do they refuse to give personal information in some situations when asked.

Female respondents reported reservation more frequently about giving their personal information in certain situations, such as when applying for a job or for banking and insurance purposes.  

Summary of Key Findings

The analysis of the survey’s results points to an overall negative reputation of the ID authorities as perceived by EU citizens. A vast majority of the respondents do not have trust in the institutions; they are seriously critical about the competency of the authorities, and are dubious about the authorities’ ability to handle personal data.  

Of the 25 European Union countries, we received answers from 23 countries. However, the low number of responses from some of the countries and the lack of representativeness did not allow us to compare individual countries, but only regions.  

A systematic comparison of response means across the five regions indicates that respondents from UK and Ireland were the most negative in almost all attitudinal questions. Germany, Austria, Finland and the Scandinavian countries were quite close to the mean of the responses from UK & Ireland in all cases. Since these were the two biggest groups, the overall mean of the answers was close to the mean in the above two regions.  

At the same time, respondents form Central and Eastern Europe were at the other end of the attitudinal scale. For these countries responses to most of the questions were the most positive. Respondents from this region were less critical about the ID authorities in general.  

The southern part of Europe shows the most interesting structure of answers, the standard deviation was the highest here. In other words, the answers show the biggest variance in these countries. A possible reason for the big variance is the cultural diversity of the region we called Southern Europe. 

Within the group of respondents from UK and Ireland the strongest negative attitude is found in the judgment of ability to assess the benefits and risks when giving personal data to ID authorities. These respondents did not believe that the companies involved in the ID card project will be able to protect their personal data. Thus, the general level of institutional trust was very low in this region.  

Central and Eastern Europe, by contrast, presented the highest level of acceptance. Respondents from this region appear much less worried about the way in which their personal ID data will be managed. For example, they accept that the ID authorities may use the information for purposes different from the original. 

Gender differences feature strongly in some of the responses. In general, male respondents were more negative in their views. In the questions about the legal framework, the difference was 20 percent between the number of “strongly disagree” answers for the groups of women and men respectively.  

Besides gender, the age of respondents showed a strong effect on responses. Younger respondents generally tended to report much more openness about the new ID card, and less criticism on ID authorities. Older respondents form a special group, especially the age group 40 and 54, who were the most negative in all questions. 

The size of the settlement and the years spent in education had much smaller effects. The answers were typically divided into two groups: respondents from large towns had slightly more pessimistic ideas about the future of ID cards, while the respondents who live in the countryside were more optimistic. 

Finally, education has almost no effect on the answers. This result may be link to the lack of data sampling in the survey. Current involvement in education made a clearly visible difference, as the students had much lower values, that is, they generally accept the new technology and the authorities who are to manage ID data.  

Conclusion

The objective of the survey reported in this paper was to examine citizen’s trust in the authorities responsible for Identity Management Systems in the context of an EU-wide eID scheme. In light of the EU desire to facilitate a high level of interconnection and to use new identity management technologies, focus was placed on the extent to which citizens trust the authorities to exchange data in an appropriate manner across government departments, between governments and commerce and across European countries.  

The survey forms part of a research effort to deepen understanding of the social and cultural questions associated with interoperable ID systems. Whilst many of the EU projects in the interoperability domain tend to privilege the engineering and legal perspectives for harmonising and interoperating identity management systems, the place of the citizen’s feelings and perceptions has not been sufficiently considered. This study has attempted a first step in this direction. 

Drawing on the literature on institutional-based trust, a set of relevant constructs were identified and used as the basis for constructing a further set of statements on which the survey’s respondents indicated their level of agreement.  These were grouped into three broad categories of (1) sources of trust; (2) levels of trust; and (3) consequences of trust.  The constructs for assessing trust in the survey relate to the citizen’s perceptions of the institutional environment surrounding the issuance and management of an eID card scheme.  

A web-based survey was translated into 8 European languages and was made available online over a period of one month in June 2006. Respondents of the survey were asked to rate their agreement with a set of 32 statements using a Likert scale from 1 (=strongly agree) to 7 (=strongly disagree). Overall there were 1,906 valid responses to the survey with respondents from 23 out of the 25 EU countries. A limitation of the survey was, however, that the response rate from some countries was very low. In this respect, the survey cannot be said to represent European citizens as such. In addition, this biased response rate prevented a valid comparison across countries.  

Findings arising from the analysis of the survey point to an overall negative perception of the ID authorities by EU citizens. The vast majority of the respondents do not trust the institutions; they are seriously critical about the competence of the authorities, and are dubious about their ability to handle personal data. Moreover, they are suspicious of the authorities misusing their identity data. These negative attitudes of citizens hold important implications for any future attempts at implementing eID cards, as these perceptions may well be translated into consequent behaviour, namely, resistance to use or non-use.  

Further analysis of the survey results point to the role of demographic characteristics. It was found that gender features strongly in citizens’ perception of trust; in general, male respondents were more negative in their views. In the questions about the legal framework, the difference was 20 percent between the number of “strongly disagree” answers for the groups of women and men respectively. The age group of respondents has shown a strong effect on responses. Younger respondents generally tended to exhibit more openness towards the new ID card and less criticism towards the ID authorities. Older respondents form a special group, especially the age group 40 and 54, which came out as the most negative in all questions. Nevertheless, extensive use of the Internet tends to lower perceptions of strong disagreement. Gender and age group are independent variables that cannot be manipulated, nevertheless implications of the findings related to these variables suggest practical considerations if targeted intervention to influence public opinion is to be undertaken.

Similar implications may be drawn from the systematic comparison of response means across five European regions. Findings indicate that respondents from UK and Ireland were the most negative in almost all attitudinal questions. This may be linked with the particular ID policy and practice mainly, the lack of ID cards in these countries and the public debates currently taking place in the UK. On the other hand, Germany, Austria, Finland and the Scandinavian countries were quite close to the mean of the responses from UK & Ireland in all cases. Since these were the two biggest groups, the overall mean of the answers was close to the mean in the above two regions. At the same time, respondents from Central and Eastern Europe were at the other end of the attitudinal scale. For these countries responses to most of the questions were the most positive. Respondents from this region were less critical about the ID authorities in general. The southern part of Europe shows the most diverse structure of answers, the standard deviation was the highest here. In other words, the answers show the biggest variance in these countries.  

Within the group of respondents from UK and Ireland the strongest negative attitude is found in the judgement of ability to assess the benefits and risks when giving personal data to ID authorities. These respondents did not believe that the companies involved in the ID card project will be able to protect the citizens´ personal data. Thus, the general level of institutional trust was very low in this region. Central and Eastern Europe, in contrast, presented the highest level of acceptance. Respondents from this region appear much less worried about the way in which their personal ID data will be managed.  

Reference

(2004) "Identity Cards: Will They Work?" in Economist, 29/04, pp. 57-58. 

ACLU (2005) American Civil Liberties Union: Surveillance Campaign Last accessed: August 29  Last updated: Address: http://www.aclu.org/pizza/.

Andersson, C., et al. (2005) "Trust in Prime". in IEEE International Symposium on Signal Processing and Information Technology,  

Azjen, I. (2002) "Perceived Behavioral Control, Self-Efficacy, Locus of Control, and the Theory of Planned Behavior", Journal of Applied Social Psychology, 32 pp. 665-683. 

Backhouse and Halperin (2007) FIDIS Del 4.4 

Beck, A. and K. Broadhurst (1995) National Identity Cards in the European Union: The British Debate, Centre for the Study of Public Order, Leicester. 

Bennett, C. J. (1992) Regulating Privacy: Data Protection and Public Policy in Europe and the United States, Cornell University Press, New York. 

Bennett, C. J. and C. D. Raab (1997) "The Adequacy of Privacy: The European Union Data Protection Directive and the North American Response", The Information Society, 13 (3), pp. 245-264. 

Bhattacharya, R., T. M. Devinny and M. M. Pillutla (1998) "A Formal Model of Trust Based on Outcomes", The Academy of Management Review, 23 (3), pp. 459-472. 

Camenisch, J., et al. (2005) "Privacy and Identity Management for Everyone". in ACM DIM, Virginia, USA,  

Cappella, J. N. and K. H. Jamieson (1997) Spiral of Cynicism: The Press and the Public Good, Oxford University Press, New York. 

Creswell, J. W. (2003) Research Design: Qualitative, Quantitative and Mixed Method Approached, Sage, London. 

Culnan, M. J. (1993) "’How Did They Get My Name?’: An Exploratory Investigation of Consumer Attitudes Towards Secondary Information Use", MIS Quarterly, 17 (3), pp. 341-363. 

Davis, F. D., R. P. Bagozzi and P. R. Warshaw (1989) "User Acceptance of Computer Technology: A Comparison of Two Theoretical Models", Management Science, 35 (8), pp. 982-1003. 

EC (1995) Directive 95/46/Ec of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data Last accessed: July 29  Last updated: Address: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:NOT.

EC (2005) Public Opinion: Standard Eurobarometer 64 Last accessed: August 29  Last updated: Address: http://ec.europa.eu/public_opinion/archives/eb/eb64/eb64_en.htm.

Backhouse, J (2005) "D4.1: Structured Account of Approaches on Interoperability" FIDIS. 

Fukuyama, F. (1996) Trust: The Social Virtues and the Creation of Prosperity, Free Press, New York. 

Granovetter, M. (1973) "The Strength of Weak Ties", American Journal of Sociology, 78 (6), pp. 1360-1380. 

Great Britain Home Office (1995) Identity Cards: A Consultation Document, HMSO, London. 

Great Britain Home Office (2006) Why We Need Id Cards Great Britain Home Office Last accessed: August 29  Last updated: Address: http://www.homeoffice.gov.uk/passports-and-immigration/id-cards/why-we-need-id-cards/.

Hinsliff, G. (2006) "Brown to Let Shops Share Id Card Data". in The Observer, August 6, 2006,  

Hornung, G. (2004) "Biometric Identity Cards: Technical, Legal and Policy Issues". in Information Security Solutions Europe Conference, Vieweg,  

Hudson, J. (2006) "Institutional Trust and Subjective Well-Being across the Eu", Kyklos, 59 (1), pp. 43-62. 

Institute for Public Policy Research (1995) Identity Cards Revisited, Institute for Public Policy Research, London. 

John Stuart Mill Institute (1995) Identity Cards: A Response to the Home Office’s Consultation Paper, John Stuart Mill Institute, London. 

Kramer, R. M. (1999) "Trust and Distrust in Organizations: Emerging Perspective, Enduring Questions", Annual Review of Psychology, 50 pp. 569-598. 

Lasky, K. and A. Fletcher (1998) The Future of Privacy, Demos, London. 

LogicaCMG (2006) "E-Identity: European Attitudes Towards Biometrics" LogicaCMG  

London School of Economics and Political Science (2005) The Identity Project: An Assessment of the Uk Identity Card Bill & Its Implications, The Department of Information Systems, London. 

Mayer, R. C., J. H. Davis and F. D. Schoorman (1995) "An Integrative Model of Organizational Trust", Academy of Management Review, 20 (3), pp. 709-734. 

McKnight, D. H., V. Choudhury and C. Kacmar (2002) "Developing and Validating Trust Measures for E-Commerce: An Integrative Typology", Information Systems Research, 13 (3), pp. 334-359. 

Metlay, D. (1999) "Institutional Trust and Confidence: A Journey into a Conceptual Quagmire" in Social Trust and the Management of Risk, (Cvetkovich, G. T. and R. E. Löfstedt eds) Earthscan, London. 

Mingers, J. (2001) "Combining Is Research Methods: Towards a Pluralist Methodology", Information Systems Research, 12 (3), pp. 240-259. 

NO2ID (2006) All About Id Schemes NO2ID Last accessed: August 29  Last updated: Address: http://www.no2id.net/IDSchemes/index.php.

Oakeshott, S. (2006) "Labour U-Turn over Id Card Medical Details". in The Sunday Times, April 23 2006,  

O’Hara, K. (2004) Trust: From Socrates to Spin, Icon Books, Cambridge. 

O’Hara, K. (2006) "Trust, Information and Risk". in London,  

O’Hara, K., H. Alani, Y. Kalfoglou and N. Shadbolt (2004) "Trust Strategies for the Semantic Web". in ISWC’04 Workshop on Trust, Security and Reputation on the Semantic Web,  

O’Neill, O. (2002) A Question of Trust: The Bbc Reith Lectures, Cambridge University Press, Cambridge. 

Pavlou, P. A. (2002) "Institution-Based Trust in Interorganizational Exchange Relationships: The Role of Online B2b Marketplaces on Trust Formation", Journal of Strategic Information Systems, 11 (3), pp. 215-243. 

Peev, G. (2005) "Id Cards Will Lead to Massive Fraud". in The Scotsman, October 18,  

Poortinga, W. and N. F. Pidgeon (2003) "Exploring the Dimensionality of Trust in Risk Regulation", Risk Analysis, 23 (5), pp. 961-972. 

Smith, H. J., S. J. Milberg and S. J. Burke (1996) "Information Privacy: Measuring Individuals’ Concerns About Organizational Practices", MIS Quarterly, 20 (2), pp. 167-196. 

Stalder, F. and D. Lyon (2002) "Electronic Identity Cards and Social Classification" in Surveillance as Social Sorting: Privacy, Risk and Automated Discrimination, (Lyon, D. ed.) Routledge, New York, p. Chapter 4. 

Stamper, R., K. Liu, M. Hafkamp and Y. Ades (2000) "Understanding the Roles of Sign and Norms in Organizations - A Semiotic Approach to Information Systems Design", Behaviour & Information Technology, 19 (1), pp. 15-27. 

Stewart, K. A. and A. H. Segars (2002) "An Emperical Examination of the Concern for Privacy Instrument", Information Systems Research, 13 (1), pp. 36-49. 

Stone, E. F., D. G. Gardner, H. G. Gueutal and S. McClure (1983) "A Field Experiment Comparing Information-Privacy Values, Beliefs,  and Attitudes across Several Types of Organizations", Journal of Applied Psychology, 68 (3), pp. 349-411.

Tolbert, C. J. and K. Mossberger (2006) "The Effects of E-Government on Trust and Confidence in Government", Public Administration Review, 66 (3), pp. 354-369. 

Vanfleteren, M. and E. Kindt (2005) "Use of Credentials in E-Commerce" in Structured Account of Approaches on Interoperability, (Backhouse, J. ed.) FIDIS, London. 

Zucker, L. G. (1986) "Production of Trust: Institutional Sources of Economic Structure, 1840-1920", Research in Organizational Behavior, 8 pp. 53-111.