Transparency Enhancing Technologies to Make Security Protocols Work for Humans

Abstract: As computer systems are increasingly relied on to make decisions that will have significant consequences, it has also become important to provide not only standard security guarantees for the computer system but also ways of explaining the output of the system in case of possible errors and disputes. This translates to new security requirements in terms of human needs rather than technical properties. For some context, we look at prior disputes regarding banking security and the ongoing litigation concerning t… Show more

“…Many other faulty traditional systems have caused legal issues [7]. Reasoning about the responsibility of individual bug occurrences in a system is difficult because if the probability of a bug occurring is similar to the probability of a user committing fraud then we are left with biases [30].…”

“…As the Group Litigation showed, an approach based on transparency of the know error log and intelligible recordings of the system's operations could improve things by making accessible the information that was actually useful in practice [30]. This would make it possible for subpostmasters to (i) be aware of potential bugs (transparency about the system), (ii) analyse the logs of their system's operation (transparency about their interaction with the system), and (iii) have access to evidence that can be used to contest any faults that may occur.…”

Transparency, Compliance, And Contestability When Code Is(n't) Law

“…Many other faulty traditional systems have caused legal issues [7]. Reasoning about the responsibility of individual bug occurrences in a system is difficult because if the probability of a bug occurring is similar to the probability of a user committing fraud then we are left with biases [30].…”

“…As the Group Litigation showed, an approach based on transparency of the know error log and intelligible recordings of the system's operations could improve things by making accessible the information that was actually useful in practice [30]. This would make it possible for subpostmasters to (i) be aware of potential bugs (transparency about the system), (ii) analyse the logs of their system's operation (transparency about their interaction with the system), and (iii) have access to evidence that can be used to contest any faults that may occur.…”

Transparency, Compliance, And Contestability When Code Is(n't) Law