Abstract
As computer systems are increasingly relied on to make decisions that will have significant consequences, it has also become important to provide not only standard security guarantees for the computer system but also ways of explaining the output of the system in case of possible errors and disputes. This translates to new security requirements in terms of human needs rather than technical properties. For some context, we look at prior disputes regarding banking security and the ongoing litigation concerning the Post Office’s Horizon system, discussing the difficulty in achieving meaningful transparency and how to better evaluate available evidence.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Further details can be found through the crowd-funded coverage by journalist Nick Wallis at http://www.postofficetrial.com/.
- 2.
This sounds like a US Class Action, but is quite different. Claimants participating in a Group Litigation Order must opt-in, are still liable for the other party’s costs if they lose, and each case is still treated individually albeit with issues that are common to all.
- 3.
This is not unlike how safety-critical systems like traffic lights operate. The complex system is mediated by a much simpler high assurance unit that ensures certain invariants, like there being only one green light active at a junction.
References
Anderson, R.: Why information security is hard-an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC 2001, Washington, DC, USA, p. 358. IEEE Computer Society (2001). http://dl.acm.org/citation.cfm?id=872016.872155
Azouvi, S., Hicks, A., Murdoch, S.J.: Incentives in security protocols. In: Matyáš, V., Švenda, P., Stajano, F., Christianson, B., Anderson, J. (eds.) Security Protocols 2018. LNCS, vol. 11286, pp. 132–141. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03251-7_15
Hicks, A., Mavroudis, V., Al-Bassam, M., Meiklejohn, S., Murdoch, S.J.: VAMS: verifiable auditing of access to confidential data. CoRR abs/1805.04772 (2018). http://arxiv.org/abs/1805.04772
Jaynes, E.T.: Probability Theory: The Logic of Science. Cambridge University Press, Cambridge (2003)
Jee, C.: Computer World UK: Post Office obstructing Horizon probe, investigator claims, February 2015. https://www.computerworlduk.com/infrastructure/post-office-obstructing-horizon-probe-investigator-claims-3596589/
Mason, S.: Case transcript: England & Wales-Regina v Seema Misra. Digit. Evid. Electron. Signat. Law Rev. 12, 45–55 (2015)
McCormack, T.: The post office horizon system and Seema Misra. Digit. Evid. Electron. Signat. Law Rev. 13, 133–138 (2016)
Murdoch, S.J., Anderson, R.: Security protocols and evidence: where many payment systems fail. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 21–32. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_2
Steventon, B.: Statistical evidence and the courts—recent developments. J. Crim. Law 62(2), 176–184 (1998)
Tukey, J.W.: The future of data analysis. Ann. Math. Stat. 33(1), 1–67 (1962)
Acknowledgments
The authors would like to the attendees of the workshop, Peter Sommer, and Stephen Mason for interesting discussions. Alexander Hicks is supported by OneSpan (https://www.onespan.com/) and UCL through an EPSRC Research Studentship, and Steven Murdoch is supported by The Royal Society [grant number UF160505].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Sequential Application of Bayes’ Theorem and Conditional Independence
A Sequential Application of Bayes’ Theorem and Conditional Independence
Assuming conditional independence of the pieces of evidence given the liability (or not) of a party, we can obtain Eq. 2 for multiple pieces of evidence evaluated sequentially from the following calculation.
The assumption of conditional independence given that the party is liable (or not) allows us to go from \(\prod _{i=1}^n P(e_i|liable)\) to \(P(e_1,\dots ,e_n|liable)\). This means that if we know that a party is liable, then knowing a piece of evidence \(e_i\) does not yield additional knowledge about another piece of evidence \(e_{j\ne i}\) i.e. \(P(e_j|e_i, liable)=P(e_j|liable)\). Similarly, we also use the assumption that pieces of evidence are conditionally independent given that the party is not liable to go from \(\prod _{i=1}^n P(e_i|\lnot liable)\) to \(P(e_1,\dots ,e_n|\lnot liable)\). (Note that we are not concerned with whether or not the liability of different parties is dependent, but rather whether different pieces of evidence are conditionally independent given the liability of a party).
We argue that assuming conditional independence of the items of evidence given the liability (or not) of a party is reasonable because the effect that a piece of evidence might have on another is through its effect on the belief that the party is liable (or not). When the liability (or not) of the party is given, then it may no longer have a noticeable effect, and thus the pieces of evidence can be assumed to be conditionally independent given the liability (or not) of a party.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hicks, A., Murdoch, S.J. (2020). Transparency Enhancing Technologies to Make Security Protocols Work for Humans. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-57043-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57042-2
Online ISBN: 978-3-030-57043-9
eBook Packages: Computer ScienceComputer Science (R0)