Workshop report for DISIPRAC: Digital identity security information practices of citizens

I am pleased to share with you the final report from the DISIPRAC workshop held in Edinburgh on 27 February 2020. The workshop was held at Edinburgh Napier University as part of a research project called “DISIPRAC: Workshop report for DISIPRAC: Digital identity security information practices of citizens”. This work was undertaken by myself and my Centre for Social Informatics colleague, Peter Cruickshank.

In the report, we provide a summary of the workshop and provide some evidence of a number of issues around the management of digital identities based on a series of scenarios. We are not making recommendations in the report, although we do hope that the content might inspire others to start thinking about solutions to some of the issues that were raised at the workshop. The report covers:

  • The service user, including issues and risks associated with helping them
  • The role of the helper or “proxy”, including associated challenges and points of conflict, and the role of guidelines and training
  • An overview of the terminology, including identity, issues with the word “proxy”, and the role that trust plays
  • Some implications for systems design

The next steps that Peter and I will take on this project includes academic dissemination in the form of conference papers and posters and the creation of a roadmap for future, related research. We want to use the findings from this to support a larger-scale project on information proxies and real-world online identity management.

We are keen to continue engaging with practitioners and community volunteers, so we would appreciate it if you could help by sharing with us your thoughts and feedback related to the contents of the report and (importantly) the next steps or related future work that you think we should consider.

Download the workshop report:

The full report (.pdf file) can be accessed from the Edinburgh Napier University Repository here or download the file here.

Also available is a template (.docx file) for the scenario worksheets. This can be accessed from the Repository here or you can download the file here.

These documents are provided with a Creative Commons Attribution-ShareAlike (CC BY-SA 4.0) license. Please share changes and examples with the original authors, Peter Cruickshank (p.cruickshank@napier.ac.uk) and Frances Ryan (frances@francesryanphd.com).

Please do not hesitate to get in touch with Peter or me if you have any questions or feedback.

Registrations now open for a workshop on the digital identity security information practices of citizens (DISIPRAC)

Registrations are now open closed for a workshop related to how information workers help people to manage their digital identities. The event (27 February 2020) is part of a project called DISIPRAC: Digital identity security information practices of citizens and is being undertaken at the Centre for Social Informatics at Edinburgh Napier University by myself and my colleague, Peter Cruickshank.

Through this work, we are investigating the security information practices associated with digital identity, in particular, the sharing of log-in details and to develop the concept of “social proxies” for managing digital identities.

This workshop (27 February 2020) is best suited for professionals, citizen support and advocacy groups, and other similar stakeholders who work with adults in the community.

Registrations are now closed. View the event page here.

In the hands-on workshop, we will work to understand the issues information workers face when supporting (potentially vulnerable) citizens to better cope with increased levels of security for government systems that are increasingly integral to their every-day lives. We will do this using a set of pre-defined scenarios over the course of the day, based around access to services provided by UK, Scottish and local governments.

When: Thursday, 27 February 2020 (9:30am registration, 4:00pm finish)
Where: Edinburgh Napier University’s Merchiston Campus
Who: Professionals, citizen support and advocacy groups, and other similar stakeholders who work with adults in the community (for example, librarians, digital literacy workers, and computer club volunteers)

Travel bursaries:
We have a small budget for travel assistance for attendees travelling from outside of Edinburgh. If you would like to be considered for a travel bursary, please let us know on your registration form.

Background information:
Over the last decade, most levels of government have been implementing a policy often called “digital by default” or “digital-first” in the name of efficiency and cost savings to prioritise online services such as Universal Credit and myaccount. At the same time, the security of online systems has been increasing, making it more challenging for everyone to actually accessing the services they need. This is bound to impact the information practices of many users. One result might be the temptation to avoid the use of some online systems altogether, but this is often not a practical option. Another could be individuals using risky behaviours with their digital identity, such as sharing passwords, with obvious implications for data protection and privacy. More information can be found here.

Please contact me if you have further questions about the event or the project as a whole.

TAPESTRY Sandpit: Register your interest today!

Registration now closed.

Calling all PhDs and Early Career Researchers (ECRs) for a sandpit-style workshop.

When is it? February 3-4 @ University of Surrey, UK

Who is it for? PhD students or Early Career Researchers (ERCs) working on topics in Trust, Identity, Privacy and Security (TIPS)

What is TAPESTRY? TAPESTRY is a socio-technical study of trust in online identities – the psychology of how trust is engendered on and off-line, how we can design for trust, and how emerging technologies such as AI and Blockchain can help create tools that enable us to make better trust decisions online. Further information can be found on the short video below.

What happens at the event? We are running a facilitated sandpit workshop on 3-4 February to explore novel applications of research outcomes from the EPSRC / UKRI Digital Economy funded TAPESTRY project. For more information on Sandpits, see these resources from the EPSRC – but note this event is being run by the TAPESTRY team not EPSRC (please apply using our EOI form below). The sandpit will be highly multi-disciplinary and we welcome applications from all disciplines across Sciences, Arts and Humanities.

As part of the Sandpit, participants will learn more about the TAPESTRY project. They will then form teams, and develop proposals to explore new uses of the social insights and technical tools that have been developed during TAPESTRY. We will award £10,000 of funding at the Sandpit, across the top three proposals. The three successful teams will then have three months to deliver their mini-projects, before attending a follow-up workshop to present a report on their research.

Please fill out the Expression of Interest (EOI) form if you would like to attend the Sandpit.

** Funding to support attendance is available **

Bursaries: PhD/ECRs selected to attend will be awarded a bursary of up to £200 GBP to support travel. Accommodation will be provided for 3rd February, plus meals during the Sandpit. Academics/supervisors may also attend at own cost. In both cases please use the EOI form above.

Key dates:
Event: 3-4 February, University of Surrey, Guildford UK
Apply via EOI form by: 24 January 2020 — DEADLINE EXTENDED!
Notification of acceptance: 24 January 2020

Questions? Contact me here or via Twitter.

A workshop: Helping people to manage their digital identities

I have recently started work on a new research project, titled DISIPRAC: Digital identity security information practices of citizens. The project scope is to investigate the security information practices associated with digital identity, in particular, the sharing of log-in details and to develop the concept of “social proxies” for managing digital identities.

Over the last decade, most levels of government have been implementing a policy often called “digital by default” or “digital-first” in the name of efficiency and cost savings to prioritise online services such as Universal Credit and myaccount. At the same time, the security of online systems has been increasing, making it more challenging for everyone to actually accessing the services they need. This is bound to impact the information practices of many users. One result might be the temptation to avoid the use of some online systems altogether, but this is often not a practical option.  Another could be individuals using risky behaviours with their digital identity, such as sharing passwords, with obvious implications for data protection and privacy.

Some system designers and system owners/managers are aware of the potential impact of this change and are starting to accommodate some users through “assisted digital” services, “alternative journeys” and models of guardianship or delegated identity. However, it is unclear if these capture the range of informal support that happens around social proxy practices and behaviours.

This is where DISIPRAC comes in. This work will be undertaken with Peter Cruickshank, my colleague in the Centre for Social Informatics, and has been funded by a research development grant at Edinburgh Napier University. Peter is the PI on the project (and my former PhD supervisor). He brings more than 10 years’ experience in researching how citizens adopt and learn how to use internet technologies for participation in democratic processes and to engage with government services online. This is complemented by my own research in information behaviour and practices related to online information sharing and use, including my PhD work and my involvement in another Napier project, Social media by proxy: Strategies for managing the online profiles of adults with dementia, and my work at the University of Dundee, TAPESTRY: Trust, Authentication and Privacy over a DeCentralised Social Registry.

At this time, we are conducting a literature review and beginning to plan for a workshop in February that will be used as our primary source of research data. The workshop will be for professionals, citizen support and advocacy groups, and other similar stakeholders. Its aim will be to understand the issues they face when supporting (potentially vulnerable) citizens to better cope with increased levels of security for government systems that are increasingly integral to their every-day lives. We will do this by working through a set of pre-defined scenarios over the course of the day, based around access to services provided by UK, Scottish and local governments.

How can you help? Send us your (anonymised) stories now!
We are compiling a selection of stories and examples for how people support others in relation to their online identities. If you have a story to share, please send them my way. All stories will be anonymised.

Ultimately, this project will address the gaps in current research related to users’ real-world information practices around their digital identity, particularly by citizens and customers in a non-discretionary context.

We are very excited to have a chance to find out more about this highly topical area. We will learn more about the relationship between identity (who we are) and digital identity (how IT systems recognise us), and we recognise that information practitioners in libraries and voluntary organisations are at the front line of the change in public services. This project is a great opportunity to make contacts and hear stories – and hopefully provide the basis for a larger future project.

Stay tuned for more information about the workshop, including how you can get involved. And, as always, please contact me if you have any questions!

[Note: Image by Michael Morrow, sourced on Flickr and used under Creative Commons License.]

Building identity online at #ASIST2017: A poster presentation

I am leaving for Washington, DC tomorrow morning to attend the 80th Annual Meeting of the Association for Information Science and Technology (ASIST), where I will be presenting some of my research in the form of an academic poster. The presentation will be held during the President’s Reception on 30th October (6.30-8.00 pm) at the Hyatt Regency Crystal City (Independence Level, Center A).

The poster is titled “Building identity in online environments: an Information Science perspective” and was co-authored with my PhD supervisorsPeter CruickshankProfessor Hazel Hall, and Alistair Lawson. The research draws from some of the findings from my doctoral investigation on the use of online information in the management of personal reputation. Specifically, this work concerns an aspect of information behaviour and use related to the creation of online identity, which is addressed in one of my four research questions: How do individuals use information to build identities for themselves online?

This qualitative study used participant diaries and in-depth, semi-structured interviews as data collection tools. It involved 45 UK-based participants, and data collection took place between October 2015 and January 2016.

The content of the poster shares findings related to three areas of identity building. These are:

  • The creation and use of online “personas” and identities
  • The use of anonymity and pseudonyms through information sharing – or concealment – practices
  • The ways in which private and professional selves blur or merge together in online environments

The main finding presented in this work is that individuals present elements of their offline lives using online information to showcase different “personas”. However, they do not do this with the intention of building identity. The findings explored in this presentation are contextualised with reference to identity building in the more formal setting of academic reputation management, i.e. through the use of citations.

Please stop by the poster session to learn more about this research and my doctoral studies as a whole. You can also find me during the coffee breaks or other social activities.

Not in attendance? Don’t worry! As part of my “professional persona” I like to share information online. The links below will allow you to engage with my presentation from afar!

⇒  Poster download (low-res for online viewing)

⇒  Poster handout with further information

⇒  Full abstract from Edinburgh Napier University’s repository

If you have any questions about this research or the doctoral study as a whole, please contact me.

If you wish to interact in real-time, you can ask me questions on Twitter (@FrancesRyanPhD) or follow along with the conference using the hashtag #ASIST2017.

Life in a digital fishbowl

I gave my first full-on public talk last night and am pretty excited about how it went. The talk, titled “Life in a digital fishbowl: Managing your reputation online”, was part of the 2014 Skeptics on the Fringe line up in the Edinburgh Fringe and was given to a nearly full house. (Thankfully, it was a rather small venue so wasn’t too nerve-racking!)

I was very excited to have been invited to speak and spent the last couple of months slightly anxious about how it would go. After all, this was the first time I’ve done something like this. Though whilst I felt rather awkward the whole time, I’ve been told by others that I didn’t seem nervous at all. (So either I’m going to be a great public speaker one day, or I’ve been told some kind tales to fluff my ego. Or both!)

I broke my talk into three sections: An introduction to my background and my research; some further insights and examples into issues of reputation, identity, and information; and a bit of homework in the form of some tips and tricks for monitoring and managing online information.

I tried to make it a bit relevant, though I’m sure I may have lost or confused one or two people, as I didn’t really know the best way to piece the different bits of information together. The key takeaway was that there is more information online than you might realise, and that you are not necessarily in control over it! (Not in a completely scary way.)

I had a couple of supportive friends and PhD supervisors in the audience to lob (easy!) questions to me if no one else asked any. But—thankfully!—the audience seemed more than interested in asking questions of their own.

Overall, the experience was a great opportunity for me to think about how my research fits within my own field as well as society as a whole. Importantly, it was also a great opportunity for me to gain a bit of confidence. (Something I feel I’m lacking at this point in my research career.)

It also gave me the confidence to state my opinions on issues of online reputation management, so I will try to share some of them here with you.

Below are the slides from my presentation. There isn’t too much text, so they won’t really help to give an overview of the talk. But if you have any questions, feel free to contact me!

(See write-ups from the Edinburgh Skeptics here or my supervisor, Professor Hazel Hall, here.)

[Photo Copyright Professor Hazel Hall]

Finding some clarity: It’s about reputation (not privacy)

I’ve spent the past few weeks reading about privacy, identity, and reputation so that I can try to resolve a few questions I have about where I want to take my PhD research. My area of interest is reputation, but with so many elements impacting reputation it can be hard to interpret the map with all of my thoughts and ideas.

I admit that it’s been extremely frustrating because I’ve found myself heading down so many paths that have been filled with more distraction than relevance and I was starting to wonder if I’d ever be able to find a path that could bring me a bit more focus. (I understand this is a common problem at the start of a PhD, so I haven’t felt like a failure because of it—but it hasn’t built up my confidence, either.)

Thankfully, this is where my supervisors come in! They’ve “been there; done that” so are able to help guide me in the right direction. (Yay!)

I developed a very rough draft of an essay on privacy, identity, and reputation—and the relationship between the three—and sent my supervisors a copy ahead of yesterday’s supervision meeting. I was very unhappy with the draft because it seemed so [enter several negative adjectives here], but in the end it was a very useful tool because one of my supervisors took the time to write a summary of key points on a white board for us to discuss—and that discussion led to a great amount of useful waypoints.

By the end of the meeting, I was filled with a renewed sense of excitement because I could see the path a little more clearly. There is still a bit of fog and I’m sure there will be a few rough patches to traverse, but I feel that this path will lead me to a couple of major roads before too long.

Moving forward, I will start to look a bit more at the idea of online identities and their relationship with reputation—and I’ll try to remember that my PhD is not about privacy*. I’ll be investigating issues of multiple identities (personas/personalities) including pseudonyms and anonymous accounts and how they’re used in an online environment—as well as some of the recent discussions around requirements for the use of “real names” by organisations like Google and Huffington Post.

I hope to have a bit more clarity on my research soon, at which time I will try to be a bit less vague in what I’m sharing. In the mean time, if you have any great resources you wish to share with me on reputation and identity, please feel free to contact me or comment below!

* I’ll talk about my desire to keep privacy on the fringe of my research later—after I’ve clarified it all a bit more in my own mind.