Computing, Digital and Citizen Science, by Jacques Bus

Computing (or computational science) has always been a bit of a confusing term. Is it the science of computing, or is it science (whatsoever) with the help of computing (as in computational physics or mathematics). Of course we have got used to the terminology and use it as deemed fit for the argument.

It becomes however a bit more complicated if we start talking about Digital Science (and more like Digital Ethics, which I use also myself). Where computing can be seen as a reasonably well defined activity, this cannot be said anymore of Digital. Almost everything that has something to do with information, will relate to the digital world nowadays. So how would we define or describe Digital Science. Internet Science is likely an introspective part of it, as it studies part of the digital world (the Internet). But is seems that it is mostly used for doing science in a digitally enabled way. Like using AI or deep learning for understanding natural or social phenomena.

Now we see emerging the term Citizen Science, and in the white paper of the Socientize project ( ) this is described as: Read more of this post

Comments on “The Ethics of Information” by Luciano Floridi

Our lives and our fate is coming increasingly under the control, or at least the influence, of an increasing number of autonomous technical information systems. And at the same time our society reaches through technology development and in particular digitisation, levels of complexity that seem to undermine our democracy and moral rules.

The role of ethics in this environment is the subject of Luciano Floridi’s (here LF for short) book The Ethics of Information (Oxford Univ Press, 2013). His approach is unusually analytical for a work on ethics and philosophy, which is attractive, at least for me. He uses mathematical concepts like “level of abstraction”, “complex and self-emergent systems”, and the concept of “entropy” from thermodynamics, which is also used (but differently) in classic information theory. LF uses the term “metaphysical entropy”. A concept that is used as a indication for good (low metaphysical entropy) and evil (high). I do not quite understand the relevance of defining this concept for the remainder of the book. The decision on what is good and evil remains in essence a cultural one, although one may agree that there are basic (shared) elements in humankind. We do not need the term and definition of “metaphysical entropy” for that and it might create confusion.

LF realises the problem though if he states on pg 315 as a response to some of the criticisms to his proposal for Information Ethics: “IE is equally reasonable: fighting the decaying of Being (metaphysical entropy) is the general approach to be followed, not an impossible and ridiculous struggle against thermodynamics, or the ultimate benchmark for any moral evaluation, as if human beings had to be treated as mere numbers.” So ethical good behaviour is fighting the decaying of being, or in LF’s terms: fighting the decrease of metaphysical entropy in the overall system.

The concept of global Information Ethics, being developed throughout the book, is not simply defined in a few sentences without risking a wrong interpretation. One has to read the book to the end. An important aspect however is that the actors in the ethical space are not restricted to human agents and patients, but include all information entities. Hence also non-intelligent objects and creatures, autonomous (intelligent) technical systems, organisations or communities, etc. A second important issue is the proposal to develop a global informational ontology for a global digital world.

I am not an ethicist, nor a philosopher. What interest me most in this book is the efforts to come to a general theory of ethics that might form a practical basis for global policy development concerning the interaction between all these information entities, to the benefit of humankind.

In the last chapter (15) of his theoretical development process, LF addresses the concepts “Physis” and “Techne”, and argues the necessity to develop a successful ecological relationship (“marriage”) between the two. In LF’s view such “marriage” is vital and failing to negotiate a global, fruitful, synthetic relationship between technology and nature is not an option. This is as such not a new view. LF himself refers to techno-philosophers promoting similar views. His conclusion is though that his philosophy and Information Ethics may provide help here.

As Secretary General of Digital Enlightenment Forum (DEF) (see ) I see the synergetic relation between nature (human) and technology as  an important reason of existence of DEF. Exploring and developing this relation in a balanced way is essential in my view for humankind.

Also I was attracted by his reference in Ch. 15 to the concept of “Social Contract” (a topic that is also in the middle of DEF’s discussions at the moment) and the analogy he makes with ontic trust. As LF argues, a social contract may be an implicit or merely hypothetical agreement between parties constituting a society, but in general it tends to be highly anthropocentric. However, we might need to include the role of Artificial Intelligence and Information Systems. LF concludes: “In the case of ontic trust, it is transformed into a primeval, entirely hypothetical pact, logically predating the social contract, that all human ( ) agents cannot but sign when they come into existence, and that is constantly renewed in successive generations.” Understanding and exploiting this effectively might be our most important task to ensure sustainability of the societies we live in.

A worthy read and food for thinking !

Personal Data Management (PDM) in Shared Economy Spaces

A Shared Economy Space (SES) is a network of stakeholders which want to organise certain economic transactions together in a trustworthy way. If it focuses on managing personal data within such transactions one can talk of a Personal Data Ecosystem (PDE).

We want to address SESs that address digital transactions and need to manage personal data in these transactions. The SES wants to ensure control of all stakeholders on their own data (personal or not) and a high trust level between the stakeholders in complying to regulation and SES norms and rules on user data control, data protection and privacy. Examples of SESs are:  book and record shops with their customers; regional health (care) ecosystem with hospitals, doctors, nurses and patients; companies providing public transport services and their customers.

Digital B2C systems emerge rapidly worldwide (e.g. Apple, Google, Facebook, Amazon) but their business models often lead to serious worries about user data control, trustworthiness and privacy-friendliness. Moreover, in certain sectors (health, human resources) the privacy and trust aspects are crucial for good relations between the stakeholders and trust must exist for proper functioning.

For some time now Trust Providers are trying to build a market for support trust management inSESs. They focus however often on particular aspects (authentication, data security, reputation, etc.), leaving still much to implement by the SES itself.

Trust Networks for Shared Economy Spaces

In the coming decade, the seamless integration of our on- and offline lives will be one of the main problems of social development. Understanding of this process is crucial and broad societal discussion is necessary to ensure a sustainable societal development. Global forums, like the World Economic Forum (WEF in Rethinking Personal data  and Digital Enlightenment Forum (DEF – give much attention to this.

A Trust Network (TN) is here defined as the group of all stakeholders in a SES, together with a TN Platform Provider, a company that provides and facilitates a platform at which the SES transactions are done in accordance to the conditions set by the SES (the stakeholders together).

Trust is being given to someone (or something) if this party is thought to be trustworthy in the given context and/or for the given task. For example: an airplane pilot or a surgeon can be considered trustworthy while performing their professional tasks. Most importantly trust is strongly dependent on the context in which it is given (see here, also for references to other authors). When applied in the digital environment we often do not realise that many factors that play a role in trusting people or organisations offline are not available online (e.g. the experience with a person by seeing her behaviour and presentation, hearing her talking, etc). Trust can also not only be derived from rational arguments. Hence for a party to be trustworthy attention must be given to two sets of elements:

  1. Rational elements that can provide support to trustworthiness. This could be: ensuring mutual interest; providing insurance; be accountable and accept liability for damage; compliance with legal obligations and contractual conditions; technical assurances through Privacy by Design, Privacy Impact Assessment, quality of development; ensuring transparency, auditability and understandable information; and in general ensure a good reputation.
  2. Emotional elements. This includes building sympathy and a positive perception, for example through providing convenience and usefulness, an environment which feels familiar and friendly, or good custom support and maintenance services.

The TNPP is responsible to provide a trustworthy space for the transactions in TN. The SES together with TNPP will define the specific rules (legal and/or normative context) under which intended transactions take place. Within the TN ‘trust’ is established when the TNPP can give through technology and contract sufficient certainty that these rules are adhered to. We assume always that the end-user has its own data vault, which can only be accessed by or with explicit permission of this user. This does not have to be under the responsibility of the TNPP. Any Trusted Third Party could perform this task. We may distinguish two types of TNs.

One2Many (O2M): The TN is a transaction network between one services providing organisation and many end-users. This organisation can be a group of organisations if there is sufficient agreement between the members of such group to act together. The organisation agrees by contract how personal data of the end-user in the TN can be used. Based on this contract a technical interface is being implemented and managed by the TNPP. This interface respects the contractual agreement and the third party provides a certain level of guarantees that the personal data management will follow contractual obligations. This will be achieved partly by technical means and partly through governance. The Dutch start-up QIY can be considered a TNPP in this sense. Examples of TNs could be: a large retailer with its loyalty customers; a large company with its employees; or a group of banks with their account holders.
The TNPP could bring a number of such trust interfaces together on one platform. This could simplify governance, allow standardisation and replicable implementation of (parts of) the interfaces. Note that one customer may also relate to more organisations on such platform.

Many2Many (M2M): This TN allows all relevant Service Providers that agree with its conditions. Hence SPs are stakeholders in the SES at an equal level with other stakeholders (incl. for example end users, user organisations, public organisations). The TNPP provides the infrastructure for trustworthy transactions in this TN. It offer an API management portal for SPs to join in a trustworthy way. The TNPP takes responsibility for transactions to be executed in conformity with contractual level of trust and personal data management principles pre-agreed by the SES. It will provide tools and services like “sticky policies”, logging, auditing and random conformity tests, thus supporting ‘Levels of Trust’ as pre-agreed with the SES in the TN. Synergetics (BE) is an example of such TNPP.

General Comments

The Governance structure of TNs must be based as much as possible on ‘separation of concern’. This should be reflected in a Governance Board representing the SES stakeholders that oversees the work of the TNPP and takes care for auditing and reporting to the SES members in the TN.

TN’s should also be open to the use of various Trust Providers, e.g. Identity or Claim providers, personal data storage providers, reputation providers, etc. in order to stimulate innovation and scalability.

Clearly both types of TNs can create trust between the members of the SES. It improves efficiency of transactions because trust allows giving consent at a general level through the SES contract between stakeholders, or as revocable decisions for groups of services.

The choice of the type of TN as described above depends on the SES.

  • If a large organisation for commercial reasons does not want to cooperate with competitors in the same sector in the relation with his customers, then O2M is likely to be the best solution.
  • When in a sector or region the objective is to cooperate between service providers in their relation to customers, for example due to government regulation or otherwise, the M2M is better suited.

The M2M type is better scalable, as the TNPP is not involved in the specific relations between the SP/Organisation and its customers as is the case in the first type.

Despite their differences, both types of TNPPs could derive added value in jointly developing Common Principles as minimum requirements for TNs. Digital Enlightenment Forum can support such discussions. This could lead to a more uniform approach, interoperability or certification of TNs at a longer term, and hence create more trust at the end-user.

Note that in TNs as described above it is essential that the user himself is responsible for managing his personal data. This could be done by a TTP contracted and supervised by the SES, but in principle by any TTP chosen by the user.

It can well be that certain transactions do not need a high level of authentication and that a “Facebook-like” identity suffices. This depends on the context and the choices of the user, who cannot be obliged to always choose optimal safety with the extra hassle that goes with it. Integration of different levels of authentication in a TN can therefore be convenient.

Trust, Self-organisation and Complexity in Digital Space

The concepts of trust and security are deeply embedded in our society and are therefore
strongly affected by the societal transformation caused by the digitalisation. Societal
and technical change is strongly influenced by the growing complexity of society
related to the emergence of easy worldwide communication, the Web and mass data
collection. Security and trust are fundamental drivers for self-organisation in
our society. In a working paper I discuss the concepts of  trustworthy
technology and trust in the societal context, as well as the difference between
accepting technology and trusting technology. An important observation is that a
complex system cannot be fully understood by reductionism alone. The discussion
leads to some cautious conclusions on future actions.

Privacy by Design and the EU DP Framework

In the last weeks I participated in various session at CPDP 2011 in Brussels and in a Workshop on online privacy in Dagstuhl. One recurring subject was the issue on Privacy by Design in the context of the thinking on the revision of the European Data Protection Framework.

“Privacy by design” was first developed by Ann Cavoukian (see for example  as a broad conceptual framework based on seven “foundational principles” of fair information practices (FIPPs) in information technologies, processes and systems.  These principles are given in above reference and can be summarised by the following key phrases:

  • Data Minimization
  • Individual Participation
  • Security
  • Accountability
  • Pro-activity and prevention
  • Embed in design of systems/products
  • Full functionality and application of FIPPs

Thinking about these discussions a bit further I came to the conclusion that applying these principles can be done through three approaches:

  1. a-priori specifying requirements for the Software life cycle and system design methodology (the technology approach)
  2. through ex-post evaluation based on the outcomes rather than the process (the consumer protection approach)
  3. mandating state-of-the-art technology use (the provider liability approach).

All three of these have problems.

 The first one is too technology dependent and will likely create regulation that will quickly be bypassed by new technology. Although it can certainly be useful that design and development platforms include toolkits that help the technologists to design and develop with privacy in mind, this will be sector and culture dependent.

The second requires the formulation or definition of what exactly has to be protected. There are nevertheless good examples of consumer protection in Europe. This can be based on consent in certain situations, but also in outlawing certain practices completely.

The third approach is being used in many engineering disciplines. If the product (house, bridge, or ICT system) is not build according to state-of-the-art technology and best practices as judged by experts in the discipline, then the builder is liable for the harm done if the product is dysfunctional. The concept of “harm done” is again something that can not be universally defined, but should be judged in context.

It is clear that all three approaches will be needed in proper balance. However, only the last two seem to have a chance at the regulatory level. Nevertheless, if the focus is on consumer protection and liability of providers, then the system and service providers will be forced to develop a technology approach that is satisfactory.

I look forward to the discussions and the eventual outcome on this rather thorny but highly relevant problem.

Microsoft’s Economics of the Cloud – What about societal governance?

“Cloud computing brings the benefit of unprecedented economies of scale to IT operations. The combined impact of these economies of scale [supply side, demand side and multi-tenancy] can result in long-term savings of up to 80% when comparing large and small clouds”  concludes a report published by Microsoft in November.

The report gives a good analysis of how cloud computing can greatly benefit sustainable growth in the EU.  In a time when budgets are tight for governments and industry it is very welcome to see that cloud computing can do much more for the same amount of money and I agree that the EU should develop a strategy for Cloud implementation in the coming decade.

The report makes a distinction between public and private clouds based on whether the IT resources are shared between many distinct organizations (public cloud) or dedicated to a single organization (private cloud). But how clear is this distinction? Are the clouds of Google and Facebook, where internal company processes are as important as the services provided to the customer, public or private?

I consider the “Cloud” the essential pervasive IT infrastructure for the future digital society, hence we must think deeply about the governance of such an infrastructure. The report does not mention at all where the investments for the cloud infrastructure must come from and little about its governance. Reading about Microsoft’s cloud, it seems to be a public cloud, privately owned by Microsoft, different from potential government clouds that could be public and publicly owned. Of course the latter might not be very realistic in a time where the public ownership of clouds of financial banks gives governments already enough headache.

There are important questions left though: do we want the largest ever societal infrastructure being (almost) fully privately owned? Will this lead to private walled gardens which will lock us in the owners power space?  Will such infrastructure be transparent and their owners accountable and auditable? Will security and integrity of information and our privacy be assured? Or said differently: will the citizen be a respected customer in a trustworthy cloud, or will her data only be a product sold from one enterprise  to another for their profit?

The report mentions problems and concludes: “Many technology case studies show that, over time, concerns over issues like compatibility, security, reliability and privacy will be addressed.”  But such optimism may defeat the truth of it. There are many deep and justified concerns on the governance of our future digital world.

This excellent report on the economics of the cloud begs for a parallel societal debate on the place of individual freedom in and the governance ofthe future digital infrastructure.

Co-production and Web services

In Dec 2009 an interesting report was published by NESTA and NEF (UK) under the title: The Challenge of co-production, by David Boyle and Michael Harris

The authors define: Co-production means delivering public services in an equal and reciprocal relationship between professionals, people using services, their families and their neighbors. Where activities are co-produced in this way, both services and neighborhoods become far more effective agents of change.

Co-production shifts the balance of power, responsibility and resources from professionals more to individuals, by involving people in the delivery of their own services. It recognizes that “people are not merely repositories of need or recipients of services”, but are the very resource that can turn public services around. Coproduction also means unleashing a wave of innovation about how services are designed and delivered and how public goods are achieved, by expecting professionals to work alongside their clients.

Co-production is central to the process of growing the core economy of neighborhood and family. It means: (1) Recognizing people as assets, (2) Valuing work differently, (3) Promoting reciprocity and (4) Building social networks.

They give interesting examples in justice and crime prevention.

Their basic arguments to propose co-production in public  service organization are:

  • services face an unprecedented set of challenges: increasing demand, rising expectations, seemingly intractable social problems and, in many cases, reduced budgets.
  • public services have become constrained by the new public management of centralized targets, deliverables, standards, customer relationship management software and efficiency  in a narrow financial sense, which has narrowed the focus of many services and often undermined the relationships between the provider and receiver of the service.
  • Control by centralized targets has overwhelmed efforts to innovate in many public services. It has also introduced highly complex and expensive compliance and auditing regimes, which often provide misleading data. “Monitoring has become almost religious in status, as has centralized control”
  • The spread of internal markets and a growing contract culture has meant that the ambitions of many public service agencies have been narrowed to specific outputs. The commissioning process has often limited the pool of potential bidders for public services, excluding small business and local organizations, and has encouraged mergers between major suppliers, undermining competition and innovation.

They conclude that the time seems to have arrived for the idea that the users of public services are an immense hidden resource which can be used to transform services – and to strengthen their neighborhoods at the same time.

I have two comments on this excellent paper form the viewpoint of somebody who has been working and thinking on trust and services on the Internet for some time.

Firstly, I would say that co-production is something that we have seen happening on the World Wide Web and its service provision infrastructure. We have seen the emergence of Wiki’s, blogs, crowd sourcing, social networking and self-help groups, mash-ups and other instruments for users to cooperate in collecting and providing data that is of value to themselves and others.

It is therefore surprising that the Internet with the Web and its combined influence on creating, as well as potential to help solving the societal challenges which the authors mention, is nowhere discussed in the paper.

Also the plea for Open Data (particularly public data) on the Web by Tim Berners-Lee (see ) and which is already being taken up in the US and the UK now, are clear examples of possible forms of co-production in public services in my view.

Secondly, whilst the authors, mention the problems of centralized control and monitoring as one major reason for the problems, they do not give explicit attention to this aspect by arguing for methods of more decentralized control, which would be a logical consequence.

Our services, in particular on the Web, are more and more being build up as dynamic chains of subservices, with a serious lack of transparency and hence responsibility. The drive to efficiency has led to enormous task divisions and many levels of outsourcing of these (sub)tasks. At the same time the responsibility remains at the top, without real potential to exercise this responsibility. Hence the poor quality and narrow focus on financial consequences.

Tackling complexity in large systems will always require local feedback control. This does not mean that we should leave everybody to monitor and react in its own way. But it means that given a proper feedback and monitoring framework, feedback actions (eg. improvement of local services) can be largely left to the local environment within certain constraints, thus stimulating creativity. Creative use by citizens of new technology infrastructures could help strengthening and speeding up the so much needed move to a new public service infrastructure.

ICT (the Internet, Web and its service infrastructure) has been developing into an excellent environment to experiment and innovate public services based on co-production.

Cooperation (or co-production) of the authors of this excellent paper with experts in the field of services and social networks in the digital environment could well help this change process forward.