d12 - BRIDGE Project
Transcription
d12 - BRIDGE Project
Deliverable reference: Date: Responsible partner: D12.03 10 August 2015 ULANC Bridging Resources and Agencies in Large-Scale Emergency Management BRIDGE is a collaborative project co-funded by the European Commission within the Seventh Framework Programme (FP7-SEC-2010-1) SEC-2010.4.2-1: Interoperability of data, systems, tools and equipment Grant Agreement No.: 261817 Duration: 1 April 2011 – 31 March 2015 www.sec-bridge.eu Title: D12.3 BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Editor: Approved by: Michael Liegl, Monika Büscher, Peter Wahlgren Dag Ausen Classification: PU – Public Abstract: This deliverable discusses emergent future practices of noticing and managing ethical, legal and social issues in large scale emergency management, drawing on social science research, co-design and experimental implementations of prototypes developed in the BRIDGE project (http://www.bridgeproject.eu/en). The aim is to identify opportunities, challenges and risks for innovation for 21st Century Social, Legal and Ethical Emergency Collaboration. The report presents analyses and evaluations of collaboration practices in emergency response, with a particular focus on ethical, legal, and social issues (ELSI) and including a discussion of implications for future sociotechnical innovation. In this it collects a desk study on emergency ethics, an exploration of IT in emergency response from a legal perspective and an investigation into the question on how to do IT in emergency response more carefully. It then presents our methodological innovations of ethically aware co-design and reports on the actual process of an ethical investigation into emergency IT during the (co-)design process with the example of the BRIDGE system of systems, reporting on some key findings concerning the ethical implications of the socio-technical systems we designed. Document URL: http://www.sec-bridge.eu/deliverables/... ISBN number: - D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 2 of 161 Table of Contents Executive Summary ................................................................................................... 7 1 Introduction: Benefitting from Disruptive Innovation ....................................... 10 2 Emergency Ethics, Law, Policy & IT Innovation in Crises .................................... 13 2.1 Introduction ................................................................................................................................................. 13 2.2 Emergency Ethics ...................................................................................................................................... 14 2.3 Emergency Law .......................................................................................................................................... 17 2.4 Emergency Policy ...................................................................................................................................... 20 2.5 Emergency Research Ethics ................................................................................................................. 23 2.6 Discussion: The question of technology ......................................................................................... 27 2.6.1 Ethics and its practicalities ............................................................................................................... 28 2.6.2 Emergence of new publics ................................................................................................................. 29 2.6.3 Posthuman research ethics ............................................................................................................... 29 2.7 Conclusion .................................................................................................................................................... 30 3 21st Century Emergency Collaboration – Legal Aspects ..................................... 31 3.1 Background .................................................................................................................................................. 31 3.2 A Structural Approach to a Legal Analysis of IT Systems in Emergency Response .. 34 3.3 A New Regulatory Culture? .................................................................................................................. 39 3.3.1 The Problem ............................................................................................................................................ 39 3.3.2 Co- and self-regulation........................................................................................................................ 40 3.4 Embedded Technical Solutions .......................................................................................................... 43 3.5 Pattern Recognition ................................................................................................................................. 45 3.6 Summary ....................................................................................................................................................... 47 4 ELSI in Crises: Doing IT more carefully ............................................................... 48 4.1 ELSI & The Informationalization of Crisis Response ............................................................... 51 4.1.1 (Un-)intended Consequences ............................................................................................................ 52 4.2 Concrete Insights through In-Depth Studies ............................................................................... 55 4.3 Disclosive Ethics ........................................................................................................................................ 60 4.4 Doing IT More Carefully: Future Work ........................................................................................... 64 5 Co-Designing for ELSI-aware Innovation ............................................................ 67 5.1 Research & Ethics...................................................................................................................................... 69 5.2 Designerly Approaches to IT Innovation ....................................................................................... 70 5.2.1 User-Centred, Participatory and Co-Design............................................................................... 70 5.2.2 Computer Supported Cooperative Work ..................................................................................... 74 5.2.3 Value Sensitive Design......................................................................................................................... 75 5.2.4 A philosophical turn to ethics in design ....................................................................................... 77 5.2.5 Engaged STS – The Public in Design ............................................................................................. 77 5.3 Regulatory Approaches to IT Innovation ...................................................................................... 79 5.3.1 Privacy by Design .................................................................................................................................. 79 5.3.2 Privacy and Ethical Impact Assessments .................................................................................... 80 5.3.3 Legal Risk Analysis in IT Innovation ............................................................................................. 81 5.4 Towards Design for Privacy & Design for Design ...................................................................... 81 5.5 BRIDGE ELSI Co-Design: Developing a Methodology .............................................................. 83 5.6 Conclusion .................................................................................................................................................... 88 6 Disclosive Ethics & ELSI Co-Design in the BRIDGE Project .................................. 90 Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 3 of 161 6.1 Ethical Topology of the BRIDGE Systems of Systems .............................................................. 90 6.2 Ethical, Legal and Social Qualities Sessions.................................................................................. 91 6.3 The BRIDGE Concept Cases .................................................................................................................. 92 6.4 Disclosing ELSI - Process ....................................................................................................................... 98 6.5 Disclosing ELSI – Findings ................................................................................................................. 100 6.5.1 Transparency: Two conflicting notions .................................................................................... 100 6.5.2 “Everything will be Logged” – Between Coordination and Surveillance .................... 103 6.5.3 Reciprocity of perspective: Do they know they are being watched? ............................ 105 6.5.4 Emergent Interoperability, Cooperation & Trust Building .............................................. 106 6.5.5 The Human in the Loop? Locating Responsibility ................................................................ 107 6.5.6 Where is Data Protection?.............................................................................................................. 108 6.5.7 Smartphone devices .......................................................................................................................... 110 6.5.8 Action distributed - Ethics re-specified: Posthuman Phenomenology & FRITS ....... 112 6.6 BRIDGE Middleware, Concept Cases and ELSI ......................................................................... 113 6.6.1 BRIDGE System of Systems Integration and Middleware ................................................. 114 6.6.2 Adaptive Logistics .............................................................................................................................. 116 6.6.3 Advanced Situation Awareness .................................................................................................... 117 6.6.4 Dynamic Tagging (eTriage) .......................................................................................................... 117 6.6.5 First Responder Integrated Training System FRITS ........................................................... 118 6.6.6 Information Intelligence ................................................................................................................. 119 6.6.7 Master ..................................................................................................................................................... 120 6.6.8 Robust and Resilient Communication ....................................................................................... 121 6.6.9 Situation aWAre Resource Management ................................................................................. 122 6.7 Discussion: The Leverage and Limitations of Disclosure ................................................... 122 7 Conclusion: BRIDGE-ing for Preferable Futures ............................................... 123 7.1 ELSI Aware Socio-Technical Informationalization of Crisis Response ........................ 123 7.1.1 Balancing Security with Emergent Interoperability........................................................... 123 7.1.2 Balancing Privacy and Security ................................................................................................... 123 7.1.3 Data Sharing, Large Scale, Cross-Country ............................................................................... 124 7.1.4 Interoperability and informational practice & politics ..................................................... 125 7.1.5 Regulating the use of Unmanned Arial Vehicles ................................................................... 126 7.1.6 Discovering Harmful Potential ..................................................................................................... 129 7.1.7 Professional Bias and the Public Interest ................................................................................ 129 7.1.8 Listening to the Crowd: Social Media, Inclusiveness and Dialog ................................... 130 7.1.9 Preventative Security, Social Sorting and Probabilistic Prediction ............................. 132 7.1.10 Ownership, Informational Self-Determination & Interpretive Authority ............. 133 7.2 Collectively Shaping Possible, Probable and Preferable Futures.................................... 133 8 Appendix ........................................................................................................ 136 References ............................................................................................................. 142 Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 4 of 161 Version History Version Description Date Who 1 Initial Structure 20.7.2011 Monika Büscher (MB) 2 Some Authors assigned, Reformatted and restructured 3.08.2011 MB 3 Outline Agreed 19.3.2014 MB, Michael Liegl (ML), Peter Wahlgren (PW) 5 Discussion of content in relation to 10.3, 2.5, 11.3 09.5.2014 MB, ML, PW 6 Revised structure 12.8.2014 ML, MB 7 Revised structure 30.8.2014 ML 8 Revised structure, added content cpt. 5 ethical requirements, content cpt. 6 legal requirements, authors assigned 20.10.2014 ML, PW 9 Revised structure, added content, 3 and 4 17.12.2004 ML 10 Revised structure, added new chapter 6 Legal Aspect 28.01.2015 ML 11 Revised structure, chapter 6 becomes cpt. 3 10.03.2015 ML 12 Finalised for 2nd review 20.04.2015 ML, MB 13 Submitted May 2015 ML 14 Revised in Response to Review Comments Aug. 2015 MB, PW, ML Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 5 of 161 Authors ULANC mobilities.lab Department of Sociology Lancaster University Lancaster, LA1 4YD, UK Monika Buscher, m.buscher@lancaster.ac.uk Michael Liegl, m.liegl@lancaster.ac.uk Sarah Becklake s.becklake@lancaster.ac.uk Xaroula Kerasidou xaroulakerasidou@gmail.com Katrina Petersen k.petersen@lancaster.ac.uk Rachel Oliphant r.oliphant@lancaster.ac.uk USTOCK Swedish Law and Informatics Research Institute, Faculty of Law Stockholm University 106 91 Stockholm, Sweden Peter Wahlgren, Peter.Wahlgren@juridicum.su.se Reviewers Fraunhofer-Institut für Angewandte Informationstechnik FIT Alexander Boden alexander.boden@uni-siegen.de Schloss Birlinghoven 53754 Sankt Augustin, Germany Thales D-CIS Lab P.O. Box 90 2600 AB Delft The Netherlands Rianne Goumann Rianne.Gouman@D-CIS.NL Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 6 of 161 List of Figures FIGURE 1 DISCUSSING EMERGENT PRACTICES AT END USER ADVISORY BOARD MEETINGS ....................... 11 FIGURE 2: EMERGENCY COLLABORATION/MANAGEMENT LAW ............................................................... 34 FIGURE 3 DISASTER MANAGEMENT PHASES ............................................................................................ 35 FIGURE 4 MATRIX COMBINING PROCESSES WITH VARIOUS TYPES OF REGULATIVE REQUIREMENTS. ........... 36 FIGURE 5 SHORT TERM LEGAL REFORMS AND LONG TERM LEGAL OBJECTIVES .......................................... 38 FIGURE 6 MEANS OF INFLUENCE.............................................................................................................. 43 FIGURE 7 A NEW REGULATORY CULTURE FOR DISASTER MANAGEMENT.................................................... 47 FIGURE 8 ETHICAL PRINCIPLES AND INTENDED AND UNINTENDED EFFECTS OF IT USE. ............................ 54 FIGURE 9 FACIAL RECOGNITION INTEGRATED INTO POLICE CAMERAS AT 2014 BRAZIL WORLD CUP. ........ 61 FIGURE 10 POTENTIAL OF FACIAL RECOGNITION IN THE BOSTON MARATHON SHOOTING .......................... 61 FIGURE 11 SILENT/SALIENT TECHNOLOGY (INTRONA &WOOD 2004:183)................................................ 63 FIGURE 12 DESIGN AS A DRIVER FOR RESPONSIBLE SOCIETAL INNOVATION ............................................. 68 FIGURE 13 THE CURRENT LANDSCAPE OF HUMAN-CENTERED DESIGN RESEARCH. ..................................... 72 FIGURE 14 CLASSICAL ROLES OF USERS, RESEARCHERS, AND DESIGNERS & CO-DESIGN ........................... 72 FIGURE 15 VISUALISING THE CO-DESIGN PROCESS .................................................................................. 73 FIGURE 16 VALUE SENSITIVE DESIGN...................................................................................................... 77 FIGURE 17 DISCLOSIVE ETHICS, LIVING LABORATORIES ........................................................................... 85 FIGURE 18 POWERPOINT SLIDES USED DURING THE ETHICS SESSIONS ....................................................... 87 FIGURE 19 ELSI QUALITIES SESSION OVERVIEW OF ETHICAL QUALITIES................................................. 98 FIGURE 20 SMARTPHONE PENETRATION IN A SELECTION OF EUROPEAN COUNTRIES (2013) .................... 111 FIGURE 21 SMARTPHONE GROWTH TRENDS 2020 .................................................................................. 111 FIGURE 22 ARCHITECTURAL, ETHICAL AND LEGAL QUALITIES .............................................................. 114 FIGURE 23 USHAHIDI HAITI MAP ........................................................................................................... 131 Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 7 of 161 Executive Summary A New Reality for emergency services in a 21st Century of Disasters As software is becoming ‘everyware’ (Greenfield 2006), it is embedded not only in the rhythms of everyday life, but also in the disruptions of the exceptional. Greater vulnerabilities, created by population growth, urbanization, and austerity, ill-equip societies for an increase in extreme weather and political conflicts in a 21st ‘Century of disasters’ (eScience 2012). They create a ‘new reality’ for emergency services, demanding increased efficiency with fewer resources and a less experienced but more technology-savvy workforce. In this new reality, digitally augmented practice presents new economic, social, political, legal and ethical openings (such as opportunities for more efficient and better coordinated response and deeper public engagement and dialog). But crises also reveal technological accentuations of ethical, legal and social challenges of, for example, an erosion of privacy and liberty, social sorting, digital divides and inequalities and are a perspicuous site for the study of dispositifs or societal topologies of power(lessness) in the face of disaster. Questions of technology should suffuse debates on emergency Ethics. The research undertaken by the BRIDGE project pioneers an interdisciplinary synthesis of philosophical, legal, policy, social science, IT ethics and design perspectives on disaster management and response. Building on a review of the state of the art of debates in philosophy, law, policy and research ethics, we argue that attention to questions of technology should not be a separate concern but suffuse debates on emergency ethics, law, policy and research. Insights from technology design communities in ISCRAM and CSCW can drive this. Three areas of socio-technical entanglements are particularly promising sites for a more integrated analysis and design. Existing research does not go far enough in considering how ethics is practiced, it neglects the emergence of new publics and modes of collective intelligence and collective action, and it butts against the limitations of a humanist perspective that fails to address the intimate entanglements between human and technology, which is more adequately addressed through a ‘posthuman’ research orientation and ethics. BRIDGE has developed a responsible research and innovation approach that integrates insights from these diverse fields. The law is a site of power for integration, but embedded solutions are needed. The law is one of the sites of power, where a strong impetus for a deeper integration of questions of technology can originate. However, a continuous aggregation of detailed, often reformulated rules has led to an accumulation of regulations, frequently exhibiting a poor overall structure. Equally problematic is the continuous vitiation of the legal language, following from a frequent use of ad hoc solutions, and the ever increasing complexity of piecemeal legislation. An additional problem is that legislation tends to become more and more voluminous and all such problems stemming from traditional jurisprudential efforts are well recognized in the field of Disaster Law. All this leads up to the conclusion that in an outlook for the future there is a need to include also new kinds of regulatory mechanisms, besides structural approaches. Traditional legislative efforts are likely to be complemented and augmented in various ways. Three such approaches deserve to be mentioned. Co-and self-regulation initiatives, embedded Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 8 of 161 solutions and pattern recognition. Radically careful and carefully radical design is needed. While the law provides impetus for integration of questions of technology, design explores the socio-technical opportunity space for answers. In the disaster-response related context of designing ‘solutions’ to address ecological crisis, Bruno Latour argues ‘We have to be radically careful, or carefully radical.’ (Latour, 2009, 7). We would say in informationalizing emergency response, we need to be both: carefully radical and radically careful, designing for radically more efficient and effective risk analysis, crisis planning, management and response, whilst carefully avoiding ethical, legal and social disasters, such as digital divides and a further spread of surveillance. Analysts, designers, and practitioners must not only take responsibility for (the inevitability of) ethical and wider societal implications of informationalizing emergency response with careful circumspection as a new reality takes hold, they must also formulate and pursue ambitious, perhaps radical socio-technical critique and creativity. We suggest a roadmap for research to develop studies that connect research in different subject areas and disciplines (ethics, law, practice, social science, philosophy, anthropology, organizational studies, design, computing), all with a view to informing more careful and circumspect, yet also ambitious and ‘radical’ ELSI aware socio-technical innovation. Into the open: Disclosive Ethics and ELSI Co-Design. The question is how to be more radical and ambitious in practice. The BRIDGE project team has developed an approach that combines ELSI analysis with co-design and ‘disclosive ethics’. Collaborative design or ‘codesign’ involves users in design, because ethical, lawful and socially responsible conduct evolves in relation to new ways of working, which, in turn, evolve around new technological potential. A range of theoretical and methodological approaches have been synthesized in the BRIDGE approach, including responsible research and innovation (Von Schomberg, 2013), collective experimentation (Wynne & Felt, 2007), value sensitive design (Friedman, Kahn & Boring, 2006), co-realization (Hartswood et al 2002) and ‘design after design’ (Ehn, 2008). The BRIDGE ELSI Co-Design approach responds to these debates and calls for responsible research and innovation. There are no ‘one size fits all approaches’ or checklists that can be easily adopted for this and there is a need for methodological innovation in how we might open up design processes to notice, account for and creatively address ethical, legal and social issues. Disclosive ethics is particularly useful as a methodology that reveals how details can turn into politics, so that ‘what seems to be a rather trivial injustice soon may multiply into what may seem to be a coherent and intentional strategy of exclusion’ (Introna & Wood 2004:179). The method proceeds by revealing where digital technologies are opaque and how their agency or functions become embedded in wider socio-technical contexts in ways that engender complex effects. Findings from Disclosure: Design for Design, Response- Even in a single organisation, for example, many tasks are collaborative and distributed and complex infrastructures that are necessary for collaboration to take place. When technologies are embedded in this, it is important to reflect not only on the collective actions during emergency response and their outcome, but also how technologies shape collective action. What are the Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration ability and Virtuous Practice Page 9 of 161 ethical implications of data sharing infrastructures and situational awareness technologies? How do they assemble emergency response units and are these ways of assembling desirable in terms of enabling effective response? What are (un-)intended effects? There have been many controversies both within ethics and sociology on questions of collective, technologically augmented agency and responsibility (e.g. May & Hofmann, 1992 Jasanoff, 1994), which reveal some of the limitations of legal and ethical traditions based on individual responsibility and call for more collective, organisational and socio-technical models of accountability. Can organisations or groups act? Can they collectively be responsible for actions? Communities, or even Nations, too? And if so, how are they to be held accountable? Every individual member? The leaders? The operators of a technology? And if the technology has adverse effects – will those who use it be blamed, those who procured it, or the developer team that made it? Does distributed action entail distributed responsibility? What about the technology itself in this? In Chapter 6 we develop an analysis of findings from the BRIDGE ELSI codesign and disclosive ethics approach, exploring a wide range if themes, covering ELSI opportunities and challenges, including transparency and design for accountable computing, reciprocity of perspective in distributed collaboration, emergent interoperability and trust. Collectively BRIDGE-ing for preferable futures We conclude with a review of open challenges and the way in which the BRIDGE project contributes to wider efforts to enhance the security of European citizens and the humanity of disaster planning, management and response in a context of increasingly frequent and severe crises. These challenges include security, privacy and the use of data for preventive security approaches. While these pose hard, if not ‘wicked’ problems to society that design cannot address alone, the BRIDGE ELSI Co-Design methodology provides means that can support collectives in addressing them through more carefully radically and radically careful socio-technical innovation. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 10 of 161 1 Introduction: Benefitting from Disruptive Innovation Economic pressures, increased frequency and severity of disasters, heightened vulnerability through ageing infrastructures and populations, coupled with a generation change in the emergency services are creating a ‘new reality’ for emergency services (Knight 2013, New York State Executive Budget 2014-15) A range of challenges and opportunities arise from this. There are various scenarios imaginable of how emergency response will be reformed and further developed in order to tackle the ever more frequent large scale emergencies in this 21 st century of disasters (eScience, 2012). The pressures combine with the potential of information technology in a particularly dynamic manner, engendering ‘disruptive innovation’, that is, innovation that transforms the social, economic, political, and organizational practices that shape this domain (Chesbrough, 2003). There is a need to increase efficiency, meeting higher demands with fewer resources and a less experienced but more technology-savvy workforce. In this new reality, enhanced community resilience presents new economic, social, political, legal and ethical openings. Digital urbanists, who inhabit the city ‘as a shared nervous system’, learning ‘to modulate … nearness and remoteness at once, both as individual passengers of the city and as social groups in emergence’ (Bratton, 2008), encounter crises with creativity. Necessity becomes ‘the mother of invention’ as new skills come together in new ways and people re-appropriate technologies to deal with the uncertainties and strains of disasters. Port au Prince, for example, was the birthplace of ‘digital humanitarianism’ (Meier, 2012). But the terrorist attacks in Mumbai (Oh et al 2010), the online witch hunt after the Boston bombings (Starbird et al, 2014; Tapia et al 2014), and the NSA surveillance scandal (Harding, 2014) show that there are many different kinds of digital urbanists, operating at different levels, with conflicting intentions. Crises allow observations of emerging forms of digital urbanism and panurbanism, reaching from studies of organized crime (304th OSINT Team, 2008), to analyses of securitization and militarization of urban living and implications for citizens and non-citizens (e.g. illegals, tourists, migrants) (Aradau & Munster, 2011; Graham, 2008), to research on collective intelligence and virtual operations support teams in disaster response (Hughes et al 2008; St. Denis et al 2012; Buscher et al 2014c;). Crises reveal technological accentuations of social inequalities and are a perspicuous site for the study of dispositifs of power(lessness) in the face of disaster. Further, crises are simultaneously exceptional while emerging from the everyday. They engender (a culture of) fear (Furedi, 2006), and demands for unprecedented use of digital technologies. This can disclose the sometimes fearsome capabilities of IT, the ideologies that underpin their mobilization as well as unintended consequences of their integration into the very fabric of urban living. The use of cloud computing to connect local authority, commercial and government information systems in the aftermath of the 2011 triple disaster in Japan, for example, has sparked widespread concerns over privacy (Katsumi, 2013), fears echoed around smart city integration with crisis management systems in Rio de Janeiro (Naphade et al 2011) and the use of drones in fighting wildfires in California (Back Country Voices, 2013; Halverstadt, 2014). This deliverable reports on our advances regarding the convergence of ELSI and collaborative design for emergency response. After this introduction, Chapter 2 provides an analysis of current debates within emergency ethics, law, policy and research ethics. Chapter 3 provides a legal perspective, arguing that methodologies that address the fast moving and embedded character of technology are needed. Chapter 4 explores motivations and methodologies for ‘Doing IT more carefully’. It is drawn from the introduction to a IJISCRAM special issue on Ethical, Legal and Social Implications in Emergency IT curated and edited by the BRIDGE team that presents a collection of studies into IT in emergency response and develops notions of the morality of technology and disclosive ethics. Chapter 5 delineates our methodological innovation in ELSI aware co-design. We report on explorations ranging from engagement with Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 11 of 161 the End User Advisory Board (Figure 1), to co-design sessions with end users and designers, expanding our domain knowledge through ethnographic fieldwork and the participation in several real world exercises. Chapter 6 focuses on ethical challenges and opportunities specifically related to the BRIDGE project, and the ways in which we have addressed them. Here, we provide a summary of our ELSI findings concerning the BRIDGE System of Systems. The report concludes with a brief outlook on what BRIDGE-ing for preferable futures could mean, hinting at possible, probably and preferable visions of safety and security futures, and ways of making IT better. Figure 1 Discussing emergent practices at End User Advisory Board meetings Framed by this introduction and a conclusion, this deliverable draws from a collection of conference and journal articles and book chapters that have either been published or that are being prepared for publication. They document key emerging practices and issues, pioneering new areas such as the ethics of socio-technical systems in crisis response, advances in disclosive IT ethics and ELSI aware co-design. We have published and presented these ideas in numerous publications as well as conference papers such as: Büscher, M., Kerasidou, X., Liegl, M. and Petersen Katrina (2015) Digital Urbanism in Crises. In: Kitchin, R. and Perng, S.Y Code in the City. London: Routledge. Kerasidou, X., Büscher, M. & Liegl, M. 2015: Don’t Drone? Negotiating Ethics of RPAS in Emergency Response in: Palen, Büscher, Comes & Hughes, (Eds.): Proceedings of the ISCRAM 2015 Conference - Kristiansand, May 24-27. Liegl, M., Oliphant R. & Büscher, M. 2015: Ethically Aware IT Design for Emergency Response: From Co-Design to ELSI Co-Design', in: Palen, Büscher, Comes & Hughes, Hrsg.: Proceedings of the ISCRAM 2015 Conference - Kristiansand, May 24-27. Büscher, M., Liegl, M., Perng, S.Y., Wood, L., Halvorsrud, R., Stiso, M., Ramirez, L. AlAkkad, A. (2014) Periphere Kooperation im Krisenfeld: Microblogging während der 22/7/2011 Anschläge in Norwegen. i-com. Zeitschrift für interaktive und kooperative Medien. Büscher, M., Liegl, M., Rizza, C. and Watson, H. 2014a: Introduction. Special Issue on ELSI in IT Supported Crisis Management, International Journal of Information Systems for Crisis Response and Management. (im Erscheinen). Büscher, M. & Liegl, M., Pern, S.-Y. 2014b: Privacy, Security, Liberty: ICT in Crises. In: Büscher, M. & Liegl, M., Rizza, C., Watson, H. (Eds.) International Journal of Information Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 12 of 161 Systems for Crisis Response and Management. Special Issue Ethical, Legal and Social Issues in IT Supported Crisis Management” Büscher M., Liegl, M., 2014c: Connected Communities in Crises. IEEE STC Social Networking E-Letter Vol.2 No.1 edited by Hermann Hellwagner, Daniela Pohl and Rene Kaiser. http://stcsn.ieee.net/e-letter/vol-2-no-1 Büscher, M., Liegl, M., Perng, S., Wood, L. 2014d: How to Follow the Information? Sociologica. Vol. 1, Doi: 10.2383/77044, Büscher, M., Liegl, M. and Thomas, V. 2014e: Social collective intelligence: combining the powers of humans and machines to build a smarter society. Miorandi, D., Maltese, V., Rovatsos, M., Nijholt, A. & Stewart, J. (eds.). Springer, p. 243-265. Wood, L.; Van Veelen, B.; Van Splunter, S.; Büscher, M. (2013) Agile Response and Collaborative Agile Workflows International Journal of Information Systems for Crisis Response and Management Vol 5(3), pp. 1-19. Al-Akkad, A., L. Ramirez, S. Denef, A. Boden, L. Wood, M. Buscher and A. Zimmermann (2013) Reconstructing normality: The use of infrastructure leftovers in crisis situations as inspiration for the design of resilient technology. Proceedings of the Australian ComputerHuman Interaction Conference (OzCHI'13), 25-29 November, Adelaiade, Australia. ACM. Of particular importance were the three panels on Ethical, Legal and Social Issues in Emergency Response that we organized at ISCRAM 2013, 2014 and 2015 and finally a special issue of the International Journal of Information Systems in Crisis Research and Management (IJISCRAM), a collection of conference papers from the 2013 and 2014 panel. Relationship to other deliverables The BRIDGE project aims to develop novel IT support for large-scale multi-agency emergency response (synthesized in D11.2 (2015), documented as a specification in D2.5 (2015) and detailed in technical deliverables from WP3-8). This is taking place in the context of significant changes to the socio-economic and regulatory background of emergency response services in Europe. In D12.1 Privacy Protection and Legal Risk Analysis (2012) we present an analysis of issues around privacy, privacy intrusion, personal data and privacy protection. In D12.2 BRIDGE Ethical, Legal and Social Issues: Current practices in Multi Agency Emergency Collaboration (2014) we describe current practices and pressures arising in the context of a growing informationalization of emergency services. Of particular interest in the report at hand are emergent practices of, and methodologies of designing for, ethically sound, lawful and socially responsible futures or ‘21st Century Emergency Response’. In the course of the BRIDGE project we have been able to discuss and observe such emergent practices and experiment with a range of methodologies. This report documents key insights from this process. The overall conclusion from our review of current administrative and legislative efforts in D12.2 is that common practices (internationally accepted and recognized by a large number of authorities in different sectors of society) are rare. The responsibilities and the operative management in states of emergencies vary between different jurisdictions and contexts. In this deliverable we examine these diversities further, focusing on how new technologies can support future practices that can bridge differences to foster ‘unity in diversity’ and effective, agile emergency response. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 13 of 161 2 Emergency Ethics, Law, Policy & IT Innovation in Crises This chapter provides a perspective on the Ashgate Library of Essays on Emergency Ethics, Law and Policy, based on a review written for the International Journal of Intelligent Systems for Crisis Response and Management. It focuses on information technology and innovation in crisis response and management. It expands on the review in the previous chapter through a more detailed focus on implications for IT development such as the system of systems innovation pursued in the BRIDGE project. This Chapter builds on BRIDGE Deliverable 12.2 Ethical, Legal and Social Issues: Current practices in Multi Agency Emergency Collaboration. It is co-authored by Xaroula Kerasidou, Monika Buscher and Michael Liegl. Abstract: Ethics, law, and policy are cornerstones for effective IT innovation in crisis response and management. While many researchers and practitioners recognise this, it can be hard to find good resources for circumspect innovation approaches. This paper reviews The Library of Essays on Emergency Ethics, Law and Policy (2013), a four Volume series edited by Tom D. Campbell, that presents a collection of 113 seminal articles and chapters on emergency ethics, law and policy, and emergency research ethics. Building on a selective summary overview of each volume, we draw out core themes and discuss their relevance to research concerned with the design and use of intelligent systems for crisis response and management. The series brings together important insights for IS design and organizational innovation, but there is a lack of attention to socio-technical dimensions of emergency response and management. We conclude by discussing research within ISCRAM and the related fields of science and technology studies and IT Ethics, showing that entering into a conversation would be a highly productive endeavour. Keywords: ELSI, Emergency Ethics, Law, Policy, Research Ethics, Information Technology. 2.1 Introduction Many information systems designers and practitioners care deeply about the ethics, law and policy of socio-technical innovation in the field of emergency response and management. IT innovation can, for example, create tensions between data protection, interoperability and transparency in crisis response organisations, prompting researchers to search for ‘privacy by design’ solutions to protect people affected by crises and crisis responders from intrusive data processing (Weber & Gustiené, 2013). At the same time, information technology can enhance responders’ capacity to address ethically problematic issues such as ‘role abandonment’ in the face of danger or overwhelming chaos (Noble, White & Turoff, 2014). These two recent examples of interdisciplinary engagement between IT design and enquiries into ethical, legal and social issues (ELSI) drawn from philosophy, psychology, anthropology and the social sciences highlight a deep mutual interest on the one hand, but also a need for more in-depth engagement with each other’s concerns and knowledge. The literature that could facilitate such cross-disciplinary insight has been scattered across multiple academic fields, making a comprehensive overview of issues and available research Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 14 of 161 difficult. Tom D. Campbell’s formidable effort to bring together seminal work in the fields of emergency ethics, law, policy and emergency research ethics has resulted in a two thousand page compilation of previously published articles and book chapters in four volumes as The Library of Essays on Emergency Ethics, Law and Policy (2013). This series brings together classic essays and more recent studies reaching from 1922 to 2012. In this review of the complete four volumes, we provide an overview of the series and summarise some of the key contributions to leverage insights for advanced research in ISCRAM. We review each volume in turn, followed by a short discussion of the relevance to innovation in IT supported emergency response and management. The article concludes with a discussion of selected work within the fields of ISCRAM, science and technology studies and IT ethics. The aim is to illustrate the potential of a deeper interdisciplinary dialog on matters of ethics, law and policy, building on The Library of Essays on Emergency Ethics, Law and Policy. 2.2 Emergency Ethics The first volume of the series on Emergency Ethics is edited by A.M. Viens and Michael J. Selgelid and includes 25 journal articles and book chapters which are organised in five parts: Part I, The Nature and Significance of Emergency; Part II, Ethical Issues in Emergency; Part III, Ethical Issues in Emergency Public Policy and Law; Part IV, War, Terrorism and Supreme Emergencies; Part V, Public Health and Humanitarian Emergencies. Contributions explore the nature and significance of emergencies, normative implications and a range of perspectives on the ethics of emergency response. The volume opens with a deeply philosophical and political debate, which is well worth patient consideration in relation to IT innovation, as we will show. Carl Schmitt’s famous statement ‘Sovereign is he who decides on the exception’ sets the scene, referencing his classic book Political Theology: Four chapters on the concept of Sovereignty, first published in 1922. Schmitt couples the concept of sovereignty with that of exception. According to him, exceptions require decisions to be made outside of the law, because: The exception, which is not codified in the existing legal order, can at best be characterized as a case of extreme peril, a danger to the existence of the state, […] it cannot be circumscribed factually and made to conform to a preformed law (Schmitt, 1985, p. 6/41). For Schmitt, only the sovereign, defined as ‘he who stands outside the normally valid legal system’, can declare an exception: ‘He decides whether there is an extreme emergency as well as what must be done to eliminate it’ (p. 7/5). An influential but also controversial figure in emergency ethics scholarship whose work underpinned the spread of National Socialism in Germany, Schmitt sets off one of the key debates that runs through the whole series. Both Michael Walzer in ‘Emergency Ethics’ (2006) and Tom Sorell in ‘Morality and Emergency’ (2002) side with Schmitt in entrusting the head of state with the authority to declare an emergency as a state of exception and to suspend constitutional laws in order to effectively 1 Quotes are indexed by two page numbers. The first number corresponds to the page number in the original publication while the second refers to the page number in the Ashgate books. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 15 of 161 respond to it. Walzer (2006) argues that in cases of ‘supreme emergency’ - a concept first used by Churchill in the face of the threat of Nazism, and defined by Walzer as a situation when ‘our deepest values and our collective survival are in imminent danger’ (p. 33/337) – governments and political leaders should be able to do whatever is required, even if immoral, to confront the danger and ensure the survival of the political community. Sorell (2002) also argues that extraordinary situations warrant extraordinary uses of power. He defines an emergency as ‘a situation, often unforeseen, in which there is a risk of great harm or loss and a need to act immediately or decisively if the loss or harm is to be averted or minimised’ (p. 22/16). Sorell makes a distinction between private and public emergencies and in the case of the latter he particularly singles out what he calls the ‘more extreme’ or ‘general’ public emergencies, such as ‘an unexpected and overwhelming all-out military attack’ (p. 26/20). In these cases, Sorell argues, the threat to be ‘sucked into’ a moral black hole, a free-for-all breakdown of moral and social order, is so ‘repulsive’ that it provides enough justification for those to whom we delegate the responsibility of managing the emergency to use extraordinary powers. Other ethics scholars (Coady, 2004; Ignatieff, 2005; Sandin and Wester, 2009; Statman, 2006) challenge the view that a state of exception should place state and society outside normal law. While Schmitt (1985), Walzer (2006) and Sorell (2002) acknowledge the dangers entailed in granting the state exceptional powers, and still make the case for the right of governments and heads of state to suspend constitutional rights in situations of extreme emergency, contributors such as Ignatieff (2005) and Coady (2004) bring concerns to the foreground. In ‘The Ethics of Emergency’ (2005) Ignatieff opens with the question: If laws can be abridged and liberties suspended in an emergency, what remains of their legitimacy in times of peace? If laws are rules, and emergencies make exceptions to these rules, how can their authority survive once exceptions are made? (p. 25/301) Ignatieff reviews the history of emergency legislation in the U.S. and shows that ever since Abraham Lincoln suspended habeas corpus – the right to be protected from unlawful imprisonment – and other liberties during the American Civil War in 1863, this has been used to justify suspensions of rights in other emergencies. Citing examples such as when the Bush administration used military tribunals to try terrorists rather than putting them through the federal court system, the author concludes that exceptions can set dangerous precedents and argues for the importance for liberal democracies to uphold the rule of law and their commitment to rights in times of safety and danger alike. Coady (2004) picks up on a different problematic. He accuses Walzer of ‘pro-state bias’ and challenges the latter’s position on the category of supreme emergency arguing that not only is the concept ‘too opaque’ and ‘open to diverse interpretations’, it also ‘dangerously opens the door to the identification of the state’s survival with that of its political leadership’ (p. 781/366). Defining terrorism as ‘the organized use of violence [either by state or non-state actors] to attack noncombatants or innocents […] or their property for political purposes’ (p. 772/357), Coady argues that there is no justification for ‘exceptions’ for anyone - be they terrorists, revolutionaries, or the state itself. A different challenge comes from Sandin and Wester’s contribution ‘The Moral Black Hole’ (2009). Using empirical research, the authors refute the commonly held belief that in situations of emergency the danger of a complete breakdown of moral order, opening a moral black hole, is so great that it makes the use of extraordinary powers justifiable. Debunking what they call the ‘myth of looting’ or similar fears of panic flight, price gouging and generally selfish behaviour in crises as unsubstantiated, the authors challenge not only Sorrell’s position, but more importantly the ways that such pervasive myths inform emergency policy. As they write: Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 16 of 161 The myths that looting, panic and disruption of social values are common in the wake of disasters are persistent, even though little empirical evidence is to be found to support them. […] these myths are troublesome in many ways, but primarily because they influence emergency planning and management. (p. 297/81). Using examples such as Hurricane Elena which struck Gulfport, Louisiana in 1985 and the more recent Hurricane Katrina, Sandin and Wester (2009) make the case that such myths can result in valuable resources being misallocated to prevent looting and reduce crime rather than to save lives. Other contributions in the volume also focus on the complex relationship between ethics, law and policy and explore how ‘necessity’ on the ground can shine a different light on issues such as legal acts or moral rights (Wigley, 2009). Green (2007) focuses specifically on the act of looting and argues that it constitutes a ‘uniquely complex crime type’ which can be shaped by diverse factors such as racial discrimination, wealth and social inequalities or even the media which, as cases such as Hurricane Katrina have demonstrated (see also Tierney, 2006), not only make looting more visible but also frame it in particular and potentially problematic ways. Identifying a continuum between “good” and “bad looting” which spans from heinous predatory cases to case of pure necessity, Green (2007) argues that its moral content operates on an extraordinarily wide spectrum and highlights the need for such moral complexity to be appropriately accommodated in law. At the root of these debates are basic moral questions about whether there are situations when our normal moral standards should be suspended or overridden by “what needs to be done”. These questions are captured in the long-standing tensions between key schools of moral thought such as deontology – the ethical position that requires us to follow certain moral principles regardless of the results; consequentialism – the ethical position where good results for the greatest number are the most important moral criterion implying that in certain circumstances the end can justify the means; and, threshold deontology – a form of deontological ethics, which accepts that moral obligations hold up to certain thresholds, while under extreme circumstances exceptions are possible. Contributors such as Zack (2009), Alexander (2000) and Ripstein (2005) explore the tensions between these different moral theories. Particularly interesting here is Harel and Sharon’s (2011) contribution. Using cases such as a recent decision by the German Federal Constitutional Court to declare a provision of a new anti-terrorism law that allowed the shooting down of a plane unconstitutional, the authors demonstrate how these old philosophical debates between different schools of moral thought are played out anew in the numerous policies and measures that have come to light in the wake of the 9/11 attacks. On this basis, the article raises timely questions such as, ‘[d]oes the threat of mass suffering and death justify torture, pre-emptive strikes, invasion of privacy, rendition, and other violations of fundamental rights?’ (p. 846/180). In response, Harel and Sharon argue that any violations of our moral standards in cases of emergency should not be governed by rules or principles, but guided by particular context-dependent judgements. Demonstrating the ambitious breadth of the series, this volume also includes controversial contributions that push the limits of ethics and legality such as Ayn Rand’s argument for the virtue of selfishness (1963) and Zwolinski’s (2008) libertarian account on the ethics of price gouging. The last part of this volume focuses on public health and humanitarian emergencies and explores questions such as: how much investment of time, energy and resources are morally required in order to prepare for and respond to emergencies, and how should costs and benefits be distributed? The contributions range widely in topics and stances from discussions on the human rights implications of the growing trend towards viewing public health emergencies as security threats (Murphy & Whitty, 2009) to the inter-generational impacts of climate change Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 17 of 161 (Gardiner, 2004) and the tensions between development aid versus emergency aid (Rubenstein, 2007). Contributions which make a strong case for a global sense of moral responsibility for an equitable distribution of resources and costs (O’Neill, 1975; Singer, 1972) butt against provocative contributions, such as Hardin’s controversial stance against overpopulation and the failures of charitable world food banks (1974). Debates on what is an emergency, who has the authority to define it and which emergency measures are justified in which situations are important to the ethics of IT supported multiagency emergency response, making this volume a valuable resource for IT designers and information systems practitioners. IT design should be informed by these debates, because decisions about the nature and characteristics of an emergency are increasingly taken with the help of information systems and the emergency agencies’ capability to assess the urgency, scale, severity, and future course of an emergency play an important part. This adds significance to the ethical requirement that Emergency Management Information Systems (EMIS) (Turoff et al, 2004) and associated information systems, such as remotely piloted aircraft systems (Kerasidou et al, 2015), mobile live video (Bergstrand & Landgren, 2009), e-triage systems (Ellebrecht & Kaufman, 2015) or social media (Vieweg et al, 2010) should support a rich dynamic risk assessment and risk communication in order to produce an as accurate as possible ‘situation awareness’ (Endsley, 1995). Moreover, the ethical debates presented in this volume can further sensitise IT practitioners on the fact that Emergency Management Information Systems can not only influence emergency response in direct ways such as by extending surge capacity, maximizing availability of services, and enhancing risk communication. They can also complicate, intentionally or not, adherence to core ethical principles such as non-maleficence and beneficence (do no harm). Examples range from challenges to respect for human dignity and privacy, and distributive justice (equal access) (Jillson, 2010), through the Pentagon’s Defense Science Board (DSB) call for a new Tracking, Tagging and Locating or TTL ‘Manhattan Project’ (2004) of global mass surveillance (in Crang & Graham, 2007; Büscher et al, 2013) to ubiquitous healthcare systems which utilize personal digital devices and wearable bio-sensors to continuously monitor individual’s health status and record sensitive personal information (Brown & Adams, 2007). The variety of impacts illustrates how far-reaching and important the ethical debates raised by this volume are and can help to sensitize designers, prospective users and policy-makers to ethical impacts – good and bad – that technology might contribute to in crisis management. 2.3 Emergency Law It might not come as a surprise that the second volume of the series on Emergency Law also starts with the influential and controversial figure of Carl Schmitt, signalling both the overlapping histories and intimate relationships between Law and Ethics in liberal democracies. The volume is edited by Saskia Hufnagel and Kent Roach, who along with a comprehensive introduction and conclusion have put together 18 articles and chapters from a growing area of scholarship in emergency law. The volume is organised in five parts: Part I, The Evolution of Emergency Law; Part II, Emergency Law and the Interaction with Military Law; Part III, Emergency Law and Disaster Response; Part IV, Emergency Powers and the ‘War on Terror’; and Part V, All Risk Emergency or Case Specific Regulation. Despite the long history of emergencies and the long-standing theoretical debates on the legality of emergency and exception, emergency law is an area of legal studies that cannot easily be delimited. For a long time, issues related to disasters have been addressed separately in a variety of legal contexts (Governmental Law, Criminal Law, Insurance Law, etc.) by all sorts of different legal instruments (constitutional rules, laws and ordinances, memoranda, etc.). For IT Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 18 of 161 supported emergency management this diversity is challenging. As any new tool would need to comply with existing legal frameworks as well as identify problems and opportunities for legal reforms, a review of the state of the art in disaster law research is highly instrumental. This volume is a solid attempt to put together a comprehensive overview of work which highlights the successes and pitfalls of emergency legal regulation from a comparative international perspective, thereby also constituting a useful resource for practitioners in IT innovation who work across different legal frameworks In order to understand the tensions between balancing constitutional principles and effective state responses in emergency situations, an understanding of the background history and philosophy of emergency powers and the dangers involved in finding the right balance is necessary. The first part of the volume offers exactly this. While each article adopts a different perspective, together the first three chapters by Dyzenhaus (2005), Zuckerman (2006), and Ferejohn and Pasquino (2004) provide an overview of the philosophical debates that surround the development of the concept of ‘emergency law’ and the present state of the debate. Through this work, the reader is introduced to the main paradigms of emergency law, such as a - - Monist position, which rejects the idea that emergencies can ever justify any exception to the ordinary scheme of governance; a Dualist position, which advocates the construction of a legally authorized space of discretionary power in ordinary law, designed to guard against a breakdown of the norm/exception dichotomy; a Schmittian position: as we saw before, this promotes the view that an exception should exist outside of the law, exempting the state from normal moral judgement during an emergency. By drawing together a set of landmark discussions on these positions, the volume demonstrates that despite the long history of emergencies, the field of emergency law has gained particular traction since the events of 9/11. Following the terrorist attacks and the subsequent declaration of a “war on terror”, the relationship between disaster law and the law at normal times has been constructed as governed by tensions, or even incompatibilities, between security and human rights considerations. As we will see, this is a tension that runs through most of the contributions. After starting with a chapter that focuses on the deployment of the military in international armed conflict from a US perspective (Tushnet, 2003), Part II moves on to the more contentious matter of the role of the military within national boundaries, an issue which, as the editors write, ‘has triggered the constitutional rights debate first and foremost’ (Hufnagel & Roach, 2013, p. xiii). The chapters by Scheppele (2006), Dougherty (2008) and Head (2009) provide a comparison between Canada, USA and Australia with regard to the deployment of the military in emergencies - these are three legal systems which although having the same British legal heritage, have developed very different approaches. Particularly interesting here is Scheppele’s chapter (2006), which traces the parallel constitutional histories of Canada and the USA for most of the 19th and 20th century until the 1970s when the two countries chose different paths. Scheppele brings these differences in focus as she compares the reaction of both nations to 9/11. While Canada reacted with a moderate use of exceptional powers reflecting the nation’s recent constitutional revolution which attempted to bring the use of emergency powers within constitutional control, the US ‘plunged into more extreme uses of emergency powers’ (p. 213/131) demonstrating that it still fundamentally operates under the old ‘martial law’ framework inherited from Britain. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 19 of 161 The significance and implications of the US’s attitude towards the use of emergency powers were felt, and continue to be felt worldwide, long after the events of 9/11, when President George W. Bush declared a “global war on terror” allowing him to assert extraordinary constitutional powers and then invoke an all-powerful commander-in-chief clause of the U.S. Constitution for justification of these powers (Scheppele, 2006, p. 234/22). Considering that it broadens the concept of war, blurs the boundaries between legitimate or illegitimate use of extraordinary powers, and leaves open the question of the role of the military on domestic territory, it is no surprise that the “war on terror” has attracted considerable attention from legal scholars. Scheuerman (2006), Ackerman (2004) and Levinson (2006) give the reader an idea of the on-going debate that surrounds the “war on terror” as they provide a critique from their own perspective of the US’ Schmittian approach and make their suggestions on how a balance between emergency powers and democratic control can be achieved, while contributions by Bronitt (2008) and Hufnagel (2008) provide an international comparative perspective on these questions. Specifically, Scheuerman (2006) argues that neither a Schmittian approach to emergency power, nor other approaches which start from an anti-Schmittian thesis and attempt to synthesize emergency power and liberal democracy, holds up to scrutiny as neither pays much attention to the executive. According to him, the liberal democratic executive represents the most important site for the actual exercise of emergency government and so closer attention to its overall political and constitutional structure is needed (p. 79-80/301-2). Ackerman (2004) is also critical of the US’ approach and raises alarm bells about a descent into ‘a repeated cycle of repression’ (1030/308). In his article ‘The Emergency Constitution’ (2004), the author proposes a formal framework he calls ‘the supramajoritarian escalator’, which gives power to the executive ‘for the briefest period – long enough for the legislature to convene and consider the matter, but no longer’ (p. 1047/325), in an effort to ensure democratic control over emergency power. Questions regarding emergency powers and the role of the military are not restricted to cases of terrorism but also concern civilian emergency situations like natural disasters. Resonating with Sorrel’s fear of a moral black hole, such questions include rather simplistic references to the ‘heroic’ image of the military asking, if natural disasters bring about violence and looting in people’s struggle for survival, or if criminals take advantage of disasters, what means can the military use in order to uphold social order? Also, what happens when the chains of command become unclear affecting the interaction between agencies? In his essay, Dougherty (2008) uses the Hurricane Katrina disaster to examine military involvement for humanitarian purposes. From his examination, he concludes that the Posse Comitatus Act - which prohibits the use of the standing military to execute laws - was misleadingly used as an excuse for the government’s failure to respond to the disaster (Samek, 2006 also reaches a similar conclusion) and argues that ‘the government ought to focus its energies on fixing communication channels and emergency operation plans so we do not have a repeat of the Katrina disaster’ (Dougherty, 2008, p. 147/193). The call for better support for communication continues when, from different disciplinary perspectives, Manuell and Cukor (2011), and Waugh and Streib (2006) highlight the need to embed legal considerations in broader analyses of the possibility and the necessary conditions for lawful conduct for effective emergency management. Manuell and Cukor (2011), both academics in the field of emergency medicine, discuss how compliance with emergency laws concerning evacuation and quarantine can be achieved and point to effective risk communication, transparent instructions, preparedness and education as key factors. Coming from a policy perspective, Waugh and Streib (2006) point out a conflict of cultures in US emergency management between the co-operative culture at the practitioner level clashing with Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 20 of 161 the hierarchical approaches imposed by federal agencies, hence leading to problems of communication and co-operation. The debates in this volume focus on the challenges of balancing liberal values with increased demands for security, and the effective collaboration between different agencies with sometimes overlapping or even conflicting regulatory frameworks. These are issues which are central for practitioners of IT innovation in emergency response and planning, making this volume instrumental in providing background knowledge, orientation but also an international comparison for IT system designers who need to address global markets and navigate, translate and support different legal frameworks. At the same time, the volume creates an opportunity to move beyond an understanding of security and human rights as incompatible. As we will discuss later, this is an opportunity that IT innovation can seize through integrating the perspectives represented in this series with related research in science and technology studies, collaborative design and other approaches. 2.4 Emergency Policy The third volume is edited by Timothy Legrand and Allan McConnell and brings together a collection of 26 papers around the theme of Emergency Policy. This is an area which encompasses all aspects of governmental or public sector response to emergency, either on an operational level (focusing, for example, on emergency planners, risk assessors and emergency services responders) or what the editors call, a ‘political-strategic’ level where issues such as the meaning of “crises” and the implications for existing policies are considered (2013, p. xvi). The volume is organised in four sections - Prevention and Planning, Acute Response, Recovery and Learning - what in the literature is termed the ‘cycle’ of crisis and emergency management (see, for example, Hiltz et al, 2010, p. 4). Yet many of the chapters of the volume do not fall strictly within these four phases/categories; an observation which illustrates one of the key points that the editors highlight, namely that, crisis and emergency management is a tough task. It is not a ‘rational’ process (although there may of course be rationality involved) where clear goals are plotted out and the pros and cons of differing evidence-based solutions can be weighed up in deliberative and time-rich environments (Legrand & McConnell, 2013, p. xvii). A challenge against compartmentalisation emerges as a key theme not only from the structure, but also the contents of this volume, as we shall see. A number of the contributions proclaim the changing nature of emergencies in a globalised “new world” which is characterised by an ‘ever increasing interrelatedness and interdependence’ (Boin & Ekengren, 2009). These contributions talk about new forms of transboundary risks and crises which can quickly spread across geographical borders and policy boundaries (Ansell et al, 2010; Boin & Ekengren, 2009; Lagadec, 2009; Rosenthal, 2003; Williams, 2009). Ansell et al (2010) identify three key dimensions in describing the transboundary nature of disasters, asking whether: (i) crises cross political and territorial boundaries, (ii) they cross functional boundaries threatening multiple life-sustaining systems, and finally, (iii) they transcend time boundaries, hence resisting a welldefined beginning and end. Lagadec (2009) raises the urgency by claiming that we currently live within a ‘new cosmology of risk’ which marks a break from the past into uncharted territories and ‘new frontiers’ where one finds a ‘hypercomplex’, ‘unintelligible’ and ‘chaotic’ world. So much so that the author proclaims that ‘looking back is not an option’ and calls, as the title of the paper puts it, for a ‘radical shift in paradigm and practice’. Others take a different view. Instead of seeing breaks and paradigm shifts, they see continuities, connections and long-evolving histories. Brändström et al (2004) reject the view that the crises Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 21 of 161 of the 21st century are somehow unique in their nature and, in contrast to Lagadec (2009), urge us to rethink their nature by ‘look[ing] back’. Or, in other words, they broaden our understanding of the role that history, historical analogies and memory play in contemporary governance and emergency management. Brändström et al (2004) argue that while events such as the attack on the WTC and the Pentagon were unprecedented, the challenges that such events pose to communities and policy-makers are not unique. While acknowledging some new challenges, Boulden (2004) also recognises that talks of blurred boundaries and accelerated interconnectedness between states, which bring both hopes but also threats, were prevalent already in the early days of the post-Cold War period. The author notes that networks of international crisis mechanisms geared towards crisis response are already in existence (UN, OCHA, IHP, etc.), and argues that a new kind of response might be needed to address the ‘multidimensionality’ of crises which causes the system to be stressed not only at one but a variety of resource and decision-making levels (p. 806/130). O’Dempsey and Munslow (2006) go even further and place globalisation and the interconnectedness of states in a historicalpolitical context that stretches back to the post-war era, tracing it through the histories of colonialism, the Cold-War and post-colonialism. Klein and Smith (2008) and Pyles (2011) also bring to light the importance of framing crisis in particular ways. The authors identify an insistence on “newness” (‘new frontiers’, ‘new crises’, ‘new paradigms’) as an inherent characteristic of neoliberalism which ‘constantly strives to expand into new markets and to do its work with results-driven efficiency’ (Pyles, 2011, p. 176/327). According to Klein, this translates into post-disaster responses which she describes as the ‘scorched earth’ or ‘starting from scrap’ model, using Iraq as an example. But this is not the only option. Using the example of the Workers’ Movement in Argentina, Klein talks about a ‘whatever's left, whoever's left, patch it together and start from there’ model. A sort of tinkering, but profoundly democratic, model which saw the Argentinian workers going back to closed factories, dusting them off and getting the machines back to work, this time for themselves (Klein and Smith, 2008, p. 587/292). Similarly, Pyles (2011), Ingram et al (2006), Telford and Cosgrave (2007), and Snider (2004) make a case for alternative, sustainable and socially transformative solutions. Specifically, Pyles (2011) uses the case study of a post-Katrina community-based project to argue that international NGOs operate within a neoliberal climate which seeks ‘quick fixes’ and enables practices that perpetuate injustice. The author argues for a transformative/sustainability approach to disaster recovery which is premised on principles of democratic engagement and leadership development. […] compatible with a transformative approach to community organizing and development which strives for social change [and] work[s] in true partnership with indigenous community leadership […] Such a transformative/sustainability approach is also always an anti-oppressive approach whereby recovery methods create a space to actively confront ways in which social hegemonies (such as racism, sexism, and classism) operate, striving for transparency and accountability in practice (pp. 176-7/327-8). While mapping the differences in how the nature of crisis is defined and understood might appear a theoretical pursuit of little practical importance, this volume succeeds in making evident how definitions, and language more broadly, matter as they shape how emergency diagnosis and response take shape on the ground. In other words, the operational level of policy management is tightly linked with the political-strategic level concerned with the definition and meaning of “crises”. So, for example, Boin and Ekengren (2009) make the case that we live in a world risk society which poses threats to national safety and security. On that basis, they call for a ‘new security paradigm’ which will see the European Union assume a supranational and newly emerging security role. Other contributions focus on the interaction between the local and the global, calling for a broadening and enhancing of local government capabilities within a Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 22 of 161 globalised context (Jarman et al, 2000), they explore the need for new multilateral governance structures that will operate on an international level (Boulden, 2004), or make the case that within crisis research a crisis is no longer seen as an event that can be easily demarcated but as a process whose very identity may change over time. On that basis, Rosenthal (2003) argues that traditional models of crisis management which operate on a response-recovery basis will need to be revised in order to cope with the ‘inconceivability’ of future crises. However they might conceptualise crises, most authors acknowledge the complexity of working across boundaries - be they operational, institutional, geographical, cultural or political – as it encompasses challenges which range from fragmentation of response and ‘organisational silos’ which result from a reluctance to share information across agencies and non-governmental actors (Boin & Ekengren, 2009; Galaz et al, 2011; Williams, 2009), to reluctance of nationstates, or organisations to cede authority in key areas to other states or institutions (Boin & Ekengren, 2009; Boulder, 2004), to political challenges in establishing common understandings of crises. On the political end of the spectrum we find O’Dempsey and Munslow (2006), who write about ‘complex political emergencies’, namely situations of intra-country armed conflict, often combined with a ‘natural’ trigger mechanism such as a drought, tsunami or a hurricane. Grounding the debates of the two previous volumes of emergency ethics and law through examples from Angola, the Democratic Republic of Congo and Sudan, which they locate in their post-colonial context, the authors make the case that complexity is nothing new. Instead, it is an inherent characteristic of already existing and long-established institutions which has long been making the international community ‘profoundly uncomfortable’ (2006, p. 502/222). The authors illustrate their argument with examples such as the UN’s mandate to respect national sovereignty and intervene only when it is invited to do so by a particular government, even if that same government is the one contravening international law. On the operational end of the spectrum, Ansell et al.’s contribution (2010) is particularly interesting. Arguing that the nature of crises is becoming increasingly transboundary, the authors investigate the administrative mechanisms that are needed to deal with the challenges that they pose. Drawing from organisation theory and public administration and disaster management research, they identify a need for four boundary-spanning capacities: distributed sense making; networked coordination; surge capacity and formal scaling procedures. This volume is broad, multi-faceted and ambitious. It covers much ground and brings together many different perspectives and approaches, including a valuable conclusion from the editors themselves. Particularly impressive is how the editors seek to push the boundaries on what constitutes a “policy issue” by including contributions such as those by Williams (2009) and Klein and Smith (2008). The former presents a ‘post social’, or relational approach that acknowledges that emergency management and research deal with phenomena beyond humanist conceptions of instrumental reason and control. The latter offer a very different approach to understanding disaster; not as something “unexpected” or “inconceivable” which needs to be managed through effective policies when it happens, but as something which is intentionally sought out for economic benefit (‘disaster capitalism’), and followed by a ‘policy tsunami’ whose role is to push a programme of privatisation and deregulation. Also, the volume is instrumental in revealing how important, yet challenging, it is to establish common understandings of crises. It highlights the role that the media play in framing disasters in specific ways (Robinson, 2000; Rosenthal, 2003; Zoeteman et al, 2010) while it also attempts to illuminate complexities at an operational level and discuss the role that technologies play in the ‘art of sense making’ and the different approaches to coordination such as control and command versus bottom-up approaches (Ansell et al, 2010). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 23 of 161 Information technologies engender positively and negatively disruptive innovation (Chesbrough, 2003) at both operational and strategic policy levels, and their design is shaped by policy decisions at these levels. A few issues raised in this volume are particularly pertinent for IT design and designers. The need for non-compartmentalised, transboundary and multidimensional emergency response and management expressed in these policy debates resonates strongly with the capabilities of information technologies. Technologies can support distributed sense-making, networked coordination, expand surge capacity and augment formal scaling procedures, highlighting that innovation can effectively address real world concerns and needs. It is thought-provoking to consider that the same kinds of technologies that can be used to support such agile response, may also be used to support ‘disaster capitalism’. At the same time, the debates about enduring histories chime a note of caution. While many IT designers assume that more information and better means of sharing it will allow radical shifts in quality and efficiency, the longstanding histories of information and sense-making practices may be more powerful than it is often acknowledged, constraining the actual utility of new technologies unless attempts are made to accommodate historical and practical continuities. Finally, the analysis of the material impacts of discursive policy efforts entails lessons about how the discursive dimensions of IT ontologies, databases, inventories and expert systems can make politics through categorisation in and through technology, with complex unintended consequences. 2.5 Emergency Research Ethics The fourth and most extensive volume of the series is edited by A. M. Veins and brings together an impressive collection of 46 articles from the field of research ethics which deals with ethical issues of research involving human participants in emergencies. The medical disciplinary heritage of the field is strongly reflected, with the majority of chapters focusing on medical emergencies, both private and public, with a few others providing a broad overview of ethical issues that can arise when researching, as well as responding to complex humanitarian emergencies, using case studies such as the Asian Tsunami, and the wars in Lebanon and Liberia. Research ethics as a modern field regulated by international codes came about after the historical abuses of research on captive populations in World War II, yet the first National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research was created only in 1974 in the U.S. after a series of domestic medical research scandals which involved groups such as elderly patients, institutionalised children, and poor black men. According to Levine (2004), this resulted in research coming to be seen as a risky and potentially exploitative enterprise which needed to provide protection to its participants as a way of offsetting these dangers, hence creating a tension within the field between researchers and the participating “human subjects”. This is a highly productive, yet deeply humanistic, tension which, as we will see, runs through the whole volume and positions it as a catalyst for developing valuable insights about the politics of research across disciplinary boundaries. The first part of the volume focuses on consent; a concept which became central as it provided a way of contributing to the protection of participants’ autonomy as individuals. However, during times of emergency the decision-making ability and hence the ability to provide fully-informed consent is either impossible (for example when the patient/participant is unconscious) or questionable (for example in cases of disaster research, as examined by Rosenstein (2004), when the voluntariness and capacity of the victims to participate is debatable). In such cases, the possibilities of using legal representatives or “proxies” come to the fore. Echoing in more practical terms the key ethical dilemmas as explored in the first volume of Emergency Ethics, one main question that arises in emergency research ethics is whether there are exceptional Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 24 of 161 cases within emergency research which would render ethically permissible the waiver of consent for the benefit of research and society at large, and, if yes, how such cases should be regulated. Booth (2007) and McCarthy (1995) examine these questions from a European and American perspective respectively, pointing out the ambiguity of existing regulatory frameworks. Fost (1998) points out that informed consent is neither necessary (as it can be substituted by that of representatives when the patient is unconscious) nor sufficient for ethically and legally responsible research (Nazi experiments, for example, would still be impermissible even if consent was granted), and so it shouldn’t be seen as an end in itself. Instead, it is a means, an instrument with several versions (such as “proxy consent”, “implied consent”, “waived consent”, “presumed consent”) designed to protect the participants from harm while preserving their autonomy and self-determination (p. 183/51) and so it presents us with several practical challenges. On the issue of obtaining proxy consent, McCarthy (1995) asks whether it is feasible to obtain informed consent from legally authorized representatives of subjects who are incapacitated considering the time and emotional pressures of such situations. Secondly, he questions whether this approach introduces inequity into the research that violates the principle of justice: Experience has shown that it is far more difficult to locate persons qualified and willing to serve as legally authorized representatives for economically deprived and minority patients than it is to locate surrogates for middle class white patients (p. 160/28). While the concept of consent focuses on the decision-making capacity of an individual to maintain their autonomy and self-determination, the concept of vulnerability has a more collective function, granting members of a vulnerable group special consideration and protections (explored in part III). In some cases, such as in emergency and critical care medicine situations, assigning the status of vulnerability is straightforward and the challenge lies in how to address problems that arise from the fact that the line between patient and participant is blurred (explored in part II). In other cases, the question of vulnerability appears more contentious. Levine explores the history of vulnerability and the different meanings it takes in biomedicine, social science and mental health research, and concludes that it is an extremely elastic concept. This means, according to Levine (2004) and Fleischman and Wood (2002), that research that involves trauma- and disaster-affected populations should be subject to even more intensive review in order to prevent oversampling and redundancy, and to ensure that victims are treated sensitively and are not at risk of being pressurised, “exploited”, or re-traumatized as a result of their participation in research. Yet, the concept of vulnerability seems to be surrounded by controversy in the field of research ethics about whether labelling a population or a group as vulnerable may be pejorative, an overgeneralisation, or even potentially stigmatizing (Levine, 2004; Fleischman & Wood, 2002). Levine (2004) writes that the concept has rightly emerged as a response to the dark history of medical research, yet it appears that it is based on [a] fundamental assumption [which] underlies the modern history of research ethics: certain categories of people are more likely than others to be misled, mistreated, or otherwise taken advantage of as participants in research studies. (p. 396/116). In this quote, the power issues that run through the heart of research ethics are brought to the foreground. Aside from providing protection, the concept of vulnerability can also be seen as a way of undermining the power, autonomy and self-determination of certain individuals, groups Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 25 of 161 (a case, as Levine (2004) writes, most forcefully made by people with HIV/AIDS (p. 399/119)), communities, or even countries, further crystallizing long-standing histories of colonisation, inequality and exploitation (Levine, 2004; Fleischman & Wood, 2002; Citraningtyas et al, 2010; Hill, 2004; Zwi et al, 2006). As part IV explores, such issues become even more heightened in situations where the need to engage with “the community” is stressed and the importance of public perception comes to the fore, hence raising the issue of the ethics and politics of participation, but also questions such as, “which communities benefit?” (Calain et al, 2009). In 1996, the U.S. Federal Regulations changed permitting an exception from informed consent for certain studies in emergency settings as long as certain conditions are met, one of which is “community consultation” (see Dickert & Kass, 2009; Ragin et al, 2008). According to Lecouturier et al (2008), in 2004 a similar European Union Directive became law across Europe, and Canada and Australasia also have similar legislation. These changes not only provided the potential for clinical research in emergencies, such as stroke or sudden cardiac arrest where acquisition for informed consent is impossible, to go ahead (Dickert & Kass, 2009), but also shed light on the fact that, as Lecouturier et al (2008) put it, ‘to date [2008] the views of patients and the public, [i.e. those who ultimately may be the most affected] have not been considered when developing research legislation (p. 3/177). Dickert and Kass (2009) present a qualitative study that seeks to address this gap in the research ethics literature. Their study sought the views of survivors of sudden cardiac death on the controversial issue of emergency research conducted under an exception from informed consent (EFIC). Interestingly, their findings indicated a broad acceptance of EFIC research hence demonstrating the ‘potential for valuable input from patients regarding complicated and ethically challenging issues’ (p. 183/165). At the same time though, the changed regulations created further confusion since, as Ragin et al (2008) put it, the federal agencies did not provide a clear direction for what counts as “communication”, how to conduct “community consultation”, or even ‘who is the “community”’? As Richardson et al (2006) and Dickert and Sugarman (2007) also argue, there are real difficulties in identifying a relevant community and interpreting and implementing community consultation, so much so that these difficulties have become a real hurdle in the area of research in emergency settings making this issue ‘perhaps the greatest controversy’ in emergency research (Dickert & Sugarman, 2007, pp. 159-160/235-6). For the authors, this highlights the importance and need to better understand how to identify, involve, and notify relevant populations. Similar debates arise in the context of public health and complex and humanitarian emergencies. The contributions in the two final parts of the volume identify and discuss challenges in conducting research in situations of public health emergency, such as acute-epidemics, humanitarian emergencies, conflict settings and post-emergency situations. These are situations whose highly volatile nature raises procedural challenges for the ethical review of research projects. But they are also situations where research runs the risk of being seen as a luxury which diverts important, yet scarce, resources from the saving of lives. Pringle and Cole (2009) seek to address the question of the balance between risks and benefits by stressing that research ethics in complex humanitarian emergencies should not come at the expense of humanitarian action but should be in fact informed by it; that is, adhering to the humanitarian principles of neutrality, impartiality and independence and being needs-driven and relevant to the affected populations. Likewise Black (2003) argues that academic researchers have much to learn from the ethics frameworks guiding international NGOs and UN organizations. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 26 of 161 Other contributions stress the power questions that underpin these issues on a global/local scale. Calain et al (2009) write about a ‘new dimension of inequities’ which magnifies the polarization between poor countries urged to donate natural resources (clinical specimens, viruses and other microbes) versus technologically advanced industrial countries with private interests (p. 17/347). Hill (2004) stresses the western bias that underpins ethical debate around research in developing countries and makes the case that this debate is framed not only by western values, but also by western economic advantage. In a way that challenges the humanitarian principles of neutrality, impartiality and independence, Hill (2004) makes the case that research, and in particular research in “post”-conflict situations, is a political act and urges researchers –national or expatriate- to be ‘acutely sensitive to their own positioning in respect to local and international contexts’ (p. 153/461) and the power and responsibilities that their position entails. Arguing for an acknowledgement of the capacity of vulnerable groups and communities, such as refugees, to take an active role in research and generate innovative research, Zwi et al (2006) close their contribution with a pertinent quote: Vulnerable groups, vulnerable communities, and vulnerable countries will remain passively “in need of protection” until they gain the type of agency . . . that locates organized and active communities at the centre as initiators and managers of their own health (MacFarlane et al, 2000 in Zwi et al, 2006, p. 275/444). Moving from understandings of vulnerability as the lack of autonomy, self-determination and therefore agency and power to a view of vulnerability as a way of becoming sensitive to asymmetrical relations of power between actors is a way to ascribe agency and power back to those vulnerable groups, communities and countries without becoming blind to long-standing problems of inequality. Moreover, this is the basis, as Ezeome and Simon (2010) argue, for ‘collaborative partnerships’ which recognise the community as a ‘full and equal’ partner and respect its values, culture and social practices. Citraningtyas et al (2010) go even further in challenging the traditional power hierarchies and dynamics between researcher and vulnerable participant, community or country. In their paper, the authors examine the further pressures and burdens that the presence of researchers and other incoming aid agents impose to disasterstricken communities. Using the case study of the Indian Ocean Tsunami in 2006, the authors refer to “a second tsunami” to describe the wave of national and international individuals and agencies that arrived in some tsunami-affected areas which was so large and difficult to manage that it was said to create a ‘subsequent human-made disaster’ (p. 108/147). To avoid such results, the authors argue for an ethical engagement between incoming parties and community which goes beyond community involvement or even partnership and actually assigns to the community ‘leadership’ and ‘ownership’ of the processes with the incoming researchers becoming a ‘resource’ for the community (p. 109/148). By collating all these different voices and contributions together, this volume does an excellent job in highlighting the politics and power relations that underpin all forms of research or collaboration in general. By problematising debates about who the participants or the communities are, the nature and impact of vulnerability in the researcher-researchee/participant relationship, and the different forms but also politics of participation and collaboration, the volume speaks directly to concerns relevant to IS designers and practitioners engaged in organisational innovation. On the one hand, designing, building and implementing technologies and information systems which facilitate, or even augment, participation, collaboration, but also, transparency and accountability are key tasks for IS designers and practitioners who understand how technological “affordances” can engender, intentionally or not, particular consequences on the level of social equality and human dignity. As this volume and the whole series have Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 27 of 161 demonstrated, these sentiments are heightened in times of emergency making their consideration even more important. On the other hand, concerns about the role of participants and the politics of collaboration and participation are central to IT design methods. Ideas that the “human subjects”, or “users” as they are known in this case, need to be considered in IT design are as old as IT design itself as, by their very nature, computers presuppose and ‘configure’ users in particular ways (Woolgar, 1990). Yet, how can one design for particular human-machine configurations, is a question that has inspired a multitude of design approaches, which appear to follow a general trend; from machine-centred approaches to human-centred ones. Or, from engineering to psychological and sociological ones, as enabled by the advent of the Scandinavian participatory design movement and the field of CSCW. Dourish has called this trend ‘social computing’ (2001) while recently Kuutti and Bannon described it as ‘a turn to practice in HCI’ (2014; see also, Bannon, 2011) (for other accounts, see Asaro, 2000; Simonsen et al, 2010; Büscher et al, 2008). Yet, as the focus shifts to the participants, the users and the communities, we run the danger of losing sight of the non-human actors which also shape collaboration in important ways. Or to put it more accurately, we run the danger of losing sight that participation and collaboration are the result of finely tuned, yet usually asymmetric, “intra-actions”, as Barad would put it (1998, p. 96; see also, Barad, 2007), between humans, machines, materials, stories, practices, all tangled together. This brings us to an evaluation of the compendium as a whole in relation to research and design or innovation around IT for crisis response and management. In the next section, we will discuss how a move from humanist to post-humanist understandings of agency and collaboration can address this problem. 2.6 Discussion: The question of technology The breadth and depth of issues covered by The Library of Essays on Emergency Ethics, Law and Policy is impressive and, while not exhaustive, this review has tried to cover key contributions and debates of the four volumes in order to leverage insights for advanced research in ISCRAM. Information systems designers and practitioners engaged in innovation in the field of emergency response and management care deeply about the ethics, law and policy of socio-technical change as well as research and design, yet they often struggle to be aware of the state of the art in so many related fields because the literature has been scattered across multiple locations and academic fields, making an overview of issues and available research difficult. This series is an excellent springboard for a more broad-ranging interdisciplinary approach. The four volume collection makes an important contribution to emergency scholarship by bringing together a wide range of seminal work, making it an invaluable reference for scholars and practitioners from a variety of fields. As the editor Tom D. Campbell promises in the introduction, a key strength of the series is its multi-disciplinary approach and the potential it provides for cross-pollination between different disciplines helping to create dialogue between disciplines as well as enhance our ability to comprehend and engage with the challenges that emergencies pose. However, we would argue that while the series has the potential, it misses the opportunity to engage more closely with socio-technical dimensions of emergency response and management. In the paragraphs that follow, we highlight related work from the fields of ISCRAM research, Science and Technology Studies (STS), Computer Supported Cooperative Work (CSCW) and IT ethics. A more engaged dialog between these different fields could leverage the insights collected in the series further as well as deepen the philosophical, legal and ethical debates presented in the compendium. In this way, the series’ shortcoming can become a fertile ‘opportunity space’ for new and much needed interdisciplinary conversations. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 28 of 161 It is widely recognised that information technologies are a crucial component of emergency response and management as they facilitate and support essential processes, such as risk assessment, surge capacity, data sharing, communication and collaboration between emergency responders. Yet, besides occasionally appearing as a risk factor or in passing mentions of the “technical”, technology rarely makes an appearance in the whole series. This means that even in the few cases where technology enters the picture, it is presented as non-agential, unproblematic, or as Introna (2007) would put it, ‘a neutral means (or medium) that can be shaped and moulded to suit our needs and desires’ (p. 11). This constitutes a considerable limitation of the volume which unfortunately echoes Hiltz et al’s (2010) observation that ‘despite the recognition that information systems are crucial components of emergency management, there has been surprisingly little research published that facilitates understanding of how they are actually used in emergencies’ (p. 6). Technology has always played an important role in emergency response. From physical technologies, such as breathing apparatus for fire-fighters and guns and body armour for police to policy tools, such as incident command systems (Buck et al, 2006; Moynihan, 2009; van de Walle et al, 2010), to information and communication technologies which can augment responders’ capabilities but also complicate risk analysis and undermine existing practices, technologies have always shaped the nature of emergency response and played a key part in what or who can be rescued or protected. This means that technology is not neutral, but actively shapes people’s capability for ethical, lawful and socially responsible conduct. It does not mean that we should shift the focus from people to technology. Instead, it means that ethical, lawful and socially responsible conduct is a matter of social, material and technical practices, which are deeply entangled with technologies as well as ‘environmental’ factors of culture, embodiment and situations. Therefore, a socio-technical approach to emergency response and management would elicit a more rounded and productive understanding of the risks and opportunities. A new Volume on The Applied Ethics of Emerging Military and Security Technologies is about to come out in The Library of Essays on the Ethics of Emerging Technologies (Allenby & Wallach, 2015), which focuses on ethical questions and issues arising from accelerating technological change in the military and security domains. However, we would argue that attention to questions of technology should not be a separate concern but suffuse debates on emergency ethics, law, policy and research. Three areas of socio-technical entanglements are particularly promising sites for a more integrated analysis and we briefly delineate some opportunities below to illustrate the potential. 2.6.1 Ethics and its practicalities While the first volume of the series provides insights on key ethical debates which surround emergency management from a philosophical perspective, the volume does not go far enough in considering how ethics is practiced. Yet, this is critical to a consideration of emergency ethics, law and policy. And in taking this focus, it becomes evident that technologies deeply affect ethical, lawful and socially responsible conduct. Recent attempts to analyse ethical, legal and social issues (ELSI) in IT innovation in disaster response and management have highlighted the transformative, positively and negatively ‘disruptive’ momentum of integrating new technologies into emergency response and management practice (Büscher et al, 2014a). Hopes for greater efficiency through electronic triage, for example, can effect much more far reaching transmutations of expertise and responsibility as well as changes in the measurement of efficiency (Ellebrecht & Kaufmann, 2015). The fact that most people today carry mobile devices means that a constant flow of ‘big data’ is generated that may be exploited for crisis response and management, but it also generates ethically, legally and socially challenging dynamics around the completeness and veracity of the data, the ability to visualise the data outputs, or the ability to actually enhance insight or improve decision-making through data Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 29 of 161 (Watson & Finn, 2015), as well as questions about equality and access in a world where some organizations still ban the use of mobile devices for some employees (Ford et al, 2015). The use of automated technologies, such as remotely piloted aircraft systems (RPAS) raises questions about human control and the nature of human-machine interdependencies (Introna & Woods, 2004; Kerasidou et al, 2015; Perng et al, 2015). And support for the agile assembly of ‘systems of systems’ for interoperability in crisis response and management can play into trends towards greater securitization and surveillance, and potentially undermine civil liberties (Büscher et al, 2014b). 2.6.2 Emergence of new publics The activities of people affected by crises are creating a second site where emergency ethics, law, policy and research are deeply interlinked with technology. ‘Collective intelligence’ is part of disruptive innovation in disaster response, that is, innovation that transforms the social, economic, political, and organizational practices that shape this domain (Chesbrough, 2003; Shanley et al, 2013; Raymond et al, 2014). One of the earliest examples arose during the Virginia Tech shootings, where students who had been told to stay in their dorm rooms connected online to work out who had been hurt or shot. Converging on a Facebook Website called ‘I’m OK at VT’, the students exchanged information, verified reports and constructed accurate lists of who had been killed, several hours before the authorities released the same information. Under the pressures of the unfolding tragedy, they spontaneously developed social conventions and practical measures to ensure that information was accurate (Vieweg et al, 2008). Since then, collective intelligence has been an integral part of wider transformations in crisis response. It gives rise to a range of ethical, legal and social complexities, creating both opportunities and challenges. On the one hand, new forms of self-help and cosmopolitan digital humanitarianism become possible. Watson and Finn (2015), for example, examine information flows between corporations and their customers during the most severe global flight disruption since 9/11 – the Eyjafjallajokull eruption. With over 100,000 flights cancelled and 1.2 million passengers affected, the particle cloud overwhelmed corporate and institutional call centres. Stranded and unable to find information through official channels, thousands of passengers, their colleagues, friends and family turned to social media. Through a study of two different forms of support for information exchange using social media, Watson and Finn highlight positive outcomes such as increased surge capacity and the mobilisation of global social capital, but also explore problematic issues of inequality, exploitation and privacy infringement. On the other hand, the use of social media in crises can give rise to vigilantism and DIY justice (Rizza et al, 2015, Tapia & LaLone, 2015). 2.6.3 Posthuman research ethics Thirdly, while not immediately obvious, the fields of research ethics and collaborative IT design share a keen interest in boundaries. The field of emergency research ethics as it was captured in the last volume of the series takes a humanist approach in understanding the boundaries between expert and layperson, or between researcher and research participant, and if we could extend it even further, between research subject and research object, as fixed and unproblematic. However, as we saw, such an approach runs into all sorts of problems when the realities and messiness of research refuse to fit into such fixed categories. We saw vulnerable groups rejecting their vulnerable status and asserting their autonomy. We saw researchers - traditionally presented as disembodied and invisible in their scientific modesty – having bodies which get in the way, consuming valuable resources and becoming burdensome. We saw people not fitting into neat, well-defined, homogeneous and univocal “communities”. In other words, we saw the problems that arise when rigid methods try (and sometimes fail) to capture messy realities (Law, 2004). For some time now, researchers and practitioners in the field of collaborative design have Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 30 of 161 grappled with these questions of boundaries between designers, users, machines. Value sensitive design, for example, specifically seeks to embed attention to ethical, legal and social issues in design processes (Friedman et al, 2006). And these designers have turned to other fields to find conceptual tools to think about questions of how technology and practice are inherently linked. Drawing from STS and feminist technoscience studies (Latour, 1993; Haraway, 1991; Suchman, 2007a, 2007b; Barad 2007), they have moved to relational understandings of how boundaries between human and machines, designer and user are constructed and maintained while at the same time becoming sensitive to the politics of such boundary construction. To address questions of technology in a more integrated manner in debates about emergency ethics, law, policy and research, Zack’s work on ‘virtue ethics’ in disaster (2010) could prove key. Deriving from Aristotelian ethics, virtue ethics elevates preparedness to a virtue which must be lived to become effective. Challenging consequentialist ethics and states of exception, it makes the case that a focus on preparation protect democratic societies from reverting to exceptions that go against ordinary morals, integrity and dignity and from entrusting decisions on definitions and criteria solely on experts, or governments without public consultation. To be useful for IT designers, the debate needs to open up further to consider how these ethical principles are enacted in practice, but the framework is productive for critical and designerly perspectives on advancing capacities of emergency response. They enable designers to ask through what social, material and technical practices is morality enacted? How can institutions and people act virtuously in crisis? And how can technology be designed in ways that support a new practical ethics and virtuous conduct? 2.7 Conclusion This paper reviews The Library of Essays on Emergency Ethics, Law, Policy and Research Ethics (2013), a four Volume series edited by Tom D. Campbell. The compendium presents a collection of seminal work in the field of emergency ethics, emergency law and emergency policy, and it also covers emergency research ethics. Building on a selective summary overview of each volume, we have drawn out core themes and discussed their relevance to research concerned with the design and use of intelligent systems for crisis response and management. In this field, research on Ethical, Legal and Social Issues (ELSI) is a relatively new dimension. We argue that, while the series brings together important insights and is highly useful, a lack of attention to socio-technical dimensions of emergency response and management prompts us to chart research that should be included, not as a separate fifth volume, but as an integral part of discussions of emergency ethics, research ethics, law and policy. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 31 of 161 3 21st Century Emergency Collaboration – Legal Aspects This chapter explores how jurisprudence can help to analyse and regulate dynamic and distributed areas of technical innovation such as Emergency / Disaster management. In a discussion about legal aspects of emergency management for the 21st century these are problematic tasks. The rapid development makes it difficult to extrapolate from existing initiatives and established regulations in order to predict the future. Nor is it a realistic approach to outline a proposal for general Emergency Law Standards. The subject involves too many sub-domains and the incident driven development is to a large extent unpredictable. Therefore, we pursue the objective to discuss strategies, or ways of approach, which may support law-making in a complicated technical environment characterised by a fast pace of change. 3.1 Background From a traditional standpoint it may be argued that the most apparent jurisprudential task is to address substantive law issues. Major tasks include textual analysis of existing provisions, studies on how the rules are being employed in case law and interpretations of their implications. The researcher tries to eliminate voids, contradictions and vagueness by means of suggesting reformulations and possible restructuring of the material. Although the legal analyst may put forward proposals de lege ferenda (about the law in the future) the common basis for the analysis is de lege lata (the law that is). The overall objective of such work is to elaborate a more functional and coherent set of rules that will make problem solving in the domain more efficient and predictable. At a somewhat more detailed level this means that the rules should meet a number of quality standards, e.g. that they should be predictable, relevant, without side effects, transparent, pedagogic, systematic, and acceptable by those affected. The starting point for the legal analysis in the BRIDGE project has been the legal framework on privacy, in EU represented by the Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.2 The principles of the Directive 95/46/EC have been laid down in national legislation and in several countries more detailed provisions and interpretations of the principles have been issued for different sectors of society. This has resulted in a scattered picture and the situation has been criticised. Consequently, in January 2012 the EU Commission presented a proposal for a new general data protection legal framework (Proposal for a Regulation Of The European Parliament And Of The Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data) introducing concepts such as Privacy by Design and encompassing a number of detailed provisions for all ICT systems processing personal data (For an overview See D 12.1 Section 2.3). 2 Official Journal L 281, 23/11/1995 P. 0031 – lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML. Version 1.0: Final 0050. http://eur- D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 32 of 161 Privacy is however to a large extent a dynamic, controversial and contextually dependent concept, constantly under stress. Inter alia the presentation of new methods for analysis of big data collections, spectacular terrorist attacks, and leaked information about questionable activities undertaken by intelligence agencies affect the development in unpredictable ways. Subsequently numerous amendments have been suggested and the regulation that was proposed in 2012 has not yet been yet adopted. The regulation will take effect two years after its adoption, at earliest 2017. In January 2015 the EU Data Protection Supervisor Giovanni Buttarelli wrote: “There is a pressing need to see the Data Protection Reform adopted by 2015. It should not slow down innovation, but equally it should ensure that our fundamental rights are safeguarded and made effective in practice. We need new rules to rebuild the trust in the digital society that has been eroded by, for instance, massive surveillance.” It is stressed that “Data protection is at the top of the EU agenda and the international agenda too and will certainly remain there for many years.” Broadening the perspective to other areas of law relevant to disaster management and emergency collaboration a similar situation is indicated. The various kinds of regulations that can be related to Emergency Law are of a multifaceted nature. The survey that was documented in D 12.2 mentions several reasons for this state of the matter. Perhaps the most important one being that stakeholders, categories of people and legal provisions potentially affected by emergencies are impossible to define in advance. Relevant legal components are also difficult to identify from a formal point of view. Constitutions, laws, ordinances and many forms of soft law instruments, as well as standards often become relevant in various combinations. Another complication is that many organizations embrace different traditions and that the way issues are dealt with varies in different jurisdictions. To take into consideration is furthermore that strategies for emergency management within EU is a complex matter. A comprehensive and well researched survey published in 2009 initially claims that “different types of initiatives exist almost everywhere, they overlap, they are founded on different types of legal documents or different treaties, and they play different roles in different stages of a crisis, some are operative on a daily basis while some are sleeping until activated.”3 Some 150 pages later it is concluded that it is “evident ... the crisis management system of the Union is not the result of one master plan” and that “perhaps even to call it a ‘system’ is too much since it has no overall administrative logic and since the EU itself has no self-image of its own crisis management organization”.4 Activities take various forms, e.g. as policy initiatives, establishment of administrative bodies, practical efforts with the purpose of pooling resources, risk reducing activities and relief operations. Initiatives manifest themselves in different sectors and at different levels, between agencies, organizations and countries, in regions and in EU as such. It is evident that the development of disaster management within the EU is an ongoing, dynamic process, to a considerable extent incident driven and with little or no coordination. 3 Larsson, P., Hagström Frisell, E., Olsson, S., Understanding the Crisis Management System of the European Union, in Olsson, Stefan (ed.), Crisis Management in the European Union: Cooperation the Face of Emergencies, Springer, Dordrecht 2009 p. 1. 4 Olsson, S., Larsson, P., The Future of Crisis Management within the European Union. In Olsson, Stefan (ed.), Crisis Management in the European Union: Cooperation the Face of Emergencies, Springer, Dordrecht 2009 p. 157 and 167. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 33 of 161 Noticeable is also that publication activities present an ongoing accumulation of case studies and that newly spotted problems often are of a detailed nature. At the same time it is obvious that jurisprudential analysis of the domain as such, as well as general conclusions to a large extent are lacking. 5 The overall conclusion from all this is that Emergency Law lacks a common ground and that it is not possible to identify a widely accepted legal framework that is upheld by any administrative body. Emergency Law/ Disaster Management Law are not unknown concepts, as illustrated in D 12.2 a variety of initiatives have been presented, but the situation is fragmented. In a discussion about legal aspects of emergency management for the 21st century this is a problematic presupposition. The inconsistencies make it difficult to extrapolate from existing initiatives and established regulations in order to predict the future. Nor is it a realistic approach to outline a proposal for general Emergency Law Standards. The subject involves too many subdomains and the incident driven development is to a large extent unpredictable. From a legal point of view the lack of structure is one of the most apparent problems in the area. Prismatic and ad hoc organizational arrangements are reflected in a multitude of overlapping and disparate studies, hampering systematic aggregation of knowledge and leaving room for contradictions and voids. In this respect the challenge is the concept of Emergency Law as such. It is apparent that the legal means of addressing the problems in the domain are less developed, and that alternative or complementary solutions should be considered. 6 This chapter focuses on the latter. More precisely, the objective is to discuss whether there exist methods, or ways of approach, which may support law-making in a complicated technical environment characterised by a fast pace of change. The discussion is tentative; the ambition is merely to make an inventory of possible ways ahead. Two lines of development are addressed: An approach in which legislation as we now know it is being adapted and elaborated by conventional means but organized and structured differently. This in order to better reflect practical presuppositions so that legal requirements and recurring problems can be addressed in a more systematic way. An approach in which traditionally established legislative efforts are being complemented with other forms of regulative efforts, e.g. by technical specifications in order to be physically implemented in technical mechanisms, or by different forms of “soft law” mechanisms or co-regulation initiatives. 5 See Hufnagel, Saskia, Roach, Kent (eds) (2012). Emergency Law, Volume II, Ashgate, Farnham, Part V, All Risk Emergency Regualation or Case Sopecific Regulation, p 461-535. 6 From a theoretical point of view this is not a unique situation in rapidly developing fields affecting several established fields of knowledge. See Kuhn, Thomas, The Structure of Scientific Revolutions. The University of Chicago Press, Chicago, 2 uppl, 1970, p. 178. “Before [the post-paradigm period] occurs, a number of schools compete for the domination of a given field. Afterward, in the wake of some notable scientific achievement, the number of schools is greatly reduced, ordinarily to one, and a more efficient mode of scientific practice begins.“ Compare Hufnagel, Saskia, Roach Kent supra p. 540 “ “need for a multidisciplinary approach that combines legal analysis with insights drawn from political science, organizational behaviour, and public health …public and private partnerships,… criminology, economics…” Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 34 of 161 3.2 A Structural Approach to a Legal Analysis of IT Systems in Emergency Response The structure of a legal sub domain is usually a mix of a common part and a multitude of substantial rule sets, focusing on different problems. The common part contains the rules that are valid for the whole domain. Usually this part defines the validity of the rules in time and space but frequently also other kinds of provisions stand out as being of a general nature. In for example Criminal Law the rules about intent (to commit a crime) and the rules defining the available sentences are of a common nature while the prerequisites defining the various crimes are presented in specific provisions, in what sometimes is referred to as the catalogue of crimes. Whether the most efficient development of Emergency Law lies in the formulation of “all risk emergency regulation or in case specific regulation” is also an issue that is discussed in the Emergency Law literature. Especially the situation in the UK has been criticised for being of a piecemeal nature. “Most legal protection … is drafted on a sectorial basis which lacks consistency, coverage and visibility” and “there is a need to avoid segmented regulation in a series of silos, there is a need to achieve co-ordination…” 7 Against this background and based on the literature study and the practical work undertaken in the BRIDGE project (cf. D12.1 & D12.2) it is thus possible to chart out a tentative structure for legal problems in Emergency Law reflecting a dichotomy of general and specific legal issues. Figure 2: Emergency Collaboration/Management Law Examples of how common (always relevant) and case specific issues can be separated and sorted as a basis for more systematic legal analysis and development of more coherent regulations. Although a separation between general and specific rules may provide an important foundation for more systematic efforts such an undertaking can be complemented in various ways. An alternative way of restructuring the problems is to classify them to events or phases that are related to each other. Crisis management can thus be described as a number of identifiable subphases that in various ways are interrelated - involving different tasks, responsibilities and 7 Walker, Clive, Governance of the Critical National Infrastructure. In Hufnagel, Saskia, Roach, Kent supra p 464-492. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 35 of 161 problems. For emergency Law such an approach has been suggested by several, e.g. by Kent Roach who, inspired by a harm reduction strategies from terrorism and epidemiology, describes a separation between measures that can be dealt with before, during and after incidents. 8 Such an approach can be elaborated in various ways and it is possible to include different activities at several levels. A structure of this kind also clearly indicates that there is a need for various types of interventions, e.g. proactive preparations, operative interventions and reactive responses. This in turn facilitates the identification of appropriate regulative techniques and the strategy thus provides a good basis for the accumulation of domain specific legal knowledge as it will indicate appropriate choices between various forms of legal solutions. Figure 3 Disaster Management Phases Example of how Disaster Management can be decomposed into a number of sub-phases in order to allocate responsibilities and to better understand how different problems are interrelated. Each sub-phase can be subdivided further in order to provide a detailed map of possible problems that may call for regulative efforts/initiatives. Such a structure can also indicate the need for employment of various legislative techniques (e.g. proactive/instructive/reactive measurements). 8 Roach, Kent, September 11, Consequences for Canada. In Hufnagel, Saskia, Roach, Kent supra p 493510.. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 36 of 161 A process oriented structure of this kind can be further elaborated into a matrix in which various types of legal requirements (e.g. proceedings, responsibilities, formalities etc.) can be mapped, e.g. relating to agents (organisations or individuals). Matrices of this kind can be developed for different types of incidents (e.g. terrorist attacks, earth cracks, fires) or chains of events. A systematic analysis of this kind should eventually make it possible to identify patterns and recurring requirements that should be dealt with in a general way (a possible basis for common part of legislation). 9 Rules affecting (Type of incident) Agencies Before Individuals Environment Equipment Resource allocation Education Transports Service Planning Exercises Handling of dangerous goods Renewal Networking Standby schedules Building standards Storing etc etc etc etc During After Figure 4 Matrix combining processes with various types of regulative requirements. 9 See for an elaboration of perspectives relevant to this approach, and for further references, Wahlgren, Peter, Legal Risk Analysis: A Proactive Legal Method, Stockholm 2013 (Stiftelsen skrifter utgivna av Juridiska fakulteten vid Stockholms iuniversitet nr 80). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 37 of 161 A more traditional way of researching a vaguely defined legal field is to initiate comparative studies in order to get an overview of the issues usually addressed and in order to find similarities and differences in how problems are understood and dealt with. Such a study can be initiated at different levels, e.g. in a comparison between countries or between organisations and agencies in a specific region. A comprehensive example of relevance for disaster management is the International CIIP (Critical Information Infrastructure Protection) Handbook 2008/09. 10 The handbook was the result of a joint Swiss-Swedish initiative in 2000, the “Crisis and Risk Network”. Four editions have been published, providing overviews of international protection efforts, legal issues and protection policies. The most recent edition encompassing 25 countries and 7 international organisations and forums reflects an inventory of Critical Sectors, Initiatives and Policies, Research & Development, and Law and Legislation. The CIIP Handbook provides a good basis for any type of systematic efforts in the field of Critical Infrastructure Protection, including regulative initiatives, as it reflects how the issues are being categorised and addressed in many countries. A similar approach can with little difficulty be the basis for in depth investigations in regulative matters at any level. The result of such a study can obviously facilitate international cooperation between counties and in regions. Works of this kind also illustrate how various problems can be dealt with and can also disseminate knowledge about what appear to be the most efficient solutions to specific problems. In this respect comparative studies may also eliminate the need to reinvent the wheel. At a detailed level this can be accomplished by means of aggregating statistics about to what extent various provisions have to be reformulated, how often they are contested and to what extent they fail to achieve the goals, etc. 11 A still other complementary approach which may facilitate the understanding of regulative requirements in a specific field is to try to define long term objectives and then systematically braking down those goals into smaller more manageable tasks, each of which may have to be implemented with legislative means and other kinds if steering mechanisms. An illustration of such a strategy would e.g. be to adopt a “zero-vision” for road traffic accidents with fatal outcome.12 Although road traffic accidents usually are not considered to be disasters Naomi Zack in 200913 made a comparison with the terrorist attacks in the U.S. on 9/11 2001. Updated figures indicate that ca. 2990 persons died as the result of the attacks. The number of Americans killed in road accidents since 2001 has however so far (spring 2015) accumulated to close to 500.000.14 Physically disabled and otherwise injured people uncounted. It can therefore 10 Brunner, Elgin M., Suter, Manuel (2009). International CIIP Handbook 2008/09: An inventory of 25 national and 7 international critical information infrastructure protection policies. Center for Security Studies, ETH Zurich. www.isn.ethz.ch/ Digital-Library/Publications/Detail/ ?id=91952 11 Such a strategy has been suggested e.g. n the field of Contract Law see The International Association for Contract & Commercial Management , http://www.iaccm.com/ 12 Such a goal was establiched by the Swedish parliament in 1997 ” http://www.trafikverket.se/PageFiles/881/regeringens_proposition_2003_04_160_fortsatt_arbete_for_en_ saker_vagtrafik.pdf”. 13 Zack, Naomi, Ethics for Disaster, Rowman Littlefield Publishers Inc. Lenham, 2009. P. xiii. 14 http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 38 of 161 be argued that the rational decision would be to prioritise efforts to mitigate risks accompanying road traffic. This is however not the case and Zack’s conclusion is that ”we cannot escape human psychology” and tend to ”respond more intensely to sudden big harms than to ongoing small ones, even if the aggregate of small harms is enormous compared to sudden big harms”. It is also probable that creeping types of disasters attract less attention due to the fact that they to a large extent are invisible or unknown. Consequently it may be argued that the basis for identifying relevant goals could to a larger extent be accumulated statistics about how well various rules, regulations and policies correlate to incidents. Figure 5 Short term legal reforms and long term legal objectives Illustration of how a long term “zero-vision” for fatal road traffic accidents can be decomposed into short term actions, each possible to implement with various kinds of regulatory means, e.g. changes in the road traffic regulation, education of drivers, safety specifications for vehicles etc. Also this type of strategy can be depicted graphically. 15 15 Work with long term ”Result objectives” has recently (2014) been initited by the Swedish Civil Contingencies Agency. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration 3.3 A New Regulatory Culture? 3.3.1 The Problem Page 39 of 161 Although all the above mentioned approaches may help to better understand how Disaster Law and emergency collaboration can be regulated efficiently it must be acknowledged that a continuous aggregation of detailed, often reformulated rules has drawbacks. In a long-term perspective it is apparent that a common side effect is the accumulation of regulations, frequently exhibiting a poor overall structure. Equally problematic is the continuous vitiation of the legal language, following from a frequent use of ad hoc solutions, and the ever increasing complexity of piecemeal legislation. An additional problem is that legislation tends to become more and more voluminous and all such problems stemming from traditional jurisprudential efforts are well recognized in the field of Disaster Law. The negative effects of the traditional legislative approach often make themselves felt; in many areas there is no doubt that it is impossible for anyone not trained in law to understand the legal system. Sometimes it is difficult also for lawyers to grasp legislation, at least when it comes to issues outside their day-to-day practice. To identify, retrieve and evaluate the different components that may be relevant can simply be too overwhelming. This is a recurring problem in disaster management, which to a large extent is an incident driven activity where unpredictable processes frequently involve new constellations of groups and agencies. Another component to take into consideration is that updated and detailed background knowledge about the situation at hand in most cases is a precondition for the design of suitable regulations. In this respect criticism is often articulated, indicating that much of current legislation is made up of short-lived inefficient provisions reflecting poor understanding of the practical requirements. The shortcomings of the traditional approach are readily apparent in the case of disaster management – which means in effect that the difficulties are revealing themselves in all possible situations. The reason for this is easy to understand. The sector tends to offer solutions of increasingly complex nature and the lawmaker often encounters previously unheard of problems in trying to satisfy the prevailing demands. How shall, for example, poor health advice and medical prescriptions via the Internet – perhaps occurring between two countries, and by the use of a ICT system situated in a third country – be managed from the legal point of view? What aspects of new services should be regulated, what kind of regulation is desirable, how can responsibilities be allocated and how can legal solutions be enforced? To solve acute problems within a reasonable time, and simultaneously uphold a consistent structure for all parts of legislation is an overwhelming task for several reasons. Persistent complications flow from the fact that the conceptual apparatus of disaster management lacks in many respects equivalent counterparts in law. Yet another problem is that the meaning of legal concepts often changes, or becomes blurred when linked to new technology. In this respect a number of phenomena have to be revised more or less constantly. In disaster management, this is illustrated by not fully understood consequences of use of big data collections, crisis communication, ad hoc linked up systems of systems etc. How should equal access to public services (net neutrality) be dealt with, what are the consequences for privacy and who is responsible for malfunctions and errors? Limiting factors are also that the time allotted for preparatory investigations is continually decreasing, even as the complexity of the subject matters to be regulated increases. If one adds to the equation the necessity to continually adapt the legal language as new phenomena arise, it is clear that the objective to avoid inconsistencies by means of relying on traditional legislative efforts is unrealistic. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 40 of 161 Another aspect to observe is that the rapid development of the technology and its logical consequence – internationalisation – generates previously unknown demands for standardisation and uniform solutions. This creates additional pressure on the lawmaker. A national legislature can do little on its own to solve these problems and, at our present level of development, truly effective instruments for the implementation of international legislation do not exist. In this respect, as described in D 12.2, there is little doubt that the EU efforts in this domain so far have been unsatisfactory. All this lead up to the conclusion that in an outlook for the future there is a need to include also other kinds of regulatory mechanisms, besides structural approaches as the ones outlined above. Traditional legislative efforts are likely to be complemented and augmented in various ways. Three such approaches deserve to be mentioned: co- and self-regulation initiatives, embedded solutions and pattern recognition. 3.3.2 Co- and self-regulation For quite a long time it has been argued in various circumstances and from various standpoints that the state should intervene as little as possible and that the development of self-regulation and legal free zones is a better alternative. Quite frequently such ideas have been proposed concerning the use of the Internet, the development of technology, etc. Theories concerning self-regulation are usually underpinned by legitimate and easily understandable desires to avoid unnecessary administrative burdens and bureaucracy. At the surface level, they can therefore appear attractive, and in some situations there is no doubt that private dispute resolution and other kinds of non-authoritative agreements provide wellfunctioning solutions. Such approaches may also be preferred since they are comparatively cheap, can be conducted with little delay and completed without making the process public. If one investigates this approach a little bit further, however, it is apparent that in many cases it is unrealistic to maintain a system based on self-regulation. It may even be questioned whether this approach should be recognised as a general strategy at all, and there are several reasons for this. In an analysis of the prospects of self-regulation mechanisms it is important to keep in mind that the lawmaker usually has access to a system of sanctions, and that legislation is usually upheld and supported by a system of authoritative institutions. In an environment where self-regulation is presupposed many of these factors are absent, which is obviously a considerable complication. If the parties involved are not on an equal footing, and if mechanisms for the effectuation of legal decisions or enforceable sanctions are lacking, the incentives to follow the rules are likely to diminish. It is also important to note that large portions of the legislation seeks to balance different opinions and various needs in an authoritative manner, this is for instance the issue in the debate about privacy, where the interest of the individual sometimes clash with societal needs for efficiency and strive for security. The fact that self-regulation in many situations is unrealistic does however not mean that alternative approaches are impossible. On the contrary, the number of mechanisms that can replace or support traditional legislation are many. It is thus relevant to separate between activities “within legislation” i.e. implementation of mechanisms that to some extent must be legally established and activities “outside legislation”, e.g. education or information campaigns. Several such alternative strategies can play a considerable role. In general terms, co- and self-regulation initiatives can be described as a replacement of rules defining what and how to do things with rules merely defining what to do, i.e. goal oriented Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 41 of 161 legislation. In other words, the rules primarily define the objectives but it is left to the stakeholders to decide the means. 16 Within this framework a number of possible approaches can be used, in isolation or as complements. One alternative is to implement minimum standards, i.e. provisions that only seek to secure basic requirements but apart from that presuppose that the parties decide the details. Such type of regulation may leave room for any type of solution, and as long as the basic requirements are not violated, the legislation will remain silent. In this respect this type of legislation can be described as “default legislation”, i.e. it will only be activated if the parties do not agree on something else. A related strategy is to stipulate that the actors in a certain domain should develop a quality assurance, or quality management system (QMS), ensuring that the activities in the field are up to date and in line with scientifically established knowledge about the subject-matter. The role of the legislature thus becomes limited and the only thing that is checked is how well the QMS works. This is a practical approach in domains in which the knowledge is complicated and of a rapidly changing nature. To elaborate detailed provisions about how to perform e.g. surgical operations is not realistic which is why this strategy becomes increasingly more popular when it comes to medical treatments, development of drugs, etc. An important factor is also that those affected by the system are more likely to accept it if they have had the opportunity to participate in its development.17 A QMS need not be made mandatory, in some cases it may be up to the individual/company/agency to participate. But for those who choose not to participate in the QMS there may be administrative burdens, fees and other requirements that have to be met. An example of such a voluntary and partly self-regulating mechanism is the EU system for Authorised Economic Operators. “Authorised Economic Operator, AEO, is a joint EU certification programme, designed to increase the security in the world as well as to harmonise the customs related operations within the EU and make them more efficient. The AEO status is valid in all EU Member States. Every business, regardless of size, forming part of the international supply chain can apply to become an AEO. This applies to manufacturers, exporters, freight forwarders, warehouse keepers, customs agents, carriers and importers. To obtain AEO status, businesses within the EU can apply for one of the following certificates: ▪ Customs simplifications ▪ Security and safety 16 This is sometimes referred to as a shift from quantitative legislative technique to qualitative legislative technique. See e.g. van der Sluijs, J./Wahlgren, P. (red.) Soft Law, Scandinavian Studies in Law, Vol 58, Stockholm Institute for Scandinavian Law, Stockholm 2013. 17 Josefsson, Carl, Lagstiftning eller självreglering, SvJt 2001 p. 215, Heuman, Lars, Reklamationsnämnder och försäkringsnämnder, Norstedts Stockholm 1980 (Institutet för rättsvetenskapig forskning CVI) s. 797–849. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration ▪ Page 42 of 161 The joint certificate Customs simplifications/Security and safety” QMS of this kind is a type of certification and the variants, including licencing, permits, accreditation and/or the suggestion that the actors participate in education and/or standardisation activities can easily be combined. Eventually also components such as subsidiaries and economical contributions can be used as incentives. 18 The common and important feature being that the legislator can refrain from issuing massive quantities of detailed legislation. In this context it is also relevant to mention soft law, i.e. regulations that are not formally binding, or provisions that cannot be enforced. The term soft law was previously mostly used in order to denote agreements between states and international organisations’ resolutions and recommendations. 19 Presently however the phrase is usually also used in order to encompass sectorial agreements, recommendations, guidelines, decisions by various types of cooperative boards, codes of conduct, standards, etc.20 A quick overview of the so-called hands-off strategy thus indicates that co- and self-regulation may well be considered in some situations related to emergency management. Frequently, various kinds of co-operative efforts between private enterprises and the government are likely to generate better solutions as compared to what can be accomplished by the legislature alone. Obvious examples are the joint development of codes of conduct, assistance in the setting up of proactive or protective mechanism, and the authoritative backing up of self-regulation so that enforcement is guaranteed.21 Another illustration is giving public support for setting up standardization organisations. In many situations subsidiaries and incentives can probably be more effective than detailed legislation of traditional kind22 and often it is a good idea to investigate whether some form of co-regulation is possible. 23 18 See for an overview,e.g. Wahlgren, P. Lagstiftning: Rationalitet, problem, möjligheter, Stockholm 2014. 19 20 21 Se t.ex. Senden, Linda, Soft Law, Self-Regulation and Co-Regulation in European Law: Where Do They Meet?, Electronic Journal of Comparative Law. vol 9.1 (January 2005), “www.ejcl.org/91/art91-3.html”. Se t.ex. van der Sluijs, J./Wahlgren, P. (red.) Soft Law, Scandinavian Studies in Law, Vol 58, Stockholm Institute for Scandinavian Law, Stockholm 2013. See e.g., The UK Cabinet Office, Regulatory Reform Strategy Team, Better Policy Making: A Guide to Regulatory Impact Assessment, London 2003, Annex 2, Alternatives to Legislation “http://www.cabinetoffice.gov.uk/regulation/docs/ria/pdf/ria-guidance.pdf”, and U.S. Department of Commerce, Privacy and Self-regulation in the Information Age, Washington D.C. 1997 “http://www.ntia.doc.gov/reports/privacy/privacy_rpt.htm”. 22 In a report from the research service of the Swedish parliament, surveying 45 self-regulating bodies, it is stated that these entities provide “rather simple and fast dispute resolution/administration for a large number of consumers. In addition the process is usually free of charge.” Näringslivets självregleringsorgan – en uppföljningspromemoria (Dnr 2003:2044) 23 On co-regulation, see European Commission, Digital Agenda for Europe: Better Self- and CoRegulation “ec.europa.eu/digital-agenda/communities/better-self-and-co-regulation”. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 43 of 161 3.4 Embedded Technical Solutions An entirely different way of increasing the efficiency of legislation would be to actively develop the means to embed regulations in the physical environment. Under such a strategy a variety of alternatives can be envisioned, depending on the ambitions and the nature of the issues to be addressed. An illustration of a more elaborated solution is road tolls with the purpose to cut congestion and predicted traffic jams, which are based on pay-as-you-drive charges. Such regulation is entirely dependent on technical systems, e.g., various types of satellite tracking devices and/or on microwave signals identifying tags adhered to the vehicles. Although technical systems of this kind cannot be looked upon as alternatives to traditional legislation it is quite clear that they often provide important complements to the regulations. Illustrations of this are abundant. It is for instance obvious that modern regulations concerning verification of transactions often presuppose technical solutions. Likewise it is clear that rulebased activities within public authorities and the government rely to a large extent on technical solutions for the management of decisions, taxation, administration of elections, etc. Noticeable is also that in many situations it would be impossible to return to a “pure”, non-technical legislative strategy. Frequently, technical components are taken for granted, and they may also be essential for the effectuation of particular legislation. A good example of the latter would be the Swedish Land Register Act, which in fact is a description of an IT-system. Figure 6 Means of Influence In many case an implementation of a Law into a technical system (T) will be much more efficient than what can be achieved with traditional legislation (L) and implementation by means of public authorities (A). In this respect it is beyond doubt that IT provides many new potentialities and that the possibilities to integrate rule-based solutions into technical systems are constantly increasing. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 44 of 161 This development is reflected in a variety of activities. Currently under discussion are for instance Privacy Enhancing Technologies (PETs) for data protection and digital rights management systems for the administration of intellectual property rights. Privacy by design is also presupposed in the new proposal for a EU regulation on the processing of personal data, of high relevance for many types of emergency management. Potential extensions into more advanced technical solutions may include elaborated forms of e-government for virtually all kinds of administrative services, automatically supervised, dynamic road traffic regulations and, eventually, legal decision-making within the courts, perhaps based on computerised sentencing guidelines and pre-programmed procedural codes. It should be underlined that the inclusion of regulative aspects in physical components in no way represents a new phenomenon. The need to combine legal rules with physical arrangements has always been present, and the illustrations can be quite mundane. That is simply to say that if you want to protect your home efficiently, it is seldom a good idea to depend solely on legislation concerning trespassing and burglary – locks and other tangible means are often necessary supplements to the provisions. Noticeable is also that physical means sometimes are necessary in order to communicate the content of certain legislation. This is for instance the case with road traffic legislation and for such functions there is no doubt that IT provides considerable potentialities for further developments. Looked upon from this point of view it is quite clear that most legislation presupposes some kind of physical counterparts. From this also follows that it appears logical to utilise more sophisticated mechanisms when the technical abilities to enforce the regulations increase. In many situations such a development appears unavoidable. At present it is for instance necessary to rely on technical means in order to vindicate the regulations aiming to combat computer viruses and the situation is doubtlessly the same when it comes to upholding security for electronic communication, develop electronic payment systems, etc. It is also to be borne in mind in this context that the legislative system fulfils the function of providing an important steering mechanism on an aggregated level. In this respect embedded solutions may bring about considerable improvements as regards efficiency. Wisely employed, IT can eliminate many of the present problems of poor legislative impact and the interest for further developments in this direction are likely to increase as understanding of the potentialities becomes more widespread. A further consequence of this is that the prospects for traditional legislation may seem meagre. When compared to sophisticated technical solutions, do black letter laws offer any realistic alternatives with respect to effectiveness, clarity and predictability? Or, to polarize a bit more, do paper laws represent anything else than a primitive form of social steering instrument? In an analysis of this approach it is also relevant to discuss a number of secondary effects. Several important questions come to mind. One thing to speculate about is, for instance, whether the development of more integrated forms of legislation should be reflected in the ways in which legislative investigations are carried out. That is to say would it not be more logical to start out by means of designing technical systems when new regulations are being prepared? Likewise, if various forms of technically embedded solutions are likely to be more efficient, should not technical solutions be perceived as the primary objectives of legislative processes? And, consequently, should not written legislation mainly be looked upon as a documentation of technical solutions, and, ultimately, be designed as manuals for how to operate the systems? On the other hand, although a development of more sophisticated forms of technically dependent regulations may for several reasons seem attractive, it must be conceded that a future Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 45 of 161 development of this kind raises a lot of questions. A number of difficulties must be acknowledged and noticeable is also that the debate about potential negative effects has at times been intense. The contributions range from pure fiction to well-researched investigations and balanced discussions concerning the pros and cons of more technically elaborated solutions. 24 A fundamental objection is for instance that a development of more technocratic societies puts democratic ideals in peril. This is simply because technical standards can be established without the involvement of authorities, and that actors with sufficient resources can easily alter the balance laid down in embedded legislation, by means of altering technical platforms or introducing mechanisms obstructing the systems. A continuous development of more sophisticated systems is also likely to lead to problems of transparency. Intricate technical solutions are often difficult to understand and they may thus be viewed as a threat. Closely related to such a scenario is the development of an Orwellian Big Brother society in which technology becomes ubiquitous and where surveillance and privacy control seriously delimit the freedom of individuals. At a somewhat more concrete level, problems of adequate transformation of legal provisions into computer code, difficulties in upholding essential legal principles, e.g., concerning freedom of information, and unpredicted secondary effects originating from system complexity should be acknowledged. It is also obvious that the issues that need to be considered and the obstacles that have to be dealt with will vary depending on the type of issues addressed. If one tries to summarize this approach it is clear that IT provides interesting alternatives to black letter law in the sense that many normative aspects of legislation can be implemented in physical systems. How this development will progress is not possible to predict in detail, however. Several of the risks related to development of a more technocratic society are of a very serious nature and such aspects should be given a lot of attention. The use of embedded regulations is not unproblematic, and in many respects the development provides entirely new challenges for the legal domain. Nevertheless, in the long-term perspective, a development of more integrated solutions appears unavoidable. Huge potentialities for increased efficiency, improved predictability for the outcome of legal decisions, and the development of more detailed specifications of legal processes will not be easily dismissed. 3.5 Pattern Recognition One additional way of increasing the efficiency of legislative actions is to utilize of pattern recognition by means of investigating big data collection with mathematical algorithms. Pattern recognition is a field of research with its origin in in artificial intelligence, engineering and 24 The study of Legal Automation (Rechtsautomation) has generated a comprehensive literature in the Scandinavian countries. See e.g., Magnusson Sjöberg, Cecilia, Rättsautomation. Särskilt om statsförvaltningens automatisering, Norstedts Juridik AB, Stockholm 1992, and Schartum, Dag Wiese, Rettssikkerhet og systemutvikling i offentlig forvaltning, Universitetsforlaget, Oslo 1993. Cf, also, for a somewhat different perspective, Lessig, Lawrence, Code and other laws of Cyberspace, Basic Books, New York 1999. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 46 of 161 statistics. Algorithms can be used not only in order to investigate whether a hypothesis can be verified but also to discover previously unknown patterns. The latter is in turn an important component in machine learning. The development in this field is intense and several impressive applications have been presented, e.g. IBMs Dr Watson 25 and Amelia.26 The use of pattern recognition appears promising for several reasons, most importantly because the method can support the identification of situations in which regulative actions are likely to be requested, or situations in which such actions are motivated due to the fact that established mechanism are inefficient. Findings of such kind can have a significant impact. Traditionally systematic attempts to identify problems that may generate demands for legislation before the actually manifest themselves are rare. Legislative actions are often reactive, i.e. they are initiated after a problem has become acute. Pattern recognition can therefore be expected to be used as a planning tool and also, by providing means to speed up the initiation of legislative actions, facilitate the handling of changes. Underlying these assumptions is the indisputable observation that only a few of the issues which actually could be recognised as legal issues actually establish themselves as legal problems. Errors, systematic attempt to circumvent mandatory rules and inefficiency routines may stay unnoticed for long periods of time. To try to identify factors that may have a decisive influence over various types of process is therefore very interesting. To understand what it is that qualifies certain problems to be recognized as legal issues is another intriguing question. A characteristic of pattern recognition, as compared to sociological investigations, is that the former is pursued on a general level, i.e. the focus should not primarily be set on the impact of isolated regulations. The objective is instead to pinpoint various types of factors and their potential interaction to specific events and thus also with the legal system. Possible applications range from in depth understanding and prediction of natural disasters (based on e.g. analysis of geological and meteorological factors, infrastructure deficiencies etc.) to terrorism (based on analysis of e.g. communication activities, money transfer, traveling etc.). In this respect, pattern recognition represents a “law generic” perspective, as contrasted to sociological investigations which often seek to understand the instrumental qualities of the law (“law as an instrument”). In practice, however, the two approaches are related, and pattern recognition may well be complemented by a variety of sociological means. Doubtless is also that statistics is essential for the accumulation of knowledge of this general kind, and this is of course also a feature in common with sociological research. In context of emergency management it would be premature to point out any factors that are likely to have a decisive influence over how certain issues become established as acute problems motivating far reaching legislation and reallocation of resources. As an illustration, nevertheless, it appears reasonable to speculate about the extent to which spectacular events, access to media, communication channels, lobbying activities and political considerations can shift the focus of the legislature towards previously less noticed phenomena. In a similar way it may be worthwhile to study how economic resources, the presence of conflicting interests, knowledge and experience of the legislature, the complexity of the 25 http://www.ibm.com/smarterplanet/us/en/ibmwatson/ 26 http://www.telegraph.co.uk/technology/news/11123336/Meet-Amelia-the-computer-thats-after-yourjob.html. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 47 of 161 problems, and the nature of the existing legislation may influence the introduction of new issues. It may also be relevant in this respect to investigate whether factors of an indirect nature, such as the need for simplification in mass media, educational activities and the pace of change can be important factors in the process of establishing problems as legal issues. 3.6 Summary The first part of this chapter recaptured the many shortcomings and difficulties the concept of Emergency Law faces. Previous studies in the BRIDGE project has indicated that the field suffers from poorly coordinated efforts and exhibits a fragmented and partly dysfunctional legal system lacking general components. Against this background and as a general conclusion from recent developments in studies on legislative techniques the second part of the chapter outlined a possible strategy for future regulative efforts in the field. The strategy is based on two major undertakings, (1) a more systematic sorting of the relevant issues and the legal material into more functionally and practically oriented structures (restructured and elaborated legislation of a traditional kind), and (2) an amalgamation of various complementary regulative efforts and tools (self- and coregulation, technically embedded solutions and pattern recognition) into what can be described as a new regulatory culture for disaster management. Figure 7 A new regulatory culture for disaster management. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 48 of 161 4 ELSI in Crises: Doing IT more carefully This Chapter is based on the Introduction to a Special Issue on ELSI in IT Supported Crisis Response and Management in the International Journal for Intelligent Systems in Crisis Response and Management (forthcoming). Edited by Buscher, M., Liegl, M., Rizza, C. and Watson, H., with six papers: Ellebrecht, N. and Kaufmann, S. (2015) Boosting efficiency through the use of IT? Reconfiguring the management of mass casualty incidents in Germany Ford, J.L.; Stephens, K.K. and Ford, J.S. Digital Restrictions at Work: Exploring How Selectively Exclusive Policies Affect Crisis Communication. Watson, H. and Finn, R. Ethical and privacy implications of the use of social media during the Eyjafjallajokull eruption crisis Rizza, C.; Guimarães Pereira, Â. And Curvelo, P. “Do-it-yourself justice”: considerations of social media use in a crisis situation: the case of the 2011 Vancouver riots Tapia, A and LaLone, N. Crowdsourcing investigations: crowd participation in identifying the bomb and bomber from the Boston Marathon Bombing Buscher, M.; Perng, Y-S. and Liegl, M. Privacy, Security, Liberty: ICT in Crises In the context of this deliverable, the introduction to the special issue presents a discussion of why ELSI matter in the context of IT innovation in crisis response and management, it maps out key dynamics and issues, and provides a summary of future work needed. Abstract: The introduction to this special issue sets out why it is important to carefully consider ethical, legal and social issues (ELSI) in the context of IT innovation in crisis response and management. It sets the scene for six articles that provide concrete insight into how ELSI manifest in different contexts, including critical explorations of efficiency gains through etriage, inequalities in organizational emergency communications, ethical and privacy implications of the use of social media during the 2010 Eyjafjallajokull volcanic eruption, do-ityourself justice during the 2011 Vancouver riots, and public perceptions of social media responses to the Boston Marathon bombing. A call for socio-technical design for privacy, security and liberty concludes the special issue. Drawing on this work and examples from literature in science and technology studies and design, this introduction charts future work needed to understand ethical, legal and social aspects of innovation in crisis response and management more deeply and to translate such understanding into ‘better’ socio-technical innovation. Keywords: ELSI, humanity, justice, privacy, liberty, design, information systems, responsible research and innovation It seems clear that ‘technology that provides the right information, at the right time, and in the right place has the potential to reduce disaster impacts’ (Koua, MacEachren, Turtun, Pezanowski, Tomaszewski, & Frazier, 2010:255). In a century of disasters (eScience, 2012) where nothing is so certain as that another crisis is around the corner and emergency response Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 49 of 161 services are under intense pressure to produce more efficient, collaborative and effective responses and plans, investment in information technology (IT) is often seen as pivotal. Enquiries into the implications of ever deeper integration of IT into emergency response and management for humanity, justice, liberty, and the social contract between societies and emergency responders may seem a burden, but design that is sensitive to ethical, legal and social issues (ELSI) is also recognised as critical to leveraging the potential of new technologies. If emergency services are to utilise (and to control media operated) Remotely Piloted Aerial Systems (RPAS), for example, if they should engage the public with the help of social media, or share information between different agencies and information systems in line with data protection laws, technologies must support awareness of ELSI and practices of addressing them. This is a complex challenge. Repeated, sometimes spectacular failures of IT projects highlight the transformative momentum inherent in IT innovation and raise questions about the straightforward usefulness of technology (Ellebrecht and Kaufman, 2015). Worldwide, up to 85% of IT projects fail, at an estimated cost of over $6.2 trillion (Sessions, 2009), and crisis management has a long history of such failures. In two prominent examples of major technology investment – the London Ambulance System in 1992, and more recently the UK FiReControl project, the systems failed because they did not support, indeed incapacitated the local practices of responders. They were abandoned, wasting millions of pounds (Shapiro, 2005; Committee of Public Accounts, 2011). The failure of such systems has ethical, legal and social causes and implications that go far beyond the financial aspects. Indeed, some analysts argue that ‘the belief that more data or information automatically leads to better decisions is probably one of the most unfortunate mistakes of the information society (Hollnagel & Woods 2005: 7). It is important to recognise that technology cannot ‘provide’ the right information at the right time, in the right place, but people can. People gather, sort, visualise, analyse, reason about, and reason with information, they assess its accuracy, relevance, quality, they share or withhold it, they can make sense of it, or not, they may discount it, or draw others’ attention to information in ways that communicates their judgement about its relevance, quality or import. Technology can greatly enhance these practices, but it can also undermine, obstruct, or transform them. Increased reliance on technology can make emergency response and management more dependent on fragile network and data infrastructures, make the work more complex and errorprone and it can engender far-reaching transformations of the emergency services and society. For example, emergency situations can call for exceptions to fundamental and constitutional rights. At a recent symposium, European security experts debated the importance of ELSI research for innovation in Border Surveillance and Search and Rescue27, calling for the law to catch up with technological innovation, so that, for example, restrictions on the interconnection of information systems for CCTV, face recognition and databases of known convictions for hooliganism could be lifted in France. Yet many European states, especially countries like Romania or Germany, who have experienced totalitarian regimes, are suspicious of such suspension of normal legal and moral rules and values, often fuelled (but not always warranted) by fear of a breakdown of public moral order in emergencies (Barnard-Wills 2013). Their unease is due to the experience that such exceptions can erode important civil liberties, and the fact that ‘the wrong kind’ of IT innovation in crisis management can amplify a detrimental ‘securitization’ of society (Aradau & Munster, 2011, Büscher, Perng & Liegl, 2014b). 27 http://bssar.kemea-research.gr Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 50 of 161 Against this backdrop, some fundamental ethical questions arise for emergency response practitioners, politicians, policy makers, citizens, non-citizens (such as tourists, legal and illegal immigrants), designers and researchers: How can IT design and implementation be done more effectively, more mindful of transformative effects and wider societal implications? How can it be done more benignly? Concerns over IT project failures, the insufficiency of ‘more information’ for good decisions, and the effects of creeping securitization on civil liberties may suggest ‘Don’t do IT’ as an answer for some. However, the increase in the frequency and severity of disasters in the 21st century of disasters, involving increasingly urbanized and ageing populations is also a massively powerful engine for IT innovation in crisis management. Indeed, it seems that the IT juggernaut into emergency response is unstoppable. Moreover, IT can uniquely enhance risk analysis, communication and collaboration. Thus ‘Do IT more carefully’ would be a better maxim. But how can this be achieved? To clarify what ‘more careful’ might mean, there is a need to better understand ethical, legal and social issues relating to IT supported emergency response. With this special issue, we contribute six papers to shape more proactive and integrated ELSI-aware design approaches. In this introductory overview, we begin by providing a short review of the socio-political context. This is followed by a discussion of the positively and negatively disruptive nature of IT innovation in crisis response and management, and specifically the role of ‘unintended consequences’. The individual papers that follow focus on considerations related to IT innovation and use in crisis management and response in different contexts, ranging from IT support for triage in mass casualty incidents (Ellebrecht and Kaufmann) to restrictions placed on use of mobile devices in organisations (Ford, Stephens & Ford), to the use of social media and the Internet during the 2010 Eyjafjallajokull volcano eruption (Watson & Finn), the 2011 Vancouver riots (Rizza, Guimarães Pereira & Curvelo), and the 2013 Boston Marathon bombing (Tapia & LaLone). The special issue concludes with a discussion of the relationship between privacy, security and liberty in the context of efforts to support emergent interoperability between multiple information systems and stakeholders in ‘smart city’ contexts (Büscher et al.). We briefly summarise key insights these papers allow. By exploring diverse impacts on the organisation of emergency response and the people involved, these papers build on contributions from the Information Systems for Crisis Response and Management (ISCRAM) community, where a long-standing commitment to explore ethical and social aspects of innovation in crisis response and management exists. The papers have been developed from contributions to special tracks on Ethical, Legal and Social Issues (ELSI) at ISCRAM conferences in 2013 and 2014. The individual papers illuminate several different, important dimensions of ELSI and we summarise them here to chart core themes. A key insight is that while ethical, legal, and social issues are a matter of material, socio-technical practices and the ways in which people use technology, it is critical to acknowledge – carefully and creatively – that technology itself is not neutral. It actively enacts and shapes morality. A ‘disclosive’ approach to ethical, legal and social issues can reveal emergent ethical implications – which may pose both challenges and opportunities. By providing a summary of a study that illustrates this in an exemplary way, we prepare for a conclusion that calls for more careful IT innovation in crisis response and management. Here, we delineate what future work is needed to translate the long-standing commitment within ISCRAM to understand ethical, legal and social aspects of innovation into critical, constructive and creative debates about what might constitute ‘better’ IT supported crisis response and management, and how ELSI research can inform ‘better’ design and use of technologies. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 51 of 161 4.1 ELSI & The Informationalization of Crisis Response Technology has always played an important role in the laws, ethics and social and material practices of emergency response. Physical technology such as breathing apparatus for firefighters, fire engines and fire fighting technologies, portable defibrillators for medical personnel, guns and body armour for police have augmented the capabilities of emergency responders for many decades. Policy tools, such as incident command systems, too, have shaped the nature of response (Buck, Trainor, & Aguirre, 2006; Moynihan, 2009). What or who can be rescued or protected changes, as do the processes and practices involved, and therewith the ethics and politics of emergency response. IT introduce another dimension of augmentation. There has been an ‘informationalization’ of crisis response and management, following in the footsteps of similar developments in other industries and services. The term refers to an ever more intimate integration of ever more information into economic processes and practices with the help of information technology, starting with the just-in-time logistics for materials and goods in post-fordist economies (Lash & Urry, 1994), and leading into contemporary forms of ‘knowing capitalism’ and ‘Lifeworld.Inc’ (Thrift 2005, 2011), where pervasive collection and processing of data about people’s everyday interactions and complex actuarial, ‘qualculative’ analytics allow corporations ever greater prediction, agility and control. In emergency response, informationalization can support enhanced risk assessment, preventative measures and learning from past events, as well as increased surge capacity, data sharing, communication and collaboration between emergency responders, closer engagement with people affected by disasters and mobilization of ‘collective intelligence’. But informationalizing socio-economic processes can also engender far-reaching transformations of these processes. In the domain of crisis management, the use of digital radio in over 125 countries in the world 28 and the rise of social media (Palen, Vieweg, Sutton & Liu 2009; Letouzé, Meier, & Vinck 2013) have fundamentally changed emergency communications practices, for example. Furthermore, when data can be shared more easily and to greater effect, exceptions from data protection regulations may foster surveillance and social sorting and erode values of freedom and democracy. The recent scandal over NSA surveillance starkly highlights the challenges to informational selfdetermination and privacy arising in the context of IT use in security policy and practice. The ways in which IT are designed and appropriated are deeply entangled with how societies conceive of risks, respond to crises, and facilitate freedom. The informationalization of emergency response is a form of ‘disruptive innovation’, that is, innovation that transforms the social, economic, political, and organizational practices that shape this domain (Chesbrough, 2003). Yet, even a recently edited comprehensive compendium of research in emergency ethics, law and policy (Campbell, 2012, see also Chapters 2 & 3) pays little attention to technology, and IT ethics in crisis management is somewhat of a new field of study. One of the first publications to tackle the challenge explicitly is Jillson’s chapter ‘Protecting the Public, Addressing Individual Rights’ in Van de Walle, Turoff and Hiltz’ Information Systems for Emergency Management (2010). She discusses ethical opportunities, such as the capability of emergency management information systems (EMIS) to extend surge capacity, to maximize availability and enable more equitable distribution of services, and to enhance risk communication. But she also shows how the informational and communicative advances that EMIS can enable can complicate adherence 28 http://www.tetratoday.com/news/tetras-love-affair-with-the-asia-pacific Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 52 of 161 to core ethical principles of non-maleficence and beneficence, respect for human dignity, and distributive justice (equal access). In their current use of IT, emergency responders often air on the side of caution when faced with ethical, legal or social uncertainties, such as doubt about informational boundaries in multiagency collaboration. They often choose not to share data. Fragmentation of response through ‘silo-thinking’ is a common result and a challenge to ethical conduct (Cole, 2010). Paradoxically, this is, at least partially, a result of the very capability of information systems to support data sharing. ELSI research shows that the reasons raise complex questions about accountability, responsibility and the social contract between society and emergency service professionals and volunteers. The social contract idea stipulates that society grants emergency responders a range of benefits in return for their commitment to save others even in the face of personal risk. Such benefits include ‘perhaps most importantly, a great degree of professional autonomy’ and the provision of adequate training and tools (Jennings & Arras, 2008:110). Digital logs provide new opportunities to learn from experience in post-disaster reviews of response efforts, but they also allow new ways of holding professionals to account (Bech Gjørv, 2012; Cartlidge, 2012), transforming ideas of professional autonomy. In an environment where IT enable ever more detailed post-disaster expert reviews of disaster response efforts based on extensive records of professional communications and decisions, such data can be treated as evidence for malpractice in a way that lacks appreciation of the real time context of these communications and decisions. It may attract blame and punishment and as a result, professionals may become uncertain about their reluctant to express themselves freely and clearly or take risky decisions. 4.1.1 (Un-)intended Consequences Technology can engender such unintended consequences for ethical, lawful and socially responsible and effective conduct, ranging from impacts on professional integrity and judgement to a securitization or militarization of everyday life. Before we delve into concrete detail through a review of the contributions to this special issue and an example from the wider literature, it is useful to examine the concept of ‘unintended consequences’. The notion of ‘unintended consequences’ features prominently in the literature on risk, especially on risk assessment of technology (Beck, 1992; Merton, 1936), but it is unclear whether such consequences are considered avoidable or inescapable, whether they are known, unknown or unknowable in advance. Furthermore, what precaution could be taken to avoid or mitigate them? Is this something that can be done before a technology gets implemented or need there be an ongoing monitoring process, for detecting and managing such consequences: For and by whom were these consequences unintended? Does ‘unintended’ mean that the original intent was not achieved, or that things happened outside the scope of that imagined intent? The notion also carries an implied exoneration from blame, since anything ‘unintended’ was implicitly unforeseeable, even if things somehow subsequently went awry. [...] The narrative of unintended consequences sets aside the possibility of acting irresponsibly on inadequate knowledge … (Wynne & Felt, 2007, p. 97). For designers and practitioners engaged in IT innovation in emergency response and management this statement implies a need to take responsibility for unintended consequences, by trying to notice, anticipate and know them, to amplify positive effects and to mitigate or avoid negative ones. If we examine the 10 core ethical principles of emergency response as defined by the International Federation of Red Cross and Red Crescent Societies Code of Conduct and their translation into components of emergency services in relation to practices and Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 53 of 161 virtues needed to accomplish them, we formulate some examples of how capacities to perform such services, practices and virtues are transformed in interaction with IT (Figure 8). A complex pattern of sometimes contradictory intended and unintended effects becomes visible. For example, compassion, charity, hope, empathy, resilience, respect and effective communication can be supported through technologies that allow more immediate and richer communication, and mapping and visualization of vulnerable populations, needs and available resources. As such, IT can help provide services that alleviate suffering faster and more generally support enactment of ethical principles of humanity. At the same time, such technologies could increase information overload and overwhelm responders’ capacities to compile information in a meaningful way. Similarly, the tireless, unbiased application of computational logic could be used to support impartiality through fair and equal distribution of resources, but it can also allow forms of identifying vulnerable or risky populations and techniques for social sorting that undermine values of impartiality (Figure 8). Ethical Principles Definition/Components of Service Practices and Virtues Some effects of using IT Humanity Prevent and alleviate suffering Respect for and active protection of dignity Particular attention to the vulnerable Safeguard and restore environment and social ties Non-discriminating Based on need With neutrality, that is, without ideological debate Compassion, charity, hope, empathy, resilience, respect, effective communication Faster, more efficient and more informed response. Non-judgement, tolerance, justice, fairness Tireless, unbiased application of logic. Impartiality Information overload for responders. Novel capabilities to identify vulnerable populations. Social sorting. Solidarity Cooperation Responsibilities and benefits shared equitably Regardless of political, cultural, economic differences Respect for sovereignty Integrity, trustworthiness, respect, effective communication Enhanced capabilities for communication and resource distribution. Integration – e.g. with information sharing agreements Inform & enable participation from all relevant parties Direction – clarity of purpose Subsidiarity Prudence, improvisation, effective communication, respect, intersubjectivity, resilience New ways of dynamically sharing information about capacities. Version 1.0: Final Potential for ‘witchhunt’ and spreading of rumours. Distributed collaboration makes it more difficult to know who is doing what. D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Information Sharing Human Rights Preparedness Social contract Appropriate accuracy, precision, depth of detail Consider effects of not sharing Collect, process and share lawfully Data minimization and sharing of aggregated data Accountability & transparency Evaluate effects on data subjects and informants Avoid duplication Prudence, integrity, trustworthiness, respect, empathy, effective communication Rights to privacy, freedom of movement, association, expression are actively protected Compulsory evacuation is explained Prudence, respect, empathy, nonjudgement, justice Reduce vulnerabilities Anticipation – e.g. through risk analysis & training Continuity – grounded in familiar ways of working Prepare for interoperability Attitude of wisdom, prudence, respect, diligence, effective communication Accountability to those in need, funders and society Training and support for emergency responders Prudence, respect, effective communication Page 54 of 161 Enhanced technical interoperability can support compatibility between different information systems. Interfere with cultural and organisational practices. Easier to contact and communicate with populations. Enhanced capabilities for information sharing can promote surveillance. Information visualisation and expert systems can augment human capabilities of risk analysis. Technology can introduce more complexity and slow people down. Digital logging can make decisions more transparent. It can expose responders to unreasonable liabilities. Figure 8 Ethical Principles and Intended and Unintended Effects of IT Use. Many of the ambiguities listed here are explored in depth in the individual contributions to this special issue. They show that core ethical principles, practices and virtues of emergency response can be pursued in a number of ways and IT can support or obstruct their realisation. Several dimensions of influence on the lawfulness, ethics, sociality and social responsibility of technologically augmented practice become visible: the ways in which technologies are used the technology itself the economic, social and cultural environment Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 55 of 161 At every level both positive and negative effects can be produced, often simultaneously and in complex ways. The papers in this special issue provide concrete insight into the dynamics of this in a variety of different contexts. 4.2 Concrete Insights through In-Depth Studies Ellebrecht and Kaufman provide in-depth insight into some of the complexities of sociotechnical effects through a study of e-triage. They elaborate a critique of pervasive claims that IT enables efficiency gains and thereby build a very useful foundation for all of the contributions to this special issue. Their argument is based on findings from a four-year research project in Germany, aimed at creating and implementing IT to support ‘Immediate Rescue in Large-Scale Accidents with Mass Casualties’ (SOGRO). Following actor network theories in the social sciences, Ellebrecht and Kaufman describe the work required to carry out triage and rescue in such situations as a complex programme of actions that is transformed in interaction with new technologies. During a series of large scale exercises they observed how the capabilities of digital triage technologies and their appropriation into practice were problematised by the emergency responders involved in the exercises. At the heart of the responders’ experience are concerns with efficiency. The SOGRO system is promoted as a system that ‘improves emergency treatment significantly by saving time, providing a more detailed situation overview and integrating the flow of information between all parties involved’. This is said to ‘help save lives’. Ellebrecht and Kaufman focus on three areas of friction they observed: time savings, improved decision making capabilities, and the claim that the new technologies provide a comprehensive overview. They find that, in terms of time savings, the system responds to – and drives and further legitimizes – currently contested changes in the organization of triage in German emergency response organizations. There are two elements. Firstly, in Germany, mass casualty incident triage was traditionally carried out by physicians and documented by paramedics. This is a costly, labour intensive and relatively slow practice with high quality standards. SOGRO supports paramedic triage, that is, a shift of responsibility from emergency physicians to (cheaper and more numerous) paramedics, who can be prompted or strictly guided by a ‘simple triage and rapid treatment’ protocol (START) captured in an algorithm that takes the paramedic through a series of diagnostic steps. Secondly, the SOGRO system enables a shift from traditional practices of treating victims at the incident site to a ‘scoop and run’ technique that prioritise transporting victims over on-site treatment, seeking to facilitate treatment en-route and in available hospitals and treatments centres through dynamic, computationally augmented analysis of capacity and resources. Based on their analysis, Ellebrecht and Kaufmann argue that any efficiency gains that are generated at this contexture of social, organizational and technical innovation reflect the ‘co-constitution of technology and society’ rather than any simple technology based improvement. Moreover, the changes explored during these exercises remain contested, especially with a view to questions about the quality of care and judgement in the comparison between the two different modes of practice. Ellebrecht and Kaufman find similarly complex ambiguities in relation to claims of technology ‘providing’ an overview and enhancing decision making capabilities. Particularly remarkable are their observations on responders’ worries about increased transparency in relation to professional liability law suits. In a survey of participants 76.6% of surveyed paramedics agreed with the statement that they ‘occasionally had one foot in prison’. Unintended consequences of such concerns could be a lack of willingness to take risky decisions which could risk lives. By highlighting a series of ambiguities arising in the coconstitution of technology and society, Ellebrecht and Kaufmann’s study sensitises the reader to the entanglement of social practice, societal values and technological potential. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 56 of 161 Ford, Stephens and Ford call for circumspect attention to a different set of unintended consequences in relation to organizational policies of banning mobile devices and their impact on crisis communication. They show that while some employees, especially knowledge workers, may be expected to carry mobile devices 24/7 to stay connected with their colleagues and managers, others are prohibited from using or even carrying their personal mobile devices. In crisis situations this can lead to severe communication difficulties. Ford, Stephens and Ford carried out focus group discussions with 46 participants from two very different organizations where such mobile device bans were in place and found many examples of lost information, disconnected and even forgotten workers, isolated and hard to locate. The employees of a fast food company and a company providing cleaning and janitorial services reported frequently missing critical information, for example about emergency drills. Their supervisors were so overwhelmed with the need to coordinate selective information flows that they missed informing some of their workers altogether, even in emergencies. In one situation, the distributed janitorial workforce was not informed of a severe weather event until all public transport had been suspended. While their supervisors, secretarial and managerial colleagues had been informed in a timely manner and were safely ensconced at home, cleaning crews and janitors were stranded and without means of communication. Apart from putting workers in discomfort or even danger, organizational policies and practices of banning mobile devices create experiences of inequality and relative deprivation, which are harmful to workers’ sense of well-being and justice. They can also undermine their loyalty to the company. Overall, the study reveals that there are complex digital inequalities and varying degrees of access to technology beyond socio-economic determinants that have a significant impact on crisis communication. Far from being a binary, mostly economically defined distinction between digital haves and have-nots and physical/economic access to technology, the digital divide can be a temporary, structurally defined, humiliating and unequally risk-laden experience. In their article ‘Ethical and Privacy Implications of the Use of Social Media During the Eyafjallajokull Eruption Crisis’, Watson and Finn broaden the focus on organizational policies on digital communications by examining information flows between corporations and their customers during the most severe global flight disruption since 9/11. With over 100,000 flights cancelled and 1.2 million passengers affected, the particle cloud generated by the Eyafjallajokull eruption in 2010 overwhelmed corporate and institutional call centres. Stranded and unable to find information through official channels, thousands of passengers, their colleagues, friends and family turned to social media. Through a study of two different forms of support for information exchange using social media, Watson and Finn highlight positive outcomes such as increased surge capacity and the mobilisation of social capital, but also explore problematic issues of inequality, exploitation and privacy infringement. The site ‘Stranded in Europe’ was created by an Ericson employee to support self-organised information exchange between travellers, combining SMS messaging and Facebook. This greatly broadened access to the service. Once travellers had found the service using the Internet, the site allowed them to seek and exchange information via SMS, without the need for an online connection. This enhanced individuals’ resilience by improving the prospect of gaining correct information from fellow travellers faster and more reliably than other sources allowed, and supported a creative response to the crisis. In some cases, information provided by people affected was also useful for professional emergency responders, reflecting a broader trend towards integrating social media information into crisis response efforts. In parallel, many umbrella organisations – such as the European Organisation for the Safety of Air Navigation – as well as individual airlines, travel agents and service providers offered corporate or institutional information services using social media, from Youtube to Twitter and Facebook. Many gained thousands of new followers and fans through these services within days, and they used these channels in three ways: as a broadcast medium, as a means for direct communication with customers, and as a means to Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 57 of 161 crowdsource information from customers. Watson and Finn highlight that this corporate turn to social media was highly effective, but also problematic in a number of ways. First, those unable to access digital technologies were ‘disproportionately impacted by their inability to gather information and communicate’ in the absence of appropriate levels of offline information services. Corporations and institutions sometimes provided online services instead of traditional services such as staff on the ground or in call centres. Second, the corporate practices created information asymmetries where those who were able to access online resources were often unaware that personal information they provided to gain support (name, age, location) could later be used or passed on to other operators to target advertising. Even if they did know, there often was no alternative source of information, eroding expectations of privacy and notions of consumer consent. Corporations also exploited consumer and public labour, effectively ‘outsourcing’ some aspects of their information services. Watson and Finn call for deeper critical reflection before social media are deployed in crisis response and management – be it through corporations or in the context of official efforts. They call for designers to be aware of opportunities and challenges as well as grassroots ‘social hack’ innovations such as the use of a #noshare hashtag to control the sharing of personal information, because greater sensitivity may avoid the need for costly retrofits on technologies designed without circumspection for ethical, legal and social issues. In the contribution by Rizza, Guimarães Pereira and Curvelo we see that debates on ethical, legal and social issues are often dominated by concerns over privacy and data protection. The authors challenge this overly narrow conception of ELSI with a study of “Do-it-yourself justice” following the 2011 Vancouver riots. As the Vancouver Canucks were losing against the Boston Bruins during the 2011 Stanley Cup, some groups watching the game on large screens in the city began to orchestrate riots that lasted for several hours, lighting fires and destroying cars and property in the centre of Vancouver. The public reacted angrily to the destruction and when Vancouver Police Department (VPD) issued a call for help in identifying rioters on different social media platforms, they reacted with great energy. This public support had the potential to enhance collaborative resilience, and images submitted or tagged by members of the public led to hundreds of convictions, but it also sparked attempts at vigilantism and ‘do-it-yourself justice’. This, in turn, sparked a lively and very critical debate within traditional media and Rizza, Guimarães Pereira and Curvelo use frame-analysis to identify key ethical, legal and social issues in public discourses articulated in the media. This analysis reflects potent imaginaries and fears circulating amongst the public, the emergency services and governing authorities. Rizza, Guimarães Pereira and Curvelo identify a range of such concerns, including a lack of legal regulation for the use of evidence generated by engaging citizens via social media in criminal investigations. The authenticity, completeness and reliability of the evidence could be seen as questionable in some cases and this should have affected its admissibility in court, but did not, in some cases. The media suggest that VPD were seduced by the potential of social media communication with the public, and acted without considering how they would deal with the results. This is framed as a matter of institutional unpreparedness and linked to the spread of unintended forms of do-it-yourself justice, and wider societal consequences such as a slide into an ‘unintended “do-it-yourself” society’ where mob behaviour and vigilantism are allowed to exacerbate oppressive tendencies within a surveillance society. Social media become ‘leaky containers’ in this maelstrom, mixing public and private, official and social in new ways and making criminal investigation part of social interactions. Citizens became empowered as surveillors of others and as judges of deviance in ways that spun out of control. By presenting an analysis of these challenges to justice, fairness, responsibility, accountability and integrity, Rizza, Guimarães Pereira and Curvelo scrutinize complex reverberations of using social media in crises and enable a critical engagement with wider societal implications of socio-technical Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 58 of 161 innovation in the relationship between the emergency services, legislative and judiciary governance and public engagement. Tapia and LaLone’s study ‘Crowdsourcing Investigations: Crowd Participation in Identifying the Bomb and Bomber from the Boston Marathon Bombing’ explores some of the issues raised by Rizza, Guimarães Pereira and Curvelo in greater depth as well as analysing how traditional media contributed to ethical dilemmas. Two years after the events in Vancouver, the social media response to the Boston Marathon – in part encouraged by the FBI, in part self organised through leading social media groups like Reddit and Anonymous – revealed that the frontier land of crowd participation in criminal investigations still teems with ethical, legal and social frictions. Within hours of the Boston Marathon bombing, which killed four people and injured 264 others, the FBI called for bystanders to share images and video of the bombing. Online groups also responded to the events, trying to position themselves as hubs for self-organised investigations and crowdsourcing of information and support for survivors. The activities of two such groups, Reddit and Anonymous played a part in ethical lines being crossed during the crowdsourced investigation. By using sentiment analysis of public responses to the activities of Reddit and Anonymous expressed in over 23 million tweets, Tapia and LaLone are in a position to trace these moments when lines of ethical acceptability were crossed. They show that Reddit, in particular, attracted intensely emotional reactions, understandable as a highly charged public response to the highly charged nature of the events. To begin with, the colour of this emotion was overwhelmingly positive, reflecting public support for activities such as organising pizza and water for survivors and the Boston Police Department, or helping loved ones to contact known survivors. It was also seen as positive that Reddit provided timely and accurate news about the events, outshining mainstream media such as CNN. However, this assessment shifted radically, when Reddit spearheaded news that falsely identified two people as suspects and posted images of them, especially tragically wrongly blaming Sunil Tripathi, a teenager who had gone missing from his home and who was later found to have committed suicide. Public sentiment condemned this with comments that expressed very negative evaluations of the ‘irresponsible amateur sleuthing’ that had been encouraged by the online group. Tapia and LaLone discuss how these and other ethically problematic activities, were exacerbated by a lack of interaction between the official investigation teams at Boston PD and the FBI and a lack of judgement and restraint from mainstream media. Long established national media treated the online sources like news agencies, accepting and broadcasting ‘news’, including statements about Sunil Tripathi without questioning. Tracing public engagement in criminal investigations historically, Tapia and Lalone draw links between printed ‘Wanted’ posters, televised appeals and crime reconstructions and the use of social media for involving the public in criminal investigations. The ‘remediations’ or transformations that are associated with technological affordances in this current round of innovations seem significant. The crowd is without the training or understanding of ethical and legal constraints that professionals have, but it is equipped with more power and reach, especially when amplified through mainstream media, and Tapia and LaLone call for a reassessment of practices of crowdsourcing investigations that could have significant real-world implications in situations that demand ‘socially responsible, careful, considered action’. The final paper in this special issue examines transformations of privacy engendered in the context of socio-technical innovation in IT supported crisis response and management, especially when it is connected into smart city technology. Büscher, Perng and Liegl question the common assumption that privacy and liberty must be sacrificed for security and explore design for privacy as an approach that can support people in finding a better balance between privacy and security. By identifying three key trends that underpin the informationalization of emergency response, they set the scene for a study of privacy as a lived practice of boundary Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 59 of 161 management. First, there is great technological potential for gathering, sharing and utilising more information about populations and environments affected by, or at risk of, crisis. Second, people produce more personal information than ever before, richly and dynamically documenting their lives and the world around them through mobile technologies and interactions online. Third, real and perceived increases in risk have generated a ‘culture of fear’ that can be leveraged to justify surveillance, increased information sharing and preventative measures. People’s capabilities to separate public and private have been transformed in this forcefield of innovative momentum and with this, democratic cornerstones of liberty, freedom, dignity and humanity have been worked loose. Current attempts to counterbalance this, for example through ‘privacy by design’, are inadequate. Privacy is not a binary state of either withdrawal into a sealed private sphere or transparent public exposure, but a practically achieved and contextual matter of far more diversified boundary management. What is to be made public or kept private changes depending on what role one is in and what dimensions of time and space are involved. Fire fighters may be willing to share intimate physiological data about their breathing with colleagues, they might need to manage disclosure of their precise location to other responders in the course of the unfolding response, and they might happily disclose such information in an anonymised form for future training simulations. New technologies and practices of their appropriation have turned documentary records of entire populations’ physiological data, movements, communications and social networks into indentifying personal information as precise as fingerprints. These new affordances make it difficult for people to control the spread and use of personal information, especially given the often silent and invisible operation of technologies that analyse such data. A range of challenges arise here around the spread of surveillance, social sorting, an erosion of civil liberties, and a securitization of everyday life. To respond proactively to these challenges and the transformations of people’s capacities to modulate privacy, Büscher, Perng and Liegl question the use of ‘privacy by design’ approaches, specifically their aim to ‘hardwire’ compliance with regulations into technologies. In the context of emergency response, where role improvisation, creativity and flexibility as well as clear discipline and procedures are essential aspects of effective practice, and where ‘emergent interoperability’ and ad-hoc assemblies of systems of systems are a powerful possibility, it seems more promising to focus on designing for material and social practices of privacy boundary management. Such human practice based approaches can respond more directly and more carefully to the opportunities and challenges inherent in the positively and negatively disruptive innovation that shapes the future of crisis response and management. These concrete explorations can help us understand better how ethics is distributed between people, technology, and the economic, social and cultural environment. Core questions for analysts, designers and practitioners involved in IT innovation in crisis response and management are how does technology become ethically problematic or “good”? and how might we control this? when ‘the multistable nature of artefacts means that they may become used in ways never anticipated by the designers or originators’ (Introna 2007:16). Furthermore, in many societies, ethics has become pluralized, and ethical values are relative and subject to dynamic processes of change and negotiation over time. Such change should be the subject of open democratic debate (Rawls, 1971; Habermas, 1996) and for that to happen, ethical issues have to be noticed and turn from matters of fact, that is, accepted, unnoticed, taken for granted, common-sense facts of life, into ‘matters of concern’, that is, interrogated, dissected, contested objects of critique (Latour, 2005). Another key question for an ethically circumspect approach to IT innovation in information societies therefore is how to make ethical opportunities, challenges and risks public? and how to engage and include (which?) stakeholders? Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 60 of 161 Unless technology is analysed and made as one element within a nexus of values, practices and ‘environmental’ conditions, unintended consequences are likely to be hard to notice and know in sufficient detail soon enough, to anticipate, mitigate or avoid. Introna and Wood argue that: the politics of technology is more than the politics of this or that artefact. … we cannot with any degree of certainty separate the purely social from the purely technical, cause from effect, designer from user, winners from losers, and so on. (2004, 179) A range of methodologies exist that respond to these challenges, including responsible research and innovation (Von Schomberg, 2013), collective experimentation (Wynne & Felt, 2007), disclosive ethics (Introna 2007), value sensitive design (Friedman, Kahn & Boring, 2006), corealization (Hartswood, Procter, Slack, Voß, Buscher, Rouncefield, & Rouchy, 2002) and ‘design after design’ (Ehn, 2008). We will briefly discuss these in relation to a roadmap of future work that concludes this introduction. However, before we do so, it is necessary to acknowledge that the ‘multistable’ nature of technologies does not mean that they can be used in any which way users deem appropriate. Technology is not neutral nor endlessly malleable. It actively enacts and shapes morality. 4.3 Disclosive Ethics By summarising an exemplary disclosive ethics enquiry into technological moral effects we can sharpen ELSI awareness to the fluid morality and politics of IT innovation in crisis response and management, a domain where morality matters perhaps more than anywhere else, because crises can set precedents that may seep into normality with far-reaching consequences. The BRIDGE project’s middleware enables flexible incorporation of a wide range of technologies, including facial recognition technologies. Since 9/11 there has been an increase in investment in face recognition systems (Introna and Wood 2004, Gallagher 2013), they are used ever more extensively in crisis management and response, making them a useful site for analysis. Non-European nations are leading the way. The multi-agency preventative crisis management efforts at the 2014 world cup in Brazil leveraged facial recognition to analyse footage from mobile cameras worn by police officers to anticipate and prevent security incidents, including hooliganism and terrorism (Figure 9). Efforts are also underway to integrate facial recognition into UAV and analytical capacities such as those provided by the BRIDGE Advanced Situation Awareness system into crisis management and response. In a comprehensive report on Privacy, data protection and ethical risks in civil RPAS operations, Finn et al 2014 state Amongst the non-visual payloads that can be mounted on RPAS, biometric (facial recognition, fingerprint, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent) and “behaviometric” sensors are the most likely to damage the right to privacy. (p.37) Our research with emergency responders shows that the potential of integrating these capacities is seen as valuable. At the Border Security and Search and Rescue conference in 2014, for example, one exhibitor showed data analytics technologies for visual data of people moving near borders collected with UAV (ACRITAS http://www.acritas.gr). Similar examples are discussed in the literature, including efforts by ‘Frontex and several southern EU member states’ who have deployed such technologies ‘to combat cross-border crime and illegal migration or to save migrants´ lives’ (Krajcikova 2014). Individuals can be identified from video footage collected by drones, as researchers at CyLab have shown. They developed drone technology that can capture images suitable for facial recognition that could help embed criminal investigations into the immediate response efforts (Figure 10, Klontz 2013, Conte 2013). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 61 of 161 Figure 9 Facial Recognition integrated into police cameras at 2014 Brazil World Cup. Source: Youtube https://www.youtube.com/watch?v=w9VNH0unQeE Figure 10 Potential of facial recognition in the Boston Marathon Shooting The drone is trained to hover in a position that captures a full face image. Source: Klontz and Jain 2013 and Conte 2013. BRIDGE makes it possible to integrate feeds from such cameras as well as results from facial recognition analysis into system of systems, display results on the Master and dispatch resources Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 62 of 161 to support multi-agency crisis management and response. Whilst this opens up highly promising opportunities for more richly informed and dynamic risk analysis, situation awareness, and investigation it also raises a number of concerns. Reflecting on Cylab’s work on the Boston Marathon, Conte (2013) suggests that ‘adding that capability to drones … means that people will give up privacy as well as the concept of anonymity’. The fact that after the World Cup in Brazil, some of the temporary measures installed for preventative crisis management became permanent features, highlights how advances made in response to the extreme circumstances of imminent or actual crisis can spill over into normality. Operators initially justified their use on the exceptional needs for security at the World-Cup which attracted vast audiences, including 20,000 British fans. However, Toohey and Taylor (2014) highlight that such augmentation and ‘retrofitting’ of existing security technologies is now leading ‘to ongoing surveillance of the general public, raising questions regarding individuals’ rights and civil liberties in Brazil, a scenario that could foreshadow developments in Europe. Apart from challenges around privacy, this raises concerns over discrimination and accuracy (Finn and Wright 2012). Given the potential for integrating facial recognition into BRIDGE systems of systems, the BRIDGE project directly benefitted from an analysis of ethical issues arising around facial recognition. However, facial recognition highlights a need for ‘disclosive ethics’ or an ongoing ethical impact assessment embedded in socio-technical innovation. This is elaborated below. Facial recognition compares images of the faces of people captured by video or still cameras with a database of images of faces. The functionality is threefold: Verification: Are you who you say you are? Identification: Who are you? Watch list comparison: Are we looking for you? (Phillips, Grother, Michaels, Blackburn, Elham & Bone 2003:6) The system presents matches to human operators and, when watchlist monitoring, it can highlight matches to persons who are wanted - ‘bad guys’ in a sketch by Phillips et al (2003). For crisis management and emergency response, Facial Recognition Systems have been used for preventive policing to avert crises. For example, during the London 2012 Olympics, the already famed London CCTV infrastructure was extended with facial recognition software and London became ‘the most watched Olympic Games in modern history, but not just in the traditional sense of sporting spectators’ (Army Technology, 2012). The US Department of Homeland Security is currently testing Face Recognition Systems with audiences and volunteers at mega sports events. This interest is based on expectations that such systems may be useful in the emergency response phase, for example to identify perpetrators during or in the immediate aftermath of violent attacks or for victim identification (Gevaert & de With, 2013). In an experiment, researchers at Michigan State University were able to identify one of the Boston Marathon bombing suspects from law enforcement video (Klontz & Jain, 2013, although see Gallagher 2013 for a discussion on how facial recognition failed in this instance). Advantages of such systems over human face recognition practices are the number of faces that can be processed in this way, and the impartial, tireless and consistent application of procedures. Indeed, face recognition is often hailed as less biased than humans. Introna and Wood cite statements not only from manufacturers and vendors, but also from prominent security forums, such as ‘Face recognition is completely oblivious to differences in appearance as a result of race or gender differences’ (2004:191). In light of concerns over social sorting and discrimination especially against Muslim populations in security measures (Vertigans 2010) such promises are powerful incentives for ethically and socially responsible innovation champions. However, closer inspection actually reveals bias to be an integral part of the technology. A 2002 Face Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 63 of 161 Recognition Vendor Test of the most powerful algorithms found, for example, that males were 6-9% points more likely to be identified than females (Phillips, cited in Introna and Wood 2004:190). Givens, Beveridge, Draper, & Bolme (2003) also find racial and age bias. Their experiments show that Asians are easier [to recognize] than whites, African-Americans are easier than whites, other race members are easier than whites, old people are easier than young people (cited in Introna and Wood 2004:190) This bias is not due to any intentionally built in weighting; it is accidental: A function of the absence of strong shadows on male faces as well as darker and older faces, the nature of images and their processing by this face recognition system. The problem is that being easier to recognize also makes being classed as a false positive and being exposed to investigations more likely. Thus, rather than being neutral, some Face Recognition Systems can (unintentionally) amplify political, cultural, and institutional forms of discrimination. At this juncture it becomes clear that morality is not purely human but effected by collectives of humans, technologies, and socio-economic and political circumstances, ‘what Foucault called dispositifs’ (Latour, in Introna 2007:13), and technology can can play an active part in its own right if it is not designed with careful attention to unintended consequences. There is, in this example, no clearly identifiable single human or technological responsible agency for morally problematic effects of discrimination: ‘there is often nobody there that “authored” it as such’ (ibid), rather, there can be a Kafkaesque culmination of indifference, error, abuse, lack of transparency and accountability (Solove 2001) that leads into moral dilemmas. A lack of transparency is particularly critical. Disclosive ethics is a methodology that seeks to enable analysis of how seemingly trivial details (such as the capacity of optical mechanisms to process the light-reflective quality of different types of skins) can turn into politics and become tied to, and amplified through other exclusionary practices (such as political and cultural prejudice stoked by a rhetoric of a ‘war on terror’), so that ‘what seems to be a rather trivial injustice soon may multiply into what may seem to be a coherent and intentional strategy of exclusion’ (Introna & Wood 2004:179). The method proceeds by showing that many digital technologies are silent as opposed to salient technologies and opaque as opposed to transparent (Introna & Wood, 2004:183) (Figure 11). Silent technology Salient technology Embedded/hidden Passive in its operation (limited user involvement) Application flexibility (open ended) Obscure (form/operation/outcome) Mobile (software) On the ‘surface’/conspicuous Active in its operation (fair user involvement Application stability (firm) Transparent (form/operation/outcome) Located (hardware) Figure 11 Silent/Salient Technology (Introna &Wood 2004:183) Facial recognition is a particularly striking example of a silent technology since it can be imbedded into existing CCTV networks, making its operation hard to notice. Furthermore, it is passive in its operation. It requires no participation or consent from its targets. The process is Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 64 of 161 obscure, ‘non-intrusive, context-free’, based on software algorithms that are proprietary, making it difficult to get access to them for inspection and scrutiny. Moreover, these algorithms are so complex that even experts can struggle to interpret and understand them. As a result, ‘for most ordinary members of society, facial recognition systems are an obscure “black box”’ (Introna & Wood 2004:183). The lesson from this example of disclosive ethics is that morality is not simply human. Agency, intentionality and ethics are distributed within socio-technical systems, and it is the particular way of ‘working together’ that makes a certain collective or network of humans, environments and technologies have (un-)intended, potentially undesirable ethical effects. It would, therefore, be short-sighted to think of technology as neutral, and to look for the ethics of action solely in the way people use technology. Technology can be employed with benign intention, yet turn out to have ethically, legally or socially undesirable effects. It is critical that the fact that just this technology in just these circumstances produces discriminatory effects should be notice-able and it should be possible for this effect to be made into a matter of concern. This is in no way a technology deterministic reading, where we claim that technology is a ‘culprit’. Quite the opposite, even though it is not so in this case, it could just as well be the technology that is correcting human bias (Latour & Venn, 2002). The consequence however has to be that efforts are made to ‘subject [technological] artefacts to the same level of scrutiny’ (Introna & Wood 2004: 195) as humans and to find approaches (in best practice, legal regulation and design) to ensure the scrutinizability socio-technical collectives, especially in ethically highly charged areas such as security or emergency response. 4.4 Doing IT More Carefully: Future Work In the different, but related context of designing ‘solutions’ to address ecological crisis, Bruno Latour argues ‘We have to be radically careful, or carefully radical.’ (Latour, 2008, 7). Supporting awareness of ELSI and practices of addressing them in IT supported crisis response and management is another extremely complex challenge, in a highly sensitive and important domain for contemporary societies, and we would say we need to be both: radically careful and carefully radical. Analysts, designers, and practitioners must not only take responsibility for (the inevitability of) unintended consequences with careful circumspection, they must also formulate and pursue ambitious, perhaps radical socio-technical critique and creativity. The contributions to this special issue and the discussion in this introduction map out a large terrain for research and design, with some areas uncharted and others skillfully cultivated, but isolated from each other. In this concluding section we suggest a roadmap for research to develop studies that explore the unknown and connect research in different subject areas and disciplines (ethics, law, practice, social science, philosophy, anthropology, organizational studies, design, computing), all with a view to informing more careful and circumspect, yet also ambitious and ‘radical’ ELSI aware socio-technical innovation. First of all, research is needed that explores existing ethical, legal and social issues in emergency response and management with a view to how technologies might be designed and constructively inserted to address opportunities and challenges. Campbell’s Library of Essays on Emergency, Ethics, Law and Policy (2012), reflective practitioner reports (such as Larkin’s review of the international Haiti response 2010), post disaster reviews, or investigations into specific challenges, such as Weick’s seminal study of the failure of leadership and sense-making in the Mann Gulch Disaster (1993), Cole’s analysis of interoperability (2010) or the UK government’s advice on data sharing in emergencies (Armstrong, Ashton & Thomas, 2007) can serve as a quarry for inspiration, but there is a need for more concrete and rich narratives and descriptions of ethical, legal and social issues as they are encountered in practice. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 65 of 161 Secondly, more studies are needed of how the design and appropriation of new technologies generate known and ‘new’ ELSI – such as a preference for ‘remote control’. They should explore how these might be addressed through innovative engineering and design as well as innovative use and organizational policies. Thirdly, a large range of methodologies exists for noticing ELSI and for folding critical and creative ELSI awareness into innovation. They currently exist in isolated pockets and include different approaches that can sensitize researchers, designers and practitioners to ELSI and different design methodologies. Sensitizing approaches are, for example: Privacy Impact Assessment and Ethical Impact Assessment – designed to be embedded in innovation processes, based on iteratively probing for ELSI through systematic questioning of stakeholders about the use and design of technologies (Wright 2011). Value Sensitive Design - a theoretically grounded approach to integrating concern for human values in a principled and comprehensive manner throughout the design process, based on a tripartite methodology, consisting of conceptual, empirical, and technical investigations (Friedman et al, 2006). Computer Supported Cooperative Work – an interdisciplinary research field that integrates insights from in-depth qualitative studies of collaborative work, often using ethnographic methods into the design of computer systems (Schmidt & Bannon, 1992, Suchmann, [1987] 2007) Science and technology studies – a prolific, philosophically and sociologically oriented interdisciplinary endeavour to understand the dynamic relationship between science, technology, society and human practice (Bijker & Law, 1992) Responsible Research and Innovation (RRI) - a guiding concept for European funded research, technology development and management, aiming to ‘‘better align both the process and outcomes of R&I, with the values, needs and expectations of European society.’’ (European Commission 2014, Von Schomberg, 2013). Software Studies – a relatively new field, where researchers explore how algorithms and computational logic function and ‘leak out’ of the domain of computing into everyday life and examine ‘the judgements of value and aesthetics that are built into computing’, and the subcultures and politics of programming (Fuller, 2008). Methods of designing in an ELSI aware manner include Privacy by Design – an approach with several meanings and origins, specifically focused on preserving privacy (Cavoukian, 2001; Langheinrich, 2001). Firstly, privacy by design is about heightening sensitivity to privacy issues during design. Secondly, it can be about enforcing compliance with privacy regulations through hard wiring constraints on practices into design with privacy enhancing technologies (PETs). Existing examples include privacy policy inspection, access control restriction, and pseudonymisation tools (Pearson, 2009). Collaborative design (Co-Design) – a form of participatory design (PD), and broadly motivated approach to address ethical and social aspects of IT innovation, focused on utilising diverse forms of expertise through engaging stakeholders as co-designers from the earliest stages of design. The process is iterative and based around prototypes (Greenbaum & Kyng, 1991). Co-realization – develops ideas of Co-Design through a synthesis of ethnomethodology (a particular form of sociological enquiry) and PD. It moves the locus of design and development activities into workplace settings where technologies will be used, emphasises design-in-use and longitudinal involvement of IT professionals in the ‘lived work’ of users (Hartswood et al. 2002). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 66 of 161 Critical design, also know as ‘design noir’ (Dunne & Raby 2001) or ‘speculative design’ (Sengers and Gaver 2006) straddles into art and philosophy as it seeks to provoke and enable critical engagement. It creatively and critically explores putative futures entailed in contemporary technological developments, often by creating objects that are obliquely functional but also absurd or shocking. Service design – a relatively new approach, focused on designing ‘services’ – assemblages of human, technological, architectural, organizational components (Meroni & Sangiorgi, 2011). Collective experimentation – a ‘new regime’ of technoscientific innovation, characterised by experimental implementation of new technologies in the context of broad-based stakeholder engagement. It requires new approaches to intellectual property rights to ensure viability (such as Open Source Software, General Public Licence (GPL or copyleft) and ‘new forms of interaction between scientists and other actors, … because the traditional authority of laboratory-based science is not sufficient’ (Wynne & Felt, 2007, 27). Design for design – an approach that recognises that design does not end at ‘design time’. People appropriate technologies in a way that constitutes ‘design in use’. This is often ill supported by silent technologies and blackboxing. ‘Design for design’ seeks to support people in developing the skill and understanding needed to be creative with technology as well as knowing about the effects of using technologies in particular ways (Ehn, 2008, see also work discussed in Büscher, Perng & Liegl, 2015) There are overlaps, synergies, as well as incompatibilities between these approaches and there are no doubt more relevant approaches than those listed here. What a list like this makes plain, however, is that overviews, review essays and handbooks are needed that draw together the best from these different methods, prevent researchers, designers and practitioners from re-inventing the wheel and enabling them to develop synergies, to make the work cumulative, not isolated. Reviews should aim to support mixed methods – not standardisation. In addition, reflective analyses of successful attempts and troublesome trajectories in employing these methods would be useful, especially if they are not focused not on the methods for methods’ sake, but the aims, practices and outcomes of responsible research and innovation. Finally, we need studies that review and discuss the state of the art in ELSI innovation in IT as well as law, policy and organizational practice, for example privacy preserving techniques that can support multi-agency information sharing (see Büscher, Perng and Liegl, 2015), usage and image retention restrictions and public notice obligations for the use of RPAS and innovative ways of supporting accountable data flows (Cavoukian, 2012, Bracken-Roche, Lyon, Mansour, Molnar, Saulnier & Thompson, 2014), clarification of liabilities emergency agencies may incur when using automation and remote controlled devices (Holloway, Knight, & McDermid, 2014) or utilising citizen data (Bailey Smith 2014). What regulatory instruments, technologies, social or organizational innovations could support more responsible and circumspect emergency response and management? What exists? How does it work? How could it be used? What is missing? Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 67 of 161 5 Co-Designing for ELSI-aware Innovation This chapter provides an assessment of the current interest in ethical, legal and social implications of research policy and funding (in the EU) and provides a review of existing approaches in design and technology development that take value implications of socio-technical systems into account. Building on this review it offers suggestions of how to organize design processes in an inclusive, democratic, participatory way that allows exploration of ELSI in socio-technical innovations and for folding such considerations into the design and development process. We introduce the approach we used in the BRIDGE project as ELSI Co-Design. Introduction This chapter outlines the theoretical and methodological underpinnings of the ELSI co-design approach used in the BRIDGE project. A concern for the ethical, social and legal impacts (ELSI) of technological innovation and how to democratically address these has long been a subject of study across a range of disciplines. It is also becoming increasingly prominent in EU funding requirements for research. However, there is no one size fits all approach for exploring the ELSI impacts of socio-technical innovations or for responding to such considerations through design and development processes. Likewise, while there are calls for ‘improved cooperation between science and society through ethical screening of the developed solutions’ (European Commission, 2014b) there is little guidance on how this might happen in practice or who should be involved. Such issues and how to address them become even more challenging in projects such as the BRIDGE project, involving large scale system of system innovations in IT supported emergency response. Such a project raises many challenges such as co-ordinating between multiple stakeholders and work packages operating across different cultural and political contexts. But it also raises challenges from the perspective that addressing ELSI is not a one off endeavour, it cannot be captured and resolved at a single point in time. In a research and design context, the exploration of such impacts and design efforts go hand in hand. However, not in a linear fashion where research is translated into design, but rather in an iterative fashion where design is research, and where it is by using prototypes that such issues emerge. In the spirit of agile software development we argue that as much as systems requirements cannot be fully formulated at design time—because design always reveals or even calls forth new usage and therewith new requirements—the same is true for ELSI. ELSI emerge at the meeting point of several entities: technologies, human practices, bodies of knowledge such as ethics and law, organisational structures, cultures and boundaries, expertise in emergency planning and response. In these socio-technical contextures agency and effects arise that are neither additive, nor could be assessed using cross tabulation. Rather, they are emergent and situated, and their study requires collaboration between various stakeholders: designers, domain experts, directly and indirectly affected people, social science researchers. Such collaboration needs to take place in different environments from laboratory settings to real world experiments where issues can reveal themselves in a safe, but as realistic as possible manner. As such, a key question for the BRIDGE Project is how to make as yet unknown, emerging ethical, legal and social issues tangible? What methods might we use for ‘opening up’ these issues to develop more ‘careful, appropriate, responsible’ innovation in this field, and who should be included? Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 68 of 161 The last 30 years or so have seen significant attempts to develop approaches for more ethically sensitive IT innovation in a number of areas. PD approaches, for example, originated in the automation era in manufacturing in the 1970s and 80s (Greenbaum & Kyng, 1991) but have since spread to many other areas (including emergency response (Büscher et al., 2007; Kristensen, Kyng, & Palen, 2006). Engaged science and technology studies have long had an interest in shaping advances in science and technology more democratically (Sismondo, 2008) and call for ‘collective experimentation’ with science and technology to help societies in ‘taking the European knowledge society seriously’ (Felt et al, 2007). Recent policy developments in the EU have begun to educate citizens to take more responsibility in understanding computation and coding (Joint Informatics Europe & ACM Europe Working Group on Informatics Education, 2013). At the same time, ‘design thinking’ approaches have broadened design as a necessarily collective, interdisciplinary, iterative and experimental activity, ‘aimed at changing existing situations into preferred ones’ (Simonsen & Hertzum, 2008; Simon 1969, 55) by positioning designers as facilitators in comprehensive socio-technical change processes. These approaches resonate with regulatory attempts to integrate privacy and ethical impact assessment (De Heert, Kloza, & Wright, 2012; David Wright, 2011) and legal risk analysis (Wahlgren, 2013) into IT innovation, as they seek to proactively understand and guide change by anticipating emergent intended and unintended consequences of innovation. They also chime with more recent attempts to formulate practices of responsible research and innovation with and for society (Von Schomberg, 2013). In the first half of this chapter we outline the context and trend towards a concern for ethical, social and legal issues within EU research. We then explore some of the key designerly, regulatory and other approaches that have provided theoretical or methodological tools for the BRIDGE project. In the second half of the chapter we introduce and describe the approach and methods we have developed. The BRIDGE project is one of the first projects to explicitly bring designerly and regulatory perspectives on ELSI together. Against the backdrop of the previous chapters, it is not surprising that such synergy is created at the interface of emergency response and IT– an ethically, legally and socially challenging area, where information, communication and collaboration practices are a frequent focus of calls for improvement. In this chapter, we argue that methodologies of doing responsible innovation and of regulating innovation in IT supported emergency response are an integral part of ethically, legally and socially sound futures in this domain. In other words, methodologies of innovation are not a mere means to the end of achieving preferred futures in a linear pursuit of ‘progress’ from past through present to future. They are integral to a process of managing and facilitating societal change (Figure 12). Figure 12 Design as a Driver for Responsible Societal Innovation Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 69 of 161 In this endeavour, design methodologies are not merely instrumental but also inventive and constructive (Lury & Wakeford, 2012; Schmidt & Bannon, 1992), and design could be seen to be about placing groups of stakeholders and experts in the best possible position to configure preferred situations, to exploit positive unintended consequences and to manage negative unintended consequences. The chapter concludes with a discussion of the contributions that a consideration of ethical, legal and social issues specific to IT use in large-scale multi-agency emergency response can bring to designerly and regulatory practices. 5.1 Research & Ethics The concern for research ethics and the ethical implications of technological innovation is playing an ever more prominent role in current EU funding policies for research and development projects (European Commission, 2014c). Increasingly, not only legal implications but also ethical and social/societal issues are highlighted in relation to the technology, often formulated as “ethical implications and societal acceptance” (European Commission, 2014b) (p.11). Calls to address such implications proactively and responsibly feature strongly in calls for grant proposals, reflecting a growing awareness of the importance of such issues. Horizon 2020 is the European Union’s framework for research and innovation funding for the years 2014-2020, and in comparison to its predecessor, FP7 (the 7th framework) it combines formerly separate innovation (CIP) and research (FP) programmes (European Commission, 2014a). Among its various programme sections, the section on “Societal Challenges” is allocated 38.7% of the funding volume, addressing issues such as: Health, demographic change and wellbeing Food security, sustainable agriculture, marine and maritime and inland water research and bioeconomy Secure, clean and efficient energy Smart, green and integrated transport Climate action, environment, resource efficiency and raw materials Europe in a changing world - inclusive, innovative and reflective societies Secure societies – Protecting freedom and security of Europe and its citizens In part building on research from the FP7 Programmes for 2007-2013, the combination of research and innovation in Horizon 2020 tries to foster application of knowledge in solving specified challenges. Along with the aim for societal impact comes a concern about ELSI. The program states: Ethics is given the highest priority in EU funded research: all the activities carried out under Horizon 2020 must comply with ethical principles and relevant national, EU and international legislation” (http://ec.europa.eu/). In fact, in section 14, Secure societies – Protecting freedom and security of Europe and its citizens, each of the calls includes the requirement of ‘improved cooperation between science and society through ethical screening of the developed solutions’ (European Commission, 2014b, p.12). Throughout the individual calls, ethics is hinted at as ‘fundamental rights protection ethical and societal impacts’, ‘underlying social, cultural, legal and ethical dimensions’ (ibid p.65). Yet, despite this new prominence, and unlike ‘research ethics’ which has fairly established methods and manuals, ethics of technology is still in its infancy. Whilst there are extensive formulations of the research ethics aspects of projects (detailing concerns about not harming the Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 70 of 161 research subjects, and protecting their personal data and privacy etc.), when it comes to analysing ELSI impact of socio-technical innovations, the calls become rather thin both methodologically and in terms of specified content. Likewise, while being the main target of such concerns, “citizens” often play a rather passive role, restricted to an agency of ‘acceptance’ in the development and implementation of technical solutions. They feature as entities ‘to be treated appropriately’, rather than agents participating in the design (see, e.g. (Boucher, 2014)). We propose that the inclusion of ethical consideration in EU funding requirements requires a systematic inquiry into what such accounting for ethical and societal implications might mean in the first place let alone how “to innovate in ethically better ways”. As such, there is a need to explore and develop methodologies and heuristics for analysing ELSI implications of technological innovation. One of the lessons learned from technological failures is that systems that work, tend to be the outcome of an ongoing process of negotiation, exploration, surprise and tinkering, which needs to be done in situ and hand in hand with end-users and other stakeholders. We propose that ethical explorations form an integral part of PD and not only help to make better technology, but to make technology-in-use better. Yet what ethical and societal implications are, and how to define ‘better’ is also a challenge for collective negotiation. 5.2 Designerly Approaches to IT Innovation Over the past three or four decades there have been a number of different approaches for noticing and folding ELSI awareness into innovation. These approaches have had varying degrees and forms of stakeholder involvement and have been driven by a variety of motivations including efficiency, politics, ethics and group-dynamics amongst others. Many of these perspectives developed in parallel, sometimes engaging with each other, sometimes in silos unknown to each other. Their roots are often much deeper, but it is beyond the scope of this chapter to discuss these in detail. Of the many approaches developed, in this section we outline those that we think have the most to offer in terms of disclosing ethical and societal implications of design. 5.2.1 User-Centred, Participatory and Co-Design User-Centred Design (UCD) arose in the 1980s and represents both a philosophy as well as a broad spectrum of user-orientated design methods, in which the needs of the ‘user’ are central to the design process. UCD is widespread within IT innovation but includes varying conceptions of the ‘user’ from a passive, decontextualized, ‘component’, to an active, knowledgeable and engaged user that is central to the design process (Keinonen, 2008). Traditions within usercentred design include user informed design, where designers develop solutions in an iterative process based on the knowledge gained from observing and interviewing domain experts (Seaman, 1999); and technology centred design where technology is enhanced through the input and active participation of lead users. The evolution of this field has involved a number of trends including a move from seeing ‘design’ as occurring separately from users and sites of use to an understanding of ‘design in use’ (Henderson & Kyng, 1991), and a move from focusing on individual users, tasks and testing to the broader organisational objectives and worlds of users and teams. The emergence of ‘systems of systems’, ubiquitous and mobile computing have also shifted design concerns from users in a ‘workplace’ to a broader concern for users in public spaces, public services and homes, including issues of public safety and security (Asaro, 2000). ISO 9241-210 (ISO, 2015) outlines principles of ‘human centred design in interactive systems development’, including: The design is based on an explicit understanding of users, tasks and environments Users are involved throughout the design and development Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 71 of 161 The design is driven and refined by user-centred evaluation The process is iterative The design addresses the whole user experience The design team includes multi-disciplinary skills and perspectives. By focusing on the needs of users, it is argued that a human-centred approach enhances ‘effectiveness and efficiency, improves human well-being, user satisfaction, accessibility and sustainability; and counteracts possible adverse effects of use on human health, safety and performance’ (ISO, 2015). However a critique of user-centred design is that it can assume that the beneficiaries of the system (or those at stake) are only those individuals ‘using’ the system. Participatory Design (PD) Developing separately to User-Centred design, the basic principles of PD were shaped in the struggles between workers and managers during the 1970s era of rationalization in manufacturing. During this time, new information technologies introduced into workplaces were hailed as efficiency improvement tools by managers, but were resisted as deskilling and - worse – labour replacing by the workers. Of course both hopes and fears were naïve and the reality much more complex and transformative, and the nature of work, markets, and economic systems changed (Lash & Urry, 1994). PD approaches sought to mediate such transformations with ethical and political intentions from the outset (Forester & Morrison, 1990) by involving ‘the direct participation of those whose (working) lives will change as a consequence’ of the new technology (Törpel, Voss, Hartswood, & Procter, 2009). The work of Nygaard and associates (Nygaard, 1979) is an example of early attempts within Scandanavia to involve researchers and trade unions in exploring the impacts of new technology and in strategies to ensure union and worker’s rights. However over time the focus of PD has also developed: The main ideas of the first projects, to support democratization of the design process, was complemented by the idea of designing tools and environments for skilled work and good-quality products and services’ (Ehn 1993: 56-57 in Kensing and Blomberg 1998:171). (Kensing & Blomberg, 1998) As such, PD is now a diverse field with a wide range of approaches and different theoretical and political underpinnings. This includes political concerns for democracy but also pragmatic arguments that including the experience and expertise of workers will improve the quality and appropriateness of the technology (Törpel et al., 2009). Moreover, theoretically and philosophically rich insights and arguments have informed the field from the outset, with the notion of ‘ontological design’ (Winograd & Flores, 1987) furnishing a productive conceptual framing. The concept revealed that conceptual ‘separations between human action, tools and the worlds in which they exist’ were misconceived (Kimbell, 2013), and suggested that design should intervene at a much broader ontological socio-technical level, recognising that technologies play an important role in defining what it means to be human. This has most recently been formulated with the somewhat unwieldy concept of ‘thing’ design, where the etymology of the word in descriptions of historical political assemblies in the Scandinavian ‘Ting’ is used to highlight the entanglement of the social, technical, ethical and political. Co-Design and Co-Creation While participatory approaches take into account users’ needs, opinions, practices and habits for the design process, there are vastly differing ways in which this is done. In an interesting paper titled “Co-creation and the new landscapes of design,” Sanders & Stappers (Sanders & Stappers, 2008) map the imaginaries, time-phases (rhythms) and architectures (scenarios) of the various approaches to what has more recently been termed ‘co-design’. Here they map who gets to Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 72 of 161 participate in the process, and in what capacity. They identify three groups of participants— designers, researchers and users— and categorize the approaches by distribution of leadership between design and research and to what degree users are active partners or passive subjects. Figure 13 The current landscape of human-centered design research. Source: (Sanders & Stappers, 2008). They reveal two large clusters, where ‘user-centered design’ is research (expert) driven with the notion of the researcher as translator and ‘participatory design research’ where the researcher plays the role of facilitator and all participants share and generate (design) tools. Besides the activity level and role in the design process, they also map different spatio-temporal arrangements of these approaches. The first approach (classical) includes the user in the beginning of the design process, where ideally ethnographic domain analysis knowledge is gathered about how practices are organised, and “what the user(s) need”. The researcher writes up her findings and translates them into user needs and with the help of the designer into (technical) requirements. In co-design however rather than different participants coming in at different stages (and settings/places), all participants are synchronously assembled around the table, sharing experience, tools, and ideas, and merging their respective roles to a certain extent. Figure 14 Classical roles of users, researchers, and designers & Co-Design Roles in the design process (on the left) and how they are merging in the co-designing process (on the right) (Sanders & Stappers, 2008). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 73 of 161 Another aspect Sanders & Stappers mention is a change of time-structure or a shift in emphasis to different stages of the design process, where lately “designers have been moving increasingly closer to the future users of what they design” (p.5). They see a ‘growing emphasis on the front end’ of the design process, the explorative phase characterized by open-ended questions, ‘ambiguity and chaotic nature’: In the fuzzy front end, it is often not known whether the deliverable of the design process will be a product, a service, an interface, a building, etc. Considerations of many natures come together in this increasingly critical phase, e.g., understanding of users and contexts of use, exploration and selection of technological opportunities such as new materials and information technologies, etc. (Stappers, 2006). The goal of the explorations in the front end is to determine what is to be designed and sometimes what should not be designed and manufactured. The fuzzy front end is followed by the traditional design process where the resulting ideas for product, service, interface, etc. are developed first into concepts, and then into prototypes that are refined on the basis of the feedback of future users (Sanders & Stappers, 2008:7). Figure 15 Visualising the Co-Design Process The front end of the design process has been growing as designers move closer to the future users of what they design. (Sanders & Stappers, 2008) But it also follows that the front end phase is elongated and the participation of users ongoing throughout the design process. Where they are included as partners the roles get mixed up: ... the person who will eventually be served through the design process is given the position of ‘expert of his/her experience’, and plays a large role in knowledge development, idea generation and concept development. In generating insights, the researcher supports the ‘expert of his/her experience’ by providing tools for ideation and expression. The designer and the researcher collaborate on the tools for ideation because design skills are very important in the development of the tools (Sanders & Stappers, 2008 p.12). Users can become part of the design team as ‘expert of their experiences’ (Visser, Stappers, van der Lugt, & Sanders, 2005), but in order for them to take on this role, they must be given appropriate tools for expressing themselves. For this, researchers still have a role to play. Sanders and Stappers outline that researchers need to learn how to: lead people who are on the ‘doing’ level of creativity, guide those who are at the ‘adapting’ level, Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 74 of 161 provide scaffolds that support and serve peoples’ need for creative expression at the ‘making’ level, and offer a clean slate for those at the ‘creating’ level. (Sanders & Stappers, 2008 p.14, emphasis in original). The notion of giving users appropriate tools for expressing themselves in the context of designing (technological) futures rings true especially for the ethical and societal implications. Design allows for modelling and imagining and building scenarios for futures, thus helping to have richer and more informed discussions and negotiations about the very things we want. In a way, in ethical and societal informed co-design, the fuzzy front end of design goes all the way. 5.2.2 Computer Supported Cooperative Work Participatory approaches within ICT systems design have also made connections with and been influenced by Computer Supported Cooperative Work (CSCW), an interdisciplinary field of study that developed during the 1980s, principally with the interest of designing computer-based technology to support cooperative group work. It arose as scholars from different disciplines, including computer science, sociology, and anthropology became aware of the complex challenges inherent in designing for ‘cooperative work’ (Grudin, 2008; Schmidt & Bannon, 1992). Cooperative work in this context is not social in the sense of being a friendly, convivial endeavour, but in a systemic sense of ‘multiple persons working together to produce a product or service’ (Schmidt and Bannon, 1992). In this sense, even the work of an individual expert poring over evidence from an incident site in the seclusion of her office is social, because her work is embedded in, and contributes to a larger whole, and is (hopefully) informed by the logic of the overall task. CSCW is concerned with understanding the specific practices involved in making cooperative work go well for the purpose of designing technologies that can enhance cooperative work in a world where it is arguably becoming ever more distributed and complex. From work place studies and observations in real world settings such as air traffic and London underground control centres, CSCW researchers have been able to produce a range of highly instrumental and useful insights for understanding the ‘what’ of what people do. This includes concepts such as a ‘working division of labour’; articulation work; mechanisms of interaction; workflows; common information space and interpretation work (See Schmidt and Bannon, 1992 for an overview of these terms). Other theoretical and methodological contributions include longitudinal studies examining the adoption of technology in workplaces. These have provided insights into the ‘co-development of work, organisation and technology in use’ (Törpel et al., 2009, p.21) and the understanding that technologies are not ‘readymade’ but ‘need to be embedded’ in existing practices and the local context or circumstances (ibid p.21). Ethnographic studies of workplaces, or ‘workplace studies’ (Luff, Hindmarsh, & Heath, 2000) have provided detailed studies of people’s practices and uncovered ‘features of situated action’ (Suchman, 1987 in Törpel et al 2009, p.22). One of the key insights of CSCW is that one cannot understand people’s practices as something planned, but rather they involve situated logics. Therefore one has to design ‘for’ human practices rather than replace human practices. Here CSCW has affinities with participatory and co-design approaches, including a ‘commitment to designing systems (both technical and organizational) that are informed by and responsive to people’s everyday work practices’ (Kensing and Bloomberg, 1998 p. 180) and an ethical concern for designing for humans. These ideas have been further developed through the notion of ‘corealisation’, (Hartswood et al., 2008), combining ethnomethodology with participatory design and hence new kinds of longitudinal engagement between users and designers. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration 5.2.3 Page 75 of 161 Value Sensitive Design Value Sensitive Design developed in the late 1980s and early 1990s within the fields of humancomputer interaction and information systems design and attempts to offer a “theoretical and methodological framework with which to handle the value dimension of design work” (Friedman, Kahn Jr, Borning, & Huldtgren, 2013). It combines concern for issues such as privacy, ownership and property, physical welfare, universal usability, informed consent, autonomy and trust, etc. in a systematic way throughout the design process. In this context ‘value’ refers to ‘what a person or group of people consider important in life’ (ibid p.2). The concern for values in technology is not new. There has been a long-standing critique of technology in philosophy (Heidegger, Horkheimer), but also in the natural sciences as well as computer science (Wiener 1953/1985, Weizenbaum 1972), pointing out the risk of a technological rationality taking control and replacing questions of ‘do we need it?’ or ‘is it good?’ with the question ‘does it work?’ There have also been many approaches to designing IT systems that support particular values, for example privacy, informed consent or trust (Friedman et al. 2013). Approaches like Computer Ethics, Social Informatics, Computer Supported Cooperative Work (CSCW) and Participatory Design also pick up on these concerns, placing emphasis on protecting the users; reflecting on the social and ethical impact of technology, the way it will change society; but also in the spirit of a discursive ethics of negotiation (Habermas, 1981) inventing democratic approaches to design, which are in keeping with principles of inclusion, participation, equal rights and reversibility and openness. In practice, Value Sensitive Design consists of conceptual, empirical and technical investigations, employed iteratively, i.e. these kinds of investigation are only analytically distinct (unlike in theory testing nomothetic deductive approaches, while in the actual process they are intertwined). The conceptual investigation asks which direct and indirect stakeholders are affected by the design, what values are implicated and how should trade-offs among competing values be negotiated. While conceptual investigations might orient the research process and get the investigation started, it is however ‘indispensable to conduct empirical investigations of the human context in which the technical artefact is situated” (Friedman et al. 2013). Such empirical investigations, utilising a wide range of qualitative and quantitative methods, further specify conceptual considerations with contextual and situated information as well as complement further direct and indirect stakeholders and ways of engaging and interacting with the technological artefact. By following the object (technological artefact) through its various contexts of use, the empirical investigation unearths overlooked modes of employ but also gives a more accurate insight into “espoused practice (what people say) compared with actual practice (what people do)” [ibid. p. 59]. Friedman et al. (2013) argue that the Value Sensitive Design approach offers a unique contribution to the design of technology and outline eight key features: 1. It aims to influence the design of technology at the early stages as well as throughout the design process. 2. It enlarges the field of study from a focus on the ‘workplace’ to broader public spaces, online communities, homes, services etc. 3. It has a unique methodology, combining conceptual, empirical, and technical investigations, ‘iteratively and integratively’. 4. It enlarges the scope of human values studied (for example within CSCW or PD) to include all potential values, especially those of ‘ethical import’ and also accounts for conventions and personal values such as choice of colour. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 76 of 161 5. It distinguishes between the usability of a system, i.e. the characteristics that make a system work and ‘human values with ethical import’, acknowledging that not all useable systems support ethical values. 6. As a key first step it identifies and takes seriously the concerns of direct as well as indirect stakeholders. Indirect stakeholders have often been ignored in the design of technologies. 7. It is based on an interactional understanding of technology, whereby ‘the actual use of a technology depends on the goals of the people interacting with it’ and that ‘through human interaction technology changes over time’, becoming an iterative and ongoing process. 8. It seeks to work with values at both a concrete and abstract level, acknowledging that while some values may seem to be universally held, this can play out very differently within different cultural contexts and point in time. (Friedman et al. 2013: p. 86) Finally, Value Sensitive Design holds the position that technologies ‘provide value suitabilities that follow from properties of the technology’ [ibid.]. In other words, technologies are not neutral, but the way they do things actually has effects in that they ‘support or hinder human values’ [ibid.]. The following table presents a list of some of the values ‘with ethical import’ explored within Value Sensitive Design. Human Value Definition Sample Literature Human Welfare Refers to people’s physical, material and psychological well-being. Refers to a right to possess an object (or information), use it, manage it, derive income from it, and bequeath it. Refers to a claim, an entitlement, or a right of an individual to determine what information about himself or herself can be communicated to others. Leveson [1991]; Friedman, Kahn, & Hagman [2003]; Neumann[1995]; Turiel [1983, 1998] Becker [1977]; Friedman [1997b]; Herskovits [1952]; Lipinski & Britz [2000] Refers to systematic unfairness perpetrated on individuals or groups, including pre-existing social bias, technical bias, and emergent social bias. Refers to making all people successful users of information technology. Friedman & Nissenbaum [1996]; cf. Nass & Gong [2000]; Reeves & Nass [1996] Ownership Property and Privacy Freedom Bias from Universal Usability Trust Refers to expectations that exist between people who can experience good will, extend good will toward others, feel vulnerable, and experience betrayal. Autonomy Refers to people’s ability to decide, plan, and act in ways that they believe will help them to achieve their goals. Refers to garnering people’s agreement, encompassing criteria of disclosure and comprehension (for “informed”) and Informed Consent Version 1.0: Final Agre and Rotenberg [1998]; Bellotti [1998]; Boyle, Edwards,& Greenberg [2000]; Friedman [1997b]; Fuchs [1999]; Jancke, Venolia, Grudin, Cadiz, and Gupta [2001]; Palen & Dourish [2003]; Nissenbaum [1998]; Phillips [1998]; Schoeman [1984]; Svensson, Hook, Laaksolahti, & Waern [2001] Aberg & Shahmehri [2001]; Shneiderman [1999, 2000]; Cooper & Rejmer [2001]; Jacko, Dixon, Rosa, Scott, & Pappas [1999]; Stephanidis [2001] Baier [1986]; Camp [2000]; Dieberger, Hook, Svensson, & Lonnqvist [2001]; Egger [2000]; Fogg & Tseng [1999]; Friedman, Kahn, & Howe [2000]; Kahn & Turiel [1988]; Mayer, Davis, & Schoorman [1995]; Olson & Olson [2000]; Nissenbaum [2001]; Rocco [1998] Friedman & Nissenbaum [1997]; Hill [1991]; Isaacs, Tang, & Morris [1996]; Suchman [1994]; Winograd [1994] Faden & Beauchamp [1986]; Friedman, Millett, & Felten [2000]; The Belmont Report [1978] D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Courtesy Accountability Identity Calmness Environmental Sustainability voluntariness, competence, and agreement (for ‘consent’). Refers to treating people with politeness and consideration. Refers to the properties that ensures that the actions of a person, people, or institution may be traced uniquely to the person, people, or institution. Refers to people’s understanding of who they are over time, embracing both continuity and discontinuity over time. Refers to a peaceful and composed psychological state. Refers to sustaining ecosystems such that they meet the needs of the present without compromising future generations. Page 77 of 161 Bennett & Delatree [1978]; Wynne & Ryan [1993] Friedman & Kahn [1992]; Friedman & Millet [1995]Reeves & Nass [1996] Bers, Gonzalo-Heydrich, & DeMaso [2001]; Rosenberg [1997]; Schiano & White [1998]; Turkle [1996] Friedman & Kahn [2003]; Weiser & Brown [1997] United Nations [1992]; World Commission on Environment and Development [1987]; Hart [1999]; Moldan, Billharz, & Matravers [1997]; Northwest Environment Watch [2002] Figure 16 Value Sensitive Design (Source: Friedman et al. 2013, p. 17-18) 5.2.4 A philosophical turn to ethics in design More broadly within the design world there has also been what Steen (2001) refers to as a ‘turn to ethics in design’, This reflexive move within design was largely propelled by Victor Papanek’s influential book ‘Design for the Real World’ (Papanek, 1984), addressing issues of ethics and social responsibility within industrial design. As such, these issues became increasingly on the agenda during the late 1990s and 2000s, seen for example in the adoption of triple bottom line approaches and Morelli’s call for a shift from designers designing ‘products’ to ‘human centred’ design seeking participatory solutions to societal and environmental issues (Morelli, 2007). At its core this challenged companies and designers to reassess their role and purpose in developing technologies, becoming instead ‘facilitators of a system of value coproduction’ (Morelli, 2007, p. 18). Such themes can also be seen in the concept of ‘Design Futuring’ (Fry, 2008), which argues that the ethical, social, political and ecological concerns facing the world require new ‘ideas and methods for design as an expanded ethical and professional practice’. However, while Papanek and others work has been hugely influential, Melles et al. (2011) argue that this agenda ‘remains only partially and unsystematically embedded in design education and practice’ (p.144). 5.2.5 Engaged STS – The Public in Design Finally, Science and Technology Studies (STS) provide useful theoretical resources for thinking through issues of technology, participation and ethics, including the ‘possibilities and limits of participation in technology development’ (Törpel et al., 2009). While STS includes a number of different theoretical traditions, it has long had a focus on ‘democratising technological culture’ (Bijker, 2003) and in making science and technology ‘socially responsible’ and ‘accountable to public interests’ (Sismondo, 2008b) (p.18). The emergence of the STS ‘engaged program’ [ibid.] saw a shift from the study of how scientific knowledge is produced to practical explorations as well as critique of public engagement and participation at the science and technology/policy interface (Delgado, Lein Kjolberg, & Wickson, 2011). This move has followed broader institutional shifts in how ‘publics’ and their relationship with science and technology have been conceived. From the late 1990’s a ‘participatory turn’, saw public engagement, dialogue and more participatory styles of governance become central paradigms within the science and policy worlds (Wynne & Felt, 2007). At the EU level, this included policies that aimed to involve publics in ‘the development and assessment of science and Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 78 of 161 specific technologies’ (ibid. p.56) and the feeling that to remain competitive ‘a solid partnership between the scientific community, policy makers, industry and civil society’ was needed (Busquin in EC 2004:3 in Wynne & Felt 2007:53). This also saw the emergence of many different participatory models and practices including public debates, consultations, citizen conferences and other experimental forms. STS scholars have both participated in and provided critique of participatory models and practices. For example, Wynne (Wynne, 2006) highlights how in exercises with invited participants ‘pre-framing’ of an issue can often occur, locking participants into existing agendas and ‘normative commitments’ (Wynne, 2006). This can also be seen in the move to define participants as stakeholders rather than citizens or the public, where the issues ‘at stake’ have already been defined and thus ‘the scope of democratic governance issues’ has been reduced (Wynne & Felt 2007 p.58). Stirling argues that in participatory appraisals, processes of ‘closing down’ tend to be privileged over processes of ‘opening up’ thus also reducing the potentials for democratic engagement with science and technology governance (Stirling, 2008). STS scholars have also provided insights into conceptions of the ‘public’ and how these have changed over time (Welsh, Ian & Wynne, 2013). This has highlighted the ‘heterogeneous and dynamic nature’ of publics (Delgado et al., 2011:7) and that the public does not in fact pre-exist, but is ‘potential, and always in the making’ (Wynne & Felt 2007:19). Approaches to publics within STS have also been informed by Dewey’s conception of ‘issue formation’, namely that publics emerge in response to problems or issues and that expertise is itself created through the democratic process of social enquiry and public deliberation around an issue (Dewey, 1927). For Latour (Latour, 2005) this involves a new form of ‘object orientated politics’, where ‘each object gathers around itself a different assembly of relevant parties’ (p.15) and whereby ‘matters of fact’ become ‘matters of concern’ (ibid). There have been a range of theoretical and also practical experiments within STS around the formation of these ‘new collectives’ (Latour, 2004), ‘hybrid collectives’ (Wynne & Felt 2007), ‘collective experimentation’ (ibid) and ‘co-production of knowledge’ models (Callon, 1999). These experiments offer the potential for opening up new spaces and theoretical resources for negotiating the politics and ethics around ‘matters of concern’ such as a particular technological innovation. STS has also had fruitful engagements and dialogue with ‘design’ (see for example (Ehn & Badham, 2002; Latour & Weibel, 2005; Latour, 2008; Patton & Woodhouse, 2004). Links have been made between Actor-Network Theory and participatory design, providing different perspectives and practices for conceptualising and unpacking design processes and raising key issues around participation and democracy (Storni, 2012). Suchman (Suchman, 2000) has been influential in highlighting the ‘inseparability of the social and material, practice and technology’ (Torpel et al. 2009:14) including calls to: …replace the designer/user opposition – an opposition that closes off our possibilities for recognising the subtle and profound boundaries that actually do divide us – with a rich, densely structured landscape of identities and working relations ... (Suchman, 1994:22). There are also convergences between STS and ‘reflective design’, ‘critical design’ and ‘speculative design’ in exploring how to think about the participation and construction of stakeholders and ‘publics’ (Disalvo, Lodato, Jenkins, Lukens, & Kim, 2014). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 79 of 161 5.3 Regulatory Approaches to IT Innovation Along with the development of designerly and STS approaches to practicing ethically and socially circumspect innovation has been the emergence of a range of regulatory approaches. Over the past 20 years there have been discussions at legal and political levels for incorporating data protection safeguards into ICTs. Regulatory measures include Recital 46 of Directive 95/94 of the European Union (1995), the first European directive on data protection, which aims to embed ‘‘appropriate measures’ in ICTs “both at the time of the design of the processing system and at the time of the processing itself, particularly in order to maintain security and thereby to prevent any unauthorized processing’ of personal data’ (Pagallo, 2011). Currently (in the EU) regulatory approaches for the assessment of IT innovation are being developed and institutionalized including in 2012 a proposal for a new general data protection legal framework that has not yet been adopted. In addition there have been a range of other regulatory approaches including Privacy by Design, privacy and ethical impact assessments and legal risk analysis. This section briefly outlines these different approaches, followed by a discussion of the resonances and tensions between regulatory and designerly approaches. 5.3.1 Privacy by Design Privacy by Design is closely related to the concept of ‘privacy enhancing technologies’ (PET) (Information and Privacy Commissioner/Ontario, 1995) and aims to incorporate mitigation of issues such as data protection and privacy into the design of technology. In practice, this might include design features such as separating ‘personal identifiers and content data, the use of pseudonyms and the anonymization or deletion of personal data as early as possible’ (Schaar, 2010:267). Cavoukian (2010) outlines seven principles of Privacy by Design as: 1. We have to view data protection in proactive rather than reactive terms, making privacy by design preventive and not simply remedial; 2. Personal data should be automatically protected in every IT system as its default position; 3. Data protection should accordingly be embedded into design; 4. The full functionality of the principle which follows from ii) and iii), allows a “positivesum” or “win-win” game, making trade-offs unnecessary (e.g., privacy vs. security); 5. A cradle-to-grave, start-to-finish, or end-to-end lifecycle protection ensures that privacy safeguards are at work even before a single bit of information has been collected; 6. No matter the technology or business practices involved, the design project should make data protection mechanisms visible and transparent to both IT users and providers; 7. Privacy by design requires an individual-focused respect for user privacy. (Cavoukian, 2010) A number of countries, including Canada, Germany, the Netherlands and the United Kingdom are promoting Privacy by Design. The European Union’s Seventh Framework Program for research and technological development (FP7)—the EU’s chief instrument for funding research over the period 2007–2013—also emphasizes the importance of “building in” privacy safeguards in technological solutions. Proponents of Privacy by Design argue that the principles should be binding for technology designers, developers and data controllers and that ‘providers of IT systems or services’ ‘should demonstrate that they have taken all measures necessary to comply with these requirements’ (Schaar, 2010 p. 278). However there are also challenges to and criticisms of the concept including its feasibility in practice (Spiekermann, 2012). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration 5.3.2 Page 80 of 161 Privacy and Ethical Impact Assessments Legal risk analysis focusing on privacy is commonly referred to as a Privacy Impact Assessment 29 or Data Protection Impact Assessment (PIA). PIAs have been developed and used in a variety of countries and contexts (occasionally mandatory), since the early 1990s including in Australia, Canada, Ireland, New Zealand, the UK and the US (David Wright, Mordini, & DeHeert, 2012). In January 2012 the EU Commission presented a proposal for a new general data protection legal framework (Proposal for a Regulation Of The European Parliament And Of The Council on the protection of individuals with regard to the processing of personal data and on the free 30 movement of such data) introducing concepts such as Privacy by Design and encompassing a number of detailed provisions for all ICT systems processing personal data. The proposal under the sub heading Data processing impact Assessment stipulates an obligation to carry out a PIA prior to risky processing operations: Where processing operations present specific risks to the rights and freedoms of data subjects by virtue of their nature, their scope or their purposes, the controller or the processor acting on the controller’s behalf shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data” (Article 33). Making PIAs mandatory will likely lead to a significant increase in the use of PIA across the EU and beyond and it has been suggested, may ‘give momentum to the development of an international standard’ (D. Wright & Friedewald, 2013). As yet however, the methods to carry out detailed PIAs vary and while there are various guides, handbooks and templates there are currently very few PIA methodologies (although a number of projects are attempting to develop this). Usually PIA processes are multi phased and carried out in several iterations, as the system develops. The initial objective is to get an overview of the main problem areas, as a basis for further assessments and deliberations of the system design. This often involves identifying ‘risks’ to privacy and strategies to overcome them. Other common themes within PIAs include the identification and inclusion of stakeholders and publishing PIA reports to make the process transparent. Both these issues present a range of challenges including who and how to include stakeholders and private sector developers may be particularly reticent to publish or make public their findings (Wright & Friedewald 2013). 29 Sometimes also referred to as Personal Data and Privacy Impact Assessment or Privacy Impact Analysis. See e.g. Clarke, Roger, Privacy impact assessment: Its origins and development, Computer Law & Security Review, Volume 25, Issue 2, 2009 p 123-135, Information Commissioner’s Office (UK) PIA Handbook, Version 2.0, 2009 “www.ico.gov.uk/upload/documents/pia_handbook_html _v2/index.html“, 29th International Conference of Data Protection and Privacy Commissioners, Privacy Impact Assessment Issues and Approaches for Regulators, Workshop Workbook, Montreal, September 2007, available at www.privacyconference2007.gc.ca/workbooks/Terra_Incognita _workbook12_bil.pdf, and Wright, David, De Hert, Paul, (Eds), Privacy Impact Assessment, Springer, Dordrecht, … 2012 (Law, Governance and Technology Series, Volume 6). 30 The regulation has not yet (January 2015) been adopted. The regulation will take effect two years after its adoption, at earliest 2017. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 81 of 161 Ethical Impact Assessment Ethical Impact Assessment (Harris, Jennings, Pullinger, Rogerson, & Duquenoy, 2011; David Wright et al., 2012; David Wright, 2011) is a more recent development, developing largely within the fields of philosophy and theoretical ethics and following in the footsteps of other ‘impact assessments’ such as environmental, risk or regulatory impact assessments and technology assessment (TA). A central emphasis is the need to consider ‘ethics in context rather than prescriptive rules’ (David Wright, 2010) and thus far has been largely a reflective method, where questioning the ethics of individual technologies and their implementation accompanies the design and development process. Often this literally involves the asking of questions, and there have been various attempts to formulate sets of questions to uncover ethical issues (Marx, 2006; van Gorp, 2009; David Wright, 2011). It has also included attempts to develop key principles, as well as procedures, frameworks and other ‘ethical tools’ for ‘assessing the ethical impacts of new and emerging technologies’ (Wright and Friedewald 2013, p.762). This approach has seemingly been developed in complete isolation from the designerly debates outlined above. This leads to problematic oversights and a preoccupation with a rigid system of ‘assessment’ focused on ‘problems’ without any clear means of translating insight into creative innovation, but it also introduces valuable contributions, which are not addressed in design so far. Most importantly, ethical impact assessment can scaffold sustained engagement with ethical issues. Rarely is attention extended to the creative appropriation of technology and the ethical consequences of this, and cumulative effects of assembling ecologies of technologies or, as in our case ‘systems of systems’. There is also a strong emphasis on including stakeholders and the importance of debate in the process. Wright and Friedewald have highlighted the overlap between PIA and EIA and suggest that both can be done together in what they call a P+EIA process (D. Wright & Friedewald, 2013). 5.3.3 Legal Risk Analysis in IT Innovation Risk analysis is a method employed in different contexts, reaching from business strategy development to engineering. Its aim is to identify and carefully analyse risks in order to enhance an organization or collective’s capability to avoid risk or mitigate impacts. Legal risk analysis explores the risks of an activity breaking the law prior to the activity being undertaken. Methods include quantitative calculations, graphic representations, scenarios, checklists, matrices, exposure studies and flow charts (Wahlgren, 2013). 5.4 Towards Design for Privacy & Design for Design Both designerly and regulatory approaches have an interest in the prevention of technological ‘disasters’. Billions of Euros and innumerable hours of work have been ‘sunk’ into failed IT projects across the European member states. Examples include the half a billion pound failure of the UK Firecontrol project (Committee of Public Accounts, 2011; Yeo, 2002). One key aspect that both designerly and regulatory approaches struggle with is the fact that innovation neither starts nor stops with design or regulation. Designers speak about ‘design after design’ (Ehn, 2008) – the fact that users appropriate technologies creatively, sometimes subverting intended functions. Rules, regulations and the law are interpreted. There is no technological imperative that dictates the use of an IT artefact. This does not mean that technology is neutral. However, it means that use evolves with technology as technology evolves with use. See, for example, Orlikowski’s paper on ‘Evolving with Notes’ (Orlikowski, 1995) and Taylor et al on the discovery of SMS (Taylor & Vincent, 2005). The approaches outlined above strive to controlling intended and unintended effects in and through the designed objects. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 82 of 161 As discussed above there are a range of approaches, particularly around privacy, that try to embed ethical principles ‘in’ technologies, for example Privacy by Design. As we discussed in D12.1, the utility of these approaches in emergency response in general are limited, because exceptions and improvisation, which are necessary, can invalidate them. In relation to supporting emergent interoperability in systems of systems such ambitions also pose some difficulties. It could be argued that these approaches are in essence flawed because they ignore one of the key lessons of the approaches outlined above: It is impossible to know, let alone control ‘problematic usage’ in advance. The methodological turn we are advocating goes some way towards addressing challenges of appropriation or design in use. Embedding ICT in emergency response and more broadly is a pervasively and potentially deeply transformative endeavor. It cannot be ‘fixed’ through reflective practice or ‘by design’ alone. Moreover, the fact that IT Ethics is neither ‘in’ the technology, nor ‘in’ its use, but distributed means that the configuration of problems shifts shape continuously. This means that designerly expertise, ethical impact assessment and legal risk assessment should iteratively accompany innovation as a process, and that stakeholder engagement is critical throughout. This approach takes lessons from STS informed PD. In a way it is a next step for PD – but one that sheds the paternalistic notion of ‘participation’ in the interest of recognizing that design is a political process that requires collective deliberation, responsibility and action. By ‘collective’ we do not mean either a ‘communist’ notion of collectivity, nor do we mean ‘happy’ notions of ‘Gemeinschaft’ or community. Collective in this context involves negotiation, conflict expression, methodologies for de-conflicting, not necessarily consensus. It utilizes disclosive ethics and transparent design, as well as designing for engagement (see Chapter 3). This also evokes ideas of a social contract in IT design, where society is responsible for educating citizens to a level where they can shoulder more of the responsibility for the effects of IT innovation, in collaboration with IT design that supports a more broader distribution of skill, for example by documenting computational processes more in novel interaction techniques. If the former is an attempt to develop more broad-based methodologies of how to design, the question of what to design remains. Are there ways in which the complexity and opacity of IT can be reduced? Drawing inspiration from architecture – are there digital equivalents to the way in which the Centre Pompidou documents or makes its infrastructure and architecture visible? By developing such approaches, appropriation and grassroots infrastructuring may be better supported, with a direct effect on the understandability of ethical, legal and social issues in emergent assemblies of systems of systems. Drawing this particular discussion to a close, we see parallels between design and regulation. In a way, regulatory efforts are forms of meta-design – attempting to spell out protocols and rules that can guide negotiation and appropriation. The designerly approaches we have described along with ethical impact assessment and legal risk analysis all call for iterative engagement of legal and social experts, for informing design decisions, experimenting with prototype solutions, finding some way of anticipating emergent effects of innovation in a way that place designers and users in a position to address these effects, to take opportunities and to mitigate problems from a position carefully situated right in the midst of change. There are resonances here with Orlikowski’s work, ‘co-realization’ approaches and approaches to ‘Integrated Organization and Technology Development’ (Orlikowski, 2000, 2009). We need a synthesis of these different approaches and a toolbox that allows more conscious utilization of them. The BRIDGE project has drawn on the theoretical and methodological insights of these different approaches in developing what we are calling ELSI Co-Design (Liegl et al 2015). The BRIDGE project is arguably one of the first projects to explicitly bring Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 83 of 161 designerly and regulatory perspectives together and in the final section we now outline the ELSI Co-Design approach we developed, followed by a summary of findings in Chapter 6. 5.5 BRIDGE ELSI Co-Design: Developing a Methodology At the heart of the project is the development of middleware infrastructures that will enable autonomous systems to ad-hoc interoperate and thus share information, synchronize processes and merge certain functions. It also provides central, aggregated inventories and an overview of the situation at hand and the combined resources available. Overall, the project aims to enhance emergency responders’ capabilities to address crises and collaborate, thereby strengthening the security and safety of citizens as well as their privacy and civil liberties. However, it will not be surprising that such architecture, due to its emergent character, the ability to track and monitor resources, and aggregate and share data also has the potential for raising many ethical legal and social issues. These include, for example: how to share and at the same time protect personal data and the privacy of those involved? How to avoid situation awareness becoming surveillance? How to deal with the potential change in organizational structure that such situational awareness tools might bring about? And how to account for actor-agent networks adhoc assembling in such a complex system of systems? In addition, the vast scale of the project, involving EU wide socio-technical systems (of systems), multiple project partners and many diverse ‘end users’, groups or ‘publics’ potentially impacted by the technology pose unique challenges for addressing these issues. As such, to enable the emergence of these issues and crucially, to allow the folding in of insights into the processes of design and innovation has necessitated methodological innovation. The process, which we call ELSI Co-Design, uses an iterative, experimental research and development approach that integrates ethnographic observations and insights from user engagement and codesign into specification, integration and experimental implementation of new technologies. The next section outlines some of the key features of this approach. Collaborative practices and co-design with users – assembling publics Our methodology adapts user-centred and participatory design methodologies with a ‘bottomup’ understanding of opportunities and challenges for innovation in work practice, informed by domain analysis and collaboration with professionals within the project. Ehn (1993) argues that participatory design raises questions of democracy, power, and control at the workplace. As we will see, this rings true when we look at BRIDGE innovations, which, as they track and monitor resources and emergency responders’ work, also enable surveillance. They also have a tendency to take autonomy and responsibility away from individual responders and shift them to the control center, higher up in the organizational hierarchy. We follow Ehn’s assessment, and see in participatory design an opening to negotiation and contestation of such issues, shedding light on the work conditions, and ideally the overall ethical and political implications beyond questions of efficiency. We contend that just like ‘usability’, ethics cannot be invented or decided by experts, but has to be the product of engagement with the technology, by directly or indirectly implicated publics. Facilitating such publics is a central element of what we call ‘ELSI Co-Design. Mixed methods and a future orientated approach We therefore use a whole spectrum of participatory and user-orientated design methods, aiming to upgrade swiftly from more detached methods of user centred design to more engaged collaborative and co-design methods where designers, users and researchers becomes productively entangled and users become critical collaborators in the innovation process (Sanders & Stappers, 2008). Our multi-method approach includes: Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 84 of 161 Ethnographic domain analysis Prototyping and Co-Design with end users and the End User Advisory Board (EUAB) Scenario-based demonstrations Living Laboratories (current phase BRIDGE Project) Design for Design (after Design) (Ehn) Technology Accompaniment (Verbeek) We also had a future orientated approach, recognising that it would never be possible to know the full scope of uses or implications of the technology, but in using scenarios and other experiential tools we tried to explore possible futures and make these futures tangible. Iterative exploration and design throughout the project Central to the BRIDGE project was a co-design approach from the early stages of the design process, exploring issues iteratively throughout the life cycle of the project. In many projects it is not until the later stages that engagement and feedback from stakeholders is sought, often with an emphasis on evaluation rather than design (Mulder & Stappers, 2009). This can lead to unaddressed issues or mistakes due to blind spots’ in the development team. In line with the overall agile methodology in the BRIDGE project, we abstained from a waterfall model of defining requirements at the beginning of the project. Rather, formulating requirements, qualities and features of the technology was an ongoing exploratory process, organised around the engagement of various stakeholders with (working) prototypes. Such a process would, we hoped, reveal user needs and concerns, disclose possible ‘good’ as well as ‘problematic’ sociotechnical, ethical futures and allow for democratic processes of engagement and negotiation. In practice, this involved creating spaces around our technological prototypes to allow the emergence of issues and the assemblage of publics. A Disclosive Ethics Approach This could be called a disclosive ethics approach (Introna, 2007). Ethically aware design research is a method, which by way of assemblage (‘drawing things together’), tries to systematically disclose ethically relevant aspects of socio-technical systems in use. This is based on the view that ethical values or principles are too general to help draw conclusions or judge a system. Rather, these values themselves rely on ontological assumptions (the way the world is and the way humans are fundamentally) that might not hold anymore in these socio-technical futures (for further discussion of these issues see chapter % on drones). Rather than seeing ethics as a pre-existing checklist of issues already known, we see ethics as emergent phenomenon that is both situated and co-constituted. Disclosive ethics means to dig for hidden ethical effects in the socio-technical systems. It is a way of often indirect probing in order to make issues and effects visible that are usually hidden in technological black-boxes. It could also be described as prototype-based exploration where we enable diverse stakeholders to experience the technology in use and to evaluate possible effects and consequences for the emergency response. Drawing on the notion of “living laboratories” we use the metaphor of the (chemical) laboratory or a chemical reaction and particle accelerator/collider to describe this convergence or assemblage. The ethical issues emerge or become visible like a reaction in a chemistry experiment or the traces in a particle collider. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 85 of 161 Figure 17 Disclosive ethics, living laboratories Folding insights into design Informing socio-technical innovation is not a linear process where insight X clearly necessitates design decision Y. Understanding the complexities of work practices inspires design in complex ways. Insights are ‘folded in’ or materialized at different levels of design (architecture, policies, interaction design, social and organizational change) through interdisciplinary critical technical practice and stakeholder engagement. Since we believe that design is an open- ended process where products should be adaptable to new situations, this phase opens what Pelle Ehn calls “design for design” (Ehn, 2008). ELSI Co-Design in Practice - four iterations In practice, the project aimed to explore ethical, legal and social issues throughout the life cycle of the project and in roughly four phases, or rather, since these were not linear, but iteratively organized, modes of investigation and design. This exploratory process was ongoing, but can be roughly divided up in four (kinds of) iteration, from an opening exploratory movement through a more structured movement on to gradual closure. 1st Iteration: Ethnographic Domain Analysis & Co-Design with Stakeholders / End-Users Drawing on CSCW and STS traditions, the first mode, ethnographic domain analysis, tried to capture in go-alongs and participant observation the practices, procedures, organization, skills and concerns of domain experts (cp. BRIDGE D2.1 & 2.2). This approach was multi-sited, ethnographic and mobile, including interviews. The domain analysis gathered expertise about the domain, which was then systematized into rich user stories and broken down into more abstract ‘user needs’ and ‘ethical concerns’. In the first phase of domain analysis and co-design, the BRIDGE team conducted fieldwork in various areas of the emergency domain to understand current practices of inter-agency collaboration and areas for improvement. The second mode was Co-Design Workshops, which played a prominent role in BRIDGE (Oslo 2011, Lancaster 2012, Stavanger I 2013 (Demo II). Here we engaged with various kinds of stakeholders, but especially emergency response personnel and organized co-design workshops where we encouraged them to engage in sandboxing exercises, playing through scenarios using Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 86 of 161 paper or more advanced prototypes of our technology – i.e. elements of the BRIDGE System of Systems. Unlike domain analysis these sessions feature a strong futuristic element, in that they allow the imagining of ways to do things differently. At the same time, they also allow for conflicts or concerns to get expressed or even discovered in the first place. These workshops elicited user needs, qualities, functional and non-functional requirements of collaboration technologies. From this we gathered “stories”, which contained themes, narratives and descriptions of practices, necessities, qualities and matters of concern that the stakeholders discovered in these engagements. From these stories we took in vivo quotes or topics and translated them into user needs (and requirements) which were gathered in JIRA. This was a collaborative effort of in principle all BRIDGE team members, who could make entries, comment, label and enrich what was there. Since the very beginning of the project, we used JIRA31 as our main collaboration platform for user needs and requirements (with WPs 2, 10 and 12 working as editors and data stewards). Real world exercises were used as a third method of Domain Analysis and Co-Design. Here, BRIDGE prototypes were introduced, used, and tried out in the context of a regular emergency response exercise, which offered first responders the opportunity of hands on experience with the technologies and allowed for extensive feedback of the user experience, insights on its usefulness, input for improvement but also hesitations and warnings of potential dangers of the technology (Flums, Demo I Stavanger, II & III), ValEDation days in Salzburg). From these diverse research and design opportunities we derived collections of in vivo quotes, observations and user stories, which then served as a source for formulation of user needs and requirements – both functional and non-functional. In these formulations, ethical considerations – a lot of them brought forth by users themselves, were paramount. Apart from catalogues of more general ethical qualities, that were developed mostly through desk-studies (for instance in our extensive review of the Ashgate Series on Library of Essays on Emergency, Ethics, Law and Policy (Campbell 2013)) it was this fieldwork with domain experts, disclosing issues such as information overload, worries about informational self determination, or situation sensitive use of the monitoring capacities of the technology. It was these insights which allowed us to translate qualities into ethical requirements, specific to the developed BRIDGE technology. 2nd Iteration: Ethical, Legal and Architectural Sessions with Engineers and CC32 Owners During the 3rd and 4th period of the project, we switched from this exploration into a more structured mode, sorting the ELSI requirements by Concept Cases (CC)—technology bundles, which are aggregated according to their general functions such as, situation awareness, information gathering, logistics, networking, tracking, etc. (cp. D2.2 106ff.) — and having intensified exchange with the CC owners, where WP 10 put a lot of effort into co-formulation of requirements. At the same time we worked on the validation of the technologies and for this formulated (distilled from domain analysis, end user engagement and literature reviews) architectural, ethical and legal qualities and requirements and had a series of two hour plus sessions with the CC owners where we evaluated those aspects of the technology. 31 https://www.atlassian.com/software/jira 32 The design process in BRIDGE is organised in what we came to call ‘concept cases’ which are bundles of tools addressing a certain type of task in emergency response such as situation awareness, logistics or resource management (for a detailed description cp. chapter 6.3). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 87 of 161 On the basis of these findings (and after almost 3 years of exploration) we built another kind of laboratory, where we confronted technical elements and the inner workings of the system with the stories, scenarios and concerns we had collected but also with a more formal canon of (emergency) ethical qualities. In these Ethical Requirement Sessions (there were also legal and architectural sessions) two kinds of spokespeople engaged with each other: the Systems owners (mostly system developers) represented the “concerns” of the socio-technical system, while the domain analysts represented the ethical canon and the concerns they had learned about from various stakeholders. This resembled most closely representative democracy, where the indirect mode was mostly due to the complexity of the technological systems, but also to the fact that in our agile design process we used this phase to formulate ethically aware systems requirements. Figure 18 Powerpoint slides used during the Ethics Sessions In this second iteration the requirement engineering again proceeded in a more structured way. Here the validation team gathered all the acquired user needs and requirements from JIRA and fed them back to the concept case owners in order to inquire into feasibility and applicability and also work on proper requirement formulations adequate / adapted to the technology. 3rd Iteration: Validation with End Users (ValEDation Days) Finally, during the so-called ValEDation days (cp. BRIDGE D10.3, 55ff.) we organised three quite varying settings for end-user engagement with our current prototypes. In Salzburg we organised an exercise with local firefighters, testing the behaviour of the technology in real world settings; in Delft we had a more conceptual validation of the middleware and the middleware oriented CC Adaptive Logistics, where we explored possible strengths and effects of the middleware; while in Oslo a simulated 3D scenario was built, which allowed a virtual exploration and testing of the Master System, eTriage and the training system. Based on these results WP 10 was engaged in yet another iteration with the CC owners, working on consolidating all the knowledge gathered throughout these varying forms of engagement and publishing it in a comprehensive form in BRIDGE D10.4. As discussed, the BRIDGE project follows an agile design methodology, and the requirement development process is organised in iterations. This means – somewhat counter-intuitively – that even validation does not follow a strictly evaluative, retrospective path, simply testing ready formulated requirements against the actual performance of the technological prototypes, but rather that while doing the latter we are also still tweaking and reformulating requirements, and even exploring new user needs or adaptations of already existing ones. The logic of such a design process with frequent iterations can be described in analogy to forms of logical reasoning Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 88 of 161 as abductive reasoning, which aims at discovery, disclosure, invention, rather than deductive (top-down) reasoning, which links premises with conclusions, in such a way that if the premises are true and the rules of deductive logic are followed also the results will be necessarily true. In other words, in the logic of discovery, the premises are not kept stable, but themselves are at stake. In such an approach the goal is not to find out if the prototype in all circumstances fulfils the requirements formulated beforehand, but rather, whether by putting it to the test in a variety of circumstances, potentially new requirements or sub-requirements emerge. So the testing is not linear from requirements to prototype, but proceeds simultaneously in both directions. 4th Iteration: Long-Term engagement with End-User Partners In the last phase or mode, BRIDGE prototypes in their most mature stage have been taken into user settings, where domain experts have engaged with them over a longer period of time. This multiplies the amount and kinds of people and social entities who will come in contact with the systems, thus multiplying the opportunities for issue as well as publics formations around it. Various techniques used during this phase for capturing emerging issues include: Working prototype (high TRL) remains for period of time with Emergency responders Keeping user logs Ongoing tech support ‘Technology accompaniment’ and Design after Design Re-entry of empirically enriched ethical issues Participant observation Focus groups to reflect on experiences and issues that arose in scenarios and practices Since this phase is ongoing with partners from fire departments in Austria, who are using the Advanced Situation Awareness System and the HelpBeacons, testing the use of these systems in their everyday work. Also in University Hospitals in Stavanger and Trondheim, the eTriage system is being employed in everyday ambulance and hospital logistics. Based on the results of these long term engagements, WP 10 will consolidate all the knowledge gathered throughout these varying forms of engagement, publishing it in a comprehensive form in BRIDGE D10.4.Summary 5.6 Conclusion These different modes of ELSI Co-Design serve as a means for turning matters of fact (does it work) into matters of concern (is this really what we want) (Latour, 2005). This involves creating spaces around our technological prototypes, allowing for the emergence of issues and formation of publics. In this process, new ways of working emerge in interaction with emergent technology, and ethics and technology adapt, revising and co-articulating each other. There have been many challenges in the BRIDGE project for undertaking ELSI CO-Design in practice. For example, one of the biggest challenges has been finding ways of exploring and formulating user needs and requirements for the middleware based on a thorough assessment of its effect at runtime. To achieve this we have built a simulation environment, which seeks to make the middleware visible and inspectable. Similarly, there are questions about the ‘publics’ we allow space for within the project. Who was excluded? How might we better include indirectly implicated publics and who might these be? How does an explicit commitment to address ELSI actually play out in practice and with the other demands and cultures within the project? How did the specific assemblage of the transnational consortium shape the process of our ELSI co-design and potentially obscure certain issues? We argue that our methodology of ELSI co-design and experimental co-creation Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 89 of 161 of socio-technical futures, where both the engaged public and issues are results of experimentation and contestation are pre-requisites for developing socio-technical systems, which not only can be made ‘acceptable’, but which become part of and enhance society. This chapter has addressed the development, roots and methodology of the BRIDGE ELSI CoDesign approach. It began by outlining the intensified focus on ethics within Horizon 2020 EU funding requirements. However, while ethics is starting to become a more prominent concern for EU research and development funding, there are currently no regulatory standards, nor are there, or is it necessarily possible to develop ‘one size fits all approaches’ or checklists that can be easily adopted. As such, there is space and a need for methodological innovation in how we might open up design processes to account for ethical, legal and social issues. There have already been many attempts to do this and in the first half of the chapter we introduced some of the different traditions that have addressed these issues from a variety of perspectives, including designerly and regulatory approaches as well as Science and Technology Studies. These approaches have formed many of the theoretical and methodological underpinnings of the ELSI Co-Design approach developed in the BRIDGE project. In the second half of the paper we outlined the key features of our experiments in ELSI Co-Design. This involved creating spaces around our technological prototypes, which allow for the formation of issues and assemblage of publics as engagement in the practice of disclosive ethics (Introna, 2007). In practice this involved various iterative stages and a mixed methods approach as outlined in the chapter. This chapter has set the scene for the next chapter where we explore key findings and challenges. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 90 of 161 6 Disclosive Ethics & ELSI Co-Design in the BRIDGE Project We have identified collaboration in emergency response as a vital societal and ethical goal, yet also spelled out the obstacles and fears that currently prevent or stifle efficient collaboration. These obstacles include the complexity of disaster preparedness and response and time-critical-ness of response differences in organisational structures, -cultures and –hierarchies decision making is distributed across many interdependent individuals and groups in many different locations and situations fragmentation and poor synchronization in time, allowing activities that look reasonable locally but that can actually undermine activities overall technological incompatibilities uncertainties about data protection and privacy legislation Disclosive Ethics and ELSI Co-Design is an exploration of how socio-technical design and innovation could help to overcome these obstacles in ‘good’ and responsible ways. In BRIDGE the exploration of ELSI related to technology and the quest for designing technology in a way to enable ethically circumspect emergency response has been closely linked with the methodologies of iterative ethnographic domain analysis and co-design. This elicitation of ethical issues informed formulating them in a way that they can be formalized for requirements engineering. This process should involve as large a variety of stakeholders as possible, covering domain experts, past and potential victims, members of the public, policy-makers, administrators, ethical and legal experts and of course designers and engineers. We call this process of unfolding ethical issues ‘disclosive ethics’, following Introna and Introna & Nissenbaum (2007). We complement ethnography with co-design, because ethics, lawfulness and social responsibility are folded into material socio-technical assemblages, and enacted in social practice of situated explorations, negotiations, probings. There are no clear cut lists of ethical principles or values that could be unequivocally ‘designed into’ material technologies or organisational structures and ‘best practice’, but rather what is ethical, lawful, socially responsible is relational and shaped in situated practices. Design must support these practices. This section summarizes our exploration of ELSI in IT systems in emergency response and findings that emerged within interdisciplinary collaboration sessions designed to develop ethical, legal and architectural qualities as requirements for the assessment of system of systems architectures. One central aim was to explore the location of ethics in complex distributed sociotechnical systems which enable emergent interoperability. The concept cases serve as a research tool, to explore such questions of ethical topology and accountability. Questions of how ethical responsibility is distributed between humans, technologies, infrastructures will be discussed. 6.1 Ethical Topology of the BRIDGE Systems of Systems Even in a single organisation many tasks are collaborative and distributed. We have seen in chapter 4 the immense work and complex infrastructures that are necessary for collaboration to take place. From an ethical point of view it is important to reflect not only on the collective actions during emergency response and their outcome, but also how technologies shape collective action. What are the ethical implications of data sharing infrastructures and situational awareness technologies? How do they assemble emergency response units and are these ways of assembling desirable in terms of enabling effective response? What are (un-)intended effects? In Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 91 of 161 distributed collaborations, it is not easy to assess where or as a result of which interactions, actions went right or wrong and consequently it is hard to know which individual or collective to praise or to blame for outcomes. There have been many controversies both within ethics and sociology on questions of collective agency and responsibility (e.g. May & Hofmann, 1992 Jasanoff, 1994). These reveal some of the limitations of legal and ethical traditions based on individual responsibility and call for more collective, organisational and socio-technical models of accountability. Can organisations or groups act? Can they collectively be responsible for actions? Communities, or even Nations, too? And if so, how are they to be held accountable? Every individual member? The leaders? The operators of a technology? And if the technology has adverse effects – will those who use it be blamed, those who procured it, or the developer team that made it? Does distributed action entail distributed responsibility? What about the technology itself in this? The overarching goal of the BRIDGE project was to design a System of Systems architecture that would allow emergent interoperability for interagency collaboration in large scale emergency response. To facilitate the design process, development was organised along technology bundles – so called Concept Cases – which are aggregated according to their general functions such as situation awareness, information gathering, logistics, networking, tracking, etc (cp. D2.2 106ff.). These Concept Cases served as a tool for developing and making the middleware tangible, and also formed organisational units, gathering subgroups of designers, users and researchers, who were each coordinated by the Concept Case owner(s). Besides their individual functionalities and the role of making the middleware tangible by utilising its functions, the task of the Concept Cases is to provide the BRIDGE middleware with prototype future systems that would aggregate in an ad-hoc way into a system of systems. Here individual systems would fulfil their individual function, but be BRIDGE’d in the sense of being able to communicate, being able to share, gather and display information in a usable, secure way, support people in constructing overview (COP), and coordinate work processes and workflows. BRIDGE ELSI Co-Design is hence co-design in a system of systems context, which means that a methodology for ethical explorations is needed that reflects not only the individual systems – or as we say Concept Cases – but the system of systems as a whole in all its complexity. 6.2 Ethical, Legal and Social Qualities Sessions Over the course of four years of end-user engagement and design research in the BRIDGE project, a collection of use-stories, concerns, user-needs and future use scenarios were gathered, systematized, and translated into requirements and taken into account for the design process. In a third iteration of design/research we brought this rich body of domain knowledge into dialogue with on the one hand a more systematic collection of ethical and architectural values and on the other hand, more technical system components, in what we called Ethical, Legal and Architectural Qualities Sessions, a method for Ethical Impact Assessment in the context of codesign. For the evolution and a full list of architectural qualities, see BRIDGE D4.2, D2.5 & 10.3]. A comprehensive overview of results from these Qualities Sessions is included in D10.3. In this chapter we will give a brief overview of the Concept Cases and their functions and then focus on a thematic discussion of the most prevalent ethical implications and the way those can or should be addressed. In this third iteration of the disclosive ethics process we met online for discussions (2 hours each) with designers involved in the BRIDGE Concept Cases (CCs), to explore how CC technologies addressed the qualities we had so far identified over the course of our research. In terms of Co-Design methodology these sessions move from a participatory assembly (in the sense of participatory or direct democracy) to a representative one (in the sense of representative democracy), where the designers represented the technological and functional aspects of the Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 92 of 161 socio-technical system, while members of WP12 represented (and assembled) users, stakeholders and a more general public, as well as systematic formulations of IT and emergency ethics and law. The results of these sessions are documented comprehensively in BRIDGE deliverables D10.3 and D2.5, which report on the systematics and results of the BRIDGE requirement engineering process. Following the BRIDGE design approach based around concept cases, CC owners were invited as the spokespeople for the respective systems. Together, we explored what ethical qualities like ‘autonomy’, ‘solidarity’ or ‘fairness’ might mean for example in regard to the CC ‘Robust and Resilient Communication’. Would this technology have affordances that support autonomy and if so, who would be benefitting from this? While the sessions followed the logic of the CCs, when we analysed the transcripts, we found that it would not suffice to stay within those confined silos, since ethical implications would often emerge only in the combination and interaction of several CCs. Often CC owners formulated something might be a problem “not in isolation, but in combination with other concept cases”. The same was true for the ethical and architectural qualities themselves. Often a certain socio-technical practice nexus had implications that revealed how qualities like autonomy, transparency and responsibility were interdependent. So the way we present the findings of the ELSI sessions. We present an inventory of ethical issues, which are sometimes specific to a certain type of system, but at other times specific to a practice or an ethical quality, etc. This is a highly productive move towards cross-cutting issues and larger aggregate (units) that leads us closer to the goal of the BRIDGE project to design and observe the affordances of emergent systems of systems in emergency response. At the same time, we still struggle with conducting an exploration of ELSI issues for the middleware or the system of systems. Disclosive ethics for middleware infrastructures is more difficult, because middlewares have no direct contact with users, they are complex, designed to be invisible, operating in the background, opaque, distributed, and black-boxed. The investigation into middleware ELSI implications is thus ongoing. In this document, some ethical implications of middleware are made visible by analysing the CC ‘Adaptive Logistics’, ‘SWARM’ and the ‘Master’, which are highly dependent on the middleware and/or are, in some sense, middlewares themselves. 6.3 The BRIDGE Concept Cases Before presenting findings of the ELSI Disclosive Ethics / Qualities sessions, some information on the technology under investigation is needed. The BRIDGE system of systems is comprised of altogether eight concept cases, which utilise middleware services. This is underpinned by a number of stand-alone dedicated middleware(s). Detailed descriptions can be found in technical deliverables from WPs 3 to 8. Here, we provide a short summary to set the scene. 33 Adaptive Logistic In the BRIDGE concept case ‘Adaptive Logistics’ we characterize large-scale emergency management operations as ‘Complex Dynamic Multi-Agency Distributed Systems’. We explore how we can coordinate the efforts deployed by all the systems’ human participants and artificial components, in such a way that the BRIDGE system-of-systems as a whole displays coherent, 33 The following descriptions were developed in the course of requirement engineering during the ethical qualities sessions and further formulated in BRIDGE D10.3 – we did some adaptions for BRIDGE D2.5 and this deliverable. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 93 of 161 goal-directed behavior, realizing its goals effective and efficiently. Its main functionality is to organize a dynamic multi-agency collaboration. We use workflows (or more specifically a ‘Workflow Generation and Management (WFGM) sub-system’). To organize this collaboration the WFGM requires system awareness and specific capabilities to plan, instantiate, monitor and adjust activities. Advanced Logistics establishes a collaboration between various BRIDGE system components, including ‘DEIN’, ‘Situation aWAre Resource Management (SWARM)’, the ‘Risk Analyzer Modeler’ and ‘Advanced Situation Awareness - Prediction Modelling’. In other words, ‘Adaptive Logistics’, keeps an overview of a number of processes and variables and as they change, adapts the logistics and workflow processes of emergency response and management (mostly resource allocation) according to pre-defined, more general goals. The components of Adaptive Logistics have a high degree of automation and autonomy, adapting or recalculating, for instance, where certain emergency resources go and which victims they will tend to. Workflows can only be managed if activities are tracked and logged. Advanced Situation Awareness The BRIDGE Advanced Situation Awareness (ASA) CC assists first responders on scene in increasing situational awareness by supplying real-time visual and other information on the extent of the disaster and its consequences. ASA consists of the following three components: a Hexacopter, Expert System, and Modeling Module. The Hexacopter is an unmanned aerial vehicle (UAV) system, which consists of Flying platform with six motors; Global Positioning System (GPS) and radar; Video and infrared cameras; On-board computer; Environmental sensors; and Ground control station. The Hexacopter provides a live video from a bird’s-eye-view perspective, a parallel infrared video, and real-time environmental sampling data, which help assess the magnitude of destruction, fires and health hazards to first responders and affected population. The UAV can be controlled manually or be put into a pre-programmed automatic flight modus. The Expert System is a software, used to automatically analyze the incoming environmental measurements supplied by sensor payloads on the Hexacopter to the Ground Station. The data is compared against national and international standards, and combined with expert recommendations. The aim of the Expert System is to help the incident commander interpret the obtained environmental data and ease the decision-making in a complex emergency. The Modelling Module is used to create computer models of the incident site and of plumes in case of an uncontrolled release. It can draw on the pre-programmed generic models of reality-based structures contained in the BRIDGE Critical Infrastructure Library. This module enables the user to assess the physical damage to buildings, estimate the number of victims, and predict the dispersion of hazardous plumes based on meteorological data. Dynamic Tagging of the environment / eTriage The BRIDGE Dynamic Tagging System assists first responders in marking and monitoring significant locations of the disaster site and in creating real-time situation awareness. It aims to ease the annotation of the field with digital information, creating an improved spatial reference system and shared understanding of the geography of the emergency for emergency responders. Such an annotated disaster site enriches the process of spatial sense making. The Dynamic Tagging System assists first responders in marking and monitoring significant locations and Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 94 of 161 objects in the disaster site and in creating real-time situation awareness. The element most developed in this concept case is the eTriage system, hence the ethics sessions focused on this. In large-scale emergency events the number of injured can exceed the capacity of medical resources available. Where resources are scarce, triage is necessary so that resources are allocated to those that most need it and/or would most benefit from them. Triage involves dividing victims into categories according to their need for medical attention. The eTriage Concept Case proposes to replace currently used paper tags with a snap-on networked bracelet integrating physiological sensors and a GPS unit for location tracking. The devices can monitor the status of the patient and send updates to other components connected to the BRIDGE system using a mesh network. Once marked, the system allows for locating the victim and monitoring his/her vital parameters are all the way to the hospital. To control the deployment, the concept includes the idea of an eTriage Pad. ‘Triagers’ would carry with them a tablet device that connects to the mesh network created by the deployment of tag. The e-triage concept case responds to the following issues in current triage practice: Registration and overview: The presented eTriage concept serves the purpose of registering and counting the number of victims. This will contribute as an overview, which is essential not only for the paramedics but for all agencies (e.g. reporting number of injured and fatalities to the media) Sensors and monitoring of victims: by adding sensors to the bracelet we could measure heart rate, respiration frequency, O2 saturation, body posture, movements etc. This could be helpful in big disasters where number of victims outnumbering paramedics. Alerting on changes in condition: sensors could send alert to paramedics when vital signs indicate a harmful development that needs immediate attention AutoTriage by advanced sensors: stretching the idea even further, it would be useful to have a bracelet that performs automatic triage. Information Intelligence In all emergency management phases, information about the current situation is vital. Today, people extensively document crises in social media. Hence, our aim with BRIDGE Information Intelligence (II) is to introduce a tool that allows the automatic analysis of such media data in addition with live data from in the field and aggregates it in situational reports. The BRIDGE II comprises several components: Aggregation: It performs aggregation to detect sub-events (= specific hotspots of a crisis) and shows the results to the user. Data Simulation: It allows the simulation of data during a running exercise. Hence, this tool can also be used for training purpose. Data Collection: It is implemented as an Android-App and allows the collection of live data (from within the field). The Aggregation Feature performs the aggregation based on online clustering. It aggregates the data based on their textual and location content. The aggregation can be performed on archived social media data (e.g., Twitter) and on live data coming from within the field. The results are shown to the user via a web-based implementation reachable from any browser (e.g., Mozilla, Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 95 of 161 Google Chrome etc.). The GUI contains a map-representation and a detailed view for subevents. In addition, it allows to filter the results based on geo-location and/or keywords. The Data Simulation Feature allows the creation of data based on a given scenario description (given as XML). The description can be also administered by the tool. The creation of the dataset follows this scenario description. It comprises short text messages (i.e., simulated tweets), which are based on the effect the incident might have. For the generation process different sub-event attributes are needed, e.g., start of the sub-event (offset) during the exercise, description, some textual phrases for the generation mechanism, etc. The data simulation tool can be used, e.g., for training to integrate (simulated) “social media” into a running exercise. The Data Collection Feature allows the introduction of live data into the aggregation process. The Smartphone app was created by BRIDGE colleagues Amro Al-Akkad and Christian Raffelsberger (utilizing the “Local Cloud” concept of Amro Al-Akkad). It allows directly the integration of text messages and pictures from persons in the field into the aggregation mechanism. The idea is to enrich the aggregation process with this live data. Master The Master is a command and control information system for use in emergency management. It assists commanders and other central actors in keeping a common operational picture of the situation, and in allocating their resources efficiently during the response. The Master provides a map-based mechanism for resource allocation, message communication, and access to predefined plans. The system is intended to be distributed across all command chain levels in the organizations that take part in the response effort (i.e. across commanders and decision makers on the strategic, tactical and operational levels). To support users on different levels the tool is available in several different versions, tailored to run on different devices, including desktop PCs, collaborative multi-touch tables, tablets and phones. The Master gives a customizable map-based overview of the situation, showing real-time information about: Incidents, response elements and risks added by other Master users. Patients and victims retrieved from the eTriage and HelpBeacon systems. Response personnel and vehicles tracked by the SWARM system. Relevant social media elements collected by the Information Intelligence system. Unmanned vehicle video streams retrieved from the ASA system. Model overlays (e.g. plume models) retrieved from the ASA system. Expert advice retrieved from the ASA system. Hospitals and available bed capacity information where available Users of the Master can view, filter, and add information in the common operational picture. Newly added information is automatically synchronized with all other running instances, allowing all users to keep an up-to-date view of the situation. The resource allocation mechanisms in Master allow users to allocate personnel and vehicles to specific tasks and locations using drag and drop in the map-based view. The allocated resources are notified via the SWARM system running on their mobile phones. The system also support message communication with other users, access to predefined object plans (e.g. documents, blueprints, certain types of 3D models where available), weather forecasts, and freehand drawing on the map for local planning of the response effort. By supporting several formats within the emergency data exchange language standard (EDXL), the Master can be connected to both new and existing systems, allowing information to be shared in an efficient manner. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 96 of 161 Robust and resilient communication The main goal with this CC is to create an ad-hoc networking infrastructure that provides networking services on an incident site. The BRIDGE Mesh network allows other systems to exchange data locally or send them to other networks such as the Internet. The Help Beacons application allows people to use their smartphones to advertise their need for help. Robust and Resilient Communication comprises several components: 1. Wireless Mesh routers that form an ad-hoc network (called the BRIDGE Mesh) to provide a networking infrastructure for other systems on the scene (e.g., eTriage) 2. The Help Beacons victim application that allows people to call for help using an Android smart phone 3. The Help Beacons responder application that is used by first responders to collect SOS messages The wireless mesh routers form an ad-hoc networking infrastructure that can be used by other CCs to exchange data. All routers provide wireless access points to allow other devices (such as smartphones, notebooks or the eTriage bracelets) to join the network. Some routers provide gateways to other networks such as the Internet and bridge different wireless technologies. The Help Beacons System provides a way for people to call for help using their Android smartphones. The Help Beacons system uses the Wi-Fi wireless technology (i.e., IEEE 802.11) to advertise short help messages. First responders that use a Help Beacons responder application can collect beacons in their vicinity and locate victims. Technically, the idea is implemented by encoding short messages inside the name of the Wi-Fi access point created by the victim’s smart phone. Any device in range can see these messages using its Wi-Fi interface. The Help Beacons responder application has been designed in a way that is does not need any user intervention to collect distress calls and send them to the BRIDGE Mesh. This allows the first responder to fully focus on his/her tasks. Optionally, the first responder can be notified via acoustic signals or vibration when a new distress call has been found. Collected help calls are sent by the responder device to the BRIDGE mesh that provides connection to other BRIDGE systems such as the BRIDGE Master. Thus, the Master can visualize information about Help Beacons, such as the help message itself or the time the help message was received by the responder device, and also the time the victim had set up the help message. If the GPS position of the victim and/or the responder is available, the Master can visualize the location of Help Beacons on a map. The information that is collected by the Help Beacons responder application is sent to the BRIDGE Mesh network where a dedicated service first stores the received data locally. The data is then transferred via the BRIDGE middleware to other interested parties. Thus, the BRIDGE Master can visualize the distress calls. Situation aWAre Resource Manager (SWARM) The BRIDGE SWARM combines resource management (resource identification, involvement, task assignment, status reporting) with technology for achieving situation awareness, in order to: 1. Provide a continuous overview to first responders of the resources in their immediate surroundings (including human resources); Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 97 of 161 2. Communicate the state and context of human resources (e.g. their condition and health, environmental conditions like temperature, background noise, etc.); 3. Provide better context-aware predictions of activities of resources, e.g. estimated times of arrival for moving resources. For achieving these tasks, the SWARM relies on the technical capabilities of smartphones (such as 3G, GPS, sensors) which are the tracking and communication devices for the resources and the Master System, which gathers and displays the locations and activities of the resources in a unified visual field. The smartphone allows to: Get insight into: 1. Location of the incident 2. Location of command/control posts 3. Location and status of surrounding resources 4. Location, assigner and status of my current task Inform others about: 1. My task status 2. My personal status Provide direct (emergency) voice contact with: 1. (assistant) Incident Commander 2. any other person (configurable) The master allows to: Get insight into: 1. Location and status of Resources 2. ETA for moving resources 3. Current tasks and their status Inform others about: 1. New task assignments 2. Dynamic team formation First Responders Integrated Training System (FRITS) The main objective for FRITS is to establish an optimal learning and training methodology, supported by an integrated portfolio of sub-systems that will improve the quality of emergency response and crisis management in intra-agency and inter-agency operations. FRITS uses BRIDGE developed methods and tools together with COTS (commercial of theshelf) technology to ensure flexibility and to provide scalability for different end-user needs. The concept is divided into modules, focusing on training, exercises and proper evaluation for improvements: Training methodology and methodology tools Exercise management tools Evaluation tools Simulated training; live, virtual and constructive systems (COTS-technology) ITE – Integrated Training Environment Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 98 of 161 By combining two or more of these modules, FRITS helps all levels of responders (operational, tactical, and strategic) to improve their training and exercise activities. Also, by focusing more on using various virtual and constructive tools in addition to live exercises, a quantified cost effective end-result is possible to achieve over a relatively short time-frame, ranging from base theory to large-scale multi-agency exercises. 6.4 Disclosing ELSI - Process As already mentioned, our ELSI-Co-Design methodology has taken its starting point in the logic of the concept cases as BRIDGE organisational (and innovation) units, but in practice and in the analysis these units are re-specified into larger or smaller clusters that emerge within the context of a system of systems. On the basis of domain analysis and desk studies of ELSI in IT supported emergency response and broader explorations into the philosophical ethics of emergency and disaster (see above and BRIDGE D12.2), we have compiled a systematic overview of ethical values, principles, virtues and rights (Figure 19) to serve as a heuristic tool. Figure 19 ELSI Qualities Session Overview of Ethical Qualities This heuristic guided eight two hour long sessions with concept case owners, designed to explore the ethical implications of their respective CCs, their technologies and intended as well as non-intended uses. These sessions attempted to explore the ethical implications of the technology for all imaginable stakeholders (i.e. victims, first responders, bystanders, response organisations, the ‘general public’ etc.). While the voices of those stakeholders were not physically present in these sessions they were represented by members of WP2 and WP12, who drew on interviews, observations, previous co-design sessions and literature. The “design public” was hence represented, rather than directly engaged through participation. The direct participants in the sessions include the following roles: Designer: A computer scientist or engineer who has been developing the system. Ethicist: A member of WP2 or WP12, knowledgeable in the domain and ethical principles. Jurist: Peter Wahlgren, the law expert in WP12. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 99 of 161 System Architect: A designer involved who has been involved in the infrastructural design. All have been involved in end-user engagement and are able to speak on behalf of users and some transcripts of interviews with users are presented to illustrate how their voices were heard. In the ethics sessions we discussed the concept cases along ethical qualities, which in the course of these discussions where interrogated to explore whether – and if yes, how - they surfaced in the use of the CC system. We proceeded through: 1. A brief recap presentation of the CC, by the CC owner 2. Description of the Ethical Quality (Quality is the generic term we used for virtues, principles, rights, values), Explanation of those qualities in regard to the CC, Discussion 3. A reflective analysis based on recordings and transcriptions of the discussion, which flowed into design, requirements specification, validation and evaluation (D2.5, D10.3). All ethics sessions used a heuristics for probing and scanning the Concept Case along 12 ethical values or principles (for a comprehensive description of the wording that was used to introduce these qualities for the discussion, see appendix of this deliverable and BRIDGE D10.3): Autonomy Inclusiveness Fairness Responsibility Dignity/Humanity Solidarity Leadership Cooperation Prudence. Legal sessions explored: The right to know Privacy Data quality Purpose binding Right to be forgotten A discussion of architectural qualities explored these and some additional issues from a systemin-use perspective (for a more detailed discussion of architectural qualities and definitions, see D4.2). The architectural sessions deepened understanding of ethical and legal issues. These sessions were organized around the following architectural qualities. Transparency Interoperability & coherence Responsibility & Formal decision support Traceability & Auditability Mixed intelligence and collaboration & Compatibility Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 100 of 161 Graceful degradation Versatility Scalability Overview Availability & Reliability Capacity & Load / Utilization The goal of these sessions was twofold: On the one hand we wanted to disclose in a participatory process the implications that might be hidden in the socio-technical system and its (many possible) lived realizations. The assumption was that these implications would only show themselves in use, which is why we played through scenarios with stakeholders and engineers, feeding into those scenarios a sensitivity for ethical, legal and social concerns. The result of this are complex challenges and opportunities that might ask for technological answers, but often also point to a need to adjust or pursue innovation in practices, policy, regulation, education and training or public engagement, which requires a broader ethico-political focus. Through its participatory and experimental approach, and its publications, the BRIDGE project contributes to the shaping of such a wider societal process of value-sensitive socio-technical innovation. With these evolving sensitivities, we explored the feasibility (and limitations) of technical, social and socio-technical ‘solutions’ and sought to embed ways of addressing the issues raised into BRIDGE socio-technical innovation. Technically, some progress could be achieved by excluding certain options, setting defaults (e.g. privacy by default), striving for transparency and accountability in computational processes, implementing anonymisation, encryption and exploring options for containing data flows (especially in cloud solutions) and forgetting data. 6.5 Disclosing ELSI – Findings The analysis of these sessions showed that most of the technologies under examination produce ethical implications not only by themselves, but also as a result of their interaction with other parts of the system of systems, as a kind of additive effect. The results of our ethical investigation are, hence, thematic assemblages of ethical issues, system of system elements, concerns and practices which emerged in this attempt of practicing disclosive ethics by mapping ethical implications onto the system architecture and its probable uses. Core thematic complexes are presented below. 6.5.1 Transparency: Two conflicting notions Acting in ethically, legally or socially circumspect ways is often frustrated because technological functions are black-boxed in several ways. The networking, code, algorithms and processing all cannot be inspected at runtime (Introna 2007). And even if this was possible, it would take complex, black-boxed tools to do this. In the world of IT the black-boxing – paradoxically – is often referred to as ‘transparency’ or ‘seamlessness’ (Weiser, 1991, 1994). This vision of ‘invisible’ and intuitive computing is seen as a benign design philosophy that protects the user from unnecessary complexity, aiming to enhance the usability of IT. However, it is in conflict with another notion of transparency which actually means the opposite – that processes are visible for the user, reflecting what is going on under the hood and thus empowering users to make changes on the fly. This concept has been discussed as accountable, seamful, or palpable computing (Dourish, 2001, Chalmers, 2003, Büscher & Mogensen, 2007). The tension between these two notions of transparency within the BRIDGE System of Systems plays out especially prominently regarding the concept cases SWARM and Adaptive Logistics, because their algorithms automate the coordination of potentially myriads of allocations. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 101 of 161 In terms of ethics, ‘Adaptive Logistics’ is a special concept case since in connecting, coordinating and synchronizing workflows it is part of the middleware and embodies core features of the systems of systems approach the BRIDGE project explores, including: Scalability (i.e. ad-hoc adding any number of organizations and processes into the workflow management, as long as they adhere to some basic standards such as EDXL) all with their own rules of engagement Coordinating the collaboration of autonomous systems (i.e. while the systems remain autonomous, they merge into a system of systems (scale up) which in a complex way pursues a “common goal” Tracking (and to a certain extent logging) resources and processes The coordination and workflow management is done “agent based” (algorithmically) It is the tracking and logging and the automation aspect of this technology that raise ethical opportunities and concerns, but also the scale of synchronization, which means (and this is the case for middleware in general) that the number of processes that are running and that are coordinated are impossible to monitor at a human scale. While this supports unprecedented efficiencies, when it is unclear where things happen in such a powerful system, it is also a problem to know who (which part or stakeholder) is responsible and liable for a process. Being a bundle of autonomous coordination mechanisms, Adaptive Logistics, along with other middleware components, takes a special role within the BRIDGE project. Here, this twofold notion of transparency is playing out as the system not only attempts to remain in the background, being transparent (invisible) and thus not getting in the way of users’ work, but even more in the sense, that transparency in the sense of making accountable the processes that are going on, would not be possible, or comprehensible for a human user. This is illustrated in the following contribution made by a designer of the Adaptive Logistics CC: Designer: … It’s very hard to include the human in the loop in the process of workflow generation because they don’t speak BRAWL [BRIDGE Annotated Workflow Language] and are not quick enough ... But the user is in command of what we do and either modifies or selects workflows or changes the rules that direct the workflow generation process. Regarding human sense making, we have a little of this in the sense that we can depict what the BRIDGE system as a whole is doing and what it will do in the near future and what it has done, so we can help make sense of what BRIDGE is doing. Adaptive Logistics, in other words, minimizes the role of the human in the loop, or “human sense making”, because the processes are too complex, and the human would actually be in the way. While the user could inspect if resources match up, she would not need to know how they are coordinated, thus she could not intervene, when it seems to her that this coordination is not done in the most efficient way. As this section shows, the coordination is achieved collaboratively, with the organization setting the rules and constraints, while the algorithms take care of the execution, but the algorithms themselves cannot be inspected/overseen and for instance fine-tuned by humans who do not understand BRAWL. For the concept case SWARM, which monitors and manages resources, similar principles apply: Designer: Only the functionalities for team formation might be less transparent, they are based on a sort of intrinsic sorting algorithm, a priority of a list of potential first responders to be included in a team, and the system itself provides a means to select from this prioritization some people and dynamically from a team. This could be less transparent, although we have so much info from the Ethical and Legal session that we know that we should provide very good documentation about this. […] some things are Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 102 of 161 automated in such a way that you can explain what the system does but it doesn’t mean that you can explain why it comes up with a certain choice, but if you analyse the input that comes through the system you will understand why it makes certain choices, in that sense [it] is transparent. The implications of problematizing the (lack of) transparency of technology are interesting. The emphasis on transparency as invisibility rather than visibility has, for example, wider implications for the practice of emergency response. As the System of Systems logic of Adaptive Logistics and SWARM suggests, the algorithmic coordination enables organisations to keep doing what they are doing, giving up only the allocation and logistics and, within the limits the organisation has decided beforehand. The autonomy that is given away is adhering to roles and to policies and integrity constraints agreed upon apriori. However, creativity, flexibility and role improvisation – which are essential for effective emergency response (Kreps and Bosworth 1999, Webb et al 1999, Webb & Chevreau 2006) – are made difficult, and for the system improvisation will mean that the task failed. Moreover, a lack of transparency in the sense of system accountability or inspectability constrains people’s ability to notice and address system failure. In order to make computers safe, humans must be able to inspect (in real time) what it does. Yet, what is the “right” moment for this? The notion of transparency as system accountability suggests a desire of transparency at run-time and in the end a human in control (at all times). This transparency is an interesting requirement, especially given that it is only ever possible to a certain extent. Knowledge, expertise and tools are a prerequisite for people’s capabilities to inspect and understand. Not everyone will understand BRAWL, even though it is designed to be transparent in the sense of self-documenting. Furthermore, from a praxeological perspective, it is doubtful if cognitive ‘inspection’ is really how understanding, creativity and control are enabled. In fact, there is a huge body of research on tacit knowledge and embodiment, arguing that the knowledge of how to perform a practice is mostly implicit (Collins 1996, 2010; Polanyi 1958, 1966; Ryle, 1945). Similarly, accountability and trust are often locally negotiated, and not necessarily established by explicitly inspecting all the information in detail. What this highlights is a humanist bias in the ethical principle of “autonomy” and in related notions of “transparency” which lead design into very complex questions. Our research suggests that a more ‘posthuman’ approach that acknowledges the entanglement of human embodiment and intelligence with machines may be more fruitful (Büscher et al, 2015c). It may sound abstruse to call people ‘posthuman’ and to argue against a humanistic perspective, especially when concerned with ethical questions. However, analysts show convincingly that ‘we have never been human’ (Haraway 2008). From fire, to shoes, to IT, technologies have always been an integral part of what it means to be human. There simply is no purely human or technological. The concept of the ‘posthuman’ awkwardly, but highly productively effects a shift in perspective and opens up promising new design avenues, by, for example, focusing on the social and material practices involved in making things transparent and how these are or could be augmented by technologies. These practices may be cognitive, but may also be embodied, and perceptually multi-sensory. In this discussion, the notion of ‘control’ comes to be re-specified, too. The disclosive ethics investigation with Adaptive Logistics and SWARM were highly productive in highlighting that the ethical implications of the proliferation of black-boxed and autonomous technology which humans interact with, rather than control. It will be one of the great ethical challenges of the coming years. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration 6.5.2 Page 103 of 161 “Everything will be Logged” – Between Coordination and Surveillance The combination of wearable sensors and systems for tracking, logging, aggregating and sharing data – such as Adaptive Logistics, SWARM, eTriage, Advanced Situation Awareness and the HelpBeacons have strong affordances for beneficence by supporting richer risk awareness, better responder safety and learning. But they can also afford harm, for example through increased surveillance – both for disaster victims and first responders. In our sessions but also in the field work the surveillance element in logging as a partial record of first response processes were often articulated in a paradoxical way: Yes, tracking everything should help with coordination, just as time logging every move will help with the paper work of report writing, while on top of this it makes transparent what went right and what went wrong for post disaster review. It helps to assign responsibility as well as to learn from one’s experiences. Yet, can the logs be trusted to show the events ‘how they truly happened’? Negotiating sensible and ethically circumspect ways of logging and managing logged data turned out to be one of the most sensitive and challenging issues in exploring innovation for an informationalization of emergency response throughout the BRIDGE project. It coincided with debates about the right to be forgotten and the difficulty in implementing it in today’s societies34. In a discussion on logging during an ethical qualities session, we came across the difference between control data that will circulate as long as a process is active, listening for its completion, and (usually) disappearing with it: Designer: For coordinating the workflows, processes have to be specified, which produce artefacts that other processes listen for ([for] completion) and operate in relation to that (for instance start, count down, etc.). All this is done algorithmically and in time, i.e. for the time that one process is going on and another one is listening, data about it (control data) must be cycled. Once this workflow is finished and the one listening has acknowledged that, this could be deleted (or simply not logged). The control data could however also be logged ... Ethicist: the legal side is interesting, but what does that do to work processes? If organizations know that everything is logged, e.g. finding a victim, the victims condition, the ambulance arrival, etc. and there are organizational targets, and somebody can inspect the process, e.g. a victim died, and they find that a part of the responders’ process wasn’t perfect what does that do to the responders? Designer: the system is bound by the rules that you define for it. We do not log as such. We log the progress of the workflow. There are processes that are waiting for artefacts to be produced that are sampling the responsiveness of actors and agents that will notify supervisory entities as soon as the deviations from the client workflow becomes too much. Ethicist: after the emergency response, do you delete all that data? Designer: we don’t store it as such, it is control data that you use in the management process. It’s an issue of how you want to give feedback to the participants in emergency response what you want to do with the data. The fact that we don’t store it, it doesn’t 34 http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 104 of 161 mean that you cannot store it, there are many stakeholder here, e.g. if a victim dies, maybe the family want to access the data, and the response agency maybe wants to delete the data because somebody is going to hold you accountable. Similarly, the CCs SWARM and / or Dynamic Tagging enable close monitoring of resources (human and non-human) as well as victims, and this is a pre-requisite for Adaptive Logistics to be able to do its task of automated workflow coordination and management. At the same time, in combination, these CCs could monitor and log the behavior of first responders, allowing auditing and evaluation of their performance, albeit on a contextually impoverished basis of partial information. In one of our co-design sessions in Stavanger first responders were concerned about this functionality, arguing that while the logging might be useful for training purposes, it could problematic if used for evaluation. The log of the event misses large parts of situational context, which is crucial for evaluating the performance of rescue personal fairly: I‘m afraid of the logging system telling what I did on that patient, because we [only] see the patient’s vital data, we don't see how the patient lies, what was around in the room, did the paramedic have a bad situation of working that influenced what he was capable of doing. So the log shows a poor treatment of a patient, but that was actually the best treatment the patient could get in that situation. So that's my concern about logging and use it without thinking about consequences or you see the point on a screen and you say, oh, he's doing it, he's not doing it well, but he was maybe on the worst part of the scenery and that could be a problem, and I see that many people often get but these effects Statistics, this is the fact: he is not doing good, this scenery: he is not doing good, that scenery and we have to go in the "why" it must be, the logging must be the scene, which puts up the next question - why did It happen like that? To investigate more of it. Then the logging is good. (Head of Paramedics) Furthermore logging might not only lead to unfair treatment of first response personnel after the fact, but impede their performance in doing the work. While after the fact first responders often question their decisions and wonder if they should have done it otherwise, it is crucial that they do not take this insecurity with them to the emergency site. The awareness that their actions are being logged might bring a self-consciousness to the work, that can undermine professional judgment, as one of the heads of Norwegian Paramedics explains: So I think maybe that could lead to a passive health care, because you only do the thing you are sure of, you don't take a chance in order to saving a life. When you encourage people to do things out of the box […], we have to do creative thinking to save most people. If that's allowed in ourselves if we can evaluate it within our self saying ok, good job, could we have done it better […]. Otherwise doing that: "you didn’t", "that was a bad decision", "why didn't you?" then you get a passive part. […]. So then for this logging might be a problem because people want to be safe and play it by the book (Head of Paramedics) This combination of logging/surveillance and autonomy/being pro-active also came up in the Ethics sessions, where autonomy, i.e. the ability to make informed and un-coerced decisions was related to having a safe and trusted environment. The question is, how this can be insured, when actions are being logged. While it may cause passivity on the side of first responders, it can also shift responsibility to the Command level: And maybe they become insecure and feel they have to ask the Incident Commander more often for advice. And agency/autonomy gets distributed to the Incident Commander. This way autonomy gets re-distributed. If this happens because of the system it is not clear whether this is good or not. (Head of Paramedics) Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 105 of 161 This first responder expresses the concern that while actions get logged, their contexts are not, thus providing a distorted account of the events, a pseudo-objectivist, yet actually quite thin account of the process, which is problematic if it is being used for evaluation of the response: So [there is] more data, [and] more people [are] getting the data [but they are] not sensing the whole part of it. Just seeing, we could have been saved. Yeah, we could have been saved, but not in these circumstance. […] I think when we are at work we have to do creative thinking in most cases, Because you get a patient in a home, the stairs are different, he has a dog, I'm afraid of dogs, there is always something in the circumstances around the patients doing something about how we can cope with the patient. And I've always said that we have the same patient group, but every patient and patient treatment comes individually, because we have your framework on doing the chest pain patient, but framework has to fit in in the circumstances, where this patient is so yes he's got […] the treatment, but then we have to do some choices about: how do I get this patient out in the best way in this ambulance? The best way is to not let him walk. But when I go down a stair or carrying this patient and he gets scared, that's maybe putting his heart rate more up than if he's walking. And this is the kind of settings where of course he should be carried, but maybe that's not the best choice for this patient. And that's in the stats logging - you ok, but this patient should be carried, that's in my stats. But it's worse for the patient because he's nervous, or we are not fit enough to carry him. So, the stats is good, because it is the framework of working, but we need to have that golden path of doing our work, and we need to accept that sometimes less than perfect is the best we can do. And of course, if less than perfect is the normal day, then we have to consider if the path is the right way to go. But that's a different discussion I think. (Head of Paramedics) So, logging enables individual and organisational transparency, accountability, auditability, and learning but it is also problematic. It transforms people’s capacity to act autonomously and practice responsibility, it changes the spatial, temporal, organisational, political frames in which responsibility applies, raising complex and contradictory legal, ethical and social implications. 6.5.3 Reciprocity of perspective: Do they know they are being watched? The question of logging, surveillance and the anxieties this might imply is further complicated by the fact that for the person logged, it is not always possible to know what information is being logged and by whom. The traces that various sensors leave behind and their recording are not felt, nor visible. In terms of the resource management systems in the BRIDGE SWARM, for example, we became aware of this as problematic, when we negotiated the distribution of visibilities among the various devices, in particular the question of whether “resources” (i.e. first responders) would be able to see themselves and their colleagues on their devices or whether this would only be aggregated and displayed on the central Master display: Ethicist: the individual resources that are made visible on the Master; can they themselves see where they are made visible and what is made visible about them? Designer: no, we only display the data that comes in the BRIDGE system, through the resource manager, the resource manager controls the information that is displayed. Reciprocity of perspective is a fundamental material and social feature of collectively performed phenomenal fields in physical environments. Reciprocity of perspective means that if I changed place with you, I would see what you see (Schutz 1970). It enables empathy and dialog, because it enables people to put themselves in other people’s shoes. This principle matters enormously in the actively produced order of collaborative work, because it makes other people’s behaviour Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 106 of 161 intelligible and predictable. Digital technologies transform time and space and can make it difficult to establish reciprocity of perspective. Often this happens for good reasons. What needs to be negotiated for the BRIDGE Master are the conflicting needs for a minimal interface, showing to first responders in the field only what is directly relevant for their task at hand, while at the same time empowering the first responder in his / her orientation in the overall situation by showing them how they feature in a distributed order of work and being in charge of their own data or at least knowing what is known about them. 6.5.4 Emergent Interoperability, Cooperation & Trust Building Interoperability is often equated with cooperation, which in the context of emergency response, makes it a matter of efficiency but as we will see also, an ethical issue. Cooperation entails a functioning division of labour, i.e. units that are not in each other’s way, where there is no redundancy (the same job being done twice) because everyone knows (and agrees upon) what they are tasked with. Successful collaboration is ethically beneficial because it implies consensus, transparency and inclusiveness, but also solidarity. The system of system infrastructure developed in the BRIDGE project is supposed to enable emergent interoperability and collaboration, but it is unclear to what extent interoperability actually engenders collaboration and cooperation. One might well say that the successful aggregation of all resources on a map and their subsequent addressability does not make for a common operational picture in itself, but that being cooperative and working together is an attitude and a practice which might be supported by such technologies. In the large exercise in Risavika, where we were able to try out BRIDGE System of Systems technology in a realistic setting, first responders often stressed how important it is to train cooperation, and the importance of knowing and trusting each other: The important thing about this exercise was not, that we did particularly well or that everything worked, or to prove how good we are, but it was about getting together, building trust, getting to know each other, (literally carrying victims together) (Head of Ambulance after Risavika Exercise) This underlines FEMA’s concept of a “Whole Community Approach to Emergency Management” (FEMA, 2011), which claims that building “effective response networks” (Arjen Boin & ’t Hart, 2010) relies on “understanding and meeting the actual needs of the whole community, engaging and empowering all parts of the community, and strengthening what works well in communities on a daily basis” (ibid. 23). In other words, familiarity, long-term engagement, intimate knowledge of local issues, and each other are crucial for a successful collaborative response effort. The notion of emergent interoperability is sometimes seen as being technologically able to bypass or substitute for such a shared history, experience, and trust. But, referring to BRIDGE situation awareness and workflow management tools (Adaptive Logistics, Master, SWARM, eTriage), the head of Stavanger Paramedics highlighted that they will provide a better overview for leaders, but almost more importantly raise responders’ awareness for each other. This is something that could more proactively be designed for, for example, by providing more effective means of extending reciprocity of perspective in time and space. At the same time, he made it quite clear – supporting the importance of a common history also stressed by the head of ambulance – that the technology by itself would not enable or bring about collaboration, but that training and getting to know each other does: It is a problem that we are not coordinated, because we could use the technology to get coordinated together, it would remind us of the other's work, but we also need to be Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 107 of 161 aware of each other, train together, how are procedures done together, because we need in those situations, when a man is shooting many people and we need to get in and save as many as possible we need together to do it together, we need to have the same understanding of the situation. (Head of Ambulance) An important issue to explore is whether use of BRIDGE across the different phases of emergency planning, management, response and recovery, the Situation Awareness and Workflow Technologies might support collaboration and trust, because they make transparent, visible for each other and hence addressable what everybody is doing. Such support for awareness could also make it easier to coordinate across organizational and national borders. It even suggests that there is room for building emergent inter-organisational and international teams where for instance a fire fighter drives the paramedics truck so both paramedics can be on the site taking care of wounded: Those [co-ordinations] aren't trained today, we are doing the first training session together with the police. We have done it this month. So it's early, but we see that very often engaged with my workspace, police workspace and fire workspace, if we planned it better together we would be more efficient together. So sometimes I need the police officer to help me, or the fire fighter to help me in a short period of time. Maybe they got many fire-fighters doing nothing, because the fire is out. Then maybe I could use them to drive our trucks, because then I have one paramedic in the field, one paramedic in the car, then I could be more efficient with my patients. The alternative is that the paramedics is driving the car, one is back treating the patient, and the fire fighter stands again alone and have to do the treatment on the scene - I think our people are more educated to do that. (Head of Paramedics). 6.5.5 The Human in the Loop? Locating Responsibility Mary Douglas in her analysis of risk and blame (Douglas 1992) points out that our Western notion of putting blame on an individual actor (and the need to trace back chains of action to a causer, primarily necessary for reasons of legal liability, blame, responsibility and compensation) is not at all the only way of modeling the connection of events and agency (gods, ghosts, the devil or sorcery may not count as legitimate causes for most, yet acts of nature, retain more diffuse notions of causality). With technology playing such an important role in our societies agency is often hybrid, composed collectively, human and technological (Latour 1996, Barad 2007). Yet our legal system demands that we trace back agency to a human or at least an entity that can act as a legal entity such as a corporation, organization, institution (which in the end will again be translated into individual or groups of persons). The potency of this demand becomes visible, for example, in European Transport Commissioner Siim Kallas’ assurance to European citizens that remotely piloted aerial systems (RPAS) will always remain under the full control of a human: And let me be clear on one point. We are talking here about machines which will be under human control, not completely automatic. Somebody, somewhere will always have his or her hand on the joystick (Siim Kallas in EU Commission 2014c) Such statements address anxieties about failing machines, or machines out of control, while at the same time operating with and trying to make real legal fiction of individual human control and causation, which is empirically never true. Technologies are transformative, and different technologies shape what it means to be (post)human: Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 108 of 161 You are different with a gun in your hand; the gun is different with you holding it. You are another subject because you hold the gun; the gun is another object because it has entered into a relationship with you. The gun is no longer the gun-in-the- armory or the gun-inthe-drawer or the gun-in-the-pocket, but the gun-in-your-hand.... If we study the gun and the citizen [together] ... we realize that neither subject nor object ... is fixed. When the [two] are articulated ... they become “someone/something” else. (Latour 1999: 179–80) Many of the discussions during the ethical explorations in the BRIDGE project, were informed by the dichotomy of human vs. technology (our validation team even went so far as to sort ethical implications concerning either the human or the technology). However, in our studies, interdisciplinary discussions and co-design activities, we often realised that it would be the affordances of individual elements assembled in a certain way with others, that would produce effects with ethical implications. 6.5.6 Where is Data Protection? For example, in a System of Systems, various systems gather, process and share information, and the issue often arises where in the system data protection would have to be located or, to put it in ethico-legal terms: who (which element) would be responsible for this, whose duty would it be? A system like the Master, for instance, serves as an interface to many of the individual systems and displays (and therefore gathers, aggregates visually, even if the aggregation might be done in the middleware) information. Is it at the gateways into the Master that data protection takes place? Or is this the responsibility of individual sub-systems and applications that supply data, such as ASA or SWARM? But how could the data processing processes there anticipate potential effects of information aggregation, which may allow re-identification, even if data has been throroughly anonymized? Moreover, to support personal data sharing, it is a legal requirement is that the system must, prior to its use provide a complete list of categories of people that may share their personal data and the purpose for collection. How can purpose be anticipated in a system of systems with emergent interoperability, in a context where exceptions may apply at various levels? In a distributed system like BRIDGE the question then is, where to establish this list of categories and purposes and which system is responsible for it? Since the Master Table is the prime system of aggregation and publishing (making visible) shared data, it must find ways of protecting data. Designer: we are only using information that is published to the BRIDGE system, is this the responsibility of the application that provides us with this information or should we also present these categories on the Master? Jurist: yes, or you must have a list that reflects the situation for the MasterTable because people that do not know the BRIDGE System-of-System do not know that the categories are defined in the application, so it should also be presented on the Master. That goes for all Systems-of-systems. Designer: so we must agree on how to store this information within the BRIDGE system (overall system) and the CCs should publish to the BRIDGE systems these kinds of categories and the Master can pick them up again Jurist: yes, and all CC-owners should be aware that they should work on this Designer: the CCs need to provide us with this info and we can show it Jurist: correct Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 109 of 161 Designer: still it is up to the CCs to define those categories Jurist: yes, there is a need for all CC-owners to communicate this with each other and to allocate the responsibility who is to do this, and the Master is a hub, different kinds of info are published to you, so you can build on the lists of categories of people that are used in other CCs and systems, and aggregate this information Designer: so it is not difficult for us to show this information, since this is a system-ofsystems and we subscribe to any type of information that is available, but what we can do is based on the standards, which type of information…. Another related question is who should be able to have access to the information that is shared. Since the Master is making this information available, it again is a question how to manage who should be able to see these resources and information: Designer: but the Master users are managers … we look into filtering and aggregating, this is the Master Jurist: and here you have one component that you can work from, the volume of data must be limited to the most relevant aspects Designer: we don’t control the information that is put into the BRIDGE system Jurist: yes, and communicate about this with the other CC-owners, this is a mandatory legal requirement (Master Legal Session) Legally, for each system component there has to be a list, which defines the kinds of data that is shared, whose data that is, and for which purposes it has been collected, also specifying how data will be minimized and defining the categories of people who have access to it. Hence, the system itself is not obliged to offer a technical solution to restricting user access, it does however need to specify the group of people who access is restricted to. The ethicist might add questions about how meaningful lists of categories and purposes are that are likely to be very wide and varied so as to allow data sharing between the diversity of agencies involved under the exceptional circumstances emergency response. How does this afford privacy and civil liberties to be protected? This is one of the questions explored in D12.4 ‘Wider Societal Implications’. At a more practical level, a question arises whether access management should be implemented in the system architecture as a “formal decision support” feature, where “Formal decision support makes users aware of technical, legal or regulatory regimes, plans and social/ethical constrains that may affect operations”. While the discussion among BRIDGE system developers resulted in a clear assignment of the responsibility for encryption, anonymization etc. to the Master (distribution of responsibility among system components) it still remained contested in which way this then should happen. Would there be an automatic filtering mechanism, which will show information according to organization role of those using an instance of the Master (there are handheld versions that can be used by responders in the field who will have access to only specific information) or should it be the responsibility of the Incident Commander, who should know by training what they are allowed to do, or could a “formal decision support” feature for every action specify (as a document or a pop-up) who may access or be privy to certain kinds of information: Ethicist: This is about making the user or other components of the system aware about different legal or other requirements which they have and they should also understand when they go outside of these ethical or legal boundaries… Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 110 of 161 System Architect: the Master as such would be the component in BRIDGE that would have the standard for this, since the actions taken in emergency management situations clearly relate to that responsibility, and you have to know what the systems you can and are allowed to take, and the difficulty is of course how to manifest this in the technical design, this is high-level. Designer: in my opinion, if you are an Incident commander you should know what you are and aren’t allowed to do, and you can include these kind of specifications in the Master somehow but I’m not really sure that this is something that the users would find valuable, and open this document and find out what they can do or not System Architect: no, but maybe this applies more in a training situation Designer: yes Designer: I think in the Master this is not addressed at all, this has also to do with what we discussed about roles, so if it’s not role-specific then everybody must be able to do everything but for role-specific instances e.g. a firefighter can have some info but not all. And we have filtering mechanism already. In the course of this discussion the important role of learning to work with the system and training is highlighted, which could be a very fruitful application of BRIDGE technologies. During training, the Master could be equipped with decision support features which allow exploration of data protection rules, so that in real situations, people know what they are and are not allowed to do with data, in essence developing their embodied and tacit ‘posthuman’ phenomenology. Phenomenology is a term that describes the experience of the ‘building materials’ of the world and their sensory properties, as well as the skills and practices of perceiving and inhabiting this world and – with BRIDGE – a distributed system of systems. 6.5.7 Smartphone devices While Europe has the second highest smart phone penetration in the world, ownership is uneven. Five European countries have surpassed the 50% mark (Norway, Sweden, Denmark, UK, The Netherlands) and more are set to join them in 201535, but there are also several countries with far lower penetration rates (Figure 20). In other parts of the world, penetration rates are often far lower. In Africa, for example, 85 per cent of mobile-only web users access the internet with a ‘feature phone’, a device offering some but not all of the features of a smartphone36. This matters for BRIDGE in that if European BRIDGE users are to be involved in international missions, they may not be able to assume the same kind of connectivity amongst the population as in Europe. But even in the UK (63%), Sweden (62%) and Norway (68%) 30+% of the population do not have a smart phone. Moreover, these inequalities of access are distributed unequally. Those least likely to have access to technology – the poor, the uneducated, women, people with disabilities, the elderly, ethnic minorities (Smith 2013) – are also the most vulnerable to disasters. Similarly, local organizations, public services and even governments in poorer countries are also less able to take advantage of technologies. 35 36 http://www.emarketer.com/Article/Worldwide-Smartphone-Usage-Grow-25-2014/1010920 http://www.ifrc.org/PageFiles/134658/WDR%202013%20complete.pdf Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 111 of 161 Figure 20 Smartphone Penetration in a selection of European countries (2013) Source: http://think.withgoogle.com/mobileplanet/en/ [Accessed 3 August 2015] Even if people do own a smartphone, there is a ‘participation gap’, based on differential ability to utilise the versatility the affordances of a smartphone (Park 2013). Park highlights that ‘the more skilled a user is in operating the smartphone, the greater is the possibility that he or she would be able to fully exploit the technical capabilities of the device. Therefore, the intragroup smartphone divide indicates the gap between users who are confined to a limited set of functions on the smartphone, and users that are able to use a diverse set of applications’ (p.1). Figure 21 Smartphone Growth Trends 2020 Source: http://www.gsmamobileeconomy.com/GSMA_Global_Mobile_Economy_Report_2015.pdf [Accessed 3 August 2015] The BRIDGE project has been sensitive to these challenges of accessibility. The concepts at its heart - ‘emergent interoperability’ and systems of systems – are designed to create openness to a range of devices. Development focused on smartphones in some cases (e.g. SWARM and Helpbeacons), because their adoption is expected to grow (Figure 21) and measures can be Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 112 of 161 taken to support both access and participation. Helpbeacons, for example, can be deployed on devices running Android (supported APIs range from 2.3.3 to 4.x), with Android being the most widespread operating system for mobile devices and by supporting lower API versions the system can be installed on a wide range of devices (see also 6.6.8). Access to the app on smartphones is supported by simple interfaces, viral means of enabling ad-hoc installation, and consideration of the potential to install SOS Apps like the Help Beacons as part of smartphone factory settings. For further discussion of this, see also BRIDGE D10.3 and D2.5, and Al-Akkad et al (submitted). 6.5.8 Action distributed - Ethics re-specified: Posthuman Phenomenology & FRITS There is a trend towards ever increasing automation and autonomous systems in many domains (transport, security, border control, face recognition, piloting, traffic logistics, warfare) and the emergency response domain is no exception to this. While philosophers and sociologists have long challenged the notion of “autonomous actions” in various ways, the need for control, accountability and transparency demands that it is possible to assign responsibility to a human or social entity, which is inscribed in law. In chapter 2 we reviewed different positions that probe the boundaries of ethical, lawful and socially responsible conduct during disasters, ranging from ‘monist’ suggestions that normal ethical principles and laws should always apply, regardless of the exceptional circumstances of disaster (Zack 2010), dualist positions, which advocate the construction of a legally authorized space of discretionary power in ordinary law, and a Schmittian position which promotes the view that some disasters may exist outside of the law, exempting the state from normal moral judgement during an emergency (Schmitt 1985, Walzer 2006). We concluded with a recommendation for virtue ethics, following the Aristotelean tradition in philosophy which moves the emphasis from responsibility to the ability of doing good, or as we could say with Greenough & Roe (2010) ‘response-ability’. This challenges the notion of responsibility and the idea of a “doer behind the deed (Nietzsche 2006, 26) as a legal fiction whose function is to be able to assign blame and punishment. Respecifying ethics building on notions of relational, posthuman agency seems to be needed as we are including more and more automated non-human entities in the mix. Deeds do not simply happen randomly, they are organised within networks of resources and infrastructures they are distributed collaborative and multiple (Hutchins 1995). The persons who can be observed as acting, do not pre-exist the action, they are augmented by technologies, constituted and composed in the process of action (Latour 1999). As already discussed, one strategy that takes into account such co-composition and non-human participation in morally relevant action is privacy by design, i.e. the inscription of norms and ethics into technology. But this approach restricts the usability of technology and uses functional characteristics in order to enforce a certain behaviour on the side of human users. Another strategy, which would flexibly enable rather than rigidly enforce virtuous practice would be to enhance users’ awareness of their hybridized posthuman activities, configuring the human in the loop in a way that allows richer awareness of temporally or spatially distributed or extended responsibility. In the BRIDGE project the idea that both interoperability and responsibility in a distributed setting practices that must be supported by technology is reflected in the FRITS training system, which is a combination of a training methodology and various technical systems which enable the users to embody the technology and become embodied in the technology more circumspectly. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 113 of 161 Ethicist: the Training System is brilliant to enable people to learn from mistakes and from things done well, and to allow people to trace back what happened, This is a form of mixed intelligence: human sophisticated reasoning about what happened and the system’s capacity to find out what happened and this is bigger than the human recollection of what happened. Designer: we aim to do this. You can have an overview camera and collect information from instruments, e.g. positions etc. so when an observer marks something, to find all data that support this in an easy and structured way, to support this. To tag something with time and position. Ethicist: I think you use Mixed Intelligence and Collaboration in at least 2 tools: the Methodology Tracker, this is where you use the intelligence of the technology in the sense that you have a basic structure of steps through the methodology but you use the expert to complete everything, also in the analyzing part. It is not possible to do all of this by only using technology, the technology is offering the structure, and communication between different parts, but in the end there is the exercise board that needs to put the final information in, right? The FRITS system combines the observation and logging capabilities of the AKKA system with the simulation powers of the Virtual Battle Simulator (VBS), which in combination with several BRIDGE interfaces allow for: Training for interoperability (i.e. assembling systems of systems) and technologically augmented cooperation practices Inspecting closely collaboration practices in Systems of Systems Practicing situation awareness Sensitizing for values such as inclusiveness and solidarity While the Training System (FRITS) has been evaluated in terms of its ethical, legal and social implications as a technical system, we also discovered its capacities as an investigation tool for disclosing ELSI regarding the emergency domain and the BRIDGE system of systems. 6.6 BRIDGE Middleware, Concept Cases and ELSI This section elaborates the summary of BRIDGE responses to ELSI challenges and opportunities provided in BRIDGE D9.4. BRIDGE has integrated consideration of ELSI into the development of the BRIDGE middleware for the assembly of systems of systems as well as the design of prototype systems or ‘Concept Cases’ (CC). This has not been a ‘tick-list’ approach that looks for ‘solutions’ to ethical, legal or social puzzles and a overall need to increase efficiency, agility and efficacy of crisis response and management. Such ‘solutionism’ is, as we discuss in D12.4, inadequate in view of the opportunities and challenges arising (see also D12.2 and Liegl et al 2015). However, we have defined a concrete set of architecural, ethical and legal qualities and requirements informed by analysis of social, ethical and legal practices. These are inter-related, with ethical and legal qualities defining key issues arising from a societal perspective and architectural qualities integrating and complementing these challenges with a view to the overall added value of the system ‘architecture’ and the edifice of systems of systems that can be assembled with it. These qualities are summarised below in Figure 22. They are explained in the Appendix in Section 8 in this deliverable, which contains slides used in design discussions, and elaborated in the Requirements Specification for BRIDGE (D2.5) and other deliverables and publications (e.g. D4.2, D10.3, D12.1, D12.2, Al-Akkad et al 2013, Wood et al 2013, Boden et al (submitted 2015)). Our efforts to provide an integrated demonstration in the final project demonstration have showcased some of the ways in which Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 114 of 161 BRIDGE has attention to ELSI ‘inside’, and they have highlighted further opportunities and challenges for systems of systems innovation. In this section we selectively summarise key aspects. The selection is motivated by the aim to show how BRIDGE has aimed to address all qualities (tagged below with the labels AQ (architectural), EQ (ethical), LQ (legal quality)). However, most qualities are contextual and could apply to all BRIDGE Concept Cases in different ways during different phases of crisis response and management, and in different situations of use. Evaluation of how well they have been addressed also depends on who is concerned and what their interests are. For example, an individual’s ability to make informed un-coerced decisions about disclosure of personal medical data partly constitutes his or her ‘autonomy’ (EQ). This is an essential value in European Societies and a quality people should be able to realise in technologically augmented contexts. However, in a crisis, it may be legitimate, necessary and highly desirable for all or some parties involved to override an individual’s autonomy and to collect and process such personal data even without their consent. We have discussed the legal basis for such exceptions in D12.1 (p.26ff) and explored the implications in D12.2 and various publications (e.g. Buscher et al 2015). The selective review in this deliverable develops the discussion in D9.4 and provides an overview of how BRIDGE has concretely responded to ELSI opportunities, challenges and risks through its innovations, based on the final demonstration. Figure 22 Architectural, Ethical and Legal Qualities 6.6.1 BRIDGE System of Systems Integration and Middleware The scenario to demonstrate BRIDGE starts before the incident occurred (See D9.4). At this point, operations are routine. Emergency operators are on normal duty, the BRIDGE middleware is running in some agencies, monitoring of key sensors and resources is taking place using BRIDGE concept systems. At the Police Headquarters, for example, the BRIDGE Information Intelligence system is used to monitor social media for reports on emergencies. The Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 115 of 161 uses and data from the multiple agencies engaged in routine operations are not integrated into a common information space at this point, but they could be. The scenario snapshot demonstrates how the quality Availability and Reliability (AQ) is realised. At T05 – five minutes after the explosion at a factory (modelled on the French disaster at the AZT fertiliser factory described in BRIDGE D9.4) – when in the original situation emergency centres were overwhelmed by a flood of conflicting emergency calls, responders in different BRIDGE emergency centres can see that some monitored sensors and resources have disappeared from their instantiation of the MASTER because of the explosion. The BRIDGE Middleware service catalogue, orchestration and data model and management services are used to enable data from different CCs to be pushed to the BRIDGE system, and the MASTER system presents them on the map, which also enables organisational interoperability by supporting establishment of a common operational picture. All relevant partners are allowed to access the MASTER, using standard web-browsers. This illustrates how emergent Interoperability & Coherence (AQ) are achieved with the BRIDGE system. The BRIDGE CCs connect via the middleware to other systems (e.g., the Master) to disseminate information. The orchestration service provides generic format and structure transformation services, information is disseminated based on existing standards (i.e., XML and EDXL) and the BRIDGE Middleware support for emergent interoperability also allows integration of taxonomy services like EMERGEL37, evidence of how Internationalisation (AQ) is supported. Privacy (LQ) is supported by design. The BRIDGE middleware supports security, trust and privacy as a combination of guidelines, models, and supporting technologies including Privacy Level Agreements, Trust agreements and standard cryptographic operations for protecting confidentiality, integrity and authenticity of messages. Message-related services provide functionality for hiding the identity of the sender, the content of a message or the recipient of a message. However, while BRIDGE leverages the state of the art of development in this field, the usefulness of ‘privacy by design’ in system of system innovation is limited. The exceptional context of emergency response, where interconnection with ‘smart city’ services is increasingly sought generates complexities that are beyond existing approaches. We have developed conceptual resources to develop more innovative support for human practices of controlling privacy, trust and security. These are documented in deliverables and publications (e.g. Buscher et al 2015, D12.4). At T013, the assessment phase begins, as first responders are en route to the incident. There is further bootstrapping of the BRIDGE System of Systems: All services register with the BRIDGE Service Catalogue, the BRIDGE QoS Repository and frequently update their status in the BRIDGE Resource Status Repository. There is an option for agencies to register their policies in the BRIDGE Policy Database, which addresses legal qualities around the Right to know categories, types and purposes of data collection and processing (LQ). This also responds to the call for Responsibility (EQ) in the sense of enhanced preparedness – where all organizations and individuals that might have a role to play in emergency response and recovery should be properly prepared and be clear about their roles and responsibilities. The BRIDGE middleware’s support for emergent interoperability allows a degree of flexibility that supports Inclusiveness (EQ), in the sense that information from a wide range of sources, 37 http://vocab.ctic.es/emergel/ Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 116 of 161 including medical sensors, social media, mobile phones, drones, apps (such as the BRIDGE Helpbeacons) can be integrated swiftly and taken into consideration for the common operational picture. While this does not include all systems (e.g. all emergency response legacy systems and feature phones), there has been attention to accessibility. 6.6.2 Adaptive Logistics Adaptive Logistics plays a special role in the BRIDGE innovation effort, as it uses the middleware services most extensively (see also D2.5). Therefore this concept case is described in greater detail than other BRIDGE concept cases. The capability to orchestrate a vast amount of information systems into a coherent system of systems creates a need for awareness of data controllers, data flows and data management protocols. The BRIDGE team identified a need for Responsibility and Formal Decision Support (AQ) that can make users aware of technical, legal or regulatory regimes or social/ethical constraints that may affect operations. The Adaptive Logistics CC addresses this quality by automating parts of implementing policies for agreements between agencies in terms of how to deploy resources and how to achieve results (inter-organisational). It can help organizations to cooperate with each other in a way that is compliant with the rules of engagement. However, embedding support for responsible conduct and decisions in systems of systems is a complex challenge. BRIDGE has developed conceptual resources for the development of support for transparency and accountability and this is being taken forward in discussions for further research proposals and in the SecinCoRe project 38, where insights from BRIDGE ELSI research are integrated into the design of advanced common information space concepts. The workflow generation and management mechanisms provided by Adaptive Logistics are designed on the one hand to make the complex computational process transparent in the sense of ‘invisible’ to the user. On the other, they enable inspection through the BRIDGE Annotated Workflow Language (BRAWL). These efforts support Transparency (AQ) in two senses and in ways that empower human practices of acquiring skill and controlling the highly complex processes of crisis management. Our work highlights that transparency is in the eye of the beholder, it cannot be embedded statically by design, but depends on users being able to understand the operation of the system. There are opportunities and challenges arising from recognising this contextual nature of transparency, which are explored in 6.5.1 above and a range of publications (e.g. Wood et al 2013, Perng and Buscher 2015). During the Assessment phase of the response, a critical task for the Incident Command team is to determine where they can expect victims to be, an estimate of numbers and the types of injuries that can be expected. In response to this need, the Adaptive Logistics Collaborative Workflow Generation and Management Mechanism computes a workflow ‘Victim Assessment’ and kicks off key services, including RAM, DEIN and PLUS Modeling as a Service (MaaS). The result of this information gathering effort is displayed on the Master. The execution of the workflow is monitored by the QoS Monitoring Service. By mobilising these advanced resources, the BRIDGE System of Systems enables enhanced Mixed Intelligence and Collaboration (AQ), that is, it enables unprecedented capabilities to combine human reasoning with computational calculations of relevant variables. It thereby becomes possible to prepare in a more informed manner for the triage process and the reception of patients in hospitals. In a broader perspective, this is an example of how BRIDGE Systems of Systems support a more 38 http://www.secincore.eu Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 117 of 161 informed exercise of Fairness (EQ), as it becomes possible to distribute scarce service resources more effectively to those who most need it as well as those who are most likely to benefit. More generally, this is an example of how BRIDGE supports greater levels of Prudence (EQ) than is currently possible by supporting practical wisdom and the exercise of discernment, perspicacity, judiciousness and discrimination on the basis of more and more accurate information. Adaptive Logistics brings together the capabilities of a vast array of human participants and artificial components and enables their coordination. In doing so, it supports Solidarity (EQ) and subsidiarity, that is, the principle of devolving decision-making to the lowest possible level whilst supporting coordinative action at a higher level. 6.6.3 Advanced Situation Awareness During the first 15 minutes of response during the Assessment Phase, the first rescue team flies the Hexacopter over the explosion site and sends the first images of the destruction and environmental sensor data from the smoke cloud. Using the data, the Expert System provides advice to the Incident Command team regarding self-protection measures for first responders and precautionary measures for members of public. The Modelling Module produces a plume dissipation model for the next few hours based on the current meteorological data. UAV are able to obtain real time multi-sensory information more cheaply and more safely than is currently possible, and they can go closer to sources of risk than any other resource. Through supporting new forms of Mixed Intelligence and Collaboration (AQ), the Advanced Situation Awareness CC enables enhanced Leadership (EQ). Moreover, its modelling capacities are often based on exceptional efforts to obtain Data Quality (LQ) and Flexibility (AQ). With regard to the former, the triangulation between modelling results and real world measurements (such as correlation with high quality visual documentation of explosions (D10.1) and photographic evidence of injuries from the London bombings) allows high levels of confidence in the models. With regard to the latter, the establishment of a library of models enables fast and flexible exploration of likely impacts in relation to a wide range of settings where incidents may occur, including railway stations and airports. While this does not eliminate the rule of uncertainty in the dynamic high risk environments of crisis management (see e.g. Perng and Buscher 2015), it supports more informed and ‘prudent’, efficient, agile and effective response. The demonstration highlighted a currently highly problematic regulatory situation in Europe that creates barriers for use. Due to the Dual Use capacity of UAV there are restrictions on how systems like Advanced Situation Awareness can be utilised. To travel from Austria to Switzerland, the Hexacopter’s flight capacities had to be disabled, because it can carry a payload of more than 5kg, which could be used to mount a weapon. Furthermore, the capacity of UAV to take high quality video virtually anywhere raises concerns over surveillance and leads to further restrictions, which differ widely in different EU countries, showing that there is a need to establish clear data controller and data processing regulations. While the aim must be to safeguard the Right to know the categories, types and purposes of data processing (LQ) as well as the Right to be forgotten (LQ) to leverage the capabilities of BRIDGE System of System innovation, innovative regulatory and design approaches are needed. We discuss this issue further below (7.1.5), see also Kerasidou et al (2015). 6.6.4 Dynamic Tagging (eTriage) At T20, triagers start triaging people. BRIDGE triage bracelets are conceptualised to turn on automatically as soon as they are pulled from the pack, realising qualities of Performance (AQ). They report position and category of victims. For victims in areas without GPS, triagers can set the position manually. In areas without network coverage the bracelets are conceptualised to Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 118 of 161 send triage data over the triage relays. The design of e-triage as an example of dynamic tagging of the environment enacts the quality of Graceful Degradation (AQ), that is, when encountering difficulties, the system does not stop providing its services, but continues to provide them as well as possible with the resources that are still available, e.g. through redundant network connectivity. When the quality of a service decreases, users are made aware of this and supported to enact ‘manual’ workarounds. The system also embodies a quality of ‘graceful augmentation’ (Jul 2007), that is, it continues to support practices that have evolved around paper-based triage (e.g. through the colours of the bracelets) so that even if the digital aspects of the technology were to fail completely, effective triage would be possible. Dovetailing with other systems in the BRIDGE System of Systems, such as Adaptive Logistics (see above) and SWARM (see below), Dynamic Tagging supports a more circumspect approach to the Fairness (EQ) of triage, but also the overall Dignity/Humanity (EQ) of response. By allowing responders to bring more information about victims into the common operational picture and to reason about the categorisation of victims more swiftly and in a more informed and dynamic manner, people will suffer less. As described in the introduction, exceptional use of personal data in this situation may be lgitimate and useful, but it may also conflict with values of Autonomy (EQ), because there is a risk that data may ‘spill’ beyond the delimited context of the crisis. The CC addresses this quality by engaging in Data Minimization (LQ). It collects the minimum amount of information necessary for triage. In addition, the CC facilitates Traceability and Auditability (AQ) by logging the positioning, tracking and monitoring of victims as well as categorisations made. The demonstration reflected manifold discussions with responders who, faced with the capabilities of BRIDGE integrated eTriage appreciate the potential, but also worry about new liabilities. With new technologies like the BRIDGE eTriage, logging can become an issue discouraging first responders from certain actions for fear of liability. There are no easy ways of balancing Traceability and Auditability and Responsibility and ultimately the Right to be Forgotten (LQ) (more on this below). The BRIDGE team have developed analytical isnights and conceptual resources to enable the people involved in crisis management and response to notice and manage such conflicting demands (see 6.5.2, D12.4, as well as Buscher et al 2014) 6.6.5 First Responder Integrated Training System FRITS FRITS seeks to establish an optimal learning and training methodology, supported by the integrated BRIDGE System of Systems. In doing so it strongly supports Prudence (EQ), especially with a view to the preparedness of responders and their capabilities of mobilising advanced technologies effectively into the crisis management and response effort. FRITS takes Traceability and Auditability (AQ) to unprecedented heights. It makes it possible to monitor the movement, communications and vital signs of responders and to retrospectively inspect the unfolding of decisions with a richness and flexibility that is highly valuable. FRITS also addresses Scalability (AQ) in a way that demonstrates the power of BRIDGE System of Systems innovation. It can support training activities on all levels from training related workshops, through table top exercises and up to full scale exercises with many diverse data sources. The supporting tools can be scaled to fit these different training activities and can be chosen and adapted to suit cost- and learning-effective training. The exercise management team can adjust which of the phases and activities in the Methodology Tracker (MeTracker) is relevant for each training activity. While such richness and flexibility is highly valuable, responders have voiced concerns over how they can exercise their Right to be Forgotten (LQ), especially when lessons learnt from training exercises carried out with their participation could be used to train subsequent groups Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 119 of 161 with different participants. BRIDGE responds with an awareness that personal data no longer required for the purpose of the processing stated at the time of collection should be securely disposed of after it is no longer needed, as this was discussed during many encounters with responders and during the internal Privacy Impact and Ethical Impact Assessments. However, this could simply lead training organisations to state their purposes as wide as possible, including re-use of data for training subsequent clients, which does not address the responders’ concerns. The BRIDGE team is developing concepts of designing ‘for’ privacy and the right to be forgotten, for example, by leveraging state of the art capabilities for homomorphic encryption, anonymisation and accountable data mining (D12.4). We are developing ideas for research that leverages these to build on BRIDGE innovation, given the fact that training is a domain where there is an invaluable richness and flexibility of monitoring. Storing an analysing data about responder activities could produce highly valuable lessons learnt of they can be utilised without compromising people’s integrity and within a safe and experimental, nonlibelous environment. 6.6.6 Information Intelligence As remarked upon by one of the reviewers at the BRIDGE final demonstration, the rise of social media use in crisis situations is seen as frightening by many emergency response professionals. While information provided by members of the public could be very useful, reliability and accuracy are difficult to establish and there are dangers of rumours, self-organised responses and vigilantism (Perng et al 2013, Pohl 2014, Buscher et al. 2014). However, it can be critical for responders to be aware of the conversations and self-organized volunteering that emanate from ‘the crowd’. But the sheer amount as well as the ‘noise, misinformation, lost context and the unstructured nature of social media updates all contribute to an emerging information processing problem, with information seekers forced to “drink from the firehose” to identify the data they need’ (Starbird 2012, Disaster Relief 2.0 Harvard Humanitarian Initiative, 2011). The BRIDGE Information Intelligence CC addresses this issue of information overload by enabling advanced Mixed Intelligence (AQ), that is, analysis that combines computational processing with human sense-making in a way that provides richer and more accurate insight and supports Prudence (EQ). There is no automatic decision performed, the CC forces a collaboration between the technology and the user. For example, the user has to look at identified sub-events and mark them as important to push them to the Master. Tracking communication about ‘sub-events’ in a crisis also allows responders to react more dynamically and in a more informed manner to information and activities orchestrated by members of the public using social media. More detailed knowledge about this opens up potential for more Inclusiveness and Cooperation (EQ) in crisis response, as emergency responders can engage more directly with the public if required (Buscher and Liegl 2014). The simulation engine in the Information Intelligence CC also supports Prudence (EQ) in another way, by enabling integration of simulated social media communications in exercises, enhancing the preparedness of responders. Because the Information Intelligence CC processes personal information provided for purposes other than crisis management there are mechanisms to prevent unauthorised access, including login mechanisms, realising qualities of Access Control (LQ) to protect Privacy (LQ). In relation to this, the BRIDGE team has also explored the design of representations that could be inspected by users allowing them to understand how their social media entries are used and how they are analysed to be able to take control of their privacy in a more circumspect manner. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 120 of 161 However, a suitable explanation/representation of the analysis algorithms would be needed, which is understandable by non-experts. Research building on BRIDGE could develop this. There is a frequent concern regarding Fairness (EQ) when the organization of search and rescue missions shifts from a grid based approach to a potentially more accurate and sped up approach which relies on location information, and information provided by social media. Such an organizational shift entails the potential for a digital divide if first responders prioritize such calls for help. At the same time first responders might be under pressure if they stick to other established criteria and do not prioritize those calls. Information Intelligence addresses these issues in that the sub-event approach scans for clusters of incidents, people affected and impacted areas, thus not privileging individuals but providing Inclusion (EQ), since the notion of a sub-event raises awareness not only for those who reported it, but also other people affected who are in the area. A further important issue in relation to Information Intelligence is the reliability of data provided by members of the public, raising issues around the legal quality of Data Quality (LQ). In D12.2 we discussed how providing or acting on crowd-generated information about conditions carries potential legal liability (p. 118). The Information Intelligence CC responds to the possibility that people might post malicious or inadvertently false information within social media. For example, it is designed so that the number of reporters discussing the same sub-event is currently displayed as a simple reliability gauge. In the future, additional “trust-models” to identify reliable information can be developed. 6.6.7 Master The Master addresses many of the qualities already mentioned, and many of the other CCs support the qualities the Master excels at. As the visual portal to the BRIDGE System of Systems it supports Cooperation (EQ) and Overview (AQ) in an exemplary manner, which is why we have reserved discussion of these qualities until now. Users can subscribe to information from a vast array of diverse systems and have it displayed, demonstrating also the capacities of BRIDGE to achieve Scalability (AQ) and Versatility (AQ) in systems of systems. The use of EDXL means that a wide range of systems can connect to the Master, facilitating Interoperability and Coherence (AQ). Users can push information to others and enter into message communication, access predefined emergency plans and collaborate in situ and in distributed settings, for example by drawing on the Master map, which can flexibly be turned to be visible for all connected, or be kept private, for example to the command and control centre. Cooperation is also supported through the resource allocation mechanism, which can assign responsibilities via drag and drop. It can also be used to minimize complexity for users when the system scales up. Mixed Intelligence and Privacy can be realised through the use of filtering. Mixed Intelligence or computationally augmented human reasoning is supported in unprecedented ways, because information is automatically synchronised, and it is possible to assemble it visually in precise and easily understandable ways, also utilising mechanisms of visual information aggregation that reduce information overload and clutter. This enables production and maintenance of a rich common operational picture across many distributed locations. There is a risk that users of the system can focus too much on things shown on the map and forget that there are more elements involved, undermining Inclusiveness (EQ). For example, victims who are not tagged with e-triage bracelets will not appear and could be forgotten. There may also be responders, resources and bystanders involved in the crisis who are not tagged and Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 121 of 161 therefore not visible. The experiments with BRIDGE prototype systems of systems show that practitioners already always combine the use of new technologies with analogue systems or systems that cannot be integrated easily. Thus socio-technical means of responding to this challenge exist, reminding us of the fact that BRIDGE is a socio-technical not an all encompassingly technical system of systems that has to fit into an ecology of practices inside and outside its boundaries. 6.6.8 Robust and Resilient Communication Mesh Networking and HelpBeacons – the two main concepts developed under the heading of ‘Robust and Resilient Communication’ are integrated into BRIDGE system of systems, for example, combining their functionalities with the Advanced Situation Awareness CC and the Master. Like most of the development undertaken in the Robust and Resilient Communication CC, HelpBeacons exemplify the BRIDGE response to challenges arising around the qualities of Maintainability & Flexibility & Reversibility & Modifiability / Evolvability (AQ), apart from also addressing many of the other qualities already discussed. HelpBeacons do this by utilising remnants of networking (Al-Akkad et al 2013). The concept was inspired by how people make use of the names of Wi-Fi home networks (SSIDs) to broadcast short messages conveying simple, anonymous information. For instance, some SSIDs may express neighbourly requests as “Turn the noise down”. A Wi-Fi network is visible in a certain range and the advertised SSID is usually the first thing people become aware of. Essentially, people can easily relate and understand SSID names, supporting Inclusiveness (EQ). The creation of an emergency beacon defines a sort of “Help me” signal (a HelpBeacon), which may help professional first responders to find persons, addressing the quality of Dignity/Humanity (EQ) by reducing fear and suffering. As default settings in smartphones notify users of the presence of detected networks, any arbitrary person in the vicinity may discover the emergency signal and become involved in the rescue process. The design supports Compatibility (AQ) by using Android, the most widespread operating system for mobile devices, and by supporting lower API versions the system can be installed on a wide range of devices. The App can be installed virally, as long as one person within range has it on their device. As soon as the victim application is launched it starts to search for available Beacons. Also, users can select from predefined help messages or type in a new one. This flexibility goes some way towards bridging smartphone divides. The design supports Modifiability, Evolvability and Reversibility (AQ) in particularly interesting ways. Modifiability is the way in which the BRIDGE system of systems approach supports enhancements to individual components while keeping the system as a whole working. By integrating the HelpBeacons with Advanced Situation Awareness and Master CCs, the capabilities of all three are extended. Evolvability allows users to extend the assembly of systems whilst assuring continuity of the whole. This is demonstrated in the Graceful Degradation (AQ) of the HelpBeacon in ‘broadcast’ mode (to be used, for example, in an earthquake situation), or a ‘seeker’ mode where victims silently send a beacon, which can only be read by authorised response personnel (to be used in a shooting or terrorist incident situation). This capability responds to the potential for misuse in certain scenarios, where there is a threat that help calls may be received by the wrong people, or people may generate fake distress calls, which could be harmful for first responders that react based on such false information (Boden et al submitted). This capability also illustrates the BRIDGE approach to realise the quality of Reversibility, which allows designers and users to revert to previous states and change the design, as the BRIDGE systems of systems approach provides a service oriented and component based architecture. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration 6.6.9 Page 122 of 161 Situation aWAre Resource Management The SWARM system critically supports capacities of resource management. It provides an Overview (AQ) of resources (including assets and first responders), their status, availability and their location, to incident commanders as well as first responders in the field (overview limited to their immediate surroundings). It supports Cooperation (EQ) through allowing managers to communicate tasks to first responders with more detail and room for negotiation and explicit acknowledgement, by means of text message based task descriptions, as an alternative to radio communication. It also enhances Cooperation by providing new ways to involve human resources in a more ad-hoc manner, by means of dynamically creating teams which adhere to location constraints, availability constraints and capability constraints, reducing the operational efforts of incident commanders and enabling them to focus on the tactical level. By being able to carry out these functions with a potentially vast number of resources, the SWARM exemplifies the BRIDGE response to Scalability (AQ). Utilising the middleware, it is able to visually communicate resource and task status updates to all relevant first responders and command posts within 30 seconds after these statuses have been updated, illustrating how BRIDGE addresses the qualities of Performance (AQ) and Capacity & Load Utilisation (AQ). More specific information regarding the technical realisation of these qualities is provided in the respective technical deliverables, as well as summarised in D2.5. 6.7 Discussion: The Leverage and Limitations of Disclosure The interdisciplinary collaboration quality sessions were designed to systematically disclose ELSI within an ongoing design process and a broader socio-technical innovation endeavour, where, of course, such disclosure was also happening ‘in the wild’, throughout the project. The overall aim of paying attention to ELSI is to enable carefully radical and radically careful informationalization of crisis management and response. By reflecting on ELSI we have been able to move some way towards developing systems that more effectively support more productive as well as more virtuous practices. The qualities sessions were generative of many insights and design ideas. Disclosure leveraged more circumspect innovation, in some cases – for example integrating rules and categories for data protection into the BRIDGE Master systems. However, the sessions did not cover all issues that are important for ELSI aware innovation, and there are many issues that are beyond the capacity of design to address. In the final chapter of this report we now discuss issues that were not directly addressed in the qualities sessions, but that have arisen elsewhere within the collaborative design process, for example during end-user advisory board meetings, co-design workshops, or project meetings. This will broaden the discussion of the limitations of disclosure and support the overall conclusion of this report, which calls for more integrated technical and socio-technical innovation efforts, science and society engagement. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 123 of 161 7 Conclusion: BRIDGE-ing for Preferable Futures New technologies engender transformations of the social and material practices of emergency response. This is particularly important with a view to ELSI arising in systems of systems innovation in emergency management, because new ways of accessing, sharing, reasoning about and communicating information affect the conditions for ethical, lawful, and socially responsible conduct. The informationalization of emergency response that is currently underway could result in different desirable and undesirable futures. Negotiating intended and unintended, negative and positive consequences is not just a matter of seeking ‘acceptance’ for sociotechnical innovation. It requires a much more broad-based and deeper involvement in the shaping of desirable futures where diverse stakeholders can find the means to express their voice and take responsibility. The BRIDGE project contributes to wider efforts to enhance the security of European citizens and the humanity of disaster planning, management and response in a context of increasingly frequent and severe crises. With the discussion in this chapter we draw together important aspects that have so far not been addressed but which have significantly shaped the innovation work undertaken in the project. We begin with a set of thematic discussions of key issues, then sketch out possible futures and conclude by calling for deepening collaboration between interdisciplinary science and design research and society further, building on work like that undertaken in the BRIDGE project. 7.1 ELSI Aware Socio-Technical Informationalization of Crisis Response 7.1.1 Balancing Security with Emergent Interoperability The security of data “both at the time of the design of the processing system and at the time of the processing itself, particularly in order to maintain security and thereby to prevent any unauthorized processing’ of personal data” (Pagallo, 2011) has been a central concern for endusers involved in the design of the BRIDGE system of systems. Numerous discussions have raised questions about how the validity and reliability of data can be ensured and how unauthorized access (e.g. by the media or persons with malignant intent) can be prevented in ways that sufficiently assure users. The design responses to this need in the BRIDGE system leverage state of the art security mechanisms at the level of individual systems, utilising, for example, encryption tools. While in relation to the security of citizens the challenge is to balance security and privacy in a way that societies can have both, when it comes to data security, it is a matter of balancing security with emergent interoperability and flexibility – emergency responders need both. 7.1.2 Balancing Privacy and Security The BRIDGE approach has shown that inscribing compliance into technologies, e.g. through privacy by design approaches can be of limited utility in view of the dynamic nature of emergency management and the need for role improvisation and emergent interoperability in systems of systems approaches. Privacy cannot easily usefully be ensured or ‘enforced’ apriori by design in this context. However, our qualitative studies and experimental engagement with stakeholders have also highlighted a third approach of human-practice focused privacy by design. This is based on a shift from conceptions of privacy as a value that has to be traded in in return for security, or a right that has to be respected through regulation, to an understanding of privacy as a contextual, situated and embodied practice of boundary management that is augmented and constrained by technologies, cultural conventions and the law. By taking this perspective, alternative socio-technical design avenues are opened up, for example via Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 124 of 161 specification of non-functional requirements such as architectural qualities of transparency and inspectability. For example, privacy protection in emergency response systems of systems may be supported by imposing temporal and geographical constraints on data sharing, ‘seamful design’ (Chalmers, 2003) and approaches that support ‘accountable’ or ‘palpable’ computing (Dourish, 2001, Kyng, 2007). When, in times of crises, boundaries between different systems (telecoms databases, transport management systems, police records, social networking systems, insurance databases) are made permeable, allowing automated data collection, data mining, analysis and profiling, conventional privacy protection that involves limiting access at the point of data collection, including using legal, cryptographic and statistical techniques is likely to be prohibitively rigid and restrictive. Accountable data-mining, an approach developed in response to the fact that the Internet provides a huge source of data that can render conventional access-limiting methods ineffective and impractical, is an example of innovative privacy solutions that may be useful in a human practice focused approach. Referring to the US use of data mining around Passenger Records, (Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler & Sussman, 2008:85) argue that: ‘Laws that limit access to information do not protect privacy here because so much of the data is publicly available. To date, neither law nor technology has developed a way to address this privacy loophole.’ New socio-technical mechanisms are required and Weitzner and his colleagues suggest: Transparency: mechanisms where the history of data manipulations and inferences is maintained and can be examined by authorized parties (who may be the general public) Accountability: one can check whether policies that govern data processing were in fact adhered to (Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuiness, Sussman & Waterman, 2006:) In the context of emergency response exceptional breaches of data protection regulations may be necessary and legitimate. Personal data may, for example, be used for purposes other than those specified at the time of collection. To support trust in systems that support interoperability in times of crisis (but not under normal circumstances), the design of tools that make the use of personal data accountable both at the time of use and retrospectively, seems promising. 7.1.3 Data Sharing, Large Scale, Cross-Country A central prerequisite for emergency collaboration is the enhanced capability for data sharing. However, on a European level who gets access to what information turned out to be a contentious question. From the domain experts involved in the BRIDGE project and the enduser advisory board (EUAB), some of whom are in leading functions of firefighting, ambulance, police or civil protection organisation, we learned that on the cross-border level within the EU cooperation is sharply defined by the EU Civil Protection mechanism, where detailed regulations exist on EU cooperation in disasters. As BRIDGE systems afford live monitoring of resources, who could be in different countries and under a different command, interesting discussions arose around the use of BRIDGE for cross-border assistance: EUAB member: no, only the country that is affected is in control. Otherwise it’s not allowed by the EU. Monitoring on an EU level is forbidden Designer: collaboration is difficult, EUAB member: no, the command in this country controls it, the people on the ground know best what to do, it makes this effective. Designer: but what about a central overview, to know who is doing what, where? Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 125 of 161 EUAB member: We know that because of the governments. There are daily Situation Reports. A country sends it to Brussels and Brussels disseminates that. In every command centre there are the experts on a national level. There is aggregation, by sending reports to the next level (bronze, silver, gold command) the next level doesn’t need to know everything. Designer: All processes are defined. Is there an overview on who is doing what where? EUAB member: Yes, we do that in country reports to the EU, which report on where EU forces are doing what. From our standpoint, we already have all the info we need when we send our forces to another country. If Italians ask us to send a specific task force to L’Aquila, we consult with the manual on what they mean and send them what they want. (End User Advisory Board Meeting, Risavika 2013) We see in this discussion how the idea of situation awareness is deeply politically charged with questions of sovereignty. Current EU law and policy restricts logging to the national level, where neither Brussels nor any other country has the jurisdiction to overview. The feeling expressed is that the EU collaboration mechanism which spells out who will take the lead in an incident and how then cross agency and border collaboration takes place is not only detailed enough, so that everyone knows what to do, but also in a way morally binding in its subsidiary structure (the local / national agency takes the lead and “owns” the COP). After a few more exchanges, it turns out that while there are mechanisms in place, the response still almost never goes by the book. There are problems with coordination, training and technology. BRIDGE makes several socio-technical offers to deal with cross-agency and cross-border collaboration. Yet our investigation of current EU policy on cross-border collaboration points to a dilemma: While there is a strong attachment to the current strictly defined procedures, there is also the acknowledgment, that the response almost never goes according to the book. A system like BRIDGE with its possibilities of supporting centralized and distributed situation awareness, could be the basis for tackling and discussing such issues also on a policy and regulation level. 7.1.4 Interoperability and informational practice & politics A recent stocktaking review of lessons learned from an analysis of international crises as diverse as the Victoria Bush Fires, the London bombings and the 2002 Elbe floods finds that a ‘lack of interoperability between first responders and communication problems are the most common findings’ (ENISA 2012). Such findings fuel widespread calls for greater interoperability and data sharing, because it seems clear that more interoperability between emergency agencies could enhance societies’ capabilities to prepare for and address crises (NATO, 2006, Armstrong, Ashton, & Thomas, 2007; Dawes, Cresswell, & Pardo, 2009; Desourdis & Contestabile, 2011). BRIDGE supports greater interoperability. However, our studies and collaborations with emergency responders show that the key question is not how first responders could be pushed to cooperate and use technology more, but how their practices of sharing, but also withholding and controlling information can be supported with technology. Many emergency responders and managers invest high hopes in technology ‘that provides the right information, at the right time, and in the right place’, because they share the belief that it has the potential to reduce disaster impacts. It enables managers to plan more effectively for a wide range of hazards and to react more quickly and effectively when the unexpected inevitably happens. (Koua, MacEachren, Turtun, Pezanowski, Tomaszewski, & Frazier, 2010:255) Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 126 of 161 But the BRIDGE project shows, resonating with evidence in the literature that matters are more complex than making more information more easily shareable and opening communication channels (Buscher et al 2014d, see also Heath & Luff, 1992; Bannon & Bødker 1997; Wolbers & Boersma 2013). Numerous post-disaster reviews of multi-agency emergency response highlight failure to share data as a serious challenge, providing examples of how rules, working practices, national laws can obstruct collaboration (BRIDGE D12.1). For example, reflecting on evaluations of the emergency response effort after the London 7/7 bombings in 2005, Hilary Armstrong, UK Cabinet Minister for Social Exclusion, pointed out that: It was apparent that in some parts of the emergency response, the requirements of the Data Protection Act 1998 were either misinterpreted or over-zealously applied. Subsequent reports … have indicated that the London experience in this respect is not unique. (Armstrong, Ashton & Thomas, 2007) In the aftermath of the London bombings, data controllers considered that it was not legal to pass personal data initially collected from victims by the Family Assistance Centre on to successor organizations for follow-up support. This complicated continuity of care for people and led to a fragmentation of response efforts. ‘Silo-thinking’, or a lack of organizational interoperability, where individual agencies do not collaborate even where this would be useful and possible is widely seen as one of the main barriers to organisational interaction (Dawes 2009, Cole 2010, Desourdis 2012). Technology is often seen as a solution. After the 2011 Norway attacks, for example, the specially appointed expert committee concluded that The authorities' ability to protect the people on Utøya Island failed. A more rapid police operation was a realistic possibility. And they identified that a key reason for such failure was the fact that ‘the potential inherent in information and communications technology has not been exploited well enough’ (Bech Gjørv, 2012:Part IV). Our work in the BRIDGE project, and the discussion in this deliverable however, show that matters are more complex. It is clear that ‘effective coordination during major emergencies requires the development of a deeper, shared understanding of the incident and a high level of trust between responding organisations, both of which are effortful to achieve and difficult to support with current communications systems’ (McMaster and Baber 2012). The BRIDGE project has taken an approach that supports the human core of informational practice and politics, offering not only ways to share information, but also enabling complex communicative practices of disclosure, exchange, interpretation, but also discretion, aggregation, abstraction, and withholding of information. 7.1.5 Regulating the use of Unmanned Arial Vehicles Regulations relating to aviation and Unmanned Arial Vehicles (UAV) are not specifically about BRIDGE-technology and to conduct an EU/national level investigation of current legislation relevant to UAVs is currently impracticable. The development varies a lot in the different membership countries and the relevant regulations differ with respect to type of operations 39 and technical specifications (e.g. operational range and the ability to carry load). EUROCONTROL, the European Organisation for the Safety of Air Navigation, lists up-to-date national regulations 39 This precondition is not unique for regulations concerning UAVs. As pointed out in D12.2 disasters and disaster management are not well defined phenomena, basically any sector of society and any technology may be affected in unpredicted constellations. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 127 of 161 on its website, 40 illustrating widely varying approaches regarding certification, liability and restrictions as to where and when Remote Piloted Areal Systems (RPAS) can be flown. Regarding the latter, Denmark, for example, rules that for all RPAS under 25kg The distance to built-up areas and major public road shall be at least 150 m. The flight level must not exceed 100 m above terrain. Densely built-up areas, including areas with weekend cottages and inhabited camping sites, and areas with large open-air assemblies of persons must not be overflown.41 In Italy, the regulation uses the label ‘model aircraft’ and specifies that ‘[s]uch activities may be carried out in areas that are not populated and properly selected by the model aircraft operator of maximum radius of 200 m and a height of not more than 70 m, and for which it can ensure control in order not to cause danger to persons and property.’42 Apparent is furthermore that important issues are pending, due to the novelty of the domain. To illustrate this it can be mentioned that the branch organization for unmanned aerial systems in Sweden uassweden.org/ held its first annual meeting this year and recently (May 2015) did the Swedish Data Inspection Board appeal a decision from the Administrative Court stating that video cameras carried by drones do not violate regulations concerning surveillance and privacy, i.e. the issue is still open. June 22, 2015 Stockholm airport Arlanda was temporarily shut down due to the observation of an unidentified drone in the restricted airspace, spurring an intense debate on how to speed up the regulation of this technology. In Austria it has been possible to obtain a flight permit for some type of UAVs (developed during the course of the BRIDGE project) once the operator demonstrated ability to fly an UAV, existence of insurance cover, and that the UAV did not exceed prescribed noise levels. Similar UAVs could however not be used in Switzerland due to regulations defining military equipment.43 Variations in this respect, and in other aspects also exist within countries, depending on regulations of different origin. To conduct a national investigation of legislation relevant to UAVs is a task involving among other things pending and proposed regulations concerning pilot training for UAVs, certification, security, military laws, privacy, surveillance, wavelengths and radio frequencies, noise, insurances, area restrictions, height restrictions, permits, technical inspections, standards, risk analysis, necessary coordination with traditional commercial aviation legislation, liability, labour law, etc. In various countries these and other issues are dealt with by different agencies and coordinated solutions are to a considerable extent still lacking. In effect this situation is a regulatory barrier to realizing the full potential of the BRIDGE Advanced Situation Awareness Concept Case, which relies on a UAV. 40 https://www.eurocontrol.int/articles/national-rpas-regulations 41 http://www.trafikstyrelsen.dk/~/media/Dokumenter/05%20Luftfart/04%20Luftfartserhverv/BL94_uk.ashx 42 www.enac.gov.it/repository/ContentManagement/information/N1220929004/Reg%20SAPR%20english _022014.pdf 43 Cf, for a similar regulation concerning dual-use items that require export authorisation https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/422364/controllist2015041 7.pdf Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 128 of 161 As for the future it is thus possible to make some suggestions for regulatory reform with a specific view towards this area of innovation. Initially it can be noted that The European Commission Roadmap for the integration of civil Remotely-Piloted Aircraft Systems (European RPAS Steering Group 2013) outlines two different areas in need of regulatory innovation: Safe integration of civil RPAS into the European Aviation System Societal impact of the integration of civil RPAS into the European Aviation System, which includes issues of o Third-party liability and insurance o Data protection and privacy Related to the safe integration of RPAS into the European Aviation System, the roadmap contains a comprehensive outline of regulatory improvements needed and a Strategic R&D Plan for the integration of civil RPAS into the European Aviation System (Annex 1 & 2). Annex 3, a Study on the Societal Impact has been updated by two separate reports published in November 2014: Study on privacy, data protection and ethical risks in civil Remotely Piloted Aircraft Systems operations (Finn et al 2014) and Study on the Third-Party Liability and Insurance Requirements of Remotely Piloted Aircraft Systems (RPAS) (European Commission 2014c). Against this background it would be helpful to establish a working group on ELSI and regulatory reform for RPAS, specifically focused on crisis management and response, civil protection, humanitarian efforts, border security and law enforcement. Even more specifically, it would be useful to consider issues arising around the integration of RPAS and different payloads in systems of systems, with a particular emphasis on data protection, privacy and potential for discrimination (Finn and Wright 2012). This could help develop a European legal basis.44 Relevant actors who could help develop more adequate regulatory frameworks include i.e: the European Aviation Safety Agency (EASA); EU national civil aviation authorities; the European Organisation for Civil Aviation Equipment (EUROCAE); Eurocontrol; the Joint Authorities for Rulemaking on Unmanned Systems (JARUS) the Joint European Working Group JWG8 (Privacy management in products and services) relating to the European Commission standardisation request M/530 addressed to the European Standardisation Organisations in support of the implementation of privacy management in the design and development and in the production and service provision processes of security technologies 45 In this context it should also be noted that The US Federal Aviation Authority is currently developing an all-encompassing regulation for privately and commercially used UAVs. Preliminary statements by the Head of the Organisation (June 5, 2015) indicate a rather liberal approach, focusing on safety in the air space used by commercial aircraft and by UAV. A foreseeable development in Europe would require considerably more coordinated regulation 44 Also called for here http://ec.europa.eu/enterprise/docs/uas/13_LIM.pdf non-EU States 45 http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=548 Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 129 of 161 with emphasis on assuring the safety of the public as well as respect for privacy. Considering the borderless nature of large scale emergencies it can also be proposed that EU regulators study and coordinate their approach with ongoing activities on a global basis. 7.1.6 Discovering Harmful Potential Many technological innovations have unintended harmful potential that is unknowable in advance. Beyond questions of technology failures compromising response effort, and potential privacy invasions, technology might, for example, also directly put disaster victims in physical harm. This can happen in cases of violent crimes, such as terrorist attacks, when the technology that is supposed to help find victims draws the assaulter’s attention onto them. The BRIDGE Help Beacons offer ways for victims to call for help locally, by turning their Smartphone into a WiFi hotspot, using the hotspot name as a way to emit a message about their whereabouts and condition. These hotspots can be found with a seeker device, but also with simply another Wifi enabled Smartphone or other device. In the case of a violent crime or a terrorist attack thus publishing one’s location might put the victim in danger. Over the course of various co-design iterations, we discovered and investigated these risks and found design solutions (Al-Akkad et al. 2014). This EUAB member, for example, vividly sketches a scenario where the HelpBeacons might put a victim or a first responder in harm’s way: EUAB member: In Westgate Kenya, Nairobi a lady was hiding and texting, this is happening, please. nobody call me, because if they hear my phone, they will come and kill me. … So it's all very good that we are seeing with help beacon and we are able to send messages to people and they can send a message back to us … but what if the terrorist has this device and says rescue me, and then traps police men ... Designer: if we invert the set up, responder sends, and then this signal has to be somehow authenticated, it's more difficult to use the system to harm people. Similar issues were addressed after the Stavanger exercise where in a terrorist shooting scenario on a ferry and in the ferry terminal ‘victims’ (played by students) had the HelpBeacons installed on their phone. All victims were concerned about the dissemination of data to untrusted people. They were keen that only the police or any further response unit should be able to pick up their emergency messages. They stated that they would like the Seeker device to connect to their phones when they set up their status to ‘safe’ in order to know that the personnel in the field and in the control room have become aware of her new state. At the same time, the victims would have liked to have some kind of feedback about the status of the rescue operations. 7.1.7 Professional Bias and the Public Interest As outlined in chapter 5, our co-design sessions involved project partners, stakeholders and end users such as emergency services personnel and members of the End User Advisory Board. We also attempted to consider the concerns of indirect users, such as the wider public, who may be concerned that the difficulties in safeguarding data security and privacy in systems of systems with emergent interoperability used in disaster response my undermine civil liberties and freedoms (Büscher, Perng and Liegl 2015). By using a representative model, where researchers would feed concerns and interests into the exploration and design process, hence in effect playing the role of proxy/advocate. This strategy brought out a number of interesting issues regarding the role of indirect stakeholders. They came into sharp focus, for example, during codesign sessions when discussing aerial overview/surveillance using drones. Civil drones are still an emerging and controversial subject and so far only incomplete regulation is in place in European Countries. Regulatory bodies such as the EU Commission have stressed the need for the development of a common (EU wide) regulatory framework, both Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 130 of 161 to provide some legal certainty for investors and developers but also to address what is seen as apprehension about the technology on the part of citizens, including concerns over privacy intrusion, safety and issues around automation as well as the association of drones as killing machines and state weapons. Such concerns have been identified by the EU Commission as one of the key obstacles faced by the civil-RPAS market (EU Commission 2014). However, from our co-design sessions and focus groups a different picture emerged. Some professional end users were initially quite enthused about the possibilities that drones would offer for their work: The use for the police can be: it can fight crime, support customers, detect illegals in trucks, cannabis farms, and get more control (Police Officer). … we would use it for monitoring refugee camps: at the moment at our camps in Jordan it is very hard to monitor how many people get in and out of the camp (Civil Protection Officer). Such responses elicit questions around the emphasis on including only professional responders as co-designers in projects like BRIDGE. This professional bias has an impact on the kinds of ELSI that can be uncovered, and they challenge us to think what role citizens should have in research and development projects, especially in the context of addressing ELSI. This raises questions about ‘expertise’ and whether to be involved in technical discussions participants must have particular ‘qualifications’. For Wynne (2007) citizens are well qualified to participate in such discussions due to ‘their ability to contribute to ‘collective societal definition’ of the issues; ‘their ability to challenge ‘normative social commitments’ performed by science and technology; and their ‘ability to identify what is socially relevant and ‘salient’ amongst the issues under debate’ (Wynne 2007:107-108 in Tsouvalis and Waterton 2012:115). Such issues also raise questions about who is or is not invited to participate and the challenges of working with contestation and differing views (Felt et al., 2007) hence leading us to broader questions about the role of the researcher as (an organiser and) a proxy, and the politics of participation and representation. As Felt et al. (2007) argue in many cases the public are ‘absent presences’ that are represented by researchers in particular ways (p.57). Such projects construct particular ‘imaginings’ of the ‘public’ (Welsh and Wynne, 2013). For example, in the case of drone technology, research indicates that the public is not the univocal (fearful, misinformed) entity that policymakers and drone experts imagine. There are cases of drone enthusiasts, of communities using drones in humanitarian emergency settings (e.g. Meier 2014a, b) but also a limited number of studies that reveal a much more complicated and nuanced picture of the public which is not captured in media-hyped discourses (e.g. Eyerman et al 2013) (Kerasidou et al 2015). This highlights the ‘heterogeneous and dynamic nature of the “public”’ (Delgado, Lein Kjolberg, & Wickson, 2011) and the fact that there are multiple public(s), hence raising further questions about how they could be practically included. Such issues are indeed challenging, but continue to be salient, especially, as we address in the next section, as the public continues to play a central role as well as elicit new and emerging directions in emergency response. 7.1.8 Listening to the Crowd: Social Media, Inclusiveness and Dialog In previous deliverables and publications we have discussed the advantages and disadvantages of integrating social media into large-scale multi-agency response. Key insights include strong evidence for the relevance of social media. In D12.1, for example we discuss the role of digital humanitarian data collection in prioritizing formal response efforts (pp. 17-18). The Ushahidi Haiti project map below (Figure 23), for example, was used by the Department of State Analysts for the US government interagency task force and US marines to enhance situation awareness and identify “centers of gravity” for deployment of field teams (Morrow et al., 2011: 4). Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 131 of 161 Figure 23 Ushahidi Haiti Map Source: http://irevolution.net/2011/03/06/changing-world-map/ The fact that there is great scope to leverage public engagement has been a constant topic in our collaborations with emergency responders. The excerpts below, from our most recent interviews illustrate a diversity of perspectives: I think you need to have analysts or operators interrogating social media almost 24/7. Social media needs to have constant or regular monitoring. (Interview with JESIP Training Officer, UK, 31 March 2015) I think your timing for doing this [research] is very, very good, you’ve got two big drivers … One is austerity … the second is the explosion in social media. This will help get over the old people and their resistance to change, the ‘we’ve always done it that way. It’s my information, you are not having this’. (Interview with Emergency Operations Consultant, UK, 31 March 2015) The obvious thing is the whole area of social media is becoming very important, because it is active out there, people out there with their smart phone, people on twitter, on Facebook. I’ve been trying to impress upon our local people here in our own organisation this is an area we have to get a handle on, have to be monitoring social media feeds that are being generated if something major would happen. … I think that would be helpful to have a management tool, I know they exist, but I’m not sure they have been captured into the processes that we would go through. (Interview with senior Fire Officer, Ireland, 20 April 2015) Social media is a great source of intelligence. And it’s a great way of actually keeping people updated during different events. Police use twitter, Facebook, all different ones to get information out there and counter inaccuracies…and it’s good for us to measure people’s reactions to how we’ve dealt with things as well. … I think you need to have Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 132 of 161 analysts or operators interrogating social media almost 24/7. Social media needs to have constant or regular monitoring. (Interview with Police Chief, UK, 29 May 2015) In a comprehensive recent analysis of several million tweets from different disaster situations, Vieweg (2012) finds that between 7-23% of tweets are ‘relevant for situation awareness’, an average of 15%. In the aftermath of the 2010 Haiti, where 4 million tweets were sent over the space of 23 days, that translates into 600,000 situation awareness relevant messages. Attempts to leverage such information by mapping georeferenced tweets, e.g. in relation to the 2013 Elbe floods or the 2014 UK floods (Herfort et al 2014 and Saravanou 2015), reveal that even when only a small proportion of tweets (around 3%) are currently geo-referenced, this approach ‘can enhance information extraction … being valuable for both crisis response and preventive flood monitoring (p.51)’ (Herfort et al 2014). Pohl et al. (2013) show that the BRIDGE Information Intelligence clustering approach is valuable for crisis management, as it ‘serves to integrate social media into crisis management without cumbersome manual monitoring’ (p.3901). However, as one of our End-user advisory board members points out, while ‘we need some system for analysing and filtering information [from social media], of course, it’s decision support [that we need], we have to remember that’ (18 th May 2015, BRIDGE final review). This is where the BRIDGE approach can leverage significant advantages. By integrating affordances from other information systems, such as the BRIDGE Advanced Situation Awareness system and the BRIDGE Master, results from the BRIDGE Information Intelligence social media analytics or related systems can be integrated into a rich precision information environment that can support triangulation of information, enabling responders to notice and assess the relevance, accuracy and reliability of social media messages. This is a significant advance. While many disaster response agencies and policy-makers currently feel pressured to respond to social innovation in social media use during crises, and despite the wide-spread use of GIS and other geo-location technologies, the scale and speed of social media innovation ‘in the wild’ exceeds formal response agencies’ ability to adapt their processes and regulatory frameworks (Shanley et al. 2013). For example, a member of BRIDGE End User Advisory Board and the German Federal Agency for Technical Relief described how search and rescue is normally organised by mapping out a grid and carrying out a systematic search. When victims use mobile technologies to call for help, as was the case after the Haiti earthquake, they could precisely locate their needs, which changed the priorities of deployment and disrupted a process designed to ensure the impartiality and rigour of search and rescue Buscher et al 2014c). These practices disruptively open up new futures. People’s ability to put themselves on the map through social media amplifies the voices of those affected and has the potential to augment formal response efforts by providing additional information and fostering collaboration between emergency services and affected publics. At the same time, it can destructively interfere with formal response practices, undermining distributive justice (as in the example above), spread rumours and false information (Mendoza et al 2010) or challenge the security of command and control communications (Oh, Agrawal, and Rao 2010). The BRIDGE approach supports stakeholders in large-scale multi-agency emergency management with new tools to maximise positive potential and to notice and control negative effects in need of mitigation. 7.1.9 Preventative Security, Social Sorting and Probabilistic Prediction With growing capacity for capture, analysis, sharing and data-driven decision making, the ‘seas’ of data are becoming more exploitable for more effective and efficient, personalised crisis management and response. However, the proliferation of data also muddies the waters about data ownership, the purpose of collection, and the mechanisms of analysis, increasing the risk of inadvertent disclosure or misuse of personal data. Seventy-two percent of Europeans are Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 133 of 161 “concerned that personal data may be shared without their permission” (Reding, 2012), prompting a comprehensive reform of the EU’s data protection rules, which is scheduled to come into operation in 2015 (European Commission, 2012). Recent disclosures over surveillance through the US National Security Agency are fanning the debate about privacy (MacAskill et al, 2013), but many experts are more concerned about probabilistic prediction (Heaven, 2013), and exclusion, especially when they lead into inscrutable ‘social sorting’ based on personal data, because it can lead to a ‘splintering’ of societies and undermine societal virtues of humanity, equality, solidarity and fairness (Graham & Marvin, 2001). Research shows that social sorting can be beneficial in the sense of enabling the personalisation and efficient targeting of disaster management and response e.g. through preventative risk analysis, identifying the most vulnerable or prone to risk. However, this is also problematic in the sense of ‘disciplining’ the already vulnerable (the poor, elderly, or disabled, who are more likely to be ‘at risk’) or ‘rationing’ access and splintering societies (D12.2). There are techniques to enhance social sorting, and to mitigate negative effects (e.g by implementing ‘forgetting’). But Kafkaesque culmination of error, abuse, lack of transparency (Solove, 2011) could undermine the beneficence of informationalizing disaster management and response at this juncture. BRIDGE has explored and enables utilization of the best available technical, socio-technical and social solutions. Thus BRIDGE augments traditional crisis management and response through advanced ICT and new models of organization to facilitate proactive approaches. 7.1.10 Ownership, Informational Self-Determination & Interpretive Authority The definition of data ownership and associated legal responsibilities for emergency data are seen as important factors to ensure accountability for the use of data. For data owners (for example social services, telecoms operators, or local authorities) to be able to act within data sharing agreements in the context of crisis management and response, concerns about their ability to manage access and control must be addressed. Furthermore, innovative approaches to give data subjects data ownership exist. Apple has, for example, developed the HealthKit framework to protect users’ privacy by giving people control over their data and forcing App developers to state clearly how they will use their personal data. BRIDGE leverages these developments, as well as being responsive to demands for and regulatory endeavours to enshrine increased informational self-determination (D12.2). But issues arise not only around data collection and processing. Making sense of data and making sure that certain types of data enter into the considerations necessary for crisis management and response are an issue. For example, social media based ‘crisis mapping’ may make the needs of local populations more visible, but it does not guarantee that their voices are being heard or addressed (Büscher et al 2015c). Moreover, certain social groups may not have access to knowledge and skills required for producing or interpreting data. To conclude, by extending the focus beyond concerns with the efficiency and efficacy of crisis management and response, to address more complex data-related ELSI, the BRIDGE project is part of efforts that seek to augment the societal value of advanced information technologies in a way that is sustainable in terms of ethical and political values of democracy, security, equality and social justice and real world social practices. 7.2 Collectively Shaping Possible, Probable and Preferable Futures The technologies brought together in the BRIDGE project are part of a fast evolving ecosystem of technological potential. In the force-field of ever more sophisticated data collection, analysis, communication and visualisation, a range of different ‘possible, probable and preferable futures’ (Börjeson et al 2006) emerge. One option is ‘Total Security’, where security is attained through pervasive surveillance. Another, more likely scenario involves ‘muddling through’ (Lindblom Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 134 of 161 1959), where surveillance is disorganised and there are not the resources to secure a planet rocked by increasing number and frequency of disasters. This would involve patched and improvised collections of public, private and community based emergency services. Some of these may use advanced IT creatively, but there is no concerted support for this. There are runaway effects, including social sorting and surveillance, as well as technology dependence effects where technology breakdown undermines collectives’ capabilities to respond. BRIDGE aims to support a more preferable future, where citizens are protected against surveillance and disasters. BRIDGE can help integrate advanced data collection, analysis, communication and visualisation capabilities, whilst also supporting ‘reversibility’ in socio-technical innovation when people notice unintended negative consequences. Perhaps most importantly, some of the socio-techncial innovations developed in the BRIDGE project support evolution of a new sensorium and new ways of embodiment and communictaion in ‘stretched’ large scale, distributed and transient cooperative ensembles. Advanced Situation Awareness (ASA), Adaptive Logistics, ‘Situation aWAre Resource Management (SWARM), HelpBeacons, First Responders Integrated Training System (FRITS) all enhance human capabilities with this purpose, and the ultimate goal to enhance the humanity of crisis response and management. Designed with ELSI in mind, BRIDGE also tries to support exercise of virtues and maintenance of normal morality even under extreme circumstances. This might mean that certain affordances of technology will either not be used or implemented, that the capacity of forgetting must be more comprehensively be designed into the system, and ‘cultures of responsibility’ must be supported to go beyond blaming individuals. BRIDGE has not been able to pave the way for preferable futures completely. But apart from substantive sociotechnical contributions, the project team have developed a methodology for ELSI co-design that discloses opportunities, risks and challenges more richly than the individual methods that existed before. To build upon these efforts, we would argue that a stronger commitment to public engagement and experimentation is needed, drawing on these existing methods: Co-realization, which develops ideas of Co-Design through a synthesis of ethnomethodology (a particular form of sociological enquiry) and PD. It moves the locus of design and development activities into workplace settings where technologies will be used, emphasises design-in-use and longitudinal involvement of IT professionals in the ‘lived work’ of users (Hartswood et al. 2002). Critical design, also know as ‘design noir’ (Dunne & Raby 2001) or ‘speculative design’ (Sengers and Gaver 2006), which straddles into art and philosophy as it seeks to provoke and enable critical engagement. It creatively and critically explores putative futures entailed in contemporary technological developments, often by creating objects that are obliquely functional but also absurd or shocking. Service design – a relatively new approach, focused on designing ‘services’ – assemblages of human, technological, architectural, organizational components (Meroni & Sangiorgi, 2011). Collective experimentation – a ‘new regime’ of technoscientific innovation, characterised by experimental implementation of new technologies in the context of broad-based stakeholder engagement. It requires new approaches to intellectual property rights to ensure viability (such as Open Source Software, General Public Licence (GPL or copyleft) and ‘new forms of interaction between scientists and other actors, … because the traditional authority of laboratory-based science is not sufficient’ (Wynne & Felt, 2007, 27). Design for design – an approach that recognises that design does not end at ‘design time’. People appropriate technologies in a way that constitutes ‘design in use’. This is often ill supported by silent technologies and blackboxing. ‘Design for design’ seeks to Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 135 of 161 support people in developing the skill and understanding needed to be creative with technology as well as knowing about the effects of using technologies in particular ways (Ehn, 2008, see also work discussed in Büscher, Perng & Liegl 2015) There are overlaps, synergies, as well as incompatibilities between these approaches and there are no doubt more approaches that would be useful than those listed here. What a list like this makes plain, however, is that deeper engagement with a wider range of stakeholders is needed, possible, and likely to be extremely productive in shaping preferable futures around the potential of advanced ICT in crisis response and management. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 136 of 161 8 Appendix This is an Appendix, providing the original slides used for the ELSI Qualities Sessions. An explanation of how these were discussed in relation to BRIDGE concept cases is available in BRIDGE D10.3. The most significant ways in which these relate to the BRIDGE concept, middleware and concept cases are described in BRIDGE D9.4 and Section 6.6 above, as well as publications (e.g. Wood et al. 2013, Al Akkad et al in preparation). For the ethical, legal and architectural qualities sessions, we developed a guideline (Leitfaden) with introductions to those qualities, in order to elicit exploration and structure the discussion of those qualities in relationship to the various Concept Cases, components and socio-technical practices they belong to. The sessions were 2hr long meetings using the teleconferencing tool WebEx. A powerpoint presentation was used to structure the discussion. These slides were used to present the ethical qualities: Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Version 1.0: Final Page 137 of 161 D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Version 1.0: Final Page 138 of 161 D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Version 1.0: Final Page 139 of 161 D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Version 1.0: Final Page 140 of 161 D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Version 1.0: Final Page 141 of 161 D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 142 of 161 References Ackerman, B. (2004). The Emergency Constitution. Yale Law Journal, 113, 1029-91. LEELP II: 307-370. Al-Akkad, A., L. Ramirez, S. Denef, A. Boden, L. Wood, M. Buscher and A. Zimmermann (2013) Reconstructing normality: The use of infrastructure leftovers in crisis situations as inspiration for the design of resilient technology. Proceedings of the Australian ComputerHuman Interaction Conference (OzCHI'13), 25-29 November, Adelaiade, Australia. ACM. Al-Akkad, A., Ramirez, L., Boden, A., Randall, D., & Zimmermann, A. (2014, April). Help beacons: design and evaluation of an ad-hoc lightweight SOS system for smartphones. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems (pp. 1485-1494). ACM. Alexander, L. (2000). Deontology at the Threshold. San Diego Law Review, 37, 893-912. LEELP I: 121-140. Allenby, B. R., & Wallach, W. (2015 - forthcoming). The Applied Ethics of Emerging Military and Security Technologies. In The Library of Essays on the Ethics of Emerging Technologies (Series). Farnham: Ashgate. Andersen, P. et al. (2007). PalCom: Palpable Computing Open architecture. . Aarhus. Retrieved from http://www.istpalcom.org/publications/deliverables/Deliverable-54[2.2.3]-open-architecture.pdf Ansell, C., Boin, A., & Keller, A. (2010). Managing Transboundary Crises: Identifying the Building Blocks of an Effective Response System. Journal of Contingencies and Crisis Management, 18, 195-207. LEELP III: 111-124. Aradau, C., & Van Munster, R. (2011). Politics of Catastrophe: Genealogies of the Unknown. London: Routledge. Armstrong, H., Ashton, C., & Thomas, R. (2007). Data Protection and Sharing – Guidance for Emergency Planners and Responders. Office. London. Retrieved from www.cabinetoffice.gov.uk/media/132709/dataprotection.pdf [Accessed 31 December 2014] Army-Technology.com. (2012). Keeping London’s Olympic Games secure on all fronts - Army Technology. http://www.army-technology.com/features/featurelondon-2012-olympicsgames-security-strategy/ [Accessed 30 December 2014] Asaro, P.M. (2000). Transforming society by transforming technology: the science and politics of participatory design. Accounting Management and Information Technologies, 10(4), 257-290. Bailey Smith, J. D. (2014). Agency Liability Stemming from Citizen-Generated Data. Retrieved from http://www.wilsoncenter.org/publication/agency-liability-stemming-citizengenerated-data Bannon, L. (2011). Reimagining HCI: toward a more human-centered perspective. interactions, 8(4): 50-57. Barad, K. (1998). Getting Real: Technoscientific Practices and the Materialization of Reality. differences: A Journal of Feminist Cultural Studies, 10(2), 87-128. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 143 of 161 Barad, K. (2007). Meeting the Universe Halfway: Quantum Physics and the Entanglement of Matter and Meaning. Durham, North Carolina: Duke University Press. Barnard-Wills, D. (2013). Security, Privacy and Surveillance in European Policy Documents. International Data Privacy Law, 3(3), 170–180. Bech Gjørv, A. (2012). Rapport fra 22 Juli-Kommisjonen. Oslo. http://www.regjeringen.no/smk/html/22julikommisjonen/22JULIKOMMISJONEN_NO/I NDEX.HTM [Accessed 22 August 2014] Beck, U. (1992). Risk Society: Towards a New Modernity. London: Sage. Bergstrand, F., & Landgren, J. (2009). Information sharing using live video in emergency response work. In J. Landgren & S. Jul (Eds.), Proceeding of the 6th International ISCRAM Conference (pp. 1-5). Retrieved February 12, 2015, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.180.9575&rep=rep1&type=pdf Bijker W., & Law, J. (1992) (Eds.), Shaping Technology, Building Society: Studies in Sociotechnical Change. Cambridge, Mass.: MIT Press. Bijker, W. E. (2003). The Need for Public Intellectuals: A Space for STS: Pre-Presidential Address, Annual Meeting 2001, Cambridge, MA. Science, Technology, & Human Values, 28, 443–450. doi:10.1177/0162243903256273 Börjeson, L., Höjer, M., Dreborg, K-H., Ekvall, T., Finnveden, G.(2006) Scenario types and techniques: Towards a user's guide. Futures 38(7): 723-739 Black, R. (2003). Ethical Codes in Humanitarian Emergencies: From Practice to Research?. Disasters, 27, 95-108. LEELP IV: 387-400. Boden, A., Al-Akkad, A., Liegl, M., Buscher, M. and Wulf, V. Designing a Mobile Ad-hoc SOS System: Rethinking the Visibility and Validity of Distress Signals (submitted to International Journal of Human-Computer Studies Special Issue on Human Centered Design and Evaluation of Services and Systems for Crisis Response and Management) Boin, A., & ’t Hart, P. (2010). Organising for Effective Emergency Management: Lessons from Research. Australian Journal of Public Administration, 69(4), 357–371. doi:10.1111/j.1467-8500.2010.00694.x Boin, A., & Ekengren, M. (2009). Preparing for the World Risk Society: Towards a New Security Paradigm for the European Union. Journal of Contingencies and Crisis Management, 17, 285-94. LEELP III: 3-12. Boin, A., KUIPERS, S., & OVERDIJK, W. (2013). LEADERSHIP IN TIMES OF CRISIS: A FRAMEWORK FOR ASSESSMENT. International Review of Public …. Retrieved from http://www.kapa21.or.kr/data/data_download.php?did=5991 Booth, M.G. (2007). Informed Consent in Emergency Research: A Contradiction in Terms. Science and Engineering Ethics, 13, 351-59. LEELP IV: 3-12. Boucher, P. (2014). Domesticating the Drone: The Demilitarisation of Unmanned Aircraft for Civil Markets. Science and Engineering Ethics. doi:10.1007/s11948-014-9603-3 Boulden, J. (2004). International Crisis Response and a Canadian Role. International Journal, 59, 801-13. LEELP III: 125-138. Bracken-Roche, C., Lyon, D., MAnsour, M. J., Molnar, A., Saulnier, A., & Thompson, S. (2014). Surveillance Drones: Privacy Implications of the Spread of Unmanned Aerial Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 144 of 161 Vehicles (UAVs) in Canada. Kingston. http://www.atlanticuas.ca/files/Library/Reference/Privacy Implications of the Spread of UAVs in Canada_14-04-30.pdf [Accessed 30 December 2014] Brändström, A., Bynander, F., & ‘t Hart, P. (2004). Governing by Looking Back: Historical Analogies and Crisis Management. Public Administration, 82, 191-210. LEELP III: 13-32. Bronitt, S. (2008). Balancing Security and Liberty: Critical Perspectives on Terrorism Law Reform. In M. Gani & P. Mathew (Eds.), Fresh Perspectives on the ‘War on Terror’ (pp. 65-83). Australian National University: ANU E-Press. LEELP II: 423-442. Brown, I., & Adams, A.A. (2007). The ethical challenges of ubiquitous healthcare. International Review of Information Ethics, 8, 53–60. Buck, D.A., Trainor, J.E., & Aguirre, B.E. (2006). A Critical Evaluation of the Incident Command System and NIMS. Journal Of Homeland Security And Emergency Management, 3(3), 1–27. Buscher, M., & Liegl, M. (2014). Connected communities in crises. IEEE STC Social Networking E-Letter, 2(1). Büscher, M., & Mogensen, P. (2007). Designing for material practices of coordinating emergency teamwork. In Proceedings of the 4th International Conference on Information Systems for Crisis Response and Management ISCRAM (pp. 1–11). Retrieved from http://www.ist-palcom.org/publications/files/ISCRAM_Buscher_Mogensen_final.pdf Büscher, M., Bylund, M., Sanches, P., Ramirez, L., & Wood, L. (2013). A New Manhattan Project? Interoperability and Ethics in Emergency Response Systems of Systems. In T. Comes, F. Fiedrich, S. Fortier, F. Geldermann, & L. Yang (Eds.), Proceedings of the 10th International ISCRAM Conference. Retrieved February 12, 2015, from http://eprints.lancs.ac.uk/62390/1/269_ManhattanProject_Final.pdf Büscher, M., Liegl, M., Rizza, C., & Watson, H. (2014a). How to do IT more carefully? Ethical, Legal and Social Issues (ELSI) in IT Supported Crisis Response and Management. IJISCRAM, 7. Büscher, M., Perng, S-Y., & Liegl, M. (2014b). Privacy, Security, Liberty: ICT in Crises. IJISCRAM, 7. Büscher, M., Liegl, M. and Thomas, V. (2014c) Social collective intelligence: combining the powers of humans and machines to build a smarter society. In Miorandi, D., Maltese, V., Rovatsos, M., Nijholt, A. & Stewart, J. (eds.). Social Collective Intelligence. Combining the Powers of Humans and Machines to Build a Smarter Society. Springer, p. 243-265. Büscher, M., Liegl, M., Perng, S., Wood, L. (2014d) How to Follow the Information? Sociologica. Vol. 1, Doi: 10.2383/77044 Büscher, M., Kerasidou, X., Liegl, M., Petersen, K. (2015) Digital Urbanism in Crises. In Kitchin, R. and Perng, S.Y. Code in the City. London Routledge. Büscher, M., Kristensen, M., & Mogensen, P. H. (2007). Making the future palpable: Notes from a major incident Future Laboratory. In International Journal Of Emergency Management (Vol. 5, p. 145). Inderscience Enterprises Ltd (P.O. Box 896, Geneve 15 CH1215, Switzerland). Retrieved from http://www.inderscience.com/link.php?id=19911 Büscher, M., Slack, R., Rouncefield, M., Procter, R., Hartswood, M., & Voss, A. (Eds.) (2008). Configuring user-designer relations: interdisciplinary perspectives. (Computer Supported Cooperative Work). London: Springer Verlag. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 145 of 161 Calain, P., Fiore, N., Poncin, M., & Hurst, S. A. (2009). Research Ethics and International Epidemic Response: The Case of Ebola and Marburg Hemorrhagic Fevers. Public Health Ethics, 2, 1-23. LEELP IV: 337-360. Callon, M. (1999). The Role of Lay People in the Production and Dissemination of Scientific Knowledge. Science Technology & Society, 4, 81–94. doi:10.1177/097172189900400106 Campbell, T. (2012). The Library of Essays on Emergency, Ethics, Law and Policy: 4 Volume Set. Farnham: Ashgate. Cartlidge, E. (2012). Aftershocks in the courtroom. Science (New York, N.Y.), 338(6104), 184– 8. Cavoukian, A. (2001). Taking Care of Business: Privacy by Design. Toronto. http://www.ontla.on.ca/library/repository/mon/2000/10296375.pdf [Accessed 25 Nov 2012] Cavoukian, A. (2010). Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D. Identity in the Information Society, 3(2), 247–251. doi:10.1007/s12394010-0062-y Cavoukian, A. (2012). Privacy and Drones: Unmanned Aerial Vehicles. http://www.ipc.on.ca/images/Resources/pbd-drones.pdf [Accessed 30 December 2014] Chalmers, M. (2003). Seamful design and ubicomp infrastructure. Proceedings of Ubicomp Workshop at the Crossroads The Interaction of HCI and Systems Issues in UbiComp. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.6779&rep=rep1&t ype=pdf Chesbrough, H. W. (2003). Open Innovation: The New Imperative for Creating and Profiting from Technology. Boston: Harvard Business school Press. Citraningtyas, T., MacDonald, E., & Herrman, H. (2010). A Second Tsunami?: The Ethics of Coming into Communities following Disaster. Asian Bioethics Review, 2(2), 108-23. LEELP IV: 147-164. Coady, C.A.J. (2004). Terrorism, Morality, and Supreme Emergency. Ethics, 114, 772-89. LEELP I: 357-374. Cole, J. (2010). Interoperability in a Crisis 2. Human Factors and Organisational Processes. http://www.rusi.org/downloads/assets/Interoperability_2_web.pdf [Accessed 17 February 2014] Collins, H. M. (1996). Embedded or embodied? A review of Hubert Dreyfus’ what computers still can't do. Artificial Collins, Harry M. (2010): Tacit and Explicit Knowledge, Chicago: U of Chicago P. Committee of Public Accounts (2011). Public Accounts Committee - Fiftieth Report The Failure of the FiReControl Project HC 1397. London. http://www.publications.parliament.uk/pa/cm201012/cmselect/cmpubacc/1397/139702.ht m [Accessed 28 October 2014] Conte, A. (2013). Facial recognition technology moving toward identifying almost anyone. Retrieved August 8, 2015, from http://triblive.com/news/allegheny/390428674/technology-face-center#axzz2TqAHrVSh [Accessed 3 August 2015] Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 146 of 161 Crang, M., & Graham, S. (2007). Sentient cities: ambient intelligence and the politics of urban space. Information Communication Society, 10(6), 789–817. De Hert, P., Kloza, D., & Wright, D. (2012). PIAF Project Deliverable 3: Recommendations for a privacy impact assessment framework for the European Union. Retrieved from http://piafproject.eu/ref/PIAF_D3_final.pdf Delgado, a., Lein Kjolberg, K., & Wickson, F. (2011). Public engagement coming of age: From theory to practice in STS encounters with nanotechnology. Public Understanding of Science, 20(2010), 826–845. doi:10.1177/0963662510363054 Dewey, J. (1927). The Public and its Problems. New York: Holt. Dickert, N.W., & Kass, N.E. (2009). Patients’ Perceptions of Research in Emergency Settings: A Study of Survivors of Sudden Cardiac Death. Social Science & Medicine, 68, 183-91. LEELP IV: 165-174. Dickert, N.W., & Sugarman, J. (2007). Getting the Ethics Right Regarding Research in the Emergency Setting: Lessons from the PolyHeme Study. Kennedy Institute of Ethics journal, 17, 153-169. LEELP IV: 229-246. Disalvo, C., Lodato, T., Jenkins, T., Lukens, J., & Kim, T. (2014). Making public things: how HCI design can express matters of concern. Chi 2014, 2397–2406. doi:10.1145/2556288.2557359 Dougherty, C. (2008). While the Government Fiddled Around, the Big Easy Drowned: How the Posse Comitatus Act Became the Government’s Alibi for the Hurricane Katrina Disaster. Northern Illinois University Law Review, 29, 117-47. LEELP II: 163-194. Douglas, M. (1992). Risk and blame: Essays in cultural theory. London: Routledge. Dourish, P. (2001). Where the action is: the foundations of embodied interaction. Cambridge, Mass.: MIT Press. Dyzenhaus, D. (2005). Schmitt v. Dicey: Are States of Emergency Inside or Outside the Legal Order?. Cardozo Law Review, 27, 2005-39. LEELP II: 3-38. Ehn, P. (1993). Scandinavian design: on participation and skill. In D. Schuler & A. Namioka (Eds.), Participatory design: principles and practices (pp. 41–77). Hillsdale, New York: Lawrence Erlbaum. Ehn, P. (2008). Participation in design things. In PDC ’08 Proceedings of the Tenth Anniversary Conference on Participatory Design 2008, Indiana University (pp. 92–101). Indianapolis. Ehn, P., & Badham, R. (2002). Participatory Design and the Collective Designer. In T. Binder, J. Gregory, & I. Wagner (Eds.), Proceedings of the Participatory Design Conference 2002 (Vol. 2, pp. 1–10). Indiana University. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:Participatory+Design+a nd+the+Collective+Designer#0 Ellebrecht, N., & Kaufmann, S. (2015 - forthcoming). Boosting efficiency through the use of IT? Reconfiguring the management of mass casualty incidents in Germany. IJISCRAM, 7. Endsley, M.R. (1995). Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors: The Journal of the Human Factors and Ergonomics Society, 37(1), 32-64. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 147 of 161 eScience. (2012). Earth Faces a Century of Disasters, Report Warns. http://esciencenews.com/sources/the.guardian.science/2012/04/26/earth.faces.a.century.dis asters.report.warns [Accessed 28 October 2014] EU Commission. (2014a). Communication from the commission to the European parliament and the council: A new era for aviation—opening the aviation market to the civil use of remotely piloted aircraft systems in a safe and sustainable manner. http://eurlex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52014DC0207&from=EN [accessed 28.01.2015] European Commission. (2014). Science with and for society. http://ec.europa.eu/programmes/ horizon2020/en/h2020-section/science-and-society. [Accessed 28 October 2014] European Commission. (2014a). Factsheet: Rules under Horizon 2020. European Commission. (2014b). Horizon 2020 Work Programme 2014 –2015, 14. Secure societies – Protecting freedom and security of Europe and its citizens, European Commission Decision C (2014) 4995 of 22 July. European Commission. (2014c). Study on the Third-Party Liability and Insurance Requirements of Remotely Piloted Aircraft Systems (RPAS). Retrieved from http://ec.europa.eu/DocsRoom/documents/7661 European RPAS Steering Group. (2013). Roadmap for the integration of civil Remotely-Piloted Aircraft Systems into the European Aviation System- Final Report. http://ec.europa.eu/enterprise/sectors/aerospace/files/rpas-roadmap_en.pdf [Accessed 28 June 2015] Ezeome, E.R., & Simon, C. (2010). Ethical Problems in Conducting Research in Acute Epidemics: The Pfizer Meningitis Study in Nigeria as an Illustration. Developing World Bioethics, 10, 1-10. LEELP IV: 319-328. FEMA. (2011). A Whole Community Approach to Emergency Management: Principles, Themes, and Pathways for Action. Retrieved March 24, 2013, from http://www.fema.gov/whole-community Ferejohn, J., & Pasquino, P. (2004). The Law of the Excepton: A Typology of Emergency Powers. International Journal of Constitutional Law, 2, 210-39. LEELP II: 63-94. Finn, R. L., & Wright, D. (2012). Unmanned aircraft systems: Surveillance, ethics and privacy in civil applications. Computer Law & Security Review, 28(2), 184–194. Finn, Rachel, L., Wright, D., DeHert, P., & Jacques, L. (2014). Privacy, data protection and ethical risks in civil RPAS operations - Final Report. http://ec.europa.eu/DocsRoom/documents/8550 [Accessed 28 June 2015] Fischer, III, Henry W. 1998. Response to Disaster: Fact Versus Fiction & Its Perpetuation—The Sociology of Disaster. Lanham, MD: University Press of America. Fleischman, A.R., & Wood, E.B. (2002). Ethical Issues in Research Involving Victims of Terror. Journal of Urban Health: Bulletin of the New York Academy of Medicine, 79, 31521. LEELP IV: 129-137. Ford, J., Stephens, K., & Ford, J.S. (2015 - forthcoming). Digital Restrictions at Work: Exploring How Selectively Exclusive Policies Affect Crisis Communication. IJISCRAM, 7. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 148 of 161 Forester, T., & Morrison, P. (1990). Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing. MIT Press. Retrieved from http://www.amazon.co.uk/Computer-EthicsCautionary-Dilemmas-Computing/dp/0262560739 Fost, N. (1998). Waived Consent for Emergency Research. Amercian Journal of Law & Medicine, 24, 163-83. LEELP IV: 31-52. Friedman, B., Kahn Jr, P. H., Borning, A., & Huldtgren, A. (2013). Value Sensitive Design and Information Systems. In N. Doorn, D. Schuurbiers, I. van de Poel, & M. . Gorman (Eds.), Early Engagement and New Technologies: Opening up the Laboratory (pp. 55–95). Springer. Friedman, B., Kahn, P. H., & Borning, A. (2006). Value Sensitive Design and Information Systems. In P. Zhang & D. Galetta (Eds.), Human-Computer Interaction in Management Information Systems: Foundations, (pp. 348-372). New York: M.E. Sharpe. Fry, T. (2008). Design Futuring: Sustainability, Ethics and New Practice. Berg. Fuller, M. (2008). Software Studies: A Lexicon. Cambridge, MA: MIT Press. Galaz, V., Moberg, F., Olsson, E., Paglia, E., & Parker, C. (2011). Institutional and Political Leadership Dimensions of Cascading Ecological Crises. Public Administration, 89, 36180. LEELP III: 139-158. Gallagher, S. (2013). Why facial recognition tech failed in the Boston bombing manhunt |. Ars Technica. http://arstechnica.com/information-technology/2013/05/why-facial-recognitiontech-failed-in-the-boston-bombing-manhunt/ [Accessed February 16, 2014] Gardiner, S.M. (2004). Ethics and Global Climate Change. Ethics, 114, 555-600. LEELP I: 441486. Gevaert, W. J. R., & de With, P. H. N. (2013). Robust face recognition algorithm for identifition of disaster victims. Proc. SPIE 8655, Image Processing: Algorithms and Systems XI, 865503 (February 19, 2013); http://dx.doi.org/10.1117/12.2001634. Green, S.P. (2007). Looting, Law, and Lawlessness. Tulane Law Review, 81, 1129-74. LEELP I: 221-266. Greenbaum, J. M., & Kyng, M. (1991). Design at work: Cooperative design of computer systems. (J. M. Greenbaum & M. Kyng, Eds.) (Vol. Design at). L. Erlbaum Associates Inc. Hillsdale, NJ, USA. Retrieved from http://portal.acm.org/citation.cfm?id=574738 Greenfield, A. 2006. Everyware: The Dawning Age of Ubiquitous Computing. San Francisco: Peachpit Press. Greenhough. B. & Roe, E. (2010) From ethical principles to response-able practice. Environment and Planning D: Society and Space, volume 28, 43-45. Grudin, J. (2008). Computer Supported Cooperative Work: History and Focus. Computer, 2005–2008. Habermas, J. (1981). Theory of Communicative Action Volume One: Reason and the Rationalization of Society. Translated by Thomas A. McCarthy. Boston, Mass.: Beacon Press. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 149 of 161 Habermas, J. (1996). Between Facts and Norms. Contributions to a Discourse Theory of Law and Democracy. Cambridge: MIT Press. Haraway, D. (1991). A Cyborg Manifesto: Science, Technology, and Socialist-Feminism in the Late Twentieth Century. In Simians, Cyborgs and Women: The Reinvention of Nature (pp. 149-182). London: Free Association. Haraway, D. J. 2008. When Species Meet. Minneapolis: University of Minnesota Press. Hardin, G. (1974). Living on a Lifeboat. Bioscience, 10, 561-68. LEELP I: 487-494. Harel, A., & Sharon, A. (2011). “Necessity Knows No Law”: On Extreme Cases and Uncodified Necessities. University of Toronto Law Journal, 4, 845-65. LEELP I: 179-200. Harris, I., Jennings, C. ., Pullinger, D., Rogerson, S., & Duquenoy, P. (2011). Assessment of new technologies: A meta-methodology. Journal of Information, Communication and Ethics in Society, 9, 49–64. Hartswood, M., Procter, R., Slack, R., Voß, A., Buscher, M., Rouncefield, M., & Rouchy, P. (2008). Co-realization: toward a principled synthesis of ethnomethodology and participatory design. Resources CoEvolution and Artifacts, 14(2), 59–94. Retrieved from http://www.springerlink.com/index/q710532862167p41.pdf Harvard Humanitarian Initiative. (2011). Disaster Relief 2.0: The Future of Information Sharing in Humanitarian Emergencies. Washington, D.C. and Berkshire, UK: UN Foundation & Vodafone Foundation Technology Partnership. Head, M. (2009). The Military Call-out Legislation. In Calling out the Troops (pp. 100-21). Sydney, NSW: The Federation Press. LEELP II: 195-218. Henderson, A., & Kyng, M. (1991). There’s no place like home: Continuing Design in Use. In J. Greenbaum & M. Kyng (Eds.), Design at work cooperative design of computer systems (pp. 219–240). Lawrence Erlbaum Associates. Retrieved from http://books.google.co.kr/books?hl=ko&lr=&id=BCGM7GQFyqYC&oi=fn d&pg=PA219&dq=There’s+no+place+like+home&ots=BghnneB4l0& sig=WdDuQAUfHZ6jfWoLQEQ2V6p-lYo Herfort, B., Porto de Albuquerque, J., Schelhorn, S.-J., & Zipf, A. (2014). Exploring the Geographical Relations Between Social Media and Flood Phenomena to Improve Situational Awareness. In J. Huerta, S. Schade, & C. Granell (Eds.), Connecting a Digital Europe Through Location and Place (pp. 55–71). Cham: Springer Hill, P. (2004). Ethics and Health Systems Research in “Post”-Conflict Situations. Developing World Bioethics, 4, 139-153. LEELP IV: 447-462. Hiltz, S., van de Walle, B., & Turoff, M. (2010). The Domain of Emergency Management Information. In B. van de Walle, M. Turoff, & S. Büscher (Eds.), Information systems for emergency management (pp. 3-20). New York: Sharpe. Hollnagel, E., & Woods, D. D. (2005). Joint Cognitive Systems: Foundations of Cognitive Systems Engineering. Boca Raton: CRC Press. Holloway, C. M., Knight, J. C., & McDermid, J. A. (2014). Neither Pollyanna nor Chicken Little: Thoughts on the Ethics of Automation. In IEEE International Symposium on Ethics in Engineering, Science, and Technology; 23-24 May 2014; Chicago, IL; United States. Retrieved from http://ntrs.nasa.gov/search.jsp?R=20140010015 [Accessed 30 December 2014] Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 150 of 161 Hufnagel, S. (2008). German Perspectives on the Right to Life and Human Dignity in the “War on Terror”. Criminal Law Journal, 32, 100-13. LEELP II: 443-462. Hufnagel, S., & Roach, K. (Eds.). (2013). Introduction. In LEELP II: xi-xix. Hutchins E (1995) Cognition in the wild. MIT Press, Bradford Ignatieff, M. (2005). The Ethics of Emergency. In The Lesser Evil (pp. 25-53). Edinburgh: Edinburgh University Press. LEELP I: 301-336. Information and Privacy Commissioner/Ontario. (1995). Privacy-Enhancing Technologies: The Path to Anonymity (Volume I). Retrieved from https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-PapersSummary/?id=329 Ingram, J. C., Franco, G., Rumbaitis-del Rio, C., & Khazai, B. (2006). Post-Disaster Recovery Dilemmas: Challenges in Balancing Short-Term and Long-Term Needs for Vulnerability Reduction. Environmental Science and Policy, 9, 607-13. LEELP III: 279-286. Introna, L. D. (2007). Maintaining the reversibility of foldings: making the ethics (politics) of information technology visible. Ethics and Information Technology, 9(1), 11–25. Retrieved from http://eprints.lancs.ac.uk/4729/ Introna, L., & Nissenbaum, H. (2007). Shaping the Web: why the politics of search engines matters. In The Information Society (Vol. 16, pp. 169–185). Ashgate Publishing Company. Retrieved from http://eprints.lancs.ac.uk/7993/ Introna, L., & Wood, D. (2004). Picturing algorithmic surveillance: the politics of facial recognition systems. Surveillance Society, 2(2/3), 177–198. Introna, L., & Wood, D. (2004). Picturing Algorithmic Surveillance: The Politics of Facial Recognition Systems. Surveillance Society, 2(2/3), 177–198. ISO. (2015). ISO 9241-210:2010 Ergonomics of human interaction- Part 210: Human-Centred Design for Interactive Systems. Retrieved March 10, 2015, from http://www.iso.org/iso/catalogue_detail.htm?csnumber=52075 Jarman, A., Sproats, K., & Kouzmin, A. (2000). Crisis Management: Toward a New Informational “Localism” in Local Government Reform. International Review of Public Administration, 5, 81-97. LEELP III: 33-50. Jasanoff, S. (1994). Learning from Disaster: Risk Management After Bhopal. University of Pennsylvania Press. Jennings, B., & Arras, J. (2008). Ethical Guidance for Public Health Emergency Preparedness and Response: Highlighting Ethics and Values in a Vital Public Health Service (pp. 1– 192). White Paper prepared for the Ethics Subcommittee, Advisory Committee to the Director, Centers for Disease Control and Prevention, Atlanta. http://www.cdc.gov/od/science/integrity/phethics/docs/White_Paper_Final_for_Website_2 012_4_6_12_final_for_web_508_compliant.pdf [Accessed 31 December 2014] Jillson, I. (2010). Protecting the public, addressing individual rights. Ethical issues in Emergency Management Information Systems for Public Health. In B. van de Walle, M. Turoff, & S. Hiltz (Eds.), Information systems for emergency management (pp. 46-61). New York: Sharpe. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 151 of 161 Joint Informatics Europe & ACM Europe Working Group on Informatics Education. (2013). Informatics education: Europe cannot afford to miss the boat. Retrieved from http://germany.acm.org/upload/pdf/ACMandIEreport.pdf Keinonen, T. (2008). User-centered design and fundamental need. In Proceedings of the 5th Nordic conference on Human-computer interaction building bridges - NordiCHI ’08 (p. 211). New York, New York, USA: ACM Press. doi:10.1145/1463160.1463183 Kensing, F., & Blomberg, J. (1998). Participatory Design: Issues and Concerns. Computer Supported Cooperative Work, 7(3), 167–185. Retrieved from http://www.springerlink.com/index/U0217104UN33633H.pdf Keradisou, X, Buscher, M and Leigl, M (2015) Don’t Drone? Negotiating Ethics of RPAS in Emergency Response Kerasidou, X., Büscher, M., & Liegl, M. (2015 - forthcoming). Don’t Drone? Negotiating Ethics of RPAS in Emergency Response. In L. Palen, M. Büscher, T. Comes, & A. Hughes (Eds.) Proceedings of the 12th International ISCRAM Conference - Kristiansand, May 24-27. Kimbell, L. (2013). An inventive practice perspective on designing (working title) | Service Design Research. Lancaster University. Retrieved from http://libweb.lancs.ac.uk Klein, N., & Smith, N. (2008). The Shock Doctrine: A Discussion. Environment and Planning D: Society and Space, 26, 582-95. LEELP III: 287-300. Klontz, J. C., & Jain, A. K. (2013). A Case Study on Unconstrained Facial Recognition Using the Boston Marathon Bombings Suspects. http://www.cse.msu.edu/rgroups/biometrics/Publications/Face/KlontzJain_CaseStudyUnco nstrainedFacialRecognition_BostonMarathonBombimgSuspects.pdf [accessed 16 February 2014] Knight, K. (2013). Facing the future. Findings from the review of efficiencies and operations in fire and rescue authorities in England. Her Majesty’s Stationery Office. https://www.gov.uk/government/publications/facing-the-future [accessed 3rd March 2014] Koua, E.L.; MacEachren, A.M.; Turtun, I.; Pezanowski, S.; Tomaszewski, B. and Frazier, T. (2010). Conceptualizing a User-Support Task Structure for Geocollaborative Disaster Management Environments. In B. van de Walle, M. Turoff, & S. Hiltz (Eds.), Information Systems for Emergency Management. New York: Sharpe, 254-278. Krajcikova, K. (2014). Drones´ Deployment by Frontex and Fundamental Rights and Civil Liberties. PhD Thesis Twente University. http://essay.utwente.nl/65420/1/Krajcikova_Kamila_BA_SMG.pdf [Accessed 28.6.2015] Kreps, G. A., & Bosworth, S. L. (1993). Disaster, organizing, and role enactment: A structural approach. American Journal of Sociology, 428–463. Kristensen, M., Kyng, M., & Palen, L. (2006). Participatory Design in Emergency Medical Service : Designing for Future Practice. In Organization (Vol. 1, pp. 161–170). Citeseer. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.114.8464&rep=rep1& type=pdf Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 152 of 161 Kuutti, K., & Bannon, L.J. (2014). The turn to practice in HCI: Towards a research agenda. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems (pp. 3543-3552). ACM. Lagadec, P. (2009). A New Cosmology of Risks and Crises: Time for a Radical Shift in Paradigm and Practice. Review of Policy Research, 26, 473-86. LEELP III: 51-64. Langheinrich, M. (2001). Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. Proceeding UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing, pp. 273-291. Larkin, G. (2010). Unwitting partners in death-the ethics of teamwork in disaster management. The Virtual Mentor : VM, 12(6), 495–501. Lash, S., & Urry, J. (1994). Economies of Signs and Space. Theory Culture and Society. Sage. Latour, B. (1993). We have never been modern. Cambridge, Mass.: Harvard University Press. Latour, B. (1996). On Interobjectivity, 3(4), 228–245. Latour, B. (1999). A Collective of Humans and Non-Humans: Following Daedalus’s Labyrinth. In Pandora’s Hope. Latour, B. (2004). Politics of Nature: How to Bring the Sciences into Democracy. Cambridge, Massachusetts, USA: Harvard University Press. Latour, B. (2005). From Realpolitik to Dingpolitik or How to Make Things Public. In B. Latour & P. Weibel (Eds.), Making Things Public-Atmospheres of Democracy. Cambridge, MA: MIT, 1–31. Latour, B. (2008). A Cautious Prometheus? A Few Steps Toward a Philosophy of Design (with Special Attention to Peter Sloterdijk). In F. Hackney, J. Glynne, & V. Minton (Eds.), Networks of Design Proceedings of the 2008 Annual International Conference of the Design History Society (UK) University College Falmouth, 3-6 September. Boca Raton: BrownWalker Press, 2-10. Latour, B. & Venn, C. (2002). Morality and Technology: The End of the Means. Theory, Culture & Society 19(5-6), 247-260 Latour, B., & Weibel, P. (2005). Making Things Public, Atmospheres of Democracy. (B. Latour & P. Weibel, Eds.). Cambridge, Massachusetts, USA: MIT Press. Latour, B. (1999). Pandora’s hope: Essays on the reality of science studies. Cambridge, MA: Harvard University Press. Latour, B. (1994) "On technical mediation – Philosophy, Sociology, Genealogy." Common knowledge 3.2: 29-64. Law, J. (2004). After method: Mess in social science research. Psychology Press. Lecoututier, J., Rodgers, H., Ford, G.A., Rapley, T., Stobbart, L., Louw, S.J., & Murtagh, M.J. (2008). Clinical Research without Consent in Adults in the Emergency Setting: A Review of Patient and Public Views. BMC Medical Ethics, 29, 1-9. LEELP IV: 175-184. Legrand, T., & McConnell, A. (Eds.). (2013). Introduction. In LEELP III: xvii-xxiii. Letouzé, E., Meier, P., & Vinck, P. (2013). Big Data for Conflict Prevention: New Oil and Old Fires. In F. Mancini (Ed.), New Technology and the Prevention of Violence and Conflict. New York: International Peace Institute, 4–27. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 153 of 161 Levine, C. (2004). The Concept of Vulnerability in Disaster Research. Journal of Traumatic Stress, 17, 395-402. LEELP IV: 115-122. Levinson, S. (2006). Constitutional Norms in a State of Permanent Emergency. Georgia Law Review, 40, 61-84. LEELP II: 371-422. Liegl, M., Oliphant R. & Büscher, M. 2015: Ethically Aware IT Design for Emergency Response: From Co-Design to ELSI Co-Design', in: Palen, Büscher, Comes & Hughes, Hrsg.: Proceedings of the ISCRAM 2015 Conference - Kristiansand, May 24-27. Lindblom, C. (1959). The Science of Muddling Through. Public Administration Review, 19(2), 79–88. Luff, P., Hindmarsh, J., & Heath, C. (2000). Workplace Studies: Recovering Work Practice and Informing System Design. Cambridge University Press. Retrieved from http://www.amazon.co.uk/Workplace-Studies-Recovering-PracticeInforming/dp/0521598214 Lury, C., & Wakeford, N. (2012). Inventive Methods: The Happening of the Social (CRESC). Routledge. Retrieved from http://www.amazon.co.uk/Inventive-Methods-HappeningSocial-CRESC/dp/0415574811 Manuell, M., & Cukor, J. (2011). Mother Nature versus Human Nature: Public Compliance with Evacuation and Quarantine. Disasters, 35, 417-42. LEELP II: 219-244. Marx, G. T. (2006). Ethics for the New Surveillance. The Information Society. Retrieved from http://www.tandfonline.com/doi/abs/10.1080/019722498128809#.VP3CmkJhe2Q May, Larry, and Stacey Hoffman, eds. (1992). Collective responsibility: Five decades of debate in theoretical and applied ethics. Rowman & Littlefield Publishers. McCarthy, C.R. (1995). To Be or Not to Be: Waiving Informed Consent in Emergency Research. Kennedy Institute of Ethics Journal, 5, 155-62. LEELP IV: 23-30. McMaster, R., & Baber, C. (2012). Multi-agency operations: Cooperation during flooding. Applied Ergonomics, 43(1), 38–47. doi:10.1016/j.apergo.2011.03.006 Meier, P. (2014a) Using UAVs for Community Mapping and Disaster Risk Reduction in Haiti, iRevolutions: From Innovations to Revolutions. http://irevolution.net/2014/07/09/uavs-fordisaster-risk-reduction-haiti/ [accessed 28.01.2015] Meier, P. (2014b) Grassroots UAVs for Disaster Response, iRevolutions: From Innovations to Revolutions. http://irevolution.net/2014/03/18/grassroots-uavs-for-disasterresponse/[accessed 28.01.2015] Melles, G., de Vere, I., & Misic, V. (2011). Socially responsible design: thinking beyond the triple bottom line to socially responsive and sustainable product design. CoDesign, 7(3-4), 143–154. Retrieved from http://www.tandfonline.com/doi/abs/10.1080/15710882.2011.630473#.VP2qIUJhe2Q Mendoza, M., Poblete, B., & Castillo, C. (2010). Twitter Under Crisis : Can we trust what we RT ? Framework, 1060, 10. Meroni, A., & Sangiorgi, D. (2011). Design for Services. Farnham: Gower. Merton, R. K. (1936). The Unanticipated Consequences of Purposive Social Action. American Sociological Review, 1(6), 894-904. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 154 of 161 Morelli, N. (2007). Social Innovation and New Industrial Contexts: Can Designers “Industrialize” Socially Responsible Solutions? Design Issues, 23(4). Moynihan, D. P. (2009). The Network Governance of Crisis Response: Case Studies of Incident Command Systems. Journal of Public Administration Research and Theory, 19(4), 895– 915. Moynihan, D.P. (2009). The Network Governance of Crisis Response: Case Studies of Incident Command Systems. Journal of Public Administration Research and Theory, 19(4), 895– 915. Mulder, I., & Stappers, P. J. (2009). Co-creating in Practice : Results and Challenges. In Collaborative Innovation Emerging Technologies Environments and Communities Proceedings of the 15th International Conference on Concurrent Enterprising ICE 2009 Leiden The Netherlands 22–24 June 2009 Centre for Concurrent Enterprise Nottingham (pp. 22–24). Retrieved from http://www.amicommunities.eu/pub/bscw.cgi/S4b7fae0f/d494425/202_Ingrid_Mulder_and_Jan_Stappers. pdf Murphy, T. & Whitty, N. (2009). Is Human Rights Prepared? Risk, Rights and Public Health Emergencies. Medical Law Review, 17, 219-44. LEELP I: 415-440. New York State. (2014). Reimagining New York for a New Reality. 2014-15 New York State Executive Budget. New York. http://publications.budget.ny.gov/eBudget1415/fy1415littlebook/ReimaginingNewYork.pd f [accessed 3rd March 2014] Nietzsche, F. (2006). On The Genealogy of Morality. Ansell-Pearson, Keith (ed.). Cambridge: Cambridge University Press. Noble, K.T., White, C., & Turoff, M. (2014). Emergency Management Information System Support Rectifying First Responder Role Abandonment During Extreme Events. International Journal of Information Systems for Crisis Response and Management, 6(1), 65–78. Nygaard, K. (1979). The Iron and Metal Project: Trade Union Participation. In A. Sandberg (Ed.), Computers Dividing Man and Work - Recent Scandinavian Research on Planning and Computers from a Trade Union Perspective. Swedish Center for Working Life, Demos Project report no. 13,. Malmø, Sweden: Utbildningsproduktion. O’Dempsey, T.J.D., & Munslow, B. (2006). Globalisation, Complex Humanitarian Emergencies and Health. Annals of Tropical Medicine and Parasitology, 100, 501-15. LEELP III: 221238. O’Neil, O. (1975). Lifeboat Earth. Philosophy and Public Affairs, 4, 273-92. LEELP I: 495-514. Orlikowski, W. (1995). Evolving with Notes. Cambridge, MA: MIT. Retrieved from http://ccs.mit.edu/papers/CCSWP186.html Pagallo, U. (2011). Designing Data Protection Safeguards Ethically. Information, 2(4), 247– 265. Retrieved from http://www.mdpi.com/2078-2489/2/2/247/htm Palen, L., Vieweg, S., Sutton, J., & Liu, S. B. (2009). Crisis Informatics : Studying Crisis in a Networked World. Social Science Computer Review, 27(4), 467–480. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 155 of 161 Papanek, V. J. (1984). Design for the Real World: Human Ecology and Social Change. Academy Chicago. Retrieved from http://books.google.co.uk/books/about/Design_for_the_Real_World.html?id=gf5TAAAA MAAJ&pgis=1 Patton, J. W., & Woodhouse, E. (2004). Design by Society: Science and Technology Studies and the Social Shaping of Design 1. Design Issues, 20(3). Pearson, S. (2009). Taking Account of Privacy When Designing Cloud Computing Services. 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 4452. Perng, S-Y., & Büscher, M. (2015 - forthcoming). Uncertainty and Transparency: Augmenting Modelling and Prediction for Crisis Response. In L. Palen, M. Büscher, T. Comes & A. Hughes (Eds.) Proceedings of the 12th International ISCRAM Conference - Kristiansand, May 24-27. Phillips, J. P., Grother, P., Michaels, R. J., Blackburn, D. M., Elham, T., & Bone, M. (2003). Face Recognition Vendor Test 2002. Overview and Summary http://biometrics.nist.gov/cs_links/face/frvt/FRVT_2002_Overview_and_Summary.pdf Presentation at http://www.biometrics.org/bc2002/Phillips.pdf [Accessed 16 February 2014] Pohl, D., Bouchachia, A., & Hellwagner, H. (2013). Social media for crisis management: clustering approaches for sub-event detection. Multimedia Tools and Applications, 74(11), 3901–3932. Polanyi, Michael (1958): Personal Knowledge. Towards a Post-Critical Philosophy, London: Routledge and Kegan Paul. Polanyi, Michael (1966): The Tacit Dimension, Garden City: Doubleday. Pringle, J.D., & Cole, D.C. (2009). Health Research in Complex Emergencies: A Humanitarian Imperative. Journal of Academic Ethics, 7, 115-23. LEELP IV: 377-386. Pyles, L. (2011). Neoliberalism, INGO Practices and Sustainable Disaster Recovery: A PostKatrina Case Study. Community Development Journal, 46, 168-80. LEELP III: 319-332. Quarantelli, E. L. and Russell R. Dynes. 1970. ‘‘Property Norms and Looting: Their Patterns in Community Crises.’’ Phylon 31(2):168–182. Quarantelli, E. L. and Russell R. Dynes. 1972. ‘‘When Disaster Strikes: It Isn’t Much Like What You’ve Heard and Read About.’’ Psychology Today 5:67–70. Ragin, D.F., Ricci, E., Rhodes, R., Holohan, J., Smirnoff, M., & Richardson, L.D. (2008). Defining the “Community” in Community Consultation for Emergency Research: Findings from the Community VOICES Study. Social Science & Medicine, 66, 1379-92. LEELP IV: 185-198. Rand, A. (1963). The Ethics of Emergencies. In The Virtue of Selfishness (pp. 39-45). New York: Signet. LEELP I: 149-158. Rawls, J. (1971). A Theory of Justice. Oxford. Raymond, N., Howarth, C., & Hutson, J. (2014). Crisis Mapping Needs an Ethical Compass. Global Brief. Retrieved February 12, 2015, from http://globalbrief.ca/blog/2012/02/06/crisis-mapping-needs-an-ethical-compass/ Richardson, L.D., Rhodes, R., Ragin, D.F., & Wilets, I. (2006). The Role of Community Consultation in the Ethical Conduct of Research without Consent. The American Journal of Bioethics, 6, 33-35. LEELP IV: 199-202. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 156 of 161 Ripstein, A. (2005). In Extremis. Ohio State Journal of Criminal Law, 2, 415-34. LEELP I: 201220. Rizza, C., Guimarães Pereira, Â & Curvelo, P. (2015 – forthcoming). “Do-it-yourself justice”: considerations of social media use in a crisis situation: the case of the 2011 Vancouver riots. IJISCRAM, 7. Robinson, P. (2000). The Policy-Media Interaction Model: Measuring Media Power during Humanitarian Crisis. Journal of Peace Research, 37, 613-33. LEELP III: 159-180. Rosenstein, D.L. (2004). Decision-Making Capacity and Disaster Research. Journal of Traumatic Stress, 17, 373-81. LEELP IV: 13-22. Rosenthal, U. (2003). September 11: Public Administration and the Study of Crises and Crisis Management. Administration and Society, 35, 129-43. LEELP III: 181-196. Rubenstein, J. (2007). Distribution and Emergency. Journal of Political Philosophy, 15, 296320. LEELP I: 531-556. Ryle, Gilbert (1945): “Knowing How and Knowing That,” in: Proceedings of the Aristotelian Society 46, 1-16. Samek, J.M. (2006). The Federal Response to Hurricane Katrina: A Case for Repeal of the Posse Comitatus Act or a Case for Learning the Law?. University of Miami Law Review, 61, 441-65. LEELP II: 255-282. Sanders, E., & Stappers, P. J. (2008). Co-creation and the new landscapes of design. CoDesign, 4(1), 5–18. Retrieved from http://www.informaworld.com/openurl?genre=article&doi=10.1080/15710880701875068 &magic=crossref Sandin, P., & Wester, M. (2009). The moral black hole . Ethical theory and moral practice, 12(3), 291–301. LEELP I: 75-86. Saravanou, A., Valkanas, G., Gunopulos, D., & Andrienko, G. (2015). Twitter Floods when it Rains: A Case Study of the UK Floods in early 2014, WWW'15 Companion Proceedings of the 24th International Conference on World Wide Web, 1233–1238. doi:10.1145/2740908.2741730 Schaar, P. (2010). Privacy by Design. Identity in the Information Society, 3(2), 267–274. Retrieved from http://link.springer.com/10.1007/s12394-010-0055-x Scheppele, K.L. (2006). North American Emergencies: The Use of Emergency Powers in Canada and the United States. International Journal of Constitutional Law, 4, 213-43. LEELP II: 131-162. Scheuerman, W.E. (2006). Emergency Powers and the Rule of Law after 9/11. Journal of Political Philosophy, 14, 61-84. LEELP II: 283-306. Schmidt, K., & Bannon, L. J. (1992). Taking CSCW seriously. Computer Supported Cooperative Work, 1(1), 7–40. doi:10.1007/BF00752449 Schmitt, C. (1985). Definition of sovereignty. In Political Theology: Four Chapters on the Concept of Sovereignty, translated by George Schwab (pp. 5-15). Chicago: University of Chicago Press. LEELP I: 3-14. Seaman, C. B. (1999). Qualitative methods in empirical studies of software engineering. IEEE Transactions on Software Engineering, 25(4), 557–572. Retrieved from http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=799955 Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 157 of 161 Sessions, R. (2009). The IT Complexity Crisis: Danger and Opportunity. https://dl.dropboxusercontent.com/u/97323460/WebDocuments/WhitePapers/ITComplexit yWhitePaper.pdf [Accessed 28 October 2014] Shanley, L., Burns, R., Bastian, Z., & Robson, E. (2013). Tweeting up a Storm. The Promise and Perils of Crisis Mapping. Retrieved February 12, 2015, from http://www.wilsoncenter.org/sites/default/files/October_Highlight_865-879.pdf Shapiro, D. (2005). Participatory Design: The Will to Succeed. Proceedings of the 4th Decennial Conference on Critical Computing: Between Sense and Sensibility, Aarhus, Denmark — August 21 - 25, 2005, 29–38. Simonsen, J., & Hertzum, M. (2008). Participative design and the challenges of large-scale systems: Extending the iterative PD approach. In J. Simonsen, T. Robetrtson, & D. Hakken (Eds.), PDC2008: Proceedings of the Tenth Anniversary Conference on Participatory Design (pp. 1–10). Bloomington, IN. Retrieved from http://portal.acm.org/citation.cfm?id=1795234.1795236 Simonsen, J., Baerenholdt, J. O., Büscher, M., & Damm Scheuer, J. (Eds.) (2010). Design research: synergies from interdisciplinary perspectives. London: Routledge. Singer, P. (1972). Famine, Affluence and Morality. Philosophy and Public Affairs, 1, 229-43. LEELP I: 515-530. Sismondo, S. (2008a). Science and Technology Studies and an Engaged Program. In E. J. Hackett, O. Amsterdamska, M. Lynch, & J. Wajcman (Eds.), The handbook of Science and Technology Studies (pp. 13–31). The MIT Press %7 Third Edition. Retrieved from http://www.loc.gov/catdir/toc/ecip078/2007000959.html Smith, A. (2013). Smartphone Ownership – 2013 Update. Retrieved August 8, 2015, from http://boletines.prisadigital.com/PIP_Smartphone_adoption_2013.pdf Snider, L. (2004). Resisting Neo-Liberalism: The Poisoned Water Disaster in Walkerton, Ontario. Social and Legal Studies, 13, 265-89. LEELP III: 443-468. Solove, D. J. (2011). Nothing to Hide: The False Tradeoff Between Privacy and Security. New Haven: Yale University Press. Sorrell, T. (2002). Morality and Emergency. Proceedings of the Aristotelian Society, 103, 2137. LEELP I: 15-32. Spiekermann, S. (2012). The challenges of privacy by design. Communications of the ACM, 55, 38. doi:10.1145/2209249.2209263 Statman, D. (2006). Supreme Emergencies Revisited. Ethics, 117, 58-79. LEELP I: 375-396. Stirling, A. (2008). “Opening up” and “closing down” power, participation, and pluralism in the social appraisal of technology, 262–294. doi:10.1177/0162243907311265 Storni, C. (2012). Unpacking Design Practices: The Notion of Thing in the Making of Artifacts. Science, Technology & Human Values, 37, 88–123. doi:10.1177/0162243910392795 Suchman, L. (1994). Do categories have politics? Computer Supported Cooperative Work, 2(3), 177–190. Retrieved from http://www.springerlink.com/index/10.1007/BF00749015 Suchman, L. (2000). Embodied Practices of Engineering Work. Mind, Culture, and Activity, 7(1&2), 4–18. Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 158 of 161 Suchman, L. (2007). Human-Machine Reconfigurations (p. 314). Cambridge University Press. Suchman, L. (2007b). Feminist STS and the Sciences of the Artificial. In E. Hackett, O. Amsterdamska, M. Lynch & J. Wajcman (Eds.), The Handbook of Science and Technology Studies, Third Edition (pp. 139-163). Cambridge, MA: MIT Press. Tapia, A., & LaLone, N. (2015 – forthcoming). Crowdsourcing Investigations: Crowd Participation in Identifying the Bomb and Bomber from the Boston Marathon Bombing. IJISCRAM, 7. Taylor, A., & Vincent, J. (2005). An SMS History. In L. Hamill, A. Lasen, & D. Diaper (Eds.), Mobile World (pp. 75–91). New York: Springer-Verlag. doi:10.1007/1-84628-204-7 Telford, J., & Cosgrave, J. (2007). The International Humanitarian System and the 2004 Indian Ocean Earthquake and Tsunamis. Disasters, 31, 1-28. LEELP III: 333-362. Thrift, N. (2005). Knowing Capitalism. London: Sage. Thrift, N. (2011). Lifeworld Inc—and what to do about it. Environment and Planning D: Society and Space, 29, 5–26. Tierney, K. (2006). Metaphors Matter: Disaster Myths, Media Frames, and Their Consequences in Hurricane Katrina. The ANNALS of the American Academy of Political and Social Science, 604(1), 57–81. Törpel, B., Voss, A., Hartswood, M., & Procter, R. (2009). Participatory Design: Issues and Approaches in Dynamic Constellations of Use, Design and Research. In A. Voss, M. Hartswood, R. Procter, M. Rouncefield, R. S. Slack, & M. Buscher (Eds.), Configuring User-Designer Relations. London: Spring-Verlag. Toohey, K., & Taylor, T. (2014). Managing Security at the World Cup. In S. Frawley & D. Adair (Eds.), Managing the Football World Cup (pp. 175–196). Basingstoke: Palgrave Macmillan. Turoff, M., Chumer, M., van De Walle, B., Yao, X., & Chumer, M. (2004). The Design of a Dynamic Emergency Response Management Information Systems ( DERMIS ). Journal of Information Technology Theory and Application, 5(4), 1–36. Tushnet, M. (2003). Defending Korematsu?: Reflections on Civil Liberties in Wartime. Wisconsin Law Review, 273-307. LEELP II: 95-130. van de Walle, B., Turoff, M., & Hiltz, S. (Eds.) (2010). Information systems for emergency management. New York: Sharpe. Van Gorp, A. (2009). Ethics in and During Technological Research; An Addition to IT Ethics and Science Ethics. In P. Sollie & M. Düwell (Eds.), Evaluating New Technologies (Vol. 3). Dordrecht: Springer Netherlands. doi:10.1007/978-90-481-2229-5 Vertigans, S. (2010). British Muslims and the UK Government’s “War on Terror” Within: Evidence of a Clash of Civilizations or Emergent De-civilizing Processes? The British Journal of Sociology, 61(1), 26–44. Vieweg, S. (2012) Situational Awareness in Mass Emergency: A Behavioral and Linguistic Analysis of Microblogged Communications. PhD Thesis Clorado Boulder. http://works.bepress.com/vieweg/15/ [Accessed 1st August 2015] Vieweg, S., Hughes, A. L., Starbird, K., & Palen, L. (2010). Microblogging During Two Natural Hazards Events: What Twitter May Contribute to Situational Awareness. In Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 159 of 161 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 1079-1088). ACM. Vieweg, S., Palen, L., Liu, S., Hughes, A., & Sutton, J. (2008). Collective Intelligence in Disaster: An examination of the phenomenon in the aftermath of the 2007 Virginia Tech shooting. In F. Fiedrich, & B. Van de Walle (Eds.), Proceedings of the 5th International ISCRAM Conference. Retrieved February 12, 2015, from http://www.iscramlive.org/dmdocuments/ISCRAM2008/papers/ISCRAM2008_Vieweg_et al.pdf Visser, F. S., Stappers, P. J., van der Lugt, R., & Sanders, E. B.-N. (2005). Contextmapping: experiences from practice. CoDesign, 1(2), 119–149. Retrieved from http://www.tandfonline.com/doi/abs/10.1080/15710880500135987#.VP2PFkJhe2Q Von Schomberg. (2013). A vision of responsible research and innovation. In R. Owen, M. Heintz, & J. Bessant (Eds.), Responsible Innovation, Managing the Responsible Emergence of Science and Innovation in Society (pp. 51–74). John Wiley & Sons. Wahlgren, P. (2013). Legal Risk Analysis. A Proactive Legal Method. Stockholm: Stockholm University. Walzer, M. (2006). Emergency Ethics. In Arguing about War (pp. 33-50). New Haven, CT: Yale University Press. LEELP I: 337-356. Wang, W., Joshi, R., Kulkarni, A., Leong, W. K., & Leong, B. (2013). Feasibility Study of Mobile Phone WiFi Detection in Aerial Search and Rescue Operations. In Proceedings of the 4th Asia-Pacific Workshop on Systems. New York, NY, USA: ACM. doi:10.1145/2500727.2500729 Watson, H., & Finn, R. (2015 – forthcoming) Ethical and privacy implications of the use of social media during the Eyjafjallajokull eruption crisis. IJISCRAM, 7. Waugh, W. L. Jr., & Streib, G. (2006). Collaboration and Leadership for Effective Emergency Management. Public Administration Review, 66, 131-40. LEELP II: 245-254. Webb, G. R., & Chevreau, F.-R. (2006). Planning to improvise: the importance of creativity and flexibility in crisis response, 3(1), 66–72. Webb, G. R., Beverly, M., McMichael, M., Noon, J., & Patterson, T. (1999). Role improvising under conditions of uncertainty: A classification of types. http://putnam.lib.udel.edu:8080/dspace/handle/19716/666 Weber, S. G., & Gustiené, P. (2013). Crafting Requirements for Mobile and Pervasive Emergency Response based on Privacy and Security by Design Principles. International Journal of Information Systems for Crisis Response and Management, 5(2), 1–18. Weick, K. (1993). The Collapse of Sensemaking in Organizations: The Mann Gulch Disaster. Administrative Science Quarterly, 38(4), 628–652. Weiser, M. (1991). The Computer for the Twenty-First Century. Scientific American, 265(3), 107–114. Retrieved from http://www.springerlink.com/index/u4428p7158361143.pdf Weiser, M. (1994a) The world is not a desktop, ACM Interactions 1(1), 7-8. Weitzner, D. J., Abelson, H., Hanson, C., Hendler, J., Kagal, L., McGuinness, D. L., Sussman, G. J., et al. (2006). Transparent Accountable Data Mining: New Strategies for Privacy Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 160 of 161 Protection. Artificial Intelligence. MIT CSAIL Technical Report-2006-007. http://www.w3.org/2006/01/tami-privacy-strategies-aaai.pdf [Accessed 27 September 2014]. Welsh, I and Wynne, B. 2013 Science, Scientism and Imaginaries of publics in the UK: Passive Objects, Incipient threats, Science as Culture, Vol22, 4, 540-566 Welsh, Ian, & Wynne, B. (2013). No Title. Science as Culture, 22(4), 540–566. Wenger, Dennis and Barbara Friedman. (1986). ‘‘Local and National Media Coverage of Disaster: A Content Analysis of the Print Media’s Treatment of Disaster Myths.’’ International Journal of Mass Emergencies and Disasters 4(3): 27–50. Wenger, Dennis E., James D. Dykes, Thomas D. Sebok, and Joan L. Neff. (1975). ‘‘It’s a Matter of Myths: An Empirical Examination of Individual Insight into Disaster Response.’’ Mass Emergencies 1:33–46. Wigley, S. (2009). Disappearing without a Moral Trace? Rights and Compensation during Times of Emergency. Law and Philosophy, 28, 617-49. LEELP I: 87-120. Williams, S. (2009). Rethinking the Nature of Disaster: From Failed Instruments of Learning to a Post-Social Understanding. Social Forces, 87, 1115-38. LEELP III: 469-492. Winograd, T., & Flores, F. (1987). Understanding Computers and Cognition: A New Foundation for Design. Addison Wesley. Retrieved from http://www.amazon.co.uk/Understanding-Computers-Cognition-FoundationDesign/dp/0201112973 Woolgar, S. (1990). Configuring the user: the case of usability trials. The Sociological Review, 38, 57-99. Wright, D. (2011). A framework for the ethical impact assessment of information technology. Ethics and Information Technology, 13(3), 199–226. Wright, D., & Friedewald, M. (2013). Integrating privacy and ethical impact assessments. Science and Public Policy, 40(6), 755–766. Retrieved from http://spp.oxfordjournals.org/content/40/6/755.short Wright, D., Mordini, E., & DeHeert, P. (2012). Privacy Impact Assessment. (D. Wright & P. DeHeert, Eds.). Springer Netherlands. Retrieved from http://www.springer.com/law/international/book/978-94-007-2542-3 Wynne, B. (2006). Public engagement as a means of restoring public trust in science--hitting the notes, but missing the music? Community Genetics, 9(3), 211–20. Retrieved from http://europepmc.org/abstract/med/16741352 Wynne, B. & Felt, U. and (2007). Taking European Knowledge Society Seriously. Report of the Expert Group on Science and Governance to the Science, Economy and Society Directorate, Directorate-General for Research, European Commission. Directorate General for Research 2007 Science, Economy and Society. http://www.bmbf.de/pub/EuropeanKnowledge(6).pdf [Accessed 30 Dember 2014] Yanmaz, E. (2012). Connectivity versus area coverage in unmanned aerial vehicle networks. In 2012 IEEE International Conference on Communications (ICC) (pp. 719–723). doi:10.1109/ICC.2012.6364585 Version 1.0: Final D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency Collaboration Page 161 of 161 Yeo, K. T. (2002). Critical failure factors in information system projects. International Journal of Project Management, 20(3), 241–246. Retrieved from http://linkinghub.elsevier.com/retrieve/pii/S0263786301000758 Zack, N. (2009). Lifeboat Ethics and Disaster: Should we Blow Up the Fat Man?. In Ethics for Disaster (pp. 33-48). Lanham, MD: Rowman and Littlefield. LEELP I: 59-74. Zack, N. (2010). Ethics for Disaster. Rowman & Littlefield Publishers. Zoeteman, B.C.J., Kersten, W.C., Vos, W.F., van de Voort, L., & Ale, B.J.M. (2010). Communication Management during Risk Events and Crises in a Globalised World: Predictability of Domestic Media Attention for Calamities. Journal of Risk Research, 13, 279-302. LEELP III: 197-220. Zuckerman, I. (2006). One Law for War and Peace? Judicial Review and Emergency Powers between the Norm and the Exception. Constellations, 13, 522-45. LEELP II: 39-62. Zwi, A.B., Grove, N.J., MacKenzie, C., Pittaway, E., Zion, D., Silove, D., & Tarantola, D. (2006). Placing Ethics in the Centre: Negotiating New Spaces for Ethical Research in Conflict Situations. Global Public Health, 1, 264-277. LEELP IV: 433-446. Zwolinski, M. (2008). The Ethics of Price Gourging. Business Ethics Quarterly, 18, 347-78. LEELP I: 267-300. Version 1.0: Final