Designing Systems That People Will Trust

Dr. Andrew Patrick (NRC & Carleton U)


ABSTRACT

It is not enough to design systems that are theoretically secure without taking into account the end users. Trust is one of the most important concepts in the security arena. Unfortunately, it also remains one of the most poorly understood concepts. A lack of trust will result in systems being ill-used at best, and not used at all at worst. A lack of understanding of trust, in both user and system, will result in the wrong decision being made in security contexts or no decision at all. Too much trust can be at least as dangerous as not enough, and not enough trust can be dangerous enough. This presentation will examine the issue of trust in security and privacy systems. I will discuss the fundamental building blocks of trust online that have arisen from e-commerce research. I will present some formal models of trust and describe what can be learned from these models. I will conclude with a set of guidelines addressing how trust can be used in security systems, and concrete suggestions for system developers.

BIOGRAPHY

Andrew S. Patrick is a Senior Scientist at the National Research Council of Canada and an Adjunct Research Professor at Carleton University. He is currently conducting research on the human factors of security systems, trust decisions in privacy and e-commerce contexts, and advanced collaboration environments. Dr. Patrick holds a Ph.D. in Cognitive Psychology from the University of Western Ontario. http://www.andrewpatrick.ca