Trust as a Sustainability Requirement Baraa Zieni Ruzanna Chitchyan Reiko Heckel University of Leicester University of Leicester University of Leicester Leicester, UK Leicester, UK Leicester, UK bz60@leicester.ac.uk rc256@leicester.ac.uk rh122@leicester.ac.uk Abstract—Trust is the key concern that underpins social other relevant areas, such as group and social psychology are sustainability. In this paper we provide a brief overview of missing here). trust from a number of perspectives (from security to customer relationship management), and present our take on trust as an A. Trust in Security interaction-based phenomenon. Index Terms—trust, sustainability, trust requirements. Many researchers have examined the notion of trust in software systems as closely aligned with security or privacy. I. I NTRODUCTION Some have focused on security of the system as an artefact, Klaus Pohl states that “Requirements engineering is the while others focus on the human aspects of security. For process of eliciting individual stakeholder requirements and instance Elahi [8] suggests that the more trust there is between needs and developing them into detailed, agreed requirements the end users of the software system and other stakeholders, documented and specified in such a way that they can serve the less security they need (e.g., if there is no perceived risk or as the basis for all other system development activities” [1]. loss - i.e., mistrust - there is no perceived need for protections). Inability to identify the relevant requirements, or to keep up The perception of security of a software system is a mere pre- with changing requirements is the key reason for software requisite for the initiation and maintenance of trust towards it. project failures [2]. Furthermore, since it is in requirements Security does not guaranty trust towards a software system, that the core focus, functions, and constraints of the software but it is important to make it trustworthy. system-to-be are defined, Requirements Engineering has also B. Trust in (Customer) Relationships a key role to play in developing software that would foster sustainability [3]. Trust in (customer) relationship management can be divided Sustainability is often defined as the state whereby the into two categories: the initial trust and the ongoing trust. humankind can “meet the needs of the present without com- Initial trust involves the willingness to trust the other promising the ability of future generations to satisfy their party without having a prior experience or knowledge of own needs” [4]. The requirements engineering research has its background [9]. Ongoing trust is dynamic and relies on interpreted this broader definition as an objective for sustain- actual experiences and interactions between two parties [9]. In ability inducing software systems to continuously support the either case, trust is one of the key foundations that facilitates combined set of sustainability dimensions (i.e., environmental, relationships. Brown [10] suggests that trust in relationships economic, personal, social, and technical) [5], [6]. can be built over time via very small actions. Thus, when In this work we focus on the social dimension of sustain- considering changes of trust over time, it is important to ability, specifically on its trust requirements. As noted by R. distinguish between the initial perspective and ongoing trust Goodland [7], “Social sustainability [...] create[s] the basic to better highlight the evolving and changing nature of the framework for society. It lowers the cost of working together notion of trust. and facilitates cooperation: trust lowers transaction costs.” Trust seems to play a crucial role in reducing users’ uncer- But what exactly is trust? And how does it lower transaction tainty. Damian-Reyes and colleagues suggest that it is one of costs? And what requirements do we need to “elicit, document, the factors that can affect user confidence in a software system and agree” so that the resultant software system promotes [11]. Previous studies reported trust as behavioural intention social sustainability through enhanced trust? These are the which can affect vulnerability and uncertainty [12]. Similarly, kinds of questions that we hope to address in our research. Ruohomaa et. al [13] discussed trust as a key tool which helps This paper provides the very brief summary of related work the end users cope with the uncertainty in making a decision. on trust (in Section 2), and an overview of our initial thoughts C. Trust Factors and research direction (in Section 3). Li and colleagues [14] report that the initial trust is af- II. R ELATED W ORK fected by the perceived social pressure (to perform or not The topic of trust has been studied in many sciences and in accordance with some “subjective norms”), the cognitive from many perspectives. We will discuss some of those that reputation, calculative, and organisational situational normality we consider relevant to our work below (though we note that based factors. They also observe that individual’s personality Copyright © 2017 for the individual papers by the papers' authors. Copying permitted for private and academic purposes. This volume is published and copyrighted by its editors. or the technology did not substantially affect the trusting stakeholders. This will serve as the starting point of the trust beliefs. relationship. The dynamic model of the relationship evolution The factors that affect trust were studied specifically for the and evaluation will then build upon the initial trust. case of new software systems. The authors have grouped these In light of this, we will work on building a trust model that: factors into several “trust categories”, which include: 1) Starts from eliciting the end-user requirements which • Personality-based trust; support the socio-technical interactions between users • Cognition-based trust (or reputation); and the system. The first set of such requirements • Institutional-based trust (structural assurance); will address the most frequently repeated require- • Information technology, which includes factors such as ments/services that the users ask for, and that (as per security, privacy, and general online experiences; related published work) is considered essential on es- • Social factors, such as national culture; tablishing the trust relationship between the stakeholders • Diffusion of innovation: as users initially receive some and the system. information about an innovation and its advantages and 2) Study how the socio-technical interactions are affected disadvantages, this forms their initial attitude toward the by various environments (e.g., product markets); innovation and influences subsequent adoption decisions. 3) Study how such interactions are affected by specific The specific mix and selection of the listed factors for each stakeholder requirements and constraints (e.g., posed by individual depends on their characteristics (e.g., no prior expe- developers, or the business owners). rience in IT systems for business), and context characteristics In conclusion we would like to underline that some may (e.g., national culture of the Jordanian context). suggest that trust requirements (possibly implicitly) are already III. R ESEARCH A PPROACH AND O UTLOOK covered in traditional RE, as trust towards a system is gained As outlined in the previous section, a number of inter- if the system i) functions as expected, ii) is efficient, iii) is pretations and factors of trust have been investigated. The reliable, iv) is usable, and v) is safe and secure. Yet, the key present work is focused on operationalising the notion of trust distinction of this work from any previously published RE into software requirements in order to inform trusted software work on topics that relate to trust is that we underline the need systems design. For this we first need to establish the scope for continuous evolution in a trust model and requirements. of the notion of trust for this work. Drawing on the previous All previous work has formulated static requirements, which, research we observe that: though may relate to trust, do not reflect its’ dynamic nature. • Trust is a relationship. Although some key characteristics ACKNOWLEDGEMENTS (such as security, an individual’s willingness and aptitude This research is partially supported by the EPSRC HoSEM to trust, social conventions, etc.) are essential for the (EP/P031838/1) grant, as well as sponsorship awarded to Ms. initiation of the relationship, it also requires interaction Zieni. We also would like to personally thank Riman S. for between the involved entities. her continuous moral support. • Trust is dynamic. As any relationship that involves humans, a trust relationship is subject to continuous R EFERENCES change. The change is driven by feedback from the [1] K. Pohl, Requirements Engineering - Fundamentals, Principles, and interaction whose results are evaluated by the participants Techniques. Springer, 2010. and, where considered relevant, contribute to building up [2] C. Ebert, “Episode 114: On requirements engineer- or eroding the relationship. ing,” 2008. [Online]. Available: http://www.se-radio.net/2008/10/ episode-114-christof-ebert-on-requirements-engineering/ • Trust is cumulative. While a single result from a specific [3] C. Becker, S. Betz, R. Chitchyan, L. Duboc, S. M. Easterbrook, interaction may not have substantial effect on the trust B. Penzenstadler, N. Seyff, and C. C. Venters, “Requirements: The Key relationship, repeated similar results are likely to have a to Sustainability,” IEEE Software, vol. 33, no. 1, pp. 56–65, Jan-Feb 2016. defined cumulative effect (e.g., if an employee is late for [4] G. H. Brundtland and UN World Commission on Environment and one of the meetings, (s)he is likely to be excused; but if Development, Our common future. Oxford University Press, 1987. (s)he is repeatedly late, (s)he is likely to gain an “always [5] B. Penzenstadler, V. Bauer, C. Calero, and X. Franch, “Sustainability in software engineering: A systematic literature review,” in 16th Interna- late” reputation). tional Conference on Evaluation & Assessment in Software Engineering, Thus, we suggest that trust is a relationship which will EASE 2012, Ciudad Real, Spain, May 14-15, 2012. Proceedings, 2012, pp. 32–41. change over time through the evaluation of relevant interac- [6] C. C. Venters, N. Seyff, C. Becker, S. Betz, R. Chitchyan, L. Duboc, tions by the participants in the relationship. D. McIntyre, and B. Penzenstadler, “Characterising sustainability re- Given the above interpretation of trust, our work aims to quirements: A new species, red herring, or just an odd fish?” in Pro- (i) elicit (specific and measurable) requirements that enable ceedings of the 39th International Conference on Software Engineering: Software Engineering in Society Track, ser. ICSE-SEIS ’17, 2017, pp. trustworthy software systems engineering; and (ii) define a 3–12. trust evaluation model for measuring the current trust level [7] R. Goodland, “Sustainability: Human, social, economic and environmen- within the given software system and its dynamics. tal,” 2002. [8] G. Elahi and E. Yu, “Trust trade-off analysis for security requirements For this, we must first account for the initial trust relation- engineering,” in Requirements Engineering Conference, 2009. RE’09. ship between the software system (or system-to-be) and its 17th IEEE International. IEEE, 2009, pp. 243–248. [9] J.-N. Lee, M. Q. Huynh, and R. Hirschheim, “An integrative model of trust on it outsourcing: Examining a bilateral perspective,” Information Systems Frontiers, vol. 10, no. 2, pp. 145–163, 2008. [10] B. Brown, Daring Greatly: How the Courage to Be Vulnerable Trans- forms the Way We Live, Love, Parent, and Lead. NY: Gotham Books, 2012. [11] P. Damián-Reyes, J. Favela, and J. Contreras-Castillo, “Uncertainty management in context-aware applications: Increasing usability and user trust,” Wireless Personal Communications, vol. 56, no. 1, pp. 37–53, 2011. [12] C. Moorman, G. Zaltman, and R. Deshpande, “Relationships between providers and users of market research: The dynamics of trust within and between organizations,” Journal of Marketing Research, vol. 29, no. 3, pp. 314–328, 1992. [13] S. Ruohomaa and L. Kutvonen, Trust Management Survey. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005, pp. 77–92. [14] X. Li, T. J. Hess, and J. S. Valacich, “Why do we trust new technology? a study of initial trust formation with organizational information systems,” The Journal of Strategic Information Systems, vol. 17, no. 1, pp. 39 – 71, 2008.