Designing Systems That People Will Trust
Dr. Andrew Patrick (NRC & Carleton U)
ABSTRACT
It is not enough to design systems that are theoretically secure without taking
into account the end users. Trust is one of the most important concepts in the
security arena. Unfortunately, it also remains one of the most poorly understood
concepts. A lack of trust will result in systems being ill-used at best, and not
used at all at worst. A lack of understanding of trust, in both user and system,
will result in the wrong decision being made in security contexts or no decision
at all. Too much trust can be at least as dangerous as not enough, and not
enough trust can be dangerous enough. This presentation will examine the issue
of trust in security and privacy systems. I will discuss the fundamental
building blocks of trust online that have arisen from e-commerce research. I
will present some formal models of trust and describe what can be learned from
these models. I will conclude with a set of guidelines addressing how trust can
be used in security systems, and concrete suggestions for system developers.
BIOGRAPHY
Andrew S. Patrick is a Senior Scientist at the National Research Council of
Canada and an Adjunct Research Professor at Carleton University. He is currently
conducting research on the human factors of security systems, trust decisions in
privacy and e-commerce contexts, and advanced collaboration environments. Dr.
Patrick holds a Ph.D. in Cognitive Psychology from the University of Western
Ontario. http://www.andrewpatrick.ca