There is a need for a more informed understanding of the balance between individuals’ privacy and free speech, and society’s need for security, in the context of open data practices. However, the research on open data and the related open government movement are mostly  focused on the potential innovation in open data practices, less on security and privacy (Hansson & Ekenberg, 2014;Janssen, et. al. 2012; Maier-Rabler & Huber, 2011).  Open data means that datasets are published online with the explicit goal of open reuse, meaning that these datasets can be legally and technically used in the provision of services by third parties such as individual developers, entrepreneurs or other actors. Because of its usually technical characteristics, many factors of cyber security are often too easily neglected in policy making and development of regulatory frameworks for institutions responsible for cyber security (Janssen, 2011).

The quality of the data is one aspect of transparency: in a theoretical article on transparency, Fung (2013) suggests that “The important info might not even be in the data”. Another problem is that open data policies generally make available only documents that already exist, not the ones that might be useful or that could be the most relevant (Fung, 2013). To ensure that important data is produced and accessible, strong non-governmental collective actors, are needed to ensure citizens the right to information (Ibid). Likewise, Parasie & Dagiral (2012)  question the single focus on government data in the open data discussion, emphasising the importance of ensuring alternative data sources.

In discussing open data related services, there is a growing need to understand how the released datasets turn to economic or social value and especially how surveillance is related to this value creation and capture. Open data refers to released datasets available on the Internet for use, further distribution and use as input in applications (Zuiderwijk et al., 2014; Janssen et al., 2012; Berners-Lee and Shadbolt, 2011). Such data include, for example, astronomical and climatological measurements, cartographic and traffic data, economic or demographic statistics, patient data from medical trials and qualitative interviews conducted for an academic dissertation. Since data management, storage and distribution technologies have advanced, data have recently been recognized as a primary resource in commercial and societal activities. In contrast to many other resources, data have the basic property of often being non-rival, meaning that their use by one party does not decrease their availability to others.

Public funding and individual work may bring a successful service system about if they provide the required design of service and collection and maintenance of data repositories (and application) (Kuk and Davies, 2011). However, most of these development activities will incur costs if conducted professionally. This cost can be carried by public funding (national, local), individual enthusiasts that develop these services or by private investment. Private investment could be directed to the different actors that partake in the provision of service in the different stages of the chain that turns raw data to user service, such as the data releaser, consultant, visualisation expert, or the entity responsible for the provision of service (Lindman, Rossi, Kinnari, 2014). However, in order to provide compelling bases for the investment, the revenue source for the investee should be clear, as well as the risks in running the service. In order to attract private investment, sustainable revenue sources for different actors need more attention.

In earlier contexts such as print media, there was still a significant marginal distribution cost. With the Internet, this cost is going down rapidly. In many countries, for example, it is common to get sales revenue to cover government data production costs: a perfectly rational approach prior to the emergence of the Web that is now a barrier leading to sub-optimal data usage.

We need to better balance the need of a private sphere and the need of measures to secure reliable information for the society at large. We also need more resilient societal information practices against unlawful cyber actions from governments, authorities, private enterprises, or individuals. Governments and authorities have a legitimate need for information in order to protect citizens’ safety and well-being. Similarly, citizens have a legitimate need for transparency and privacy. This interaction is very sensitive and requires a transparent and systematic discussion on similar terms. However, it has become increasingly clear that there is serious abuse of the opportunities offered by new technologies to extract and analyze information (See e.g.Ahmed & Chander, 2015; Lyon, 2014; Radu, et al 2014).

Given the increasing attention put on online surveillance during the recent decade, the trade-off between the privacy and security dimensions in an open society must be better understood from multiple perspectives and managed properly in order both to uphold basic citizen rights and to support democratic values like autonomy, free thought and open expression. Thus, any policy aimed to improve security should be balanced against privacy and integrity and the trade-offs should be thoroughly analyzed. It is therefore important that the trade-offs between different conflicting dimensions of security are transparent and explicitly addressed. If not, the full range of possible options will not be explored.

Even though more than 50% of the scholarly papers on information security focus on privacy rather than technical issues (Zafar and Guynes Clark 2009), the common policy evaluation methodologies are not capable of evaluating the abovementioned balance very well, in particular the need to simultaneously take a variety of objectives into account and treat the trade-offs rationally, cf., e.g., (Höne and Eloff 2002; Siponen and Iivari 2006). The complexity is further increased through the different perspectives and interests of various stakeholders. Furthermore, no clear answers exist but only a limited range of acceptable solutions can be defined and communicated. Some attempts have been completed on the organizational level, e.g., (Dhillon and Torkzadeh 2006) advocating a decision analysis approach to assess IT security solutions to the underlying values of the organization itself. Other attempts focus on this balance in the systems design and software development, cf. (Elahi and Yu 2007; Clark Guynes et al. 2009).

An illustration of current regulatory attempts within the topic area is the upcoming EU regulation on the protection of individuals with regard to the the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR) expected to come into force 2018. The EU Data Protection Reform also includes a Data Protection Directive for the police and criminal justice sector (Reform of EU data protection rules – European Commission, n.d.).

However, there is a lack of understanding of the trade-off between the privacy and security dimensions in an open data context with multiple intersecting perspectives,  and there is a need for policies on how to uphold a reasonable level of basic citizen rights to privacy and the opportunity to speak freely.

The assessment criteria used in analyses in these contexts often results from a set of stakeholder workshops, naturally delimiting the selection of criteria since it will become dependent on the interests and the know-how of the limited set of invited stakeholders. This is the approach used and reported on in numerous case studies of decision analysis practice on the policy level, e.g., (Dhillon 2006; Danielson et al. 2008; Geldermann et al. 2009; Hansson et al. 2011; Danielson and Ekenberg 2013). However, these practices are not necessarily organized in invited spaces: they tend to emerge spontaneously and to be based on common concerns created by the particular situation at hand (Fung 2006).

Previous attempts on providing ICT tools supporting this task has mainly focused on finding procedures for the incorporation of decision data obtained from decision makers and experts. Less work has been done on the means for providing information on both the public’s views, values, and opinions.  While there have been some directed polls initiated as well as quick searches through published datasets and reports, these techniques do not sufficiently relay the public’s views.Traditional methods for gathering opinions limited to polls, surveys and on-line portals are open to biases which arise from the framing of questions and self-selection of respondents.  It is also expensive to design these techniques as well as adapt the means used for gathering the information. Furthermore, additional efforts must be put on the identification of relevant datasets and the understanding  of a complex network of stakeholders and stakeholder interactions, all activities which could be effectively facilitated by novel methods for searching online data.

References

Ahmed, U., & Chander, A. (2015). Information Goes Global: Protecting Privacy, Security, and the New Economy in a World of Cross-Border Data Flows. Retrieved from http://papers.ssrn.com/abstract=2731888

Arvai, J. L., Gregory, R., McDaniels, T. L. (2001). Testing a structured decision approach: Value-focused thinking for deliberative risk communication. Risk Analysis 21(6): 1065-1076.

Clark Guynes, J., Beebe Lang, N., Williams, K., and Shepherd, L. (2009). Security and privacy governance: Criteria for systems design. Journal of Information Privacy and Security 5(4): 3-30.

Danielson, M., Ekenberg, L., Ekenberg, A., Hökby, T., and Lidén, J. (2008). Decision process support for participatory democracy. Journal of Multi-Criteria Decision Analysis 15: 15-30.

Danielson, M. and Ekenberg, L. (2013). A risk-based decision analytic approach to assessing multi-stakeholder problems. Advances in Natural and Technological Hazards Research 32: 231-244.

Danielson, M.  and Ekenberg, L. (2015). The Car Method for using Preference Strength in Multi-Criteria Decision Making Group Decision and Negotiation, 10.1007/s10726-015-9460-8.

Dhillon, G., Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal 16: 293-314.

Elahi, G. and Yu, E. (2007). A goal-oriented approach for modeling and analyzing security trade-offs. Conceptual Modeling – ER 2007, Lecture Notes in Computer Science 4801: 375-390.

Fung, a. (2013). Infotopia: Unleashing the Democratic Power of Transparency. Politics & Society, 41(2), 183–212.  

Geldermann, J., Bertsch, V., Treitz, M., French, S., Papamichail, K. N., and Hämäläinen, R. P. (2009). Multi-criteria decision support and evaluation of strategies for nuclear remediation management. Omega 37: 238-251.

Gregory, R. S. (2002). Incorporating value trade-offs into community-based environmental risk decisions. Environmental Values 11(4): 461-488.

Hansson, K., Larsson, A., Danielson, M., and Ekenberg, L. (2011). Coping with complex environmental and societal flood risk management decisions: An integrated multi-criteria framework. Sustainability 3(9): 1357-1380.

Hansson, K., Belkacem, K., & Ekenberg, L. (2014). Open government and democracy: A research review. Social Science Computer Review, (December).

Hansson, K., & Ekenberg, L. (2016). Embodiment and gameplay in networked publics. International Journal of Public Administration in the Digital Age (IJPADA), (Forthcoming).

Höne, K. and Eloff, J. H. P. (2002). Information security policy – what do international information security standards say? Computers & Security 21(5): 402-409.

Janssen, M., Charalabidis, Y., & Zuiderwijk, A. (2012). Benefits, Adoption Barriers and Myths of Open Data and Open Government. Information Systems Management, 29(4), 258–268. doi:10.1080/10580530.2012.716740

Janssen, K. (2011). The influence of the PSI directive on open government data: An overview of recent developments. Government Information Quarterly, 28(4), 446–456. doi:10.1016/j.giq.2011.01.004

Ibrahim, O. and Larsson, A. (2016). Labelled causal maps for simulation of policy options. Submitted manuscript.

Karlgren, Jussi, Magnus Sahlgren, Fredrik Olsson, Fredrik Espinoza and Ola Hamfors. 2012. Profiling Reputation of Corporate Entities in Semantic Space. In: P. Forner, J. Karlgren, and C. Womser-Hacker (eds.) RepLab Notebook CLEF 2012.

Karlgren, Jussi, Magnus Sahlgren, Fredrik Olsson, Fredrik Espinoza, and Ola Hamfors. 2012. Usefulness of Sentiment Analysis. In: Ricardo Baeza-Yates, Arjen P. Vries, Hugo Zaragoza, B. Barla Cambazoglu, and Vanessa Murdock (eds.) Proceedings of the 34th European conference on Advances in Information Retrieval (ECIR’12), Springer.

Kivunike, F., Ekenberg, L., Danielson, M. and Tusubira, F. (2015) Using a Structured Approach to Evaluate ICT4D: Healthcare Delivery in Uganda, The Electronic Journal of Information Systems in Developing Countries, Vol. 66(8), pp. 1–16.

1. Kuk, and T. Davies, “The Roles of Agency and Artifacts in Assembling Open Data Complementarities”, International Conference on Information Systems, Shanghai, December.

Lindman, J., T. Kinnari, and M Rossi, “Industrial Open Data: Case Studies of Early Open Data Entrepreneurs”, HICSS2014, Hawaii, 2014.

Lyon, D. (2014). Surveillance, Snowden, and Big Data: Capacities, consequences, critique. Big Data & Society, 1(2), 2053951714541861. doi:10.1177/2053951714541861

Maier-rabler, U., & Huber, S. (2011). “ Open ”: the changing relation between citizens , public administration , and political authority. eJournal of eDemocracy and Open Government (JeDEM), 3(2), 182–191.

Mihai, A. Marincea, A. and Ekenberg, L. (2015). A MCDM Analysis of the Roşia Montană Gold Mining Project, Sustainability Vol. 2015(7), pp. 7261–7288, doi:10.3390/su7067261.

Moradian, E. and Kalinina, M. (2013). Decision support for assessment of IT-security risks. Proceedings of the International Conference on Security and Management.

Parasie, S., & Dagiral, E. (2012). Data-driven journalism and the public good: “Computer-assisted-reporters” and “programmer-journalists” in Chicago. New Media & Society, 15(6), 853–871.  

Radu, R., Chenou, J.-M., & Weber, R. H. (Eds.). (2014). The Evolution of Global Internet Governance. Berlin, Heidelberg: Springer Berlin Heidelberg. doi:10.1007/978-3-642-45299-4

Reform of EU data protection rules – European Commission. (n.d.). Retrieved March 7, 2016, from http://ec.europa.eu/justice/data-protection/reform/index_en.htm

Riabacke, M., Åström, J., and Grönlund, Å. (2011). eParticipation galore? Extending multi-criteria decision analysis to the public. International Journal of Public Information Systems 7(2): 79-99.

Sahlgren, Magnus and Karlgren, Jussi (2009) Terminology mining in social media. In: The 18th ACM Conference on Information and Knowledge Management (CIKM 2009), 2-6 Nov 2009, Hong Kong.

Siponen, M. and Iivari, J. (2006). Six design theories for IS security policies and guidelines. Journal of the Association for Informations Systems 7(7): 445-472.

Zafar, H. and Clark Guynes, J. (2009). Current state of information security research in IS. Communications of the AIS 24(34): 557-596.