d12 - BRIDGE Project

Transcription

Deliverable reference:
Date:
Responsible partner:
D12.03
10 August 2015
ULANC
Bridging Resources and Agencies in Large-Scale Emergency Management
BRIDGE is a collaborative project co-funded by the European Commission within
the Seventh Framework Programme (FP7-SEC-2010-1)
SEC-2010.4.2-1: Interoperability of data, systems, tools and equipment
Grant Agreement No.: 261817
Duration: 1 April 2011 – 31 March 2015
www.sec-bridge.eu
Title:
D12.3 BRIDGE 21st Century Social, Legal and Ethical
Emergency Collaboration
Editor:
Approved by:
Michael Liegl, Monika Büscher, Peter Wahlgren
Dag Ausen
Classification:
PU – Public
Abstract:
This deliverable discusses emergent future practices of noticing and managing ethical, legal and
social issues in large scale emergency management, drawing on social science research, co-design
and experimental implementations of prototypes developed in the BRIDGE project
(http://www.bridgeproject.eu/en). The aim is to identify opportunities, challenges and risks for
innovation for 21st Century Social, Legal and Ethical Emergency Collaboration. The report presents
analyses and evaluations of collaboration practices in emergency response, with a particular focus on
ethical, legal, and social issues (ELSI) and including a discussion of implications for future sociotechnical innovation. In this it collects a desk study on emergency ethics, an exploration of IT in
emergency response from a legal perspective and an investigation into the question on how to do IT
in emergency response more carefully. It then presents our methodological innovations of ethically
aware co-design and reports on the actual process of an ethical investigation into emergency IT
during the (co-)design process with the example of the BRIDGE system of systems, reporting on
some key findings concerning the ethical implications of the socio-technical systems we designed.
Document URL:
http://www.sec-bridge.eu/deliverables/...
ISBN number:
-
D12.03: BRIDGE 21st Century Social, Legal and Ethical Emergency
Collaboration
Page 2 of 161
Table of Contents
Executive Summary ................................................................................................... 7
1
Introduction: Benefitting from Disruptive Innovation ....................................... 10
2
Emergency Ethics, Law, Policy & IT Innovation in Crises .................................... 13
2.1
Introduction ................................................................................................................................................. 13
2.2
Emergency Ethics ...................................................................................................................................... 14
2.3
Emergency Law .......................................................................................................................................... 17
2.4
Emergency Policy ...................................................................................................................................... 20
2.5
Emergency Research Ethics ................................................................................................................. 23
2.6
Discussion: The question of technology ......................................................................................... 27
2.6.1 Ethics and its practicalities ............................................................................................................... 28
2.6.2 Emergence of new publics ................................................................................................................. 29
2.6.3 Posthuman research ethics ............................................................................................................... 29
2.7
Conclusion .................................................................................................................................................... 30
3
21st Century Emergency Collaboration – Legal Aspects ..................................... 31
3.1
Background .................................................................................................................................................. 31
3.2
A Structural Approach to a Legal Analysis of IT Systems in Emergency Response .. 34
3.3
A New Regulatory Culture? .................................................................................................................. 39
3.3.1 The Problem ............................................................................................................................................ 39
3.3.2 Co- and self-regulation........................................................................................................................ 40
3.4
Embedded Technical Solutions .......................................................................................................... 43
3.5
Pattern Recognition ................................................................................................................................. 45
3.6
Summary ....................................................................................................................................................... 47
4
ELSI in Crises: Doing IT more carefully ............................................................... 48
4.1
ELSI & The Informationalization of Crisis Response ............................................................... 51
4.1.1 (Un-)intended Consequences ............................................................................................................ 52
4.2
Concrete Insights through In-Depth Studies ............................................................................... 55
4.3
Disclosive Ethics ........................................................................................................................................ 60
4.4
Doing IT More Carefully: Future Work ........................................................................................... 64
5
Co-Designing for ELSI-aware Innovation ............................................................ 67
5.1
Research & Ethics...................................................................................................................................... 69
5.2
Designerly Approaches to IT Innovation ....................................................................................... 70
5.2.1 User-Centred, Participatory and Co-Design............................................................................... 70
5.2.2 Computer Supported Cooperative Work ..................................................................................... 74
5.2.3 Value Sensitive Design......................................................................................................................... 75
5.2.4 A philosophical turn to ethics in design ....................................................................................... 77
5.2.5 Engaged STS – The Public in Design ............................................................................................. 77
5.3
Regulatory Approaches to IT Innovation ...................................................................................... 79
5.3.1 Privacy by Design .................................................................................................................................. 79
5.3.2 Privacy and Ethical Impact Assessments .................................................................................... 80
5.3.3 Legal Risk Analysis in IT Innovation ............................................................................................. 81
5.4
Towards Design for Privacy & Design for Design ...................................................................... 81
5.5
BRIDGE ELSI Co-Design: Developing a Methodology .............................................................. 83
5.6
Conclusion .................................................................................................................................................... 88
6
Disclosive Ethics & ELSI Co-Design in the BRIDGE Project .................................. 90
Version 1.0: Final
Collaboration
Page 3 of 161
6.1
Ethical Topology of the BRIDGE Systems of Systems .............................................................. 90
6.2
Ethical, Legal and Social Qualities Sessions.................................................................................. 91
6.3
The BRIDGE Concept Cases .................................................................................................................. 92
6.4
Disclosing ELSI - Process ....................................................................................................................... 98
6.5
Disclosing ELSI – Findings ................................................................................................................. 100
6.5.1 Transparency: Two conflicting notions .................................................................................... 100
6.5.2 “Everything will be Logged” – Between Coordination and Surveillance .................... 103
6.5.3 Reciprocity of perspective: Do they know they are being watched? ............................ 105
6.5.4 Emergent Interoperability, Cooperation & Trust Building .............................................. 106
6.5.5 The Human in the Loop? Locating Responsibility ................................................................ 107
6.5.6 Where is Data Protection?.............................................................................................................. 108
6.5.7 Smartphone devices .......................................................................................................................... 110
6.5.8 Action distributed - Ethics re-specified: Posthuman Phenomenology & FRITS ....... 112
6.6
BRIDGE Middleware, Concept Cases and ELSI ......................................................................... 113
6.6.1 BRIDGE System of Systems Integration and Middleware ................................................. 114
6.6.2 Adaptive Logistics .............................................................................................................................. 116
6.6.3 Advanced Situation Awareness .................................................................................................... 117
6.6.4 Dynamic Tagging (eTriage) .......................................................................................................... 117
6.6.5 First Responder Integrated Training System FRITS ........................................................... 118
6.6.6 Information Intelligence ................................................................................................................. 119
6.6.7 Master ..................................................................................................................................................... 120
6.6.8 Robust and Resilient Communication ....................................................................................... 121
6.6.9 Situation aWAre Resource Management ................................................................................. 122
6.7
Discussion: The Leverage and Limitations of Disclosure ................................................... 122
7
Conclusion: BRIDGE-ing for Preferable Futures ............................................... 123
7.1
ELSI Aware Socio-Technical Informationalization of Crisis Response ........................ 123
7.1.1 Balancing Security with Emergent Interoperability........................................................... 123
7.1.2 Balancing Privacy and Security ................................................................................................... 123
7.1.3 Data Sharing, Large Scale, Cross-Country ............................................................................... 124
7.1.4 Interoperability and informational practice & politics ..................................................... 125
7.1.5 Regulating the use of Unmanned Arial Vehicles ................................................................... 126
7.1.6 Discovering Harmful Potential ..................................................................................................... 129
7.1.7 Professional Bias and the Public Interest ................................................................................ 129
7.1.8 Listening to the Crowd: Social Media, Inclusiveness and Dialog ................................... 130
7.1.9 Preventative Security, Social Sorting and Probabilistic Prediction ............................. 132
7.1.10 Ownership, Informational Self-Determination & Interpretive Authority ............. 133
7.2
Collectively Shaping Possible, Probable and Preferable Futures.................................... 133
8
Appendix ........................................................................................................ 136
References ............................................................................................................. 142
Version 1.0: Final
Collaboration
Page 4 of 161
Version History
Version
Description
Date
Who
1
Initial Structure
20.7.2011
Monika Büscher
(MB)
2
Some Authors assigned, Reformatted and
restructured
3.08.2011
MB
3
Outline Agreed
19.3.2014
MB, Michael
Liegl (ML), Peter
Wahlgren (PW)
5
Discussion of content in relation to 10.3,
2.5, 11.3
09.5.2014
MB, ML, PW
6
Revised structure
12.8.2014
ML, MB
7
Revised structure
30.8.2014
ML
8
Revised structure, added content cpt. 5
ethical requirements, content cpt. 6 legal
requirements, authors assigned
20.10.2014
ML, PW
9
Revised structure, added content, 3 and 4
17.12.2004
ML
10
Revised structure, added new chapter 6
Legal Aspect
28.01.2015
ML
11
Revised structure, chapter 6 becomes cpt. 3
10.03.2015
ML
12
Finalised for 2nd review
20.04.2015
ML, MB
13
Submitted
May 2015
ML
14
Revised in Response to Review Comments
Aug. 2015
MB, PW, ML
Version 1.0: Final
Collaboration
Page 5 of 161
Authors
ULANC
mobilities.lab
Department of Sociology
Lancaster University
Lancaster,
LA1 4YD, UK
Monika Buscher,
[email protected]
Michael Liegl,
[email protected]
Sarah Becklake
[email protected]
Xaroula Kerasidou
[email protected]
Katrina Petersen
[email protected]
Rachel Oliphant
[email protected]
USTOCK
Swedish Law and
Informatics Research
Institute, Faculty of Law
Stockholm University
106 91 Stockholm,
Sweden
Peter Wahlgren,
[email protected]
Reviewers
Fraunhofer-Institut für
Angewandte
Informationstechnik FIT
Alexander Boden
[email protected]
Schloss Birlinghoven
53754 Sankt Augustin,
Germany
Thales D-CIS Lab
P.O. Box 90
2600 AB Delft
The Netherlands
Rianne Goumann
[email protected]
Version 1.0: Final
Collaboration
Page 6 of 161
List of Figures
FIGURE 1 DISCUSSING EMERGENT PRACTICES AT END USER ADVISORY BOARD MEETINGS ....................... 11
FIGURE 2: EMERGENCY COLLABORATION/MANAGEMENT LAW ............................................................... 34
FIGURE 3 DISASTER MANAGEMENT PHASES ............................................................................................ 35
FIGURE 4 MATRIX COMBINING PROCESSES WITH VARIOUS TYPES OF REGULATIVE REQUIREMENTS. ........... 36
FIGURE 5 SHORT TERM LEGAL REFORMS AND LONG TERM LEGAL OBJECTIVES .......................................... 38
FIGURE 6 MEANS OF INFLUENCE.............................................................................................................. 43
FIGURE 7 A NEW REGULATORY CULTURE FOR DISASTER MANAGEMENT.................................................... 47
FIGURE 8 ETHICAL PRINCIPLES AND INTENDED AND UNINTENDED EFFECTS OF IT USE. ............................ 54
FIGURE 9 FACIAL RECOGNITION INTEGRATED INTO POLICE CAMERAS AT 2014 BRAZIL WORLD CUP. ........ 61
FIGURE 10 POTENTIAL OF FACIAL RECOGNITION IN THE BOSTON MARATHON SHOOTING .......................... 61
FIGURE 11 SILENT/SALIENT TECHNOLOGY (INTRONA &WOOD 2004:183)................................................ 63
FIGURE 12 DESIGN AS A DRIVER FOR RESPONSIBLE SOCIETAL INNOVATION ............................................. 68
FIGURE 13 THE CURRENT LANDSCAPE OF HUMAN-CENTERED DESIGN RESEARCH. ..................................... 72
FIGURE 14 CLASSICAL ROLES OF USERS, RESEARCHERS, AND DESIGNERS & CO-DESIGN ........................... 72
FIGURE 15 VISUALISING THE CO-DESIGN PROCESS .................................................................................. 73
FIGURE 16 VALUE SENSITIVE DESIGN...................................................................................................... 77
FIGURE 17 DISCLOSIVE ETHICS, LIVING LABORATORIES ........................................................................... 85
FIGURE 18 POWERPOINT SLIDES USED DURING THE ETHICS SESSIONS ....................................................... 87
FIGURE 19 ELSI QUALITIES SESSION OVERVIEW OF ETHICAL QUALITIES................................................. 98
FIGURE 20 SMARTPHONE PENETRATION IN A SELECTION OF EUROPEAN COUNTRIES (2013) .................... 111
FIGURE 21 SMARTPHONE GROWTH TRENDS 2020 .................................................................................. 111
FIGURE 22 ARCHITECTURAL, ETHICAL AND LEGAL QUALITIES .............................................................. 114
FIGURE 23 USHAHIDI HAITI MAP ........................................................................................................... 131
Version 1.0: Final
Collaboration
Page 7 of 161
Executive Summary
A New Reality
for emergency
services in a
21st Century of
Disasters
As software is becoming ‘everyware’ (Greenfield 2006), it is embedded not
only in the rhythms of everyday life, but also in the disruptions of the
exceptional. Greater vulnerabilities, created by population growth,
urbanization, and austerity, ill-equip societies for an increase in extreme
weather and political conflicts in a 21st ‘Century of disasters’ (eScience
2012). They create a ‘new reality’ for emergency services, demanding
increased efficiency with fewer resources and a less experienced but more
technology-savvy workforce. In this new reality, digitally augmented
practice presents new economic, social, political, legal and ethical openings
(such as opportunities for more efficient and better coordinated response and
deeper public engagement and dialog). But crises also reveal technological
accentuations of ethical, legal and social challenges of, for example, an
erosion of privacy and liberty, social sorting, digital divides and inequalities
and are a perspicuous site for the study of dispositifs or societal topologies of
power(lessness) in the face of disaster.
Questions of
technology
should suffuse
debates on
emergency
Ethics.
The research undertaken by the BRIDGE project pioneers an
interdisciplinary synthesis of philosophical, legal, policy, social science, IT
ethics and design perspectives on disaster management and response.
Building on a review of the state of the art of debates in philosophy, law,
policy and research ethics, we argue that attention to questions of technology
should not be a separate concern but suffuse debates on emergency ethics,
law, policy and research. Insights from technology design communities in
ISCRAM and CSCW can drive this. Three areas of socio-technical
entanglements are particularly promising sites for a more integrated analysis
and design. Existing research does not go far enough in considering how
ethics is practiced, it neglects the emergence of new publics and modes of
collective intelligence and collective action, and it butts against the
limitations of a humanist perspective that fails to address the intimate
entanglements between human and technology, which is more adequately
addressed through a ‘posthuman’ research orientation and ethics. BRIDGE
has developed a responsible research and innovation approach that integrates
insights from these diverse fields.
The law is a site
of power for
integration, but
embedded
solutions are
needed.
The law is one of the sites of power, where a strong impetus for a deeper
integration of questions of technology can originate. However, a continuous
aggregation of detailed, often reformulated rules has led to an accumulation
of regulations, frequently exhibiting a poor overall structure. Equally
problematic is the continuous vitiation of the legal language, following from
a frequent use of ad hoc solutions, and the ever increasing complexity of
piecemeal legislation. An additional problem is that legislation tends to
become more and more voluminous and all such problems stemming from
traditional jurisprudential efforts are well recognized in the field of Disaster
Law. All this leads up to the conclusion that in an outlook for the future there
is a need to include also new kinds of regulatory mechanisms, besides
structural approaches. Traditional legislative efforts are likely to be
complemented and augmented in various ways. Three such approaches
deserve to be mentioned. Co-and self-regulation initiatives, embedded
Version 1.0: Final
Collaboration
Page 8 of 161
solutions and pattern recognition.
Radically
careful and
carefully
radical design
is needed.
While the law provides impetus for integration of questions of technology,
design explores the socio-technical opportunity space for answers. In the
disaster-response related context of designing ‘solutions’ to address
ecological crisis, Bruno Latour argues ‘We have to be radically careful, or
carefully radical.’ (Latour, 2009, 7). We would say in informationalizing
emergency response, we need to be both: carefully radical and radically
careful, designing for radically more efficient and effective risk analysis,
crisis planning, management and response, whilst carefully avoiding ethical,
legal and social disasters, such as digital divides and a further spread of
surveillance. Analysts, designers, and practitioners must not only take
responsibility for (the inevitability of) ethical and wider societal implications
of informationalizing emergency response with careful circumspection as a
new reality takes hold, they must also formulate and pursue ambitious,
perhaps radical socio-technical critique and creativity. We suggest a roadmap
for research to develop studies that connect research in different subject areas
and disciplines (ethics, law, practice, social science, philosophy,
anthropology, organizational studies, design, computing), all with a view to
informing more careful and circumspect, yet also ambitious and ‘radical’
ELSI aware socio-technical innovation.
Into the open:
Disclosive
Ethics and ELSI
Co-Design.
The question is how to be more radical and ambitious in practice. The
BRIDGE project team has developed an approach that combines ELSI
analysis with co-design and ‘disclosive ethics’. Collaborative design or ‘codesign’ involves users in design, because ethical, lawful and socially
responsible conduct evolves in relation to new ways of working, which, in
turn, evolve around new technological potential. A range of theoretical and
methodological approaches have been synthesized in the BRIDGE approach,
including responsible research and innovation (Von Schomberg, 2013),
collective experimentation (Wynne & Felt, 2007), value sensitive design
(Friedman, Kahn & Boring, 2006), co-realization (Hartswood et al 2002) and
‘design after design’ (Ehn, 2008).
The BRIDGE ELSI Co-Design approach responds to these debates and calls
for responsible research and innovation. There are no ‘one size fits all
approaches’ or checklists that can be easily adopted for this and there is a
need for methodological innovation in how we might open up design
processes to notice, account for and creatively address ethical, legal and
social issues. Disclosive ethics is particularly useful as a methodology that
reveals how details can turn into politics, so that ‘what seems to be a rather
trivial injustice soon may multiply into what may seem to be a coherent and
intentional strategy of exclusion’ (Introna & Wood 2004:179). The method
proceeds by revealing where digital technologies are opaque and how their
agency or functions become embedded in wider socio-technical contexts in
ways that engender complex effects.
Findings from
Disclosure:
Design for
Design,
Response-
Even in a single organisation, for example, many tasks are collaborative and
distributed and complex infrastructures that are necessary for collaboration to
take place. When technologies are embedded in this, it is important to reflect
not only on the collective actions during emergency response and their
outcome, but also how technologies shape collective action. What are the
Version 1.0: Final
Collaboration
ability and
Virtuous
Practice
Page 9 of 161
ethical implications of data sharing infrastructures and situational awareness
technologies? How do they assemble emergency response units and are these
ways of assembling desirable in terms of enabling effective response? What
are (un-)intended effects? There have been many controversies both within
ethics and sociology on questions of collective, technologically augmented
agency and responsibility (e.g. May & Hofmann, 1992 Jasanoff, 1994),
which reveal some of the limitations of legal and ethical traditions based on
individual responsibility and call for more collective, organisational and
socio-technical models of accountability. Can organisations or groups act?
Can they collectively be responsible for actions? Communities, or even
Nations, too? And if so, how are they to be held accountable? Every
individual member? The leaders? The operators of a technology? And if the
technology has adverse effects – will those who use it be blamed, those who
procured it, or the developer team that made it? Does distributed action entail
distributed responsibility? What about the technology itself in this?
In Chapter 6 we develop an analysis of findings from the BRIDGE ELSI codesign and disclosive ethics approach, exploring a wide range if themes,
covering ELSI opportunities and challenges, including transparency and
design for accountable computing, reciprocity of perspective in distributed
collaboration, emergent interoperability and trust.
Collectively
BRIDGE-ing
for preferable
futures
We conclude with a review of open challenges and the way in which the
BRIDGE project contributes to wider efforts to enhance the security of
European citizens and the humanity of disaster planning, management and
response in a context of increasingly frequent and severe crises. These
challenges include security, privacy and the use of data for preventive
security approaches. While these pose hard, if not ‘wicked’ problems to
society that design cannot address alone, the BRIDGE ELSI Co-Design
methodology provides means that can support collectives in addressing them
through more carefully radically and radically careful socio-technical
innovation.
Version 1.0: Final
Collaboration
Page 10 of 161
1 Introduction: Benefitting from Disruptive Innovation
Economic pressures, increased frequency and severity of disasters, heightened vulnerability
through ageing infrastructures and populations, coupled with a generation change in the
emergency services are creating a ‘new reality’ for emergency services (Knight 2013, New
York State Executive Budget 2014-15) A range of challenges and opportunities arise from this.
There are various scenarios imaginable of how emergency response will be reformed and
further developed in order to tackle the ever more frequent large scale emergencies in this 21 st
century of disasters (eScience, 2012). The pressures combine with the potential of information
technology in a particularly dynamic manner, engendering ‘disruptive innovation’, that is,
innovation that transforms the social, economic, political, and organizational practices that
shape this domain (Chesbrough, 2003). There is a need to increase efficiency, meeting higher
demands with fewer resources and a less experienced but more technology-savvy workforce. In
this new reality, enhanced community resilience presents new economic, social, political, legal
and ethical openings. Digital urbanists, who inhabit the city ‘as a shared nervous system’,
learning ‘to modulate … nearness and remoteness at once, both as individual passengers of the
city and as social groups in emergence’ (Bratton, 2008), encounter crises with creativity.
Necessity becomes ‘the mother of invention’ as new skills come together in new ways and
people re-appropriate technologies to deal with the uncertainties and strains of disasters. Port au
Prince, for example, was the birthplace of ‘digital humanitarianism’ (Meier, 2012). But the
terrorist attacks in Mumbai (Oh et al 2010), the online witch hunt after the Boston bombings
(Starbird et al, 2014; Tapia et al 2014), and the NSA surveillance scandal (Harding, 2014) show
that there are many different kinds of digital urbanists, operating at different levels, with
conflicting intentions. Crises allow observations of emerging forms of digital urbanism and panurbanism, reaching from studies of organized crime (304th OSINT Team, 2008), to analyses of
securitization and militarization of urban living and implications for citizens and non-citizens
(e.g. illegals, tourists, migrants) (Aradau & Munster, 2011; Graham, 2008), to research on
collective intelligence and virtual operations support teams in disaster response (Hughes et al
2008; St. Denis et al 2012; Buscher et al 2014c;). Crises reveal technological accentuations of
social inequalities and are a perspicuous site for the study of dispositifs of power(lessness) in
the face of disaster. Further, crises are simultaneously exceptional while emerging from the
everyday. They engender (a culture of) fear (Furedi, 2006), and demands for unprecedented use
of digital technologies. This can disclose the sometimes fearsome capabilities of IT, the
ideologies that underpin their mobilization as well as unintended consequences of their
integration into the very fabric of urban living. The use of cloud computing to connect local
authority, commercial and government information systems in the aftermath of the 2011 triple
disaster in Japan, for example, has sparked widespread concerns over privacy (Katsumi, 2013),
fears echoed around smart city integration with crisis management systems in Rio de Janeiro
(Naphade et al 2011) and the use of drones in fighting wildfires in California (Back Country
Voices, 2013; Halverstadt, 2014).
This deliverable reports on our advances regarding the convergence of ELSI and collaborative
design for emergency response. After this introduction, Chapter 2 provides an analysis of
current debates within emergency ethics, law, policy and research ethics. Chapter 3 provides a
legal perspective, arguing that methodologies that address the fast moving and embedded
character of technology are needed. Chapter 4 explores motivations and methodologies for
‘Doing IT more carefully’. It is drawn from the introduction to a IJISCRAM special issue on
Ethical, Legal and Social Implications in Emergency IT curated and edited by the BRIDGE
team that presents a collection of studies into IT in emergency response and develops notions of
the morality of technology and disclosive ethics. Chapter 5 delineates our methodological
innovation in ELSI aware co-design. We report on explorations ranging from engagement with
Version 1.0: Final
Collaboration
Page 11 of 161
the End User Advisory Board (Figure 1), to co-design sessions with end users and designers,
expanding our domain knowledge through ethnographic fieldwork and the participation in
several real world exercises. Chapter 6 focuses on ethical challenges and opportunities
specifically related to the BRIDGE project, and the ways in which we have addressed them.
Here, we provide a summary of our ELSI findings concerning the BRIDGE System of Systems.
The report concludes with a brief outlook on what BRIDGE-ing for preferable futures could
mean, hinting at possible, probably and preferable visions of safety and security futures, and
ways of making IT better.
Figure 1 Discussing emergent practices at End User Advisory Board meetings
Framed by this introduction and a conclusion, this deliverable draws from a collection of
conference and journal articles and book chapters that have either been published or that are
being prepared for publication. They document key emerging practices and issues, pioneering
new areas such as the ethics of socio-technical systems in crisis response, advances in disclosive
IT ethics and ELSI aware co-design. We have published and presented these ideas in numerous
publications as well as conference papers such as:
Büscher, M., Kerasidou, X., Liegl, M. and Petersen Katrina (2015) Digital Urbanism in Crises.
In: Kitchin, R. and Perng, S.Y Code in the City. London: Routledge.
Kerasidou, X., Büscher, M. & Liegl, M. 2015: Don’t Drone? Negotiating Ethics of RPAS in
Emergency Response in: Palen, Büscher, Comes & Hughes, (Eds.): Proceedings of the
ISCRAM 2015 Conference - Kristiansand, May 24-27.
Liegl, M., Oliphant R. & Büscher, M. 2015: Ethically Aware IT Design for Emergency
Response: From Co-Design to ELSI Co-Design', in: Palen, Büscher, Comes & Hughes, Hrsg.:
Proceedings of the ISCRAM 2015 Conference - Kristiansand, May 24-27.
Büscher, M., Liegl, M., Perng, S.Y., Wood, L., Halvorsrud, R., Stiso, M., Ramirez, L. AlAkkad, A. (2014) Periphere Kooperation im Krisenfeld: Microblogging während der 22/7/2011
Anschläge in Norwegen. i-com. Zeitschrift für interaktive und kooperative Medien.
Büscher, M., Liegl, M., Rizza, C. and Watson, H. 2014a: Introduction. Special Issue on ELSI in
IT Supported Crisis Management, International Journal of Information Systems for Crisis
Response and Management. (im Erscheinen).
Büscher, M. & Liegl, M., Pern, S.-Y. 2014b: Privacy, Security, Liberty: ICT in Crises. In:
Büscher, M. & Liegl, M., Rizza, C., Watson, H. (Eds.) International Journal of Information
Version 1.0: Final
Collaboration
Page 12 of 161
Systems for Crisis Response and Management. Special Issue Ethical, Legal and Social Issues in
IT Supported Crisis Management”
Büscher M., Liegl, M., 2014c: Connected Communities in Crises. IEEE STC Social Networking
E-Letter Vol.2 No.1 edited by Hermann Hellwagner, Daniela Pohl and Rene Kaiser.
http://stcsn.ieee.net/e-letter/vol-2-no-1
Büscher, M., Liegl, M., Perng, S., Wood, L. 2014d: How to Follow the Information?
Sociologica. Vol. 1, Doi: 10.2383/77044,
Büscher, M., Liegl, M. and Thomas, V. 2014e: Social collective intelligence: combining the
powers of humans and machines to build a smarter society. Miorandi, D., Maltese, V., Rovatsos,
M., Nijholt, A. & Stewart, J. (eds.). Springer, p. 243-265.
Wood, L.; Van Veelen, B.; Van Splunter, S.; Büscher, M. (2013) Agile Response and
Collaborative Agile Workflows International Journal of Information Systems for Crisis
Response and Management Vol 5(3), pp. 1-19.
Al-Akkad, A., L. Ramirez, S. Denef, A. Boden, L. Wood, M. Buscher and A. Zimmermann
(2013) Reconstructing normality: The use of infrastructure leftovers in crisis situations as
inspiration for the design of resilient technology. Proceedings of the Australian ComputerHuman Interaction Conference (OzCHI'13), 25-29 November, Adelaiade, Australia. ACM.
Of particular importance were the three panels on Ethical, Legal and Social Issues in
Emergency Response that we organized at ISCRAM 2013, 2014 and 2015 and finally a special
issue of the International Journal of Information Systems in Crisis Research and Management
(IJISCRAM), a collection of conference papers from the 2013 and 2014 panel.
Relationship to other deliverables
The BRIDGE project aims to develop novel IT support for large-scale multi-agency emergency
response (synthesized in D11.2 (2015), documented as a specification in D2.5 (2015) and
detailed in technical deliverables from WP3-8). This is taking place in the context of significant
changes to the socio-economic and regulatory background of emergency response services in
Europe. In D12.1 Privacy Protection and Legal Risk Analysis (2012) we present an analysis of
issues around privacy, privacy intrusion, personal data and privacy protection. In D12.2
BRIDGE Ethical, Legal and Social Issues: Current practices in Multi Agency Emergency
Collaboration (2014) we describe current practices and pressures arising in the context of a
growing informationalization of emergency services. Of particular interest in the report at hand
are emergent practices of, and methodologies of designing for, ethically sound, lawful and
socially responsible futures or ‘21st Century Emergency Response’. In the course of the
BRIDGE project we have been able to discuss and observe such emergent practices and
experiment with a range of methodologies. This report documents key insights from this
process.
The overall conclusion from our review of current administrative and legislative efforts in
D12.2 is that common practices (internationally accepted and recognized by a large number of
authorities in different sectors of society) are rare. The responsibilities and the operative
management in states of emergencies vary between different jurisdictions and contexts. In this
deliverable we examine these diversities further, focusing on how new technologies can support
future practices that can bridge differences to foster ‘unity in diversity’ and effective, agile
emergency response.
Version 1.0: Final
Collaboration
Page 13 of 161
2 Emergency Ethics, Law, Policy & IT Innovation in Crises
This chapter provides a perspective on the Ashgate Library of Essays on Emergency
Ethics, Law and Policy, based on a review written for the International Journal of
Intelligent Systems for Crisis Response and Management. It focuses on information
technology and innovation in crisis response and management. It expands on the
review in the previous chapter through a more detailed focus on implications for IT
development such as the system of systems innovation pursued in the BRIDGE
project.
This Chapter builds on BRIDGE Deliverable 12.2 Ethical, Legal and Social Issues:
Current practices in Multi Agency Emergency Collaboration. It is co-authored by
Xaroula Kerasidou, Monika Buscher and Michael Liegl.
Abstract: Ethics, law, and policy are cornerstones for effective IT innovation in crisis response
and management. While many researchers and practitioners recognise this, it can be hard to find
good resources for circumspect innovation approaches. This paper reviews The Library of
Essays on Emergency Ethics, Law and Policy (2013), a four Volume series edited by Tom D.
Campbell, that presents a collection of 113 seminal articles and chapters on emergency ethics,
law and policy, and emergency research ethics. Building on a selective summary overview of
each volume, we draw out core themes and discuss their relevance to research concerned with
the design and use of intelligent systems for crisis response and management. The series brings
together important insights for IS design and organizational innovation, but there is a lack of
attention to socio-technical dimensions of emergency response and management. We conclude
by discussing research within ISCRAM and the related fields of science and technology studies
and IT Ethics, showing that entering into a conversation would be a highly productive
endeavour.
Keywords: ELSI, Emergency Ethics, Law, Policy, Research Ethics, Information Technology.
2.1 Introduction
Many information systems designers and practitioners care deeply about the ethics, law and
policy of socio-technical innovation in the field of emergency response and management. IT
innovation can, for example, create tensions between data protection, interoperability and
transparency in crisis response organisations, prompting researchers to search for ‘privacy by
design’ solutions to protect people affected by crises and crisis responders from intrusive data
processing (Weber & Gustiené, 2013). At the same time, information technology can enhance
responders’ capacity to address ethically problematic issues such as ‘role abandonment’ in the
face of danger or overwhelming chaos (Noble, White & Turoff, 2014). These two recent
examples of interdisciplinary engagement between IT design and enquiries into ethical, legal
and social issues (ELSI) drawn from philosophy, psychology, anthropology and the social
sciences highlight a deep mutual interest on the one hand, but also a need for more in-depth
engagement with each other’s concerns and knowledge.
The literature that could facilitate such cross-disciplinary insight has been scattered across
multiple academic fields, making a comprehensive overview of issues and available research
Version 1.0: Final
Collaboration
Page 14 of 161
difficult. Tom D. Campbell’s formidable effort to bring together seminal work in the fields of
emergency ethics, law, policy and emergency research ethics has resulted in a two thousand
page compilation of previously published articles and book chapters in four volumes as The
Library of Essays on Emergency Ethics, Law and Policy (2013). This series brings together
classic essays and more recent studies reaching from 1922 to 2012. In this review of the
complete four volumes, we provide an overview of the series and summarise some of the key
contributions to leverage insights for advanced research in ISCRAM.
We review each volume in turn, followed by a short discussion of the relevance to innovation in
IT supported emergency response and management. The article concludes with a discussion of
selected work within the fields of ISCRAM, science and technology studies and IT ethics. The
aim is to illustrate the potential of a deeper interdisciplinary dialog on matters of ethics, law and
policy, building on The Library of Essays on Emergency Ethics, Law and Policy.
2.2 Emergency Ethics
The first volume of the series on Emergency Ethics is edited by A.M. Viens and Michael J.
Selgelid and includes 25 journal articles and book chapters which are organised in five parts:
Part I, The Nature and Significance of Emergency; Part II, Ethical Issues in Emergency; Part III,
Ethical Issues in Emergency Public Policy and Law; Part IV, War, Terrorism and Supreme
Emergencies; Part V, Public Health and Humanitarian Emergencies. Contributions explore the
nature and significance of emergencies, normative implications and a range of perspectives on
the ethics of emergency response.
The volume opens with a deeply philosophical and political debate, which is well worth patient
consideration in relation to IT innovation, as we will show. Carl Schmitt’s famous statement
‘Sovereign is he who decides on the exception’ sets the scene, referencing his classic book
Political Theology: Four chapters on the concept of Sovereignty, first published in 1922.
Schmitt couples the concept of sovereignty with that of exception. According to him, exceptions
require decisions to be made outside of the law, because:
The exception, which is not codified in the existing legal order, can at best be
characterized as a case of extreme peril, a danger to the existence of the state, […] it
cannot be circumscribed factually and made to conform to a preformed law (Schmitt,
1985, p. 6/41).
For Schmitt, only the sovereign, defined as ‘he who stands outside the normally valid legal
system’, can declare an exception: ‘He decides whether there is an extreme emergency as well
as what must be done to eliminate it’ (p. 7/5). An influential but also controversial figure in
emergency ethics scholarship whose work underpinned the spread of National Socialism in
Germany, Schmitt sets off one of the key debates that runs through the whole series.
Both Michael Walzer in ‘Emergency Ethics’ (2006) and Tom Sorell in ‘Morality and
Emergency’ (2002) side with Schmitt in entrusting the head of state with the authority to declare
an emergency as a state of exception and to suspend constitutional laws in order to effectively
1
Quotes are indexed by two page numbers. The first number corresponds to the page number in the
original publication while the second refers to the page number in the Ashgate books.
Version 1.0: Final
Collaboration
Page 15 of 161
respond to it. Walzer (2006) argues that in cases of ‘supreme emergency’ - a concept first used
by Churchill in the face of the threat of Nazism, and defined by Walzer as a situation when ‘our
deepest values and our collective survival are in imminent danger’ (p. 33/337) – governments
and political leaders should be able to do whatever is required, even if immoral, to confront the
danger and ensure the survival of the political community. Sorell (2002) also argues that
extraordinary situations warrant extraordinary uses of power. He defines an emergency as ‘a
situation, often unforeseen, in which there is a risk of great harm or loss and a need to act
immediately or decisively if the loss or harm is to be averted or minimised’ (p. 22/16). Sorell
makes a distinction between private and public emergencies and in the case of the latter he
particularly singles out what he calls the ‘more extreme’ or ‘general’ public emergencies, such
as ‘an unexpected and overwhelming all-out military attack’ (p. 26/20). In these cases, Sorell
argues, the threat to be ‘sucked into’ a moral black hole, a free-for-all breakdown of moral and
social order, is so ‘repulsive’ that it provides enough justification for those to whom we delegate
the responsibility of managing the emergency to use extraordinary powers.
Other ethics scholars (Coady, 2004; Ignatieff, 2005; Sandin and Wester, 2009; Statman, 2006)
challenge the view that a state of exception should place state and society outside normal law.
While Schmitt (1985), Walzer (2006) and Sorell (2002) acknowledge the dangers entailed in
granting the state exceptional powers, and still make the case for the right of governments and
heads of state to suspend constitutional rights in situations of extreme emergency, contributors
such as Ignatieff (2005) and Coady (2004) bring concerns to the foreground. In ‘The Ethics of
Emergency’ (2005) Ignatieff opens with the question:
If laws can be abridged and liberties suspended in an emergency, what remains of their
legitimacy in times of peace? If laws are rules, and emergencies make exceptions to these
rules, how can their authority survive once exceptions are made? (p. 25/301)
Ignatieff reviews the history of emergency legislation in the U.S. and shows that ever since
Abraham Lincoln suspended habeas corpus – the right to be protected from unlawful
imprisonment – and other liberties during the American Civil War in 1863, this has been used to
justify suspensions of rights in other emergencies. Citing examples such as when the Bush
administration used military tribunals to try terrorists rather than putting them through the
federal court system, the author concludes that exceptions can set dangerous precedents and
argues for the importance for liberal democracies to uphold the rule of law and their
commitment to rights in times of safety and danger alike.
Coady (2004) picks up on a different problematic. He accuses Walzer of ‘pro-state bias’ and
challenges the latter’s position on the category of supreme emergency arguing that not only is
the concept ‘too opaque’ and ‘open to diverse interpretations’, it also ‘dangerously opens the
door to the identification of the state’s survival with that of its political leadership’ (p. 781/366).
Defining terrorism as ‘the organized use of violence [either by state or non-state actors] to
attack noncombatants or innocents […] or their property for political purposes’ (p. 772/357),
Coady argues that there is no justification for ‘exceptions’ for anyone - be they terrorists,
revolutionaries, or the state itself.
A different challenge comes from Sandin and Wester’s contribution ‘The Moral Black Hole’
(2009). Using empirical research, the authors refute the commonly held belief that in situations
of emergency the danger of a complete breakdown of moral order, opening a moral black hole,
is so great that it makes the use of extraordinary powers justifiable. Debunking what they call
the ‘myth of looting’ or similar fears of panic flight, price gouging and generally selfish
behaviour in crises as unsubstantiated, the authors challenge not only Sorrell’s position, but
more importantly the ways that such pervasive myths inform emergency policy. As they write:
Version 1.0: Final
Collaboration
Page 16 of 161
The myths that looting, panic and disruption of social values are common in the wake of
disasters are persistent, even though little empirical evidence is to be found to support
them. […] these myths are troublesome in many ways, but primarily because they
influence emergency planning and management. (p. 297/81).
Using examples such as Hurricane Elena which struck Gulfport, Louisiana in 1985 and the more
recent Hurricane Katrina, Sandin and Wester (2009) make the case that such myths can result in
valuable resources being misallocated to prevent looting and reduce crime rather than to save
lives.
Other contributions in the volume also focus on the complex relationship between ethics, law
and policy and explore how ‘necessity’ on the ground can shine a different light on issues such
as legal acts or moral rights (Wigley, 2009). Green (2007) focuses specifically on the act of
looting and argues that it constitutes a ‘uniquely complex crime type’ which can be shaped by
diverse factors such as racial discrimination, wealth and social inequalities or even the media
which, as cases such as Hurricane Katrina have demonstrated (see also Tierney, 2006), not only
make looting more visible but also frame it in particular and potentially problematic ways.
Identifying a continuum between “good” and “bad looting” which spans from heinous predatory
cases to case of pure necessity, Green (2007) argues that its moral content operates on an
extraordinarily wide spectrum and highlights the need for such moral complexity to be
appropriately accommodated in law.
At the root of these debates are basic moral questions about whether there are situations when
our normal moral standards should be suspended or overridden by “what needs to be done”.
These questions are captured in the long-standing tensions between key schools of moral
thought such as deontology – the ethical position that requires us to follow certain moral
principles regardless of the results; consequentialism – the ethical position where good results
for the greatest number are the most important moral criterion implying that in certain
circumstances the end can justify the means; and, threshold deontology – a form of
deontological ethics, which accepts that moral obligations hold up to certain thresholds, while
under extreme circumstances exceptions are possible. Contributors such as Zack (2009),
Alexander (2000) and Ripstein (2005) explore the tensions between these different moral
theories. Particularly interesting here is Harel and Sharon’s (2011) contribution. Using cases
such as a recent decision by the German Federal Constitutional Court to declare a provision of a
new anti-terrorism law that allowed the shooting down of a plane unconstitutional, the authors
demonstrate how these old philosophical debates between different schools of moral thought are
played out anew in the numerous policies and measures that have come to light in the wake of
the 9/11 attacks. On this basis, the article raises timely questions such as, ‘[d]oes the threat of
mass suffering and death justify torture, pre-emptive strikes, invasion of privacy, rendition, and
other violations of fundamental rights?’ (p. 846/180). In response, Harel and Sharon argue that
any violations of our moral standards in cases of emergency should not be governed by rules or
principles, but guided by particular context-dependent judgements. Demonstrating the ambitious
breadth of the series, this volume also includes controversial contributions that push the limits
of ethics and legality such as Ayn Rand’s argument for the virtue of selfishness (1963) and
Zwolinski’s (2008) libertarian account on the ethics of price gouging.
The last part of this volume focuses on public health and humanitarian emergencies and
explores questions such as: how much investment of time, energy and resources are morally
required in order to prepare for and respond to emergencies, and how should costs and benefits
be distributed? The contributions range widely in topics and stances from discussions on the
human rights implications of the growing trend towards viewing public health emergencies as
security threats (Murphy & Whitty, 2009) to the inter-generational impacts of climate change
Version 1.0: Final
Collaboration
Page 17 of 161
(Gardiner, 2004) and the tensions between development aid versus emergency aid (Rubenstein,
2007). Contributions which make a strong case for a global sense of moral responsibility for an
equitable distribution of resources and costs (O’Neill, 1975; Singer, 1972) butt against
provocative contributions, such as Hardin’s controversial stance against overpopulation and the
failures of charitable world food banks (1974).
Debates on what is an emergency, who has the authority to define it and which emergency
measures are justified in which situations are important to the ethics of IT supported multiagency emergency response, making this volume a valuable resource for IT designers and
information systems practitioners. IT design should be informed by these debates, because
decisions about the nature and characteristics of an emergency are increasingly taken with the
help of information systems and the emergency agencies’ capability to assess the urgency, scale,
severity, and future course of an emergency play an important part. This adds significance to the
ethical requirement that Emergency Management Information Systems (EMIS) (Turoff et al,
2004) and associated information systems, such as remotely piloted aircraft systems (Kerasidou
et al, 2015), mobile live video (Bergstrand & Landgren, 2009), e-triage systems (Ellebrecht &
Kaufman, 2015) or social media (Vieweg et al, 2010) should support a rich dynamic risk
assessment and risk communication in order to produce an as accurate as possible ‘situation
awareness’ (Endsley, 1995).
Moreover, the ethical debates presented in this volume can further sensitise IT practitioners on
the fact that Emergency Management Information Systems can not only influence emergency
response in direct ways such as by extending surge capacity, maximizing availability of
services, and enhancing risk communication. They can also complicate, intentionally or not,
adherence to core ethical principles such as non-maleficence and beneficence (do no harm).
Examples range from challenges to respect for human dignity and privacy, and distributive
justice (equal access) (Jillson, 2010), through the Pentagon’s Defense Science Board (DSB) call
for a new Tracking, Tagging and Locating or TTL ‘Manhattan Project’ (2004) of global mass
surveillance (in Crang & Graham, 2007; Büscher et al, 2013) to ubiquitous healthcare systems
which utilize personal digital devices and wearable bio-sensors to continuously monitor
individual’s health status and record sensitive personal information (Brown & Adams, 2007).
The variety of impacts illustrates how far-reaching and important the ethical debates raised by
this volume are and can help to sensitize designers, prospective users and policy-makers to
ethical impacts – good and bad – that technology might contribute to in crisis management.
2.3 Emergency Law
It might not come as a surprise that the second volume of the series on Emergency Law also
starts with the influential and controversial figure of Carl Schmitt, signalling both the
overlapping histories and intimate relationships between Law and Ethics in liberal democracies.
The volume is edited by Saskia Hufnagel and Kent Roach, who along with a comprehensive
introduction and conclusion have put together 18 articles and chapters from a growing area of
scholarship in emergency law. The volume is organised in five parts: Part I, The Evolution of
Emergency Law; Part II, Emergency Law and the Interaction with Military Law; Part III,
Emergency Law and Disaster Response; Part IV, Emergency Powers and the ‘War on Terror’;
and Part V, All Risk Emergency or Case Specific Regulation.
Despite the long history of emergencies and the long-standing theoretical debates on the legality
of emergency and exception, emergency law is an area of legal studies that cannot easily be
delimited. For a long time, issues related to disasters have been addressed separately in a variety
of legal contexts (Governmental Law, Criminal Law, Insurance Law, etc.) by all sorts of
different legal instruments (constitutional rules, laws and ordinances, memoranda, etc.). For IT
Version 1.0: Final
Collaboration
Page 18 of 161
supported emergency management this diversity is challenging. As any new tool would need to
comply with existing legal frameworks as well as identify problems and opportunities for legal
reforms, a review of the state of the art in disaster law research is highly instrumental. This
volume is a solid attempt to put together a comprehensive overview of work which highlights
the successes and pitfalls of emergency legal regulation from a comparative international
perspective, thereby also constituting a useful resource for practitioners in IT innovation who
work across different legal frameworks
In order to understand the tensions between balancing constitutional principles and effective
state responses in emergency situations, an understanding of the background history and
philosophy of emergency powers and the dangers involved in finding the right balance is
necessary. The first part of the volume offers exactly this. While each article adopts a different
perspective, together the first three chapters by Dyzenhaus (2005), Zuckerman (2006), and
Ferejohn and Pasquino (2004) provide an overview of the philosophical debates that surround
the development of the concept of ‘emergency law’ and the present state of the debate. Through
this work, the reader is introduced to the main paradigms of emergency law, such as a
-
-
Monist position, which rejects the idea that emergencies can ever justify any exception
to the ordinary scheme of governance;
a Dualist position, which advocates the construction of a legally authorized space of
discretionary power in ordinary law, designed to guard against a breakdown of the
norm/exception dichotomy;
a Schmittian position: as we saw before, this promotes the view that an exception
should exist outside of the law, exempting the state from normal moral judgement
during an emergency.
By drawing together a set of landmark discussions on these positions, the volume demonstrates
that despite the long history of emergencies, the field of emergency law has gained particular
traction since the events of 9/11. Following the terrorist attacks and the subsequent declaration
of a “war on terror”, the relationship between disaster law and the law at normal times has been
constructed as governed by tensions, or even incompatibilities, between security and human
rights considerations. As we will see, this is a tension that runs through most of the
contributions.
After starting with a chapter that focuses on the deployment of the military in international
armed conflict from a US perspective (Tushnet, 2003), Part II moves on to the more contentious
matter of the role of the military within national boundaries, an issue which, as the editors write,
‘has triggered the constitutional rights debate first and foremost’ (Hufnagel & Roach, 2013, p.
xiii). The chapters by Scheppele (2006), Dougherty (2008) and Head (2009) provide a
comparison between Canada, USA and Australia with regard to the deployment of the military
in emergencies - these are three legal systems which although having the same British legal
heritage, have developed very different approaches. Particularly interesting here is Scheppele’s
chapter (2006), which traces the parallel constitutional histories of Canada and the USA for
most of the 19th and 20th century until the 1970s when the two countries chose different paths.
Scheppele brings these differences in focus as she compares the reaction of both nations to 9/11.
While Canada reacted with a moderate use of exceptional powers reflecting the nation’s recent
constitutional revolution which attempted to bring the use of emergency powers within
constitutional control, the US ‘plunged into more extreme uses of emergency powers’ (p.
213/131) demonstrating that it still fundamentally operates under the old ‘martial law’
framework inherited from Britain.
Version 1.0: Final
Collaboration
Page 19 of 161
The significance and implications of the US’s attitude towards the use of emergency powers
were felt, and continue to be felt worldwide, long after the events of 9/11, when President
George W. Bush declared a “global war on terror” allowing him to assert extraordinary
constitutional powers and then invoke an all-powerful commander-in-chief clause of the U.S.
Constitution for justification of these powers (Scheppele, 2006, p. 234/22). Considering that it
broadens the concept of war, blurs the boundaries between legitimate or illegitimate use of
extraordinary powers, and leaves open the question of the role of the military on domestic
territory, it is no surprise that the “war on terror” has attracted considerable attention from legal
scholars. Scheuerman (2006), Ackerman (2004) and Levinson (2006) give the reader an idea of
the on-going debate that surrounds the “war on terror” as they provide a critique from their own
perspective of the US’ Schmittian approach and make their suggestions on how a balance
between emergency powers and democratic control can be achieved, while contributions by
Bronitt (2008) and Hufnagel (2008) provide an international comparative perspective on these
questions. Specifically, Scheuerman (2006) argues that neither a Schmittian approach to
emergency power, nor other approaches which start from an anti-Schmittian thesis and attempt
to synthesize emergency power and liberal democracy, holds up to scrutiny as neither pays
much attention to the executive. According to him, the liberal democratic executive represents
the most important site for the actual exercise of emergency government and so closer attention
to its overall political and constitutional structure is needed (p. 79-80/301-2). Ackerman (2004)
is also critical of the US’ approach and raises alarm bells about a descent into ‘a repeated cycle
of repression’ (1030/308). In his article ‘The Emergency Constitution’ (2004), the author
proposes a formal framework he calls ‘the supramajoritarian escalator’, which gives power to
the executive ‘for the briefest period – long enough for the legislature to convene and consider
the matter, but no longer’ (p. 1047/325), in an effort to ensure democratic control over
emergency power.
Questions regarding emergency powers and the role of the military are not restricted to cases of
terrorism but also concern civilian emergency situations like natural disasters. Resonating with
Sorrel’s fear of a moral black hole, such questions include rather simplistic references to the
‘heroic’ image of the military asking, if natural disasters bring about violence and looting in
people’s struggle for survival, or if criminals take advantage of disasters, what means can the
military use in order to uphold social order? Also, what happens when the chains of command
become unclear affecting the interaction between agencies? In his essay, Dougherty (2008) uses
the Hurricane Katrina disaster to examine military involvement for humanitarian purposes.
From his examination, he concludes that the Posse Comitatus Act - which prohibits the use of
the standing military to execute laws - was misleadingly used as an excuse for the government’s
failure to respond to the disaster (Samek, 2006 also reaches a similar conclusion) and argues
that ‘the government ought to focus its energies on fixing communication channels and
emergency operation plans so we do not have a repeat of the Katrina disaster’ (Dougherty,
2008, p. 147/193).
The call for better support for communication continues when, from different disciplinary
perspectives, Manuell and Cukor (2011), and Waugh and Streib (2006) highlight the need to
embed legal considerations in broader analyses of the possibility and the necessary conditions
for lawful conduct for effective emergency management. Manuell and Cukor (2011), both
academics in the field of emergency medicine, discuss how compliance with emergency laws
concerning evacuation and quarantine can be achieved and point to effective risk
communication, transparent instructions, preparedness and education as key factors. Coming
from a policy perspective, Waugh and Streib (2006) point out a conflict of cultures in US
emergency management between the co-operative culture at the practitioner level clashing with
Version 1.0: Final
Collaboration
Page 20 of 161
the hierarchical approaches imposed by federal agencies, hence leading to problems of
communication and co-operation.
The debates in this volume focus on the challenges of balancing liberal values with increased
demands for security, and the effective collaboration between different agencies with sometimes
overlapping or even conflicting regulatory frameworks. These are issues which are central for
practitioners of IT innovation in emergency response and planning, making this volume
instrumental in providing background knowledge, orientation but also an international
comparison for IT system designers who need to address global markets and navigate, translate
and support different legal frameworks. At the same time, the volume creates an opportunity to
move beyond an understanding of security and human rights as incompatible. As we will
discuss later, this is an opportunity that IT innovation can seize through integrating the
perspectives represented in this series with related research in science and technology studies,
collaborative design and other approaches.
2.4 Emergency Policy
The third volume is edited by Timothy Legrand and Allan McConnell and brings together a
collection of 26 papers around the theme of Emergency Policy. This is an area which
encompasses all aspects of governmental or public sector response to emergency, either on an
operational level (focusing, for example, on emergency planners, risk assessors and emergency
services responders) or what the editors call, a ‘political-strategic’ level where issues such as the
meaning of “crises” and the implications for existing policies are considered (2013, p. xvi). The
volume is organised in four sections - Prevention and Planning, Acute Response, Recovery and
Learning - what in the literature is termed the ‘cycle’ of crisis and emergency management (see,
for example, Hiltz et al, 2010, p. 4). Yet many of the chapters of the volume do not fall strictly
within these four phases/categories; an observation which illustrates one of the key points that
the editors highlight, namely that,
crisis and emergency management is a tough task. It is not a ‘rational’ process (although
there may of course be rationality involved) where clear goals are plotted out and the pros
and cons of differing evidence-based solutions can be weighed up in deliberative and
time-rich environments (Legrand & McConnell, 2013, p. xvii).
A challenge against compartmentalisation emerges as a key theme not only from the structure,
but also the contents of this volume, as we shall see. A number of the contributions proclaim the
changing nature of emergencies in a globalised “new world” which is characterised by an ‘ever
increasing interrelatedness and interdependence’ (Boin & Ekengren, 2009). These contributions
talk about new forms of transboundary risks and crises which can quickly spread across
geographical borders and policy boundaries (Ansell et al, 2010; Boin & Ekengren, 2009;
Lagadec, 2009; Rosenthal, 2003; Williams, 2009). Ansell et al (2010) identify three key
dimensions in describing the transboundary nature of disasters, asking whether: (i) crises cross
political and territorial boundaries, (ii) they cross functional boundaries threatening multiple
life-sustaining systems, and finally, (iii) they transcend time boundaries, hence resisting a welldefined beginning and end. Lagadec (2009) raises the urgency by claiming that we currently
live within a ‘new cosmology of risk’ which marks a break from the past into uncharted
territories and ‘new frontiers’ where one finds a ‘hypercomplex’, ‘unintelligible’ and ‘chaotic’
world. So much so that the author proclaims that ‘looking back is not an option’ and calls, as the
title of the paper puts it, for a ‘radical shift in paradigm and practice’.
Others take a different view. Instead of seeing breaks and paradigm shifts, they see continuities,
connections and long-evolving histories. Brändström et al (2004) reject the view that the crises
Version 1.0: Final
Collaboration
Page 21 of 161
of the 21st century are somehow unique in their nature and, in contrast to Lagadec (2009), urge
us to rethink their nature by ‘look[ing] back’. Or, in other words, they broaden our
understanding of the role that history, historical analogies and memory play in contemporary
governance and emergency management. Brändström et al (2004) argue that while events such
as the attack on the WTC and the Pentagon were unprecedented, the challenges that such events
pose to communities and policy-makers are not unique. While acknowledging some new
challenges, Boulden (2004) also recognises that talks of blurred boundaries and accelerated
interconnectedness between states, which bring both hopes but also threats, were prevalent
already in the early days of the post-Cold War period. The author notes that networks of
international crisis mechanisms geared towards crisis response are already in existence (UN,
OCHA, IHP, etc.), and argues that a new kind of response might be needed to address the
‘multidimensionality’ of crises which causes the system to be stressed not only at one but a
variety of resource and decision-making levels (p. 806/130). O’Dempsey and Munslow (2006)
go even further and place globalisation and the interconnectedness of states in a historicalpolitical context that stretches back to the post-war era, tracing it through the histories of
colonialism, the Cold-War and post-colonialism.
Klein and Smith (2008) and Pyles (2011) also bring to light the importance of framing crisis in
particular ways. The authors identify an insistence on “newness” (‘new frontiers’, ‘new crises’,
‘new paradigms’) as an inherent characteristic of neoliberalism which ‘constantly strives to
expand into new markets and to do its work with results-driven efﬁciency’ (Pyles, 2011, p.
176/327). According to Klein, this translates into post-disaster responses which she describes as
the ‘scorched earth’ or ‘starting from scrap’ model, using Iraq as an example. But this is not the
only option. Using the example of the Workers’ Movement in Argentina, Klein talks about a
‘whatever's left, whoever's left, patch it together and start from there’ model. A sort of tinkering,
but profoundly democratic, model which saw the Argentinian workers going back to closed
factories, dusting them off and getting the machines back to work, this time for themselves
(Klein and Smith, 2008, p. 587/292). Similarly, Pyles (2011), Ingram et al (2006), Telford and
Cosgrave (2007), and Snider (2004) make a case for alternative, sustainable and socially
transformative solutions. Specifically, Pyles (2011) uses the case study of a post-Katrina
community-based project to argue that international NGOs operate within a neoliberal climate
which seeks ‘quick fixes’ and enables practices that perpetuate injustice. The author argues for a
transformative/sustainability approach to disaster recovery which is
premised on principles of democratic engagement and leadership development. […]
compatible with a transformative approach to community organizing and development
which strives for social change [and] work[s] in true partnership with indigenous
community leadership […] Such a transformative/sustainability approach is also always
an anti-oppressive approach whereby recovery methods create a space to actively
confront ways in which social hegemonies (such as racism, sexism, and classism)
operate, striving for transparency and accountability in practice (pp. 176-7/327-8).
While mapping the differences in how the nature of crisis is defined and understood might
appear a theoretical pursuit of little practical importance, this volume succeeds in making
evident how definitions, and language more broadly, matter as they shape how emergency
diagnosis and response take shape on the ground. In other words, the operational level of policy
management is tightly linked with the political-strategic level concerned with the definition and
meaning of “crises”. So, for example, Boin and Ekengren (2009) make the case that we live in a
world risk society which poses threats to national safety and security. On that basis, they call for
a ‘new security paradigm’ which will see the European Union assume a supranational and
newly emerging security role. Other contributions focus on the interaction between the local and
the global, calling for a broadening and enhancing of local government capabilities within a
Version 1.0: Final
Collaboration
Page 22 of 161
globalised context (Jarman et al, 2000), they explore the need for new multilateral governance
structures that will operate on an international level (Boulden, 2004), or make the case that
within crisis research a crisis is no longer seen as an event that can be easily demarcated but as a
process whose very identity may change over time. On that basis, Rosenthal (2003) argues that
traditional models of crisis management which operate on a response-recovery basis will need
to be revised in order to cope with the ‘inconceivability’ of future crises.
However they might conceptualise crises, most authors acknowledge the complexity of working
across boundaries - be they operational, institutional, geographical, cultural or political – as it
encompasses challenges which range from fragmentation of response and ‘organisational silos’
which result from a reluctance to share information across agencies and non-governmental
actors (Boin & Ekengren, 2009; Galaz et al, 2011; Williams, 2009), to reluctance of nationstates, or organisations to cede authority in key areas to other states or institutions (Boin &
Ekengren, 2009; Boulder, 2004), to political challenges in establishing common understandings
of crises. On the political end of the spectrum we find O’Dempsey and Munslow (2006), who
write about ‘complex political emergencies’, namely situations of intra-country armed conflict,
often combined with a ‘natural’ trigger mechanism such as a drought, tsunami or a hurricane.
Grounding the debates of the two previous volumes of emergency ethics and law through
examples from Angola, the Democratic Republic of Congo and Sudan, which they locate in
their post-colonial context, the authors make the case that complexity is nothing new. Instead, it
is an inherent characteristic of already existing and long-established institutions which has long
been making the international community ‘profoundly uncomfortable’ (2006, p. 502/222). The
authors illustrate their argument with examples such as the UN’s mandate to respect national
sovereignty and intervene only when it is invited to do so by a particular government, even if
that same government is the one contravening international law. On the operational end of the
spectrum, Ansell et al.’s contribution (2010) is particularly interesting. Arguing that the nature
of crises is becoming increasingly transboundary, the authors investigate the administrative
mechanisms that are needed to deal with the challenges that they pose. Drawing from
organisation theory and public administration and disaster management research, they identify a
need for four boundary-spanning capacities: distributed sense making; networked coordination;
surge capacity and formal scaling procedures.
This volume is broad, multi-faceted and ambitious. It covers much ground and brings together
many different perspectives and approaches, including a valuable conclusion from the editors
themselves. Particularly impressive is how the editors seek to push the boundaries on what
constitutes a “policy issue” by including contributions such as those by Williams (2009) and
Klein and Smith (2008). The former presents a ‘post social’, or relational approach that
acknowledges that emergency management and research deal with phenomena beyond humanist
conceptions of instrumental reason and control. The latter offer a very different approach to
understanding disaster; not as something “unexpected” or “inconceivable” which needs to be
managed through effective policies when it happens, but as something which is intentionally
sought out for economic benefit (‘disaster capitalism’), and followed by a ‘policy tsunami’
whose role is to push a programme of privatisation and deregulation. Also, the volume is
instrumental in revealing how important, yet challenging, it is to establish common
understandings of crises. It highlights the role that the media play in framing disasters in
specific ways (Robinson, 2000; Rosenthal, 2003; Zoeteman et al, 2010) while it also attempts to
illuminate complexities at an operational level and discuss the role that technologies play in the
‘art of sense making’ and the different approaches to coordination such as control and command
versus bottom-up approaches (Ansell et al, 2010).
Version 1.0: Final
Collaboration
Page 23 of 161
Information technologies engender positively and negatively disruptive innovation
(Chesbrough, 2003) at both operational and strategic policy levels, and their design is shaped by
policy decisions at these levels. A few issues raised in this volume are particularly pertinent for
IT design and designers. The need for non-compartmentalised, transboundary and multidimensional emergency response and management expressed in these policy debates resonates
strongly with the capabilities of information technologies. Technologies can support distributed
sense-making, networked coordination, expand surge capacity and augment formal scaling
procedures, highlighting that innovation can effectively address real world concerns and needs.
It is thought-provoking to consider that the same kinds of technologies that can be used to
support such agile response, may also be used to support ‘disaster capitalism’. At the same time,
the debates about enduring histories chime a note of caution. While many IT designers assume
that more information and better means of sharing it will allow radical shifts in quality and
efficiency, the longstanding histories of information and sense-making practices may be more
powerful than it is often acknowledged, constraining the actual utility of new technologies
unless attempts are made to accommodate historical and practical continuities. Finally, the
analysis of the material impacts of discursive policy efforts entails lessons about how the
discursive dimensions of IT ontologies, databases, inventories and expert systems can make
politics through categorisation in and through technology, with complex unintended
consequences.
2.5 Emergency Research Ethics
The fourth and most extensive volume of the series is edited by A. M. Veins and brings together
an impressive collection of 46 articles from the field of research ethics which deals with ethical
issues of research involving human participants in emergencies. The medical disciplinary
heritage of the field is strongly reflected, with the majority of chapters focusing on medical
emergencies, both private and public, with a few others providing a broad overview of ethical
issues that can arise when researching, as well as responding to complex humanitarian
emergencies, using case studies such as the Asian Tsunami, and the wars in Lebanon and
Liberia.
Research ethics as a modern field regulated by international codes came about after the
historical abuses of research on captive populations in World War II, yet the first National
Commission for the Protection of Human Subjects of Biomedical and Behavioral Research was
created only in 1974 in the U.S. after a series of domestic medical research scandals which
involved groups such as elderly patients, institutionalised children, and poor black men.
According to Levine (2004), this resulted in research coming to be seen as a risky and
potentially exploitative enterprise which needed to provide protection to its participants as a
way of offsetting these dangers, hence creating a tension within the field between researchers
and the participating “human subjects”. This is a highly productive, yet deeply humanistic,
tension which, as we will see, runs through the whole volume and positions it as a catalyst for
developing valuable insights about the politics of research across disciplinary boundaries.
The first part of the volume focuses on consent; a concept which became central as it provided a
way of contributing to the protection of participants’ autonomy as individuals. However, during
times of emergency the decision-making ability and hence the ability to provide fully-informed
consent is either impossible (for example when the patient/participant is unconscious) or
questionable (for example in cases of disaster research, as examined by Rosenstein (2004),
when the voluntariness and capacity of the victims to participate is debatable). In such cases, the
possibilities of using legal representatives or “proxies” come to the fore. Echoing in more
practical terms the key ethical dilemmas as explored in the first volume of Emergency Ethics,
one main question that arises in emergency research ethics is whether there are exceptional
Version 1.0: Final
Collaboration
Page 24 of 161
cases within emergency research which would render ethically permissible the waiver of
consent for the benefit of research and society at large, and, if yes, how such cases should be
regulated.
Booth (2007) and McCarthy (1995) examine these questions from a European and American
perspective respectively, pointing out the ambiguity of existing regulatory frameworks. Fost
(1998) points out that informed consent is neither necessary (as it can be substituted by that of
representatives when the patient is unconscious) nor sufficient for ethically and legally
responsible research (Nazi experiments, for example, would still be impermissible even if
consent was granted), and so it shouldn’t be seen as an end in itself. Instead, it is a means, an
instrument with several versions (such as “proxy consent”, “implied consent”, “waived
consent”, “presumed consent”) designed to protect the participants from harm while preserving
their autonomy and self-determination (p. 183/51) and so it presents us with several practical
challenges. On the issue of obtaining proxy consent, McCarthy (1995) asks whether it is feasible
to obtain informed consent from legally authorized representatives of subjects who are
incapacitated considering the time and emotional pressures of such situations. Secondly, he
questions whether this approach introduces inequity into the research that violates the principle
of justice:
Experience has shown that it is far more difficult to locate persons qualified and willing
to serve as legally authorized representatives for economically deprived and minority
patients than it is to locate surrogates for middle class white patients (p. 160/28).
While the concept of consent focuses on the decision-making capacity of an individual to
maintain their autonomy and self-determination, the concept of vulnerability has a more
collective function, granting members of a vulnerable group special consideration and
protections (explored in part III). In some cases, such as in emergency and critical care medicine
situations, assigning the status of vulnerability is straightforward and the challenge lies in how
to address problems that arise from the fact that the line between patient and participant is
blurred (explored in part II). In other cases, the question of vulnerability appears more
contentious.
Levine explores the history of vulnerability and the different meanings it takes in biomedicine,
social science and mental health research, and concludes that it is an extremely elastic concept.
This means, according to Levine (2004) and Fleischman and Wood (2002), that research that
involves trauma- and disaster-affected populations should be subject to even more intensive
review in order to prevent oversampling and redundancy, and to ensure that victims are treated
sensitively and are not at risk of being pressurised, “exploited”, or re-traumatized as a result of
their participation in research.
Yet, the concept of vulnerability seems to be surrounded by controversy in the field of research
ethics about whether labelling a population or a group as vulnerable may be pejorative, an
overgeneralisation, or even potentially stigmatizing (Levine, 2004; Fleischman & Wood, 2002).
Levine (2004) writes that the concept has rightly emerged as a response to the dark history of
medical research, yet it appears that it is based on
[a] fundamental assumption [which] underlies the modern history of research ethics:
certain categories of people are more likely than others to be misled, mistreated, or
otherwise taken advantage of as participants in research studies. (p. 396/116).
In this quote, the power issues that run through the heart of research ethics are brought to the
foreground. Aside from providing protection, the concept of vulnerability can also be seen as a
way of undermining the power, autonomy and self-determination of certain individuals, groups
Version 1.0: Final
Collaboration
Page 25 of 161
(a case, as Levine (2004) writes, most forcefully made by people with HIV/AIDS (p. 399/119)),
communities, or even countries, further crystallizing long-standing histories of colonisation,
inequality and exploitation (Levine, 2004; Fleischman & Wood, 2002; Citraningtyas et al, 2010;
Hill, 2004; Zwi et al, 2006). As part IV explores, such issues become even more heightened in
situations where the need to engage with “the community” is stressed and the importance of
public perception comes to the fore, hence raising the issue of the ethics and politics of
participation, but also questions such as, “which communities benefit?” (Calain et al, 2009).
In 1996, the U.S. Federal Regulations changed permitting an exception from informed consent
for certain studies in emergency settings as long as certain conditions are met, one of which is
“community consultation” (see Dickert & Kass, 2009; Ragin et al, 2008). According to
Lecouturier et al (2008), in 2004 a similar European Union Directive became law across
Europe, and Canada and Australasia also have similar legislation.
These changes not only provided the potential for clinical research in emergencies, such as
stroke or sudden cardiac arrest where acquisition for informed consent is impossible, to go
ahead (Dickert & Kass, 2009), but also shed light on the fact that, as Lecouturier et al (2008)
put it, ‘to date [2008] the views of patients and the public, [i.e. those who ultimately may be the
most affected] have not been considered when developing research legislation (p. 3/177).
Dickert and Kass (2009) present a qualitative study that seeks to address this gap in the research
ethics literature. Their study sought the views of survivors of sudden cardiac death on the
controversial issue of emergency research conducted under an exception from informed consent
(EFIC). Interestingly, their findings indicated a broad acceptance of EFIC research hence
demonstrating the ‘potential for valuable input from patients regarding complicated and
ethically challenging issues’ (p. 183/165).
At the same time though, the changed regulations created further confusion since, as Ragin et al
(2008) put it, the federal agencies did not provide a clear direction for what counts as
“communication”, how to conduct “community consultation”, or even ‘who is the
“community”’? As Richardson et al (2006) and Dickert and Sugarman (2007) also argue, there
are real difficulties in identifying a relevant community and interpreting and implementing
community consultation, so much so that these difficulties have become a real hurdle in the area
of research in emergency settings making this issue ‘perhaps the greatest controversy’ in
emergency research (Dickert & Sugarman, 2007, pp. 159-160/235-6). For the authors, this
highlights the importance and need to better understand how to identify, involve, and notify
relevant populations.
Similar debates arise in the context of public health and complex and humanitarian emergencies.
The contributions in the two final parts of the volume identify and discuss challenges in
conducting research in situations of public health emergency, such as acute-epidemics,
humanitarian emergencies, conflict settings and post-emergency situations. These are situations
whose highly volatile nature raises procedural challenges for the ethical review of research
projects. But they are also situations where research runs the risk of being seen as a luxury
which diverts important, yet scarce, resources from the saving of lives. Pringle and Cole (2009)
seek to address the question of the balance between risks and benefits by stressing that research
ethics in complex humanitarian emergencies should not come at the expense of humanitarian
action but should be in fact informed by it; that is, adhering to the humanitarian principles of
neutrality, impartiality and independence and being needs-driven and relevant to the affected
populations. Likewise Black (2003) argues that academic researchers have much to learn from
the ethics frameworks guiding international NGOs and UN organizations.
Version 1.0: Final
Collaboration
Page 26 of 161
Other contributions stress the power questions that underpin these issues on a global/local scale.
Calain et al (2009) write about a ‘new dimension of inequities’ which magnifies the polarization
between poor countries urged to donate natural resources (clinical specimens, viruses and other
microbes) versus technologically advanced industrial countries with private interests (p.
17/347). Hill (2004) stresses the western bias that underpins ethical debate around research in
developing countries and makes the case that this debate is framed not only by western values,
but also by western economic advantage. In a way that challenges the humanitarian principles of
neutrality, impartiality and independence, Hill (2004) makes the case that research, and in
particular research in “post”-conflict situations, is a political act and urges researchers –national
or expatriate- to be ‘acutely sensitive to their own positioning in respect to local and
international contexts’ (p. 153/461) and the power and responsibilities that their position entails.
Arguing for an acknowledgement of the capacity of vulnerable groups and communities, such as
refugees, to take an active role in research and generate innovative research, Zwi et al (2006)
close their contribution with a pertinent quote:
Vulnerable groups, vulnerable communities, and vulnerable countries will remain
passively “in need of protection” until they gain the type of agency . . . that locates
organized and active communities at the centre as initiators and managers of their own
health (MacFarlane et al, 2000 in Zwi et al, 2006, p. 275/444).
Moving from understandings of vulnerability as the lack of autonomy, self-determination and
therefore agency and power to a view of vulnerability as a way of becoming sensitive to
asymmetrical relations of power between actors is a way to ascribe agency and power back to
those vulnerable groups, communities and countries without becoming blind to long-standing
problems of inequality. Moreover, this is the basis, as Ezeome and Simon (2010) argue, for
‘collaborative partnerships’ which recognise the community as a ‘full and equal’ partner and
respect its values, culture and social practices. Citraningtyas et al (2010) go even further in
challenging the traditional power hierarchies and dynamics between researcher and vulnerable
participant, community or country. In their paper, the authors examine the further pressures and
burdens that the presence of researchers and other incoming aid agents impose to disasterstricken communities. Using the case study of the Indian Ocean Tsunami in 2006, the authors
refer to “a second tsunami” to describe the wave of national and international individuals and
agencies that arrived in some tsunami-affected areas which was so large and difficult to manage
that it was said to create a ‘subsequent human-made disaster’ (p. 108/147). To avoid such
results, the authors argue for an ethical engagement between incoming parties and community
which goes beyond community involvement or even partnership and actually assigns to the
community ‘leadership’ and ‘ownership’ of the processes with the incoming researchers
becoming a ‘resource’ for the community (p. 109/148).
By collating all these different voices and contributions together, this volume does an excellent
job in highlighting the politics and power relations that underpin all forms of research or
collaboration in general. By problematising debates about who the participants or the
communities are, the nature and impact of vulnerability in the researcher-researchee/participant
relationship, and the different forms but also politics of participation and collaboration, the
volume speaks directly to concerns relevant to IS designers and practitioners engaged in
organisational innovation. On the one hand, designing, building and implementing technologies
and information systems which facilitate, or even augment, participation, collaboration, but also,
transparency and accountability are key tasks for IS designers and practitioners who understand
how technological “affordances” can engender, intentionally or not, particular consequences on
the level of social equality and human dignity. As this volume and the whole series have
Version 1.0: Final
Collaboration
Page 27 of 161
demonstrated, these sentiments are heightened in times of emergency making their
consideration even more important.
On the other hand, concerns about the role of participants and the politics of collaboration and
participation are central to IT design methods. Ideas that the “human subjects”, or “users” as
they are known in this case, need to be considered in IT design are as old as IT design itself as,
by their very nature, computers presuppose and ‘configure’ users in particular ways (Woolgar,
1990). Yet, how can one design for particular human-machine configurations, is a question that
has inspired a multitude of design approaches, which appear to follow a general trend; from
machine-centred approaches to human-centred ones. Or, from engineering to psychological and
sociological ones, as enabled by the advent of the Scandinavian participatory design movement
and the field of CSCW. Dourish has called this trend ‘social computing’ (2001) while recently
Kuutti and Bannon described it as ‘a turn to practice in HCI’ (2014; see also, Bannon, 2011)
(for other accounts, see Asaro, 2000; Simonsen et al, 2010; Büscher et al, 2008).
Yet, as the focus shifts to the participants, the users and the communities, we run the danger of
losing sight of the non-human actors which also shape collaboration in important ways. Or to
put it more accurately, we run the danger of losing sight that participation and collaboration are
the result of finely tuned, yet usually asymmetric, “intra-actions”, as Barad would put it (1998,
p. 96; see also, Barad, 2007), between humans, machines, materials, stories, practices, all
tangled together. This brings us to an evaluation of the compendium as a whole in relation to
research and design or innovation around IT for crisis response and management. In the next
section, we will discuss how a move from humanist to post-humanist understandings of agency
and collaboration can address this problem.
2.6 Discussion: The question of technology
The breadth and depth of issues covered by The Library of Essays on Emergency Ethics,
Law and Policy is impressive and, while not exhaustive, this review has tried to cover key
contributions and debates of the four volumes in order to leverage insights for advanced
research in ISCRAM. Information systems designers and practitioners engaged in innovation in
the field of emergency response and management care deeply about the ethics, law and policy of
socio-technical change as well as research and design, yet they often struggle to be aware of the
state of the art in so many related fields because the literature has been scattered across multiple
locations and academic fields, making an overview of issues and available research difficult.
This series is an excellent springboard for a more broad-ranging interdisciplinary approach. The
four volume collection makes an important contribution to emergency scholarship by bringing
together a wide range of seminal work, making it an invaluable reference for scholars and
practitioners from a variety of fields. As the editor Tom D. Campbell promises in the
introduction, a key strength of the series is its multi-disciplinary approach and the potential it
provides for cross-pollination between different disciplines helping to create dialogue between
disciplines as well as enhance our ability to comprehend and engage with the challenges that
emergencies pose. However, we would argue that while the series has the potential, it misses the
opportunity to engage more closely with socio-technical dimensions of emergency response and
management. In the paragraphs that follow, we highlight related work from the fields of
ISCRAM research, Science and Technology Studies (STS), Computer Supported Cooperative
Work (CSCW) and IT ethics. A more engaged dialog between these different fields could
leverage the insights collected in the series further as well as deepen the philosophical, legal and
ethical debates presented in the compendium. In this way, the series’ shortcoming can become a
fertile ‘opportunity space’ for new and much needed interdisciplinary conversations.
Version 1.0: Final
Collaboration
Page 28 of 161
It is widely recognised that information technologies are a crucial component of emergency
response and management as they facilitate and support essential processes, such as risk
assessment, surge capacity, data sharing, communication and collaboration between emergency
responders. Yet, besides occasionally appearing as a risk factor or in passing mentions of the
“technical”, technology rarely makes an appearance in the whole series. This means that even in
the few cases where technology enters the picture, it is presented as non-agential,
unproblematic, or as Introna (2007) would put it, ‘a neutral means (or medium) that can be
shaped and moulded to suit our needs and desires’ (p. 11). This constitutes a considerable
limitation of the volume which unfortunately echoes Hiltz et al’s (2010) observation that
‘despite the recognition that information systems are crucial components of emergency
management, there has been surprisingly little research published that facilitates understanding
of how they are actually used in emergencies’ (p. 6).
Technology has always played an important role in emergency response. From physical
technologies, such as breathing apparatus for fire-fighters and guns and body armour for police
to policy tools, such as incident command systems (Buck et al, 2006; Moynihan, 2009; van de
Walle et al, 2010), to information and communication technologies which can augment
responders’ capabilities but also complicate risk analysis and undermine existing practices,
technologies have always shaped the nature of emergency response and played a key part in
what or who can be rescued or protected. This means that technology is not neutral, but actively
shapes people’s capability for ethical, lawful and socially responsible conduct. It does not mean
that we should shift the focus from people to technology. Instead, it means that ethical, lawful
and socially responsible conduct is a matter of social, material and technical practices, which are
deeply entangled with technologies as well as ‘environmental’ factors of culture, embodiment
and situations. Therefore, a socio-technical approach to emergency response and management
would elicit a more rounded and productive understanding of the risks and opportunities. A new
Volume on The Applied Ethics of Emerging Military and Security Technologies is about to
come out in The Library of Essays on the Ethics of Emerging Technologies (Allenby &
Wallach, 2015), which focuses on ethical questions and issues arising from accelerating
technological change in the military and security domains. However, we would argue that
attention to questions of technology should not be a separate concern but suffuse debates on
emergency ethics, law, policy and research. Three areas of socio-technical entanglements are
particularly promising sites for a more integrated analysis and we briefly delineate some
opportunities below to illustrate the potential.
2.6.1
Ethics and its practicalities
While the first volume of the series provides insights on key ethical debates which surround
emergency management from a philosophical perspective, the volume does not go far enough in
considering how ethics is practiced. Yet, this is critical to a consideration of emergency ethics,
law and policy. And in taking this focus, it becomes evident that technologies deeply affect
ethical, lawful and socially responsible conduct. Recent attempts to analyse ethical, legal and
social issues (ELSI) in IT innovation in disaster response and management have highlighted the
transformative, positively and negatively ‘disruptive’ momentum of integrating new
technologies into emergency response and management practice (Büscher et al, 2014a). Hopes
for greater efficiency through electronic triage, for example, can effect much more far reaching
transmutations of expertise and responsibility as well as changes in the measurement of
efficiency (Ellebrecht & Kaufmann, 2015). The fact that most people today carry mobile
devices means that a constant flow of ‘big data’ is generated that may be exploited for crisis
response and management, but it also generates ethically, legally and socially challenging
dynamics around the completeness and veracity of the data, the ability to visualise the data
outputs, or the ability to actually enhance insight or improve decision-making through data
Version 1.0: Final
Collaboration
Page 29 of 161
(Watson & Finn, 2015), as well as questions about equality and access in a world where some
organizations still ban the use of mobile devices for some employees (Ford et al, 2015). The use
of automated technologies, such as remotely piloted aircraft systems (RPAS) raises questions
about human control and the nature of human-machine interdependencies (Introna & Woods,
2004; Kerasidou et al, 2015; Perng et al, 2015). And support for the agile assembly of ‘systems
of systems’ for interoperability in crisis response and management can play into trends towards
greater securitization and surveillance, and potentially undermine civil liberties (Büscher et al,
2014b).
2.6.2
Emergence of new publics
The activities of people affected by crises are creating a second site where emergency ethics,
law, policy and research are deeply interlinked with technology. ‘Collective intelligence’ is part
of disruptive innovation in disaster response, that is, innovation that transforms the social,
economic, political, and organizational practices that shape this domain (Chesbrough, 2003;
Shanley et al, 2013; Raymond et al, 2014). One of the earliest examples arose during the
Virginia Tech shootings, where students who had been told to stay in their dorm rooms
connected online to work out who had been hurt or shot. Converging on a Facebook Website
called ‘I’m OK at VT’, the students exchanged information, verified reports and constructed
accurate lists of who had been killed, several hours before the authorities released the same
information. Under the pressures of the unfolding tragedy, they spontaneously developed social
conventions and practical measures to ensure that information was accurate (Vieweg et al,
2008). Since then, collective intelligence has been an integral part of wider transformations in
crisis response. It gives rise to a range of ethical, legal and social complexities, creating both
opportunities and challenges. On the one hand, new forms of self-help and cosmopolitan digital
humanitarianism become possible. Watson and Finn (2015), for example, examine information
flows between corporations and their customers during the most severe global flight disruption
since 9/11 – the Eyjafjallajokull eruption. With over 100,000 flights cancelled and 1.2 million
passengers affected, the particle cloud overwhelmed corporate and institutional call centres.
Stranded and unable to find information through official channels, thousands of passengers,
their colleagues, friends and family turned to social media. Through a study of two different
forms of support for information exchange using social media, Watson and Finn highlight
positive outcomes such as increased surge capacity and the mobilisation of global social capital,
but also explore problematic issues of inequality, exploitation and privacy infringement. On the
other hand, the use of social media in crises can give rise to vigilantism and DIY justice (Rizza
et al, 2015, Tapia & LaLone, 2015).
2.6.3
Posthuman research ethics
Thirdly, while not immediately obvious, the fields of research ethics and collaborative IT design
share a keen interest in boundaries. The field of emergency research ethics as it was captured in
the last volume of the series takes a humanist approach in understanding the boundaries between
expert and layperson, or between researcher and research participant, and if we could extend it
even further, between research subject and research object, as fixed and unproblematic.
However, as we saw, such an approach runs into all sorts of problems when the realities and
messiness of research refuse to fit into such fixed categories. We saw vulnerable groups
rejecting their vulnerable status and asserting their autonomy. We saw researchers - traditionally
presented as disembodied and invisible in their scientific modesty – having bodies which get in
the way, consuming valuable resources and becoming burdensome. We saw people not fitting
into neat, well-defined, homogeneous and univocal “communities”. In other words, we saw the
problems that arise when rigid methods try (and sometimes fail) to capture messy realities (Law,
2004). For some time now, researchers and practitioners in the field of collaborative design have
Version 1.0: Final
Collaboration
Page 30 of 161
grappled with these questions of boundaries between designers, users, machines. Value sensitive
design, for example, specifically seeks to embed attention to ethical, legal and social issues in
design processes (Friedman et al, 2006). And these designers have turned to other fields to find
conceptual tools to think about questions of how technology and practice are inherently linked.
Drawing from STS and feminist technoscience studies (Latour, 1993; Haraway, 1991; Suchman,
2007a, 2007b; Barad 2007), they have moved to relational understandings of how boundaries
between human and machines, designer and user are constructed and maintained while at the
same time becoming sensitive to the politics of such boundary construction.
To address questions of technology in a more integrated manner in debates about emergency
ethics, law, policy and research, Zack’s work on ‘virtue ethics’ in disaster (2010) could prove
key. Deriving from Aristotelian ethics, virtue ethics elevates preparedness to a virtue which
must be lived to become effective. Challenging consequentialist ethics and states of exception, it
makes the case that a focus on preparation protect democratic societies from reverting to
exceptions that go against ordinary morals, integrity and dignity and from entrusting decisions
on definitions and criteria solely on experts, or governments without public consultation. To be
useful for IT designers, the debate needs to open up further to consider how these ethical
principles are enacted in practice, but the framework is productive for critical and designerly
perspectives on advancing capacities of emergency response. They enable designers to ask
through what social, material and technical practices is morality enacted? How can institutions
and people act virtuously in crisis? And how can technology be designed in ways that support a
new practical ethics and virtuous conduct?
2.7 Conclusion
This paper reviews The Library of Essays on Emergency Ethics, Law, Policy and Research
Ethics (2013), a four Volume series edited by Tom D. Campbell. The compendium presents a
collection of seminal work in the field of emergency ethics, emergency law and emergency
policy, and it also covers emergency research ethics. Building on a selective summary overview
of each volume, we have drawn out core themes and discussed their relevance to research
concerned with the design and use of intelligent systems for crisis response and management. In
this field, research on Ethical, Legal and Social Issues (ELSI) is a relatively new dimension. We
argue that, while the series brings together important insights and is highly useful, a lack of
attention to socio-technical dimensions of emergency response and management prompts us to
chart research that should be included, not as a separate fifth volume, but as an integral part of
discussions of emergency ethics, research ethics, law and policy.
Version 1.0: Final
Collaboration
Page 31 of 161
3 21st Century Emergency Collaboration – Legal Aspects
This chapter explores how jurisprudence can help to analyse and regulate dynamic and
distributed areas of technical innovation such as Emergency / Disaster management. In a
discussion about legal aspects of emergency management for the 21st century these are
problematic tasks. The rapid development makes it difficult to extrapolate from existing
initiatives and established regulations in order to predict the future. Nor is it a realistic
approach to outline a proposal for general Emergency Law Standards. The subject
involves too many sub-domains and the incident driven development is to a large extent
unpredictable. Therefore, we pursue the objective to discuss strategies, or ways of
approach, which may support law-making in a complicated technical environment
characterised by a fast pace of change.
3.1 Background
From a traditional standpoint it may be argued that the most apparent jurisprudential task is to
address substantive law issues. Major tasks include textual analysis of existing provisions,
studies on how the rules are being employed in case law and interpretations of their
implications. The researcher tries to eliminate voids, contradictions and vagueness by means of
suggesting reformulations and possible restructuring of the material. Although the legal analyst
may put forward proposals de lege ferenda (about the law in the future) the common basis for
the analysis is de lege lata (the law that is).
The overall objective of such work is to elaborate a more functional and coherent set of rules
that will make problem solving in the domain more efficient and predictable. At a somewhat
more detailed level this means that the rules should meet a number of quality standards, e.g. that
they should be predictable, relevant, without side effects, transparent, pedagogic, systematic,
and acceptable by those affected.
The starting point for the legal analysis in the BRIDGE project has been the legal framework on
privacy, in EU represented by the Directive 95/46/EC of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the free movement of such
data.2 The principles of the Directive 95/46/EC have been laid down in national legislation and
in several countries more detailed provisions and interpretations of the principles have been
issued for different sectors of society. This has resulted in a scattered picture and the situation
has been criticised. Consequently, in January 2012 the EU Commission presented a proposal for
a new general data protection legal framework (Proposal for a Regulation Of The European
Parliament And Of The Council on the protection of individuals with regard to the processing of
personal data and on the free movement of such data) introducing concepts such as Privacy by
Design and encompassing a number of detailed provisions for all ICT systems processing
personal data (For an overview See D 12.1 Section 2.3).
2
Official
Journal
L
281,
23/11/1995
P.
0031
–
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.
Version 1.0: Final
0050.
http://eur-
Collaboration
Page 32 of 161
Privacy is however to a large extent a dynamic, controversial and contextually dependent
concept, constantly under stress. Inter alia the presentation of new methods for analysis of big
data collections, spectacular terrorist attacks, and leaked information about questionable
activities undertaken by intelligence agencies affect the development in unpredictable ways.
Subsequently numerous amendments have been suggested and the regulation that was proposed
in 2012 has not yet been yet adopted. The regulation will take effect two years after its adoption,
at earliest 2017.
In January 2015 the EU Data Protection Supervisor Giovanni Buttarelli wrote: “There is a
pressing need to see the Data Protection Reform adopted by 2015. It should not slow down
innovation, but equally it should ensure that our fundamental rights are safeguarded and made
effective in practice. We need new rules to rebuild the trust in the digital society that has been
eroded by, for instance, massive surveillance.” It is stressed that “Data protection is at the top of
the EU agenda and the international agenda too and will certainly remain there for many years.”
Broadening the perspective to other areas of law relevant to disaster management and
emergency collaboration a similar situation is indicated. The various kinds of regulations that
can be related to Emergency Law are of a multifaceted nature. The survey that was documented
in D 12.2 mentions several reasons for this state of the matter. Perhaps the most important one
being that stakeholders, categories of people and legal provisions potentially affected by
emergencies are impossible to define in advance. Relevant legal components are also difficult to
identify from a formal point of view. Constitutions, laws, ordinances and many forms of soft
law instruments, as well as standards often become relevant in various combinations. Another
complication is that many organizations embrace different traditions and that the way issues are
dealt with varies in different jurisdictions.
To take into consideration is furthermore that strategies for emergency management within EU
is a complex matter. A comprehensive and well researched survey published in 2009 initially
claims that “different types of initiatives exist almost everywhere, they overlap, they are
founded on different types of legal documents or different treaties, and they play different roles
in different stages of a crisis, some are operative on a daily basis while some are sleeping until
activated.”3 Some 150 pages later it is concluded that it is “evident ... the crisis management
system of the Union is not the result of one master plan” and that “perhaps even to call it a
‘system’ is too much since it has no overall administrative logic and since the EU itself has no
self-image of its own crisis management organization”.4
Activities take various forms, e.g. as policy initiatives, establishment of administrative bodies,
practical efforts with the purpose of pooling resources, risk reducing activities and relief
operations. Initiatives manifest themselves in different sectors and at different levels, between
agencies, organizations and countries, in regions and in EU as such. It is evident that the
development of disaster management within the EU is an ongoing, dynamic process, to a
considerable extent incident driven and with little or no coordination.
3
Larsson, P., Hagström Frisell, E., Olsson, S., Understanding the Crisis Management System of the
European Union, in Olsson, Stefan (ed.), Crisis Management in the European Union: Cooperation the
Face of Emergencies, Springer, Dordrecht 2009 p. 1.
4
Olsson, S., Larsson, P., The Future of Crisis Management within the European Union. In Olsson, Stefan
(ed.), Crisis Management in the European Union: Cooperation the Face of Emergencies, Springer,
Dordrecht 2009 p. 157 and 167.
Version 1.0: Final
Collaboration
Page 33 of 161
Noticeable is also that publication activities present an ongoing accumulation of case studies
and that newly spotted problems often are of a detailed nature. At the same time it is obvious
that jurisprudential analysis of the domain as such, as well as general conclusions to a large
extent are lacking. 5
The overall conclusion from all this is that Emergency Law lacks a common ground and that it
is not possible to identify a widely accepted legal framework that is upheld by any
administrative body. Emergency Law/ Disaster Management Law are not unknown concepts, as
illustrated in D 12.2 a variety of initiatives have been presented, but the situation is fragmented.
In a discussion about legal aspects of emergency management for the 21st century this is a
problematic presupposition. The inconsistencies make it difficult to extrapolate from existing
initiatives and established regulations in order to predict the future. Nor is it a realistic approach
to outline a proposal for general Emergency Law Standards. The subject involves too many subdomains and the incident driven development is to a large extent unpredictable.
From a legal point of view the lack of structure is one of the most apparent problems in the area.
Prismatic and ad hoc organizational arrangements are reflected in a multitude of overlapping
and disparate studies, hampering systematic aggregation of knowledge and leaving room for
contradictions and voids. In this respect the challenge is the concept of Emergency Law as such.
It is apparent that the legal means of addressing the problems in the domain are less developed,
and that alternative or complementary solutions should be considered. 6
This chapter focuses on the latter. More precisely, the objective is to discuss whether there exist
methods, or ways of approach, which may support law-making in a complicated technical
environment characterised by a fast pace of change. The discussion is tentative; the ambition is
merely to make an inventory of possible ways ahead. Two lines of development are addressed:

An approach in which legislation as we now know it is being adapted and elaborated by
conventional means but organized and structured differently. This in order to better
reflect practical presuppositions so that legal requirements and recurring problems can
be addressed in a more systematic way.

An approach in which traditionally established legislative efforts are being
complemented with other forms of regulative efforts, e.g. by technical specifications in
order to be physically implemented in technical mechanisms, or by different forms of
“soft law” mechanisms or co-regulation initiatives.
5
See Hufnagel, Saskia, Roach, Kent (eds) (2012). Emergency Law, Volume II, Ashgate, Farnham, Part
V, All Risk Emergency Regualation or Case Sopecific Regulation, p 461-535.
6
From a theoretical point of view this is not a unique situation in rapidly developing fields affecting
several established fields of knowledge. See Kuhn, Thomas, The Structure of Scientific Revolutions. The
University of Chicago Press, Chicago, 2 uppl, 1970, p. 178. “Before [the post-paradigm period] occurs, a
number of schools compete for the domination of a given field. Afterward, in the wake of some notable
scientific achievement, the number of schools is greatly reduced, ordinarily to one, and a more efficient
mode of scientific practice begins.“ Compare Hufnagel, Saskia, Roach Kent supra p. 540 “ “need for a
multidisciplinary approach that combines legal analysis with insights drawn from political science,
organizational behaviour, and public health …public and private partnerships,… criminology,
economics…”
Version 1.0: Final
Collaboration
Page 34 of 161
3.2 A Structural Approach to a Legal Analysis of IT Systems in
Emergency Response
The structure of a legal sub domain is usually a mix of a common part and a multitude of
substantial rule sets, focusing on different problems. The common part contains the rules that
are valid for the whole domain. Usually this part defines the validity of the rules in time and
space but frequently also other kinds of provisions stand out as being of a general nature. In for
example Criminal Law the rules about intent (to commit a crime) and the rules defining the
available sentences are of a common nature while the prerequisites defining the various crimes
are presented in specific provisions, in what sometimes is referred to as the catalogue of crimes.
Whether the most efficient development of Emergency Law lies in the formulation of “all risk
emergency regulation or in case specific regulation” is also an issue that is discussed in the
Emergency Law literature. Especially the situation in the UK has been criticised for being of a
piecemeal nature. “Most legal protection … is drafted on a sectorial basis which lacks
consistency, coverage and visibility” and “there is a need to avoid segmented regulation in a
series of silos, there is a need to achieve co-ordination…” 7
Against this background and based on the literature study and the practical work undertaken in
the BRIDGE project (cf. D12.1 & D12.2) it is thus possible to chart out a tentative structure for
legal problems in Emergency Law reflecting a dichotomy of general and specific legal issues.
Figure 2: Emergency Collaboration/Management Law
Examples of how common (always relevant) and case specific issues can be separated and sorted as
a basis for more systematic legal analysis and development of more coherent regulations.
Although a separation between general and specific rules may provide an important foundation
for more systematic efforts such an undertaking can be complemented in various ways. An
alternative way of restructuring the problems is to classify them to events or phases that are
related to each other. Crisis management can thus be described as a number of identifiable subphases that in various ways are interrelated - involving different tasks, responsibilities and
7
Walker, Clive, Governance of the Critical National Infrastructure. In Hufnagel, Saskia, Roach, Kent
supra p 464-492.
Version 1.0: Final
Collaboration
Page 35 of 161
problems. For emergency Law such an approach has been suggested by several, e.g. by Kent
Roach who, inspired by a harm reduction strategies from terrorism and epidemiology, describes
a separation between measures that can be dealt with before, during and after incidents. 8 Such
an approach can be elaborated in various ways and it is possible to include different activities at
several levels.
A structure of this kind also clearly indicates that there is a need for various types of
interventions, e.g. proactive preparations, operative interventions and reactive responses. This in
turn facilitates the identification of appropriate regulative techniques and the strategy thus
provides a good basis for the accumulation of domain specific legal knowledge as it will
indicate appropriate choices between various forms of legal solutions.
Figure 3 Disaster Management Phases
Example of how Disaster Management can be decomposed into a number of sub-phases in order to
allocate responsibilities and to better understand how different problems are interrelated. Each
sub-phase can be subdivided further in order to provide a detailed map of possible problems that
may call for regulative efforts/initiatives. Such a structure can also indicate the need for
employment of various legislative techniques (e.g. proactive/instructive/reactive measurements).
8
Roach, Kent, September 11, Consequences for Canada. In Hufnagel, Saskia, Roach, Kent supra p 493510..
Version 1.0: Final
Collaboration
Page 36 of 161
A process oriented structure of this kind can be further elaborated into a matrix in which various
types of legal requirements (e.g. proceedings, responsibilities, formalities etc.) can be mapped,
e.g. relating to agents (organisations or individuals). Matrices of this kind can be developed for
different types of incidents (e.g. terrorist attacks, earth cracks, fires) or chains of events. A
systematic analysis of this kind should eventually make it possible to identify patterns and
recurring requirements that should be dealt with in a general way (a possible basis for common
part of legislation). 9
Rules affecting
(Type of incident)
Agencies
Before
Individuals
Environment
Equipment
Resource
allocation
Education
Transports
Service
Planning
Exercises
Handling of
dangerous goods
Renewal
Networking
Standby
schedules
Building
standards
Storing
etc
etc
etc
etc
During
After
Figure 4 Matrix combining processes with various types of regulative requirements.
9
See for an elaboration of perspectives relevant to this approach, and for further references, Wahlgren,
Peter, Legal Risk Analysis: A Proactive Legal Method, Stockholm 2013 (Stiftelsen skrifter utgivna av
Juridiska fakulteten vid Stockholms iuniversitet nr 80).
Version 1.0: Final
Collaboration
Page 37 of 161
A more traditional way of researching a vaguely defined legal field is to initiate comparative
studies in order to get an overview of the issues usually addressed and in order to find
similarities and differences in how problems are understood and dealt with. Such a study can be
initiated at different levels, e.g. in a comparison between countries or between organisations and
agencies in a specific region. A comprehensive example of relevance for disaster management is
the International CIIP (Critical Information Infrastructure Protection) Handbook 2008/09. 10 The
handbook was the result of a joint Swiss-Swedish initiative in 2000, the “Crisis and Risk
Network”. Four editions have been published, providing overviews of international protection
efforts, legal issues and protection policies. The most recent edition encompassing 25 countries
and 7 international organisations and forums reflects an inventory of Critical Sectors, Initiatives
and Policies, Research & Development, and Law and Legislation.
The CIIP Handbook provides a good basis for any type of systematic efforts in the field of
Critical Infrastructure Protection, including regulative initiatives, as it reflects how the issues are
being categorised and addressed in many countries. A similar approach can with little difficulty
be the basis for in depth investigations in regulative matters at any level. The result of such a
study can obviously facilitate international cooperation between counties and in regions.
Works of this kind also illustrate how various problems can be dealt with and can also
disseminate knowledge about what appear to be the most efficient solutions to specific
problems. In this respect comparative studies may also eliminate the need to reinvent the wheel.
At a detailed level this can be accomplished by means of aggregating statistics about to what
extent various provisions have to be reformulated, how often they are contested and to what
extent they fail to achieve the goals, etc. 11
A still other complementary approach which may facilitate the understanding of regulative
requirements in a specific field is to try to define long term objectives and then systematically
braking down those goals into smaller more manageable tasks, each of which may have to be
implemented with legislative means and other kinds if steering mechanisms.
An illustration of such a strategy would e.g. be to adopt a “zero-vision” for road traffic accidents
with fatal outcome.12 Although road traffic accidents usually are not considered to be disasters
Naomi Zack in 200913 made a comparison with the terrorist attacks in the U.S. on 9/11 2001.
Updated figures indicate that ca. 2990 persons died as the result of the attacks. The number of
Americans killed in road accidents since 2001 has however so far (spring 2015) accumulated to
close to 500.000.14 Physically disabled and otherwise injured people uncounted. It can therefore
10
Brunner, Elgin M., Suter, Manuel (2009). International CIIP Handbook 2008/09: An inventory of 25
national and 7 international critical information infrastructure protection policies. Center for Security
Studies, ETH Zurich. www.isn.ethz.ch/ Digital-Library/Publications/Detail/ ?id=91952
11
Such a strategy has been suggested e.g. n the field of Contract Law see The International Association
for Contract & Commercial Management , http://www.iaccm.com/
12
Such
a
goal
was
establiched
by
the
Swedish
parliament
in
1997
”
http://www.trafikverket.se/PageFiles/881/regeringens_proposition_2003_04_160_fortsatt_arbete_for_en_
saker_vagtrafik.pdf”.
13
Zack, Naomi, Ethics for Disaster, Rowman Littlefield Publishers Inc. Lenham, 2009. P. xiii.
14
http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year
Version 1.0: Final
Collaboration
Page 38 of 161
be argued that the rational decision would be to prioritise efforts to mitigate risks accompanying
road traffic. This is however not the case and Zack’s conclusion is that ”we cannot escape
human psychology” and tend to ”respond more intensely to sudden big harms than to ongoing
small ones, even if the aggregate of small harms is enormous compared to sudden big harms”. It
is also probable that creeping types of disasters attract less attention due to the fact that they to a
large extent are invisible or unknown. Consequently it may be argued that the basis for
identifying relevant goals could to a larger extent be accumulated statistics about how well
various rules, regulations and policies correlate to incidents.
Figure 5 Short term legal reforms and long term legal objectives
Illustration of how a long term “zero-vision” for fatal road traffic accidents can be decomposed into
short term actions, each possible to implement with various kinds of regulatory means, e.g. changes
in the road traffic regulation, education of drivers, safety specifications for vehicles etc. Also this
type of strategy can be depicted graphically. 15
15
Work with long term ”Result objectives” has recently (2014) been initited by the Swedish Civil
Contingencies Agency.
Version 1.0: Final
Collaboration
3.3
A New Regulatory Culture?
3.3.1
The Problem
Page 39 of 161
Although all the above mentioned approaches may help to better understand how Disaster Law
and emergency collaboration can be regulated efficiently it must be acknowledged that a
continuous aggregation of detailed, often reformulated rules has drawbacks. In a long-term
perspective it is apparent that a common side effect is the accumulation of regulations,
frequently exhibiting a poor overall structure. Equally problematic is the continuous vitiation of
the legal language, following from a frequent use of ad hoc solutions, and the ever increasing
complexity of piecemeal legislation. An additional problem is that legislation tends to become
more and more voluminous and all such problems stemming from traditional jurisprudential
efforts are well recognized in the field of Disaster Law.
The negative effects of the traditional legislative approach often make themselves felt; in many
areas there is no doubt that it is impossible for anyone not trained in law to understand the legal
system. Sometimes it is difficult also for lawyers to grasp legislation, at least when it comes to
issues outside their day-to-day practice. To identify, retrieve and evaluate the different
components that may be relevant can simply be too overwhelming. This is a recurring problem
in disaster management, which to a large extent is an incident driven activity where
unpredictable processes frequently involve new constellations of groups and agencies.
Another component to take into consideration is that updated and detailed background
knowledge about the situation at hand in most cases is a precondition for the design of suitable
regulations. In this respect criticism is often articulated, indicating that much of current
legislation is made up of short-lived inefficient provisions reflecting poor understanding of the
practical requirements. The shortcomings of the traditional approach are readily apparent in the
case of disaster management – which means in effect that the difficulties are revealing
themselves in all possible situations. The reason for this is easy to understand. The sector tends
to offer solutions of increasingly complex nature and the lawmaker often encounters previously
unheard of problems in trying to satisfy the prevailing demands. How shall, for example, poor
health advice and medical prescriptions via the Internet – perhaps occurring between two
countries, and by the use of a ICT system situated in a third country – be managed from the
legal point of view? What aspects of new services should be regulated, what kind of regulation
is desirable, how can responsibilities be allocated and how can legal solutions be enforced?
To solve acute problems within a reasonable time, and simultaneously uphold a consistent
structure for all parts of legislation is an overwhelming task for several reasons. Persistent
complications flow from the fact that the conceptual apparatus of disaster management lacks in
many respects equivalent counterparts in law. Yet another problem is that the meaning of legal
concepts often changes, or becomes blurred when linked to new technology. In this respect a
number of phenomena have to be revised more or less constantly. In disaster management, this
is illustrated by not fully understood consequences of use of big data collections, crisis
communication, ad hoc linked up systems of systems etc. How should equal access to public
services (net neutrality) be dealt with, what are the consequences for privacy and who is
responsible for malfunctions and errors?
Limiting factors are also that the time allotted for preparatory investigations is continually
decreasing, even as the complexity of the subject matters to be regulated increases. If one adds
to the equation the necessity to continually adapt the legal language as new phenomena arise, it
is clear that the objective to avoid inconsistencies by means of relying on traditional legislative
efforts is unrealistic.
Version 1.0: Final
Collaboration
Page 40 of 161
Another aspect to observe is that the rapid development of the technology and its logical
consequence – internationalisation – generates previously unknown demands for standardisation
and uniform solutions. This creates additional pressure on the lawmaker. A national legislature
can do little on its own to solve these problems and, at our present level of development, truly
effective instruments for the implementation of international legislation do not exist. In this
respect, as described in D 12.2, there is little doubt that the EU efforts in this domain so far have
been unsatisfactory.
All this lead up to the conclusion that in an outlook for the future there is a need to include also
other kinds of regulatory mechanisms, besides structural approaches as the ones outlined above.
Traditional legislative efforts are likely to be complemented and augmented in various ways.
Three such approaches deserve to be mentioned: co- and self-regulation initiatives, embedded
solutions and pattern recognition.
3.3.2
Co- and self-regulation
For quite a long time it has been argued in various circumstances and from various standpoints
that the state should intervene as little as possible and that the development of self-regulation
and legal free zones is a better alternative. Quite frequently such ideas have been proposed
concerning the use of the Internet, the development of technology, etc.
Theories concerning self-regulation are usually underpinned by legitimate and easily
understandable desires to avoid unnecessary administrative burdens and bureaucracy. At the
surface level, they can therefore appear attractive, and in some situations there is no doubt that
private dispute resolution and other kinds of non-authoritative agreements provide wellfunctioning solutions. Such approaches may also be preferred since they are comparatively
cheap, can be conducted with little delay and completed without making the process public.
If one investigates this approach a little bit further, however, it is apparent that in many cases it
is unrealistic to maintain a system based on self-regulation. It may even be questioned whether
this approach should be recognised as a general strategy at all, and there are several reasons for
this. In an analysis of the prospects of self-regulation mechanisms it is important to keep in
mind that the lawmaker usually has access to a system of sanctions, and that legislation is
usually upheld and supported by a system of authoritative institutions. In an environment where
self-regulation is presupposed many of these factors are absent, which is obviously a
considerable complication. If the parties involved are not on an equal footing, and if
mechanisms for the effectuation of legal decisions or enforceable sanctions are lacking, the
incentives to follow the rules are likely to diminish.
It is also important to note that large portions of the legislation seeks to balance different
opinions and various needs in an authoritative manner, this is for instance the issue in the debate
about privacy, where the interest of the individual sometimes clash with societal needs for
efficiency and strive for security.
The fact that self-regulation in many situations is unrealistic does however not mean that
alternative approaches are impossible. On the contrary, the number of mechanisms that can
replace or support traditional legislation are many. It is thus relevant to separate between
activities “within legislation” i.e. implementation of mechanisms that to some extent must be
legally established and activities “outside legislation”, e.g. education or information campaigns.
Several such alternative strategies can play a considerable role.
In general terms, co- and self-regulation initiatives can be described as a replacement of rules
defining what and how to do things with rules merely defining what to do, i.e. goal oriented
Version 1.0: Final
Collaboration
Page 41 of 161
legislation. In other words, the rules primarily define the objectives but it is left to the
stakeholders to decide the means. 16
Within this framework a number of possible approaches can be used, in isolation or as
complements. One alternative is to implement minimum standards, i.e. provisions that only seek
to secure basic requirements but apart from that presuppose that the parties decide the details.
Such type of regulation may leave room for any type of solution, and as long as the basic
requirements are not violated, the legislation will remain silent. In this respect this type of
legislation can be described as “default legislation”, i.e. it will only be activated if the parties do
not agree on something else.
A related strategy is to stipulate that the actors in a certain domain should develop a quality
assurance, or quality management system (QMS), ensuring that the activities in the field are up
to date and in line with scientifically established knowledge about the subject-matter. The role
of the legislature thus becomes limited and the only thing that is checked is how well the QMS
works. This is a practical approach in domains in which the knowledge is complicated and of a
rapidly changing nature. To elaborate detailed provisions about how to perform e.g. surgical
operations is not realistic which is why this strategy becomes increasingly more popular when it
comes to medical treatments, development of drugs, etc. An important factor is also that those
affected by the system are more likely to accept it if they have had the opportunity to participate
in its development.17
A QMS need not be made mandatory, in some cases it may be up to the
individual/company/agency to participate. But for those who choose not to participate in the
QMS there may be administrative burdens, fees and other requirements that have to be met. An
example of such a voluntary and partly self-regulating mechanism is the EU system for
Authorised Economic Operators.
“Authorised Economic Operator, AEO, is a joint EU certification programme, designed to
increase the security in the world as well as to harmonise the customs related operations within
the EU and make them more efficient.
The AEO status is valid in all EU Member States. Every business, regardless of size, forming
part of the international supply chain can apply to become an AEO. This applies to
manufacturers, exporters, freight forwarders, warehouse keepers, customs agents, carriers and
importers.
To obtain AEO status, businesses within the EU can apply for one of the following certificates:
▪
Customs simplifications
▪
Security and safety
16
This is sometimes referred to as a shift from quantitative legislative technique to qualitative legislative
technique. See e.g. van der Sluijs, J./Wahlgren, P. (red.) Soft Law, Scandinavian Studies in Law, Vol 58,
Stockholm Institute for Scandinavian Law, Stockholm 2013.
17
Josefsson, Carl, Lagstiftning eller självreglering, SvJt 2001 p. 215, Heuman, Lars,
Reklamationsnämnder och försäkringsnämnder, Norstedts Stockholm 1980 (Institutet för rättsvetenskapig
forskning CVI) s. 797–849.
Version 1.0: Final
Collaboration
▪
Page 42 of 161
The joint certificate Customs simplifications/Security and safety”
QMS of this kind is a type of certification and the variants, including licencing, permits,
accreditation and/or the suggestion that the actors participate in education and/or standardisation
activities can easily be combined. Eventually also components such as subsidiaries and
economical contributions can be used as incentives. 18 The common and important feature being
that the legislator can refrain from issuing massive quantities of detailed legislation.
In this context it is also relevant to mention soft law, i.e. regulations that are not formally
binding, or provisions that cannot be enforced. The term soft law was previously mostly used in
order to denote agreements between states and international organisations’ resolutions and
recommendations. 19 Presently however the phrase is usually also used in order to encompass
sectorial agreements, recommendations, guidelines, decisions by various types of cooperative
boards, codes of conduct, standards, etc.20
A quick overview of the so-called hands-off strategy thus indicates that co- and self-regulation
may well be considered in some situations related to emergency management. Frequently,
various kinds of co-operative efforts between private enterprises and the government are likely
to generate better solutions as compared to what can be accomplished by the legislature alone.
Obvious examples are the joint development of codes of conduct, assistance in the setting up of
proactive or protective mechanism, and the authoritative backing up of self-regulation so that
enforcement is guaranteed.21 Another illustration is giving public support for setting up
standardization organisations. In many situations subsidiaries and incentives can probably be
more effective than detailed legislation of traditional kind22 and often it is a good idea to
investigate whether some form of co-regulation is possible. 23
18
See for an overview,e.g. Wahlgren, P. Lagstiftning: Rationalitet, problem, möjligheter, Stockholm
2014.
19
20
21
Se t.ex. Senden, Linda, Soft Law, Self-Regulation and Co-Regulation in European Law: Where Do
They Meet?, Electronic Journal of Comparative Law. vol 9.1 (January 2005),
“www.ejcl.org/91/art91-3.html”.
Se t.ex. van der Sluijs, J./Wahlgren, P. (red.) Soft Law, Scandinavian Studies in Law, Vol 58,
Stockholm Institute for Scandinavian Law, Stockholm 2013.
See e.g., The UK Cabinet Office, Regulatory Reform Strategy Team, Better Policy Making: A Guide
to Regulatory Impact Assessment, London 2003, Annex 2, Alternatives to Legislation
“http://www.cabinetoffice.gov.uk/regulation/docs/ria/pdf/ria-guidance.pdf”, and U.S. Department of
Commerce, Privacy and Self-regulation in the Information Age, Washington D.C. 1997
“http://www.ntia.doc.gov/reports/privacy/privacy_rpt.htm”.
22
In a report from the research service of the Swedish parliament, surveying 45 self-regulating bodies,
it is stated that these entities provide “rather simple and fast dispute resolution/administration for a
large number of consumers. In addition the process is usually free of charge.” Näringslivets
självregleringsorgan – en uppföljningspromemoria (Dnr 2003:2044)
23
On co-regulation, see European Commission, Digital Agenda for Europe: Better Self- and CoRegulation “ec.europa.eu/digital-agenda/communities/better-self-and-co-regulation”.
Version 1.0: Final
Collaboration
Page 43 of 161
3.4 Embedded Technical Solutions
An entirely different way of increasing the efficiency of legislation would be to actively develop
the means to embed regulations in the physical environment. Under such a strategy a variety of
alternatives can be envisioned, depending on the ambitions and the nature of the issues to be
addressed. An illustration of a more elaborated solution is road tolls with the purpose to cut
congestion and predicted traffic jams, which are based on pay-as-you-drive charges. Such
regulation is entirely dependent on technical systems, e.g., various types of satellite tracking
devices and/or on microwave signals identifying tags adhered to the vehicles.
Although technical systems of this kind cannot be looked upon as alternatives to traditional
legislation it is quite clear that they often provide important complements to the regulations.
Illustrations of this are abundant. It is for instance obvious that modern regulations concerning
verification of transactions often presuppose technical solutions. Likewise it is clear that rulebased activities within public authorities and the government rely to a large extent on technical
solutions for the management of decisions, taxation, administration of elections, etc. Noticeable
is also that in many situations it would be impossible to return to a “pure”, non-technical
legislative strategy. Frequently, technical components are taken for granted, and they may also
be essential for the effectuation of particular legislation. A good example of the latter would be
the Swedish Land Register Act, which in fact is a description of an IT-system.
Figure 6 Means of Influence
In many case an implementation of a Law into a technical system (T) will be much more efficient
than what can be achieved with traditional legislation (L) and implementation by means of public
authorities (A).
In this respect it is beyond doubt that IT provides many new potentialities and that the
possibilities to integrate rule-based solutions into technical systems are constantly increasing.
Version 1.0: Final
Collaboration
Page 44 of 161
This development is reflected in a variety of activities. Currently under discussion are for
instance Privacy Enhancing Technologies (PETs) for data protection and digital rights
management systems for the administration of intellectual property rights. Privacy by design is
also presupposed in the new proposal for a EU regulation on the processing of personal data, of
high relevance for many types of emergency management. Potential extensions into more
advanced technical solutions may include elaborated forms of e-government for virtually all
kinds of administrative services, automatically supervised, dynamic road traffic regulations and,
eventually, legal decision-making within the courts, perhaps based on computerised sentencing
guidelines and pre-programmed procedural codes.
It should be underlined that the inclusion of regulative aspects in physical components in no
way represents a new phenomenon. The need to combine legal rules with physical arrangements
has always been present, and the illustrations can be quite mundane. That is simply to say that if
you want to protect your home efficiently, it is seldom a good idea to depend solely on
legislation concerning trespassing and burglary – locks and other tangible means are often
necessary supplements to the provisions. Noticeable is also that physical means sometimes are
necessary in order to communicate the content of certain legislation. This is for instance the case
with road traffic legislation and for such functions there is no doubt that IT provides
considerable potentialities for further developments.
Looked upon from this point of view it is quite clear that most legislation presupposes some
kind of physical counterparts. From this also follows that it appears logical to utilise more
sophisticated mechanisms when the technical abilities to enforce the regulations increase. In
many situations such a development appears unavoidable. At present it is for instance necessary
to rely on technical means in order to vindicate the regulations aiming to combat computer
viruses and the situation is doubtlessly the same when it comes to upholding security for
electronic communication, develop electronic payment systems, etc.
It is also to be borne in mind in this context that the legislative system fulfils the function of
providing an important steering mechanism on an aggregated level. In this respect embedded
solutions may bring about considerable improvements as regards efficiency. Wisely employed,
IT can eliminate many of the present problems of poor legislative impact and the interest for
further developments in this direction are likely to increase as understanding of the potentialities
becomes more widespread.
A further consequence of this is that the prospects for traditional legislation may seem meagre.
When compared to sophisticated technical solutions, do black letter laws offer any realistic
alternatives with respect to effectiveness, clarity and predictability? Or, to polarize a bit more,
do paper laws represent anything else than a primitive form of social steering instrument?
In an analysis of this approach it is also relevant to discuss a number of secondary effects.
Several important questions come to mind. One thing to speculate about is, for instance,
whether the development of more integrated forms of legislation should be reflected in the ways
in which legislative investigations are carried out. That is to say would it not be more logical to
start out by means of designing technical systems when new regulations are being prepared?
Likewise, if various forms of technically embedded solutions are likely to be more efficient,
should not technical solutions be perceived as the primary objectives of legislative processes?
And, consequently, should not written legislation mainly be looked upon as a documentation of
technical solutions, and, ultimately, be designed as manuals for how to operate the systems?
On the other hand, although a development of more sophisticated forms of technically
dependent regulations may for several reasons seem attractive, it must be conceded that a future
Version 1.0: Final
Collaboration
Page 45 of 161
development of this kind raises a lot of questions. A number of difficulties must be
acknowledged and noticeable is also that the debate about potential negative effects has at times
been intense. The contributions range from pure fiction to well-researched investigations and
balanced discussions concerning the pros and cons of more technically elaborated solutions. 24
A fundamental objection is for instance that a development of more technocratic societies puts
democratic ideals in peril. This is simply because technical standards can be established without
the involvement of authorities, and that actors with sufficient resources can easily alter the
balance laid down in embedded legislation, by means of altering technical platforms or
introducing mechanisms obstructing the systems.
A continuous development of more sophisticated systems is also likely to lead to problems of
transparency. Intricate technical solutions are often difficult to understand and they may thus be
viewed as a threat. Closely related to such a scenario is the development of an Orwellian Big
Brother society in which technology becomes ubiquitous and where surveillance and privacy
control seriously delimit the freedom of individuals.
At a somewhat more concrete level, problems of adequate transformation of legal provisions
into computer code, difficulties in upholding essential legal principles, e.g., concerning freedom
of information, and unpredicted secondary effects originating from system complexity should be
acknowledged. It is also obvious that the issues that need to be considered and the obstacles that
have to be dealt with will vary depending on the type of issues addressed.
If one tries to summarize this approach it is clear that IT provides interesting alternatives to
black letter law in the sense that many normative aspects of legislation can be implemented in
physical systems.
How this development will progress is not possible to predict in detail, however. Several of the
risks related to development of a more technocratic society are of a very serious nature and such
aspects should be given a lot of attention. The use of embedded regulations is not
unproblematic, and in many respects the development provides entirely new challenges for the
legal domain.
Nevertheless, in the long-term perspective, a development of more integrated solutions appears
unavoidable. Huge potentialities for increased efficiency, improved predictability for the
outcome of legal decisions, and the development of more detailed specifications of legal
processes will not be easily dismissed.
3.5 Pattern Recognition
One additional way of increasing the efficiency of legislative actions is to utilize of pattern
recognition by means of investigating big data collection with mathematical algorithms. Pattern
recognition is a field of research with its origin in in artificial intelligence, engineering and
24
The study of Legal Automation (Rechtsautomation) has generated a comprehensive literature in the
Scandinavian countries. See e.g., Magnusson Sjöberg, Cecilia, Rättsautomation. Särskilt om
statsförvaltningens automatisering, Norstedts Juridik AB, Stockholm 1992, and Schartum, Dag
Wiese, Rettssikkerhet og systemutvikling i offentlig forvaltning, Universitetsforlaget, Oslo 1993. Cf,
also, for a somewhat different perspective, Lessig, Lawrence, Code and other laws of Cyberspace,
Basic Books, New York 1999.
Version 1.0: Final
Collaboration
Page 46 of 161
statistics. Algorithms can be used not only in order to investigate whether a hypothesis can be
verified but also to discover previously unknown patterns. The latter is in turn an important
component in machine learning. The development in this field is intense and several impressive
applications have been presented, e.g. IBMs Dr Watson 25 and Amelia.26
The use of pattern recognition appears promising for several reasons, most importantly because
the method can support the identification of situations in which regulative actions are likely to
be requested, or situations in which such actions are motivated due to the fact that established
mechanism are inefficient. Findings of such kind can have a significant impact. Traditionally
systematic attempts to identify problems that may generate demands for legislation before the
actually manifest themselves are rare. Legislative actions are often reactive, i.e. they are
initiated after a problem has become acute. Pattern recognition can therefore be expected to be
used as a planning tool and also, by providing means to speed up the initiation of legislative
actions, facilitate the handling of changes.
Underlying these assumptions is the indisputable observation that only a few of the issues which
actually could be recognised as legal issues actually establish themselves as legal problems.
Errors, systematic attempt to circumvent mandatory rules and inefficiency routines may stay
unnoticed for long periods of time. To try to identify factors that may have a decisive influence
over various types of process is therefore very interesting. To understand what it is that qualifies
certain problems to be recognized as legal issues is another intriguing question.
A characteristic of pattern recognition, as compared to sociological investigations, is that the
former is pursued on a general level, i.e. the focus should not primarily be set on the impact of
isolated regulations. The objective is instead to pinpoint various types of factors and their
potential interaction to specific events and thus also with the legal system. Possible applications
range from in depth understanding and prediction of natural disasters (based on e.g. analysis of
geological and meteorological factors, infrastructure deficiencies etc.) to terrorism (based on
analysis of e.g. communication activities, money transfer, traveling etc.). In this respect, pattern
recognition represents a “law generic” perspective, as contrasted to sociological investigations
which often seek to understand the instrumental qualities of the law (“law as an instrument”). In
practice, however, the two approaches are related, and pattern recognition may well be
complemented by a variety of sociological means. Doubtless is also that statistics is essential for
the accumulation of knowledge of this general kind, and this is of course also a feature in
common with sociological research.
In context of emergency management it would be premature to point out any factors that are
likely to have a decisive influence over how certain issues become established as acute
problems motivating far reaching legislation and reallocation of resources. As an illustration,
nevertheless, it appears reasonable to speculate about the extent to which spectacular events,
access to media, communication channels, lobbying activities and political considerations can
shift the focus of the legislature towards previously less noticed phenomena.
In a similar way it may be worthwhile to study how economic resources, the presence of
conflicting interests, knowledge and experience of the legislature, the complexity of the
25
http://www.ibm.com/smarterplanet/us/en/ibmwatson/
26
http://www.telegraph.co.uk/technology/news/11123336/Meet-Amelia-the-computer-thats-after-yourjob.html.
Version 1.0: Final
Collaboration
Page 47 of 161
problems, and the nature of the existing legislation may influence the introduction of new
issues. It may also be relevant in this respect to investigate whether factors of an indirect nature,
such as the need for simplification in mass media, educational activities and the pace of change
can be important factors in the process of establishing problems as legal issues.
3.6 Summary
The first part of this chapter recaptured the many shortcomings and difficulties the concept of
Emergency Law faces. Previous studies in the BRIDGE project has indicated that the field
suffers from poorly coordinated efforts and exhibits a fragmented and partly dysfunctional legal
system lacking general components.
Against this background and as a general conclusion from recent developments in studies on
legislative techniques the second part of the chapter outlined a possible strategy for future
regulative efforts in the field. The strategy is based on two major undertakings, (1) a more
systematic sorting of the relevant issues and the legal material into more functionally and
practically oriented structures (restructured and elaborated legislation of a traditional kind), and
(2) an amalgamation of various complementary regulative efforts and tools (self- and coregulation, technically embedded solutions and pattern recognition) into what can be described
as a new regulatory culture for disaster management.
Figure 7 A new regulatory culture for disaster management.
Version 1.0: Final
Collaboration
Page 48 of 161
4 ELSI in Crises: Doing IT more carefully
This Chapter is based on the Introduction to a Special Issue on ELSI in IT
Supported Crisis Response and Management in the International Journal for
Intelligent Systems in Crisis Response and Management (forthcoming). Edited by
Buscher, M., Liegl, M., Rizza, C. and Watson, H., with six papers:
Ellebrecht, N. and Kaufmann, S. (2015) Boosting efficiency through the use of IT?
Reconfiguring the management of mass casualty incidents in Germany
Ford, J.L.; Stephens, K.K. and Ford, J.S. Digital Restrictions at Work: Exploring
How Selectively Exclusive Policies Affect Crisis Communication.
Watson, H. and Finn, R. Ethical and privacy implications of the use of social media
during the Eyjafjallajokull eruption crisis
Rizza, C.; Guimarães Pereira, Â. And Curvelo, P. “Do-it-yourself justice”:
considerations of social media use in a crisis situation: the case of the 2011
Vancouver riots
Tapia, A and LaLone, N. Crowdsourcing investigations: crowd participation in
identifying the bomb and bomber from the Boston Marathon Bombing
Buscher, M.; Perng, Y-S. and Liegl, M. Privacy, Security, Liberty: ICT in Crises
In the context of this deliverable, the introduction to the special issue presents a
discussion of why ELSI matter in the context of IT innovation in crisis response and
management, it maps out key dynamics and issues, and provides a summary of
future work needed.
Abstract: The introduction to this special issue sets out why it is important to carefully consider
ethical, legal and social issues (ELSI) in the context of IT innovation in crisis response and
management. It sets the scene for six articles that provide concrete insight into how ELSI
manifest in different contexts, including critical explorations of efficiency gains through etriage, inequalities in organizational emergency communications, ethical and privacy
implications of the use of social media during the 2010 Eyjafjallajokull volcanic eruption, do-ityourself justice during the 2011 Vancouver riots, and public perceptions of social media
responses to the Boston Marathon bombing. A call for socio-technical design for privacy,
security and liberty concludes the special issue. Drawing on this work and examples from
literature in science and technology studies and design, this introduction charts future work
needed to understand ethical, legal and social aspects of innovation in crisis response and
management more deeply and to translate such understanding into ‘better’ socio-technical
innovation.
Keywords: ELSI, humanity, justice, privacy, liberty, design, information systems, responsible
research and innovation
It seems clear that ‘technology that provides the right information, at the right time, and in the
right place has the potential to reduce disaster impacts’ (Koua, MacEachren, Turtun,
Pezanowski, Tomaszewski, & Frazier, 2010:255). In a century of disasters (eScience, 2012)
where nothing is so certain as that another crisis is around the corner and emergency response
Version 1.0: Final
Collaboration
Page 49 of 161
services are under intense pressure to produce more efficient, collaborative and effective
responses and plans, investment in information technology (IT) is often seen as pivotal.
Enquiries into the implications of ever deeper integration of IT into emergency response and
management for humanity, justice, liberty, and the social contract between societies and
emergency responders may seem a burden, but design that is sensitive to ethical, legal and
social issues (ELSI) is also recognised as critical to leveraging the potential of new
technologies. If emergency services are to utilise (and to control media operated) Remotely
Piloted Aerial Systems (RPAS), for example, if they should engage the public with the help of
social media, or share information between different agencies and information systems in line
with data protection laws, technologies must support awareness of ELSI and practices of
addressing them. This is a complex challenge.
Repeated, sometimes spectacular failures of IT projects highlight the transformative momentum
inherent in IT innovation and raise questions about the straightforward usefulness of technology
(Ellebrecht and Kaufman, 2015). Worldwide, up to 85% of IT projects fail, at an estimated cost
of over $6.2 trillion (Sessions, 2009), and crisis management has a long history of such failures.
In two prominent examples of major technology investment – the London Ambulance System in
1992, and more recently the UK FiReControl project, the systems failed because they did not
support, indeed incapacitated the local practices of responders. They were abandoned, wasting
millions of pounds (Shapiro, 2005; Committee of Public Accounts, 2011). The failure of such
systems has ethical, legal and social causes and implications that go far beyond the financial
aspects. Indeed, some analysts argue that ‘the belief that more data or information automatically
leads to better decisions is probably one of the most unfortunate mistakes of the information
society (Hollnagel & Woods 2005: 7). It is important to recognise that technology cannot
‘provide’ the right information at the right time, in the right place, but people can. People
gather, sort, visualise, analyse, reason about, and reason with information, they assess its
accuracy, relevance, quality, they share or withhold it, they can make sense of it, or not, they
may discount it, or draw others’ attention to information in ways that communicates their
judgement about its relevance, quality or import. Technology can greatly enhance these
practices, but it can also undermine, obstruct, or transform them.
Increased reliance on technology can make emergency response and management more
dependent on fragile network and data infrastructures, make the work more complex and errorprone and it can engender far-reaching transformations of the emergency services and society.
For example, emergency situations can call for exceptions to fundamental and constitutional
rights. At a recent symposium, European security experts debated the importance of ELSI
research for innovation in Border Surveillance and Search and Rescue27, calling for the law to
catch up with technological innovation, so that, for example, restrictions on the interconnection
of information systems for CCTV, face recognition and databases of known convictions for
hooliganism could be lifted in France. Yet many European states, especially countries like
Romania or Germany, who have experienced totalitarian regimes, are suspicious of such
suspension of normal legal and moral rules and values, often fuelled (but not always warranted)
by fear of a breakdown of public moral order in emergencies (Barnard-Wills 2013). Their
unease is due to the experience that such exceptions can erode important civil liberties, and the
fact that ‘the wrong kind’ of IT innovation in crisis management can amplify a detrimental
‘securitization’ of society (Aradau & Munster, 2011, Büscher, Perng & Liegl, 2014b).
27
http://bssar.kemea-research.gr
Version 1.0: Final
Collaboration
Page 50 of 161
Against this backdrop, some fundamental ethical questions arise for emergency response
practitioners, politicians, policy makers, citizens, non-citizens (such as tourists, legal and illegal
immigrants), designers and researchers: How can IT design and implementation be done more
effectively, more mindful of transformative effects and wider societal implications? How can it
be done more benignly? Concerns over IT project failures, the insufficiency of ‘more
information’ for good decisions, and the effects of creeping securitization on civil liberties may
suggest ‘Don’t do IT’ as an answer for some. However, the increase in the frequency and
severity of disasters in the 21st century of disasters, involving increasingly urbanized and ageing
populations is also a massively powerful engine for IT innovation in crisis management. Indeed,
it seems that the IT juggernaut into emergency response is unstoppable. Moreover, IT can
uniquely enhance risk analysis, communication and collaboration. Thus ‘Do IT more carefully’
would be a better maxim. But how can this be achieved?
To clarify what ‘more careful’ might mean, there is a need to better understand ethical, legal and
social issues relating to IT supported emergency response. With this special issue, we contribute
six papers to shape more proactive and integrated ELSI-aware design approaches. In this
introductory overview, we begin by providing a short review of the socio-political context. This
is followed by a discussion of the positively and negatively disruptive nature of IT innovation in
crisis response and management, and specifically the role of ‘unintended consequences’. The
individual papers that follow focus on considerations related to IT innovation and use in crisis
management and response in different contexts, ranging from IT support for triage in mass
casualty incidents (Ellebrecht and Kaufmann) to restrictions placed on use of mobile devices in
organisations (Ford, Stephens & Ford), to the use of social media and the Internet during the
2010 Eyjafjallajokull volcano eruption (Watson & Finn), the 2011 Vancouver riots (Rizza,
Guimarães Pereira & Curvelo), and the 2013 Boston Marathon bombing (Tapia & LaLone). The
special issue concludes with a discussion of the relationship between privacy, security and
liberty in the context of efforts to support emergent interoperability between multiple
information systems and stakeholders in ‘smart city’ contexts (Büscher et al.). We briefly
summarise key insights these papers allow.
By exploring diverse impacts on the organisation of emergency response and the people
involved, these papers build on contributions from the Information Systems for Crisis Response
and Management (ISCRAM) community, where a long-standing commitment to explore ethical
and social aspects of innovation in crisis response and management exists. The papers have
been developed from contributions to special tracks on Ethical, Legal and Social Issues (ELSI)
at ISCRAM conferences in 2013 and 2014. The individual papers illuminate several different,
important dimensions of ELSI and we summarise them here to chart core themes. A key insight
is that while ethical, legal, and social issues are a matter of material, socio-technical practices
and the ways in which people use technology, it is critical to acknowledge – carefully and
creatively – that technology itself is not neutral. It actively enacts and shapes morality. A
‘disclosive’ approach to ethical, legal and social issues can reveal emergent ethical implications
– which may pose both challenges and opportunities. By providing a summary of a study that
illustrates this in an exemplary way, we prepare for a conclusion that calls for more careful IT
innovation in crisis response and management. Here, we delineate what future work is needed to
translate the long-standing commitment within ISCRAM to understand ethical, legal and social
aspects of innovation into critical, constructive and creative debates about what might constitute
‘better’ IT supported crisis response and management, and how ELSI research can inform
‘better’ design and use of technologies.
Version 1.0: Final
Collaboration
Page 51 of 161
4.1 ELSI & The Informationalization of Crisis Response
Technology has always played an important role in the laws, ethics and social and material
practices of emergency response. Physical technology such as breathing apparatus for firefighters, fire engines and fire fighting technologies, portable defibrillators for medical
personnel, guns and body armour for police have augmented the capabilities of emergency
responders for many decades. Policy tools, such as incident command systems, too, have shaped
the nature of response (Buck, Trainor, & Aguirre, 2006; Moynihan, 2009). What or who can be
rescued or protected changes, as do the processes and practices involved, and therewith the
ethics and politics of emergency response. IT introduce another dimension of augmentation.
There has been an ‘informationalization’ of crisis response and management, following in the
footsteps of similar developments in other industries and services. The term refers to an ever
more intimate integration of ever more information into economic processes and practices with
the help of information technology, starting with the just-in-time logistics for materials and
goods in post-fordist economies (Lash & Urry, 1994), and leading into contemporary forms of
‘knowing capitalism’ and ‘Lifeworld.Inc’ (Thrift 2005, 2011), where pervasive collection and
processing of data about people’s everyday interactions and complex actuarial, ‘qualculative’
analytics allow corporations ever greater prediction, agility and control. In emergency response,
informationalization can support enhanced risk assessment, preventative measures and learning
from past events, as well as increased surge capacity, data sharing, communication and
collaboration between emergency responders, closer engagement with people affected by
disasters and mobilization of ‘collective intelligence’. But informationalizing socio-economic
processes can also engender far-reaching transformations of these processes. In the domain of
crisis management, the use of digital radio in over 125 countries in the world 28 and the rise of
social media (Palen, Vieweg, Sutton & Liu 2009; Letouzé, Meier, & Vinck 2013) have
fundamentally changed emergency communications practices, for example. Furthermore, when
data can be shared more easily and to greater effect, exceptions from data protection regulations
may foster surveillance and social sorting and erode values of freedom and democracy. The
recent scandal over NSA surveillance starkly highlights the challenges to informational selfdetermination and privacy arising in the context of IT use in security policy and practice. The
ways in which IT are designed and appropriated are deeply entangled with how societies
conceive of risks, respond to crises, and facilitate freedom. The informationalization of
emergency response is a form of ‘disruptive innovation’, that is, innovation that transforms the
social, economic, political, and organizational practices that shape this domain (Chesbrough,
2003).
Yet, even a recently edited comprehensive compendium of research in emergency ethics, law
and policy (Campbell, 2012, see also Chapters 2 & 3) pays little attention to technology, and IT
ethics in crisis management is somewhat of a new field of study. One of the first publications to
tackle the challenge explicitly is Jillson’s chapter ‘Protecting the Public, Addressing Individual
Rights’ in Van de Walle, Turoff and Hiltz’ Information Systems for Emergency Management
(2010). She discusses ethical opportunities, such as the capability of emergency management
information systems (EMIS) to extend surge capacity, to maximize availability and enable more
equitable distribution of services, and to enhance risk communication. But she also shows how
the informational and communicative advances that EMIS can enable can complicate adherence
28
http://www.tetratoday.com/news/tetras-love-affair-with-the-asia-pacific
Version 1.0: Final
Collaboration
Page 52 of 161
to core ethical principles of non-maleficence and beneficence, respect for human dignity, and
distributive justice (equal access).
In their current use of IT, emergency responders often air on the side of caution when faced with
ethical, legal or social uncertainties, such as doubt about informational boundaries in multiagency collaboration. They often choose not to share data. Fragmentation of response through
‘silo-thinking’ is a common result and a challenge to ethical conduct (Cole, 2010).
Paradoxically, this is, at least partially, a result of the very capability of information systems to
support data sharing. ELSI research shows that the reasons raise complex questions about
accountability, responsibility and the social contract between society and emergency service
professionals and volunteers. The social contract idea stipulates that society grants emergency
responders a range of benefits in return for their commitment to save others even in the face of
personal risk. Such benefits include ‘perhaps most importantly, a great degree of professional
autonomy’ and the provision of adequate training and tools (Jennings & Arras, 2008:110).
Digital logs provide new opportunities to learn from experience in post-disaster reviews of
response efforts, but they also allow new ways of holding professionals to account (Bech Gjørv,
2012; Cartlidge, 2012), transforming ideas of professional autonomy. In an environment where
IT enable ever more detailed post-disaster expert reviews of disaster response efforts based on
extensive records of professional communications and decisions, such data can be treated as
evidence for malpractice in a way that lacks appreciation of the real time context of these
communications and decisions. It may attract blame and punishment and as a result,
professionals may become uncertain about their reluctant to express themselves freely and
clearly or take risky decisions.
4.1.1
(Un-)intended Consequences
Technology can engender such unintended consequences for ethical, lawful and socially
responsible and effective conduct, ranging from impacts on professional integrity and
judgement to a securitization or militarization of everyday life. Before we delve into concrete
detail through a review of the contributions to this special issue and an example from the wider
literature, it is useful to examine the concept of ‘unintended consequences’.
The notion of ‘unintended consequences’ features prominently in the literature on risk,
especially on risk assessment of technology (Beck, 1992; Merton, 1936), but it is unclear
whether such consequences are considered avoidable or inescapable, whether they are known,
unknown or unknowable in advance. Furthermore, what precaution could be taken to avoid or
mitigate them? Is this something that can be done before a technology gets implemented or need
there be an ongoing monitoring process, for detecting and managing such consequences:
For and by whom were these consequences unintended? Does ‘unintended’ mean that the
original intent was not achieved, or that things happened outside the scope of that
imagined intent? The notion also carries an implied exoneration from blame, since
anything ‘unintended’ was implicitly unforeseeable, even if things somehow
subsequently went awry. [...] The narrative of unintended consequences sets aside the
possibility of acting irresponsibly on inadequate knowledge … (Wynne & Felt, 2007, p.
97).
For designers and practitioners engaged in IT innovation in emergency response and
management this statement implies a need to take responsibility for unintended consequences,
by trying to notice, anticipate and know them, to amplify positive effects and to mitigate or
avoid negative ones. If we examine the 10 core ethical principles of emergency response as
defined by the International Federation of Red Cross and Red Crescent Societies Code of
Conduct and their translation into components of emergency services in relation to practices and
Version 1.0: Final
Collaboration
Page 53 of 161
virtues needed to accomplish them, we formulate some examples of how capacities to perform
such services, practices and virtues are transformed in interaction with IT (Figure 8). A complex
pattern of sometimes contradictory intended and unintended effects becomes visible. For
example, compassion, charity, hope, empathy, resilience, respect and effective communication
can be supported through technologies that allow more immediate and richer communication,
and mapping and visualization of vulnerable populations, needs and available resources. As
such, IT can help provide services that alleviate suffering faster and more generally support
enactment of ethical principles of humanity. At the same time, such technologies could increase
information overload and overwhelm responders’ capacities to compile information in a
meaningful way. Similarly, the tireless, unbiased application of computational logic could be
used to support impartiality through fair and equal distribution of resources, but it can also allow
forms of identifying vulnerable or risky populations and techniques for social sorting that
undermine values of impartiality (Figure 8).
Ethical
Principles
Definition/Components of Service
Practices and Virtues
Some effects of using IT
Humanity
 Prevent and alleviate suffering
 Respect for and active
protection of dignity
 Particular attention to the
vulnerable
 Safeguard and restore
environment and social ties
 Non-discriminating
 Based on need
 With neutrality, that is, without
ideological debate
Compassion, charity,
hope, empathy,
resilience, respect,
effective
communication
Faster, more efficient
and more informed
response.
Non-judgement,
tolerance, justice,
fairness
Tireless, unbiased
application of logic.
Impartiality
Information overload
for responders.
Novel capabilities to
identify vulnerable
populations.
Social sorting.
Solidarity
Cooperation
 Responsibilities and benefits
shared equitably
 Regardless of political, cultural,
economic differences
 Respect for sovereignty
Integrity,
trustworthiness,
respect, effective
communication
Enhanced capabilities
for communication and
resource distribution.
 Integration – e.g. with
information sharing
agreements
 Inform & enable participation
from all relevant parties
 Direction – clarity of purpose
 Subsidiarity
Prudence,
improvisation,
effective
communication,
respect,
intersubjectivity,
resilience
New ways of
dynamically sharing
information about
capacities.
Version 1.0: Final
Potential for ‘witchhunt’
and spreading of
rumours.
Distributed
collaboration makes it
more difficult to know
who is doing what.
Collaboration
Information
Sharing
Human Rights
Preparedness
Social
contract
 Appropriate accuracy,
precision, depth of detail
 Consider effects of not sharing
 Collect, process and share
lawfully
 Data minimization and sharing
of aggregated data
 Accountability & transparency
 Evaluate effects on data
subjects and informants
 Avoid duplication
Prudence, integrity,
trustworthiness,
respect, empathy,
effective
communication
 Rights to privacy, freedom of
movement, association,
expression are actively
protected
 Compulsory evacuation is
explained
Prudence, respect,
empathy, nonjudgement, justice
 Reduce vulnerabilities
 Anticipation – e.g. through risk
analysis & training
 Continuity – grounded in
familiar ways of working
 Prepare for interoperability
Attitude of wisdom,
prudence, respect,
diligence, effective
communication
 Accountability to those in need,
funders and society
 Training and support for
emergency responders
Prudence, respect,
effective
communication
Page 54 of 161
Enhanced technical
interoperability can
support compatibility
between different
information systems.
Interfere with cultural
and organisational
practices.
Easier to contact and
communicate with
populations.
Enhanced capabilities
for information sharing
can promote
surveillance.
Information
visualisation and expert
systems can augment
human capabilities of
risk analysis.
Technology can
introduce more
complexity and slow
people down.
Digital logging can make
decisions more
transparent.
It can expose
responders to
unreasonable liabilities.
Figure 8 Ethical Principles and Intended and Unintended Effects of IT Use.
Many of the ambiguities listed here are explored in depth in the individual contributions to this
special issue. They show that core ethical principles, practices and virtues of emergency
response can be pursued in a number of ways and IT can support or obstruct their realisation.
Several dimensions of influence on the lawfulness, ethics, sociality and social responsibility of
technologically augmented practice become visible:



the ways in which technologies are used
the technology itself
the economic, social and cultural environment
Version 1.0: Final
Collaboration
Page 55 of 161
At every level both positive and negative effects can be produced, often simultaneously and in
complex ways. The papers in this special issue provide concrete insight into the dynamics of
this in a variety of different contexts.
4.2 Concrete Insights through In-Depth Studies
Ellebrecht and Kaufman provide in-depth insight into some of the complexities of sociotechnical effects through a study of e-triage. They elaborate a critique of pervasive claims that
IT enables efficiency gains and thereby build a very useful foundation for all of the
contributions to this special issue. Their argument is based on findings from a four-year research
project in Germany, aimed at creating and implementing IT to support ‘Immediate Rescue in
Large-Scale Accidents with Mass Casualties’ (SOGRO). Following actor network theories in
the social sciences, Ellebrecht and Kaufman describe the work required to carry out triage and
rescue in such situations as a complex programme of actions that is transformed in interaction
with new technologies. During a series of large scale exercises they observed how the
capabilities of digital triage technologies and their appropriation into practice were
problematised by the emergency responders involved in the exercises. At the heart of the
responders’ experience are concerns with efficiency. The SOGRO system is promoted as a
system that ‘improves emergency treatment significantly by saving time, providing a more
detailed situation overview and integrating the flow of information between all parties
involved’. This is said to ‘help save lives’. Ellebrecht and Kaufman focus on three areas of
friction they observed: time savings, improved decision making capabilities, and the claim that
the new technologies provide a comprehensive overview. They find that, in terms of time
savings, the system responds to – and drives and further legitimizes – currently contested
changes in the organization of triage in German emergency response organizations. There are
two elements. Firstly, in Germany, mass casualty incident triage was traditionally carried out by
physicians and documented by paramedics. This is a costly, labour intensive and relatively slow
practice with high quality standards. SOGRO supports paramedic triage, that is, a shift of
responsibility from emergency physicians to (cheaper and more numerous) paramedics, who can
be prompted or strictly guided by a ‘simple triage and rapid treatment’ protocol (START)
captured in an algorithm that takes the paramedic through a series of diagnostic steps. Secondly,
the SOGRO system enables a shift from traditional practices of treating victims at the incident
site to a ‘scoop and run’ technique that prioritise transporting victims over on-site treatment,
seeking to facilitate treatment en-route and in available hospitals and treatments centres through
dynamic, computationally augmented analysis of capacity and resources. Based on their
analysis, Ellebrecht and Kaufmann argue that any efficiency gains that are generated at this
contexture of social, organizational and technical innovation reflect the ‘co-constitution of
technology and society’ rather than any simple technology based improvement. Moreover, the
changes explored during these exercises remain contested, especially with a view to questions
about the quality of care and judgement in the comparison between the two different modes of
practice. Ellebrecht and Kaufman find similarly complex ambiguities in relation to claims of
technology ‘providing’ an overview and enhancing decision making capabilities. Particularly
remarkable are their observations on responders’ worries about increased transparency in
relation to professional liability law suits. In a survey of participants 76.6% of surveyed
paramedics agreed with the statement that they ‘occasionally had one foot in prison’.
Unintended consequences of such concerns could be a lack of willingness to take risky
decisions which could risk lives. By highlighting a series of ambiguities arising in the coconstitution of technology and society, Ellebrecht and Kaufmann’s study sensitises the reader to
the entanglement of social practice, societal values and technological potential.
Version 1.0: Final
Collaboration
Page 56 of 161
Ford, Stephens and Ford call for circumspect attention to a different set of unintended
consequences in relation to organizational policies of banning mobile devices and their impact
on crisis communication. They show that while some employees, especially knowledge
workers, may be expected to carry mobile devices 24/7 to stay connected with their colleagues
and managers, others are prohibited from using or even carrying their personal mobile devices.
In crisis situations this can lead to severe communication difficulties. Ford, Stephens and Ford
carried out focus group discussions with 46 participants from two very different organizations
where such mobile device bans were in place and found many examples of lost information,
disconnected and even forgotten workers, isolated and hard to locate. The employees of a fast
food company and a company providing cleaning and janitorial services reported frequently
missing critical information, for example about emergency drills. Their supervisors were so
overwhelmed with the need to coordinate selective information flows that they missed
informing some of their workers altogether, even in emergencies. In one situation, the
distributed janitorial workforce was not informed of a severe weather event until all public
transport had been suspended. While their supervisors, secretarial and managerial colleagues
had been informed in a timely manner and were safely ensconced at home, cleaning crews and
janitors were stranded and without means of communication. Apart from putting workers in
discomfort or even danger, organizational policies and practices of banning mobile devices
create experiences of inequality and relative deprivation, which are harmful to workers’ sense of
well-being and justice. They can also undermine their loyalty to the company. Overall, the study
reveals that there are complex digital inequalities and varying degrees of access to technology
beyond socio-economic determinants that have a significant impact on crisis communication.
Far from being a binary, mostly economically defined distinction between digital haves and
have-nots and physical/economic access to technology, the digital divide can be a temporary,
structurally defined, humiliating and unequally risk-laden experience.
In their article ‘Ethical and Privacy Implications of the Use of Social Media During the
Eyafjallajokull Eruption Crisis’, Watson and Finn broaden the focus on organizational policies
on digital communications by examining information flows between corporations and their
customers during the most severe global flight disruption since 9/11. With over 100,000 flights
cancelled and 1.2 million passengers affected, the particle cloud generated by the Eyafjallajokull
eruption in 2010 overwhelmed corporate and institutional call centres. Stranded and unable to
find information through official channels, thousands of passengers, their colleagues, friends
and family turned to social media. Through a study of two different forms of support for
information exchange using social media, Watson and Finn highlight positive outcomes such as
increased surge capacity and the mobilisation of social capital, but also explore problematic
issues of inequality, exploitation and privacy infringement. The site ‘Stranded in Europe’ was
created by an Ericson employee to support self-organised information exchange between
travellers, combining SMS messaging and Facebook. This greatly broadened access to the
service. Once travellers had found the service using the Internet, the site allowed them to seek
and exchange information via SMS, without the need for an online connection. This enhanced
individuals’ resilience by improving the prospect of gaining correct information from fellow
travellers faster and more reliably than other sources allowed, and supported a creative response
to the crisis. In some cases, information provided by people affected was also useful for
professional emergency responders, reflecting a broader trend towards integrating social media
information into crisis response efforts. In parallel, many umbrella organisations – such as the
European Organisation for the Safety of Air Navigation – as well as individual airlines, travel
agents and service providers offered corporate or institutional information services using social
media, from Youtube to Twitter and Facebook. Many gained thousands of new followers and
fans through these services within days, and they used these channels in three ways: as a
broadcast medium, as a means for direct communication with customers, and as a means to
Version 1.0: Final
Collaboration
Page 57 of 161
crowdsource information from customers. Watson and Finn highlight that this corporate turn to
social media was highly effective, but also problematic in a number of ways. First, those unable
to access digital technologies were ‘disproportionately impacted by their inability to gather
information and communicate’ in the absence of appropriate levels of offline information
services. Corporations and institutions sometimes provided online services instead of traditional
services such as staff on the ground or in call centres. Second, the corporate practices created
information asymmetries where those who were able to access online resources were often
unaware that personal information they provided to gain support (name, age, location) could
later be used or passed on to other operators to target advertising. Even if they did know, there
often was no alternative source of information, eroding expectations of privacy and notions of
consumer consent. Corporations also exploited consumer and public labour, effectively
‘outsourcing’ some aspects of their information services. Watson and Finn call for deeper
critical reflection before social media are deployed in crisis response and management – be it
through corporations or in the context of official efforts. They call for designers to be aware of
opportunities and challenges as well as grassroots ‘social hack’ innovations such as the use of a
#noshare hashtag to control the sharing of personal information, because greater sensitivity may
avoid the need for costly retrofits on technologies designed without circumspection for ethical,
legal and social issues.
In the contribution by Rizza, Guimarães Pereira and Curvelo we see that debates on ethical,
legal and social issues are often dominated by concerns over privacy and data protection. The
authors challenge this overly narrow conception of ELSI with a study of “Do-it-yourself justice”
following the 2011 Vancouver riots. As the Vancouver Canucks were losing against the Boston
Bruins during the 2011 Stanley Cup, some groups watching the game on large screens in the
city began to orchestrate riots that lasted for several hours, lighting fires and destroying cars and
property in the centre of Vancouver. The public reacted angrily to the destruction and when
Vancouver Police Department (VPD) issued a call for help in identifying rioters on different
social media platforms, they reacted with great energy. This public support had the potential to
enhance collaborative resilience, and images submitted or tagged by members of the public led
to hundreds of convictions, but it also sparked attempts at vigilantism and ‘do-it-yourself
justice’. This, in turn, sparked a lively and very critical debate within traditional media and
Rizza, Guimarães Pereira and Curvelo use frame-analysis to identify key ethical, legal and
social issues in public discourses articulated in the media. This analysis reflects potent
imaginaries and fears circulating amongst the public, the emergency services and governing
authorities. Rizza, Guimarães Pereira and Curvelo identify a range of such concerns, including a
lack of legal regulation for the use of evidence generated by engaging citizens via social media
in criminal investigations. The authenticity, completeness and reliability of the evidence could
be seen as questionable in some cases and this should have affected its admissibility in court,
but did not, in some cases. The media suggest that VPD were seduced by the potential of social
media communication with the public, and acted without considering how they would deal with
the results. This is framed as a matter of institutional unpreparedness and linked to the spread of
unintended forms of do-it-yourself justice, and wider societal consequences such as a slide into
an ‘unintended “do-it-yourself” society’ where mob behaviour and vigilantism are allowed to
exacerbate oppressive tendencies within a surveillance society. Social media become ‘leaky
containers’ in this maelstrom, mixing public and private, official and social in new ways and
making criminal investigation part of social interactions. Citizens became empowered as
surveillors of others and as judges of deviance in ways that spun out of control. By presenting
an analysis of these challenges to justice, fairness, responsibility, accountability and integrity,
Rizza, Guimarães Pereira and Curvelo scrutinize complex reverberations of using social media
in crises and enable a critical engagement with wider societal implications of socio-technical
Version 1.0: Final
Collaboration
Page 58 of 161
innovation in the relationship between the emergency services, legislative and judiciary
governance and public engagement.
Tapia and LaLone’s study ‘Crowdsourcing Investigations: Crowd Participation in Identifying
the Bomb and Bomber from the Boston Marathon Bombing’ explores some of the issues raised
by Rizza, Guimarães Pereira and Curvelo in greater depth as well as analysing how traditional
media contributed to ethical dilemmas. Two years after the events in Vancouver, the social
media response to the Boston Marathon – in part encouraged by the FBI, in part self organised
through leading social media groups like Reddit and Anonymous – revealed that the frontier land
of crowd participation in criminal investigations still teems with ethical, legal and social
frictions. Within hours of the Boston Marathon bombing, which killed four people and injured
264 others, the FBI called for bystanders to share images and video of the bombing. Online
groups also responded to the events, trying to position themselves as hubs for self-organised
investigations and crowdsourcing of information and support for survivors. The activities of two
such groups, Reddit and Anonymous played a part in ethical lines being crossed during the
crowdsourced investigation. By using sentiment analysis of public responses to the activities of
Reddit and Anonymous expressed in over 23 million tweets, Tapia and LaLone are in a position
to trace these moments when lines of ethical acceptability were crossed. They show that Reddit,
in particular, attracted intensely emotional reactions, understandable as a highly charged public
response to the highly charged nature of the events. To begin with, the colour of this emotion
was overwhelmingly positive, reflecting public support for activities such as organising pizza
and water for survivors and the Boston Police Department, or helping loved ones to contact
known survivors. It was also seen as positive that Reddit provided timely and accurate news
about the events, outshining mainstream media such as CNN. However, this assessment shifted
radically, when Reddit spearheaded news that falsely identified two people as suspects and
posted images of them, especially tragically wrongly blaming Sunil Tripathi, a teenager who
had gone missing from his home and who was later found to have committed suicide. Public
sentiment condemned this with comments that expressed very negative evaluations of the
‘irresponsible amateur sleuthing’ that had been encouraged by the online group. Tapia and
LaLone discuss how these and other ethically problematic activities, were exacerbated by a lack
of interaction between the official investigation teams at Boston PD and the FBI and a lack of
judgement and restraint from mainstream media. Long established national media treated the
online sources like news agencies, accepting and broadcasting ‘news’, including statements
about Sunil Tripathi without questioning. Tracing public engagement in criminal investigations
historically, Tapia and Lalone draw links between printed ‘Wanted’ posters, televised appeals
and crime reconstructions and the use of social media for involving the public in criminal
investigations. The ‘remediations’ or transformations that are associated with technological
affordances in this current round of innovations seem significant. The crowd is without the
training or understanding of ethical and legal constraints that professionals have, but it is
equipped with more power and reach, especially when amplified through mainstream media,
and Tapia and LaLone call for a reassessment of practices of crowdsourcing investigations that
could have significant real-world implications in situations that demand ‘socially responsible,
careful, considered action’.
The final paper in this special issue examines transformations of privacy engendered in the
context of socio-technical innovation in IT supported crisis response and management,
especially when it is connected into smart city technology. Büscher, Perng and Liegl question
the common assumption that privacy and liberty must be sacrificed for security and explore
design for privacy as an approach that can support people in finding a better balance between
privacy and security. By identifying three key trends that underpin the informationalization of
emergency response, they set the scene for a study of privacy as a lived practice of boundary
Version 1.0: Final
Collaboration
Page 59 of 161
management. First, there is great technological potential for gathering, sharing and utilising
more information about populations and environments affected by, or at risk of, crisis. Second,
people produce more personal information than ever before, richly and dynamically
documenting their lives and the world around them through mobile technologies and
interactions online. Third, real and perceived increases in risk have generated a ‘culture of fear’
that can be leveraged to justify surveillance, increased information sharing and preventative
measures. People’s capabilities to separate public and private have been transformed in this
forcefield of innovative momentum and with this, democratic cornerstones of liberty, freedom,
dignity and humanity have been worked loose. Current attempts to counterbalance this, for
example through ‘privacy by design’, are inadequate. Privacy is not a binary state of either
withdrawal into a sealed private sphere or transparent public exposure, but a practically
achieved and contextual matter of far more diversified boundary management. What is to be
made public or kept private changes depending on what role one is in and what dimensions of
time and space are involved. Fire fighters may be willing to share intimate physiological data
about their breathing with colleagues, they might need to manage disclosure of their precise
location to other responders in the course of the unfolding response, and they might happily
disclose such information in an anonymised form for future training simulations. New
technologies and practices of their appropriation have turned documentary records of entire
populations’ physiological data, movements, communications and social networks into
indentifying personal information as precise as fingerprints. These new affordances make it
difficult for people to control the spread and use of personal information, especially given the
often silent and invisible operation of technologies that analyse such data. A range of challenges
arise here around the spread of surveillance, social sorting, an erosion of civil liberties, and a
securitization of everyday life. To respond proactively to these challenges and the
transformations of people’s capacities to modulate privacy, Büscher, Perng and Liegl question
the use of ‘privacy by design’ approaches, specifically their aim to ‘hardwire’ compliance with
regulations into technologies. In the context of emergency response, where role improvisation,
creativity and flexibility as well as clear discipline and procedures are essential aspects of
effective practice, and where ‘emergent interoperability’ and ad-hoc assemblies of systems of
systems are a powerful possibility, it seems more promising to focus on designing for material
and social practices of privacy boundary management. Such human practice based approaches
can respond more directly and more carefully to the opportunities and challenges inherent in the
positively and negatively disruptive innovation that shapes the future of crisis response and
management.
These concrete explorations can help us understand better how ethics is distributed between
people, technology, and the economic, social and cultural environment. Core questions for
analysts, designers and practitioners involved in IT innovation in crisis response and
management are how does technology become ethically problematic or “good”? and how might
we control this? when ‘the multistable nature of artefacts means that they may become used in
ways never anticipated by the designers or originators’ (Introna 2007:16). Furthermore, in many
societies, ethics has become pluralized, and ethical values are relative and subject to dynamic
processes of change and negotiation over time. Such change should be the subject of open
democratic debate (Rawls, 1971; Habermas, 1996) and for that to happen, ethical issues have to
be noticed and turn from matters of fact, that is, accepted, unnoticed, taken for granted,
common-sense facts of life, into ‘matters of concern’, that is, interrogated, dissected, contested
objects of critique (Latour, 2005). Another key question for an ethically circumspect approach
to IT innovation in information societies therefore is how to make ethical opportunities,
challenges and risks public? and how to engage and include (which?) stakeholders?
Version 1.0: Final
Collaboration
Page 60 of 161
Unless technology is analysed and made as one element within a nexus of values, practices and
‘environmental’ conditions, unintended consequences are likely to be hard to notice and know
in sufficient detail soon enough, to anticipate, mitigate or avoid. Introna and Wood argue that:
the politics of technology is more than the politics of this or that artefact. … we cannot
with any degree of certainty separate the purely social from the purely technical, cause
from effect, designer from user, winners from losers, and so on. (2004, 179)
A range of methodologies exist that respond to these challenges, including responsible research
and innovation (Von Schomberg, 2013), collective experimentation (Wynne & Felt, 2007),
disclosive ethics (Introna 2007), value sensitive design (Friedman, Kahn & Boring, 2006), corealization (Hartswood, Procter, Slack, Voß, Buscher, Rouncefield, & Rouchy, 2002) and
‘design after design’ (Ehn, 2008). We will briefly discuss these in relation to a roadmap of
future work that concludes this introduction. However, before we do so, it is necessary to
acknowledge that the ‘multistable’ nature of technologies does not mean that they can be used
in any which way users deem appropriate. Technology is not neutral nor endlessly malleable. It
actively enacts and shapes morality.
4.3 Disclosive Ethics
By summarising an exemplary disclosive ethics enquiry into technological moral effects we can
sharpen ELSI awareness to the fluid morality and politics of IT innovation in crisis response and
management, a domain where morality matters perhaps more than anywhere else, because crises
can set precedents that may seep into normality with far-reaching consequences. The BRIDGE
project’s middleware enables flexible incorporation of a wide range of technologies, including
facial recognition technologies. Since 9/11 there has been an increase in investment in face
recognition systems (Introna and Wood 2004, Gallagher 2013), they are used ever more
extensively in crisis management and response, making them a useful site for analysis.
Non-European nations are leading the way. The multi-agency preventative crisis management
efforts at the 2014 world cup in Brazil leveraged facial recognition to analyse footage from
mobile cameras worn by police officers to anticipate and prevent security incidents, including
hooliganism and terrorism (Figure 9). Efforts are also underway to integrate facial recognition
into UAV and analytical capacities such as those provided by the BRIDGE Advanced Situation
Awareness system into crisis management and response. In a comprehensive report on Privacy,
data protection and ethical risks in civil RPAS operations, Finn et al 2014 state
Amongst the non-visual payloads that can be mounted on RPAS, biometric (facial
recognition, fingerprint, face recognition, DNA, palm print, hand geometry, iris
recognition, retina and odour/scent) and “behaviometric” sensors are the most likely to
damage the right to privacy. (p.37)
Our research with emergency responders shows that the potential of integrating these capacities
is seen as valuable. At the Border Security and Search and Rescue conference in 2014, for
example, one exhibitor showed data analytics technologies for visual data of people moving
near borders collected with UAV (ACRITAS http://www.acritas.gr). Similar examples are
discussed in the literature, including efforts by ‘Frontex and several southern EU member states’
who have deployed such technologies ‘to combat cross-border crime and illegal migration or to
save migrants´ lives’ (Krajcikova 2014). Individuals can be identified from video footage
collected by drones, as researchers at CyLab have shown. They developed drone technology
that can capture images suitable for facial recognition that could help embed criminal
investigations into the immediate response efforts (Figure 10, Klontz 2013, Conte 2013).
Version 1.0: Final
Collaboration
Page 61 of 161
Figure 9 Facial Recognition integrated into police cameras at 2014 Brazil World Cup.
Source: Youtube https://www.youtube.com/watch?v=w9VNH0unQeE
Figure 10 Potential of facial recognition in the Boston Marathon Shooting
The drone is trained to hover in a position that captures a full face image. Source: Klontz and Jain 2013
and Conte 2013.
BRIDGE makes it possible to integrate feeds from such cameras as well as results from facial
recognition analysis into system of systems, display results on the Master and dispatch resources
Version 1.0: Final
Collaboration
Page 62 of 161
to support multi-agency crisis management and response. Whilst this opens up highly promising
opportunities for more richly informed and dynamic risk analysis, situation awareness, and
investigation it also raises a number of concerns. Reflecting on Cylab’s work on the Boston
Marathon, Conte (2013) suggests that ‘adding that capability to drones … means that people
will give up privacy as well as the concept of anonymity’. The fact that after the World Cup in
Brazil, some of the temporary measures installed for preventative crisis management became
permanent features, highlights how advances made in response to the extreme circumstances of
imminent or actual crisis can spill over into normality. Operators initially justified their use on
the exceptional needs for security at the World-Cup which attracted vast audiences, including
20,000 British fans. However, Toohey and Taylor (2014) highlight that such augmentation and
‘retrofitting’ of existing security technologies is now leading ‘to ongoing surveillance of the
general public, raising questions regarding individuals’ rights and civil liberties in Brazil, a
scenario that could foreshadow developments in Europe. Apart from challenges around privacy,
this raises concerns over discrimination and accuracy (Finn and Wright 2012).
Given the potential for integrating facial recognition into BRIDGE systems of systems, the
BRIDGE project directly benefitted from an analysis of ethical issues arising around facial
recognition. However, facial recognition highlights a need for ‘disclosive ethics’ or an ongoing
ethical impact assessment embedded in socio-technical innovation. This is elaborated below.
Facial recognition compares images of the faces of people captured by video or still cameras
with a database of images of faces. The functionality is threefold:



Verification: Are you who you say you are?
Identification: Who are you?
Watch list comparison: Are we looking for you? (Phillips, Grother, Michaels,
Blackburn, Elham & Bone 2003:6)
The system presents matches to human operators and, when watchlist monitoring, it can
highlight matches to persons who are wanted - ‘bad guys’ in a sketch by Phillips et al (2003).
For crisis management and emergency response, Facial Recognition Systems have been used for
preventive policing to avert crises. For example, during the London 2012 Olympics, the already
famed London CCTV infrastructure was extended with facial recognition software and London
became ‘the most watched Olympic Games in modern history, but not just in the traditional
sense of sporting spectators’ (Army Technology, 2012). The US Department of Homeland
Security is currently testing Face Recognition Systems with audiences and volunteers at mega
sports events. This interest is based on expectations that such systems may be useful in the
emergency response phase, for example to identify perpetrators during or in the immediate
aftermath of violent attacks or for victim identification (Gevaert & de With, 2013). In an
experiment, researchers at Michigan State University were able to identify one of the Boston
Marathon bombing suspects from law enforcement video (Klontz & Jain, 2013, although see
Gallagher 2013 for a discussion on how facial recognition failed in this instance).
Advantages of such systems over human face recognition practices are the number of faces that
can be processed in this way, and the impartial, tireless and consistent application of procedures.
Indeed, face recognition is often hailed as less biased than humans. Introna and Wood cite
statements not only from manufacturers and vendors, but also from prominent security forums,
such as ‘Face recognition is completely oblivious to differences in appearance as a result of race
or gender differences’ (2004:191). In light of concerns over social sorting and discrimination
especially against Muslim populations in security measures (Vertigans 2010) such promises are
powerful incentives for ethically and socially responsible innovation champions. However,
closer inspection actually reveals bias to be an integral part of the technology. A 2002 Face
Version 1.0: Final
Collaboration
Page 63 of 161
Recognition Vendor Test of the most powerful algorithms found, for example, that males were
6-9% points more likely to be identified than females (Phillips, cited in Introna and Wood
2004:190). Givens, Beveridge, Draper, & Bolme (2003) also find racial and age bias. Their
experiments show that
Asians are easier [to recognize] than whites, African-Americans are easier than whites,
other race members are easier than whites, old people are easier than young people
(cited in Introna and Wood 2004:190)
This bias is not due to any intentionally built in weighting; it is accidental: A function of the
absence of strong shadows on male faces as well as darker and older faces, the nature of images
and their processing by this face recognition system. The problem is that being easier to
recognize also makes being classed as a false positive and being exposed to investigations more
likely. Thus, rather than being neutral, some Face Recognition Systems can (unintentionally)
amplify political, cultural, and institutional forms of discrimination. At this juncture it becomes
clear that morality is not purely human but effected by collectives of humans, technologies, and
socio-economic and political circumstances, ‘what Foucault called dispositifs’ (Latour, in
Introna 2007:13), and technology can can play an active part in its own right if it is not designed
with careful attention to unintended consequences. There is, in this example, no clearly
identifiable single human or technological responsible agency for morally problematic effects of
discrimination: ‘there is often nobody there that “authored” it as such’ (ibid), rather, there can
be a Kafkaesque culmination of indifference, error, abuse, lack of transparency and
accountability (Solove 2001) that leads into moral dilemmas.
A lack of transparency is particularly critical. Disclosive ethics is a methodology that seeks to
enable analysis of how seemingly trivial details (such as the capacity of optical mechanisms to
process the light-reflective quality of different types of skins) can turn into politics and become
tied to, and amplified through other exclusionary practices (such as political and cultural
prejudice stoked by a rhetoric of a ‘war on terror’), so that ‘what seems to be a rather trivial
injustice soon may multiply into what may seem to be a coherent and intentional strategy of
exclusion’ (Introna & Wood 2004:179). The method proceeds by showing that many digital
technologies are silent as opposed to salient technologies and opaque as opposed to transparent
(Introna & Wood, 2004:183) (Figure 11).
Silent technology
Salient technology
Embedded/hidden
Passive
in
its
operation
(limited user involvement)
Application
flexibility
(open ended)
Obscure
(form/operation/outcome)
Mobile
(software)
On the ‘surface’/conspicuous
Active in its operation (fair user involvement
Application
stability
(firm)
Transparent
(form/operation/outcome)
Located
(hardware)
Figure 11 Silent/Salient Technology (Introna &Wood 2004:183)
Facial recognition is a particularly striking example of a silent technology since it can be
imbedded into existing CCTV networks, making its operation hard to notice. Furthermore, it is
passive in its operation. It requires no participation or consent from its targets. The process is
Version 1.0: Final
Collaboration
Page 64 of 161
obscure, ‘non-intrusive, context-free’, based on software algorithms that are proprietary, making
it difficult to get access to them for inspection and scrutiny. Moreover, these algorithms are so
complex that even experts can struggle to interpret and understand them. As a result, ‘for most
ordinary members of society, facial recognition systems are an obscure “black box”’ (Introna &
Wood 2004:183).
The lesson from this example of disclosive ethics is that morality is not simply human. Agency,
intentionality and ethics are distributed within socio-technical systems, and it is the particular
way of ‘working together’ that makes a certain collective or network of humans, environments
and technologies have (un-)intended, potentially undesirable ethical effects. It would, therefore,
be short-sighted to think of technology as neutral, and to look for the ethics of action solely in
the way people use technology. Technology can be employed with benign intention, yet turn out
to have ethically, legally or socially undesirable effects. It is critical that the fact that just this
technology in just these circumstances produces discriminatory effects should be notice-able
and it should be possible for this effect to be made into a matter of concern. This is in no way a
technology deterministic reading, where we claim that technology is a ‘culprit’. Quite the
opposite, even though it is not so in this case, it could just as well be the technology that is
correcting human bias (Latour & Venn, 2002). The consequence however has to be that efforts
are made to ‘subject [technological] artefacts to the same level of scrutiny’ (Introna & Wood
2004: 195) as humans and to find approaches (in best practice, legal regulation and design) to
ensure the scrutinizability socio-technical collectives, especially in ethically highly charged
areas such as security or emergency response.
4.4 Doing IT More Carefully: Future Work
In the different, but related context of designing ‘solutions’ to address ecological crisis, Bruno
Latour argues ‘We have to be radically careful, or carefully radical.’ (Latour, 2008, 7).
Supporting awareness of ELSI and practices of addressing them in IT supported crisis response
and management is another extremely complex challenge, in a highly sensitive and important
domain for contemporary societies, and we would say we need to be both: radically careful and
carefully radical. Analysts, designers, and practitioners must not only take responsibility for (the
inevitability of) unintended consequences with careful circumspection, they must also formulate
and pursue ambitious, perhaps radical socio-technical critique and creativity. The contributions
to this special issue and the discussion in this introduction map out a large terrain for research
and design, with some areas uncharted and others skillfully cultivated, but isolated from each
other. In this concluding section we suggest a roadmap for research to develop studies that
explore the unknown and connect research in different subject areas and disciplines (ethics, law,
practice, social science, philosophy, anthropology, organizational studies, design, computing),
all with a view to informing more careful and circumspect, yet also ambitious and ‘radical’
ELSI aware socio-technical innovation.
First of all, research is needed that explores existing ethical, legal and social issues in
emergency response and management with a view to how technologies might be designed and
constructively inserted to address opportunities and challenges. Campbell’s Library of Essays
on Emergency, Ethics, Law and Policy (2012), reflective practitioner reports (such as Larkin’s
review of the international Haiti response 2010), post disaster reviews, or investigations into
specific challenges, such as Weick’s seminal study of the failure of leadership and sense-making
in the Mann Gulch Disaster (1993), Cole’s analysis of interoperability (2010) or the UK
government’s advice on data sharing in emergencies (Armstrong, Ashton & Thomas, 2007) can
serve as a quarry for inspiration, but there is a need for more concrete and rich narratives and
descriptions of ethical, legal and social issues as they are encountered in practice.
Version 1.0: Final
Collaboration
Page 65 of 161
Secondly, more studies are needed of how the design and appropriation of new technologies
generate known and ‘new’ ELSI – such as a preference for ‘remote control’. They should
explore how these might be addressed through innovative engineering and design as well as
innovative use and organizational policies. Thirdly, a large range of methodologies exists for
noticing ELSI and for folding critical and creative ELSI awareness into innovation. They
currently exist in isolated pockets and include different approaches that can sensitize
researchers, designers and practitioners to ELSI and different design methodologies. Sensitizing
approaches are, for example:






Privacy Impact Assessment and Ethical Impact Assessment – designed to be embedded
in innovation processes, based on iteratively probing for ELSI through systematic
questioning of stakeholders about the use and design of technologies (Wright 2011).
Value Sensitive Design - a theoretically grounded approach to integrating concern for
human values in a principled and comprehensive manner throughout the design process,
based on a tripartite methodology, consisting of conceptual, empirical, and technical
investigations (Friedman et al, 2006).
Computer Supported Cooperative Work – an interdisciplinary research field that
integrates insights from in-depth qualitative studies of collaborative work, often using
ethnographic methods into the design of computer systems (Schmidt & Bannon, 1992,
Suchmann, [1987] 2007)
Science and technology studies – a prolific, philosophically and sociologically oriented
interdisciplinary endeavour to understand the dynamic relationship between science,
technology, society and human practice (Bijker & Law, 1992)
Responsible Research and Innovation (RRI) - a guiding concept for European funded
research, technology development and management, aiming to ‘‘better align both the
process and outcomes of R&I, with the values, needs and expectations of European
society.’’ (European Commission 2014, Von Schomberg, 2013).
Software Studies – a relatively new field, where researchers explore how algorithms and
computational logic function and ‘leak out’ of the domain of computing into everyday
life and examine ‘the judgements of value and aesthetics that are built into computing’,
and the subcultures and politics of programming (Fuller, 2008).
Methods of designing in an ELSI aware manner include



Privacy by Design – an approach with several meanings and origins, specifically
focused on preserving privacy (Cavoukian, 2001; Langheinrich, 2001). Firstly, privacy
by design is about heightening sensitivity to privacy issues during design. Secondly, it
can be about enforcing compliance with privacy regulations through hard wiring
constraints on practices into design with privacy enhancing technologies (PETs).
Existing examples include privacy policy inspection, access control restriction, and
pseudonymisation tools (Pearson, 2009).
Collaborative design (Co-Design) – a form of participatory design (PD), and broadly
motivated approach to address ethical and social aspects of IT innovation, focused on
utilising diverse forms of expertise through engaging stakeholders as co-designers from
the earliest stages of design. The process is iterative and based around prototypes
(Greenbaum & Kyng, 1991).
Co-realization – develops ideas of Co-Design through a synthesis of ethnomethodology
(a particular form of sociological enquiry) and PD. It moves the locus of design and
development activities into workplace settings where technologies will be used,
emphasises design-in-use and longitudinal involvement of IT professionals in the ‘lived
work’ of users (Hartswood et al. 2002).
Version 1.0: Final
Collaboration




Page 66 of 161
Critical design, also know as ‘design noir’ (Dunne & Raby 2001) or ‘speculative
design’ (Sengers and Gaver 2006) straddles into art and philosophy as it seeks to
provoke and enable critical engagement. It creatively and critically explores putative
futures entailed in contemporary technological developments, often by creating objects
that are obliquely functional but also absurd or shocking.
Service design – a relatively new approach, focused on designing ‘services’ –
assemblages of human, technological, architectural, organizational components (Meroni
& Sangiorgi, 2011).
Collective experimentation – a ‘new regime’ of technoscientific innovation,
characterised by experimental implementation of new technologies in the context of
broad-based stakeholder engagement. It requires new approaches to intellectual
property rights to ensure viability (such as Open Source Software, General Public
Licence (GPL or copyleft) and ‘new forms of interaction between scientists and other
actors, … because the traditional authority of laboratory-based science is not sufficient’
(Wynne & Felt, 2007, 27).
Design for design – an approach that recognises that design does not end at ‘design
time’. People appropriate technologies in a way that constitutes ‘design in use’. This is
often ill supported by silent technologies and blackboxing. ‘Design for design’ seeks to
support people in developing the skill and understanding needed to be creative with
technology as well as knowing about the effects of using technologies in particular
ways (Ehn, 2008, see also work discussed in Büscher, Perng & Liegl, 2015)
There are overlaps, synergies, as well as incompatibilities between these approaches and there
are no doubt more relevant approaches than those listed here. What a list like this makes plain,
however, is that overviews, review essays and handbooks are needed that draw together the best
from these different methods, prevent researchers, designers and practitioners from re-inventing
the wheel and enabling them to develop synergies, to make the work cumulative, not isolated.
Reviews should aim to support mixed methods – not standardisation. In addition, reflective
analyses of successful attempts and troublesome trajectories in employing these methods would
be useful, especially if they are not focused not on the methods for methods’ sake, but the aims,
practices and outcomes of responsible research and innovation.
Finally, we need studies that review and discuss the state of the art in ELSI innovation in IT as
well as law, policy and organizational practice, for example privacy preserving techniques that
can support multi-agency information sharing (see Büscher, Perng and Liegl, 2015), usage and
image retention restrictions and public notice obligations for the use of RPAS and innovative
ways of supporting accountable data flows (Cavoukian, 2012, Bracken-Roche, Lyon, Mansour,
Molnar, Saulnier & Thompson, 2014), clarification of liabilities emergency agencies may incur
when using automation and remote controlled devices (Holloway, Knight, & McDermid, 2014)
or utilising citizen data (Bailey Smith 2014). What regulatory instruments, technologies, social
or organizational innovations could support more responsible and circumspect emergency
response and management? What exists? How does it work? How could it be used? What is
missing?
Version 1.0: Final
Collaboration
Page 67 of 161
5 Co-Designing for ELSI-aware Innovation
This chapter provides an assessment of the current interest in ethical, legal and
social implications of research policy and funding (in the EU) and provides a review
of existing approaches in design and technology development that take value
implications of socio-technical systems into account. Building on this review it
offers suggestions of how to organize design processes in an inclusive, democratic,
participatory way that allows exploration of ELSI in socio-technical innovations
and for folding such considerations into the design and development process. We
introduce the approach we used in the BRIDGE project as ELSI Co-Design.
Introduction
This chapter outlines the theoretical and methodological underpinnings of the ELSI co-design
approach used in the BRIDGE project. A concern for the ethical, social and legal impacts
(ELSI) of technological innovation and how to democratically address these has long been a
subject of study across a range of disciplines. It is also becoming increasingly prominent in EU
funding requirements for research. However, there is no one size fits all approach for exploring
the ELSI impacts of socio-technical innovations or for responding to such considerations
through design and development processes. Likewise, while there are calls for ‘improved
cooperation between science and society through ethical screening of the developed solutions’
(European Commission, 2014b) there is little guidance on how this might happen in practice or
who should be involved. Such issues and how to address them become even more challenging in
projects such as the BRIDGE project, involving large scale system of system innovations in IT
supported emergency response. Such a project raises many challenges such as co-ordinating
between multiple stakeholders and work packages operating across different cultural and
political contexts. But it also raises challenges from the perspective that addressing ELSI is not
a one off endeavour, it cannot be captured and resolved at a single point in time.
In a research and design context, the exploration of such impacts and design efforts go hand in
hand. However, not in a linear fashion where research is translated into design, but rather in an
iterative fashion where design is research, and where it is by using prototypes that such issues
emerge. In the spirit of agile software development we argue that as much as systems
requirements cannot be fully formulated at design time—because design always reveals or even
calls forth new usage and therewith new requirements—the same is true for ELSI. ELSI emerge
at the meeting point of several entities: technologies, human practices, bodies of knowledge
such as ethics and law, organisational structures, cultures and boundaries, expertise in
emergency planning and response. In these socio-technical contextures agency and effects arise
that are neither additive, nor could be assessed using cross tabulation. Rather, they are emergent
and situated, and their study requires collaboration between various stakeholders: designers,
domain experts, directly and indirectly affected people, social science researchers. Such
collaboration needs to take place in different environments from laboratory settings to real
world experiments where issues can reveal themselves in a safe, but as realistic as possible
manner. As such, a key question for the BRIDGE Project is how to make as yet unknown,
emerging ethical, legal and social issues tangible? What methods might we use for ‘opening up’
these issues to develop more ‘careful, appropriate, responsible’ innovation in this field, and who
should be included?
Version 1.0: Final
Collaboration
Page 68 of 161
The last 30 years or so have seen significant attempts to develop approaches for more ethically
sensitive IT innovation in a number of areas. PD approaches, for example, originated in the
automation era in manufacturing in the 1970s and 80s (Greenbaum & Kyng, 1991) but have
since spread to many other areas (including emergency response (Büscher et al., 2007;
Kristensen, Kyng, & Palen, 2006). Engaged science and technology studies have long had an
interest in shaping advances in science and technology more democratically (Sismondo, 2008)
and call for ‘collective experimentation’ with science and technology to help societies in ‘taking
the European knowledge society seriously’ (Felt et al, 2007). Recent policy developments in the
EU have begun to educate citizens to take more responsibility in understanding computation and
coding (Joint Informatics Europe & ACM Europe Working Group on Informatics Education,
2013). At the same time, ‘design thinking’ approaches have broadened design as a necessarily
collective, interdisciplinary, iterative and experimental activity, ‘aimed at changing existing
situations into preferred ones’ (Simonsen & Hertzum, 2008; Simon 1969, 55) by positioning
designers as facilitators in comprehensive socio-technical change processes. These approaches
resonate with regulatory attempts to integrate privacy and ethical impact assessment (De Heert,
Kloza, & Wright, 2012; David Wright, 2011) and legal risk analysis (Wahlgren, 2013) into IT
innovation, as they seek to proactively understand and guide change by anticipating emergent
intended and unintended consequences of innovation. They also chime with more recent
attempts to formulate practices of responsible research and innovation with and for society (Von
Schomberg, 2013).
In the first half of this chapter we outline the context and trend towards a concern for ethical,
social and legal issues within EU research. We then explore some of the key designerly,
regulatory and other approaches that have provided theoretical or methodological tools for the
BRIDGE project. In the second half of the chapter we introduce and describe the approach and
methods we have developed. The BRIDGE project is one of the first projects to explicitly bring
designerly and regulatory perspectives on ELSI together. Against the backdrop of the previous
chapters, it is not surprising that such synergy is created at the interface of emergency response
and IT– an ethically, legally and socially challenging area, where information, communication
and collaboration practices are a frequent focus of calls for improvement. In this chapter, we
argue that methodologies of doing responsible innovation and of regulating innovation in IT
supported emergency response are an integral part of ethically, legally and socially sound
futures in this domain. In other words, methodologies of innovation are not a mere means to the
end of achieving preferred futures in a linear pursuit of ‘progress’ from past through present to
future. They are integral to a process of managing and facilitating societal change (Figure 12).
Figure 12 Design as a Driver for Responsible Societal Innovation
Version 1.0: Final
Collaboration
Page 69 of 161
In this endeavour, design methodologies are not merely instrumental but also inventive and
constructive (Lury & Wakeford, 2012; Schmidt & Bannon, 1992), and design could be seen to
be about placing groups of stakeholders and experts in the best possible position to configure
preferred situations, to exploit positive unintended consequences and to manage negative
unintended consequences. The chapter concludes with a discussion of the contributions that a
consideration of ethical, legal and social issues specific to IT use in large-scale multi-agency
emergency response can bring to designerly and regulatory practices.
5.1 Research & Ethics
The concern for research ethics and the ethical implications of technological innovation is
playing an ever more prominent role in current EU funding policies for research and
development projects (European Commission, 2014c). Increasingly, not only legal implications
but also ethical and social/societal issues are highlighted in relation to the technology, often
formulated as “ethical implications and societal acceptance” (European Commission, 2014b)
(p.11). Calls to address such implications proactively and responsibly feature strongly in calls
for grant proposals, reflecting a growing awareness of the importance of such issues.
Horizon 2020 is the European Union’s framework for research and innovation funding for the
years 2014-2020, and in comparison to its predecessor, FP7 (the 7th framework) it combines
formerly separate innovation (CIP) and research (FP) programmes (European Commission,
2014a). Among its various programme sections, the section on “Societal Challenges” is
allocated 38.7% of the funding volume, addressing issues such as:







Health, demographic change and wellbeing
Food security, sustainable agriculture, marine and maritime and inland water research
and bioeconomy
Secure, clean and efficient energy
Smart, green and integrated transport
Climate action, environment, resource efficiency and raw materials
Europe in a changing world - inclusive, innovative and reflective societies
Secure societies – Protecting freedom and security of Europe and its citizens
In part building on research from the FP7 Programmes for 2007-2013, the combination of
research and innovation in Horizon 2020 tries to foster application of knowledge in solving
specified challenges. Along with the aim for societal impact comes a concern about ELSI. The
program states:
Ethics is given the highest priority in EU funded research: all the activities carried out
under Horizon 2020 must comply with ethical principles and relevant national, EU and
international legislation” (http://ec.europa.eu/).
In fact, in section 14, Secure societies – Protecting freedom and security of Europe and its
citizens, each of the calls includes the requirement of ‘improved cooperation between science
and society through ethical screening of the developed solutions’ (European Commission,
2014b, p.12). Throughout the individual calls, ethics is hinted at as ‘fundamental rights
protection ethical and societal impacts’, ‘underlying social, cultural, legal and ethical
dimensions’ (ibid p.65).
Yet, despite this new prominence, and unlike ‘research ethics’ which has fairly established
methods and manuals, ethics of technology is still in its infancy. Whilst there are extensive
formulations of the research ethics aspects of projects (detailing concerns about not harming the
Version 1.0: Final
Collaboration
Page 70 of 161
research subjects, and protecting their personal data and privacy etc.), when it comes to
analysing ELSI impact of socio-technical innovations, the calls become rather thin both
methodologically and in terms of specified content. Likewise, while being the main target of
such concerns, “citizens” often play a rather passive role, restricted to an agency of ‘acceptance’
in the development and implementation of technical solutions. They feature as entities ‘to be
treated appropriately’, rather than agents participating in the design (see, e.g. (Boucher, 2014)).
We propose that the inclusion of ethical consideration in EU funding requirements requires a
systematic inquiry into what such accounting for ethical and societal implications might mean in
the first place let alone how “to innovate in ethically better ways”. As such, there is a need to
explore and develop methodologies and heuristics for analysing ELSI implications of
technological innovation. One of the lessons learned from technological failures is that systems
that work, tend to be the outcome of an ongoing process of negotiation, exploration, surprise
and tinkering, which needs to be done in situ and hand in hand with end-users and other
stakeholders. We propose that ethical explorations form an integral part of PD and not only help
to make better technology, but to make technology-in-use better. Yet what ethical and societal
implications are, and how to define ‘better’ is also a challenge for collective negotiation.
5.2 Designerly Approaches to IT Innovation
Over the past three or four decades there have been a number of different approaches for
noticing and folding ELSI awareness into innovation. These approaches have had varying
degrees and forms of stakeholder involvement and have been driven by a variety of motivations
including efficiency, politics, ethics and group-dynamics amongst others. Many of these
perspectives developed in parallel, sometimes engaging with each other, sometimes in silos
unknown to each other. Their roots are often much deeper, but it is beyond the scope of this
chapter to discuss these in detail. Of the many approaches developed, in this section we outline
those that we think have the most to offer in terms of disclosing ethical and societal implications
of design.
5.2.1
User-Centred, Participatory and Co-Design
User-Centred Design (UCD) arose in the 1980s and represents both a philosophy as well as a
broad spectrum of user-orientated design methods, in which the needs of the ‘user’ are central to
the design process. UCD is widespread within IT innovation but includes varying conceptions
of the ‘user’ from a passive, decontextualized, ‘component’, to an active, knowledgeable and
engaged user that is central to the design process (Keinonen, 2008). Traditions within usercentred design include user informed design, where designers develop solutions in an iterative
process based on the knowledge gained from observing and interviewing domain experts
(Seaman, 1999); and technology centred design where technology is enhanced through the input
and active participation of lead users. The evolution of this field has involved a number of
trends including a move from seeing ‘design’ as occurring separately from users and sites of use
to an understanding of ‘design in use’ (Henderson & Kyng, 1991), and a move from focusing on
individual users, tasks and testing to the broader organisational objectives and worlds of users
and teams. The emergence of ‘systems of systems’, ubiquitous and mobile computing have also
shifted design concerns from users in a ‘workplace’ to a broader concern for users in public
spaces, public services and homes, including issues of public safety and security (Asaro, 2000).
ISO 9241-210 (ISO, 2015) outlines principles of ‘human centred design in interactive systems
development’, including:
 The design is based on an explicit understanding of users, tasks and environments
 Users are involved throughout the design and development
Version 1.0: Final
Collaboration




Page 71 of 161
The design is driven and refined by user-centred evaluation
The process is iterative
The design addresses the whole user experience
The design team includes multi-disciplinary skills and perspectives.
By focusing on the needs of users, it is argued that a human-centred approach enhances
‘effectiveness and efficiency, improves human well-being, user satisfaction, accessibility and
sustainability; and counteracts possible adverse effects of use on human health, safety and
performance’ (ISO, 2015). However a critique of user-centred design is that it can assume that
the beneficiaries of the system (or those at stake) are only those individuals ‘using’ the system.
Participatory Design (PD)
Developing separately to User-Centred design, the basic principles of PD were shaped in the
struggles between workers and managers during the 1970s era of rationalization in
manufacturing. During this time, new information technologies introduced into workplaces were
hailed as efficiency improvement tools by managers, but were resisted as deskilling and - worse
– labour replacing by the workers. Of course both hopes and fears were naïve and the reality
much more complex and transformative, and the nature of work, markets, and economic
systems changed (Lash & Urry, 1994). PD approaches sought to mediate such transformations
with ethical and political intentions from the outset (Forester & Morrison, 1990) by involving
‘the direct participation of those whose (working) lives will change as a consequence’ of the
new technology (Törpel, Voss, Hartswood, & Procter, 2009). The work of Nygaard and
associates (Nygaard, 1979) is an example of early attempts within Scandanavia to involve
researchers and trade unions in exploring the impacts of new technology and in strategies to
ensure union and worker’s rights. However over time the focus of PD has also developed:
The main ideas of the first projects, to support democratization of the design process, was
complemented by the idea of designing tools and environments for skilled work and
good-quality products and services’ (Ehn 1993: 56-57 in Kensing and Blomberg
1998:171). (Kensing & Blomberg, 1998)
As such, PD is now a diverse field with a wide range of approaches and different theoretical and
political underpinnings. This includes political concerns for democracy but also pragmatic
arguments that including the experience and expertise of workers will improve the quality and
appropriateness of the technology (Törpel et al., 2009). Moreover, theoretically and
philosophically rich insights and arguments have informed the field from the outset, with the
notion of ‘ontological design’ (Winograd & Flores, 1987) furnishing a productive conceptual
framing. The concept revealed that conceptual ‘separations between human action, tools and the
worlds in which they exist’ were misconceived (Kimbell, 2013), and suggested that design
should intervene at a much broader ontological socio-technical level, recognising that
technologies play an important role in defining what it means to be human. This has most
recently been formulated with the somewhat unwieldy concept of ‘thing’ design, where the
etymology of the word in descriptions of historical political assemblies in the Scandinavian
‘Ting’ is used to highlight the entanglement of the social, technical, ethical and political.
Co-Design and Co-Creation
While participatory approaches take into account users’ needs, opinions, practices and habits for
the design process, there are vastly differing ways in which this is done. In an interesting paper
titled “Co-creation and the new landscapes of design,” Sanders & Stappers (Sanders & Stappers,
2008) map the imaginaries, time-phases (rhythms) and architectures (scenarios) of the various
approaches to what has more recently been termed ‘co-design’. Here they map who gets to
Version 1.0: Final
Collaboration
Page 72 of 161
participate in the process, and in what capacity. They identify three groups of participants—
designers, researchers and users— and categorize the approaches by distribution of leadership
between design and research and to what degree users are active partners or passive subjects.
Figure 13 The current landscape of human-centered design research.
Source: (Sanders & Stappers, 2008).
They reveal two large clusters, where ‘user-centered design’ is research (expert) driven with the
notion of the researcher as translator and ‘participatory design research’ where the researcher
plays the role of facilitator and all participants share and generate (design) tools. Besides the
activity level and role in the design process, they also map different spatio-temporal
arrangements of these approaches. The first approach (classical) includes the user in the
beginning of the design process, where ideally ethnographic domain analysis knowledge is
gathered about how practices are organised, and “what the user(s) need”. The researcher writes
up her findings and translates them into user needs and with the help of the designer into
(technical) requirements. In co-design however rather than different participants coming in at
different stages (and settings/places), all participants are synchronously assembled around the
table, sharing experience, tools, and ideas, and merging their respective roles to a certain extent.
Figure 14 Classical roles of users, researchers, and designers & Co-Design
Roles in the design process (on the left) and how they are merging in the co-designing process (on
the right) (Sanders & Stappers, 2008).
Version 1.0: Final
Collaboration
Page 73 of 161
Another aspect Sanders & Stappers mention is a change of time-structure or a shift in emphasis
to different stages of the design process, where lately “designers have been moving increasingly
closer to the future users of what they design” (p.5). They see a ‘growing emphasis on the front
end’ of the design process, the explorative phase characterized by open-ended questions,
‘ambiguity and chaotic nature’:
In the fuzzy front end, it is often not known whether the deliverable of the design
process will be a product, a service, an interface, a building, etc. Considerations of
many natures come together in this increasingly critical phase, e.g., understanding of
users and contexts of use, exploration and selection of technological opportunities
such as new materials and information technologies, etc. (Stappers, 2006). The goal
of the explorations in the front end is to determine what is to be designed and
sometimes what should not be designed and manufactured. The fuzzy front end is
followed by the traditional design process where the resulting ideas for product,
service, interface, etc. are developed first into concepts, and then into prototypes that
are refined on the basis of the feedback of future users (Sanders & Stappers, 2008:7).
Figure 15 Visualising the Co-Design Process
The front end of the design process has been growing as designers move closer to the future users of
what they design. (Sanders & Stappers, 2008)
But it also follows that the front end phase is elongated and the participation of users ongoing
throughout the design process. Where they are included as partners the roles get mixed up:
... the person who will eventually be served through the design process is given the
position of ‘expert of his/her experience’, and plays a large role in knowledge
development, idea generation and concept development. In generating insights, the
researcher supports the ‘expert of his/her experience’ by providing tools for ideation
and expression. The designer and the researcher collaborate on the tools for ideation
because design skills are very important in the development of the tools (Sanders &
Stappers, 2008 p.12).
Users can become part of the design team as ‘expert of their experiences’ (Visser, Stappers, van
der Lugt, & Sanders, 2005), but in order for them to take on this role, they must be given
appropriate tools for expressing themselves. For this, researchers still have a role to play.
Sanders and Stappers outline that researchers need to learn how to:

lead people who are on the ‘doing’ level of creativity, guide those who are at the
‘adapting’ level,
Version 1.0: Final
Collaboration


Page 74 of 161
provide scaffolds that support and serve peoples’ need for creative expression at
the ‘making’ level, and
offer a clean slate for those at the ‘creating’ level.
(Sanders & Stappers, 2008 p.14, emphasis in original).
The notion of giving users appropriate tools for expressing themselves in the context of
designing (technological) futures rings true especially for the ethical and societal implications.
Design allows for modelling and imagining and building scenarios for futures, thus helping to
have richer and more informed discussions and negotiations about the very things we want. In a
way, in ethical and societal informed co-design, the fuzzy front end of design goes all the way.
5.2.2
Computer Supported Cooperative Work
Participatory approaches within ICT systems design have also made connections with and been
influenced by Computer Supported Cooperative Work (CSCW), an interdisciplinary field of
study that developed during the 1980s, principally with the interest of designing computer-based
technology to support cooperative group work. It arose as scholars from different disciplines,
including computer science, sociology, and anthropology became aware of the complex
challenges inherent in designing for ‘cooperative work’ (Grudin, 2008; Schmidt & Bannon,
1992). Cooperative work in this context is not social in the sense of being a friendly, convivial
endeavour, but in a systemic sense of ‘multiple persons working together to produce a product
or service’ (Schmidt and Bannon, 1992). In this sense, even the work of an individual expert
poring over evidence from an incident site in the seclusion of her office is social, because her
work is embedded in, and contributes to a larger whole, and is (hopefully) informed by the logic
of the overall task. CSCW is concerned with understanding the specific practices involved in
making cooperative work go well for the purpose of designing technologies that can enhance
cooperative work in a world where it is arguably becoming ever more distributed and complex.
From work place studies and observations in real world settings such as air traffic and London
underground control centres, CSCW researchers have been able to produce a range of highly
instrumental and useful insights for understanding the ‘what’ of what people do. This includes
concepts such as a ‘working division of labour’; articulation work; mechanisms of interaction;
workflows; common information space and interpretation work (See Schmidt and Bannon, 1992
for an overview of these terms). Other theoretical and methodological contributions include
longitudinal studies examining the adoption of technology in workplaces. These have provided
insights into the ‘co-development of work, organisation and technology in use’ (Törpel et al.,
2009, p.21) and the understanding that technologies are not ‘readymade’ but ‘need to be
embedded’ in existing practices and the local context or circumstances (ibid p.21). Ethnographic
studies of workplaces, or ‘workplace studies’ (Luff, Hindmarsh, & Heath, 2000) have provided
detailed studies of people’s practices and uncovered ‘features of situated action’ (Suchman,
1987 in Törpel et al 2009, p.22). One of the key insights of CSCW is that one cannot understand
people’s practices as something planned, but rather they involve situated logics. Therefore one
has to design ‘for’ human practices rather than replace human practices. Here CSCW has
affinities with participatory and co-design approaches, including a ‘commitment to designing
systems (both technical and organizational) that are informed by and responsive to people’s
everyday work practices’ (Kensing and Bloomberg, 1998 p. 180) and an ethical concern for
designing for humans. These ideas have been further developed through the notion of ‘corealisation’, (Hartswood et al., 2008), combining ethnomethodology with participatory design
and hence new kinds of longitudinal engagement between users and designers.
Version 1.0: Final
Collaboration
5.2.3
Page 75 of 161
Value Sensitive Design
Value Sensitive Design developed in the late 1980s and early 1990s within the fields of humancomputer interaction and information systems design and attempts to offer a “theoretical and
methodological framework with which to handle the value dimension of design work”
(Friedman, Kahn Jr, Borning, & Huldtgren, 2013). It combines concern for issues such as
privacy, ownership and property, physical welfare, universal usability, informed consent,
autonomy and trust, etc. in a systematic way throughout the design process. In this context
‘value’ refers to ‘what a person or group of people consider important in life’ (ibid p.2).
The concern for values in technology is not new. There has been a long-standing critique of
technology in philosophy (Heidegger, Horkheimer), but also in the natural sciences as well as
computer science (Wiener 1953/1985, Weizenbaum 1972), pointing out the risk of a
technological rationality taking control and replacing questions of ‘do we need it?’ or ‘is it
good?’ with the question ‘does it work?’ There have also been many approaches to designing IT
systems that support particular values, for example privacy, informed consent or trust (Friedman
et al. 2013). Approaches like Computer Ethics, Social Informatics, Computer Supported
Cooperative Work (CSCW) and Participatory Design also pick up on these concerns, placing
emphasis on protecting the users; reflecting on the social and ethical impact of technology, the
way it will change society; but also in the spirit of a discursive ethics of negotiation (Habermas,
1981) inventing democratic approaches to design, which are in keeping with principles of
inclusion, participation, equal rights and reversibility and openness.
In practice, Value Sensitive Design consists of conceptual, empirical and technical
investigations, employed iteratively, i.e. these kinds of investigation are only analytically
distinct (unlike in theory testing nomothetic deductive approaches, while in the actual process
they are intertwined). The conceptual investigation asks which direct and indirect stakeholders
are affected by the design, what values are implicated and how should trade-offs among
competing values be negotiated. While conceptual investigations might orient the research
process and get the investigation started, it is however ‘indispensable to conduct empirical
investigations of the human context in which the technical artefact is situated” (Friedman et al.
2013). Such empirical investigations, utilising a wide range of qualitative and quantitative
methods, further specify conceptual considerations with contextual and situated information as
well as complement further direct and indirect stakeholders and ways of engaging and
interacting with the technological artefact. By following the object (technological artefact)
through its various contexts of use, the empirical investigation unearths overlooked modes of
employ but also gives a more accurate insight into “espoused practice (what people say)
compared with actual practice (what people do)” [ibid. p. 59].
Friedman et al. (2013) argue that the Value Sensitive Design approach offers a unique
contribution to the design of technology and outline eight key features:
1. It aims to influence the design of technology at the early stages as well as throughout
the design process.
2. It enlarges the field of study from a focus on the ‘workplace’ to broader public spaces,
online communities, homes, services etc.
3. It has a unique methodology, combining conceptual, empirical, and technical
investigations, ‘iteratively and integratively’.
4. It enlarges the scope of human values studied (for example within CSCW or PD) to
include all potential values, especially those of ‘ethical import’ and also accounts for
conventions and personal values such as choice of colour.
Version 1.0: Final
Collaboration
Page 76 of 161
5. It distinguishes between the usability of a system, i.e. the characteristics that make a
system work and ‘human values with ethical import’, acknowledging that not all
useable systems support ethical values.
6. As a key first step it identifies and takes seriously the concerns of direct as well as
indirect stakeholders. Indirect stakeholders have often been ignored in the design of
technologies.
7. It is based on an interactional understanding of technology, whereby ‘the actual use of a
technology depends on the goals of the people interacting with it’ and that ‘through
human interaction technology changes over time’, becoming an iterative and ongoing
process.
8. It seeks to work with values at both a concrete and abstract level, acknowledging that
while some values may seem to be universally held, this can play out very differently
within different cultural contexts and point in time.
(Friedman et al. 2013: p. 86)
Finally, Value Sensitive Design holds the position that technologies ‘provide value suitabilities
that follow from properties of the technology’ [ibid.]. In other words, technologies are not
neutral, but the way they do things actually has effects in that they ‘support or hinder human
values’ [ibid.]. The following table presents a list of some of the values ‘with ethical import’
explored within Value Sensitive Design.
Human Value
Definition
Sample Literature
Human Welfare
Refers to people’s physical, material and
psychological well-being.
Refers to a right to possess an object (or
information), use it, manage it, derive income
from it, and bequeath it.
Refers to a claim, an entitlement, or a right of
an individual to determine what information
about himself or herself can be
communicated to others.
Leveson [1991]; Friedman, Kahn, & Hagman
[2003]; Neumann[1995]; Turiel [1983, 1998]
Becker [1977]; Friedman [1997b]; Herskovits
[1952]; Lipinski & Britz [2000]
Refers to systematic unfairness perpetrated on
individuals or groups, including pre-existing
social bias, technical bias, and emergent
social bias.
Refers to making all people successful users
of information technology.
Friedman & Nissenbaum [1996]; cf. Nass &
Gong [2000]; Reeves & Nass [1996]
Ownership
Property
and
Privacy
Freedom
Bias
from
Universal
Usability
Trust
Refers to expectations that exist between
people who can experience good will, extend
good will toward others, feel vulnerable, and
experience betrayal.
Autonomy
Refers to people’s ability to decide, plan, and
act in ways that they believe will help them to
achieve their goals.
Refers to garnering people’s agreement,
encompassing criteria of disclosure and
comprehension (for “informed”) and
Informed Consent
Version 1.0: Final
Agre and Rotenberg [1998]; Bellotti [1998];
Boyle, Edwards,& Greenberg [2000];
Friedman [1997b]; Fuchs [1999]; Jancke,
Venolia, Grudin, Cadiz, and Gupta [2001];
Palen & Dourish [2003]; Nissenbaum [1998];
Phillips [1998]; Schoeman [1984]; Svensson,
Hook, Laaksolahti, & Waern [2001]
Aberg & Shahmehri [2001]; Shneiderman
[1999, 2000]; Cooper & Rejmer [2001];
Jacko, Dixon, Rosa, Scott, & Pappas [1999];
Stephanidis [2001]
Baier [1986]; Camp [2000]; Dieberger, Hook,
Svensson, & Lonnqvist [2001]; Egger [2000];
Fogg & Tseng [1999]; Friedman, Kahn, &
Howe [2000]; Kahn & Turiel [1988]; Mayer,
Davis, & Schoorman [1995]; Olson & Olson
[2000]; Nissenbaum [2001]; Rocco [1998]
Friedman & Nissenbaum [1997]; Hill [1991];
Isaacs, Tang, & Morris [1996]; Suchman
[1994]; Winograd [1994]
Faden & Beauchamp [1986]; Friedman,
Millett, & Felten [2000]; The Belmont Report
[1978]
Collaboration
Courtesy
Accountability
Identity
Calmness
Environmental
Sustainability
voluntariness, competence, and agreement
(for ‘consent’).
Refers to treating people with politeness and
consideration.
Refers to the properties that ensures that the
actions of a person, people, or institution may
be traced uniquely to the person, people, or
institution.
Refers to people’s understanding of who they
are over time, embracing both continuity and
discontinuity over time.
Refers to a peaceful and composed
psychological state.
Refers to sustaining ecosystems such that
they meet the needs of the present without
compromising future generations.
Page 77 of 161
Bennett & Delatree [1978]; Wynne & Ryan
[1993]
Friedman & Kahn [1992]; Friedman & Millet
[1995]Reeves & Nass [1996]
Bers, Gonzalo-Heydrich, & DeMaso [2001];
Rosenberg [1997]; Schiano & White [1998];
Turkle [1996]
Friedman & Kahn [2003]; Weiser
& Brown [1997]
United Nations [1992]; World Commission on
Environment and Development [1987]; Hart
[1999]; Moldan, Billharz, & Matravers
[1997]; Northwest Environment Watch [2002]
Figure 16 Value Sensitive Design
(Source: Friedman et al. 2013, p. 17-18)
5.2.4
A philosophical turn to ethics in design
More broadly within the design world there has also been what Steen (2001) refers to as a ‘turn
to ethics in design’, This reflexive move within design was largely propelled by Victor
Papanek’s influential book ‘Design for the Real World’ (Papanek, 1984), addressing issues of
ethics and social responsibility within industrial design. As such, these issues became
increasingly on the agenda during the late 1990s and 2000s, seen for example in the adoption of
triple bottom line approaches and Morelli’s call for a shift from designers designing ‘products’
to ‘human centred’ design seeking participatory solutions to societal and environmental issues
(Morelli, 2007). At its core this challenged companies and designers to reassess their role and
purpose in developing technologies, becoming instead ‘facilitators of a system of value coproduction’ (Morelli, 2007, p. 18). Such themes can also be seen in the concept of ‘Design
Futuring’ (Fry, 2008), which argues that the ethical, social, political and ecological concerns
facing the world require new ‘ideas and methods for design as an expanded ethical and
professional practice’. However, while Papanek and others work has been hugely influential,
Melles et al. (2011) argue that this agenda ‘remains only partially and unsystematically
embedded in design education and practice’ (p.144).
5.2.5
Engaged STS – The Public in Design
Finally, Science and Technology Studies (STS) provide useful theoretical resources for thinking
through issues of technology, participation and ethics, including the ‘possibilities and limits of
participation in technology development’ (Törpel et al., 2009). While STS includes a number of
different theoretical traditions, it has long had a focus on ‘democratising technological culture’
(Bijker, 2003) and in making science and technology ‘socially responsible’ and ‘accountable to
public interests’ (Sismondo, 2008b) (p.18). The emergence of the STS ‘engaged program’
[ibid.] saw a shift from the study of how scientific knowledge is produced to practical
explorations as well as critique of public engagement and participation at the science and
technology/policy interface (Delgado, Lein Kjolberg, & Wickson, 2011). This move has
followed broader institutional shifts in how ‘publics’ and their relationship with science and
technology have been conceived. From the late 1990’s a ‘participatory turn’, saw public
engagement, dialogue and more participatory styles of governance become central paradigms
within the science and policy worlds (Wynne & Felt, 2007). At the EU level, this included
policies that aimed to involve publics in ‘the development and assessment of science and
Version 1.0: Final
Collaboration
Page 78 of 161
specific technologies’ (ibid. p.56) and the feeling that to remain competitive ‘a solid partnership
between the scientific community, policy makers, industry and civil society’ was needed
(Busquin in EC 2004:3 in Wynne & Felt 2007:53). This also saw the emergence of many
different participatory models and practices including public debates, consultations, citizen
conferences and other experimental forms.
STS scholars have both participated in and provided critique of participatory models and
practices. For example, Wynne (Wynne, 2006) highlights how in exercises with invited
participants ‘pre-framing’ of an issue can often occur, locking participants into existing agendas
and ‘normative commitments’ (Wynne, 2006). This can also be seen in the move to define
participants as stakeholders rather than citizens or the public, where the issues ‘at stake’ have
already been defined and thus ‘the scope of democratic governance issues’ has been reduced
(Wynne & Felt 2007 p.58). Stirling argues that in participatory appraisals, processes of ‘closing
down’ tend to be privileged over processes of ‘opening up’ thus also reducing the potentials for
democratic engagement with science and technology governance (Stirling, 2008). STS scholars
have also provided insights into conceptions of the ‘public’ and how these have changed over
time (Welsh, Ian & Wynne, 2013). This has highlighted the ‘heterogeneous and dynamic nature’
of publics (Delgado et al., 2011:7) and that the public does not in fact pre-exist, but is ‘potential,
and always in the making’ (Wynne & Felt 2007:19).
Approaches to publics within STS have also been informed by Dewey’s conception of ‘issue
formation’, namely that publics emerge in response to problems or issues and that expertise is
itself created through the democratic process of social enquiry and public deliberation around an
issue (Dewey, 1927). For Latour (Latour, 2005) this involves a new form of ‘object orientated
politics’, where ‘each object gathers around itself a different assembly of relevant parties’ (p.15)
and whereby ‘matters of fact’ become ‘matters of concern’ (ibid). There have been a range of
theoretical and also practical experiments within STS around the formation of these ‘new
collectives’ (Latour, 2004), ‘hybrid collectives’ (Wynne & Felt 2007), ‘collective
experimentation’ (ibid) and ‘co-production of knowledge’ models (Callon, 1999). These
experiments offer the potential for opening up new spaces and theoretical resources for
negotiating the politics and ethics around ‘matters of concern’ such as a particular technological
innovation.
STS has also had fruitful engagements and dialogue with ‘design’ (see for example (Ehn &
Badham, 2002; Latour & Weibel, 2005; Latour, 2008; Patton & Woodhouse, 2004). Links have
been made between Actor-Network Theory and participatory design, providing different
perspectives and practices for conceptualising and unpacking design processes and raising key
issues around participation and democracy (Storni, 2012). Suchman (Suchman, 2000) has been
influential in highlighting the ‘inseparability of the social and material, practice and technology’
(Torpel et al. 2009:14) including calls to:
…replace the designer/user opposition – an opposition that closes off our possibilities for
recognising the subtle and profound boundaries that actually do divide us – with a rich,
densely structured landscape of identities and working relations ... (Suchman, 1994:22).
There are also convergences between STS and ‘reflective design’, ‘critical design’ and
‘speculative design’ in exploring how to think about the participation and construction of
stakeholders and ‘publics’ (Disalvo, Lodato, Jenkins, Lukens, & Kim, 2014).
Version 1.0: Final
Collaboration
Page 79 of 161
5.3 Regulatory Approaches to IT Innovation
Along with the development of designerly and STS approaches to practicing ethically and
socially circumspect innovation has been the emergence of a range of regulatory approaches.
Over the past 20 years there have been discussions at legal and political levels for incorporating
data protection safeguards into ICTs. Regulatory measures include Recital 46 of Directive 95/94
of the European Union (1995), the first European directive on data protection, which aims to
embed ‘‘appropriate measures’ in ICTs “both at the time of the design of the processing system
and at the time of the processing itself, particularly in order to maintain security and thereby to
prevent any unauthorized processing’ of personal data’ (Pagallo, 2011). Currently (in the EU)
regulatory approaches for the assessment of IT innovation are being developed and
institutionalized including in 2012 a proposal for a new general data protection legal framework
that has not yet been adopted. In addition there have been a range of other regulatory
approaches including Privacy by Design, privacy and ethical impact assessments and legal risk
analysis. This section briefly outlines these different approaches, followed by a discussion of the
resonances and tensions between regulatory and designerly approaches.
5.3.1
Privacy by Design
Privacy by Design is closely related to the concept of ‘privacy enhancing technologies’ (PET)
(Information and Privacy Commissioner/Ontario, 1995) and aims to incorporate mitigation of
issues such as data protection and privacy into the design of technology. In practice, this might
include design features such as separating ‘personal identifiers and content data, the use of
pseudonyms and the anonymization or deletion of personal data as early as possible’ (Schaar,
2010:267). Cavoukian (2010) outlines seven principles of Privacy by Design as:
1. We have to view data protection in proactive rather than reactive terms, making privacy
by design preventive and not simply remedial;
2. Personal data should be automatically protected in every IT system as its default
position;
3. Data protection should accordingly be embedded into design;
4. The full functionality of the principle which follows from ii) and iii), allows a “positivesum” or “win-win” game, making trade-offs unnecessary (e.g., privacy vs. security);
5. A cradle-to-grave, start-to-finish, or end-to-end lifecycle protection ensures that privacy
safeguards are at work even before a single bit of information has been collected;
6. No matter the technology or business practices involved, the design project should
make data protection mechanisms visible and transparent to both IT users and
providers;
7. Privacy by design requires an individual-focused respect for user privacy. (Cavoukian,
2010)
A number of countries, including Canada, Germany, the Netherlands and the United Kingdom
are promoting Privacy by Design. The European Union’s Seventh Framework Program for
research and technological development (FP7)—the EU’s chief instrument for funding research
over the period 2007–2013—also emphasizes the importance of “building in” privacy
safeguards in technological solutions. Proponents of Privacy by Design argue that the principles
should be binding for technology designers, developers and data controllers and that ‘providers
of IT systems or services’ ‘should demonstrate that they have taken all measures necessary to
comply with these requirements’ (Schaar, 2010 p. 278). However there are also challenges to
and criticisms of the concept including its feasibility in practice (Spiekermann, 2012).
Version 1.0: Final
Collaboration
5.3.2
Page 80 of 161
Privacy and Ethical Impact Assessments
Legal risk analysis focusing on privacy is commonly referred to as a Privacy Impact Assessment
29
or Data Protection Impact Assessment (PIA). PIAs have been developed and used in a variety
of countries and contexts (occasionally mandatory), since the early 1990s including in Australia,
Canada, Ireland, New Zealand, the UK and the US (David Wright, Mordini, & DeHeert, 2012).
In January 2012 the EU Commission presented a proposal for a new general data protection
legal framework (Proposal for a Regulation Of The European Parliament And Of The Council
on the protection of individuals with regard to the processing of personal data and on the free
30
movement of such data) introducing concepts such as Privacy by Design and encompassing a
number of detailed provisions for all ICT systems processing personal data. The proposal under
the sub heading Data processing impact Assessment stipulates an obligation to carry out a PIA
prior to risky processing operations:
Where processing operations present specific risks to the rights and freedoms of data
subjects by virtue of their nature, their scope or their purposes, the controller or the
processor acting on the controller’s behalf shall carry out an assessment of the impact of
the envisaged processing operations on the protection of personal data” (Article 33).
Making PIAs mandatory will likely lead to a significant increase in the use of PIA across the
EU and beyond and it has been suggested, may ‘give momentum to the development of an
international standard’ (D. Wright & Friedewald, 2013).
As yet however, the methods to carry out detailed PIAs vary and while there are various guides,
handbooks and templates there are currently very few PIA methodologies (although a number of
projects are attempting to develop this). Usually PIA processes are multi phased and carried out
in several iterations, as the system develops. The initial objective is to get an overview of the
main problem areas, as a basis for further assessments and deliberations of the system design.
This often involves identifying ‘risks’ to privacy and strategies to overcome them. Other
common themes within PIAs include the identification and inclusion of stakeholders and
publishing PIA reports to make the process transparent. Both these issues present a range of
challenges including who and how to include stakeholders and private sector developers may be
particularly reticent to publish or make public their findings (Wright & Friedewald 2013).
29
Sometimes also referred to as Personal Data and Privacy Impact Assessment or Privacy Impact
Analysis. See e.g. Clarke, Roger, Privacy impact assessment: Its origins and development, Computer Law
& Security Review, Volume 25, Issue 2, 2009 p 123-135, Information Commissioner’s Office (UK) PIA
Handbook, Version 2.0, 2009 “www.ico.gov.uk/upload/documents/pia_handbook_html _v2/index.html“,
29th International Conference of Data Protection and Privacy Commissioners, Privacy Impact Assessment
Issues and Approaches for Regulators, Workshop Workbook, Montreal, September 2007, available at
www.privacyconference2007.gc.ca/workbooks/Terra_Incognita _workbook12_bil.pdf, and Wright,
David, De Hert, Paul, (Eds), Privacy Impact Assessment, Springer, Dordrecht, … 2012 (Law, Governance
and Technology Series, Volume 6).
30
The regulation has not yet (January 2015) been adopted. The regulation will take effect two years after
its adoption, at earliest 2017.
Version 1.0: Final
Collaboration
Page 81 of 161
Ethical Impact Assessment
Ethical Impact Assessment (Harris, Jennings, Pullinger, Rogerson, & Duquenoy, 2011; David
Wright et al., 2012; David Wright, 2011) is a more recent development, developing largely
within the fields of philosophy and theoretical ethics and following in the footsteps of other
‘impact assessments’ such as environmental, risk or regulatory impact assessments and
technology assessment (TA). A central emphasis is the need to consider ‘ethics in context rather
than prescriptive rules’ (David Wright, 2010) and thus far has been largely a reflective method,
where questioning the ethics of individual technologies and their implementation accompanies
the design and development process. Often this literally involves the asking of questions, and
there have been various attempts to formulate sets of questions to uncover ethical issues (Marx,
2006; van Gorp, 2009; David Wright, 2011). It has also included attempts to develop key
principles, as well as procedures, frameworks and other ‘ethical tools’ for ‘assessing the ethical
impacts of new and emerging technologies’ (Wright and Friedewald 2013, p.762).
This approach has seemingly been developed in complete isolation from the designerly debates
outlined above. This leads to problematic oversights and a preoccupation with a rigid system of
‘assessment’ focused on ‘problems’ without any clear means of translating insight into creative
innovation, but it also introduces valuable contributions, which are not addressed in design so
far. Most importantly, ethical impact assessment can scaffold sustained engagement with ethical
issues. Rarely is attention extended to the creative appropriation of technology and the ethical
consequences of this, and cumulative effects of assembling ecologies of technologies or, as in
our case ‘systems of systems’. There is also a strong emphasis on including stakeholders and the
importance of debate in the process. Wright and Friedewald have highlighted the overlap
between PIA and EIA and suggest that both can be done together in what they call a P+EIA
process (D. Wright & Friedewald, 2013).
5.3.3
Legal Risk Analysis in IT Innovation
Risk analysis is a method employed in different contexts, reaching from business strategy
development to engineering. Its aim is to identify and carefully analyse risks in order to enhance
an organization or collective’s capability to avoid risk or mitigate impacts. Legal risk analysis
explores the risks of an activity breaking the law prior to the activity being undertaken. Methods
include quantitative calculations, graphic representations, scenarios, checklists, matrices,
exposure studies and flow charts (Wahlgren, 2013).
5.4 Towards Design for Privacy & Design for Design
Both designerly and regulatory approaches have an interest in the prevention of technological
‘disasters’. Billions of Euros and innumerable hours of work have been ‘sunk’ into failed IT
projects across the European member states. Examples include the half a billion pound failure of
the UK Firecontrol project (Committee of Public Accounts, 2011; Yeo, 2002). One key aspect
that both designerly and regulatory approaches struggle with is the fact that innovation neither
starts nor stops with design or regulation. Designers speak about ‘design after design’ (Ehn,
2008) – the fact that users appropriate technologies creatively, sometimes subverting intended
functions. Rules, regulations and the law are interpreted. There is no technological imperative
that dictates the use of an IT artefact. This does not mean that technology is neutral. However, it
means that use evolves with technology as technology evolves with use. See, for example,
Orlikowski’s paper on ‘Evolving with Notes’ (Orlikowski, 1995) and Taylor et al on the
discovery of SMS (Taylor & Vincent, 2005). The approaches outlined above strive to
controlling intended and unintended effects in and through the designed objects.
Version 1.0: Final
Collaboration
Page 82 of 161
As discussed above there are a range of approaches, particularly around privacy, that try to
embed ethical principles ‘in’ technologies, for example Privacy by Design. As we discussed in
D12.1, the utility of these approaches in emergency response in general are limited, because
exceptions and improvisation, which are necessary, can invalidate them. In relation to
supporting emergent interoperability in systems of systems such ambitions also pose some
difficulties. It could be argued that these approaches are in essence flawed because they ignore
one of the key lessons of the approaches outlined above: It is impossible to know, let alone
control ‘problematic usage’ in advance.
The methodological turn we are advocating goes some way towards addressing challenges of
appropriation or design in use. Embedding ICT in emergency response and more broadly is a
pervasively and potentially deeply transformative endeavor. It cannot be ‘fixed’ through
reflective practice or ‘by design’ alone. Moreover, the fact that IT Ethics is neither ‘in’ the
technology, nor ‘in’ its use, but distributed means that the configuration of problems shifts
shape continuously. This means that designerly expertise, ethical impact assessment and legal
risk assessment should iteratively accompany innovation as a process, and that stakeholder
engagement is critical throughout. This approach takes lessons from STS informed PD. In a way
it is a next step for PD – but one that sheds the paternalistic notion of ‘participation’ in the
interest of recognizing that design is a political process that requires collective deliberation,
responsibility and action. By ‘collective’ we do not mean either a ‘communist’ notion of
collectivity, nor do we mean ‘happy’ notions of ‘Gemeinschaft’ or community. Collective in
this context involves negotiation, conflict expression, methodologies for de-conflicting, not
necessarily consensus. It utilizes disclosive ethics and transparent design, as well as designing
for engagement (see Chapter 3). This also evokes ideas of a social contract in IT design, where
society is responsible for educating citizens to a level where they can shoulder more of the
responsibility for the effects of IT innovation, in collaboration with IT design that supports a
more broader distribution of skill, for example by documenting computational processes more
in novel interaction techniques.
If the former is an attempt to develop more broad-based methodologies of how to design, the
question of what to design remains. Are there ways in which the complexity and opacity of IT
can be reduced? Drawing inspiration from architecture – are there digital equivalents to the way
in which the Centre Pompidou documents or makes its infrastructure and architecture visible?
By developing such approaches, appropriation and grassroots infrastructuring may be better
supported, with a direct effect on the understandability of ethical, legal and social issues in
emergent assemblies of systems of systems.
Drawing this particular discussion to a close, we see parallels between design and regulation. In
a way, regulatory efforts are forms of meta-design – attempting to spell out protocols and rules
that can guide negotiation and appropriation. The designerly approaches we have described
along with ethical impact assessment and legal risk analysis all call for iterative engagement of
legal and social experts, for informing design decisions, experimenting with prototype solutions,
finding some way of anticipating emergent effects of innovation in a way that place designers
and users in a position to address these effects, to take opportunities and to mitigate problems
from a position carefully situated right in the midst of change. There are resonances here with
Orlikowski’s work, ‘co-realization’ approaches and approaches to ‘Integrated Organization and
Technology Development’ (Orlikowski, 2000, 2009).
We need a synthesis of these different approaches and a toolbox that allows more conscious
utilization of them. The BRIDGE project has drawn on the theoretical and methodological
insights of these different approaches in developing what we are calling ELSI Co-Design (Liegl
et al 2015). The BRIDGE project is arguably one of the first projects to explicitly bring
Version 1.0: Final
Collaboration
Page 83 of 161
designerly and regulatory perspectives together and in the final section we now outline the ELSI
Co-Design approach we developed, followed by a summary of findings in Chapter 6.
5.5 BRIDGE ELSI Co-Design: Developing a Methodology
At the heart of the project is the development of middleware infrastructures that will enable
autonomous systems to ad-hoc interoperate and thus share information, synchronize processes
and merge certain functions. It also provides central, aggregated inventories and an overview of
the situation at hand and the combined resources available. Overall, the project aims to enhance
emergency responders’ capabilities to address crises and collaborate, thereby strengthening the
security and safety of citizens as well as their privacy and civil liberties. However, it will not be
surprising that such architecture, due to its emergent character, the ability to track and monitor
resources, and aggregate and share data also has the potential for raising many ethical legal and
social issues. These include, for example: how to share and at the same time protect personal
data and the privacy of those involved? How to avoid situation awareness becoming
surveillance? How to deal with the potential change in organizational structure that such
situational awareness tools might bring about? And how to account for actor-agent networks adhoc assembling in such a complex system of systems?
In addition, the vast scale of the project, involving EU wide socio-technical systems (of
systems), multiple project partners and many diverse ‘end users’, groups or ‘publics’ potentially
impacted by the technology pose unique challenges for addressing these issues. As such, to
enable the emergence of these issues and crucially, to allow the folding in of insights into the
processes of design and innovation has necessitated methodological innovation. The process,
which we call ELSI Co-Design, uses an iterative, experimental research and development
approach that integrates ethnographic observations and insights from user engagement and codesign into specification, integration and experimental implementation of new technologies. The
next section outlines some of the key features of this approach.
Collaborative practices and co-design with users – assembling publics
Our methodology adapts user-centred and participatory design methodologies with a ‘bottomup’ understanding of opportunities and challenges for innovation in work practice, informed by
domain analysis and collaboration with professionals within the project. Ehn (1993) argues that
participatory design raises questions of democracy, power, and control at the workplace. As we
will see, this rings true when we look at BRIDGE innovations, which, as they track and monitor
resources and emergency responders’ work, also enable surveillance. They also have a tendency
to take autonomy and responsibility away from individual responders and shift them to the
control center, higher up in the organizational hierarchy. We follow Ehn’s assessment, and see
in participatory design an opening to negotiation and contestation of such issues, shedding light
on the work conditions, and ideally the overall ethical and political implications beyond
questions of efficiency. We contend that just like ‘usability’, ethics cannot be invented or
decided by experts, but has to be the product of engagement with the technology, by directly or
indirectly implicated publics. Facilitating such publics is a central element of what we call
‘ELSI Co-Design.
Mixed methods and a future orientated approach
We therefore use a whole spectrum of participatory and user-orientated design methods, aiming
to upgrade swiftly from more detached methods of user centred design to more engaged
collaborative and co-design methods where designers, users and researchers becomes
productively entangled and users become critical collaborators in the innovation process
(Sanders & Stappers, 2008). Our multi-method approach includes:
Version 1.0: Final
Collaboration






Page 84 of 161
Ethnographic domain analysis
Prototyping and Co-Design with end users and the End User Advisory Board (EUAB)
Scenario-based demonstrations
Living Laboratories (current phase BRIDGE Project)
Design for Design (after Design) (Ehn)
Technology Accompaniment (Verbeek)
We also had a future orientated approach, recognising that it would never be possible to know
the full scope of uses or implications of the technology, but in using scenarios and other
experiential tools we tried to explore possible futures and make these futures tangible.
Iterative exploration and design throughout the project
Central to the BRIDGE project was a co-design approach from the early stages of the design
process, exploring issues iteratively throughout the life cycle of the project. In many projects it
is not until the later stages that engagement and feedback from stakeholders is sought, often
with an emphasis on evaluation rather than design (Mulder & Stappers, 2009). This can lead to
unaddressed issues or mistakes due to blind spots’ in the development team. In line with the
overall agile methodology in the BRIDGE project, we abstained from a waterfall model of
defining requirements at the beginning of the project. Rather, formulating requirements,
qualities and features of the technology was an ongoing exploratory process, organised around
the engagement of various stakeholders with (working) prototypes. Such a process would, we
hoped, reveal user needs and concerns, disclose possible ‘good’ as well as ‘problematic’ sociotechnical, ethical futures and allow for democratic processes of engagement and negotiation. In
practice, this involved creating spaces around our technological prototypes to allow the
emergence of issues and the assemblage of publics.
A Disclosive Ethics Approach
This could be called a disclosive ethics approach (Introna, 2007). Ethically aware design
research is a method, which by way of assemblage (‘drawing things together’), tries to
systematically disclose ethically relevant aspects of socio-technical systems in use. This is based
on the view that ethical values or principles are too general to help draw conclusions or judge a
system. Rather, these values themselves rely on ontological assumptions (the way the world is
and the way humans are fundamentally) that might not hold anymore in these socio-technical
futures (for further discussion of these issues see chapter % on drones). Rather than seeing
ethics as a pre-existing checklist of issues already known, we see ethics as emergent
phenomenon that is both situated and co-constituted. Disclosive ethics means to dig for hidden
ethical effects in the socio-technical systems. It is a way of often indirect probing in order to
make issues and effects visible that are usually hidden in technological black-boxes. It could
also be described as prototype-based exploration where we enable diverse stakeholders to
experience the technology in use and to evaluate possible effects and consequences for the
emergency response. Drawing on the notion of “living laboratories” we use the metaphor of the
(chemical) laboratory or a chemical reaction and particle accelerator/collider to describe this
convergence or assemblage. The ethical issues emerge or become visible like a reaction in a
chemistry experiment or the traces in a particle collider.
Version 1.0: Final
Collaboration
Page 85 of 161
Figure 17 Disclosive ethics, living laboratories
Folding insights into design
Informing socio-technical innovation is not a linear process where insight X clearly necessitates
design decision Y. Understanding the complexities of work practices inspires design in complex
ways. Insights are ‘folded in’ or materialized at different levels of design (architecture, policies,
interaction design, social and organizational change) through interdisciplinary critical technical
practice and stakeholder engagement. Since we believe that design is an open- ended process
where products should be adaptable to new situations, this phase opens what Pelle Ehn calls
“design for design” (Ehn, 2008).
ELSI Co-Design in Practice - four iterations
In practice, the project aimed to explore ethical, legal and social issues throughout the life cycle
of the project and in roughly four phases, or rather, since these were not linear, but iteratively
organized, modes of investigation and design. This exploratory process was ongoing, but can be
roughly divided up in four (kinds of) iteration, from an opening exploratory movement through
a more structured movement on to gradual closure.
1st Iteration: Ethnographic Domain Analysis & Co-Design with Stakeholders / End-Users
Drawing on CSCW and STS traditions, the first mode, ethnographic domain analysis, tried to
capture in go-alongs and participant observation the practices, procedures, organization, skills
and concerns of domain experts (cp. BRIDGE D2.1 & 2.2). This approach was multi-sited,
ethnographic and mobile, including interviews. The domain analysis gathered expertise about
the domain, which was then systematized into rich user stories and broken down into more
abstract ‘user needs’ and ‘ethical concerns’. In the first phase of domain analysis and co-design,
the BRIDGE team conducted fieldwork in various areas of the emergency domain to understand
current practices of inter-agency collaboration and areas for improvement.
The second mode was Co-Design Workshops, which played a prominent role in BRIDGE (Oslo
2011, Lancaster 2012, Stavanger I 2013 (Demo II). Here we engaged with various kinds of
stakeholders, but especially emergency response personnel and organized co-design workshops
where we encouraged them to engage in sandboxing exercises, playing through scenarios using
Version 1.0: Final
Collaboration
Page 86 of 161
paper or more advanced prototypes of our technology – i.e. elements of the BRIDGE System of
Systems. Unlike domain analysis these sessions feature a strong futuristic element, in that they
allow the imagining of ways to do things differently. At the same time, they also allow for
conflicts or concerns to get expressed or even discovered in the first place. These workshops
elicited user needs, qualities, functional and non-functional requirements of collaboration
technologies. From this we gathered “stories”, which contained themes, narratives and
descriptions of practices, necessities, qualities and matters of concern that the stakeholders
discovered in these engagements. From these stories we took in vivo quotes or topics and
translated them into user needs (and requirements) which were gathered in JIRA. This was a
collaborative effort of in principle all BRIDGE team members, who could make entries,
comment, label and enrich what was there. Since the very beginning of the project, we used
JIRA31 as our main collaboration platform for user needs and requirements (with WPs 2, 10 and
12 working as editors and data stewards).
Real world exercises were used as a third method of Domain Analysis and Co-Design. Here,
BRIDGE prototypes were introduced, used, and tried out in the context of a regular emergency
response exercise, which offered first responders the opportunity of hands on experience with
the technologies and allowed for extensive feedback of the user experience, insights on its
usefulness, input for improvement but also hesitations and warnings of potential dangers of the
technology (Flums, Demo I Stavanger, II & III), ValEDation days in Salzburg).
From these diverse research and design opportunities we derived collections of in vivo quotes,
observations and user stories, which then served as a source for formulation of user needs and
requirements – both functional and non-functional. In these formulations, ethical considerations
– a lot of them brought forth by users themselves, were paramount. Apart from catalogues of
more general ethical qualities, that were developed mostly through desk-studies (for instance in
our extensive review of the Ashgate Series on Library of Essays on Emergency, Ethics, Law and
Policy (Campbell 2013)) it was this fieldwork with domain experts, disclosing issues such as
information overload, worries about informational self determination, or situation sensitive use
of the monitoring capacities of the technology. It was these insights which allowed us to
translate qualities into ethical requirements, specific to the developed BRIDGE technology.
2nd Iteration: Ethical, Legal and Architectural Sessions with Engineers and CC32 Owners
During the 3rd and 4th period of the project, we switched from this exploration into a more
structured mode, sorting the ELSI requirements by Concept Cases (CC)—technology bundles,
which are aggregated according to their general functions such as, situation awareness,
information gathering, logistics, networking, tracking, etc. (cp. D2.2 106ff.) — and having
intensified exchange with the CC owners, where WP 10 put a lot of effort into co-formulation of
requirements. At the same time we worked on the validation of the technologies and for this
formulated (distilled from domain analysis, end user engagement and literature reviews)
architectural, ethical and legal qualities and requirements and had a series of two hour plus
sessions with the CC owners where we evaluated those aspects of the technology.
31
https://www.atlassian.com/software/jira
32
The design process in BRIDGE is organised in what we came to call ‘concept cases’ which are bundles
of tools addressing a certain type of task in emergency response such as situation awareness, logistics or
resource management (for a detailed description cp. chapter 6.3).
Version 1.0: Final
Collaboration
Page 87 of 161
On the basis of these findings (and after almost 3 years of exploration) we built another kind of
laboratory, where we confronted technical elements and the inner workings of the system with
the stories, scenarios and concerns we had collected but also with a more formal canon of
(emergency) ethical qualities. In these Ethical Requirement Sessions (there were also legal and
architectural sessions) two kinds of spokespeople engaged with each other: the Systems owners
(mostly system developers) represented the “concerns” of the socio-technical system, while the
domain analysts represented the ethical canon and the concerns they had learned about from
various stakeholders. This resembled most closely representative democracy, where the indirect
mode was mostly due to the complexity of the technological systems, but also to the fact that in
our agile design process we used this phase to formulate ethically aware systems requirements.
Figure 18 Powerpoint slides used during the Ethics Sessions
In this second iteration the requirement engineering again proceeded in a more structured way.
Here the validation team gathered all the acquired user needs and requirements from JIRA and
fed them back to the concept case owners in order to inquire into feasibility and applicability
and also work on proper requirement formulations adequate / adapted to the technology.
3rd Iteration: Validation with End Users (ValEDation Days)
Finally, during the so-called ValEDation days (cp. BRIDGE D10.3, 55ff.) we organised three
quite varying settings for end-user engagement with our current prototypes. In Salzburg we
organised an exercise with local firefighters, testing the behaviour of the technology in real
world settings; in Delft we had a more conceptual validation of the middleware and the
middleware oriented CC Adaptive Logistics, where we explored possible strengths and effects
of the middleware; while in Oslo a simulated 3D scenario was built, which allowed a virtual
exploration and testing of the Master System, eTriage and the training system. Based on these
results WP 10 was engaged in yet another iteration with the CC owners, working on
consolidating all the knowledge gathered throughout these varying forms of engagement and
publishing it in a comprehensive form in BRIDGE D10.4.
As discussed, the BRIDGE project follows an agile design methodology, and the requirement
development process is organised in iterations. This means – somewhat counter-intuitively –
that even validation does not follow a strictly evaluative, retrospective path, simply testing
ready formulated requirements against the actual performance of the technological prototypes,
but rather that while doing the latter we are also still tweaking and reformulating requirements,
and even exploring new user needs or adaptations of already existing ones. The logic of such a
design process with frequent iterations can be described in analogy to forms of logical reasoning
Version 1.0: Final
Collaboration
Page 88 of 161
as abductive reasoning, which aims at discovery, disclosure, invention, rather than deductive
(top-down) reasoning, which links premises with conclusions, in such a way that if the premises
are true and the rules of deductive logic are followed also the results will be necessarily true. In
other words, in the logic of discovery, the premises are not kept stable, but themselves are at
stake. In such an approach the goal is not to find out if the prototype in all circumstances fulfils
the requirements formulated beforehand, but rather, whether by putting it to the test in a variety
of circumstances, potentially new requirements or sub-requirements emerge. So the testing is
not linear from requirements to prototype, but proceeds simultaneously in both directions.
4th Iteration: Long-Term engagement with End-User Partners
In the last phase or mode, BRIDGE prototypes in their most mature stage have been taken into
user settings, where domain experts have engaged with them over a longer period of time. This
multiplies the amount and kinds of people and social entities who will come in contact with the
systems, thus multiplying the opportunities for issue as well as publics formations around it.
Various techniques used during this phase for capturing emerging issues include:







Working prototype (high TRL) remains for period of time with Emergency responders
Keeping user logs
Ongoing tech support
‘Technology accompaniment’ and Design after Design
Re-entry of empirically enriched ethical issues
Participant observation
Focus groups to reflect on experiences and issues that arose in scenarios and practices
Since this phase is ongoing with partners from fire departments in Austria, who are using the
Advanced Situation Awareness System and the HelpBeacons, testing the use of these systems in
their everyday work. Also in University Hospitals in Stavanger and Trondheim, the eTriage
system is being employed in everyday ambulance and hospital logistics. Based on the results of
these long term engagements, WP 10 will consolidate all the knowledge gathered throughout
these varying forms of engagement, publishing it in a comprehensive form in BRIDGE
D10.4.Summary
5.6 Conclusion
These different modes of ELSI Co-Design serve as a means for turning matters of fact (does it
work) into matters of concern (is this really what we want) (Latour, 2005). This involves
creating spaces around our technological prototypes, allowing for the emergence of issues and
formation of publics. In this process, new ways of working emerge in interaction with emergent
technology, and ethics and technology adapt, revising and co-articulating each other. There have
been many challenges in the BRIDGE project for undertaking ELSI CO-Design in practice. For
example, one of the biggest challenges has been finding ways of exploring and formulating user
needs and requirements for the middleware based on a thorough assessment of its effect at
runtime. To achieve this we have built a simulation environment, which seeks to make the
middleware visible and inspectable.
Similarly, there are questions about the ‘publics’ we allow space for within the project. Who
was excluded? How might we better include indirectly implicated publics and who might these
be? How does an explicit commitment to address ELSI actually play out in practice and with the
other demands and cultures within the project? How did the specific assemblage of the
transnational consortium shape the process of our ELSI co-design and potentially obscure
certain issues? We argue that our methodology of ELSI co-design and experimental co-creation
Version 1.0: Final
Collaboration
Page 89 of 161
of socio-technical futures, where both the engaged public and issues are results of
experimentation and contestation are pre-requisites for developing socio-technical systems,
which not only can be made ‘acceptable’, but which become part of and enhance society.
This chapter has addressed the development, roots and methodology of the BRIDGE ELSI CoDesign approach. It began by outlining the intensified focus on ethics within Horizon 2020 EU
funding requirements. However, while ethics is starting to become a more prominent concern
for EU research and development funding, there are currently no regulatory standards, nor are
there, or is it necessarily possible to develop ‘one size fits all approaches’ or checklists that can
be easily adopted. As such, there is space and a need for methodological innovation in how we
might open up design processes to account for ethical, legal and social issues. There have
already been many attempts to do this and in the first half of the chapter we introduced some of
the different traditions that have addressed these issues from a variety of perspectives, including
designerly and regulatory approaches as well as Science and Technology Studies. These
approaches have formed many of the theoretical and methodological underpinnings of the ELSI
Co-Design approach developed in the BRIDGE project. In the second half of the paper we
outlined the key features of our experiments in ELSI Co-Design. This involved creating spaces
around our technological prototypes, which allow for the formation of issues and assemblage of
publics as engagement in the practice of disclosive ethics (Introna, 2007). In practice this
involved various iterative stages and a mixed methods approach as outlined in the chapter. This
chapter has set the scene for the next chapter where we explore key findings and challenges.
Version 1.0: Final
Collaboration
Page 90 of 161
6 Disclosive Ethics & ELSI Co-Design in the BRIDGE Project
We have identified collaboration in emergency response as a vital societal and ethical goal, yet
also spelled out the obstacles and fears that currently prevent or stifle efficient collaboration.
These obstacles include






the complexity of disaster preparedness and response and time-critical-ness of response
differences in organisational structures, -cultures and –hierarchies
decision making is distributed across many interdependent individuals and groups in
many different locations and situations
fragmentation and poor synchronization in time, allowing activities that look reasonable
locally but that can actually undermine activities overall
technological incompatibilities
uncertainties about data protection and privacy legislation
Disclosive Ethics and ELSI Co-Design is an exploration of how socio-technical design and
innovation could help to overcome these obstacles in ‘good’ and responsible ways. In BRIDGE
the exploration of ELSI related to technology and the quest for designing technology in a way to
enable ethically circumspect emergency response has been closely linked with the
methodologies of iterative ethnographic domain analysis and co-design. This elicitation of
ethical issues informed formulating them in a way that they can be formalized for requirements
engineering. This process should involve as large a variety of stakeholders as possible, covering
domain experts, past and potential victims, members of the public, policy-makers,
administrators, ethical and legal experts and of course designers and engineers.
We call this process of unfolding ethical issues ‘disclosive ethics’, following Introna and Introna
& Nissenbaum (2007). We complement ethnography with co-design, because ethics, lawfulness
and social responsibility are folded into material socio-technical assemblages, and enacted in
social practice of situated explorations, negotiations, probings. There are no clear cut lists of
ethical principles or values that could be unequivocally ‘designed into’ material technologies or
organisational structures and ‘best practice’, but rather what is ethical, lawful, socially
responsible is relational and shaped in situated practices. Design must support these practices.
This section summarizes our exploration of ELSI in IT systems in emergency response and
findings that emerged within interdisciplinary collaboration sessions designed to develop
ethical, legal and architectural qualities as requirements for the assessment of system of systems
architectures. One central aim was to explore the location of ethics in complex distributed sociotechnical systems which enable emergent interoperability. The concept cases serve as a research
tool, to explore such questions of ethical topology and accountability. Questions of how ethical
responsibility is distributed between humans, technologies, infrastructures will be discussed.
6.1 Ethical Topology of the BRIDGE Systems of Systems
Even in a single organisation many tasks are collaborative and distributed. We have seen in
chapter 4 the immense work and complex infrastructures that are necessary for collaboration to
take place. From an ethical point of view it is important to reflect not only on the collective
actions during emergency response and their outcome, but also how technologies shape
collective action. What are the ethical implications of data sharing infrastructures and situational
awareness technologies? How do they assemble emergency response units and are these ways of
assembling desirable in terms of enabling effective response? What are (un-)intended effects? In
Version 1.0: Final
Collaboration
Page 91 of 161
distributed collaborations, it is not easy to assess where or as a result of which interactions,
actions went right or wrong and consequently it is hard to know which individual or collective
to praise or to blame for outcomes. There have been many controversies both within ethics and
sociology on questions of collective agency and responsibility (e.g. May & Hofmann, 1992
Jasanoff, 1994). These reveal some of the limitations of legal and ethical traditions based on
individual responsibility and call for more collective, organisational and socio-technical models
of accountability. Can organisations or groups act? Can they collectively be responsible for
actions? Communities, or even Nations, too? And if so, how are they to be held accountable?
Every individual member? The leaders? The operators of a technology? And if the technology
has adverse effects – will those who use it be blamed, those who procured it, or the developer
team that made it? Does distributed action entail distributed responsibility? What about the
technology itself in this?
The overarching goal of the BRIDGE project was to design a System of Systems architecture
that would allow emergent interoperability for interagency collaboration in large scale
emergency response. To facilitate the design process, development was organised along
technology bundles – so called Concept Cases – which are aggregated according to their general
functions such as situation awareness, information gathering, logistics, networking, tracking, etc
(cp. D2.2 106ff.). These Concept Cases served as a tool for developing and making the
middleware tangible, and also formed organisational units, gathering subgroups of designers,
users and researchers, who were each coordinated by the Concept Case owner(s). Besides their
individual functionalities and the role of making the middleware tangible by utilising its
functions, the task of the Concept Cases is to provide the BRIDGE middleware with prototype
future systems that would aggregate in an ad-hoc way into a system of systems. Here individual
systems would fulfil their individual function, but be BRIDGE’d in the sense of being able to
communicate, being able to share, gather and display information in a usable, secure way,
support people in constructing overview (COP), and coordinate work processes and workflows.
BRIDGE ELSI Co-Design is hence co-design in a system of systems context, which means that
a methodology for ethical explorations is needed that reflects not only the individual systems –
or as we say Concept Cases – but the system of systems as a whole in all its complexity.
6.2 Ethical, Legal and Social Qualities Sessions
Over the course of four years of end-user engagement and design research in the BRIDGE
project, a collection of use-stories, concerns, user-needs and future use scenarios were gathered,
systematized, and translated into requirements and taken into account for the design process. In
a third iteration of design/research we brought this rich body of domain knowledge into
dialogue with on the one hand a more systematic collection of ethical and architectural values
and on the other hand, more technical system components, in what we called Ethical, Legal and
Architectural Qualities Sessions, a method for Ethical Impact Assessment in the context of codesign. For the evolution and a full list of architectural qualities, see BRIDGE D4.2, D2.5 &
10.3]. A comprehensive overview of results from these Qualities Sessions is included in D10.3.
In this chapter we will give a brief overview of the Concept Cases and their functions and then
focus on a thematic discussion of the most prevalent ethical implications and the way those can
or should be addressed.
In this third iteration of the disclosive ethics process we met online for discussions (2 hours
each) with designers involved in the BRIDGE Concept Cases (CCs), to explore how CC
technologies addressed the qualities we had so far identified over the course of our research. In
terms of Co-Design methodology these sessions move from a participatory assembly (in the
sense of participatory or direct democracy) to a representative one (in the sense of representative
democracy), where the designers represented the technological and functional aspects of the
Version 1.0: Final
Collaboration
Page 92 of 161
socio-technical system, while members of WP12 represented (and assembled) users,
stakeholders and a more general public, as well as systematic formulations of IT and emergency
ethics and law. The results of these sessions are documented comprehensively in BRIDGE
deliverables D10.3 and D2.5, which report on the systematics and results of the BRIDGE
requirement engineering process.
Following the BRIDGE design approach based around concept cases, CC owners were invited
as the spokespeople for the respective systems. Together, we explored what ethical qualities like
‘autonomy’, ‘solidarity’ or ‘fairness’ might mean for example in regard to the CC ‘Robust and
Resilient Communication’. Would this technology have affordances that support autonomy and
if so, who would be benefitting from this?
While the sessions followed the logic of the CCs, when we analysed the transcripts, we found
that it would not suffice to stay within those confined silos, since ethical implications would
often emerge only in the combination and interaction of several CCs. Often CC owners
formulated something might be a problem “not in isolation, but in combination with other
concept cases”. The same was true for the ethical and architectural qualities themselves. Often a
certain socio-technical practice nexus had implications that revealed how qualities like
autonomy, transparency and responsibility were interdependent. So the way we present the
findings of the ELSI sessions. We present an inventory of ethical issues, which are sometimes
specific to a certain type of system, but at other times specific to a practice or an ethical quality,
etc. This is a highly productive move towards cross-cutting issues and larger aggregate (units)
that leads us closer to the goal of the BRIDGE project to design and observe the affordances of
emergent systems of systems in emergency response. At the same time, we still struggle with
conducting an exploration of ELSI issues for the middleware or the system of systems.
Disclosive ethics for middleware infrastructures is more difficult, because middlewares have no
direct contact with users, they are complex, designed to be invisible, operating in the
background, opaque, distributed, and black-boxed. The investigation into middleware ELSI
implications is thus ongoing. In this document, some ethical implications of middleware are
made visible by analysing the CC ‘Adaptive Logistics’, ‘SWARM’ and the ‘Master’, which are
highly dependent on the middleware and/or are, in some sense, middlewares themselves.
6.3 The BRIDGE Concept Cases
Before presenting findings of the ELSI Disclosive Ethics / Qualities sessions, some information
on the technology under investigation is needed. The BRIDGE system of systems is comprised
of altogether eight concept cases, which utilise middleware services. This is underpinned by a
number of stand-alone dedicated middleware(s). Detailed descriptions can be found in technical
deliverables from WPs 3 to 8. Here, we provide a short summary to set the scene. 33
Adaptive Logistic
In the BRIDGE concept case ‘Adaptive Logistics’ we characterize large-scale emergency
management operations as ‘Complex Dynamic Multi-Agency Distributed Systems’. We explore
how we can coordinate the efforts deployed by all the systems’ human participants and artificial
components, in such a way that the BRIDGE system-of-systems as a whole displays coherent,
33
The following descriptions were developed in the course of requirement engineering during the ethical
qualities sessions and further formulated in BRIDGE D10.3 – we did some adaptions for BRIDGE D2.5
and this deliverable.
Version 1.0: Final
Collaboration
Page 93 of 161
goal-directed behavior, realizing its goals effective and efficiently. Its main functionality is to
organize a dynamic multi-agency collaboration. We use workflows (or more specifically a
‘Workflow Generation and Management (WFGM) sub-system’). To organize this collaboration
the WFGM requires system awareness and specific capabilities to plan, instantiate, monitor and
adjust activities. Advanced Logistics establishes a collaboration between various BRIDGE
system components, including ‘DEIN’, ‘Situation aWAre Resource Management (SWARM)’,
the ‘Risk Analyzer Modeler’ and ‘Advanced Situation Awareness - Prediction Modelling’.
In other words, ‘Adaptive Logistics’, keeps an overview of a number of processes and variables
and as they change, adapts the logistics and workflow processes of emergency response and
management (mostly resource allocation) according to pre-defined, more general goals. The
components of Adaptive Logistics have a high degree of automation and autonomy, adapting or
recalculating, for instance, where certain emergency resources go and which victims they will
tend to. Workflows can only be managed if activities are tracked and logged.
Advanced Situation Awareness
The BRIDGE Advanced Situation Awareness (ASA) CC assists first responders on scene in
increasing situational awareness by supplying real-time visual and other information on the
extent of the disaster and its consequences. ASA consists of the following three components: a
Hexacopter, Expert System, and Modeling Module. The Hexacopter is an unmanned aerial
vehicle (UAV) system, which consists of






Flying platform with six motors;
Global Positioning System (GPS) and radar;
Video and infrared cameras;
On-board computer;
Environmental sensors;
and Ground control station.
The Hexacopter provides a live video from a bird’s-eye-view perspective, a parallel infrared
video, and real-time environmental sampling data, which help assess the magnitude of
destruction, fires and health hazards to first responders and affected population. The UAV can
be controlled manually or be put into a pre-programmed automatic flight modus. The Expert
System is a software, used to automatically analyze the incoming environmental measurements
supplied by sensor payloads on the Hexacopter to the Ground Station. The data is compared
against national and international standards, and combined with expert recommendations. The
aim of the Expert System is to help the incident commander interpret the obtained
environmental data and ease the decision-making in a complex emergency. The Modelling
Module is used to create computer models of the incident site and of plumes in case of an
uncontrolled release. It can draw on the pre-programmed generic models of reality-based
structures contained in the BRIDGE Critical Infrastructure Library. This module enables the
user to assess the physical damage to buildings, estimate the number of victims, and predict the
dispersion of hazardous plumes based on meteorological data.
Dynamic Tagging of the environment / eTriage
The BRIDGE Dynamic Tagging System assists first responders in marking and monitoring
significant locations of the disaster site and in creating real-time situation awareness. It aims to
ease the annotation of the field with digital information, creating an improved spatial reference
system and shared understanding of the geography of the emergency for emergency responders.
Such an annotated disaster site enriches the process of spatial sense making. The Dynamic
Tagging System assists first responders in marking and monitoring significant locations and
Version 1.0: Final
Collaboration
Page 94 of 161
objects in the disaster site and in creating real-time situation awareness. The element most
developed in this concept case is the eTriage system, hence the ethics sessions focused on this.
In large-scale emergency events the number of injured can exceed the capacity of medical
resources available. Where resources are scarce, triage is necessary so that resources are
allocated to those that most need it and/or would most benefit from them. Triage involves
dividing victims into categories according to their need for medical attention. The eTriage
Concept Case proposes to replace currently used paper tags with a snap-on networked bracelet
integrating physiological sensors and a GPS unit for location tracking. The devices can monitor
the status of the patient and send updates to other components connected to the BRIDGE system
using a mesh network. Once marked, the system allows for locating the victim and monitoring
his/her vital parameters are all the way to the hospital. To control the deployment, the concept
includes the idea of an eTriage Pad. ‘Triagers’ would carry with them a tablet device that
connects to the mesh network created by the deployment of tag.
The e-triage concept case responds to the following issues in current triage practice:




Registration and overview: The presented eTriage concept serves the purpose of
registering and counting the number of victims. This will contribute as an overview,
which is essential not only for the paramedics but for all agencies (e.g. reporting
number of injured and fatalities to the media)
Sensors and monitoring of victims: by adding sensors to the bracelet we could
measure heart rate, respiration frequency, O2 saturation, body posture, movements etc.
This could be helpful in big disasters where number of victims outnumbering
paramedics.
Alerting on changes in condition: sensors could send alert to paramedics when vital
signs indicate a harmful development that needs immediate attention
AutoTriage by advanced sensors: stretching the idea even further, it would be useful
to have a bracelet that performs automatic triage.
Information Intelligence
In all emergency management phases, information about the current situation is vital. Today,
people extensively document crises in social media. Hence, our aim with BRIDGE Information
Intelligence (II) is to introduce a tool that allows the automatic analysis of such media data in
addition with live data from in the field and aggregates it in situational reports.
The BRIDGE II comprises several components:

Aggregation: It performs aggregation to detect sub-events (= specific hotspots of a
crisis) and shows the results to the user.

Data Simulation: It allows the simulation of data during a running exercise. Hence, this
tool can also be used for training purpose.

Data Collection: It is implemented as an Android-App and allows the collection of live
data (from within the field).
The Aggregation Feature performs the aggregation based on online clustering. It aggregates the
data based on their textual and location content. The aggregation can be performed on archived
social media data (e.g., Twitter) and on live data coming from within the field. The results are
shown to the user via a web-based implementation reachable from any browser (e.g., Mozilla,
Version 1.0: Final
Collaboration
Page 95 of 161
Google Chrome etc.). The GUI contains a map-representation and a detailed view for subevents. In addition, it allows to filter the results based on geo-location and/or keywords.
The Data Simulation Feature allows the creation of data based on a given scenario description
(given as XML). The description can be also administered by the tool. The creation of the
dataset follows this scenario description. It comprises short text messages (i.e., simulated
tweets), which are based on the effect the incident might have. For the generation process
different sub-event attributes are needed, e.g., start of the sub-event (offset) during the exercise,
description, some textual phrases for the generation mechanism, etc. The data simulation tool
can be used, e.g., for training to integrate (simulated) “social media” into a running exercise.
The Data Collection Feature allows the introduction of live data into the aggregation process.
The Smartphone app was created by BRIDGE colleagues Amro Al-Akkad and Christian
Raffelsberger (utilizing the “Local Cloud” concept of Amro Al-Akkad). It allows directly the
integration of text messages and pictures from persons in the field into the aggregation
mechanism. The idea is to enrich the aggregation process with this live data.
Master
The Master is a command and control information system for use in emergency management. It
assists commanders and other central actors in keeping a common operational picture of the
situation, and in allocating their resources efficiently during the response. The Master provides a
map-based mechanism for resource allocation, message communication, and access to
predefined plans. The system is intended to be distributed across all command chain levels in
the organizations that take part in the response effort (i.e. across commanders and decision
makers on the strategic, tactical and operational levels). To support users on different levels the
tool is available in several different versions, tailored to run on different devices, including
desktop PCs, collaborative multi-touch tables, tablets and phones. The Master gives a
customizable map-based overview of the situation, showing real-time information about:








Incidents, response elements and risks added by other Master users.
Patients and victims retrieved from the eTriage and HelpBeacon systems.
Response personnel and vehicles tracked by the SWARM system.
Relevant social media elements collected by the Information Intelligence system.
Unmanned vehicle video streams retrieved from the ASA system.
Model overlays (e.g. plume models) retrieved from the ASA system.
Expert advice retrieved from the ASA system.
Hospitals and available bed capacity information where available
Users of the Master can view, filter, and add information in the common operational picture.
Newly added information is automatically synchronized with all other running instances,
allowing all users to keep an up-to-date view of the situation. The resource allocation
mechanisms in Master allow users to allocate personnel and vehicles to specific tasks and
locations using drag and drop in the map-based view. The allocated resources are notified via
the SWARM system running on their mobile phones. The system also support message
communication with other users, access to predefined object plans (e.g. documents, blueprints,
certain types of 3D models where available), weather forecasts, and freehand drawing on the
map for local planning of the response effort. By supporting several formats within the
emergency data exchange language standard (EDXL), the Master can be connected to both new
and existing systems, allowing information to be shared in an efficient manner.
Version 1.0: Final
Collaboration
Page 96 of 161
Robust and resilient communication
The main goal with this CC is to create an ad-hoc networking infrastructure that provides
networking services on an incident site. The BRIDGE Mesh network allows other systems to
exchange data locally or send them to other networks such as the Internet. The Help Beacons
application allows people to use their smartphones to advertise their need for help.
Robust and Resilient Communication comprises several components:
1. Wireless Mesh routers that form an ad-hoc network (called the BRIDGE Mesh) to
provide a networking infrastructure for other systems on the scene (e.g., eTriage)
2. The Help Beacons victim application that allows people to call for help using an
Android smart phone
3. The Help Beacons responder application that is used by first responders to collect SOS
messages
The wireless mesh routers form an ad-hoc networking infrastructure that can be used by other
CCs to exchange data. All routers provide wireless access points to allow other devices (such as
smartphones, notebooks or the eTriage bracelets) to join the network. Some routers provide
gateways to other networks such as the Internet and bridge different wireless technologies.
The Help Beacons System provides a way for people to call for help using their Android
smartphones. The Help Beacons system uses the Wi-Fi wireless technology (i.e., IEEE 802.11)
to advertise short help messages. First responders that use a Help Beacons responder application
can collect beacons in their vicinity and locate victims. Technically, the idea is implemented
by encoding short messages inside the name of the Wi-Fi access point created by the
victim’s smart phone. Any device in range can see these messages using its Wi-Fi interface.
The Help Beacons responder application has been designed in a way that is does not need
any user intervention to collect distress calls and send them to the BRIDGE Mesh. This
allows the first responder to fully focus on his/her tasks. Optionally, the first responder can
be notified via acoustic signals or vibration when a new distress call has been found.
Collected help calls are sent by the responder device to the BRIDGE mesh that provides
connection to other BRIDGE systems such as the BRIDGE Master. Thus, the Master can
visualize information about Help Beacons, such as the help message itself or the time the help
message was received by the responder device, and also the time the victim had set up the help
message. If the GPS position of the victim and/or the responder is available, the Master can
visualize the location of Help Beacons on a map.
The information that is collected by the Help Beacons responder application is sent to the
BRIDGE Mesh network where a dedicated service first stores the received data locally. The
data is then transferred via the BRIDGE middleware to other interested parties. Thus, the
BRIDGE Master can visualize the distress calls.
Situation aWAre Resource Manager (SWARM)
The BRIDGE SWARM combines resource management (resource identification, involvement,
task assignment, status reporting) with technology for achieving situation awareness, in order to:
1. Provide a continuous overview to first responders of the resources in their immediate
surroundings (including human resources);
Version 1.0: Final
Collaboration
Page 97 of 161
2. Communicate the state and context of human resources (e.g. their condition and health,
environmental conditions like temperature, background noise, etc.);
3. Provide better context-aware predictions of activities of resources, e.g. estimated times
of arrival for moving resources.
For achieving these tasks, the SWARM relies on the technical capabilities of smartphones (such
as 3G, GPS, sensors) which are the tracking and communication devices for the resources and
the Master System, which gathers and displays the locations and activities of the resources in a
unified visual field.
The smartphone allows to:
 Get insight into:
1. Location of the incident
2. Location of command/control posts
3. Location and status of surrounding resources
4. Location, assigner and status of my current task
 Inform others about:
1. My task status
2. My personal status
 Provide direct (emergency) voice contact with:
1. (assistant) Incident Commander
2. any other person (configurable)
The master allows to:
 Get insight into:
1. Location and status of Resources
2. ETA for moving resources
3. Current tasks and their status
 Inform others about:
1. New task assignments
2. Dynamic team formation
First Responders Integrated Training System (FRITS)
The main objective for FRITS is to establish an optimal learning and training methodology,
supported by an integrated portfolio of sub-systems that will improve the quality of emergency
response and crisis management in intra-agency and inter-agency operations.
FRITS uses BRIDGE developed methods and tools together with COTS (commercial of theshelf) technology to ensure flexibility and to provide scalability for different end-user needs.
The concept is divided into modules, focusing on training, exercises and proper evaluation for
improvements:





Training methodology and methodology tools
Exercise management tools
Evaluation tools
Simulated training; live, virtual and constructive systems (COTS-technology)
ITE – Integrated Training Environment
Version 1.0: Final
Collaboration
Page 98 of 161
By combining two or more of these modules, FRITS helps all levels of responders (operational,
tactical, and strategic) to improve their training and exercise activities. Also, by focusing more
on using various virtual and constructive tools in addition to live exercises, a quantified cost
effective end-result is possible to achieve over a relatively short time-frame, ranging from base
theory to large-scale multi-agency exercises.
6.4 Disclosing ELSI - Process
As already mentioned, our ELSI-Co-Design methodology has taken its starting point in the logic
of the concept cases as BRIDGE organisational (and innovation) units, but in practice and in the
analysis these units are re-specified into larger or smaller clusters that emerge within the context
of a system of systems. On the basis of domain analysis and desk studies of ELSI in IT
supported emergency response and broader explorations into the philosophical ethics of
emergency and disaster (see above and BRIDGE D12.2), we have compiled a systematic
overview of ethical values, principles, virtues and rights (Figure 19) to serve as a heuristic tool.
Figure 19 ELSI Qualities Session Overview of Ethical Qualities
This heuristic guided eight two hour long sessions with concept case owners, designed to
explore the ethical implications of their respective CCs, their technologies and intended as well
as non-intended uses. These sessions attempted to explore the ethical implications of the
technology for all imaginable stakeholders (i.e. victims, first responders, bystanders, response
organisations, the ‘general public’ etc.). While the voices of those stakeholders were not
physically present in these sessions they were represented by members of WP2 and WP12, who
drew on interviews, observations, previous co-design sessions and literature. The “design
public” was hence represented, rather than directly engaged through participation. The direct
participants in the sessions include the following roles:
Designer: A computer scientist or engineer who has been developing the system.
Ethicist: A member of WP2 or WP12, knowledgeable in the domain and ethical principles.
Jurist: Peter Wahlgren, the law expert in WP12.
Version 1.0: Final
Collaboration
Page 99 of 161
System Architect: A designer involved who has been involved in the infrastructural design.
All have been involved in end-user engagement and are able to speak on behalf of users and
some transcripts of interviews with users are presented to illustrate how their voices were heard.
In the ethics sessions we discussed the concept cases along ethical qualities, which in the course
of these discussions where interrogated to explore whether – and if yes, how - they surfaced in
the use of the CC system.
We proceeded through:
1. A brief recap presentation of the CC, by the CC owner
2. Description of the Ethical Quality (Quality is the generic term we used for virtues,
principles, rights, values), Explanation of those qualities in regard to the CC, Discussion
3. A reflective analysis based on recordings and transcriptions of the discussion, which
flowed into design, requirements specification, validation and evaluation (D2.5, D10.3).
All ethics sessions used a heuristics for probing and scanning the Concept Case along 12 ethical
values or principles (for a comprehensive description of the wording that was used to introduce
these qualities for the discussion, see appendix of this deliverable and BRIDGE D10.3):









Autonomy
Inclusiveness
Fairness
Responsibility
Dignity/Humanity
Solidarity
Leadership
Cooperation
Prudence.
Legal sessions explored:





The right to know
Privacy
Data quality
Purpose binding
Right to be forgotten
A discussion of architectural qualities explored these and some additional issues from a systemin-use perspective (for a more detailed discussion of architectural qualities and definitions, see
D4.2). The architectural sessions deepened understanding of ethical and legal issues. These
sessions were organized around the following architectural qualities.





Transparency
Interoperability & coherence
Responsibility & Formal decision support
Traceability & Auditability
Mixed intelligence and collaboration & Compatibility
Version 1.0: Final
Collaboration






Page 100 of 161
Graceful degradation
Versatility
Scalability
Overview
Availability & Reliability
Capacity & Load / Utilization
The goal of these sessions was twofold: On the one hand we wanted to disclose in a
participatory process the implications that might be hidden in the socio-technical system and its
(many possible) lived realizations. The assumption was that these implications would only show
themselves in use, which is why we played through scenarios with stakeholders and engineers,
feeding into those scenarios a sensitivity for ethical, legal and social concerns. The result of this
are complex challenges and opportunities that might ask for technological answers, but often
also point to a need to adjust or pursue innovation in practices, policy, regulation, education and
training or public engagement, which requires a broader ethico-political focus. Through its
participatory and experimental approach, and its publications, the BRIDGE project contributes
to the shaping of such a wider societal process of value-sensitive socio-technical innovation.
With these evolving sensitivities, we explored the feasibility (and limitations) of technical,
social and socio-technical ‘solutions’ and sought to embed ways of addressing the issues raised
into BRIDGE socio-technical innovation. Technically, some progress could be achieved by
excluding certain options, setting defaults (e.g. privacy by default), striving for transparency and
accountability in computational processes, implementing anonymisation, encryption and
exploring options for containing data flows (especially in cloud solutions) and forgetting data.
6.5 Disclosing ELSI – Findings
The analysis of these sessions showed that most of the technologies under examination produce
ethical implications not only by themselves, but also as a result of their interaction with other
parts of the system of systems, as a kind of additive effect. The results of our ethical
investigation are, hence, thematic assemblages of ethical issues, system of system elements,
concerns and practices which emerged in this attempt of practicing disclosive ethics by mapping
ethical implications onto the system architecture and its probable uses. Core thematic complexes
are presented below.
6.5.1
Transparency: Two conflicting notions
Acting in ethically, legally or socially circumspect ways is often frustrated because
technological functions are black-boxed in several ways. The networking, code, algorithms and
processing all cannot be inspected at runtime (Introna 2007). And even if this was possible, it
would take complex, black-boxed tools to do this. In the world of IT the black-boxing –
paradoxically – is often referred to as ‘transparency’ or ‘seamlessness’ (Weiser, 1991, 1994).
This vision of ‘invisible’ and intuitive computing is seen as a benign design philosophy that
protects the user from unnecessary complexity, aiming to enhance the usability of IT. However,
it is in conflict with another notion of transparency which actually means the opposite – that
processes are visible for the user, reflecting what is going on under the hood and thus
empowering users to make changes on the fly. This concept has been discussed as accountable,
seamful, or palpable computing (Dourish, 2001, Chalmers, 2003, Büscher & Mogensen, 2007).
The tension between these two notions of transparency within the BRIDGE System of Systems
plays out especially prominently regarding the concept cases SWARM and Adaptive Logistics,
because their algorithms automate the coordination of potentially myriads of allocations.
Version 1.0: Final
Collaboration
Page 101 of 161
In terms of ethics, ‘Adaptive Logistics’ is a special concept case since in connecting,
coordinating and synchronizing workflows it is part of the middleware and embodies core
features of the systems of systems approach the BRIDGE project explores, including:




Scalability (i.e. ad-hoc adding any number of organizations and processes into the
workflow management, as long as they adhere to some basic standards such as EDXL)
all with their own rules of engagement
Coordinating the collaboration of autonomous systems (i.e. while the systems remain
autonomous, they merge into a system of systems (scale up) which in a complex way
pursues a “common goal”
Tracking (and to a certain extent logging) resources and processes
The coordination and workflow management is done “agent based” (algorithmically)
It is the tracking and logging and the automation aspect of this technology that raise ethical
opportunities and concerns, but also the scale of synchronization, which means (and this is the
case for middleware in general) that the number of processes that are running and that are
coordinated are impossible to monitor at a human scale. While this supports unprecedented
efficiencies, when it is unclear where things happen in such a powerful system, it is also a
problem to know who (which part or stakeholder) is responsible and liable for a process.
Being a bundle of autonomous coordination mechanisms, Adaptive Logistics, along with other
middleware components, takes a special role within the BRIDGE project. Here, this twofold
notion of transparency is playing out as the system not only attempts to remain in the
background, being transparent (invisible) and thus not getting in the way of users’ work, but
even more in the sense, that transparency in the sense of making accountable the processes that
are going on, would not be possible, or comprehensible for a human user. This is illustrated in
the following contribution made by a designer of the Adaptive Logistics CC:
Designer: … It’s very hard to include the human in the loop in the process of workflow
generation because they don’t speak BRAWL [BRIDGE Annotated Workflow Language]
and are not quick enough ... But the user is in command of what we do and either
modifies or selects workflows or changes the rules that direct the workflow generation
process. Regarding human sense making, we have a little of this in the sense that we can
depict what the BRIDGE system as a whole is doing and what it will do in the near future
and what it has done, so we can help make sense of what BRIDGE is doing.
Adaptive Logistics, in other words, minimizes the role of the human in the loop, or “human
sense making”, because the processes are too complex, and the human would actually be in the
way. While the user could inspect if resources match up, she would not need to know how they
are coordinated, thus she could not intervene, when it seems to her that this coordination is not
done in the most efficient way. As this section shows, the coordination is achieved
collaboratively, with the organization setting the rules and constraints, while the algorithms take
care of the execution, but the algorithms themselves cannot be inspected/overseen and for
instance fine-tuned by humans who do not understand BRAWL.
For the concept case SWARM, which monitors and manages resources, similar principles apply:
Designer: Only the functionalities for team formation might be less transparent, they are
based on a sort of intrinsic sorting algorithm, a priority of a list of potential first
responders to be included in a team, and the system itself provides a means to select from
this prioritization some people and dynamically from a team. This could be less
transparent, although we have so much info from the Ethical and Legal session that we
know that we should provide very good documentation about this. […] some things are
Version 1.0: Final
Collaboration
Page 102 of 161
automated in such a way that you can explain what the system does but it doesn’t mean
that you can explain why it comes up with a certain choice, but if you analyse the input
that comes through the system you will understand why it makes certain choices, in that
sense [it] is transparent.
The implications of problematizing the (lack of) transparency of technology are interesting. The
emphasis on transparency as invisibility rather than visibility has, for example, wider
implications for the practice of emergency response. As the System of Systems logic of
Adaptive Logistics and SWARM suggests, the algorithmic coordination enables organisations
to keep doing what they are doing, giving up only the allocation and logistics and, within the
limits the organisation has decided beforehand. The autonomy that is given away is adhering to
roles and to policies and integrity constraints agreed upon apriori. However, creativity,
flexibility and role improvisation – which are essential for effective emergency response (Kreps
and Bosworth 1999, Webb et al 1999, Webb & Chevreau 2006) – are made difficult, and for the
system improvisation will mean that the task failed.
Moreover, a lack of transparency in the sense of system accountability or inspectability
constrains people’s ability to notice and address system failure. In order to make computers
safe, humans must be able to inspect (in real time) what it does. Yet, what is the “right” moment
for this? The notion of transparency as system accountability suggests a desire of transparency
at run-time and in the end a human in control (at all times). This transparency is an interesting
requirement, especially given that it is only ever possible to a certain extent. Knowledge,
expertise and tools are a prerequisite for people’s capabilities to inspect and understand. Not
everyone will understand BRAWL, even though it is designed to be transparent in the sense of
self-documenting. Furthermore, from a praxeological perspective, it is doubtful if cognitive
‘inspection’ is really how understanding, creativity and control are enabled. In fact, there is a
huge body of research on tacit knowledge and embodiment, arguing that the knowledge of how
to perform a practice is mostly implicit (Collins 1996, 2010; Polanyi 1958, 1966; Ryle, 1945).
Similarly, accountability and trust are often locally negotiated, and not necessarily established
by explicitly inspecting all the information in detail.
What this highlights is a humanist bias in the ethical principle of “autonomy” and in related
notions of “transparency” which lead design into very complex questions. Our research suggests
that a more ‘posthuman’ approach that acknowledges the entanglement of human embodiment
and intelligence with machines may be more fruitful (Büscher et al, 2015c). It may sound
abstruse to call people ‘posthuman’ and to argue against a humanistic perspective, especially
when concerned with ethical questions. However, analysts show convincingly that ‘we have
never been human’ (Haraway 2008). From fire, to shoes, to IT, technologies have always been
an integral part of what it means to be human. There simply is no purely human or
technological. The concept of the ‘posthuman’ awkwardly, but highly productively effects a
shift in perspective and opens up promising new design avenues, by, for example, focusing on
the social and material practices involved in making things transparent and how these are or
could be augmented by technologies. These practices may be cognitive, but may also be
embodied, and perceptually multi-sensory. In this discussion, the notion of ‘control’ comes to be
re-specified, too. The disclosive ethics investigation with Adaptive Logistics and SWARM were
highly productive in highlighting that the ethical implications of the proliferation of black-boxed
and autonomous technology which humans interact with, rather than control. It will be one of
the great ethical challenges of the coming years.
Version 1.0: Final
Collaboration
6.5.2
Page 103 of 161
“Everything will be Logged” – Between Coordination and Surveillance
The combination of wearable sensors and systems for tracking, logging, aggregating and sharing
data – such as Adaptive Logistics, SWARM, eTriage, Advanced Situation Awareness and the
HelpBeacons have strong affordances for beneficence by supporting richer risk awareness,
better responder safety and learning. But they can also afford harm, for example through
increased surveillance – both for disaster victims and first responders.
In our sessions but also in the field work the surveillance element in logging as a partial record
of first response processes were often articulated in a paradoxical way: Yes, tracking everything
should help with coordination, just as time logging every move will help with the paper work of
report writing, while on top of this it makes transparent what went right and what went wrong
for post disaster review. It helps to assign responsibility as well as to learn from one’s
experiences. Yet, can the logs be trusted to show the events ‘how they truly happened’?
Negotiating sensible and ethically circumspect ways of logging and managing logged data
turned out to be one of the most sensitive and challenging issues in exploring innovation for an
informationalization of emergency response throughout the BRIDGE project. It coincided with
debates about the right to be forgotten and the difficulty in implementing it in today’s
societies34.
In a discussion on logging during an ethical qualities session, we came across the difference
between control data that will circulate as long as a process is active, listening for its
completion, and (usually) disappearing with it:
Designer: For coordinating the workflows, processes have to be specified, which produce
artefacts that other processes listen for ([for] completion) and operate in relation to that
(for instance start, count down, etc.). All this is done algorithmically and in time, i.e. for
the time that one process is going on and another one is listening, data about it (control
data) must be cycled. Once this workflow is finished and the one listening has
acknowledged that, this could be deleted (or simply not logged). The control data could
however also be logged ...
Ethicist: the legal side is interesting, but what does that do to work processes? If
organizations know that everything is logged, e.g. finding a victim, the victims condition,
the ambulance arrival, etc. and there are organizational targets, and somebody can inspect
the process, e.g. a victim died, and they find that a part of the responders’ process wasn’t
perfect what does that do to the responders?
Designer: the system is bound by the rules that you define for it. We do not log as such.
We log the progress of the workflow. There are processes that are waiting for artefacts to
be produced that are sampling the responsiveness of actors and agents that will notify
supervisory entities as soon as the deviations from the client workflow becomes too
much.
Ethicist: after the emergency response, do you delete all that data?
Designer: we don’t store it as such, it is control data that you use in the management
process. It’s an issue of how you want to give feedback to the participants in emergency
response what you want to do with the data. The fact that we don’t store it, it doesn’t
34
http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf
Version 1.0: Final
Collaboration
Page 104 of 161
mean that you cannot store it, there are many stakeholder here, e.g. if a victim dies,
maybe the family want to access the data, and the response agency maybe wants to delete
the data because somebody is going to hold you accountable.
Similarly, the CCs SWARM and / or Dynamic Tagging enable close monitoring of resources
(human and non-human) as well as victims, and this is a pre-requisite for Adaptive Logistics to
be able to do its task of automated workflow coordination and management. At the same time,
in combination, these CCs could monitor and log the behavior of first responders, allowing
auditing and evaluation of their performance, albeit on a contextually impoverished basis of
partial information. In one of our co-design sessions in Stavanger first responders were
concerned about this functionality, arguing that while the logging might be useful for training
purposes, it could problematic if used for evaluation. The log of the event misses large parts of
situational context, which is crucial for evaluating the performance of rescue personal fairly:
I‘m afraid of the logging system telling what I did on that patient, because we [only] see
the patient’s vital data, we don't see how the patient lies, what was around in the room,
did the paramedic have a bad situation of working that influenced what he was capable of
doing. So the log shows a poor treatment of a patient, but that was actually the best
treatment the patient could get in that situation. So that's my concern about logging and
use it without thinking about consequences or you see the point on a screen and you say,
oh, he's doing it, he's not doing it well, but he was maybe on the worst part of the scenery
and that could be a problem, and I see that many people often get but these effects Statistics, this is the fact: he is not doing good, this scenery: he is not doing good, that
scenery and we have to go in the "why" it must be, the logging must be the scene, which
puts up the next question - why did It happen like that? To investigate more of it. Then
the logging is good. (Head of Paramedics)
Furthermore logging might not only lead to unfair treatment of first response personnel after the
fact, but impede their performance in doing the work. While after the fact first responders often
question their decisions and wonder if they should have done it otherwise, it is crucial that they
do not take this insecurity with them to the emergency site. The awareness that their actions are
being logged might bring a self-consciousness to the work, that can undermine professional
judgment, as one of the heads of Norwegian Paramedics explains:
So I think maybe that could lead to a passive health care, because you only do the thing
you are sure of, you don't take a chance in order to saving a life. When you encourage
people to do things out of the box […], we have to do creative thinking to save most
people. If that's allowed in ourselves if we can evaluate it within our self saying ok, good
job, could we have done it better […]. Otherwise doing that: "you didn’t", "that was a bad
decision", "why didn't you?" then you get a passive part. […]. So then for this logging
might be a problem because people want to be safe and play it by the book (Head of
Paramedics)
This combination of logging/surveillance and autonomy/being pro-active also came up in the
Ethics sessions, where autonomy, i.e. the ability to make informed and un-coerced decisions
was related to having a safe and trusted environment. The question is, how this can be insured,
when actions are being logged. While it may cause passivity on the side of first responders, it
can also shift responsibility to the Command level:
And maybe they become insecure and feel they have to ask the Incident Commander
more often for advice. And agency/autonomy gets distributed to the Incident Commander.
This way autonomy gets re-distributed. If this happens because of the system it is not
clear whether this is good or not. (Head of Paramedics)
Version 1.0: Final
Collaboration
Page 105 of 161
This first responder expresses the concern that while actions get logged, their contexts are not,
thus providing a distorted account of the events, a pseudo-objectivist, yet actually quite thin
account of the process, which is problematic if it is being used for evaluation of the response:
So [there is] more data, [and] more people [are] getting the data [but they are] not sensing
the whole part of it. Just seeing, we could have been saved. Yeah, we could have been
saved, but not in these circumstance. […] I think when we are at work we have to do
creative thinking in most cases, Because you get a patient in a home, the stairs are
different, he has a dog, I'm afraid of dogs, there is always something in the circumstances
around the patients doing something about how we can cope with the patient. And I've
always said that we have the same patient group, but every patient and patient treatment
comes individually, because we have your framework on doing the chest pain patient, but
framework has to fit in in the circumstances, where this patient is so yes he's got […] the
treatment, but then we have to do some choices about: how do I get this patient out in the
best way in this ambulance? The best way is to not let him walk. But when I go down a
stair or carrying this patient and he gets scared, that's maybe putting his heart rate more
up than if he's walking.
And this is the kind of settings where of course he should be carried, but maybe that's not
the best choice for this patient. And that's in the stats logging - you ok, but this patient
should be carried, that's in my stats. But it's worse for the patient because he's nervous, or
we are not fit enough to carry him. So, the stats is good, because it is the framework of
working, but we need to have that golden path of doing our work, and we need to accept
that sometimes less than perfect is the best we can do. And of course, if less than perfect
is the normal day, then we have to consider if the path is the right way to go. But that's a
different discussion I think. (Head of Paramedics)
So, logging enables individual and organisational transparency, accountability, auditability, and
learning but it is also problematic. It transforms people’s capacity to act autonomously and
practice responsibility, it changes the spatial, temporal, organisational, political frames in which
responsibility applies, raising complex and contradictory legal, ethical and social implications.
6.5.3
Reciprocity of perspective: Do they know they are being watched?
The question of logging, surveillance and the anxieties this might imply is further complicated
by the fact that for the person logged, it is not always possible to know what information is
being logged and by whom. The traces that various sensors leave behind and their recording are
not felt, nor visible. In terms of the resource management systems in the BRIDGE SWARM, for
example, we became aware of this as problematic, when we negotiated the distribution of
visibilities among the various devices, in particular the question of whether “resources” (i.e. first
responders) would be able to see themselves and their colleagues on their devices or whether
this would only be aggregated and displayed on the central Master display:
Ethicist: the individual resources that are made visible on the Master; can they themselves
see where they are made visible and what is made visible about them?
Designer: no, we only display the data that comes in the BRIDGE system, through the
resource manager, the resource manager controls the information that is displayed.
Reciprocity of perspective is a fundamental material and social feature of collectively performed
phenomenal fields in physical environments. Reciprocity of perspective means that if I changed
place with you, I would see what you see (Schutz 1970). It enables empathy and dialog, because
it enables people to put themselves in other people’s shoes. This principle matters enormously
in the actively produced order of collaborative work, because it makes other people’s behaviour
Version 1.0: Final
Collaboration
Page 106 of 161
intelligible and predictable. Digital technologies transform time and space and can make it
difficult to establish reciprocity of perspective. Often this happens for good reasons. What needs
to be negotiated for the BRIDGE Master are the conflicting needs for a minimal interface,
showing to first responders in the field only what is directly relevant for their task at hand, while
at the same time empowering the first responder in his / her orientation in the overall situation
by showing them how they feature in a distributed order of work and being in charge of their
own data or at least knowing what is known about them.
6.5.4
Emergent Interoperability, Cooperation & Trust Building
Interoperability is often equated with cooperation, which in the context of emergency response,
makes it a matter of efficiency but as we will see also, an ethical issue. Cooperation entails a
functioning division of labour, i.e. units that are not in each other’s way, where there is no
redundancy (the same job being done twice) because everyone knows (and agrees upon) what
they are tasked with. Successful collaboration is ethically beneficial because it implies
consensus, transparency and inclusiveness, but also solidarity. The system of system
infrastructure developed in the BRIDGE project is supposed to enable emergent interoperability
and collaboration, but it is unclear to what extent interoperability actually engenders
collaboration and cooperation. One might well say that the successful aggregation of all
resources on a map and their subsequent addressability does not make for a common operational
picture in itself, but that being cooperative and working together is an attitude and a practice
which might be supported by such technologies. In the large exercise in Risavika, where we
were able to try out BRIDGE System of Systems technology in a realistic setting, first
responders often stressed how important it is to train cooperation, and the importance of
knowing and trusting each other:
The important thing about this exercise was not, that we did particularly well or that
everything worked, or to prove how good we are, but it was about getting together,
building trust, getting to know each other, (literally carrying victims together) (Head of
Ambulance after Risavika Exercise)
This underlines FEMA’s concept of a “Whole Community Approach to Emergency
Management” (FEMA, 2011), which claims that building “effective response networks” (Arjen
Boin & ’t Hart, 2010) relies on “understanding and meeting the actual needs of the whole
community, engaging and empowering all parts of the community, and strengthening what
works well in communities on a daily basis” (ibid. 23). In other words, familiarity, long-term
engagement, intimate knowledge of local issues, and each other are crucial for a successful
collaborative response effort.
The notion of emergent interoperability is sometimes seen as being technologically able to bypass or substitute for such a shared history, experience, and trust. But, referring to BRIDGE
situation awareness and workflow management tools (Adaptive Logistics, Master, SWARM,
eTriage), the head of Stavanger Paramedics highlighted that they will provide a better overview
for leaders, but almost more importantly raise responders’ awareness for each other. This is
something that could more proactively be designed for, for example, by providing more
effective means of extending reciprocity of perspective in time and space. At the same time, he
made it quite clear – supporting the importance of a common history also stressed by the head
of ambulance – that the technology by itself would not enable or bring about collaboration, but
that training and getting to know each other does:
It is a problem that we are not coordinated, because we could use the technology to get
coordinated together, it would remind us of the other's work, but we also need to be
Version 1.0: Final
Collaboration
Page 107 of 161
aware of each other, train together, how are procedures done together, because we need in
those situations, when a man is shooting many people and we need to get in and save as
many as possible we need together to do it together, we need to have the same
understanding of the situation. (Head of Ambulance)
An important issue to explore is whether use of BRIDGE across the different phases of
emergency planning, management, response and recovery, the Situation Awareness and
Workflow Technologies might support collaboration and trust, because they make transparent,
visible for each other and hence addressable what everybody is doing.
Such support for awareness could also make it easier to coordinate across organizational and
national borders. It even suggests that there is room for building emergent inter-organisational
and international teams where for instance a fire fighter drives the paramedics truck so both
paramedics can be on the site taking care of wounded:
Those [co-ordinations] aren't trained today, we are doing the first training session together
with the police. We have done it this month. So it's early, but we see that very often
engaged with my workspace, police workspace and fire workspace, if we planned it better
together we would be more efficient together. So sometimes I need the police officer to
help me, or the fire fighter to help me in a short period of time. Maybe they got many
fire-fighters doing nothing, because the fire is out. Then maybe I could use them to drive
our trucks, because then I have one paramedic in the field, one paramedic in the car, then
I could be more efficient with my patients. The alternative is that the paramedics is
driving the car, one is back treating the patient, and the fire fighter stands again alone and
have to do the treatment on the scene - I think our people are more educated to do that.
(Head of Paramedics).
6.5.5
The Human in the Loop? Locating Responsibility
Mary Douglas in her analysis of risk and blame (Douglas 1992) points out that our Western
notion of putting blame on an individual actor (and the need to trace back chains of action to a
causer, primarily necessary for reasons of legal liability, blame, responsibility and
compensation) is not at all the only way of modeling the connection of events and agency (gods,
ghosts, the devil or sorcery may not count as legitimate causes for most, yet acts of nature,
retain more diffuse notions of causality). With technology playing such an important role in our
societies agency is often hybrid, composed collectively, human and technological (Latour 1996,
Barad 2007). Yet our legal system demands that we trace back agency to a human or at least an
entity that can act as a legal entity such as a corporation, organization, institution (which in the
end will again be translated into individual or groups of persons). The potency of this demand
becomes visible, for example, in European Transport Commissioner Siim Kallas’ assurance to
European citizens that remotely piloted aerial systems (RPAS) will always remain under the full
control of a human:
And let me be clear on one point. We are talking here about machines which will be
under human control, not completely automatic. Somebody, somewhere will always have
his or her hand on the joystick (Siim Kallas in EU Commission 2014c)
Such statements address anxieties about failing machines, or machines out of control, while at
the same time operating with and trying to make real legal fiction of individual human control
and causation, which is empirically never true. Technologies are transformative, and different
technologies shape what it means to be (post)human:
Version 1.0: Final
Collaboration
Page 108 of 161
You are different with a gun in your hand; the gun is different with you holding it. You are
another subject because you hold the gun; the gun is another object because it has entered
into a relationship with you. The gun is no longer the gun-in-the- armory or the gun-inthe-drawer or the gun-in-the-pocket, but the gun-in-your-hand.... If we study the gun and
the citizen [together] ... we realize that neither subject nor object ... is fixed. When the
[two] are articulated ... they become “someone/something” else. (Latour 1999: 179–80)
Many of the discussions during the ethical explorations in the BRIDGE project, were informed
by the dichotomy of human vs. technology (our validation team even went so far as to sort
ethical implications concerning either the human or the technology).
However, in our studies, interdisciplinary discussions and co-design activities, we often realised
that it would be the affordances of individual elements assembled in a certain way with others,
that would produce effects with ethical implications.
6.5.6
Where is Data Protection?
For example, in a System of Systems, various systems gather, process and share information,
and the issue often arises where in the system data protection would have to be located or, to put
it in ethico-legal terms: who (which element) would be responsible for this, whose duty would it
be? A system like the Master, for instance, serves as an interface to many of the individual
systems and displays (and therefore gathers, aggregates visually, even if the aggregation might
be done in the middleware) information. Is it at the gateways into the Master that data protection
takes place? Or is this the responsibility of individual sub-systems and applications that supply
data, such as ASA or SWARM? But how could the data processing processes there anticipate
potential effects of information aggregation, which may allow re-identification, even if data has
been throroughly anonymized? Moreover, to support personal data sharing, it is a legal
requirement is that the system must, prior to its use provide a complete list of categories of
people that may share their personal data and the purpose for collection. How can purpose be
anticipated in a system of systems with emergent interoperability, in a context where exceptions
may apply at various levels?
In a distributed system like BRIDGE the question then is, where to establish this list of
categories and purposes and which system is responsible for it? Since the Master Table is the
prime system of aggregation and publishing (making visible) shared data, it must find ways of
protecting data.
Designer: we are only using information that is published to the BRIDGE system, is this
the responsibility of the application that provides us with this information or should we
also present these categories on the Master?
Jurist: yes, or you must have a list that reflects the situation for the MasterTable because
people that do not know the BRIDGE System-of-System do not know that the categories
are defined in the application, so it should also be presented on the Master. That goes for
all Systems-of-systems.
Designer: so we must agree on how to store this information within the BRIDGE system
(overall system) and the CCs should publish to the BRIDGE systems these kinds of
categories and the Master can pick them up again
Jurist: yes, and all CC-owners should be aware that they should work on this
Designer: the CCs need to provide us with this info and we can show it
Jurist: correct
Version 1.0: Final
Collaboration
Page 109 of 161
Designer: still it is up to the CCs to define those categories
Jurist: yes, there is a need for all CC-owners to communicate this with each other and to
allocate the responsibility who is to do this, and the Master is a hub, different kinds of
info are published to you, so you can build on the lists of categories of people that are
used in other CCs and systems, and aggregate this information
Designer: so it is not difficult for us to show this information, since this is a system-ofsystems and we subscribe to any type of information that is available, but what we can do
is based on the standards, which type of information….
Another related question is who should be able to have access to the information that is shared.
Since the Master is making this information available, it again is a question how to manage who
should be able to see these resources and information:
Designer: but the Master users are managers … we look into filtering and aggregating,
this is the Master
Jurist: and here you have one component that you can work from, the volume of data
must be limited to the most relevant aspects
Designer: we don’t control the information that is put into the BRIDGE system
Jurist: yes, and communicate about this with the other CC-owners, this is a mandatory
legal requirement (Master Legal Session)
Legally, for each system component there has to be a list, which defines the kinds of data that is
shared, whose data that is, and for which purposes it has been collected, also specifying how
data will be minimized and defining the categories of people who have access to it. Hence, the
system itself is not obliged to offer a technical solution to restricting user access, it does
however need to specify the group of people who access is restricted to.
The ethicist might add questions about how meaningful lists of categories and purposes are that
are likely to be very wide and varied so as to allow data sharing between the diversity of
agencies involved under the exceptional circumstances emergency response. How does this
afford privacy and civil liberties to be protected? This is one of the questions explored in D12.4
‘Wider Societal Implications’. At a more practical level, a question arises whether access
management should be implemented in the system architecture as a “formal decision support”
feature, where “Formal decision support makes users aware of technical, legal or regulatory
regimes, plans and social/ethical constrains that may affect operations”.
While the discussion among BRIDGE system developers resulted in a clear assignment of the
responsibility for encryption, anonymization etc. to the Master (distribution of responsibility
among system components) it still remained contested in which way this then should happen.
Would there be an automatic filtering mechanism, which will show information according to
organization role of those using an instance of the Master (there are handheld versions that can
be used by responders in the field who will have access to only specific information) or should
it be the responsibility of the Incident Commander, who should know by training what they are
allowed to do, or could a “formal decision support” feature for every action specify (as a
document or a pop-up) who may access or be privy to certain kinds of information:
Ethicist: This is about making the user or other components of the system aware about
different legal or other requirements which they have and they should also understand
when they go outside of these ethical or legal boundaries…
Version 1.0: Final
Collaboration
Page 110 of 161
System Architect: the Master as such would be the component in BRIDGE that would
have the standard for this, since the actions taken in emergency management situations
clearly relate to that responsibility, and you have to know what the systems you can and
are allowed to take, and the difficulty is of course how to manifest this in the technical
design, this is high-level.
Designer: in my opinion, if you are an Incident commander you should know what you
are and aren’t allowed to do, and you can include these kind of specifications in the
Master somehow but I’m not really sure that this is something that the users would find
valuable, and open this document and find out what they can do or not
System Architect: no, but maybe this applies more in a training situation
Designer: yes
Designer: I think in the Master this is not addressed at all, this has also to do with what
we discussed about roles, so if it’s not role-specific then everybody must be able to do
everything but for role-specific instances e.g. a firefighter can have some info but not all.
And we have filtering mechanism already.
In the course of this discussion the important role of learning to work with the system and
training is highlighted, which could be a very fruitful application of BRIDGE technologies.
During training, the Master could be equipped with decision support features which allow
exploration of data protection rules, so that in real situations, people know what they are and are
not allowed to do with data, in essence developing their embodied and tacit ‘posthuman’
phenomenology. Phenomenology is a term that describes the experience of the ‘building
materials’ of the world and their sensory properties, as well as the skills and practices of
perceiving and inhabiting this world and – with BRIDGE – a distributed system of systems.
6.5.7
Smartphone devices
While Europe has the second highest smart phone penetration in the world, ownership is
uneven. Five European countries have surpassed the 50% mark (Norway, Sweden, Denmark,
UK, The Netherlands) and more are set to join them in 201535, but there are also several
countries with far lower penetration rates (Figure 20). In other parts of the world, penetration
rates are often far lower. In Africa, for example, 85 per cent of mobile-only web users access the
internet with a ‘feature phone’, a device offering some but not all of the features of a
smartphone36. This matters for BRIDGE in that if European BRIDGE users are to be involved in
international missions, they may not be able to assume the same kind of connectivity amongst
the population as in Europe.
But even in the UK (63%), Sweden (62%) and Norway (68%) 30+% of the population do not
have a smart phone. Moreover, these inequalities of access are distributed unequally. Those
least likely to have access to technology – the poor, the uneducated, women, people with
disabilities, the elderly, ethnic minorities (Smith 2013) – are also the most vulnerable to
disasters. Similarly, local organizations, public services and even governments in poorer
countries are also less able to take advantage of technologies.
35
36
http://www.emarketer.com/Article/Worldwide-Smartphone-Usage-Grow-25-2014/1010920
http://www.ifrc.org/PageFiles/134658/WDR%202013%20complete.pdf
Version 1.0: Final
Collaboration
Page 111 of 161
Figure 20 Smartphone Penetration in a selection of European countries (2013)
Source: http://think.withgoogle.com/mobileplanet/en/ [Accessed 3 August 2015]
Even if people do own a smartphone, there is a ‘participation gap’, based on differential ability
to utilise the versatility the affordances of a smartphone (Park 2013). Park highlights that ‘the
more skilled a user is in operating the smartphone, the greater is the possibility that he or she
would be able to fully exploit the technical capabilities of the device. Therefore, the intragroup
smartphone divide indicates the gap between users who are confined to a limited set of
functions on the smartphone, and users that are able to use a diverse set of applications’ (p.1).
Figure 21 Smartphone Growth Trends 2020
Source: http://www.gsmamobileeconomy.com/GSMA_Global_Mobile_Economy_Report_2015.pdf [Accessed 3 August 2015]
The BRIDGE project has been sensitive to these challenges of accessibility. The concepts at its
heart - ‘emergent interoperability’ and systems of systems – are designed to create openness to a
range of devices. Development focused on smartphones in some cases (e.g. SWARM and
Helpbeacons), because their adoption is expected to grow (Figure 21) and measures can be
Version 1.0: Final
Collaboration
Page 112 of 161
taken to support both access and participation. Helpbeacons, for example, can be deployed on
devices running Android (supported APIs range from 2.3.3 to 4.x), with Android being the most
widespread operating system for mobile devices and by supporting lower API versions the
system can be installed on a wide range of devices (see also 6.6.8). Access to the app on
smartphones is supported by simple interfaces, viral means of enabling ad-hoc installation, and
consideration of the potential to install SOS Apps like the Help Beacons as part of smartphone
factory settings. For further discussion of this, see also BRIDGE D10.3 and D2.5, and Al-Akkad
et al (submitted).
6.5.8
Action distributed - Ethics re-specified: Posthuman Phenomenology & FRITS
There is a trend towards ever increasing automation and autonomous systems in many domains
(transport, security, border control, face recognition, piloting, traffic logistics, warfare) and the
emergency response domain is no exception to this. While philosophers and sociologists have
long challenged the notion of “autonomous actions” in various ways, the need for control,
accountability and transparency demands that it is possible to assign responsibility to a human
or social entity, which is inscribed in law.
In chapter 2 we reviewed different positions that probe the boundaries of ethical, lawful and
socially responsible conduct during disasters, ranging from ‘monist’ suggestions that normal
ethical principles and laws should always apply, regardless of the exceptional circumstances of
disaster (Zack 2010), dualist positions, which advocate the construction of a legally authorized
space of discretionary power in ordinary law, and a Schmittian position which promotes the
view that some disasters may exist outside of the law, exempting the state from normal moral
judgement during an emergency (Schmitt 1985, Walzer 2006). We concluded with a
recommendation for virtue ethics, following the Aristotelean tradition in philosophy which
moves the emphasis from responsibility to the ability of doing good, or as we could say with
Greenough & Roe (2010) ‘response-ability’. This challenges the notion of responsibility and the
idea of a “doer behind the deed (Nietzsche 2006, 26) as a legal fiction whose function is to be
able to assign blame and punishment.
Respecifying ethics building on notions of relational, posthuman agency seems to be needed as
we are including more and more automated non-human entities in the mix. Deeds do not simply
happen randomly, they are organised within networks of resources and infrastructures they are
distributed collaborative and multiple (Hutchins 1995). The persons who can be observed as
acting, do not pre-exist the action, they are augmented by technologies, constituted and
composed in the process of action (Latour 1999).
As already discussed, one strategy that takes into account such co-composition and non-human
participation in morally relevant action is privacy by design, i.e. the inscription of norms and
ethics into technology. But this approach restricts the usability of technology and uses
functional characteristics in order to enforce a certain behaviour on the side of human users.
Another strategy, which would flexibly enable rather than rigidly enforce virtuous practice
would be to enhance users’ awareness of their hybridized posthuman activities, configuring the
human in the loop in a way that allows richer awareness of temporally or spatially distributed or
extended responsibility. In the BRIDGE project the idea that both interoperability and
responsibility in a distributed setting practices that must be supported by technology is reflected
in the FRITS training system, which is a combination of a training methodology and various
technical systems which enable the users to embody the technology and become embodied in
the technology more circumspectly.
Version 1.0: Final
Collaboration
Page 113 of 161
Ethicist: the Training System is brilliant to enable people to learn from mistakes and from
things done well, and to allow people to trace back what happened, This is a form of
mixed intelligence: human sophisticated reasoning about what happened and the system’s
capacity to find out what happened and this is bigger than the human recollection of what
happened.
Designer: we aim to do this. You can have an overview camera and collect information
from instruments, e.g. positions etc. so when an observer marks something, to find all
data that support this in an easy and structured way, to support this. To tag something
with time and position.
Ethicist: I think you use Mixed Intelligence and Collaboration in at least 2 tools: the
Methodology Tracker, this is where you use the intelligence of the technology in the
sense that you have a basic structure of steps through the methodology but you use the
expert to complete everything, also in the analyzing part. It is not possible to do all of this
by only using technology, the technology is offering the structure, and communication
between different parts, but in the end there is the exercise board that needs to put the
final information in, right?
The FRITS system combines the observation and logging capabilities of the AKKA system with
the simulation powers of the Virtual Battle Simulator (VBS), which in combination with several
BRIDGE interfaces allow for:




Training for interoperability (i.e. assembling systems of systems) and technologically
augmented cooperation practices
Inspecting closely collaboration practices in Systems of Systems
Practicing situation awareness
Sensitizing for values such as inclusiveness and solidarity
While the Training System (FRITS) has been evaluated in terms of its ethical, legal and social
implications as a technical system, we also discovered its capacities as an investigation tool for
disclosing ELSI regarding the emergency domain and the BRIDGE system of systems.
6.6 BRIDGE Middleware, Concept Cases and ELSI
This section elaborates the summary of BRIDGE responses to ELSI challenges and
opportunities provided in BRIDGE D9.4. BRIDGE has integrated consideration of ELSI into
the development of the BRIDGE middleware for the assembly of systems of systems as well as
the design of prototype systems or ‘Concept Cases’ (CC). This has not been a ‘tick-list’
approach that looks for ‘solutions’ to ethical, legal or social puzzles and a overall need to
increase efficiency, agility and efficacy of crisis response and management. Such ‘solutionism’
is, as we discuss in D12.4, inadequate in view of the opportunities and challenges arising (see
also D12.2 and Liegl et al 2015). However, we have defined a concrete set of architecural,
ethical and legal qualities and requirements informed by analysis of social, ethical and legal
practices. These are inter-related, with ethical and legal qualities defining key issues arising
from a societal perspective and architectural qualities integrating and complementing these
challenges with a view to the overall added value of the system ‘architecture’ and the edifice of
systems of systems that can be assembled with it. These qualities are summarised below in
Figure 22. They are explained in the Appendix in Section 8 in this deliverable, which contains
slides used in design discussions, and elaborated in the Requirements Specification for BRIDGE
(D2.5) and other deliverables and publications (e.g. D4.2, D10.3, D12.1, D12.2, Al-Akkad et al
2013, Wood et al 2013, Boden et al (submitted 2015)). Our efforts to provide an integrated
demonstration in the final project demonstration have showcased some of the ways in which
Version 1.0: Final
Collaboration
Page 114 of 161
BRIDGE has attention to ELSI ‘inside’, and they have highlighted further opportunities and
challenges for systems of systems innovation.
In this section we selectively summarise key aspects. The selection is motivated by the aim to
show how BRIDGE has aimed to address all qualities (tagged below with the labels AQ
(architectural), EQ (ethical), LQ (legal quality)). However, most qualities are contextual and
could apply to all BRIDGE Concept Cases in different ways during different phases of crisis
response and management, and in different situations of use. Evaluation of how well they have
been addressed also depends on who is concerned and what their interests are. For example, an
individual’s ability to make informed un-coerced decisions about disclosure of personal medical
data partly constitutes his or her ‘autonomy’ (EQ). This is an essential value in European
Societies and a quality people should be able to realise in technologically augmented contexts.
However, in a crisis, it may be legitimate, necessary and highly desirable for all or some parties
involved to override an individual’s autonomy and to collect and process such personal data
even without their consent. We have discussed the legal basis for such exceptions in D12.1
(p.26ff) and explored the implications in D12.2 and various publications (e.g. Buscher et al
2015). The selective review in this deliverable develops the discussion in D9.4 and provides an
overview of how BRIDGE has concretely responded to ELSI opportunities, challenges and risks
through its innovations, based on the final demonstration.
Figure 22 Architectural, Ethical and Legal Qualities
6.6.1
BRIDGE System of Systems Integration and Middleware
The scenario to demonstrate BRIDGE starts before the incident occurred (See D9.4). At this
point, operations are routine. Emergency operators are on normal duty, the BRIDGE
middleware is running in some agencies, monitoring of key sensors and resources is taking
place using BRIDGE concept systems. At the Police Headquarters, for example, the BRIDGE
Information Intelligence system is used to monitor social media for reports on emergencies. The
Version 1.0: Final
Collaboration
Page 115 of 161
uses and data from the multiple agencies engaged in routine operations are not integrated into a
common information space at this point, but they could be. The scenario snapshot demonstrates
how the quality Availability and Reliability (AQ) is realised.
At T05 – five minutes after the explosion at a factory (modelled on the French disaster at the
AZT fertiliser factory described in BRIDGE D9.4) – when in the original situation emergency
centres were overwhelmed by a flood of conflicting emergency calls, responders in different
BRIDGE emergency centres can see that some monitored sensors and resources have
disappeared from their instantiation of the MASTER because of the explosion. The BRIDGE
Middleware service catalogue, orchestration and data model and management services are used
to enable data from different CCs to be pushed to the BRIDGE system, and the MASTER
system presents them on the map, which also enables organisational interoperability by
supporting establishment of a common operational picture. All relevant partners are allowed to
access the MASTER, using standard web-browsers. This illustrates how emergent
Interoperability & Coherence (AQ) are achieved with the BRIDGE system.
The BRIDGE CCs connect via the middleware to other systems (e.g., the Master) to disseminate
information. The orchestration service provides generic format and structure transformation
services, information is disseminated based on existing standards (i.e., XML and EDXL) and
the BRIDGE Middleware support for emergent interoperability also allows integration of
taxonomy services like EMERGEL37, evidence of how Internationalisation (AQ) is supported.
Privacy (LQ) is supported by design. The BRIDGE middleware supports security, trust and
privacy as a combination of guidelines, models, and supporting technologies including Privacy
Level Agreements, Trust agreements and standard cryptographic operations for protecting
confidentiality, integrity and authenticity of messages. Message-related services provide
functionality for hiding the identity of the sender, the content of a message or the recipient of a
message. However, while BRIDGE leverages the state of the art of development in this field,
the usefulness of ‘privacy by design’ in system of system innovation is limited. The exceptional
context of emergency response, where interconnection with ‘smart city’ services is increasingly
sought generates complexities that are beyond existing approaches. We have developed
conceptual resources to develop more innovative support for human practices of controlling
privacy, trust and security. These are documented in deliverables and publications (e.g. Buscher
et al 2015, D12.4).
At T013, the assessment phase begins, as first responders are en route to the incident. There is
further bootstrapping of the BRIDGE System of Systems: All services register with the
BRIDGE Service Catalogue, the BRIDGE QoS Repository and frequently update their status in
the BRIDGE Resource Status Repository. There is an option for agencies to register their
policies in the BRIDGE Policy Database, which addresses legal qualities around the Right to
know categories, types and purposes of data collection and processing (LQ). This also responds
to the call for Responsibility (EQ) in the sense of enhanced preparedness – where all
organizations and individuals that might have a role to play in emergency response and recovery
should be properly prepared and be clear about their roles and responsibilities.
The BRIDGE middleware’s support for emergent interoperability allows a degree of flexibility
that supports Inclusiveness (EQ), in the sense that information from a wide range of sources,
37
http://vocab.ctic.es/emergel/
Version 1.0: Final
Collaboration
Page 116 of 161
including medical sensors, social media, mobile phones, drones, apps (such as the BRIDGE
Helpbeacons) can be integrated swiftly and taken into consideration for the common operational
picture. While this does not include all systems (e.g. all emergency response legacy systems and
feature phones), there has been attention to accessibility.
6.6.2
Adaptive Logistics
Adaptive Logistics plays a special role in the BRIDGE innovation effort, as it uses the
middleware services most extensively (see also D2.5). Therefore this concept case is described
in greater detail than other BRIDGE concept cases.
The capability to orchestrate a vast amount of information systems into a coherent system of
systems creates a need for awareness of data controllers, data flows and data management
protocols. The BRIDGE team identified a need for Responsibility and Formal Decision Support
(AQ) that can make users aware of technical, legal or regulatory regimes or social/ethical
constraints that may affect operations. The Adaptive Logistics CC addresses this quality by
automating parts of implementing policies for agreements between agencies in terms of how to
deploy resources and how to achieve results (inter-organisational). It can help organizations to
cooperate with each other in a way that is compliant with the rules of engagement. However,
embedding support for responsible conduct and decisions in systems of systems is a complex
challenge. BRIDGE has developed conceptual resources for the development of support for
transparency and accountability and this is being taken forward in discussions for further
research proposals and in the SecinCoRe project 38, where insights from BRIDGE ELSI research
are integrated into the design of advanced common information space concepts.
The workflow generation and management mechanisms provided by Adaptive Logistics are
designed on the one hand to make the complex computational process transparent in the sense
of ‘invisible’ to the user. On the other, they enable inspection through the BRIDGE Annotated
Workflow Language (BRAWL). These efforts support Transparency (AQ) in two senses and in
ways that empower human practices of acquiring skill and controlling the highly complex
processes of crisis management. Our work highlights that transparency is in the eye of the
beholder, it cannot be embedded statically by design, but depends on users being able to
understand the operation of the system. There are opportunities and challenges arising from
recognising this contextual nature of transparency, which are explored in 6.5.1 above and a
range of publications (e.g. Wood et al 2013, Perng and Buscher 2015).
During the Assessment phase of the response, a critical task for the Incident Command team is
to determine where they can expect victims to be, an estimate of numbers and the types of
injuries that can be expected. In response to this need, the Adaptive Logistics Collaborative
Workflow Generation and Management Mechanism computes a workflow ‘Victim Assessment’
and kicks off key services, including RAM, DEIN and PLUS Modeling as a Service (MaaS).
The result of this information gathering effort is displayed on the Master. The execution of the
workflow is monitored by the QoS Monitoring Service. By mobilising these advanced
resources, the BRIDGE System of Systems enables enhanced Mixed Intelligence and
Collaboration (AQ), that is, it enables unprecedented capabilities to combine human reasoning
with computational calculations of relevant variables. It thereby becomes possible to prepare in
a more informed manner for the triage process and the reception of patients in hospitals. In a
broader perspective, this is an example of how BRIDGE Systems of Systems support a more
38
http://www.secincore.eu
Version 1.0: Final
Collaboration
Page 117 of 161
informed exercise of Fairness (EQ), as it becomes possible to distribute scarce service resources
more effectively to those who most need it as well as those who are most likely to benefit. More
generally, this is an example of how BRIDGE supports greater levels of Prudence (EQ) than is
currently possible by supporting practical wisdom and the exercise of discernment, perspicacity,
judiciousness and discrimination on the basis of more and more accurate information.
Adaptive Logistics brings together the capabilities of a vast array of human participants and
artificial components and enables their coordination. In doing so, it supports Solidarity (EQ) and
subsidiarity, that is, the principle of devolving decision-making to the lowest possible level
whilst supporting coordinative action at a higher level.
6.6.3
Advanced Situation Awareness
During the first 15 minutes of response during the Assessment Phase, the first rescue team flies
the Hexacopter over the explosion site and sends the first images of the destruction and
environmental sensor data from the smoke cloud. Using the data, the Expert System provides
advice to the Incident Command team regarding self-protection measures for first responders
and precautionary measures for members of public. The Modelling Module produces a plume
dissipation model for the next few hours based on the current meteorological data. UAV are
able to obtain real time multi-sensory information more cheaply and more safely than is
currently possible, and they can go closer to sources of risk than any other resource.
Through supporting new forms of Mixed Intelligence and Collaboration (AQ), the Advanced
Situation Awareness CC enables enhanced Leadership (EQ). Moreover, its modelling capacities
are often based on exceptional efforts to obtain Data Quality (LQ) and Flexibility (AQ). With
regard to the former, the triangulation between modelling results and real world measurements
(such as correlation with high quality visual documentation of explosions (D10.1) and
photographic evidence of injuries from the London bombings) allows high levels of confidence
in the models. With regard to the latter, the establishment of a library of models enables fast and
flexible exploration of likely impacts in relation to a wide range of settings where incidents may
occur, including railway stations and airports. While this does not eliminate the rule of
uncertainty in the dynamic high risk environments of crisis management (see e.g. Perng and
Buscher 2015), it supports more informed and ‘prudent’, efficient, agile and effective response.
The demonstration highlighted a currently highly problematic regulatory situation in Europe
that creates barriers for use. Due to the Dual Use capacity of UAV there are restrictions on how
systems like Advanced Situation Awareness can be utilised. To travel from Austria to
Switzerland, the Hexacopter’s flight capacities had to be disabled, because it can carry a
payload of more than 5kg, which could be used to mount a weapon. Furthermore, the capacity
of UAV to take high quality video virtually anywhere raises concerns over surveillance and
leads to further restrictions, which differ widely in different EU countries, showing that there is
a need to establish clear data controller and data processing regulations. While the aim must be
to safeguard the Right to know the categories, types and purposes of data processing (LQ) as
well as the Right to be forgotten (LQ) to leverage the capabilities of BRIDGE System of System
innovation, innovative regulatory and design approaches are needed. We discuss this issue
further below (7.1.5), see also Kerasidou et al (2015).
6.6.4
Dynamic Tagging (eTriage)
At T20, triagers start triaging people. BRIDGE triage bracelets are conceptualised to turn on
automatically as soon as they are pulled from the pack, realising qualities of Performance (AQ).
They report position and category of victims. For victims in areas without GPS, triagers can set
the position manually. In areas without network coverage the bracelets are conceptualised to
Version 1.0: Final
Collaboration
Page 118 of 161
send triage data over the triage relays. The design of e-triage as an example of dynamic tagging
of the environment enacts the quality of Graceful Degradation (AQ), that is, when encountering
difficulties, the system does not stop providing its services, but continues to provide them as
well as possible with the resources that are still available, e.g. through redundant network
connectivity. When the quality of a service decreases, users are made aware of this and
supported to enact ‘manual’ workarounds. The system also embodies a quality of ‘graceful
augmentation’ (Jul 2007), that is, it continues to support practices that have evolved around
paper-based triage (e.g. through the colours of the bracelets) so that even if the digital aspects of
the technology were to fail completely, effective triage would be possible.
Dovetailing with other systems in the BRIDGE System of Systems, such as Adaptive Logistics
(see above) and SWARM (see below), Dynamic Tagging supports a more circumspect approach
to the Fairness (EQ) of triage, but also the overall Dignity/Humanity (EQ) of response. By
allowing responders to bring more information about victims into the common operational
picture and to reason about the categorisation of victims more swiftly and in a more informed
and dynamic manner, people will suffer less.
As described in the introduction, exceptional use of personal data in this situation may be
lgitimate and useful, but it may also conflict with values of Autonomy (EQ), because there is a
risk that data may ‘spill’ beyond the delimited context of the crisis. The CC addresses this
quality by engaging in Data Minimization (LQ). It collects the minimum amount of information
necessary for triage. In addition, the CC facilitates Traceability and Auditability (AQ) by
logging the positioning, tracking and monitoring of victims as well as categorisations made. The
demonstration reflected manifold discussions with responders who, faced with the capabilities
of BRIDGE integrated eTriage appreciate the potential, but also worry about new liabilities.
With new technologies like the BRIDGE eTriage, logging can become an issue discouraging
first responders from certain actions for fear of liability. There are no easy ways of balancing
Traceability and Auditability and Responsibility and ultimately the Right to be Forgotten (LQ)
(more on this below). The BRIDGE team have developed analytical isnights and conceptual
resources to enable the people involved in crisis management and response to notice and
manage such conflicting demands (see 6.5.2, D12.4, as well as Buscher et al 2014)
6.6.5
First Responder Integrated Training System FRITS
FRITS seeks to establish an optimal learning and training methodology, supported by the
integrated BRIDGE System of Systems. In doing so it strongly supports Prudence (EQ),
especially with a view to the preparedness of responders and their capabilities of mobilising
advanced technologies effectively into the crisis management and response effort. FRITS takes
Traceability and Auditability (AQ) to unprecedented heights. It makes it possible to monitor the
movement, communications and vital signs of responders and to retrospectively inspect the
unfolding of decisions with a richness and flexibility that is highly valuable. FRITS also
addresses Scalability (AQ) in a way that demonstrates the power of BRIDGE System of
Systems innovation. It can support training activities on all levels from training related
workshops, through table top exercises and up to full scale exercises with many diverse data
sources. The supporting tools can be scaled to fit these different training activities and can be
chosen and adapted to suit cost- and learning-effective training. The exercise management team
can adjust which of the phases and activities in the Methodology Tracker (MeTracker) is
relevant for each training activity.
While such richness and flexibility is highly valuable, responders have voiced concerns over
how they can exercise their Right to be Forgotten (LQ), especially when lessons learnt from
training exercises carried out with their participation could be used to train subsequent groups
Version 1.0: Final
Collaboration
Page 119 of 161
with different participants. BRIDGE responds with an awareness that personal data no longer
required for the purpose of the processing stated at the time of collection should be securely
disposed of after it is no longer needed, as this was discussed during many encounters with
responders and during the internal Privacy Impact and Ethical Impact Assessments. However,
this could simply lead training organisations to state their purposes as wide as possible,
including re-use of data for training subsequent clients, which does not address the responders’
concerns. The BRIDGE team is developing concepts of designing ‘for’ privacy and the right to
be forgotten, for example, by leveraging state of the art capabilities for homomorphic
encryption, anonymisation and accountable data mining (D12.4). We are developing ideas for
research that leverages these to build on BRIDGE innovation, given the fact that training is a
domain where there is an invaluable richness and flexibility of monitoring. Storing an analysing
data about responder activities could produce highly valuable lessons learnt of they can be
utilised without compromising people’s integrity and within a safe and experimental, nonlibelous environment.
6.6.6
Information Intelligence
As remarked upon by one of the reviewers at the BRIDGE final demonstration, the rise of social
media use in crisis situations is seen as frightening by many emergency response professionals.
While information provided by members of the public could be very useful, reliability and
accuracy are difficult to establish and there are dangers of rumours, self-organised responses
and vigilantism (Perng et al 2013, Pohl 2014, Buscher et al. 2014). However, it can be critical
for responders to be aware of the conversations and self-organized volunteering that emanate
from ‘the crowd’. But the sheer amount as well as the ‘noise, misinformation, lost context and
the unstructured nature of social media updates all contribute to an emerging information
processing problem, with information seekers forced to “drink from the firehose” to identify the
data they need’ (Starbird 2012, Disaster Relief 2.0 Harvard Humanitarian Initiative, 2011).
The BRIDGE Information Intelligence CC addresses this issue of information overload by
enabling advanced Mixed Intelligence (AQ), that is, analysis that combines computational
processing with human sense-making in a way that provides richer and more accurate insight
and supports Prudence (EQ). There is no automatic decision performed, the CC forces a
collaboration between the technology and the user. For example, the user has to look at
identified sub-events and mark them as important to push them to the Master.
Tracking communication about ‘sub-events’ in a crisis also allows responders to react more
dynamically and in a more informed manner to information and activities orchestrated by
members of the public using social media. More detailed knowledge about this opens up
potential for more Inclusiveness and Cooperation (EQ) in crisis response, as emergency
responders can engage more directly with the public if required (Buscher and Liegl 2014).
The simulation engine in the Information Intelligence CC also supports Prudence (EQ) in
another way, by enabling integration of simulated social media communications in exercises,
enhancing the preparedness of responders.
Because the Information Intelligence CC processes personal information provided for purposes
other than crisis management there are mechanisms to prevent unauthorised access, including
login mechanisms, realising qualities of Access Control (LQ) to protect Privacy (LQ). In
relation to this, the BRIDGE team has also explored the design of representations that could be
inspected by users allowing them to understand how their social media entries are used and how
they are analysed to be able to take control of their privacy in a more circumspect manner.
Version 1.0: Final
Collaboration
Page 120 of 161
However, a suitable explanation/representation of the analysis algorithms would be needed,
which is understandable by non-experts. Research building on BRIDGE could develop this.
There is a frequent concern regarding Fairness (EQ) when the organization of search and rescue
missions shifts from a grid based approach to a potentially more accurate and sped up approach
which relies on location information, and information provided by social media. Such an
organizational shift entails the potential for a digital divide if first responders prioritize such
calls for help. At the same time first responders might be under pressure if they stick to other
established criteria and do not prioritize those calls. Information Intelligence addresses these
issues in that the sub-event approach scans for clusters of incidents, people affected and
impacted areas, thus not privileging individuals but providing Inclusion (EQ), since the notion
of a sub-event raises awareness not only for those who reported it, but also other people affected
who are in the area.
A further important issue in relation to Information Intelligence is the reliability of data
provided by members of the public, raising issues around the legal quality of Data Quality
(LQ). In D12.2 we discussed how providing or acting on crowd-generated information about
conditions carries potential legal liability (p. 118). The Information Intelligence CC responds to
the possibility that people might post malicious or inadvertently false information within social
media. For example, it is designed so that the number of reporters discussing the same sub-event
is currently displayed as a simple reliability gauge. In the future, additional “trust-models” to
identify reliable information can be developed.
6.6.7
Master
The Master addresses many of the qualities already mentioned, and many of the other CCs
support the qualities the Master excels at. As the visual portal to the BRIDGE System of
Systems it supports Cooperation (EQ) and Overview (AQ) in an exemplary manner, which is
why we have reserved discussion of these qualities until now.
Users can subscribe to information from a vast array of diverse systems and have it displayed,
demonstrating also the capacities of BRIDGE to achieve Scalability (AQ) and Versatility (AQ)
in systems of systems. The use of EDXL means that a wide range of systems can connect to the
Master, facilitating Interoperability and Coherence (AQ). Users can push information to others
and enter into message communication, access predefined emergency plans and collaborate in
situ and in distributed settings, for example by drawing on the Master map, which can flexibly
be turned to be visible for all connected, or be kept private, for example to the command and
control centre. Cooperation is also supported through the resource allocation mechanism, which
can assign responsibilities via drag and drop. It can also be used to minimize complexity for
users when the system scales up.
Mixed Intelligence and Privacy can be realised through the use of filtering. Mixed Intelligence
or computationally augmented human reasoning is supported in unprecedented ways, because
information is automatically synchronised, and it is possible to assemble it visually in precise
and easily understandable ways, also utilising mechanisms of visual information aggregation
that reduce information overload and clutter. This enables production and maintenance of a rich
common operational picture across many distributed locations.
There is a risk that users of the system can focus too much on things shown on the map and
forget that there are more elements involved, undermining Inclusiveness (EQ). For example,
victims who are not tagged with e-triage bracelets will not appear and could be forgotten. There
may also be responders, resources and bystanders involved in the crisis who are not tagged and
Version 1.0: Final
Collaboration
Page 121 of 161
therefore not visible. The experiments with BRIDGE prototype systems of systems show that
practitioners already always combine the use of new technologies with analogue systems or
systems that cannot be integrated easily. Thus socio-technical means of responding to this
challenge exist, reminding us of the fact that BRIDGE is a socio-technical not an all
encompassingly technical system of systems that has to fit into an ecology of practices inside
and outside its boundaries.
6.6.8
Robust and Resilient Communication
Mesh Networking and HelpBeacons – the two main concepts developed under the heading of
‘Robust and Resilient Communication’ are integrated into BRIDGE system of systems, for
example, combining their functionalities with the Advanced Situation Awareness CC and the
Master. Like most of the development undertaken in the Robust and Resilient Communication
CC, HelpBeacons exemplify the BRIDGE response to challenges arising around the qualities of
Maintainability & Flexibility & Reversibility & Modifiability / Evolvability (AQ), apart from
also addressing many of the other qualities already discussed. HelpBeacons do this by utilising
remnants of networking (Al-Akkad et al 2013). The concept was inspired by how people make
use of the names of Wi-Fi home networks (SSIDs) to broadcast short messages conveying
simple, anonymous information. For instance, some SSIDs may express neighbourly requests as
“Turn the noise down”. A Wi-Fi network is visible in a certain range and the advertised SSID is
usually the first thing people become aware of. Essentially, people can easily relate and
understand SSID names, supporting Inclusiveness (EQ).
The creation of an emergency beacon defines a sort of “Help me” signal (a HelpBeacon), which
may help professional first responders to find persons, addressing the quality of
Dignity/Humanity (EQ) by reducing fear and suffering. As default settings in smartphones
notify users of the presence of detected networks, any arbitrary person in the vicinity may
discover the emergency signal and become involved in the rescue process.
The design supports Compatibility (AQ) by using Android, the most widespread operating
system for mobile devices, and by supporting lower API versions the system can be installed on
a wide range of devices. The App can be installed virally, as long as one person within range
has it on their device. As soon as the victim application is launched it starts to search for
available Beacons. Also, users can select from predefined help messages or type in a new one.
This flexibility goes some way towards bridging smartphone divides.
The design supports Modifiability, Evolvability and Reversibility (AQ) in particularly interesting
ways. Modifiability is the way in which the BRIDGE system of systems approach supports
enhancements to individual components while keeping the system as a whole working. By
integrating the HelpBeacons with Advanced Situation Awareness and Master CCs, the
capabilities of all three are extended. Evolvability allows users to extend the assembly of
systems whilst assuring continuity of the whole. This is demonstrated in the Graceful
Degradation (AQ) of the HelpBeacon in ‘broadcast’ mode (to be used, for example, in an
earthquake situation), or a ‘seeker’ mode where victims silently send a beacon, which can only
be read by authorised response personnel (to be used in a shooting or terrorist incident
situation). This capability responds to the potential for misuse in certain scenarios, where there
is a threat that help calls may be received by the wrong people, or people may generate fake
distress calls, which could be harmful for first responders that react based on such false
information (Boden et al submitted). This capability also illustrates the BRIDGE approach to
realise the quality of Reversibility, which allows designers and users to revert to previous states
and change the design, as the BRIDGE systems of systems approach provides a service oriented
and component based architecture.
Version 1.0: Final
Collaboration
6.6.9
Page 122 of 161
Situation aWAre Resource Management
The SWARM system critically supports capacities of resource management. It provides an
Overview (AQ) of resources (including assets and first responders), their status, availability and
their location, to incident commanders as well as first responders in the field (overview limited
to their immediate surroundings). It supports Cooperation (EQ) through allowing managers to
communicate tasks to first responders with more detail and room for negotiation and explicit
acknowledgement, by means of text message based task descriptions, as an alternative to radio
communication. It also enhances Cooperation by providing new ways to involve human
resources in a more ad-hoc manner, by means of dynamically creating teams which adhere to
location constraints, availability constraints and capability constraints, reducing the operational
efforts of incident commanders and enabling them to focus on the tactical level.
By being able to carry out these functions with a potentially vast number of resources, the
SWARM exemplifies the BRIDGE response to Scalability (AQ). Utilising the middleware, it is
able to visually communicate resource and task status updates to all relevant first responders and
command posts within 30 seconds after these statuses have been updated, illustrating how
BRIDGE addresses the qualities of Performance (AQ) and Capacity & Load Utilisation (AQ).
More specific information regarding the technical realisation of these qualities is provided in the
respective technical deliverables, as well as summarised in D2.5.
6.7 Discussion: The Leverage and Limitations of Disclosure
The interdisciplinary collaboration quality sessions were designed to systematically disclose
ELSI within an ongoing design process and a broader socio-technical innovation endeavour,
where, of course, such disclosure was also happening ‘in the wild’, throughout the project. The
overall aim of paying attention to ELSI is to enable carefully radical and radically careful
informationalization of crisis management and response. By reflecting on ELSI we have been
able to move some way towards developing systems that more effectively support more
productive as well as more virtuous practices. The qualities sessions were generative of many
insights and design ideas. Disclosure leveraged more circumspect innovation, in some cases –
for example integrating rules and categories for data protection into the BRIDGE Master
systems. However, the sessions did not cover all issues that are important for ELSI aware
innovation, and there are many issues that are beyond the capacity of design to address. In the
final chapter of this report we now discuss issues that were not directly addressed in the
qualities sessions, but that have arisen elsewhere within the collaborative design process, for
example during end-user advisory board meetings, co-design workshops, or project meetings.
This will broaden the discussion of the limitations of disclosure and support the overall
conclusion of this report, which calls for more integrated technical and socio-technical
innovation efforts, science and society engagement.
Version 1.0: Final
Collaboration
Page 123 of 161
7 Conclusion: BRIDGE-ing for Preferable Futures
New technologies engender transformations of the social and material practices of emergency
response. This is particularly important with a view to ELSI arising in systems of systems
innovation in emergency management, because new ways of accessing, sharing, reasoning about
and communicating information affect the conditions for ethical, lawful, and socially
responsible conduct. The informationalization of emergency response that is currently underway
could result in different desirable and undesirable futures. Negotiating intended and unintended,
negative and positive consequences is not just a matter of seeking ‘acceptance’ for sociotechnical innovation. It requires a much more broad-based and deeper involvement in the
shaping of desirable futures where diverse stakeholders can find the means to express their
voice and take responsibility.
The BRIDGE project contributes to wider efforts to enhance the security of European citizens
and the humanity of disaster planning, management and response in a context of increasingly
frequent and severe crises. With the discussion in this chapter we draw together important
aspects that have so far not been addressed but which have significantly shaped the innovation
work undertaken in the project. We begin with a set of thematic discussions of key issues, then
sketch out possible futures and conclude by calling for deepening collaboration between
interdisciplinary science and design research and society further, building on work like that
undertaken in the BRIDGE project.
7.1 ELSI Aware Socio-Technical Informationalization of Crisis Response
7.1.1
Balancing Security with Emergent Interoperability
The security of data “both at the time of the design of the processing system and at the time of
the processing itself, particularly in order to maintain security and thereby to prevent any
unauthorized processing’ of personal data” (Pagallo, 2011) has been a central concern for endusers involved in the design of the BRIDGE system of systems. Numerous discussions have
raised questions about how the validity and reliability of data can be ensured and how
unauthorized access (e.g. by the media or persons with malignant intent) can be prevented in
ways that sufficiently assure users. The design responses to this need in the BRIDGE system
leverage state of the art security mechanisms at the level of individual systems, utilising, for
example, encryption tools. While in relation to the security of citizens the challenge is to
balance security and privacy in a way that societies can have both, when it comes to data
security, it is a matter of balancing security with emergent interoperability and flexibility –
emergency responders need both.
7.1.2
Balancing Privacy and Security
The BRIDGE approach has shown that inscribing compliance into technologies, e.g. through
privacy by design approaches can be of limited utility in view of the dynamic nature of
emergency management and the need for role improvisation and emergent interoperability in
systems of systems approaches. Privacy cannot easily usefully be ensured or ‘enforced’ apriori
by design in this context. However, our qualitative studies and experimental engagement with
stakeholders have also highlighted a third approach of human-practice focused privacy by
design. This is based on a shift from conceptions of privacy as a value that has to be traded in in
return for security, or a right that has to be respected through regulation, to an understanding of
privacy as a contextual, situated and embodied practice of boundary management that is
augmented and constrained by technologies, cultural conventions and the law. By taking this
perspective, alternative socio-technical design avenues are opened up, for example via
Version 1.0: Final
Collaboration
Page 124 of 161
specification of non-functional requirements such as architectural qualities of transparency and
inspectability. For example, privacy protection in emergency response systems of systems may
be supported by imposing temporal and geographical constraints on data sharing, ‘seamful
design’ (Chalmers, 2003) and approaches that support ‘accountable’ or ‘palpable’ computing
(Dourish, 2001, Kyng, 2007).
When, in times of crises, boundaries between different systems (telecoms databases, transport
management systems, police records, social networking systems, insurance databases) are made
permeable, allowing automated data collection, data mining, analysis and profiling,
conventional privacy protection that involves limiting access at the point of data collection,
including using legal, cryptographic and statistical techniques is likely to be prohibitively rigid
and restrictive. Accountable data-mining, an approach developed in response to the fact that the
Internet provides a huge source of data that can render conventional access-limiting methods
ineffective and impractical, is an example of innovative privacy solutions that may be useful in
a human practice focused approach. Referring to the US use of data mining around Passenger
Records, (Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler & Sussman, 2008:85) argue
that: ‘Laws that limit access to information do not protect privacy here because so much of the
data is publicly available. To date, neither law nor technology has developed a way to address
this privacy loophole.’ New socio-technical mechanisms are required and Weitzner and his
colleagues suggest:


Transparency: mechanisms where the history of data manipulations and inferences is
maintained and can be examined by authorized parties (who may be the general public)
Accountability: one can check whether policies that govern data processing were in fact
adhered to (Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuiness,
Sussman & Waterman, 2006:)
In the context of emergency response exceptional breaches of data protection regulations may
be necessary and legitimate. Personal data may, for example, be used for purposes other than
those specified at the time of collection. To support trust in systems that support interoperability
in times of crisis (but not under normal circumstances), the design of tools that make the use of
personal data accountable both at the time of use and retrospectively, seems promising.
7.1.3
Data Sharing, Large Scale, Cross-Country
A central prerequisite for emergency collaboration is the enhanced capability for data sharing.
However, on a European level who gets access to what information turned out to be a
contentious question. From the domain experts involved in the BRIDGE project and the enduser advisory board (EUAB), some of whom are in leading functions of firefighting, ambulance,
police or civil protection organisation, we learned that on the cross-border level within the EU
cooperation is sharply defined by the EU Civil Protection mechanism, where detailed
regulations exist on EU cooperation in disasters. As BRIDGE systems afford live monitoring of
resources, who could be in different countries and under a different command, interesting
discussions arose around the use of BRIDGE for cross-border assistance:
EUAB member: no, only the country that is affected is in control. Otherwise it’s not
allowed by the EU. Monitoring on an EU level is forbidden
Designer: collaboration is difficult,
EUAB member: no, the command in this country controls it, the people on the ground
know best what to do, it makes this effective.
Designer: but what about a central overview, to know who is doing what, where?
Version 1.0: Final
Collaboration
Page 125 of 161
EUAB member: We know that because of the governments. There are daily Situation
Reports. A country sends it to Brussels and Brussels disseminates that. In every command
centre there are the experts on a national level. There is aggregation, by sending reports to
the next level (bronze, silver, gold command) the next level doesn’t need to know
everything.
Designer: All processes are defined. Is there an overview on who is doing what where?
EUAB member: Yes, we do that in country reports to the EU, which report on where EU
forces are doing what. From our standpoint, we already have all the info we need when
we send our forces to another country. If Italians ask us to send a specific task force to
L’Aquila, we consult with the manual on what they mean and send them what they want.
(End User Advisory Board Meeting, Risavika 2013)
We see in this discussion how the idea of situation awareness is deeply politically charged with
questions of sovereignty. Current EU law and policy restricts logging to the national level,
where neither Brussels nor any other country has the jurisdiction to overview. The feeling
expressed is that the EU collaboration mechanism which spells out who will take the lead in an
incident and how then cross agency and border collaboration takes place is not only detailed
enough, so that everyone knows what to do, but also in a way morally binding in its subsidiary
structure (the local / national agency takes the lead and “owns” the COP). After a few more
exchanges, it turns out that while there are mechanisms in place, the response still almost never
goes by the book. There are problems with coordination, training and technology.
BRIDGE makes several socio-technical offers to deal with cross-agency and cross-border
collaboration. Yet our investigation of current EU policy on cross-border collaboration points to
a dilemma: While there is a strong attachment to the current strictly defined procedures, there is
also the acknowledgment, that the response almost never goes according to the book. A system
like BRIDGE with its possibilities of supporting centralized and distributed situation awareness,
could be the basis for tackling and discussing such issues also on a policy and regulation level.
7.1.4
Interoperability and informational practice & politics
A recent stocktaking review of lessons learned from an analysis of international crises as diverse
as the Victoria Bush Fires, the London bombings and the 2002 Elbe floods finds that a ‘lack of
interoperability between first responders and communication problems are the most common
findings’ (ENISA 2012). Such findings fuel widespread calls for greater interoperability and
data sharing, because it seems clear that more interoperability between emergency agencies
could enhance societies’ capabilities to prepare for and address crises (NATO, 2006,
Armstrong, Ashton, & Thomas, 2007; Dawes, Cresswell, & Pardo, 2009; Desourdis &
Contestabile, 2011). BRIDGE supports greater interoperability. However, our studies and
collaborations with emergency responders show that the key question is not how first
responders could be pushed to cooperate and use technology more, but how their practices of
sharing, but also withholding and controlling information can be supported with technology.
Many emergency responders and managers invest high hopes in technology ‘that provides the
right information, at the right time, and in the right place’, because they share the belief that it
has the potential to reduce disaster impacts. It enables managers to plan more effectively
for a wide range of hazards and to react more quickly and effectively when the
unexpected inevitably happens. (Koua, MacEachren, Turtun, Pezanowski, Tomaszewski,
& Frazier, 2010:255)
Version 1.0: Final
Collaboration
Page 126 of 161
But the BRIDGE project shows, resonating with evidence in the literature that matters are more
complex than making more information more easily shareable and opening communication
channels (Buscher et al 2014d, see also Heath & Luff, 1992; Bannon & Bødker 1997; Wolbers
& Boersma 2013). Numerous post-disaster reviews of multi-agency emergency response
highlight failure to share data as a serious challenge, providing examples of how rules, working
practices, national laws can obstruct collaboration (BRIDGE D12.1). For example, reflecting on
evaluations of the emergency response effort after the London 7/7 bombings in 2005, Hilary
Armstrong, UK Cabinet Minister for Social Exclusion, pointed out that:
It was apparent that in some parts of the emergency response, the requirements of the
Data Protection Act 1998 were either misinterpreted or over-zealously applied.
Subsequent reports … have indicated that the London experience in this respect is not
unique. (Armstrong, Ashton & Thomas, 2007)
In the aftermath of the London bombings, data controllers considered that it was not legal to
pass personal data initially collected from victims by the Family Assistance Centre on to
successor organizations for follow-up support. This complicated continuity of care for people
and led to a fragmentation of response efforts. ‘Silo-thinking’, or a lack of organizational
interoperability, where individual agencies do not collaborate even where this would be useful
and possible is widely seen as one of the main barriers to organisational interaction (Dawes
2009, Cole 2010, Desourdis 2012). Technology is often seen as a solution. After the 2011
Norway attacks, for example, the specially appointed expert committee concluded that
The authorities' ability to protect the people on Utøya Island failed. A more rapid police
operation was a realistic possibility.
And they identified that a key reason for such failure was the fact that ‘the potential inherent in
information and communications technology has not been exploited well enough’ (Bech Gjørv,
2012:Part IV). Our work in the BRIDGE project, and the discussion in this deliverable however,
show that matters are more complex. It is clear that ‘effective coordination during major
emergencies requires the development of a deeper, shared understanding of the incident and a
high level of trust between responding organisations, both of which are effortful to achieve and
difficult to support with current communications systems’ (McMaster and Baber 2012). The
BRIDGE project has taken an approach that supports the human core of informational practice
and politics, offering not only ways to share information, but also enabling complex
communicative practices of disclosure, exchange, interpretation, but also discretion,
aggregation, abstraction, and withholding of information.
7.1.5
Regulating the use of Unmanned Arial Vehicles
Regulations relating to aviation and Unmanned Arial Vehicles (UAV) are not specifically about
BRIDGE-technology and to conduct an EU/national level investigation of current legislation
relevant to UAVs is currently impracticable. The development varies a lot in the different
membership countries and the relevant regulations differ with respect to type of operations 39 and
technical specifications (e.g. operational range and the ability to carry load). EUROCONTROL,
the European Organisation for the Safety of Air Navigation, lists up-to-date national regulations
39
This precondition is not unique for regulations concerning UAVs. As pointed out in D12.2 disasters and
disaster management are not well defined phenomena, basically any sector of society and any technology
may be affected in unpredicted constellations.
Version 1.0: Final
Collaboration
Page 127 of 161
on its website, 40 illustrating widely varying approaches regarding certification, liability and
restrictions as to where and when Remote Piloted Areal Systems (RPAS) can be flown.
Regarding the latter, Denmark, for example, rules that for all RPAS under 25kg



The distance to built-up areas and major public road shall be at least 150 m.
The flight level must not exceed 100 m above terrain.
Densely built-up areas, including areas with weekend cottages and inhabited camping
sites, and areas with large open-air assemblies of persons must not be overflown.41
In Italy, the regulation uses the label ‘model aircraft’ and specifies that ‘[s]uch activities may be
carried out in areas that are not populated and properly selected by the model aircraft operator of
maximum radius of 200 m and a height of not more than 70 m, and for which it can ensure
control in order not to cause danger to persons and property.’42
Apparent is furthermore that important issues are pending, due to the novelty of the domain. To
illustrate this it can be mentioned that the branch organization for unmanned aerial systems in
Sweden uassweden.org/ held its first annual meeting this year and recently (May 2015) did the
Swedish Data Inspection Board appeal a decision from the Administrative Court stating that
video cameras carried by drones do not violate regulations concerning surveillance and privacy,
i.e. the issue is still open. June 22, 2015 Stockholm airport Arlanda was temporarily shut down
due to the observation of an unidentified drone in the restricted airspace, spurring an intense
debate on how to speed up the regulation of this technology.
In Austria it has been possible to obtain a flight permit for some type of UAVs (developed
during the course of the BRIDGE project) once the operator demonstrated ability to fly an
UAV, existence of insurance cover, and that the UAV did not exceed prescribed noise levels.
Similar UAVs could however not be used in Switzerland due to regulations defining military
equipment.43 Variations in this respect, and in other aspects also exist within countries,
depending on regulations of different origin. To conduct a national investigation of legislation
relevant to UAVs is a task involving among other things pending and proposed regulations
concerning pilot training for UAVs, certification, security, military laws, privacy, surveillance,
wavelengths and radio frequencies, noise, insurances, area restrictions, height restrictions,
permits, technical inspections, standards, risk analysis, necessary coordination with traditional
commercial aviation legislation, liability, labour law, etc. In various countries these and other
issues are dealt with by different agencies and coordinated solutions are to a considerable extent
still lacking. In effect this situation is a regulatory barrier to realizing the full potential of the
BRIDGE Advanced Situation Awareness Concept Case, which relies on a UAV.
40
https://www.eurocontrol.int/articles/national-rpas-regulations
41
http://www.trafikstyrelsen.dk/~/media/Dokumenter/05%20Luftfart/04%20Luftfartserhverv/BL94_uk.ashx
42
www.enac.gov.it/repository/ContentManagement/information/N1220929004/Reg%20SAPR%20english
_022014.pdf
43
Cf, for a similar regulation concerning dual-use items that require export authorisation
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/422364/controllist2015041
7.pdf
Version 1.0: Final
Collaboration
Page 128 of 161
As for the future it is thus possible to make some suggestions for regulatory reform with a
specific view towards this area of innovation. Initially it can be noted that The European
Commission Roadmap for the integration of civil Remotely-Piloted Aircraft Systems (European
RPAS Steering Group 2013) outlines two different areas in need of regulatory innovation:


Safe integration of civil RPAS into the European Aviation System
Societal impact of the integration of civil RPAS into the European Aviation System,
which includes issues of
o Third-party liability and insurance
o Data protection and privacy
Related to the safe integration of RPAS into the European Aviation System, the roadmap
contains a comprehensive outline of regulatory improvements needed and a Strategic R&D Plan
for the integration of civil RPAS into the European Aviation System (Annex 1 & 2). Annex 3, a
Study on the Societal Impact has been updated by two separate reports published in November
2014: Study on privacy, data protection and ethical risks in civil Remotely Piloted Aircraft
Systems operations (Finn et al 2014) and Study on the Third-Party Liability and Insurance
Requirements of Remotely Piloted Aircraft Systems (RPAS) (European Commission 2014c).
Against this background it would be helpful to establish a working group on ELSI and
regulatory reform for RPAS, specifically focused on crisis management and response, civil
protection, humanitarian efforts, border security and law enforcement. Even more specifically, it
would be useful to consider issues arising around the integration of RPAS and different
payloads in systems of systems, with a particular emphasis on data protection, privacy and
potential for discrimination (Finn and Wright 2012). This could help develop a European legal
basis.44
Relevant actors who could help develop more adequate regulatory frameworks include i.e:






the European Aviation Safety Agency (EASA);
EU national civil aviation authorities;
the European Organisation for Civil Aviation Equipment (EUROCAE);
Eurocontrol;
the Joint Authorities for Rulemaking on Unmanned Systems (JARUS)
the Joint European Working Group JWG8 (Privacy management in products and
services) relating to the European Commission standardisation request M/530 addressed
to the European Standardisation Organisations in support of the implementation of
privacy management in the design and development and in the production and service
provision processes of security technologies 45
In this context it should also be noted that The US Federal Aviation Authority is currently
developing an all-encompassing regulation for privately and commercially used UAVs.
Preliminary statements by the Head of the Organisation (June 5, 2015) indicate a rather liberal
approach, focusing on safety in the air space used by commercial aircraft and by UAV. A
foreseeable development in Europe would require considerably more coordinated regulation
44
Also called for here http://ec.europa.eu/enterprise/docs/uas/13_LIM.pdf non-EU States
45
http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=548
Version 1.0: Final
Collaboration
Page 129 of 161
with emphasis on assuring the safety of the public as well as respect for privacy. Considering
the borderless nature of large scale emergencies it can also be proposed that EU regulators study
and coordinate their approach with ongoing activities on a global basis.
7.1.6
Discovering Harmful Potential
Many technological innovations have unintended harmful potential that is unknowable in
advance. Beyond questions of technology failures compromising response effort, and potential
privacy invasions, technology might, for example, also directly put disaster victims in physical
harm. This can happen in cases of violent crimes, such as terrorist attacks, when the technology
that is supposed to help find victims draws the assaulter’s attention onto them. The BRIDGE
Help Beacons offer ways for victims to call for help locally, by turning their Smartphone into a
WiFi hotspot, using the hotspot name as a way to emit a message about their whereabouts and
condition. These hotspots can be found with a seeker device, but also with simply another Wifi
enabled Smartphone or other device. In the case of a violent crime or a terrorist attack thus
publishing one’s location might put the victim in danger. Over the course of various co-design
iterations, we discovered and investigated these risks and found design solutions (Al-Akkad et
al. 2014). This EUAB member, for example, vividly sketches a scenario where the HelpBeacons
might put a victim or a first responder in harm’s way:
EUAB member: In Westgate Kenya, Nairobi a lady was hiding and texting, this is
happening, please. nobody call me, because if they hear my phone, they will come and
kill me. … So it's all very good that we are seeing with help beacon and we are able to
send messages to people and they can send a message back to us … but what if the
terrorist has this device and says rescue me, and then traps police men ...
Designer: if we invert the set up, responder sends, and then this signal has to be somehow
authenticated, it's more difficult to use the system to harm people.
Similar issues were addressed after the Stavanger exercise where in a terrorist shooting scenario
on a ferry and in the ferry terminal ‘victims’ (played by students) had the HelpBeacons installed
on their phone. All victims were concerned about the dissemination of data to untrusted people.
They were keen that only the police or any further response unit should be able to pick up their
emergency messages. They stated that they would like the Seeker device to connect to their
phones when they set up their status to ‘safe’ in order to know that the personnel in the field and
in the control room have become aware of her new state. At the same time, the victims would
have liked to have some kind of feedback about the status of the rescue operations.
7.1.7
Professional Bias and the Public Interest
As outlined in chapter 5, our co-design sessions involved project partners, stakeholders and end
users such as emergency services personnel and members of the End User Advisory Board. We
also attempted to consider the concerns of indirect users, such as the wider public, who may be
concerned that the difficulties in safeguarding data security and privacy in systems of systems
with emergent interoperability used in disaster response my undermine civil liberties and
freedoms (Büscher, Perng and Liegl 2015). By using a representative model, where researchers
would feed concerns and interests into the exploration and design process, hence in effect
playing the role of proxy/advocate. This strategy brought out a number of interesting issues
regarding the role of indirect stakeholders. They came into sharp focus, for example, during codesign sessions when discussing aerial overview/surveillance using drones.
Civil drones are still an emerging and controversial subject and so far only incomplete
regulation is in place in European Countries. Regulatory bodies such as the EU Commission
have stressed the need for the development of a common (EU wide) regulatory framework, both
Version 1.0: Final
Collaboration
Page 130 of 161
to provide some legal certainty for investors and developers but also to address what is seen as
apprehension about the technology on the part of citizens, including concerns over privacy
intrusion, safety and issues around automation as well as the association of drones as killing
machines and state weapons. Such concerns have been identified by the EU Commission as one
of the key obstacles faced by the civil-RPAS market (EU Commission 2014). However, from
our co-design sessions and focus groups a different picture emerged. Some professional end
users were initially quite enthused about the possibilities that drones would offer for their work:
The use for the police can be: it can fight crime, support customers, detect illegals in
trucks, cannabis farms, and get more control (Police Officer).
… we would use it for monitoring refugee camps: at the moment at our camps in Jordan it is
very hard to monitor how many people get in and out of the camp (Civil Protection Officer).
Such responses elicit questions around the emphasis on including only professional responders
as co-designers in projects like BRIDGE. This professional bias has an impact on the kinds of
ELSI that can be uncovered, and they challenge us to think what role citizens should have in
research and development projects, especially in the context of addressing ELSI. This raises
questions about ‘expertise’ and whether to be involved in technical discussions participants
must have particular ‘qualifications’. For Wynne (2007) citizens are well qualified to participate
in such discussions due to ‘their ability to contribute to ‘collective societal definition’ of the
issues; ‘their ability to challenge ‘normative social commitments’ performed by science and
technology; and their ‘ability to identify what is socially relevant and ‘salient’ amongst the
issues under debate’ (Wynne 2007:107-108 in Tsouvalis and Waterton 2012:115).
Such issues also raise questions about who is or is not invited to participate and the challenges
of working with contestation and differing views (Felt et al., 2007) hence leading us to broader
questions about the role of the researcher as (an organiser and) a proxy, and the politics of
participation and representation. As Felt et al. (2007) argue in many cases the public are ‘absent
presences’ that are represented by researchers in particular ways (p.57). Such projects construct
particular ‘imaginings’ of the ‘public’ (Welsh and Wynne, 2013). For example, in the case of
drone technology, research indicates that the public is not the univocal (fearful, misinformed)
entity that policymakers and drone experts imagine. There are cases of drone enthusiasts, of
communities using drones in humanitarian emergency settings (e.g. Meier 2014a, b) but also a
limited number of studies that reveal a much more complicated and nuanced picture of the
public which is not captured in media-hyped discourses (e.g. Eyerman et al 2013) (Kerasidou et
al 2015). This highlights the ‘heterogeneous and dynamic nature of the “public”’ (Delgado, Lein
Kjolberg, & Wickson, 2011) and the fact that there are multiple public(s), hence raising further
questions about how they could be practically included. Such issues are indeed challenging, but
continue to be salient, especially, as we address in the next section, as the public continues to
play a central role as well as elicit new and emerging directions in emergency response.
7.1.8
Listening to the Crowd: Social Media, Inclusiveness and Dialog
In previous deliverables and publications we have discussed the advantages and
disadvantages of integrating social media into large-scale multi-agency response. Key
insights include strong evidence for the relevance of social media. In D12.1, for example we
discuss the role of digital humanitarian data collection in prioritizing formal response efforts
(pp. 17-18). The Ushahidi Haiti project map below (Figure 23), for example, was used by the
Department of State Analysts for the US government interagency task force and US marines
to enhance situation awareness and identify “centers of gravity” for deployment of field
teams (Morrow et al., 2011: 4).
Version 1.0: Final
Collaboration
Page 131 of 161
Figure 23 Ushahidi Haiti Map
Source: http://irevolution.net/2011/03/06/changing-world-map/
The fact that there is great scope to leverage public engagement has been a constant topic in our
collaborations with emergency responders. The excerpts below, from our most recent interviews
illustrate a diversity of perspectives:
I think you need to have analysts or operators interrogating social media almost 24/7.
Social media needs to have constant or regular monitoring. (Interview with JESIP
Training Officer, UK, 31 March 2015)
I think your timing for doing this [research] is very, very good, you’ve got two big drivers
… One is austerity … the second is the explosion in social media. This will help get over
the old people and their resistance to change, the ‘we’ve always done it that way. It’s my
information, you are not having this’. (Interview with Emergency Operations Consultant,
UK, 31 March 2015)
The obvious thing is the whole area of social media is becoming very important, because
it is active out there, people out there with their smart phone, people on twitter, on
Facebook. I’ve been trying to impress upon our local people here in our own
organisation this is an area we have to get a handle on, have to be monitoring social
media feeds that are being generated if something major would happen. … I think that
would be helpful to have a management tool, I know they exist, but I’m not sure they have
been captured into the processes that we would go through. (Interview with senior Fire
Officer, Ireland, 20 April 2015)
Social media is a great source of intelligence. And it’s a great way of actually keeping
people updated during different events. Police use twitter, Facebook, all different ones to
get information out there and counter inaccuracies…and it’s good for us to measure
people’s reactions to how we’ve dealt with things as well. … I think you need to have
Version 1.0: Final
Collaboration
Page 132 of 161
analysts or operators interrogating social media almost 24/7. Social media needs to have
constant or regular monitoring. (Interview with Police Chief, UK, 29 May 2015)
In a comprehensive recent analysis of several million tweets from different disaster situations,
Vieweg (2012) finds that between 7-23% of tweets are ‘relevant for situation awareness’, an
average of 15%. In the aftermath of the 2010 Haiti, where 4 million tweets were sent over the
space of 23 days, that translates into 600,000 situation awareness relevant messages. Attempts
to leverage such information by mapping georeferenced tweets, e.g. in relation to the 2013 Elbe
floods or the 2014 UK floods (Herfort et al 2014 and Saravanou 2015), reveal that even when
only a small proportion of tweets (around 3%) are currently geo-referenced, this approach ‘can
enhance information extraction … being valuable for both crisis response and preventive flood
monitoring (p.51)’ (Herfort et al 2014). Pohl et al. (2013) show that the BRIDGE Information
Intelligence clustering approach is valuable for crisis management, as it ‘serves to integrate
social media into crisis management without cumbersome manual monitoring’ (p.3901).
However, as one of our End-user advisory board members points out, while ‘we need some
system for analysing and filtering information [from social media], of course, it’s decision
support [that we need], we have to remember that’ (18 th May 2015, BRIDGE final review). This
is where the BRIDGE approach can leverage significant advantages. By integrating affordances
from other information systems, such as the BRIDGE Advanced Situation Awareness system
and the BRIDGE Master, results from the BRIDGE Information Intelligence social media
analytics or related systems can be integrated into a rich precision information environment that
can support triangulation of information, enabling responders to notice and assess the relevance,
accuracy and reliability of social media messages. This is a significant advance. While many
disaster response agencies and policy-makers currently feel pressured to respond to social
innovation in social media use during crises, and despite the wide-spread use of GIS and other
geo-location technologies, the scale and speed of social media innovation ‘in the wild’ exceeds
formal response agencies’ ability to adapt their processes and regulatory frameworks (Shanley
et al. 2013). For example, a member of BRIDGE End User Advisory Board and the German
Federal Agency for Technical Relief described how search and rescue is normally organised by
mapping out a grid and carrying out a systematic search. When victims use mobile technologies
to call for help, as was the case after the Haiti earthquake, they could precisely locate their
needs, which changed the priorities of deployment and disrupted a process designed to ensure
the impartiality and rigour of search and rescue Buscher et al 2014c).
These practices disruptively open up new futures. People’s ability to put themselves on the map
through social media amplifies the voices of those affected and has the potential to augment
formal response efforts by providing additional information and fostering collaboration between
emergency services and affected publics. At the same time, it can destructively interfere with
formal response practices, undermining distributive justice (as in the example above), spread
rumours and false information (Mendoza et al 2010) or challenge the security of command and
control communications (Oh, Agrawal, and Rao 2010). The BRIDGE approach supports
stakeholders in large-scale multi-agency emergency management with new tools to maximise
positive potential and to notice and control negative effects in need of mitigation.
7.1.9
Preventative Security, Social Sorting and Probabilistic Prediction
With growing capacity for capture, analysis, sharing and data-driven decision making, the ‘seas’
of data are becoming more exploitable for more effective and efficient, personalised crisis
management and response. However, the proliferation of data also muddies the waters about
data ownership, the purpose of collection, and the mechanisms of analysis, increasing the risk of
inadvertent disclosure or misuse of personal data. Seventy-two percent of Europeans are
Version 1.0: Final
Collaboration
Page 133 of 161
“concerned that personal data may be shared without their permission” (Reding, 2012),
prompting a comprehensive reform of the EU’s data protection rules, which is scheduled to
come into operation in 2015 (European Commission, 2012). Recent disclosures over
surveillance through the US National Security Agency are fanning the debate about privacy
(MacAskill et al, 2013), but many experts are more concerned about probabilistic prediction
(Heaven, 2013), and exclusion, especially when they lead into inscrutable ‘social sorting’ based
on personal data, because it can lead to a ‘splintering’ of societies and undermine societal
virtues of humanity, equality, solidarity and fairness (Graham & Marvin, 2001). Research shows
that social sorting can be beneficial in the sense of enabling the personalisation and efficient
targeting of disaster management and response e.g. through preventative risk analysis,
identifying the most vulnerable or prone to risk. However, this is also problematic in the sense
of ‘disciplining’ the already vulnerable (the poor, elderly, or disabled, who are more likely to be
‘at risk’) or ‘rationing’ access and splintering societies (D12.2). There are techniques to enhance
social sorting, and to mitigate negative effects (e.g by implementing ‘forgetting’). But
Kafkaesque culmination of error, abuse, lack of transparency (Solove, 2011) could undermine
the beneficence of informationalizing disaster management and response at this juncture.
BRIDGE has explored and enables utilization of the best available technical, socio-technical
and social solutions. Thus BRIDGE augments traditional crisis management and response
through advanced ICT and new models of organization to facilitate proactive approaches.
7.1.10 Ownership, Informational Self-Determination & Interpretive Authority
The definition of data ownership and associated legal responsibilities for emergency data are
seen as important factors to ensure accountability for the use of data. For data owners (for
example social services, telecoms operators, or local authorities) to be able to act within data
sharing agreements in the context of crisis management and response, concerns about their
ability to manage access and control must be addressed. Furthermore, innovative approaches to
give data subjects data ownership exist. Apple has, for example, developed the HealthKit
framework to protect users’ privacy by giving people control over their data and forcing App
developers to state clearly how they will use their personal data. BRIDGE leverages these
developments, as well as being responsive to demands for and regulatory endeavours to
enshrine increased informational self-determination (D12.2). But issues arise not only around
data collection and processing. Making sense of data and making sure that certain types of data
enter into the considerations necessary for crisis management and response are an issue. For
example, social media based ‘crisis mapping’ may make the needs of local populations more
visible, but it does not guarantee that their voices are being heard or addressed (Büscher et al
2015c). Moreover, certain social groups may not have access to knowledge and skills required
for producing or interpreting data.
To conclude, by extending the focus beyond concerns with the efficiency and efficacy of crisis
management and response, to address more complex data-related ELSI, the BRIDGE project is
part of efforts that seek to augment the societal value of advanced information technologies in a
way that is sustainable in terms of ethical and political values of democracy, security, equality
and social justice and real world social practices.
7.2 Collectively Shaping Possible, Probable and Preferable Futures
The technologies brought together in the BRIDGE project are part of a fast evolving ecosystem
of technological potential. In the force-field of ever more sophisticated data collection, analysis,
communication and visualisation, a range of different ‘possible, probable and preferable futures’
(Börjeson et al 2006) emerge. One option is ‘Total Security’, where security is attained through
pervasive surveillance. Another, more likely scenario involves ‘muddling through’ (Lindblom
Version 1.0: Final
Collaboration
Page 134 of 161
1959), where surveillance is disorganised and there are not the resources to secure a planet
rocked by increasing number and frequency of disasters. This would involve patched and
improvised collections of public, private and community based emergency services. Some of
these may use advanced IT creatively, but there is no concerted support for this. There are
runaway effects, including social sorting and surveillance, as well as technology dependence
effects where technology breakdown undermines collectives’ capabilities to respond. BRIDGE
aims to support a more preferable future, where citizens are protected against surveillance and
disasters. BRIDGE can help integrate advanced data collection, analysis, communication and
visualisation capabilities, whilst also supporting ‘reversibility’ in socio-technical innovation
when people notice unintended negative consequences.
Perhaps most importantly, some of the socio-techncial innovations developed in the BRIDGE
project support evolution of a new sensorium and new ways of embodiment and communictaion
in ‘stretched’ large scale, distributed and transient cooperative ensembles. Advanced Situation
Awareness (ASA), Adaptive Logistics, ‘Situation aWAre Resource Management (SWARM),
HelpBeacons, First Responders Integrated Training System (FRITS) all enhance human
capabilities with this purpose, and the ultimate goal to enhance the humanity of crisis response
and management. Designed with ELSI in mind, BRIDGE also tries to support exercise of
virtues and maintenance of normal morality even under extreme circumstances. This might
mean that certain affordances of technology will either not be used or implemented, that the
capacity of forgetting must be more comprehensively be designed into the system, and ‘cultures
of responsibility’ must be supported to go beyond blaming individuals. BRIDGE has not been
able to pave the way for preferable futures completely. But apart from substantive sociotechnical contributions, the project team have developed a methodology for ELSI co-design that
discloses opportunities, risks and challenges more richly than the individual methods that
existed before. To build upon these efforts, we would argue that a stronger commitment to
public engagement and experimentation is needed, drawing on these existing methods:





Co-realization, which develops ideas of Co-Design through a synthesis of
ethnomethodology (a particular form of sociological enquiry) and PD. It moves the
locus of design and development activities into workplace settings where technologies
will be used, emphasises design-in-use and longitudinal involvement of IT professionals
in the ‘lived work’ of users (Hartswood et al. 2002).
Critical design, also know as ‘design noir’ (Dunne & Raby 2001) or ‘speculative
design’ (Sengers and Gaver 2006), which straddles into art and philosophy as it seeks to
provoke and enable critical engagement. It creatively and critically explores putative
futures entailed in contemporary technological developments, often by creating objects
that are obliquely functional but also absurd or shocking.
Service design – a relatively new approach, focused on designing ‘services’ –
assemblages of human, technological, architectural, organizational components (Meroni
& Sangiorgi, 2011).
Collective experimentation – a ‘new regime’ of technoscientific innovation,
characterised by experimental implementation of new technologies in the context of
broad-based stakeholder engagement. It requires new approaches to intellectual
property rights to ensure viability (such as Open Source Software, General Public
Licence (GPL or copyleft) and ‘new forms of interaction between scientists and other
actors, … because the traditional authority of laboratory-based science is not sufficient’
(Wynne & Felt, 2007, 27).
Design for design – an approach that recognises that design does not end at ‘design
time’. People appropriate technologies in a way that constitutes ‘design in use’. This is
often ill supported by silent technologies and blackboxing. ‘Design for design’ seeks to
Version 1.0: Final
Collaboration
Page 135 of 161
support people in developing the skill and understanding needed to be creative with
technology as well as knowing about the effects of using technologies in particular
ways (Ehn, 2008, see also work discussed in Büscher, Perng & Liegl 2015)
There are overlaps, synergies, as well as incompatibilities between these approaches and there
are no doubt more approaches that would be useful than those listed here. What a list like this
makes plain, however, is that deeper engagement with a wider range of stakeholders is needed,
possible, and likely to be extremely productive in shaping preferable futures around the
potential of advanced ICT in crisis response and management.
Version 1.0: Final
Collaboration
Page 136 of 161
8 Appendix
This is an Appendix, providing the original slides used for the ELSI Qualities Sessions. An
explanation of how these were discussed in relation to BRIDGE concept cases is available in
BRIDGE D10.3. The most significant ways in which these relate to the BRIDGE concept,
middleware and concept cases are described in BRIDGE D9.4 and Section 6.6 above, as well as
publications (e.g. Wood et al. 2013, Al Akkad et al in preparation).
For the ethical, legal and architectural qualities sessions, we developed a guideline (Leitfaden)
with introductions to those qualities, in order to elicit exploration and structure the discussion of
those qualities in relationship to the various Concept Cases, components and socio-technical
practices they belong to. The sessions were 2hr long meetings using the teleconferencing tool
WebEx. A powerpoint presentation was used to structure the discussion. These slides were used
to present the ethical qualities:
Version 1.0: Final
Collaboration
Version 1.0: Final
Page 137 of 161
Collaboration
Version 1.0: Final
Page 138 of 161
Collaboration
Version 1.0: Final
Page 139 of 161
Collaboration
Version 1.0: Final
Page 140 of 161
Collaboration
Version 1.0: Final
Page 141 of 161
Collaboration
Page 142 of 161
References
Ackerman, B. (2004). The Emergency Constitution. Yale Law Journal, 113, 1029-91. LEELP
II: 307-370.
Al-Akkad, A., L. Ramirez, S. Denef, A. Boden, L. Wood, M. Buscher and A. Zimmermann
(2013) Reconstructing normality: The use of infrastructure leftovers in crisis situations as
inspiration for the design of resilient technology. Proceedings of the Australian ComputerHuman Interaction Conference (OzCHI'13), 25-29 November, Adelaiade, Australia.
ACM.
Al-Akkad, A., Ramirez, L., Boden, A., Randall, D., & Zimmermann, A. (2014, April). Help
beacons: design and evaluation of an ad-hoc lightweight SOS system for smartphones. In
Proceedings of the 32nd annual ACM conference on Human factors in computing systems
(pp. 1485-1494). ACM.
Alexander, L. (2000). Deontology at the Threshold. San Diego Law Review, 37, 893-912.
LEELP I: 121-140.
Allenby, B. R., & Wallach, W. (2015 - forthcoming). The Applied Ethics of Emerging Military
and Security Technologies. In The Library of Essays on the Ethics of Emerging
Technologies (Series). Farnham: Ashgate.
Andersen, P. et al. (2007). PalCom: Palpable Computing Open architecture. . Aarhus.
Retrieved from http://www.istpalcom.org/publications/deliverables/Deliverable-54[2.2.3]-open-architecture.pdf
Ansell, C., Boin, A., & Keller, A. (2010). Managing Transboundary Crises: Identifying the
Building Blocks of an Effective Response System. Journal of Contingencies and Crisis
Management, 18, 195-207. LEELP III: 111-124.
Aradau, C., & Van Munster, R. (2011). Politics of Catastrophe: Genealogies of the Unknown.
London: Routledge.
Armstrong, H., Ashton, C., & Thomas, R. (2007). Data Protection and Sharing – Guidance for
Emergency Planners and Responders. Office. London. Retrieved from
www.cabinetoffice.gov.uk/media/132709/dataprotection.pdf [Accessed 31 December
2014]
Army-Technology.com. (2012). Keeping London’s Olympic Games secure on all fronts - Army
Technology. http://www.army-technology.com/features/featurelondon-2012-olympicsgames-security-strategy/ [Accessed 30 December 2014]
Asaro, P.M. (2000). Transforming society by transforming technology: the science and politics
of participatory design. Accounting Management and Information Technologies, 10(4),
257-290.
Bailey Smith, J. D. (2014). Agency Liability Stemming from Citizen-Generated Data. Retrieved
from http://www.wilsoncenter.org/publication/agency-liability-stemming-citizengenerated-data
Bannon, L. (2011). Reimagining HCI: toward a more human-centered perspective. interactions,
8(4): 50-57.
Barad, K. (1998). Getting Real: Technoscientific Practices and the Materialization of Reality.
differences: A Journal of Feminist Cultural Studies, 10(2), 87-128.
Version 1.0: Final
Collaboration
Page 143 of 161
Barad, K. (2007). Meeting the Universe Halfway: Quantum Physics and the Entanglement of
Matter and Meaning. Durham, North Carolina: Duke University Press.
Barnard-Wills, D. (2013). Security, Privacy and Surveillance in European Policy Documents.
International Data Privacy Law, 3(3), 170–180.
Bech Gjørv, A. (2012). Rapport fra 22 Juli-Kommisjonen. Oslo.
http://www.regjeringen.no/smk/html/22julikommisjonen/22JULIKOMMISJONEN_NO/I
NDEX.HTM [Accessed 22 August 2014]
Beck, U. (1992). Risk Society: Towards a New Modernity. London: Sage.
Bergstrand, F., & Landgren, J. (2009). Information sharing using live video in emergency
response work. In J. Landgren & S. Jul (Eds.), Proceeding of the 6th International
ISCRAM Conference (pp. 1-5). Retrieved February 12, 2015, from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.180.9575&rep=rep1&type=pdf
Bijker W., & Law, J. (1992) (Eds.), Shaping Technology, Building Society: Studies in
Sociotechnical Change. Cambridge, Mass.: MIT Press.
Bijker, W. E. (2003). The Need for Public Intellectuals: A Space for STS: Pre-Presidential
Address, Annual Meeting 2001, Cambridge, MA. Science, Technology, & Human Values,
28, 443–450. doi:10.1177/0162243903256273
Börjeson, L., Höjer, M., Dreborg, K-H., Ekvall, T., Finnveden, G.(2006) Scenario types and
techniques: Towards a user's guide. Futures 38(7): 723-739
Black, R. (2003). Ethical Codes in Humanitarian Emergencies: From Practice to Research?.
Disasters, 27, 95-108. LEELP IV: 387-400.
Boden, A., Al-Akkad, A., Liegl, M., Buscher, M. and Wulf, V. Designing a Mobile Ad-hoc
SOS System: Rethinking the Visibility and Validity of Distress Signals (submitted to
International Journal of Human-Computer Studies Special Issue on Human Centered
Design and Evaluation of Services and Systems for Crisis Response and Management)
Boin, A., & ’t Hart, P. (2010). Organising for Effective Emergency Management: Lessons from
Research. Australian Journal of Public Administration, 69(4), 357–371.
doi:10.1111/j.1467-8500.2010.00694.x
Boin, A., & Ekengren, M. (2009). Preparing for the World Risk Society: Towards a New
Security Paradigm for the European Union. Journal of Contingencies and Crisis
Management, 17, 285-94. LEELP III: 3-12.
Boin, A., KUIPERS, S., & OVERDIJK, W. (2013). LEADERSHIP IN TIMES OF CRISIS: A
FRAMEWORK FOR ASSESSMENT. International Review of Public …. Retrieved from
http://www.kapa21.or.kr/data/data_download.php?did=5991
Booth, M.G. (2007). Informed Consent in Emergency Research: A Contradiction in Terms.
Science and Engineering Ethics, 13, 351-59. LEELP IV: 3-12.
Boucher, P. (2014). Domesticating the Drone: The Demilitarisation of Unmanned Aircraft for
Civil Markets. Science and Engineering Ethics. doi:10.1007/s11948-014-9603-3
Boulden, J. (2004). International Crisis Response and a Canadian Role. International Journal,
59, 801-13. LEELP III: 125-138.
Bracken-Roche, C., Lyon, D., MAnsour, M. J., Molnar, A., Saulnier, A., & Thompson, S.
(2014). Surveillance Drones: Privacy Implications of the Spread of Unmanned Aerial
Version 1.0: Final
Collaboration
Page 144 of 161
Vehicles (UAVs) in Canada. Kingston.
http://www.atlanticuas.ca/files/Library/Reference/Privacy Implications of the Spread of
UAVs in Canada_14-04-30.pdf [Accessed 30 December 2014]
Brändström, A., Bynander, F., & ‘t Hart, P. (2004). Governing by Looking Back: Historical
Analogies and Crisis Management. Public Administration, 82, 191-210. LEELP III: 13-32.
Bronitt, S. (2008). Balancing Security and Liberty: Critical Perspectives on Terrorism Law
Reform. In M. Gani & P. Mathew (Eds.), Fresh Perspectives on the ‘War on Terror’ (pp.
65-83). Australian National University: ANU E-Press. LEELP II: 423-442.
Brown, I., & Adams, A.A. (2007). The ethical challenges of ubiquitous healthcare. International
Review of Information Ethics, 8, 53–60.
Buck, D.A., Trainor, J.E., & Aguirre, B.E. (2006). A Critical Evaluation of the Incident
Command System and NIMS. Journal Of Homeland Security And Emergency
Management, 3(3), 1–27.
Buscher, M., & Liegl, M. (2014). Connected communities in crises. IEEE STC Social
Networking E-Letter, 2(1).
Büscher, M., & Mogensen, P. (2007). Designing for material practices of coordinating
emergency teamwork. In Proceedings of the 4th International Conference on Information
Systems for Crisis Response and Management ISCRAM (pp. 1–11). Retrieved from
http://www.ist-palcom.org/publications/files/ISCRAM_Buscher_Mogensen_final.pdf
Büscher, M., Bylund, M., Sanches, P., Ramirez, L., & Wood, L. (2013). A New Manhattan
Project? Interoperability and Ethics in Emergency Response Systems of Systems. In T.
Comes, F. Fiedrich, S. Fortier, F. Geldermann, & L. Yang (Eds.), Proceedings of the 10th
International ISCRAM Conference. Retrieved February 12, 2015, from
http://eprints.lancs.ac.uk/62390/1/269_ManhattanProject_Final.pdf
Büscher, M., Liegl, M., Rizza, C., & Watson, H. (2014a). How to do IT more carefully? Ethical,
Legal and Social Issues (ELSI) in IT Supported Crisis Response and Management.
IJISCRAM, 7.
Büscher, M., Perng, S-Y., & Liegl, M. (2014b). Privacy, Security, Liberty: ICT in Crises.
IJISCRAM, 7.
Büscher, M., Liegl, M. and Thomas, V. (2014c) Social collective intelligence: combining the
powers of humans and machines to build a smarter society. In Miorandi, D., Maltese, V.,
Rovatsos, M., Nijholt, A. & Stewart, J. (eds.). Social Collective Intelligence. Combining
the Powers of Humans and Machines to Build a Smarter Society. Springer, p. 243-265.
Büscher, M., Liegl, M., Perng, S., Wood, L. (2014d) How to Follow the Information?
Sociologica. Vol. 1, Doi: 10.2383/77044
Büscher, M., Kerasidou, X., Liegl, M., Petersen, K. (2015) Digital Urbanism in Crises. In
Kitchin, R. and Perng, S.Y. Code in the City. London Routledge.
Büscher, M., Kristensen, M., & Mogensen, P. H. (2007). Making the future palpable: Notes
from a major incident Future Laboratory. In International Journal Of Emergency
Management (Vol. 5, p. 145). Inderscience Enterprises Ltd (P.O. Box 896, Geneve 15 CH1215, Switzerland). Retrieved from http://www.inderscience.com/link.php?id=19911
Büscher, M., Slack, R., Rouncefield, M., Procter, R., Hartswood, M., & Voss, A. (Eds.) (2008).
Configuring user-designer relations: interdisciplinary perspectives. (Computer Supported
Cooperative Work). London: Springer Verlag.
Version 1.0: Final
Collaboration
Page 145 of 161
Calain, P., Fiore, N., Poncin, M., & Hurst, S. A. (2009). Research Ethics and International
Epidemic Response: The Case of Ebola and Marburg Hemorrhagic Fevers. Public Health
Ethics, 2, 1-23. LEELP IV: 337-360.
Callon, M. (1999). The Role of Lay People in the Production and Dissemination of Scientific
Knowledge. Science Technology & Society, 4, 81–94. doi:10.1177/097172189900400106
Campbell, T. (2012). The Library of Essays on Emergency, Ethics, Law and Policy: 4 Volume
Set. Farnham: Ashgate.
Cartlidge, E. (2012). Aftershocks in the courtroom. Science (New York, N.Y.), 338(6104), 184–
8.
Cavoukian, A. (2001). Taking Care of Business: Privacy by Design. Toronto.
http://www.ontla.on.ca/library/repository/mon/2000/10296375.pdf [Accessed 25 Nov
2012]
Cavoukian, A. (2010). Privacy by design: the definitive workshop. A foreword by Ann
Cavoukian, Ph.D. Identity in the Information Society, 3(2), 247–251. doi:10.1007/s12394010-0062-y
Cavoukian, A. (2012). Privacy and Drones: Unmanned Aerial Vehicles.
http://www.ipc.on.ca/images/Resources/pbd-drones.pdf [Accessed 30 December 2014]
Chalmers, M. (2003). Seamful design and ubicomp infrastructure. Proceedings of Ubicomp
Workshop at the Crossroads The Interaction of HCI and Systems Issues in UbiComp.
Retrieved from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.6779&rep=rep1&t
ype=pdf
Chesbrough, H. W. (2003). Open Innovation: The New Imperative for Creating and Profiting
from Technology. Boston: Harvard Business school Press.
Citraningtyas, T., MacDonald, E., & Herrman, H. (2010). A Second Tsunami?: The Ethics of
Coming into Communities following Disaster. Asian Bioethics Review, 2(2), 108-23.
LEELP IV: 147-164.
Coady, C.A.J. (2004). Terrorism, Morality, and Supreme Emergency. Ethics, 114, 772-89.
LEELP I: 357-374.
Cole, J. (2010). Interoperability in a Crisis 2. Human Factors and Organisational Processes.
http://www.rusi.org/downloads/assets/Interoperability_2_web.pdf [Accessed 17 February
2014]
Collins, H. M. (1996). Embedded or embodied? A review of Hubert Dreyfus’ what computers
still can't do. Artificial
Collins, Harry M. (2010): Tacit and Explicit Knowledge, Chicago: U of Chicago P.
Committee of Public Accounts (2011). Public Accounts Committee - Fiftieth Report The
Failure of the FiReControl Project HC 1397. London.
http://www.publications.parliament.uk/pa/cm201012/cmselect/cmpubacc/1397/139702.ht
m [Accessed 28 October 2014]
Conte, A. (2013). Facial recognition technology moving toward identifying almost anyone.
Retrieved August 8, 2015, from http://triblive.com/news/allegheny/390428674/technology-face-center#axzz2TqAHrVSh [Accessed 3 August 2015]
Version 1.0: Final
Collaboration
Page 146 of 161
Crang, M., & Graham, S. (2007). Sentient cities: ambient intelligence and the politics of urban
space. Information Communication Society, 10(6), 789–817.
De Hert, P., Kloza, D., & Wright, D. (2012). PIAF Project Deliverable 3: Recommendations for
a privacy impact assessment framework for the European Union. Retrieved from
http://piafproject.eu/ref/PIAF_D3_final.pdf
Delgado, a., Lein Kjolberg, K., & Wickson, F. (2011). Public engagement coming of age: From
theory to practice in STS encounters with nanotechnology. Public Understanding of
Science, 20(2010), 826–845. doi:10.1177/0963662510363054
Dewey, J. (1927). The Public and its Problems. New York: Holt.
Dickert, N.W., & Kass, N.E. (2009). Patients’ Perceptions of Research in Emergency Settings:
A Study of Survivors of Sudden Cardiac Death. Social Science & Medicine, 68, 183-91.
LEELP IV: 165-174.
Dickert, N.W., & Sugarman, J. (2007). Getting the Ethics Right Regarding Research in the
Emergency Setting: Lessons from the PolyHeme Study. Kennedy Institute of Ethics
journal, 17, 153-169. LEELP IV: 229-246.
Disalvo, C., Lodato, T., Jenkins, T., Lukens, J., & Kim, T. (2014). Making public things: how
HCI design can express matters of concern. Chi 2014, 2397–2406.
doi:10.1145/2556288.2557359
Dougherty, C. (2008). While the Government Fiddled Around, the Big Easy Drowned: How the
Posse Comitatus Act Became the Government’s Alibi for the Hurricane Katrina Disaster.
Northern Illinois University Law Review, 29, 117-47. LEELP II: 163-194.
Douglas, M. (1992). Risk and blame: Essays in cultural theory. London: Routledge. Dourish, P. (2001). Where the action is: the foundations of embodied interaction. Cambridge,
Mass.: MIT Press.
Dyzenhaus, D. (2005). Schmitt v. Dicey: Are States of Emergency Inside or Outside the Legal
Order?. Cardozo Law Review, 27, 2005-39. LEELP II: 3-38.
Ehn, P. (1993). Scandinavian design: on participation and skill. In D. Schuler & A. Namioka
(Eds.), Participatory design: principles and practices (pp. 41–77). Hillsdale, New York:
Lawrence Erlbaum.
Ehn, P. (2008). Participation in design things. In PDC ’08 Proceedings of the Tenth Anniversary
Conference on Participatory Design 2008, Indiana University (pp. 92–101). Indianapolis.
Ehn, P., & Badham, R. (2002). Participatory Design and the Collective Designer. In T. Binder,
J. Gregory, & I. Wagner (Eds.), Proceedings of the Participatory Design Conference 2002
(Vol. 2, pp. 1–10). Indiana University. Retrieved from
http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:Participatory+Design+a
nd+the+Collective+Designer#0
Ellebrecht, N., & Kaufmann, S. (2015 - forthcoming). Boosting efficiency through the use of
IT? Reconfiguring the management of mass casualty incidents in Germany. IJISCRAM, 7.
Endsley, M.R. (1995). Toward a Theory of Situation Awareness in Dynamic Systems. Human
Factors: The Journal of the Human Factors and Ergonomics Society, 37(1), 32-64.
Version 1.0: Final
Collaboration
Page 147 of 161
eScience. (2012). Earth Faces a Century of Disasters, Report Warns.
http://esciencenews.com/sources/the.guardian.science/2012/04/26/earth.faces.a.century.dis
asters.report.warns [Accessed 28 October 2014]
EU Commission. (2014a). Communication from the commission to the European parliament
and the council: A new era for aviation—opening the aviation market to the civil use of
remotely piloted aircraft systems in a safe and sustainable manner. http://eurlex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52014DC0207&from=EN
[accessed 28.01.2015]
European Commission. (2014). Science with and for society. http://ec.europa.eu/programmes/
horizon2020/en/h2020-section/science-and-society. [Accessed 28 October 2014]
European Commission. (2014a). Factsheet: Rules under Horizon 2020.
European Commission. (2014b). Horizon 2020 Work Programme 2014 –2015, 14. Secure
societies – Protecting freedom and security of Europe and its citizens, European
Commission Decision C (2014) 4995 of 22 July.
European Commission. (2014c). Study on the Third-Party Liability and Insurance Requirements
of Remotely Piloted Aircraft Systems (RPAS). Retrieved from
http://ec.europa.eu/DocsRoom/documents/7661
European RPAS Steering Group. (2013). Roadmap for the integration of civil Remotely-Piloted
Aircraft Systems into the European Aviation System- Final Report.
http://ec.europa.eu/enterprise/sectors/aerospace/files/rpas-roadmap_en.pdf [Accessed 28
June 2015]
Ezeome, E.R., & Simon, C. (2010). Ethical Problems in Conducting Research in Acute
Epidemics: The Pfizer Meningitis Study in Nigeria as an Illustration. Developing World
Bioethics, 10, 1-10. LEELP IV: 319-328.
FEMA. (2011). A Whole Community Approach to Emergency Management: Principles,
Themes, and Pathways for Action. Retrieved March 24, 2013, from
http://www.fema.gov/whole-community
Ferejohn, J., & Pasquino, P. (2004). The Law of the Excepton: A Typology of Emergency
Powers. International Journal of Constitutional Law, 2, 210-39. LEELP II: 63-94.
Finn, R. L., & Wright, D. (2012). Unmanned aircraft systems: Surveillance, ethics and privacy
in civil applications. Computer Law & Security Review, 28(2), 184–194.
Finn, Rachel, L., Wright, D., DeHert, P., & Jacques, L. (2014). Privacy, data protection and
ethical risks in civil RPAS operations - Final Report.
http://ec.europa.eu/DocsRoom/documents/8550 [Accessed 28 June 2015]
Fischer, III, Henry W. 1998. Response to Disaster: Fact Versus Fiction & Its Perpetuation—The
Sociology of Disaster. Lanham, MD: University Press of America.
Fleischman, A.R., & Wood, E.B. (2002). Ethical Issues in Research Involving Victims of
Terror. Journal of Urban Health: Bulletin of the New York Academy of Medicine, 79, 31521. LEELP IV: 129-137.
Ford, J., Stephens, K., & Ford, J.S. (2015 - forthcoming). Digital Restrictions at Work:
Exploring How Selectively Exclusive Policies Affect Crisis Communication. IJISCRAM,
7.
Version 1.0: Final
Collaboration
Page 148 of 161
Forester, T., & Morrison, P. (1990). Computer Ethics: Cautionary Tales and Ethical Dilemmas
in Computing. MIT Press. Retrieved from http://www.amazon.co.uk/Computer-EthicsCautionary-Dilemmas-Computing/dp/0262560739
Fost, N. (1998). Waived Consent for Emergency Research. Amercian Journal of Law &
Medicine, 24, 163-83. LEELP IV: 31-52.
Friedman, B., Kahn Jr, P. H., Borning, A., & Huldtgren, A. (2013). Value Sensitive Design and
Information Systems. In N. Doorn, D. Schuurbiers, I. van de Poel, & M. . Gorman (Eds.),
Early Engagement and New Technologies: Opening up the Laboratory (pp. 55–95).
Springer.
Friedman, B., Kahn, P. H., & Borning, A. (2006). Value Sensitive Design and Information
Systems. In P. Zhang & D. Galetta (Eds.), Human-Computer Interaction in Management
Information Systems: Foundations, (pp. 348-372). New York: M.E. Sharpe.
Fry, T. (2008). Design Futuring: Sustainability, Ethics and New Practice. Berg.
Fuller, M. (2008). Software Studies: A Lexicon. Cambridge, MA: MIT Press.
Galaz, V., Moberg, F., Olsson, E., Paglia, E., & Parker, C. (2011). Institutional and Political
Leadership Dimensions of Cascading Ecological Crises. Public Administration, 89, 36180. LEELP III: 139-158.
Gallagher, S. (2013). Why facial recognition tech failed in the Boston bombing manhunt |. Ars
Technica. http://arstechnica.com/information-technology/2013/05/why-facial-recognitiontech-failed-in-the-boston-bombing-manhunt/ [Accessed February 16, 2014]
Gardiner, S.M. (2004). Ethics and Global Climate Change. Ethics, 114, 555-600. LEELP I: 441486.
Gevaert, W. J. R., & de With, P. H. N. (2013). Robust face recognition algorithm for identifition
of disaster victims. Proc. SPIE 8655, Image Processing: Algorithms and Systems XI,
865503 (February 19, 2013); http://dx.doi.org/10.1117/12.2001634.
Green, S.P. (2007). Looting, Law, and Lawlessness. Tulane Law Review, 81, 1129-74. LEELP
I: 221-266.
Greenbaum, J. M., & Kyng, M. (1991). Design at work: Cooperative design of computer
systems. (J. M. Greenbaum & M. Kyng, Eds.) (Vol. Design at). L. Erlbaum Associates Inc.
Hillsdale, NJ, USA. Retrieved from http://portal.acm.org/citation.cfm?id=574738
Greenfield, A. 2006. Everyware: The Dawning Age of Ubiquitous Computing. San Francisco:
Peachpit Press.
Greenhough. B. & Roe, E. (2010) From ethical principles to response-able practice.
Environment and Planning D: Society and Space, volume 28, 43-45.
Grudin, J. (2008). Computer Supported Cooperative Work: History and Focus. Computer,
2005–2008.
Habermas, J. (1981). Theory of Communicative Action Volume One: Reason and the
Rationalization of Society. Translated by Thomas A. McCarthy. Boston, Mass.: Beacon
Press.
Version 1.0: Final
Collaboration
Page 149 of 161
Habermas, J. (1996). Between Facts and Norms. Contributions to a Discourse Theory of Law
and Democracy. Cambridge: MIT Press.
Haraway, D. (1991). A Cyborg Manifesto: Science, Technology, and Socialist-Feminism in the
Late Twentieth Century. In Simians, Cyborgs and Women: The Reinvention of Nature (pp.
149-182). London: Free Association.
Haraway, D. J. 2008. When Species Meet. Minneapolis: University of Minnesota Press.
Hardin, G. (1974). Living on a Lifeboat. Bioscience, 10, 561-68. LEELP I: 487-494.
Harel, A., & Sharon, A. (2011). “Necessity Knows No Law”: On Extreme Cases and
Uncodified Necessities. University of Toronto Law Journal, 4, 845-65. LEELP I: 179-200.
Harris, I., Jennings, C. ., Pullinger, D., Rogerson, S., & Duquenoy, P. (2011). Assessment of
new technologies: A meta-methodology. Journal of Information, Communication and
Ethics in Society, 9, 49–64.
Hartswood, M., Procter, R., Slack, R., Voß, A., Buscher, M., Rouncefield, M., & Rouchy, P.
(2008). Co-realization: toward a principled synthesis of ethnomethodology and
participatory design. Resources CoEvolution and Artifacts, 14(2), 59–94. Retrieved from
http://www.springerlink.com/index/q710532862167p41.pdf
Harvard Humanitarian Initiative. (2011). Disaster Relief 2.0: The Future of Information Sharing
in Humanitarian Emergencies. Washington, D.C. and Berkshire, UK: UN Foundation &
Vodafone Foundation Technology Partnership.
Head, M. (2009). The Military Call-out Legislation. In Calling out the Troops (pp. 100-21).
Sydney, NSW: The Federation Press. LEELP II: 195-218.
Henderson, A., & Kyng, M. (1991). There’s no place like home: Continuing Design in Use. In J.
Greenbaum & M. Kyng (Eds.), Design at work cooperative design of computer systems
(pp. 219–240). Lawrence Erlbaum Associates. Retrieved from
http://books.google.co.kr/books?hl=ko&lr=&id=BCGM7GQFyqYC&oi=fn
d&pg=PA219&dq=There’s+no+place+like+home&ots=BghnneB4l0&
sig=WdDuQAUfHZ6jfWoLQEQ2V6p-lYo
Herfort, B., Porto de Albuquerque, J., Schelhorn, S.-J., & Zipf, A. (2014). Exploring the
Geographical Relations Between Social Media and Flood Phenomena to Improve
Situational Awareness. In J. Huerta, S. Schade, & C. Granell (Eds.), Connecting a Digital
Europe Through Location and Place (pp. 55–71). Cham: Springer
Hill, P. (2004). Ethics and Health Systems Research in “Post”-Conflict Situations. Developing
World Bioethics, 4, 139-153. LEELP IV: 447-462.
Hiltz, S., van de Walle, B., & Turoff, M. (2010). The Domain of Emergency Management
Information. In B. van de Walle, M. Turoff, & S. Büscher (Eds.), Information systems for
emergency management (pp. 3-20). New York: Sharpe.
Hollnagel, E., & Woods, D. D. (2005). Joint Cognitive Systems: Foundations of Cognitive
Systems Engineering. Boca Raton: CRC Press.
Holloway, C. M., Knight, J. C., & McDermid, J. A. (2014). Neither Pollyanna nor Chicken
Little: Thoughts on the Ethics of Automation. In IEEE International Symposium on Ethics
in Engineering, Science, and Technology; 23-24 May 2014; Chicago, IL; United States.
Retrieved from http://ntrs.nasa.gov/search.jsp?R=20140010015 [Accessed 30 December
2014]
Version 1.0: Final
Collaboration
Page 150 of 161
Hufnagel, S. (2008). German Perspectives on the Right to Life and Human Dignity in the “War
on Terror”. Criminal Law Journal, 32, 100-13. LEELP II: 443-462.
Hufnagel, S., & Roach, K. (Eds.). (2013). Introduction. In LEELP II: xi-xix.
Hutchins E (1995) Cognition in the wild. MIT Press, Bradford
Ignatieff, M. (2005). The Ethics of Emergency. In The Lesser Evil (pp. 25-53). Edinburgh:
Edinburgh University Press. LEELP I: 301-336.
Information and Privacy Commissioner/Ontario. (1995). Privacy-Enhancing Technologies: The
Path to Anonymity (Volume I). Retrieved from
https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-PapersSummary/?id=329
Ingram, J. C., Franco, G., Rumbaitis-del Rio, C., & Khazai, B. (2006). Post-Disaster Recovery
Dilemmas: Challenges in Balancing Short-Term and Long-Term Needs for Vulnerability
Reduction. Environmental Science and Policy, 9, 607-13. LEELP III: 279-286.
Introna, L. D. (2007). Maintaining the reversibility of foldings: making the ethics (politics) of
information technology visible. Ethics and Information Technology, 9(1), 11–25.
Retrieved from http://eprints.lancs.ac.uk/4729/
Introna, L., & Nissenbaum, H. (2007). Shaping the Web: why the politics of search engines
matters. In The Information Society (Vol. 16, pp. 169–185). Ashgate Publishing Company.
Retrieved from http://eprints.lancs.ac.uk/7993/
Introna, L., & Wood, D. (2004). Picturing algorithmic surveillance: the politics of facial
recognition systems. Surveillance Society, 2(2/3), 177–198.
Introna, L., & Wood, D. (2004). Picturing Algorithmic Surveillance: The Politics of Facial
Recognition Systems. Surveillance Society, 2(2/3), 177–198.
ISO. (2015). ISO 9241-210:2010 Ergonomics of human interaction- Part 210: Human-Centred
Design for Interactive Systems. Retrieved March 10, 2015, from
http://www.iso.org/iso/catalogue_detail.htm?csnumber=52075
Jarman, A., Sproats, K., & Kouzmin, A. (2000). Crisis Management: Toward a New
Informational “Localism” in Local Government Reform. International Review of Public
Administration, 5, 81-97. LEELP III: 33-50.
Jasanoff, S. (1994). Learning from Disaster: Risk Management After Bhopal. University of
Pennsylvania Press.
Jennings, B., & Arras, J. (2008). Ethical Guidance for Public Health Emergency Preparedness
and Response: Highlighting Ethics and Values in a Vital Public Health Service (pp. 1–
192). White Paper prepared for the Ethics Subcommittee, Advisory Committee to the
Director, Centers for Disease Control and Prevention, Atlanta.
http://www.cdc.gov/od/science/integrity/phethics/docs/White_Paper_Final_for_Website_2
012_4_6_12_final_for_web_508_compliant.pdf [Accessed 31 December 2014]
Jillson, I. (2010). Protecting the public, addressing individual rights. Ethical issues in
Emergency Management Information Systems for Public Health. In B. van de Walle, M.
Turoff, & S. Hiltz (Eds.), Information systems for emergency management (pp. 46-61).
New York: Sharpe.
Version 1.0: Final
Collaboration
Page 151 of 161
Joint Informatics Europe & ACM Europe Working Group on Informatics Education. (2013).
Informatics education: Europe cannot afford to miss the boat. Retrieved from
http://germany.acm.org/upload/pdf/ACMandIEreport.pdf
Keinonen, T. (2008). User-centered design and fundamental need. In Proceedings of the 5th
Nordic conference on Human-computer interaction building bridges - NordiCHI ’08 (p.
211). New York, New York, USA: ACM Press. doi:10.1145/1463160.1463183
Kensing, F., & Blomberg, J. (1998). Participatory Design: Issues and Concerns. Computer
Supported Cooperative Work, 7(3), 167–185. Retrieved from
http://www.springerlink.com/index/U0217104UN33633H.pdf
Keradisou, X, Buscher, M and Leigl, M (2015) Don’t Drone? Negotiating Ethics of RPAS in
Emergency Response
Kerasidou, X., Büscher, M., & Liegl, M. (2015 - forthcoming). Don’t Drone? Negotiating
Ethics of RPAS in Emergency Response. In L. Palen, M. Büscher, T. Comes, & A.
Hughes (Eds.) Proceedings of the 12th International ISCRAM Conference - Kristiansand,
May 24-27.
Kimbell, L. (2013). An inventive practice perspective on designing (working title) | Service
Design Research. Lancaster University. Retrieved from http://libweb.lancs.ac.uk
Klein, N., & Smith, N. (2008). The Shock Doctrine: A Discussion. Environment and Planning
D: Society and Space, 26, 582-95. LEELP III: 287-300.
Klontz, J. C., & Jain, A. K. (2013). A Case Study on Unconstrained Facial Recognition Using
the Boston Marathon Bombings Suspects.
http://www.cse.msu.edu/rgroups/biometrics/Publications/Face/KlontzJain_CaseStudyUnco
nstrainedFacialRecognition_BostonMarathonBombimgSuspects.pdf [accessed 16
February 2014]
Knight, K. (2013). Facing the future. Findings from the review of efficiencies and operations in
fire and rescue authorities in England. Her Majesty’s Stationery Office.
https://www.gov.uk/government/publications/facing-the-future [accessed 3rd March 2014]
Koua, E.L.; MacEachren, A.M.; Turtun, I.; Pezanowski, S.; Tomaszewski, B. and Frazier, T.
(2010). Conceptualizing a User-Support Task Structure for Geocollaborative Disaster
Management Environments. In B. van de Walle, M. Turoff, & S. Hiltz (Eds.), Information
Systems for Emergency Management. New York: Sharpe, 254-278.
Krajcikova, K. (2014). Drones´ Deployment by Frontex and Fundamental Rights and Civil
Liberties. PhD Thesis Twente University.
http://essay.utwente.nl/65420/1/Krajcikova_Kamila_BA_SMG.pdf [Accessed 28.6.2015]
Kreps, G. A., & Bosworth, S. L. (1993). Disaster, organizing, and role enactment: A structural
approach. American Journal of Sociology, 428–463.
Kristensen, M., Kyng, M., & Palen, L. (2006). Participatory Design in Emergency Medical
Service : Designing for Future Practice. In Organization (Vol. 1, pp. 161–170). Citeseer.
Retrieved from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.114.8464&rep=rep1&
type=pdf
Version 1.0: Final
Collaboration
Page 152 of 161
Kuutti, K., & Bannon, L.J. (2014). The turn to practice in HCI: Towards a research agenda. In
Proceedings of the 32nd annual ACM conference on Human factors in computing systems
(pp. 3543-3552). ACM.
Lagadec, P. (2009). A New Cosmology of Risks and Crises: Time for a Radical Shift in
Paradigm and Practice. Review of Policy Research, 26, 473-86. LEELP III: 51-64.
Langheinrich, M. (2001). Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems.
Proceeding UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous
Computing, pp. 273-291.
Larkin, G. (2010). Unwitting partners in death-the ethics of teamwork in disaster management.
The Virtual Mentor : VM, 12(6), 495–501.
Lash, S., & Urry, J. (1994). Economies of Signs and Space. Theory Culture and Society. Sage.
Latour, B. (1993). We have never been modern. Cambridge, Mass.: Harvard University Press.
Latour, B. (1996). On Interobjectivity, 3(4), 228–245.
Latour, B. (1999). A Collective of Humans and Non-Humans: Following Daedalus’s Labyrinth.
In Pandora’s Hope.
Latour, B. (2004). Politics of Nature: How to Bring the Sciences into Democracy. Cambridge,
Massachusetts, USA: Harvard University Press.
Latour, B. (2005). From Realpolitik to Dingpolitik or How to Make Things Public. In B. Latour
& P. Weibel (Eds.), Making Things Public-Atmospheres of Democracy. Cambridge, MA:
MIT, 1–31.
Latour, B. (2008). A Cautious Prometheus? A Few Steps Toward a Philosophy of Design (with
Special Attention to Peter Sloterdijk). In F. Hackney, J. Glynne, & V. Minton (Eds.),
Networks of Design Proceedings of the 2008 Annual International Conference of the
Design History Society (UK) University College Falmouth, 3-6 September. Boca Raton:
BrownWalker Press, 2-10.
Latour, B. & Venn, C. (2002). Morality and Technology: The End of the Means. Theory,
Culture & Society 19(5-6), 247-260
Latour, B., & Weibel, P. (2005). Making Things Public, Atmospheres of Democracy. (B. Latour
& P. Weibel, Eds.). Cambridge, Massachusetts, USA: MIT Press.
Latour, B. (1999). Pandora’s hope: Essays on the reality of science studies. Cambridge, MA:
Harvard University Press.
Latour, B. (1994) "On technical mediation – Philosophy, Sociology, Genealogy." Common
knowledge 3.2: 29-64.
Law, J. (2004). After method: Mess in social science research. Psychology Press.
Lecoututier, J., Rodgers, H., Ford, G.A., Rapley, T., Stobbart, L., Louw, S.J., & Murtagh, M.J.
(2008). Clinical Research without Consent in Adults in the Emergency Setting: A Review
of Patient and Public Views. BMC Medical Ethics, 29, 1-9. LEELP IV: 175-184.
Legrand, T., & McConnell, A. (Eds.). (2013). Introduction. In LEELP III: xvii-xxiii.
Letouzé, E., Meier, P., & Vinck, P. (2013). Big Data for Conflict Prevention: New Oil and Old
Fires. In F. Mancini (Ed.), New Technology and the Prevention of Violence and Conflict.
New York: International Peace Institute, 4–27.
Version 1.0: Final
Collaboration
Page 153 of 161
Levine, C. (2004). The Concept of Vulnerability in Disaster Research. Journal of Traumatic
Stress, 17, 395-402. LEELP IV: 115-122.
Levinson, S. (2006). Constitutional Norms in a State of Permanent Emergency. Georgia Law
Review, 40, 61-84. LEELP II: 371-422.
Liegl, M., Oliphant R. & Büscher, M. 2015: Ethically Aware IT Design for Emergency
Response: From Co-Design to ELSI Co-Design', in: Palen, Büscher, Comes & Hughes,
Hrsg.: Proceedings of the ISCRAM 2015 Conference - Kristiansand, May 24-27.
Lindblom, C. (1959). The Science of Muddling Through. Public Administration Review, 19(2),
79–88.
Luff, P., Hindmarsh, J., & Heath, C. (2000). Workplace Studies: Recovering Work Practice and
Informing System Design. Cambridge University Press. Retrieved from
http://www.amazon.co.uk/Workplace-Studies-Recovering-PracticeInforming/dp/0521598214
Lury, C., & Wakeford, N. (2012). Inventive Methods: The Happening of the Social (CRESC).
Routledge. Retrieved from http://www.amazon.co.uk/Inventive-Methods-HappeningSocial-CRESC/dp/0415574811
Manuell, M., & Cukor, J. (2011). Mother Nature versus Human Nature: Public Compliance with
Evacuation and Quarantine. Disasters, 35, 417-42. LEELP II: 219-244.
Marx, G. T. (2006). Ethics for the New Surveillance. The Information Society. Retrieved from
http://www.tandfonline.com/doi/abs/10.1080/019722498128809#.VP3CmkJhe2Q
May, Larry, and Stacey Hoffman, eds. (1992). Collective responsibility: Five decades of debate
in theoretical and applied ethics. Rowman & Littlefield Publishers.
McCarthy, C.R. (1995). To Be or Not to Be: Waiving Informed Consent in Emergency
Research. Kennedy Institute of Ethics Journal, 5, 155-62. LEELP IV: 23-30.
McMaster, R., & Baber, C. (2012). Multi-agency operations: Cooperation during flooding.
Applied Ergonomics, 43(1), 38–47. doi:10.1016/j.apergo.2011.03.006
Meier, P. (2014a) Using UAVs for Community Mapping and Disaster Risk Reduction in Haiti,
iRevolutions: From Innovations to Revolutions. http://irevolution.net/2014/07/09/uavs-fordisaster-risk-reduction-haiti/ [accessed 28.01.2015]
Meier, P. (2014b) Grassroots UAVs for Disaster Response, iRevolutions: From Innovations to
Revolutions. http://irevolution.net/2014/03/18/grassroots-uavs-for-disasterresponse/[accessed 28.01.2015]
Melles, G., de Vere, I., & Misic, V. (2011). Socially responsible design: thinking beyond the
triple bottom line to socially responsive and sustainable product design. CoDesign, 7(3-4),
143–154. Retrieved from
http://www.tandfonline.com/doi/abs/10.1080/15710882.2011.630473#.VP2qIUJhe2Q
Mendoza, M., Poblete, B., & Castillo, C. (2010). Twitter Under Crisis : Can we trust what we
RT ? Framework, 1060, 10.
Meroni, A., & Sangiorgi, D. (2011). Design for Services. Farnham: Gower.
Merton, R. K. (1936). The Unanticipated Consequences of Purposive Social Action. American
Sociological Review, 1(6), 894-904.
Version 1.0: Final
Collaboration
Page 154 of 161
Morelli, N. (2007). Social Innovation and New Industrial Contexts: Can Designers
“Industrialize” Socially Responsible Solutions? Design Issues, 23(4).
Moynihan, D. P. (2009). The Network Governance of Crisis Response: Case Studies of Incident
Command Systems. Journal of Public Administration Research and Theory, 19(4), 895–
915.
Moynihan, D.P. (2009). The Network Governance of Crisis Response: Case Studies of Incident
Command Systems. Journal of Public Administration Research and Theory, 19(4), 895–
915.
Mulder, I., & Stappers, P. J. (2009). Co-creating in Practice : Results and Challenges. In
Collaborative Innovation Emerging Technologies Environments and Communities
Proceedings of the 15th International Conference on Concurrent Enterprising ICE 2009
Leiden The Netherlands 22–24 June 2009 Centre for Concurrent Enterprise Nottingham
(pp. 22–24). Retrieved from http://www.amicommunities.eu/pub/bscw.cgi/S4b7fae0f/d494425/202_Ingrid_Mulder_and_Jan_Stappers.
pdf
Murphy, T. & Whitty, N. (2009). Is Human Rights Prepared? Risk, Rights and Public Health
Emergencies. Medical Law Review, 17, 219-44. LEELP I: 415-440.
New York State. (2014). Reimagining New York for a New Reality. 2014-15 New York State
Executive Budget. New York.
http://publications.budget.ny.gov/eBudget1415/fy1415littlebook/ReimaginingNewYork.pd
f [accessed 3rd March 2014]
Nietzsche, F. (2006). On The Genealogy of Morality. Ansell-Pearson, Keith (ed.). Cambridge:
Cambridge University Press.
Noble, K.T., White, C., & Turoff, M. (2014). Emergency Management Information System
Support Rectifying First Responder Role Abandonment During Extreme Events.
International Journal of Information Systems for Crisis Response and Management, 6(1),
65–78.
Nygaard, K. (1979). The Iron and Metal Project: Trade Union Participation. In A. Sandberg
(Ed.), Computers Dividing Man and Work - Recent Scandinavian Research on Planning
and Computers from a Trade Union Perspective. Swedish Center for Working Life, Demos
Project report no. 13,. Malmø, Sweden: Utbildningsproduktion.
O’Dempsey, T.J.D., & Munslow, B. (2006). Globalisation, Complex Humanitarian Emergencies
and Health. Annals of Tropical Medicine and Parasitology, 100, 501-15. LEELP III: 221238.
O’Neil, O. (1975). Lifeboat Earth. Philosophy and Public Affairs, 4, 273-92. LEELP I: 495-514.
Orlikowski, W. (1995). Evolving with Notes. Cambridge, MA: MIT. Retrieved from
http://ccs.mit.edu/papers/CCSWP186.html
Pagallo, U. (2011). Designing Data Protection Safeguards Ethically. Information, 2(4), 247–
265. Retrieved from http://www.mdpi.com/2078-2489/2/2/247/htm
Palen, L., Vieweg, S., Sutton, J., & Liu, S. B. (2009). Crisis Informatics : Studying Crisis in a
Networked World. Social Science Computer Review, 27(4), 467–480.
Version 1.0: Final
Collaboration
Page 155 of 161
Papanek, V. J. (1984). Design for the Real World: Human Ecology and Social Change.
Academy Chicago. Retrieved from
http://books.google.co.uk/books/about/Design_for_the_Real_World.html?id=gf5TAAAA
MAAJ&pgis=1
Patton, J. W., & Woodhouse, E. (2004). Design by Society: Science and Technology Studies
and the Social Shaping of Design 1. Design Issues, 20(3).
Pearson, S. (2009). Taking Account of Privacy When Designing Cloud Computing Services.
2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 4452.
Perng, S-Y., & Büscher, M. (2015 - forthcoming). Uncertainty and Transparency: Augmenting
Modelling and Prediction for Crisis Response. In L. Palen, M. Büscher, T. Comes & A.
Hughes (Eds.) Proceedings of the 12th International ISCRAM Conference - Kristiansand,
May 24-27.
Phillips, J. P., Grother, P., Michaels, R. J., Blackburn, D. M., Elham, T., & Bone, M. (2003).
Face Recognition Vendor Test 2002. Overview and Summary
http://biometrics.nist.gov/cs_links/face/frvt/FRVT_2002_Overview_and_Summary.pdf
Presentation at http://www.biometrics.org/bc2002/Phillips.pdf [Accessed 16 February
2014]
Pohl, D., Bouchachia, A., & Hellwagner, H. (2013). Social media for crisis management:
clustering approaches for sub-event detection. Multimedia Tools and Applications, 74(11),
3901–3932.
Polanyi, Michael (1958): Personal Knowledge. Towards a Post-Critical Philosophy, London:
Routledge and Kegan Paul.
Polanyi, Michael (1966): The Tacit Dimension, Garden City: Doubleday.
Pringle, J.D., & Cole, D.C. (2009). Health Research in Complex Emergencies: A Humanitarian
Imperative. Journal of Academic Ethics, 7, 115-23. LEELP IV: 377-386.
Pyles, L. (2011). Neoliberalism, INGO Practices and Sustainable Disaster Recovery: A PostKatrina Case Study. Community Development Journal, 46, 168-80. LEELP III: 319-332.
Quarantelli, E. L. and Russell R. Dynes. 1970. ‘‘Property Norms and Looting: Their Patterns in
Community Crises.’’ Phylon 31(2):168–182.
Quarantelli, E. L. and Russell R. Dynes. 1972. ‘‘When Disaster Strikes: It Isn’t Much Like
What You’ve Heard and Read About.’’ Psychology Today 5:67–70.
Ragin, D.F., Ricci, E., Rhodes, R., Holohan, J., Smirnoff, M., & Richardson, L.D. (2008).
Defining the “Community” in Community Consultation for Emergency Research:
Findings from the Community VOICES Study. Social Science & Medicine, 66, 1379-92.
LEELP IV: 185-198.
Rand, A. (1963). The Ethics of Emergencies. In The Virtue of Selfishness (pp. 39-45). New
York: Signet. LEELP I: 149-158.
Rawls, J. (1971). A Theory of Justice. Oxford.
Raymond, N., Howarth, C., & Hutson, J. (2014). Crisis Mapping Needs an Ethical Compass.
Global Brief. Retrieved February 12, 2015, from
http://globalbrief.ca/blog/2012/02/06/crisis-mapping-needs-an-ethical-compass/
Richardson, L.D., Rhodes, R., Ragin, D.F., & Wilets, I. (2006). The Role of Community
Consultation in the Ethical Conduct of Research without Consent. The American Journal
of Bioethics, 6, 33-35. LEELP IV: 199-202.
Version 1.0: Final
Collaboration
Page 156 of 161
Ripstein, A. (2005). In Extremis. Ohio State Journal of Criminal Law, 2, 415-34. LEELP I: 201220.
Rizza, C., Guimarães Pereira, Â & Curvelo, P. (2015 – forthcoming). “Do-it-yourself justice”:
considerations of social media use in a crisis situation: the case of the 2011 Vancouver
riots. IJISCRAM, 7.
Robinson, P. (2000). The Policy-Media Interaction Model: Measuring Media Power during
Humanitarian Crisis. Journal of Peace Research, 37, 613-33. LEELP III: 159-180.
Rosenstein, D.L. (2004). Decision-Making Capacity and Disaster Research. Journal of
Traumatic Stress, 17, 373-81. LEELP IV: 13-22.
Rosenthal, U. (2003). September 11: Public Administration and the Study of Crises and Crisis
Management. Administration and Society, 35, 129-43. LEELP III: 181-196.
Rubenstein, J. (2007). Distribution and Emergency. Journal of Political Philosophy, 15, 296320. LEELP I: 531-556.
Ryle, Gilbert (1945): “Knowing How and Knowing That,” in: Proceedings of the Aristotelian
Society 46, 1-16.
Samek, J.M. (2006). The Federal Response to Hurricane Katrina: A Case for Repeal of the
Posse Comitatus Act or a Case for Learning the Law?. University of Miami Law Review,
61, 441-65. LEELP II: 255-282.
Sanders, E., & Stappers, P. J. (2008). Co-creation and the new landscapes of design. CoDesign,
4(1), 5–18. Retrieved from
http://www.informaworld.com/openurl?genre=article&doi=10.1080/15710880701875068
&magic=crossref
Sandin, P., & Wester, M. (2009). The moral black hole . Ethical theory and moral practice,
12(3), 291–301. LEELP I: 75-86.
Saravanou, A., Valkanas, G., Gunopulos, D., & Andrienko, G. (2015). Twitter Floods when it
Rains: A Case Study of the UK Floods in early 2014, WWW'15 Companion Proceedings of
the 24th International Conference on World Wide Web, 1233–1238.
doi:10.1145/2740908.2741730
Schaar, P. (2010). Privacy by Design. Identity in the Information Society, 3(2), 267–274.
Retrieved from http://link.springer.com/10.1007/s12394-010-0055-x
Scheppele, K.L. (2006). North American Emergencies: The Use of Emergency Powers in
Canada and the United States. International Journal of Constitutional Law, 4, 213-43.
LEELP II: 131-162.
Scheuerman, W.E. (2006). Emergency Powers and the Rule of Law after 9/11. Journal of
Political Philosophy, 14, 61-84. LEELP II: 283-306.
Schmidt, K., & Bannon, L. J. (1992). Taking CSCW seriously. Computer Supported
Cooperative Work, 1(1), 7–40. doi:10.1007/BF00752449
Schmitt, C. (1985). Definition of sovereignty. In Political Theology: Four Chapters on the
Concept of Sovereignty, translated by George Schwab (pp. 5-15). Chicago: University of
Chicago Press. LEELP I: 3-14.
Seaman, C. B. (1999). Qualitative methods in empirical studies of software engineering. IEEE
Transactions on Software Engineering, 25(4), 557–572. Retrieved from
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=799955
Version 1.0: Final
Collaboration
Page 157 of 161
Sessions, R. (2009). The IT Complexity Crisis: Danger and Opportunity.
https://dl.dropboxusercontent.com/u/97323460/WebDocuments/WhitePapers/ITComplexit
yWhitePaper.pdf [Accessed 28 October 2014]
Shanley, L., Burns, R., Bastian, Z., & Robson, E. (2013). Tweeting up a Storm. The Promise
and Perils of Crisis Mapping. Retrieved February 12, 2015, from
http://www.wilsoncenter.org/sites/default/files/October_Highlight_865-879.pdf
Shapiro, D. (2005). Participatory Design: The Will to Succeed. Proceedings of the 4th
Decennial Conference on Critical Computing: Between Sense and Sensibility, Aarhus,
Denmark — August 21 - 25, 2005, 29–38.
Simonsen, J., & Hertzum, M. (2008). Participative design and the challenges of large-scale
systems: Extending the iterative PD approach. In J. Simonsen, T. Robetrtson, & D.
Hakken (Eds.), PDC2008: Proceedings of the Tenth Anniversary Conference on
Participatory Design (pp. 1–10). Bloomington, IN. Retrieved from
http://portal.acm.org/citation.cfm?id=1795234.1795236
Simonsen, J., Baerenholdt, J. O., Büscher, M., & Damm Scheuer, J. (Eds.) (2010). Design
research: synergies from interdisciplinary perspectives. London: Routledge.
Singer, P. (1972). Famine, Affluence and Morality. Philosophy and Public Affairs, 1, 229-43.
LEELP I: 515-530.
Sismondo, S. (2008a). Science and Technology Studies and an Engaged Program. In E. J.
Hackett, O. Amsterdamska, M. Lynch, & J. Wajcman (Eds.), The handbook of Science and
Technology Studies (pp. 13–31). The MIT Press %7 Third Edition. Retrieved from
http://www.loc.gov/catdir/toc/ecip078/2007000959.html
Smith, A. (2013). Smartphone Ownership – 2013 Update. Retrieved August 8, 2015, from
http://boletines.prisadigital.com/PIP_Smartphone_adoption_2013.pdf
Snider, L. (2004). Resisting Neo-Liberalism: The Poisoned Water Disaster in Walkerton,
Ontario. Social and Legal Studies, 13, 265-89. LEELP III: 443-468.
Solove, D. J. (2011). Nothing to Hide: The False Tradeoff Between Privacy and Security. New
Haven: Yale University Press.
Sorrell, T. (2002). Morality and Emergency. Proceedings of the Aristotelian Society, 103, 2137. LEELP I: 15-32.
Spiekermann, S. (2012). The challenges of privacy by design. Communications of the ACM, 55,
38. doi:10.1145/2209249.2209263
Statman, D. (2006). Supreme Emergencies Revisited. Ethics, 117, 58-79. LEELP I: 375-396.
Stirling, A. (2008). “Opening up” and “closing down” power, participation, and pluralism in the
social appraisal of technology, 262–294. doi:10.1177/0162243907311265
Storni, C. (2012). Unpacking Design Practices: The Notion of Thing in the Making of Artifacts.
Science, Technology & Human Values, 37, 88–123. doi:10.1177/0162243910392795
Suchman, L. (1994). Do categories have politics? Computer Supported Cooperative Work, 2(3),
177–190. Retrieved from http://www.springerlink.com/index/10.1007/BF00749015
Suchman, L. (2000). Embodied Practices of Engineering Work. Mind, Culture, and Activity,
7(1&2), 4–18.
Version 1.0: Final
Collaboration
Page 158 of 161
Suchman, L. (2007). Human-Machine Reconfigurations (p. 314). Cambridge University Press.
Suchman, L. (2007b). Feminist STS and the Sciences of the Artificial. In E. Hackett, O.
Amsterdamska, M. Lynch & J. Wajcman (Eds.), The Handbook of Science and
Technology Studies, Third Edition (pp. 139-163). Cambridge, MA: MIT Press.
Tapia, A., & LaLone, N. (2015 – forthcoming). Crowdsourcing Investigations: Crowd
Participation in Identifying the Bomb and Bomber from the Boston Marathon Bombing.
IJISCRAM, 7.
Taylor, A., & Vincent, J. (2005). An SMS History. In L. Hamill, A. Lasen, & D. Diaper (Eds.),
Mobile World (pp. 75–91). New York: Springer-Verlag. doi:10.1007/1-84628-204-7
Telford, J., & Cosgrave, J. (2007). The International Humanitarian System and the 2004 Indian
Ocean Earthquake and Tsunamis. Disasters, 31, 1-28. LEELP III: 333-362.
Thrift, N. (2005). Knowing Capitalism. London: Sage.
Thrift, N. (2011). Lifeworld Inc—and what to do about it. Environment and Planning D:
Society and Space, 29, 5–26.
Tierney, K. (2006). Metaphors Matter: Disaster Myths, Media Frames, and Their Consequences
in Hurricane Katrina. The ANNALS of the American Academy of Political and Social
Science, 604(1), 57–81.
Törpel, B., Voss, A., Hartswood, M., & Procter, R. (2009). Participatory Design: Issues and
Approaches in Dynamic Constellations of Use, Design and Research. In A. Voss, M.
Hartswood, R. Procter, M. Rouncefield, R. S. Slack, & M. Buscher (Eds.), Configuring
User-Designer Relations. London: Spring-Verlag.
Toohey, K., & Taylor, T. (2014). Managing Security at the World Cup. In S. Frawley & D.
Adair (Eds.), Managing the Football World Cup (pp. 175–196). Basingstoke: Palgrave
Macmillan.
Turoff, M., Chumer, M., van De Walle, B., Yao, X., & Chumer, M. (2004). The Design of a
Dynamic Emergency Response Management Information Systems ( DERMIS ). Journal of
Information Technology Theory and Application, 5(4), 1–36.
Tushnet, M. (2003). Defending Korematsu?: Reflections on Civil Liberties in Wartime.
Wisconsin Law Review, 273-307. LEELP II: 95-130.
van de Walle, B., Turoff, M., & Hiltz, S. (Eds.) (2010). Information systems for emergency
management. New York: Sharpe.
Van Gorp, A. (2009). Ethics in and During Technological Research; An Addition to IT Ethics
and Science Ethics. In P. Sollie & M. Düwell (Eds.), Evaluating New Technologies (Vol.
3). Dordrecht: Springer Netherlands. doi:10.1007/978-90-481-2229-5
Vertigans, S. (2010). British Muslims and the UK Government’s “War on Terror” Within:
Evidence of a Clash of Civilizations or Emergent De-civilizing Processes? The British
Journal of Sociology, 61(1), 26–44.
Vieweg, S. (2012) Situational Awareness in Mass Emergency: A Behavioral and Linguistic
Analysis of Microblogged Communications. PhD Thesis Clorado Boulder.
http://works.bepress.com/vieweg/15/ [Accessed 1st August 2015]
Vieweg, S., Hughes, A. L., Starbird, K., & Palen, L. (2010). Microblogging During Two
Natural Hazards Events: What Twitter May Contribute to Situational Awareness. In
Version 1.0: Final
Collaboration
Page 159 of 161
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp.
1079-1088). ACM.
Vieweg, S., Palen, L., Liu, S., Hughes, A., & Sutton, J. (2008). Collective Intelligence in
Disaster: An examination of the phenomenon in the aftermath of the 2007 Virginia Tech
shooting. In F. Fiedrich, & B. Van de Walle (Eds.), Proceedings of the 5th International
ISCRAM Conference. Retrieved February 12, 2015, from
http://www.iscramlive.org/dmdocuments/ISCRAM2008/papers/ISCRAM2008_Vieweg_et
al.pdf
Visser, F. S., Stappers, P. J., van der Lugt, R., & Sanders, E. B.-N. (2005). Contextmapping:
experiences from practice. CoDesign, 1(2), 119–149. Retrieved from
http://www.tandfonline.com/doi/abs/10.1080/15710880500135987#.VP2PFkJhe2Q
Von Schomberg. (2013). A vision of responsible research and innovation. In R. Owen, M.
Heintz, & J. Bessant (Eds.), Responsible Innovation, Managing the Responsible
Emergence of Science and Innovation in Society (pp. 51–74). John Wiley & Sons.
Wahlgren, P. (2013). Legal Risk Analysis. A Proactive Legal Method. Stockholm: Stockholm
University.
Walzer, M. (2006). Emergency Ethics. In Arguing about War (pp. 33-50). New Haven, CT:
Yale University Press. LEELP I: 337-356.
Wang, W., Joshi, R., Kulkarni, A., Leong, W. K., & Leong, B. (2013). Feasibility Study of
Mobile Phone WiFi Detection in Aerial Search and Rescue Operations. In Proceedings of
the 4th Asia-Pacific Workshop on Systems. New York, NY, USA: ACM.
doi:10.1145/2500727.2500729
Watson, H., & Finn, R. (2015 – forthcoming) Ethical and privacy implications of the use of
social media during the Eyjafjallajokull eruption crisis. IJISCRAM, 7.
Waugh, W. L. Jr., & Streib, G. (2006). Collaboration and Leadership for Effective Emergency
Management. Public Administration Review, 66, 131-40. LEELP II: 245-254.
Webb, G. R., & Chevreau, F.-R. (2006). Planning to improvise: the importance of creativity and
flexibility in crisis response, 3(1), 66–72.
Webb, G. R., Beverly, M., McMichael, M., Noon, J., & Patterson, T. (1999). Role improvising
under conditions of uncertainty: A classification of types.
http://putnam.lib.udel.edu:8080/dspace/handle/19716/666
Weber, S. G., & Gustiené, P. (2013). Crafting Requirements for Mobile and Pervasive
Emergency Response based on Privacy and Security by Design Principles. International
Journal of Information Systems for Crisis Response and Management, 5(2), 1–18.
Weick, K. (1993). The Collapse of Sensemaking in Organizations: The Mann Gulch Disaster.
Administrative Science Quarterly, 38(4), 628–652.
Weiser, M. (1991). The Computer for the Twenty-First Century. Scientific American, 265(3),
107–114. Retrieved from http://www.springerlink.com/index/u4428p7158361143.pdf
Weiser, M. (1994a) The world is not a desktop, ACM Interactions 1(1), 7-8.
Weitzner, D. J., Abelson, H., Hanson, C., Hendler, J., Kagal, L., McGuinness, D. L., Sussman,
G. J., et al. (2006). Transparent Accountable Data Mining: New Strategies for Privacy
Version 1.0: Final
Collaboration
Page 160 of 161
Protection. Artificial Intelligence. MIT CSAIL Technical Report-2006-007.
http://www.w3.org/2006/01/tami-privacy-strategies-aaai.pdf [Accessed 27 September
2014].
Welsh, I and Wynne, B. 2013 Science, Scientism and Imaginaries of publics in the UK: Passive
Objects, Incipient threats, Science as Culture, Vol22, 4, 540-566
Welsh, Ian, & Wynne, B. (2013). No Title. Science as Culture, 22(4), 540–566.
Wenger, Dennis and Barbara Friedman. (1986). ‘‘Local and National Media Coverage of
Disaster: A Content Analysis of the Print Media’s Treatment of Disaster Myths.’’
International Journal of Mass Emergencies and Disasters 4(3): 27–50.
Wenger, Dennis E., James D. Dykes, Thomas D. Sebok, and Joan L. Neff. (1975). ‘‘It’s a
Matter of Myths: An Empirical Examination of Individual Insight into Disaster
Response.’’ Mass Emergencies 1:33–46.
Wigley, S. (2009). Disappearing without a Moral Trace? Rights and Compensation during
Times of Emergency. Law and Philosophy, 28, 617-49. LEELP I: 87-120.
Williams, S. (2009). Rethinking the Nature of Disaster: From Failed Instruments of Learning to
a Post-Social Understanding. Social Forces, 87, 1115-38. LEELP III: 469-492.
Winograd, T., & Flores, F. (1987). Understanding Computers and Cognition: A New
Foundation for Design. Addison Wesley. Retrieved from
http://www.amazon.co.uk/Understanding-Computers-Cognition-FoundationDesign/dp/0201112973
Woolgar, S. (1990). Configuring the user: the case of usability trials. The Sociological Review,
38, 57-99.
Wright, D. (2011). A framework for the ethical impact assessment of information technology.
Ethics and Information Technology, 13(3), 199–226.
Wright, D., & Friedewald, M. (2013). Integrating privacy and ethical impact assessments.
Science and Public Policy, 40(6), 755–766. Retrieved from
http://spp.oxfordjournals.org/content/40/6/755.short
Wright, D., Mordini, E., & DeHeert, P. (2012). Privacy Impact Assessment. (D. Wright & P.
DeHeert, Eds.). Springer Netherlands. Retrieved from
http://www.springer.com/law/international/book/978-94-007-2542-3
Wynne, B. (2006). Public engagement as a means of restoring public trust in science--hitting the
notes, but missing the music? Community Genetics, 9(3), 211–20. Retrieved from
http://europepmc.org/abstract/med/16741352
Wynne, B. & Felt, U. and (2007). Taking European Knowledge Society Seriously. Report of the
Expert Group on Science and Governance to the Science, Economy and Society
Directorate, Directorate-General for Research, European Commission. Directorate General
for Research 2007 Science, Economy and Society.
http://www.bmbf.de/pub/EuropeanKnowledge(6).pdf [Accessed 30 Dember 2014]
Yanmaz, E. (2012). Connectivity versus area coverage in unmanned aerial vehicle networks. In
2012 IEEE International Conference on Communications (ICC) (pp. 719–723).
doi:10.1109/ICC.2012.6364585
Version 1.0: Final
Collaboration
Page 161 of 161
Yeo, K. T. (2002). Critical failure factors in information system projects. International Journal
of Project Management, 20(3), 241–246. Retrieved from
http://linkinghub.elsevier.com/retrieve/pii/S0263786301000758
Zack, N. (2009). Lifeboat Ethics and Disaster: Should we Blow Up the Fat Man?. In Ethics for
Disaster (pp. 33-48). Lanham, MD: Rowman and Littlefield. LEELP I: 59-74.
Zack, N. (2010). Ethics for Disaster. Rowman & Littlefield Publishers.
Zoeteman, B.C.J., Kersten, W.C., Vos, W.F., van de Voort, L., & Ale, B.J.M. (2010).
Communication Management during Risk Events and Crises in a Globalised World:
Predictability of Domestic Media Attention for Calamities. Journal of Risk Research, 13,
279-302. LEELP III: 197-220.
Zuckerman, I. (2006). One Law for War and Peace? Judicial Review and Emergency Powers
between the Norm and the Exception. Constellations, 13, 522-45. LEELP II: 39-62.
Zwi, A.B., Grove, N.J., MacKenzie, C., Pittaway, E., Zion, D., Silove, D., & Tarantola, D.
(2006). Placing Ethics in the Centre: Negotiating New Spaces for Ethical Research in
Conflict Situations. Global Public Health, 1, 264-277. LEELP IV: 433-446.
Zwolinski, M. (2008). The Ethics of Price Gourging. Business Ethics Quarterly, 18, 347-78.
LEELP I: 267-300.
Version 1.0: Final

d12 - BRIDGE Project

Transcription

Similar documents

info! - American Senior Communities

Salginatobel Bridge

Peter J. Crosa ETHICS

Peter J. Crosa ETHICS

fantome windjammer

Building Bridges - Bridge of Hope Centre County

GRUE TOUT-TERRAIN DE 1500 TONNES PRÈS DE LA CHUTE

London Bridge Redevelopment

Presentation English Dortmund 2014

Social Work - IUPUI Alumni Relations