Chapter Five. Designing Systems That People Will Trust

Andrew S. Patrick, Pamela Briggs, and Stephen Marsh

TRUST IS A FUNDAMENTAL BUILDING BLOCK OF SOCIETY,[1] a means of making decisions about conferring authority or responsibility in unfamiliar or uncertain situations,[2] a method of understanding how decisions are made in context,[3] and one of the most important concepts in the security arena. Unfortunately, it also remains one of the most poorly understood concepts. A lack of trust will result in systems being ill-used at best, and not used at all at worst. A lack of understanding of trust, in both user and system, will result in the wrong decision—or no decision at all—being made in security contexts. Too much trust can be at least as dangerous as not enough, and not enough trust can be dangerous enough.

This chapter examines the issue of trust in security and privacy systems. These systems purportedly help users make decisions about whom to trust with access, information, or data. For example, how much, when, and for what purposes can specific information be used? They can also help make decisions for the user when the user is not available. These decisions are based on a foundation of trust.


Current security systems are often seen as difficult to use, or as getting in the user’s way. As a result, they are often circumvented. Users should not have to delve into arcane issues of security to be able to allow access to a part of their personal information online: they ...

Get Security and Usability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.