On 9-10 September 2013, ASSERT conducted its first Expert Workshop. The main objective of this event was to discuss a set of best practice cases also in other areas than security research, and to discuss criteria according to which ‘best practices’ are most fruitfully and meaningfully established. The workshop focused on the following main elements:
- An overview of the most important conceptual and theoretical tools in the field of Social Impact Assessment.
- A Presentation of good practices beyond security research: a case study around emerging bio-technologies.
- Reflections by members of the security on the usability/marketability of research results, on how industry perceives requirements to the developers of security solutions that derive from Impact Assessments.
- A discussion of the criteria according to which we can assess what good practices are.
- Reflection on how good practices can be transferred from other research fields to the security research domain.
Summary of core findings
- The assessment of previous technologies is typically not a good guide of what the main societal dimensions and challenges pertaining to novel technologies are. Moreover, uncertainty and ambiguity are characteristics that cannot be abolished entirely; they should be harnessed in a productive way. What the most important societal dimensions and issues in the context of an emerging technology are needs to be explored in a participatory manner drawing on the experience and expertise of a wide range of actors. Relying upon a limited range of established experts should be avoided.
- Best practices often take a public discourse ethics approach with the aim of mitigating the hegemony of elite opinions.
- Like technology is a process, so should be efforts to assess its societal dimensions. Last but not least, we should try to avoid giving incentives to researchers to overemphasise positive impacts of their research wherever we can, and promote a diversity of research approaches to social objectives and selective conditions that include social values.
Observations by the representatives from the security industry
- There is still no clear definition of what the security market is. Having a better idea of what the security market is would, however, be desirablefor industry, which needs to come up with 50 per cent of co- funding for research in many funding schemes, and thus needs clarity for investment decisions. They will not do this, unless there is a business case.
- Three main requirements have to be met for the creation of a market: (1) Laws and regulations; (2) Process efficiency; (3) Guidance on assessing societal impact and on engaging society.
- Security has to help to increase process efficiency. As long as security is seen as a hassle, industry will object to it.
- The understanding for SIA by the industry has considerably evolved during the last years. However, for further enhancements of its implementation, engineers would require some very clear and practical rules (guidelines and standards) to follow, which must be easy to understand.
- It was also discussed whether SIA would in- or decrease the market for a particular product. This also entails the question of how impact assessment requirements and criteria can be made as clear as possible to developers and engineers. Privacy by design is a conceptual prototype that is gaining momentum.
- Much will depend on the operationalisation of impact assessment concepts – clearly, there is a need for clear guidelines on SIA that engineers can understand and use, rather than theoretical texts.
- There was also discussion on the usefulness of certification of products after their development.
Summary of conclusions
- Unlike in the domain of biotechnology, in the realm of security technology, innovation often concerns new assemblages of existing technologies, rather than the creation (or ‘emergence’) of new technologies. This needs to be taken into consideration in terms of the transferability of best practices from the biotechnology domain to security R&D.
- Good social science research – especially basic research – contributes to a deeper understanding of security.
- In public transportation, service quality impacts very strongly on people’s perception of security. This can guide decision making on whether/what measures to implement in order to improve objective and/or subjective security (i.e. for an operator aiming at improving security, not only investments in security technology but also in service- quality may be useful. And vice versa: Without good standards in service quality, investments in security will probably not raise perceived security to acceptable levels).
- Public transportation operators (as well as the industry producing vehicles/equipment, or security-service providers) are typically interested in SIA only when their market opportunities are positively or negatively affected.
- Not all research proposals that self-identify as ‘security research’ are actually about security as we understand it (e.g. production of bullet-proof glass using a new kind of material). Thus there needs to be a way to determine, in a ‘pre- screening’ process, whether a project may need a fully fledged SIA or not; there was wide agreement among the delegates that such a two-tier mode of SIA may be a fruitful model for the proposal stage in H2020.
- Develop metrics or criteria to establish what falls under ‘security’ for the purposes of societal impact assessment of security research.
- Develop metrics or criteria to assess when a particular proposed research project should require a fully fledged SIA.
- Think about ways to ensure that civil society representatives, and people likely to be impacted by security technologies, bear significantweight at the stage of developing research funding agendas.
- Keep in mind that we need a process that is practical, does not take too much time, and does not cost too much.