Motivation – TRUST aWARE

Socio-technical context

The digital economy is a complex socio-technical phenomenon where different stakeholders interplay, users often get exposed to a myriad of security and privacy (S&P) threats when they use digital services for social networking, entertainment, banking, education, health, or even home security.

The digital economy is a complex socio-technical phenomenon that has brought in many advantages for citizens and society. However, cyber threats are one of the most critical risks threatening the world while the cybersecurity market continues growing (from $3.5 billion in 2004 to $138 billion in 2017). In this complex ecosystem where different stakeholders interplay, users often get exposed to a myriad of security and privacy (S&P) threats when they use digital services for social networking, entertainment, banking, education, health, or even home security. The factors behind digital S&P threats are numerous and interconnected, being to a great extent a combination of inappropriate software engineering practices, bad user habits, and lack of regulatory enforcement and certification mechanisms, among others.

There are fundamental and interconnected problems for the different stakeholders involved in the development, certification, regulatory enforcement and use of digital products:

Users are not always aware of their exposure to S&P risks when they use software. This results in bad usage habits and lack of risk prevention mechanisms.

Developers are lacking best-practices for S&P-by-design in software engineering. This results in S&P issues for end users (either intentional or unintentional ones) due to poor development practices, aggressive data-driven business models, and market pressures for quick releases without assuring S&P compliance.

Standards and certifications are key enablers for assessing and assuring the level of S&P protection provided by modern software and their risks. However, developers and operators lack S&P certification methods and standards.

Regulators and national agencies all over the world are defining and implementing new legal frameworks for protecting citizens against online S&P threats. But it is unclear whether the penalties are sufficient deterrent against S&P mispractices. At the same time, the pace of technological innovation is faster than policy-making and enforcement. There is a lack of effective tools for collective intelligence, assessment and enforcement.

For the EU and the Member States to define improved security and privacy policies and to establish a long-term vision, it is fundamental to have data, information, and a body of knowledge regarding privacy, data protection and the associated ethical, legal and socio-economic aspects. It is essential to involve individuals and organisations in the process, and to reach out to stakeholders as the main player in the effective response to online concerns.

TRUST aWARE vision

In this multi-party socio-technical context, the TRUST aWARE vision aims to revert the current “S&P vicious cycle” by providing holistic and actionable intelligence and tools for the different stakeholders towards turning it into a “TRUST aWARE virtuous cycle”.

The tools and solutions will offer effective mechanisms to protect the freedom, security, and privacy of citizens across platforms while enhancing users’ TRUST on SoftWARE, cybersafety, and EU’s digital market position. Specifically, TRUST aWARE will facilitate this by delivering:

User-friendly tools to protect consumers against S&P cyberthreats (attacks, abusive practices and inappropriate behaviours of digital services) to enable them to better understand, control, detect and respond to S&P threats and attacks in a timely manner, as well as configuring their own S&P protection settings.

Collective intelligence for Computer Emergency Response Teams (CERTs) and Authorities in collaboration with citizens, Chief Information Security Officers (CISOs) and Data Protection Officers (DPOs) to ensure and audit that digital products and their S&P practices are transparent, secure and in compliance with regulation.

Knowledge to foster S&P-by-design in software engineering by supporting developers and digital service operators with standards and certification methods for compliance with the European S&P regulation.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
CookieLawInfoConsent	1 year	he cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
is_unique	5 years	This cookie is set by Statcounter. It is used to determine whether a user is a first-time or a returning visitor and to estimate the accumulated unique visits per site.
is_visitor_unique	2 years	This cookie is set by StatCounter Analytics. It is used to determine whether a user is a first-time or a returning visitor.
sc_is_visitor_unique	2 years	This cookie is set by the website that you visit. When it is first set, a random id is generated and stored in the cookie in order to avoid counting you as a visitor more than once. Similarly to the is_unique cookie, this cookie also stores a count of your returning visits.