user attitudes around key management, and their impact on

User Attitudes around Key Management,

and their Impact on Blockchain

Technology Adoption

Daniel Jozsef

Information Security, master's level (120 credits)

2019

Luleå University of Technology

Department of Computer Science, Electrical and Space Engineering

Luleå Tekniska Universitet Daniel Jozsef, [email protected]

The song of the wolves

Loud the storm is howling Under a thundery sky.

The twin sons of winter, Snow and rain, sleet by.

It is a barren plainland We chose for abiding. Not a bush grows there For shelter or hiding.

Hunger gnaws the belly, Cold gnaws the bone,

Two torturers who will not Leave us alone.

And there, the third torturer, Guns loaded with lead:

On the white, white snow Our blood drips red.

Freezing and starving And peppered with shot. Yes, our lot is misery … But Freedom is our lot!

The song of the dogs

Loud the storm is howling under a thundery sky.

The twin sons of winter, snow and rain, sleet by.

What's that to us? We have our hearth-side, by the grace

of our good kind Master who gave us this place.

We shall not die of hunger. Our Master wills it thus.

When he has fed his fullest the leavings are for us.

True, his whip sometimes cracks, and the weals

it leaves are most painful; but a dog's hurt soon heals.

And then our Master calls us, his sudden anger over, and with true gratitude on his boots we slobber.

1847 Sándor Petőfi

translation by G. S. Fraser

1


Table of Contents Table of Contents 2

Index of Figures and Tables 5

Abstract 6

1 Introduction 6

1.1 Related work 8

1.2 Identifying the knowledge gap 10

1.3 Research questions 10

2 Theory 11

2.1 Attitudes, values and behavior 11

2.2 Information technology and individual psychology 13

2.3 Information technology and society 16

2.4 Digital sovereignty 18

2.5 The revolution of trust: from PGP to blockchain 19

2.6 Cryptographic identity on the blockchain 20

3 Research design 23

3.1 A qualitative approach 23

3.2 Sampling decisions 23

3.3 Data collection 24

3.4 Analysis design 25

3.5 Delimitation and bias 25

3.6 Literature review approach 26

4 Results: Seven stories about identity 28

4.1 Alice 28

4.2 Beatrice 29

2


4.3 Carol 31

4.4 Diana 32

4.5 Ethan 33

4.6 Fiona 35

4.7 George 36

5 Analysis 37

5.1 The worth of self-sovereignty 37

5.2 Users’ underlying values 38

5.2.1 Conservatism 38

5.2.2 Convenience 38

5.2.3 Independence (political) 38

5.2.4 Independence (practical) 39

5.2.5 Productivity 39

5.2.6 Privacy 39

5.2.7 Recourse from human error 39

5.2.8 Savviness 40

5.2.9 Security and safety 40

5.3 Some user beliefs 40

5.3.1 “Passwords are inadequate” 40

5.3.2 “Physical tokens are inadequate” 40

5.3.3 “Service providers can’t be trusted” 41

5.3.4 “I cannot be trusted” 41

5.3.5 “Self-sovereign identity is safer” 41

5.3.6 “You can’t prepare for a real emergency” 42

5.3.7 “Identity should be recoverable” 42

5.3.8 “Transactions should be revocable” 42

3


5.3.9 “One key good, many keys bad” 42

5.4 User archetypes 43

5.4.1 “The pragmatist” 44

5.4.2 “The self-doubter” 44

5.4.3 “The cyber-conscious” 45

5.4.4 “The futurist” 46

5.5 Designing for the archetypes 46

5.5.1 Increased trust at no user cost 46

5.5.2 Hybrid identity models 47

5.5.3 Less painful self-sovereignty 47

5.5.4 Choosing authentication form factors 47

6 Discussion 49

6.1 Anxiety and playfulness 49

6.2 Self-efficacy 51

6.3 Acceptance of risk in old and new technologies 51

6.4 Result demonstrability 52

6.5 Value conflicts in online identity 52

6.6 Further hints for operationalizing results 54

Conclusion 55

References 56

Appendix: Interview structure 59

4


Index of Figures and Tables Figure 1. The refined Theory of Planned Behavior, adapted from (Ajzen, 2001) 12

Figure 2. The TAM with groups of precursor variables to both key beliefs, adapted from (Venkatesh, 2000; Venkatesh & Davis, 1996; Venkatesh & Davis, 2000)

15

Figure 3. Value conflicts in information technology adoption, adapted from (Leidner & Kayworth, 2006)

17

Figure 4. Values and beliefs behind online behavior by user archetype 43

Figure 5. User archetypes by playfulness and risk aversion 50

Figure 6. Perceived alignment and conflict between values and identity technologies 53

5


Abstract The following study examines the background of users’ decisions about their behavior concerning online identity, specifically looking at the acceptance or rejection of self-sovereign identity solutions and the technologies that support them: blockchain and asymmetric encryption. A qualitative analysis is presented of typical user narratives concerning online behavior, while exploring the cultural values underlying users’ decisions about accepting or rejecting new, potentially emancipatory technologies. The results include inventories of values and beliefs that played a key part in informing the respondents’ behaviors, and presents four distilled narratives of reasoning about online identity in the form of the archetypes of the Pragmatist, the Self-doubter, the Cyber-conscious and the Futurist user, each representing a specific set of values, beliefs and their interplay resulting in specific intentions and behaviors, along with design guidelines for innovative blockchain technologies based on the user expectations in these narratives. The research concludes with relating the findings to existing theory, and proposing a number of quantitatively testable hypotheses for the refinement of technology acceptance research in the specific domain of online security and identity.

1 Introduction

Blockchains, also referred to as “distributed ledgers”, implement a distributed, immutable (append-only) transactional database reliant on an automated trustless consensus of equal independent parties (Aste et al., 2017). Especially large-scale public blockchains such as Bitcoin (the distributed payment processing network that pioneered the blockchain concept) provide a form of notary service independent of traditionally required trusted third parties such as banks or governments, vouching for the Integrity, Authenticity and Non-repudiability of recorded transactions (Aste et al., 2017; Krombholz et al., 2016).

Even though the legal frameworks around blockchain are still in their infancy, blockchain transactions have already been readily accepted as evidence in a court of law in the Silk Road darknet marketplace trial, a criminal case where a drug-, and arms trafficking site that used Bitcoin for payment was shut down, and its operators indicted (McConaghy et al., 2017). While blockchain solutions consist entirely of pre-existing technology, as a “trust machine”, blockchain is considered fundamentally innovative and revolutionary (Aste et al., 2017).

There are a number of existing projects ongoing, attempting to build real-life value on the automated trust provided by the blockchain. Estonia has recently announced that blockchain technology will be utilized to underpin their e-residency scheme (Sullivan & Burger, 2017), there are attempts such as the one by Faísca and Rogado to wed WebId and blockchain

6


technology into a reliable online authentication system (Faísca & Rogado, 2016), blockchain is being proposed for recording intellectual property rights (McConaghy et al., 2017), and of course, probably the most successful real-world application is Bitcoin itself, which, even now, is used regularly for cross-border payments and maintaining economic activity in areas where traditional banking is not available or impractical, such as Crimea or Venezuela (Krombholz et al., 2016).

Blockchains rely on asymmetric cryptography to implement their authentication model (Aste et al., 2017; Eskandri et al., 2018; Krombholz et al., 2016). Therefore, key management has the potential to make or break any application based on this revolutionary technology. Having an entire identity tied to a (number of) signing key(s) brings up serious questions about potential fraud and mistakes (Sullivan & Burger, 2017), and probably even more importantly, may prove a core limiting factor in user adoption (Eskandri et al., 2018). Unfortunately, the question is little discussed in this context, some papers are even choosing to sidestep the question, referring to existing key management solutions used in the cryptocurrency application space, such as the paper by Faísca and Rogado (2016). Such solutions, as discussed below, have failed to achieve mainstream adoption so far.

In encryption and digital signing, key management has already been identified as a core issue that most users have trouble with (Andersen, 2016; Bai et al., 2016; Carayannis & Turner, 2006). Even among early adopters of Bitcoin, as Krombholz et al. (2016) have found in their comprehensive survey, approximately 23% of them are exclusively using an on-line, managed service to hold and access their Bitcoin. This means that they have outsourced private key management, and thus their actual blockchain identity to a trusted third party, not unlike a traditional bank or broker account (Folkinshteyn & Lennon, 2016; Krombholz et al., 2016). While public key cryptography has been around for decades now, and was expected to deliver a solution to all questions of privacy and integrity online, the actual adoption of end-to-end encryption and digital signing is extremely low (Andersen, 2016). Cryptographic privacy tools developed for online social networks with an aim of an improved, integrated user experience, such as the Scramble! browser add-on see little use, even as people constantly express concern about social media companies’ handling of their data (Balsa et al., 2014). Bai et al. (2016) have found that even security-, and privacy-conscious people tend to prefer less secure, but more comfortable encryption solutions such as iMessage, that abstract away key management and hide the internal workings of the system, even at a known security tradeoff. At least one of the reasons they found was that users tend to be fearful of making mistakes in managing their keys, that may lead to compromise or data loss.

For organizations implementing blockchain-based systems, this poses a dilemma. In taking over the responsibility for a user’s private key, the organization essentially becomes a trusted identity provider, eliminating the self-sovereign nature of blockchain identity, and much of the promise

7


of decentralization (Faísca & Rogado, 2016). Since sovereignty is a core component of democratic systems, which, current implementation issues notwithstanding (Shapiro, 2017), blockchain technology has the potential to provide. Thus, sovereignty and a more democratic model of operation could be part of the core value proposal of products and applications built on this foundation (Aste et al., 2017). For this reason, it is important to fully understand the complex beliefs, attitudes and expectations of users connected to the tasks of key management and the possibility of online sovereignty, to enable designing solutions that leverage the benefits of blockchain to a high extent, while also abstracting away responsibilities and tasks that may discourage users from adopting the technology.

According to Shapiro (2017), the status quo of online identity management is fundamentally at odds with the political ideals that Western liberal democracy was built on, as individual users hold no sovereignty over their digital personalities. However, it is still a question whether regular users attach value to sovereignty at all, as we see users trading control and sovereignty for convenience all across their online lives (Bai et al., 2016; Balsa et al., 2014; Folkinshteyn & Lennon, 2016; Krombholz et al., 2016). During the review of relevant literature, it became clear that little research has gone into the details of users’ underlying beliefs and preferences with relation to self-sovereignty, providing an interesting gap to fill.

While the poems kicking off the thesis may sound overly dramatic when applied to our relationship with online service providers, we all definitely have a wolf and a dog part in us, governing our behavior. In this research, I am attempting to shed some light on them.

1.1 Related work

In the field of end-to-end encryption, Carayannis and Turner (2006) used Davis’ Technology Acceptance Model (Davis, 1989) as a foundation to look at the organizational adoption of PKI (Public Key Infrastructure) technologies. Through the analysis of case studies of past PKI adoption at major organizations such as the Federal Reserve or Fannie Mae, they created a proposed new model for organizational implementation of new security measures.

In their questionnaire-based study, Balsa, Brandimarte, Acquisti, Diaz and Gurses (2014) looked at users’ privacy preferences and attitudes, in the light of very low adoption of social media encryption tools. Their result was that while the attitudes of users aligned with the focus of these tools, the level of protection offered was much higher than what the users required, and thus carried higher usability costs than they would have accepted (Balsa et al., 2014). In an interesting contrast, in a recent thesis work Andersen (2016) found that a good number of users, including novice users, were found to be quite comfortable with using PGP keys for encryption (Andersen, 2016).

8


Bai, Namara, Qian, Kelley, Mazurek and Kim (2016) ran an interview-based study, asking participants to use end-to-end encryption software based on traditional manual key exchange (such as PGP), and another that uses central key distribution (such as iMessage or WhatsApp), observed user comfort with the systems, looked at users’ perception of security and risk, and their preferences. Notably, they found that most users prefer the more comfortable central key distribution model, even though they are aware of the lower security involved.

Beyond the general topic of how the user experience of key management affects the adoption of encryption technologies, there were a few papers specifically exploring the user experience and adoption of blockchain technology. Most papers very specifically focused on cryptocurrencies as the only use case.

Eskandri, Clark, Barrera and Stobert (2015) ran the first comprehensive usability analysis of Bitcoin wallet applications, identifying key factors of usability, and having a number of experts walk through and evaluate each user task. Their findings were quite damning for the usability of then-available client software, pointing to the need of major improvements in user experience before cryptocurrencies may see wide adoption (Eskandri et al., 2018). Krombholz, Judmayer, Gusenbauer and Weippl (2016) followed up this paper in their quantitative research gathered among Bitcoin users, uncovered some interesting usage patterns, such as that a good portion of users never created their own Bitcoin address, and instead continued to rely on so-called “on-line wallet providers”, centralized entities similar to brokers, to hold their cryptocurrency for them, mainly out of lack of trust for their own ability to protect a secret key (Krombholz et al., 2016)

Folkinshteyn and Lennon (2016) ran an open interview based qualitative study about Bitcoin adoption, analyzed through the lens of Davis’ Technology Acceptance Model, expanded with the factor of perceived risk (Davis, 1989; Featherman & Pavlou, 2003). They took a number of interviews, and identified an inventory of topics relevant to the model’s components, separately for end users and for developers (Folkinshteyn & Lennon, 2016). In another Bitcoin-focused qualitative research, Sas and Khairuddin (2017) looked at the motivations of Bitcoin users for adopting the digital currency, their trust in the system, and their experiences and difficulties in using it. Notably, they found that for many users, the trustless, distributed and irreversible nature of Bitcoin was more a burden than a value.

On the topic of corporate adoption of blockchain, and on enterprise blockchain solutions, Wang, Chen and Xu (2016) proposed a verifiable maturity model for blockchain technology, with a list of requirements for each maturity phase, while Mourouzis and Filipou (2017) interviewed business executives about their views on blockchain, its adoption and its future.

9


1.2 Identifying the knowledge gap

According to a review of related literature, the question of user acceptance and adoption of blockchain and of end-to-end encryption is a topic that holds the interest of the scientific community, no research has been done so far specifically on users’ values and attitudes regarding identity online, and how such values affect their openness to adopting technical solutions that may bring us closer to a more democratic Internet.

Thus the purpose of this research is to uncover the belief systems and attitudes of everyday users of online services concerning managed identity, traditional online service providers, self-sovereignty, online identity, and the usability challenges connected to these, with the goal of helping build testable models for quantitative studies, and offering guidelines for innovators in designing products that match the complex preferences of certain user demographics.

1.3 Research questions

Narrowing down the admittedly vague purpose, the current research focuses on answering the following questions.

Q1 How do end users think about self-sovereign identity online?

Q2 What preferences, beliefs and cultural values underlie these attitudes?

Q3 What does this mean for their attitudes concerning blockchain technology?

10


2 Theory

2.1 Attitudes, values and behavior

The concept of attitudes is a seminal topic of the field of social psychology, and is a fundamental element of much scientific discourse on user behavior in the context of Information Systems research. According to a widely cited literature review by Ajzen (2001), attitudes can be conceptualized as summary evaluations of objects in dimensions such as harmful or beneficial, unpleasant or pleasant, undesirable or desirable, etc. The concept describes a specific human psychological and neurological ability and activity: Forming and applying attitudes, that is, making evaluative judgements in our everyday lives, has been shown to be a neurologically different process from making non-evaluative judgements, such as sorting objects into objective categories such as vegetable or non-vegetable (Ajzen, 2001).

A related concept, values, are evaluations of abstract concepts such as freedom or equality. Values seem to be widely shared and rarely questioned truisms within a given culture, and they tend to be supported by a very limited cognitive foundation. Indeed, research participants asked to actively and deeply analyze their reasoning behind agreeing with given cultural values such as altruism, ended up changing their subjective rating of these values based on the results of their cognitive analysis (Ajzen, 2001).

The most widely applied theory explaining attitude formation is the Expectancy-Value model, according to which as we form beliefs about the object of our attitude, these beliefs associate the object with certain attributes. The overall attitude then depends on the subjective value placed on each attribute, factoring in the strength of association between the attribute and the object. Eg. if one believes that smoking causes cancer (a negative value), and this association is strong, this may move their attitude about smoking toward the negative, while the belief that smoking is a relaxing social activity would move it toward a more favorable evaluation. While it has been challenged multiple times by research calling for the inclusion of purely affective sources in the formation of attitudes, the Expectancy-Value model holds up to experimental scrutiny in most cases. In one important step in fine-tuning of the model, research showed that the cognitive availability of attributes plays a very important role in attitude formation and recall, that is, we may hold many beliefs about an object, but only the ones that are readily accessible to us at a specific moment will inform our attitude. In a similar vein, it has been shown that attitudes about groups such as ‘homosexuals’ or ‘rock musicians’ have remained stable or shifted based on whether the same exemplars of the category in question had been recalled on different occasions, or not. Similarly, men holding ambivalent attitudes toward feminists, that is, having conflicting beliefs about, or mental exemplars of them, have expressed positive or negative personal feelings

11


towards, and willingness or unwillingness to hire a job applicant identifying as a feminist, based on how they were primed in the experiment for the recall of their positive or negative beliefs about feminists in general. (Ajzen, 2001)

Figure 1. The refined Theory of Planned Behavior, adapted from (Ajzen, 2001)

Human behavior is clearly influenced by attitudes, however, the link between the two is complex. According to a widely verified theory, that of Planned Behavior (Ajzen, 1991), behavior is modulated by an intention, and perceptions of behavioral control (ie. how likely the person believes they are capable of executing their intention). Intention, in turn, is influenced by attitudes toward the behavior, by subjective social norms (perceived social pressures to perform or not to perform the behavior), and again by perceptions of behavioral control (Ajzen, 2001). The concept of behavioral control mirrors that of self-efficacy, a self-referent belief about how well the person believes they are capable of realizing an intention. This includes beliefs about one’s own abilities, as well as general ideas of how much effort or competence a certain act requires, and has been shown to be influenced by perceiving others succeed or fail at a certain task, as well as direct experience in completing or failing at the task. Self-efficacy was validated as a major determinant of effort exerted in implementing intentions in various situations ranging from overcoming phobias or addictive behaviors to school learning performance (Bandura, 1982). Indeed, further research separating the original concept of behavioral control into two factors, one being situation-specific self-efficacy, the other a general belief about the conscious controllability of one’s behavior, it was shown that only self-efficacy had a significant modulating effect over both the intention and its implementation in behavior (Ajzen, 2001).

12


2.2 Information technology and individual psychology

Examining relevant theory on human behavior in the specific domain of information technology use, we find one of the most well-referenced models for explaining individual and organizational decisions in this space, the Technology Acceptance Model by Davis (1989). Summarized along with later validating research and domain-specific applications in a comprehensive literature review by Marangunić and Granić (2015), the model was concurrently developed with the aforementioned Theory of Planned Behavior describing the link between attitudes and behavior by Ajzen (1991), and was partly influenced by it (Marangunić & Granić, 2015; Venkatesh, 2000). According to the model, the act of adopting new technology depends on an intention to adopt, and in turn this intention is modulated by two key beliefs: perceived usefulness of the new technology, and its perceived ease of use. Davis defines usefulness as technology making someone more efficient at their job, while ease of use as the usage of the technology being free from effort. In the original paper, Davis (1989) conceptualizes the perceived ease of use dimension as a domain-specific self-efficacy belief.

Davis drew his two factors by generalizing from more domain-specific factors in previous studies concerning the acceptance of specific types of information systems. Then, through preliminary interviews and pre-testing of questions, two psychometric survey scales of 10 items each were developed for each factor. These scales were then tested in both a field research scenario examining electronic mail software adoption in a workplace, and a true experimental scenario, introducing university students to two different drawing software suites, and correlating their scale results with their self-predicted adoption of the respective software packages at a future workplace. The validation showed that the correlation between perceived usefulness proved to be a stronger factor in predicting intention than perceived ease of use. However, analysis also showed ease of use to be a precursor of perceived usefulness, rather than a fully independent determinant (Davis, 1989). However, the relative strength of ease of use compared to usefulness has been questioned since, and subsequent research has found mixed answers to this question (Marangunić & Granić, 2015).

Since its inception, the model gained an extremely wide following, and has a history of being cited in most research dealing with user acceptance of technology, and was subject to several attempts to refine it, eg. to expand the model with further key beliefs beyond the original two (Marangunić & Granić, 2015). One expansion of particular interest to the fields of information security and online identity was the proposed addition of the belief of perceived risk introduced by Featherman and Pavlou (2003). Perceived risk, conceptualized as a form of “negative usefulness” in that it entails potential harm that can come from using the system, was shown to negatively affect both intention to use, and perceived usefulness in the adoption of remote services over local systems (Featherman & Pavlou, 2003). The model was also expanded with

13


external variables modulating the key beliefs, most notably by Venkatesh and Davis (2000) into the TAM2 model, by attempting to identify key variables influencing perceived usefulness, through longitudinal research in both voluntary and job-mandated technology use situations. Precursors for perceived ease of use were identified by Venkatesh and Davis (1996) and further explored by Venkatesh (2000).

The TAM2 model (Venkatesh & Davis, 2000) defines two groups of precursor variables to perceived usefulness. Social influence includes subjective norms (the perceived expectation of senior colleagues to use the system) and image (a perception of system use positively affecting one’s reputation or social image at work). Both of these social factors have a direct influence on perceived usefulness, the influence of subjective norms moderated by actual work experience in using the system. The authors explain this effect through the concept of internalization: until real experience is available, one is predisposed to form views about the system based on the opinion of more senior people expected to have more authoritative knowledge of it; however, once real life experience is available, it supersedes these socially influenced views. Also, subjective norms were found to directly influence intention to use the system, but only in mandatory use situations, where compliance, or lack of it, was expected to have direct consequences. However, with time spent using the system, the strength of compliance significantly declined, as individual job efficiency perceptions overruled organizational mandates. The other group of precursors were cognitive instrumental judgements about the usefulness of the system: job relevance is a judgement about whether the tasks the system is useful in are important in one’s job at all, while output quality is a measure of how well the system is seen to help in the completion of these tasks. These two variables were shown to moderate each others’ influence over perceived ease of use: this is explained as a mental process similar to selecting candidates for a job, first one rejects all candidates lacking the necessary abilities for the job (job relevance), and then ranks them according to how well they might be able to perform it (output quality). Finally, result demonstrability is a measure of how clearly the benefits from using the system can be identified by users as stemming from system use. Clearly, if the benefits a system provides are real, but are not easily perceived in everyday work, perceived usefulness will suffer (Venkatesh & Davis, 2000).

The precursors of perceived ease of use were examined by Venkatesh and Davis (1996), separating general computer self-efficacy beliefs (ie. beliefs about how well one can handle tasks involved in using a computer in general) from direct experience using the system. Possibly the most important finding was that before direct experience was available to the users, providing non-interactive information about system use procedures made no significant difference in perceived ease of use, and even after gaining such experience, the resulting beliefs tended to be shaped by general computer self-efficacy, as if it acted as a measure of tolerance for system complexity (Venkatesh & Davis, 1996). Further pursuing this line of research, Venkatesh (2000) proposed, alongside computer self-efficacy, perceived external control factors (perceptions of an

14


organizational environment conducive to successfully using the system, including education, helpdesk availability, good documentation, community helpfulness, etc.), and two variables shown to correlate to a degree with computer self-efficacy: computer playfulness (a measure of intrinsic motivation to experiment with new computer systems in general), and computer anxiety (an affective measure of anxiety or even fear felt at the prospect of having to use a computer system) as anchors that users fall back on to make a heuristic judgement about a new system in possession of limited available information. The variables of objective usability (the directly perceived lack of effort in using the system first-hand) and perceived enjoyment (a level of intrinsic joy felt while using the system for its intended purpose) as adjustments, that shift user belief about the system as more information becomes available (Venkatesh, 2000).

Figure 2. The TAM with groups of precursor variables to both key beliefs, adapted from (Venkatesh, 2000; Venkatesh & Davis, 1996; Venkatesh & Davis, 2000)

In keeping with the results of the previous research (Venkatesh & Davis, 1996), the effect of the anchor variables was proven to be stable, only adjusted by personal experience. One anchor variable that significantly declines in its effect with time, the effect of general computer playfulness gives way to a stronger effect by perceived enjoyment specific to the system as novelty wears off. However, the rest of the non-specific anchor variables continued to exhibit a stronger effect than system specific measures even after significant periods of use. According to the authors, a potential reason for the stability of these effects may be found in how most computer systems follow the same user experience design elements (menus, windows, etc.), and further research might uncover a more significant system-specific effect in cases where the user interface is truly novel, breaking user preconceptions (Venkatesh, 2000).

15


2.3 Information technology and society

Widening our lens from the individual towards society and culture, and their interplay with technical progress, we see that these are deeply interwoven, with culture and societal necessities affecting and shaping what innovations are developed and adopted, and adopted technology in turn creating an effect on culture and society. According to Winston (2002), the process of a scientific, engineering capability becoming an invention and getting adopted as a part of life is a long and involved process, that depends greatly on the culture and needs of surrounding society. All the great inventions of information technology, such as the telegraph, the telephone, or even the Internet, had existed for a long while in a dormant state well before they were invented, as technical capabilities, as prototype tools of demonstrating the capability, or the natural law that underlies it, in the context of fundamental research and education (Winston, 2002).

These capabilities, then, were brought into the world as an invention through a social necessity for the benefits they provided. It was the need for fast and reliable signaling on railroads for safe and efficient traffic management that triggered the invention and acceptance of the wired telegraph, while it was the new naval military tactics that required ironclad battleships to steam out of sight of each other, and made traditional visual signals unworkable, that turned wireless signaling from scientific curiosity into a revolutionary tool of communication. This social necessity underlying major inventions is what Winston credits with the simultaneity observed in several unrelated researchers and entrepreneurs experimenting with and proposing the same invention at the same time. Even after this moment of breakthrough, the so-called moment of invention, the road of the new technology toward societal acceptance as an innovation is wrought with resistance from various forces, economic and cultural. It is this pushback from systems that would be disrupted or radically changed by the new technology that Winston terms the law of suppression of radical potential, materializing in various forms ranging from conservatism and distrust to arbitrary legal controls limiting the applicability of the innovation. Then, weathering these headwinds, the technology settles into its niche within society, and in turn shapes society and paves the eventual path of the next big thing that is probably already brewing in laboratories around the world (Winston, 2002).

The process of adoption and diffusal of innovative technology is also highly dependent on dominant cultural values in the surrounding society. In their review, Leidner and Kayworth (2006) examined the forms of cultural conflict playing part in the adoption of new information technologies. They argue that technology cannot be seen as purely functional: Software is built with the values of its creators embedded into it in the form of presuppositions and priorities, while users also arbitrarily attribute certain values and ideas to the new technology, which in turn forms their willingness to adopt it in their lives or organizations. Since specific technologies are built in ways that reflect the values held by their creators, they become vehicles of these cultural

16


values. The conflict between these values and those of the culture adopting the technology is termed system conflict. In situations with high system conflict, the technology becomes a counterculture in and of itself, setting off a complex interplay between users and system.

Figure 3. Value conflicts in information technology adoption, adapted from (Leidner & Kayworth, 2006)

Users with different cultural values may use the same technology in different ways, but there is also a chance that some of the values embedded in the system trickle down into the adopting culture, such as was the case with GIS (geographical information systems), where adoption of the new technology increased the cultural value assigned to maps and mapping in India. Another type of conflict, contribution conflict, termed such as it influences to a great degree how individuals contribute to technology adoption, arises between the cultural values of adopters and the values they attribute to the technology. Regardless of the actual values embedded in a system design, or the actual effects technical progress would have on a society, we all have some form of abstract idea on what values information technology (or a specific innovation facing adoption) carries. In certain cases, this may result in the wholesale rejection or lack of effort in adopting technologies that the users believe represent a culture opposed to their own cultural values. The

17


third conflict, vision conflict, arises between what values adopters attribute to information technology, and the values actually embedded in the system being adopted. Naturally, under high vision conflict, the values embedded in a specific system can and will affect how the adopters see the newly adopted technology, or information technology in general. (Leidner & Kayworth, 2006)

Even though the review of Leidner and Kayworth focused mostly on papers about the adoption of well-established technologies in organizational contexts as opposed to the preliminary adoption of revolutionary technologies, these conflicts are admittedly generalizable to the wide societal acceptance of technologies, as well as individual decisions about technology use. According to their discussion, from start to end, from global innovation to organizational policy, the adoption of new technologies is deeply intertwined with the cultural context it happens in (Leidner & Kayworth, 2006).

What these models laid down by researchers over the years teach us is that technology is not simply a function of our scientific and engineering capabilities, but rather a complex cultural artifact, shaped and formed by our societal needs, our deeply held cultural values, and our personal beliefs about how it could serve us, or work against us. That even the seemingly objective factor of usefulness is highly subjective, filtered through our individual perceptions and the social environment we live and work in. To understand whether a technology will thrive or fall by the wayside, and to build solutions that will weather the test of real-world adoption, one needs to look not to the technology itself, but primarily to the user as a complex human being.

2.4 Digital sovereignty

Sovereignty of the people is the core tenet of democracy. However, on the Internet of today, from simple websites and chat rooms to massive web applications like Facebook, this tenet is painfully missing. Online spaces are governed in a purely dictatorial fashion, with users subjected to the whims of an all-powerful owner or administrator (Clippinger, 2015; Shapiro, 2017). Shapiro (2017) compares Facebook and other social networks to medieval fiefdoms, ruled by decree by a feudal lord, with the serfs who toil the fields having no rights, nor any recourse for injustices they might suffer. He argues that true sovereignty requires ownership of both the data and the hardware it is processed on, as an external provider may at any time pull the plug from the wall, or arbitrarily deny access to users, creating an inherently dictatorial imbalance of power. For true sovereignty online, a hardware and software solution must be found that liberates data and its processing from centralized corporate entities. Clippinger (2015) proposes a peer to peer architecture, with each user and group having ownership over their own identity and data, with a parity of privileges across the network.

18


Identity has always been at the core of human thought and society. The act of assigning names and titles has been central to human power structures from prehistoric kinship systems to modern citizen registries. Identity is not a technical or personal matter, it is highly political, with the ability to control identity comes the ability to control life and behavior: “who enrolls controls.” Indeed, we are seeing a massive rush from various corporate entities to control the identity of more and more people, such as Facebook going so far as offering free Internet access to third world residents in return for the right of enrolling them and becoming the steward of their online identity (Clippinger, 2015). Self-sovereign identity, a relatively new idea, takes the idea of sovereignty, and applies it to proving one’s identity and traits linked to it. Unlike in traditional “feudal-like” systems, where a user’s online identity is controlled and asserted by the system’s owner, self-sovereign identities are created, owned and managed by the user for their own specific usage (Faísca & Rogado, 2016). An important characteristic of self-sovereign identity is that the owner of the identity does not need to rely on an external authority to assert the identity, and that the identity cannot be taken away from the owner (Dunphy & Petitcolas, 2018). A self-sovereign identity would enable an individual to also self-assert their name and credentials, by going through the “ceremonies” of an open protocol, without the need to rely on active participation by an enrollment authority. Some of these self-assertable credentials, of course, may be provided by a third party, a bank, state, or clan, assertable by the individual, and verifiable by others (Clippinger, 2015).

2.5 The revolution of trust: from PGP to blockchain

The invention of asymmetric cryptography is credited to Rivest et al. (1978) in creating the Rivest-Shamir-Adleman (RSA for short) algorithm, later productized for end-to-end civilian encryption under the brand name Pretty Good Privacy (PGP). Upon its release, the PGP software suite was expected to solve all issues around online privacy, message integrity and identity, providing people with the powerful tools of public-key encryption, digital signatures, and webs of trust. However, it became clear very soon, and was scientifically demonstrated multiple times, that PGP was often very challenging to use with a steep learning curve, ultimately consigning it to a niche user base (Carayannis & Turner, 2006).

Building on advanced cryptography, and pioneered by the Bitcoin protocol invented by the anonymous programmer and cryptographer known as Satoshi Nakamoto (2008), blockchain as a technical concept is essentially a distributed database technology using parallel validation along with protocols allowing for the emergence of an unaided network consensus to provide a common representation of reality on all nodes, and a high level of Integrity and Non-Repudiation with relation to individual transactions. Transactions are recorded in batches called blocks, with each block chained to the previous one via a hash fingerprint, with the database distributed across a network of independent peers via a byzantine consensus protocol (Aste et al., 2017).

19


Even though Shapiro (2017) called the technology out vocally for the technical shortcomings of first generation public blockchain networks, blockchain does allow for the distributed co-location of data and processing, providing a possible solution to the sovereignty question of who has access to the “plug in the wall”, and through its ability to provide a tamper-proof ledger service distributed across the network, offers many implications for digital sovereignty (Aste et al., 2017).

More, Wilson et al. (2015) have recently demonstrated that blockchain technology could solve some of the issues surrounding key management in PGP, by creating a prototype key management system that uses the Bitcoin network for validating key certificates, and most notably, revocation certificates, utilizing the consensus of the blockchain to make public key management, a traditionally problematic area of the PGP security model, more secure and more user-friendly at the same time. The transparency and secure timestamping that blockchain ledgers provide solve several of the shortcomings of existing PKI systems (Wilson & Ateniese, 2015).

However, both of these technologies are arguably struggling to live up to the revolutionary potential their proponents hailed at the time of their introduction. As conceptualized by Winston (2002) in the law of suppression of radical potential, these potentially revolutionary innovations are being held back by low user adoption and organizational distrust alike (Andersen, 2016; Krombholz et al., 2016).

2.6 Cryptographic identity on the blockchain

While blockchain-based schemes may provide solutions to some outstanding issues of end-to-end encryption protocols, and may seem like a magic bullet, blockchain also inherits the most painful limitations of asymmetric cryptography. The most widely adopted method of authentication on blockchains makes use of asymmetric keypairs as proofs of identity (Aste et al., 2017; Eskandri et al., 2018), where digitally signing a transaction command proves to all nodes of the system that the transaction was initiated by the holder of the signing key. This is how Bitcoin handles ownership of the digital currency, each Bitcoin account being derived from a public key, with only the holder of the corresponding private key being allowed move the funds held there (Aste et al., 2017).

A private signing key, given its size and complexity is, unlike a password, something you have instead of something you know. This is not entirely new territory for today’s users, as recently popularized password management applications, including the password persistence functions built into modern web browsers, have turned the currently dominant knowledge-based authentication scheme into a question of “what you have”, the what being the keystore database of the password manager. However, in the case of losing this store, online applications offer

20


recovery mechanisms for each individual credential. Losing a private key, in contrast, is usually not a recoverable state, either in PGP, or on public blockchains. In the application domain of cryptocurrencies, a number of key management schemes have emerged, some attempting to improve the user experience and security parameters of this task. The software implementing key management functionality for a public blockchain is colloquially called a wallet (Eskandri et al., 2018). Most wallet applications, in addition to key management, implement ancillary functionality, including acting as a client on the public blockchain network, and offering a user interface for keeping track of ledger state (such as Bitcoin account balances), and building, signing and submitting transactions, sometimes even acting as a full node in the network, providing blockchain services for other users in a peer-to-peer manner (Krombholz et al., 2016).

The oldest, and a still widespread approach is to store secret keys locally in a file, in a similar way how local key storage operates in PGP clients. This is the default behavior of the Bitcoin Core client in handling keys. This carries all the risks of accidental sharing via cloud backup, theft via malware attack, or loss due to general equipment failure or silent data corruption. Also, due to the way the Bitcoin network operates, a new key needs to be generated for each incoming transaction, so the keystore is highly mutable (a phenomenon Bitcoin technical language calls “key churn”), and needs to be backed up periodically (Eskandri et al., 2018). Most wallets using this approach provide a password-based encryption of the keystore, again similarly to PGP implementations. This, using symmetric encryption, protects the keys from physical theft, at the cost of recoverability (loss of the password itself is an irrecoverable state). Digital theft though, using malware, remains quite possible, as a sufficiently sophisticated malware attack may record the password itself via keylogging. Also, this approach may mislead users into thinking that the password itself provides them access to their blockchain identity, even though it is worthless without the keystore it is used to encrypt (Eskandri et al., 2018).

Another solution wallets use is called hierarchical deterministic key generation, an expanded and improved password-derived key generation scheme, first described as a Bitcoin Improvement Proposal. These “hierarchically deterministic” or “HD” wallets allow for the generation of an unlimited number of sequential keypairs from a single password. This removes the requirement of having to back up a large key database, but the security of the generated keys depend entirely on the complexity of the password used to seed the generation algorithm. A sufficiently complex seed may be hard to memorize, and forgetting it would result in irrecoverable loss of access (Eskandri et al., 2018). In practice, most HD wallet applications follow Bitcoin Improvement Proposal no. 39 in automatically generating a strong mnemonic passkey by default, in the form of a long string made up of random dictionary words (Palatinus et al., 2013).

Offline storage of keys, termed cold storage in cryptocurrency lingo, is used by both individuals and cryptocurrency exchanges for increased security of assets they do not need to access on the short term. A typical form of offline storage is printing out the keys on paper as a QR code, or

21


encoded as a string of alphanumeric characters. While the keys are protected from digital theft in storage, they are potentially exposed at the moment of their creation and printing, and when they are read into a computer to be used. Also, there has been an example where a QR code containing a secret key was briefly shown on live television, and the corresponding Bitcoin balance immediately got stolen by a grey hat attacker. This points to a threat vector inherent to this form of key storage that most users may not consider. Finally, airgapped key storage, an approach somewhat similar to cold storage, using a computer not connected to a network, or a specialized hardware oracle that protects the key while exposing cryptographic operations using it (such as smart cards, or specialized cryptocurrency hardware wallets), allow for a relatively higher level of protection from digital theft of the keys via malware or illicit access. Temporary access to the oracle would, however allow an attacker to sign transactions, which could result in the immediate theft of held assets. The benefit of this approach is if the breach is righted, the secret key itself, and thus the identity linked to it, will no longer be compromised (Eskandri et al., 2018).

While each of these solutions attempt to improve security and user experience from some viewpoint, they all seem to be suffering from problems, both inherent in their design, and arising from a lack of thoughtfulness and rigorous user experience testing in their implementation. For this reason, user-facing blockchain applications have so far failed to gain acceptance by any but the most technical-minded and adventurous early adopters (Eskandri et al., 2018).

22


3 Research design

3.1 A qualitative approach

The field of information systems research is an amalgamation of social and technical fields, with methods and methodologies taken from both (Gonzalez, 2007). The respective merits of the different ontological and epistemological positions of respectively “soft” and “hard” approaches are the topic of constant debate in the field, often obscuring the reality that both approaches bring to the table benefits that when seen and used together, result in a deeper, better understanding of reality, even with allowances made for philosophically irreconcilable positions (Fitzgerald & Howcroft, 1998). In the case of this research, the reviewed scientific discourse was disjointed, and so the study lacked a clear pre-laid theoretical background on which a set of relevant and defensible hypotheses could have been formulated. For this reason, focus was shifted toward gaining an exploratory understanding of how such technology acceptance decisions happen in the field, as opposed to whether certain beliefs or patterns are prevalent in typical users. For this sort of exploratory question, a qualitative approach is a clean fit (Maxwell, 2008).

By listening to the personal narratives of everyday Internet users on how they use authentication and identity management online, what their values, experiences and fears are relating to this field, and probing their thoughts on specific technical possibilities, the link between their beliefs, values, and relationship with technology becomes visible, and in an interpretive manner, allows for an analytic, as opposed to statistical generalization of the results (Maxwell, 2008) into a theory that can become the basis of further research (Fitzgerald & Howcroft, 1998; Gonzales, 2007; Maxwell, 2008). In the end, in keeping with the paradigm of soft research, the study does not aim to state anything beyond a description and analysis of the specific users selected for interview, admittedly shaped by the preconceptions of myself as a researcher. Given the state of the discourse on the topic, I believe that this in itself can be an important addition to our knowledge about the topic, and a major first step in a potential line of future inquiry using harder paradigms.

3.2 Sampling decisions

Given the nature of qualitative, interview-based research, probability sampling that would be required for a valid quantitative study is impossible due to the low count of respondents. As per the guidance of Maxwell (2008), purposeful sampling was implemented, aiming to provide a good coverage of major types of users within the studied population. Specifying this population, all interviewees had to be daily users of information technology, who use computers as primary tools of their work, and who live a significant part of their personal lives with the help of online

23


services. This is justifiable, since while people who lack basic familiarity with information technology and its current state may prove a valuable market for innovative products in the future, most IT innovation is developed with current regular users in mind. Also, only habitual Internet users were expected to form informed opinions on existing and innovative technologies, and to be able to detail personal experiences relevant to the acceptance of future innovations.

As the primary guiding measure of purposeful sampling, a wide spectrum of technical aptitude and attitude was aimed for. Without prior access to knowledge about users’ attitudes and technical expertise in advance of the interview itself, the nature of the prospective respondents’ professional occupation was used as a stand-in for this. Thus, the sampling was finalized in a way to have at least two of each of the following categories of respondent:

● Information technology professional working in the field of IT, in technical roles such as development or infrastructure.

● Non-technical person working in the field of IT, in roles such as project management or sales.

● Non-technical person working in a non-IT field.

To add further color to the spectrum of respondents, two interviewees were selected specifically based on pre-knowledge about their personal views held on politics and online privacy. “Carol”, a radical political activist in the field of LGBTQ and women’s rights, and “Ethan”, who is outspoken in his libertarian views and very low trust in public institutions. Given the political nature of the question of online sovereignty, the views expressed by these two interviewees were expected to be particularly interesting.

3.3 Data collection

The data was collected through interviews were conducted in a semi-structured format, exploring each respondent’s online life, and their relationship with blockchain and end-to-end encryption technologies. The focus was not only on discovering their behavior and preferences, but also on understanding their motivations and values that inform those. Instead of fixed questions, a general thematic structure was developed. The interviews were guided by open questions as needed to touch all major points of interest in the outline, while allowing the interviewee to steer the discussion by following up on their answers, and readily accepting comments and information as volunteered by the respondents. (See the Appendix for interview design details.)

As the interviews touched on a few areas that most respondents were initially unfamiliar with, starting with the very idea of self-sovereignty, and blockchain technology, deliberate care was taken to introduce these topics, and provide the interviewees with a definition and description of what they mean from an end user perspective, including the mentioned difficulties in using them

24


and keeping them secure. Care was taken to avoid trying to sell interviewees on such technologies, and to rather err on the side of presenting more of the drawbacks as opposed to the potential benefits.

3.4 Analysis design

In accordance with the interpretive nature of the study, the raw transcripts were treated as narratives, each interview presented as a subjective case study of user attitude and behavior. According to Maxwell (2008), segmenting the text into discrete elements, and categorizing them according to similarity allows for understanding of typical patterns and differences between individuals, while a connecting analysis, analyzing the text as a complex narrative, may uncover themes that the former approach may leave hidden. As the research questions aim to gain both an inventory-like knowledge of factors influencing users’ decisions, as well as an overarching understanding of their internal narratives, a hybrid of these approaches was deemed the best fit.

Using an inductive approach to theory formation, the interview transcripts were mined for values and beliefs that underlie key decisions about handling online identity. Then, using connecting analysis, the text was re-read in the light of the value inventory, looking for emergent themes relying on the narratives. This resulted in an inventory of patterns of values, beliefs and acceptance behavior. Then, through a re-reading and interpretation of the texts in the light of these inventories, a set of “user archetypes” were compiled based on reasoning and behavior described by interviewees.

Finally, the emergent themes and patterns were related to relevant theory, identifying potential extensions to existing models that may form the basis of future quantitative inquiry.

3.5 Delimitation and bias

The scope of this study is delimited both in width, depth and in methodology. As a Master’s thesis, the resources available for the research were limited. The interviews were conducted in Budapest, Hungary, with respondents whom I had easy access to, and were available and open to a thirty minute discussion on the topics of online behavior and identity management. The number of respondents was limited in order to allow maintaining a focus on individual stories, and a dedicated interpretive approach. However, specific criteria on the types of interviewees were set as detailed in the section about sampling, to provide the widest possible range of narratives to analyze.

In the end, based on practical availability of interview candidates, seven interviews were conducted and analyzed. This number would be prohibitively low for any kind of quantitative conclusion to be drawn, however in this research, the focus was to see each individual

25


respondent as a separate, whole human being with a unique narrative of online behavior and experiences. Raising the number of interviews would have made this attention to individuals hard within the time and effort confines of a Master’s Thesis, while providing little extra benefit as to the results. The goal was to gain enough insight into a few personal narratives to inform building testable hypotheses and theories; the testing and validation of these results will need to be the subject of consequent, quantitative studies.

Similarly, a geographically wider sampling would have had better optics, but it is unlikely that a wider sampling within Europe, or even within Europe and North America would have yielded significantly different results. Attempting a proper intercultural study, involving Chinese, Indian, African, South-American and other respondents was far beyond the scope possible for this study. Thus, it was accepted that a Western cultural bias is inevitable, and that some cultural bias might result from confining the study within one city. Also, researcher bias is understood to be inevitable as a characteristic of the soft approach; an attempt to limit bias in interpreting the text was made in using deep data as suggested by Maxwell (2008), via audio recordings taken with the consent of the interviewees, and using full transcripts as the basis of analysis.

Ultimately, the goal of the study was to provide quantitatively testable theoretical models for future inquiry, and as such, was delimited to discussing and interpreting the narratives individually, and to the forming of analytic generalizations without any claims of, or attempts to provide statistical proof of the prevalence of certain patterns in the wider population. As Gonzalez (2007) points out, many painstakingly validated, quantitative, hard studies are conducted in the field of Information Systems over irrelevant or trivial hypotheses, yielding results that are statistically sound, yet ultimately lacking in meaning or valuable “new knowledge.” This study consciously embraces soft research and the qualitative method along with its shortcomings, in order to help lay the semantic groundwork for future hard studies.

3.6 Literature review approach

The review of related work was conducted in two phases. First, identifying a knowledge gap, Google Scholar was utilized for a representative search (Vom Brocke et al., 2009), identifying research methods and existing theories.

The keyword searches used were “Attitude + Blockchain”, “Attitude + Public key”, “Blockchain + Self sovereign”, “Blockchain + Public key”. While a single keyword combination would have been preferable, due to a limited amount of existing work related to the field, no single keyword combination was found that would have provided an abundance of relevant results, possibly because such keywords have not yet crystallized entirely in the field. For each search, the first 5 pages were reviewed, and selected articles based on abstract (and availability through the school VPN). The papers I selected were those that directly focused on questions of user acceptance and

26


user attitudes around public key cryptography in general, and blockchain technologies specifically, including papers focusing on the adoption of cryptocurrencies. This approach provided 15 apparently relevant results, out of which, after reviewing the introduction and conclusion of the papers, 9 turned out to be actually relevant. Following up on key concepts through backward search (Vom Brocke et al., 2009) provided further 3 relevant articles. To identify pivotal papers (Vom Brocke et al., 2009), focusing on theories and research methods they used, in part to understand the state of scientific discourse on the topic, and in part to find research practices and possible results to build upon, a second round of literature search was attempted. For better repeatability and a more manageable number of results returned, he aggregated database search function of the university library. Search was limited to peer reviewed papers only, and to English language. Due to the nature of the keywords, there was no need to limit for date of publication, as all results were fairly recent.

The theory section was compiled through the use of previous knowledge of pivotal papers, and the Relevance functionality of Google Scholar. With a preference for recent literature reviews, backwards search was used to flesh out the theoretical background. Overall, my literature review was done according to the fundamental guidelines laid out by vom Brocke et al. (2009) in their paper Reconstructing the Giant.

27


4 Results: Seven stories about identity Interviews were conducted with seven interviewees. In the following they are presented using anonymized monikers, along with their category according to the selection criteria:

● Alice; Non-IT professional in non-IT field; ● Beatrice; Non-IT professional in non-IT field; ● Carol; Non-IT professional in non-IT field; Human rights activist; ● Diana; Non-IT professional in the IT field; ● Ethan; Non-IT professional in the IT field; Outspoken libertarian; ● Fiona; IT professional (blockchain developer); ● George; IT professional (blockchain developer);

4.1 Alice

Alice is a young manager working in the compliance department of an agricultural chemical company. In her job she facilitates communication between the company and state regulators, and handles data flow between internal stakeholders and the compliance department. Her work revolves mostly around handling data and documents online, using government e-forms for regulator contact, e-mail for almost all workplace communication, an intranet document repository and databases for accessing product information and business intelligence data. In her private life, she prefers online banking over phoning in, reaching for the phone only if there is a problem with the online service. Notably, physically visiting a bank didn’t even come up as an alternative in discussion. She mostly uses Facebook Messenger to keep up with friends and acquaintances, much rather than voice calls, and rarely finds herself writing traditional texts on her phone nowadays.

However, she is quite aware of the risks of overexposure on social media, and is very conscious about what she posts online, making sure that nothing she truly considers private is stored online. This consciously kept distance from online services shows in an effort to ensure that none of these services are indispensable to her life. She carefully keeps records of the phone numbers of her acquaintances instead of just relying on Facebook to keep connected. If she completely lost access to her online life, she believes it would be more of an inconvenience than a real debilitating issue. As an example of what she would miss if she lost access to her Google Main account, she cited cooking recipes she stores in her inbox.

Considering her security awareness regarding her identity online, she has had some wake-up moments. Having used the same password on all sites, a marathon running forum she frequented got hacked, and user and password data got stolen. A payment processing site she uses locked

28


her account because of a security alert from this breach, and she had to suffer through a long and complicated process to prove ownership. She upgraded her security practices at that time, turning on two-factor authentication, and using separate passwords for separate providers. However, regularly changing passwords turned out to be a bad idea for her, as she forgot a password change on her Google mail account, and was unable to log in, or even recover her account, until she accidentally remembered the new login she set. In this second incident, she’s confident that it would have been completely impossible to recover her account without remembering the password, as recovery information was obsolete, and pointed to an address that no longer was valid. With recovery information set up correctly, she once managed to get Google to restore the account for her mother after she lost access.

Her experience with encryption is limited, with static hard drive encryption enabled on her work computer, but she has no real experience using end-to-end encryption for communication. Similarly, her only knowledge of blockchain or cryptocurrencies is that some people got rich with Bitcoin, her attitude toward it being neutral and slightly uninterested. When asked about what she thinks of a self-managed identity solution, she found the idea useful primarily for the simplicity it provides, and mentioned that she wants to use the LastPass application to keep track of her passwords. Given the characteristics of LastPass, she considers this very similar in effect to having a single self-sovereign identification key. She would go ahead and use LastPass even if it didn’t offer the ability to recover a forgotten master password, as the benefits outweigh the drawbacks for her, and she sees the responsibility to secure a personal secret more as a task to be solved than a blocking issue.

She would prefer the cloud-based LastPass to a single physical hardware key or smart card mainly because she’s “prone to losing things”. A self-sovereign identification key though would definitely make her feel more secure online, and it would give her peace of mind. She’d be more willing to use the cloud freely if she knew her documents stored on a remote server were securely encrypted with a key only she has access to. And while she is willing to accept the risk posed by a single, self-managed secret, she would welcome a system with a separate master key for recovery, and an everyday use key that would be “okay” to lose.

4.2 Beatrice

Beatrice is a compliance executive in the agricultural chemical industry in her middle years. Her job entails communicating with regulators, and overseeing the legal procedure of requesting and maintaining permits for the products of the company. She uses the Internet and intranet systems several hours daily for her work, and even though she doesn’t fully trust her own computer skills, she handles her banking almost exclusively through the online portal of the bank, and uses the Internet to run most other life tasks such as paying bills, doing taxes, keeping track of insurance contracts. Working in the field of compliance, she’s somewhat familiar with the idea of end to

29


end encryption technology and digital signatures, as the government services for handing in compliance documents actively utilize such technologies to some extent. At the same time, work e-mails are not encrypted or digitally signed at her company, and she doesn’t have a corporate smart card or any other means of digitally signing important messages.

The reason for her decision to use the Internet to manage more and more facets of her life is convenience, as this way she doesn’t need to visit customer service desks which she finds time consuming and bothersome. While a late adopter of technology in general, she cited credit cards as an example of technology she became comfortable with to the point of barely using cash anymore, even though she was at first distrustful of the idea. Notably however, she rarely uses social media, and prefers to maintain her personal connections through the phone, also strongly prefering phone calls to e-mails most of the time in a work context. This decision is more based on a lack of familiarity with social media, and the fact that she tends to forget her Facebook password. Aware of the theoretical risk of losing access to her online life, she chooses to ignore it, “similarly to how you don’t tend to think about the possibility of being burgled”. She believes that even in a worst case, she would have recourse by talking to a customer desk in person.

Her digital life is a story of being constantly overwhelmed by having to manage all her logon credentials, for both work and personal use. Without a strategy or tool for password management, and with diverse requirements for password complexity utilized by each online service, periodic requirements to replace passwords, she often uses low-security passwords, resorts to writing them down, and even so, she has on several occasions lost access to important documents such as encrypted e-mails by the tax authority, due to misplacing a password. For this reason, she finds the idea of an identity managed via a hardware key or card, ie. a centralized “something you have” method of authentication, to be extremely enticing, without particular preference for the sovereignty dimension of such identity approaches. In fact, she mentioned that the very reason she grew to like credit cards over cash is the way they are “resistant” to theft, with the ability to lock and replace them if needed. She sees the event of a self-sovereign key being compromised or lost “as if someone moved into her apartment and she couldn’t throw them out”. She had similar worries about multi-key approaches where a master key would still need to be secured by her, but she liked the idea of family members being able to re-authenticate her in case of a key loss, and if existing institutions, such as banks or government, would take on the authorization of this aggregate identity, she’d accept this approach in order to have the same comfort and peace of mind she enjoys with credit cards.

Speaking of being independent of institutions in terms of identity, she expressed a conservative sentiment that she grew up with the model of trusted institutions vouching for one’s identity, and this is still the status quo with passports, credit cards and drivers’ licenses. Feeling comfortable

30


with this, she would prefer evolutionary improvement of the same framework rather than a fundamental change.

4.3 Carol

Carol is a social scientist researching gender and sexual practices, and is involved in political activism for LGBTQ and women’s rights. Being an expat, and having lived in multiple countries while studying or doing research on scholarships, she uses the Internet extensively for keeping up with distant circles of friends, and managing bank accounts abroad. Her scientific work also has her using online services for research and academic correspondence. Frequenting hackerspaces and being in contact with people living on the bleeding edge of technology through university life, she has heard of cryptocurrencies and blockchain early, and was intrigued by the technical novelty of them, yet seeing them mostly as an economical and technical curiosity rather than a practical tool. She considered buying Bitcoin, but after the price of one BTC first hit $1000, she considered it already too inflated as a speculative asset. Being involved in political activism, she’s aware of end-to-end encryption tools. During the Snowden scandal, she became interested in online security, researched ways to keep her communications secure, and keeps herself up to date in online security by reading educational material regularly, and is very conscious about making sure her privacy and security are well taken care of.

While she doesn’t use PGP or other tools to secure her e-mail communication, she selected WhatsApp and Signal as her instant messaging platforms of choice specifically for their end-to-end encrypted nature. She also uses hard drive encryption with a password she built using a mnemonic technique for generating and remembering strong passwords in a secure way, and strong, randomly generated passwords for her online accounts stored in the KeePassX open source password management application. She didn’t proactively enable 2-factor authentication everywhere, but she does use Google Authenticator for Google mail, and a text message second factor for Yahoo mail. For one of her bank accounts, she was given a hardware RSA tumbler.

She decided to consciously forego using aggregate identity providers, and instead registers to all services she uses separately. This is partly because she actively distrusts large Silicon Valley corporations, and also for the purpose of compartmentalizing various facets of her life she wishes to keep separate, such as her career as a scientist, her involvement in the BDSM sexual subculture, or her part-time income generating gigs. For the same reason, she makes sure to limit the information she discloses about herself on Facebook, even in private messages, and even with this level of precaution, she is uncomfortable with how much she needs to rely on these companies and how much data they hold about her life.

Carol’s security-consciousness carries over into her recovery strategies as well. Aware of the risk of losing access to her online life in a security breach or through losing a password or device, she

31


keeps a secure backup of her KeePassX database with her credentials, and using secondary recovery phone numbers that are owned by trusted friends where possible, and a series of identity verification questions she gave much thought to come up with. She also maintains a document in both hardcopy format and a cloud location that has the customer service contact numbers and verification information for a worst case scenario where she were unable to recover a compromised or lost account herself.

The irrevocable nature of current self-managed identity approaches in cryptocurrency networks is a major red flag for her. Having a cryptocurrency wallet compromised seems to her as “if someone stole your diamonds, [and] they are just gone, because you cannot track them”. She called it “kind of old fashioned.” If this issue could be mitigated by having a master key that can revoke as well as generate new subkeys, she’d consider it as good, but not necessarily better for the task of proving her identity on online services, as her current strategy of using different passwords tracked in a password manager application. Having a hardware key or smart card would carry the drawback of another physical thing to lose to have stolen. However, she said that if the secret could be made mnemonic so it could be memorized effectively, she would definitely see the benefit of this approach. Using a web of trust to recover lost identities seemed too slow and inconvenient to her, and especially in case of an identity breach, it is extremely important to react as fast as possible to prevent further damages. Neither does she like the idea of an organizational entity managing her identity for her, as she has very low trust in both governmental and corporate actors, and prefers independence whenever possible.

4.4 Diana

Diana is a web startup owner and business coach. She doesn’t consider herself to be a technical person, but uses technology excessively where it benefits her or makes her life more comfortable. She manages “almost all” of her life online. Beyond her banking, shopping, travel planning, and keeping up with friends, she even uses online “sharing economy” services such as AirBnB as an important source of income. As several other respondents, she’s also lived in multiple countries, and she holds dual citizenship (Australian and Hungarian), considering herself as being “independent of national borders”. For this reason, the idea of cryptocurrencies as a form of global money has definitely caught her interest, and she thinks there is much business potential in this new ecosystem. That said, she has not actively read up on it beyond the occasional news article, and her knowledge of blockchain technology is admittedly extremely shallow. Neither is she familiar with end-to-end encryption, either conceptually or with specific applications implementing it.

Her core motivations in her choices concerning identity management and security online are convenience and simplicity. She relies on Facebook for authentication whenever it is possible, and does not use second authentication factors. “It feels actually less safe,” she explained, as it’s

32


an additional point of failure that could be lost, and with both the password and the second factor gone, it would be very hard to convince the provider that you really are the owner of the lost account, and not an attacker. She has had bad experiences with online payment providers mistakenly flagging login attempts and transactions as suspicious, and considers such security practices to be a nuisance. When asked, she explained that she considers the threat of losing access to her identity online to be a non-issue. “It just cannot happen that you cannot identify yourself at all.” She does have separate logins for Facebook and Google, which is already two authorities vouching for her, and if she would lose access, she considers it a recoverable state, as she’d still have her state issued documents, and would attempt to talk to customer service desks through the phone and in person, and attempt to identify herself through traditional means.

Having a self-managed key would feel like a step up in both safety and convenience in her opinion, however, she would definitely worry about the possibility of losing it. So she would be happiest with a hybrid solution, where a state or organizational entity certifies her key, again mainly for reasons of convenience. She wouldn’t trust social authentication, as it would be exploitable by a resourceful social engineering attack, and she doesn’t see how having a master key and subkeys would lessen the pressure on her, having to keep the master key safe. Also as she travels a lot, keeping the master key safe and having it available when needed seem to be contradictory requirements. If it was stored in a secure location like a safe or bank lockbox, she could even be forced to travel across continents in case of an emergency to gain access to it.

4.5 Ethan

Ethan is working as a project manager working in the telecommunications and enterprise IT services industry. He has held former positions in order management, incident management and reporting, IT security auditing, and HR management. He is not a technical person, but works closely with technical people, and has a personal interest in technology as a hobby. He is also quite outspoken about his libertarian views, and distrust of institutions. He has been using the Internet from the dial-up days when he was a kid, and spends several hours online every day, for both work and leisure. He’s comfortable using the Internet for most life activities, and most of his work related activity happens online. He enjoys video games, and is highly invested in being a gamer, owning a virtual reality headset, and sometimes trading in virtual goods for real money. He’s familiar with end-to-end encryption, as his workplace uses such encryption technology for internal communication, with each employee having a smart card issued for authentication. The process of using his smart card for secure e-mails seems convenient enough for him, and never gave him difficulties. Except for banking and similar official business, most of his personal online activity is deliberately pseudonymous, using different logins with made-up nicknames on different forums, as he prefers to keep these Internet personas separate from each other, and from his civilian identity.

33


Ethan, being generally enthusiastic about technical innovations, is extremely interested in blockchain and cryptocurrencies, both from a financial, economical, technical and political viewpoint. He did not invest in cryptocurrencies as he found the extreme price movements too risky financially, but considers the innovation to be of great significance for political freedom, independence and privacy. It is interesting to note that even when I attempted to steer him away from the idea of cryptocurrencies to more general applications of blockchain technology, he returned again and again to talk about his interest in cryptocurrencies and Bitcoin specifically, and the potential of a digital cash system independent of institutions, that he (erroneously) believed to be completely anonymous to use.

He talked a great deal about his distrust of governmental and corporate actors, and how he is deeply troubled by both dictatorial regimes limiting freedoms in countries such as Venezuela or Turkey, and by unjust legislation in the free world, such as the criminalization of users of cannabis and other drugs, combined with growing state surveillance, slowly closing up the traditionally free zone of private spaces. Still, he admitted that his low institutional trust doesn’t always carry over to his everyday practices. He uses Google and Facebook extensively, even as he finds their data mining activities and cooperation with secret services disturbing. While aware of the chance that his accounts could be compromised, he would consider the complete loss of his online identity to be only a minor inconvenience, more to do with his leisure activities than his real life.

He volunteered the idea of linking personal identity to a blockchain-based account himself, and expressed that he would find such a self-managed identity to be extremely useful in many situations. For situations where privacy and independence from state and organizational entities is important, such as in political activism, he would prefer an entirely self-sovereign solution, using a single signing key, or a master key with subkeys. He wouldn’t adopt such a solution on all fronts of his life, however. He considers the need for privacy and independence to be topical, and in most areas of his life, he is comfortable with living inside the system. Especially if the identity in question happened to hold large value, such as by storing his life savings in cryptocurrency or other assets, he would prefer having an authority or external organization manage it for him. “Who knows where that hard drive or lockbox will be in twenty, thirty years,” he explained his worry about having to secure his key for himself. “[While] Sony was hacked, so was NASA, the US Army, all the banks, so [I know] these aren’t impenetrable, but I think they provide you with additional security.” So ultimately, while he doesn’t trust organizations to be benevolent, he trusts them to take successful care of security, using backups and encryption, possibly much better than he himself could do it.

34


4.6 Fiona

Fiona is a young software developer working on blockchain projects. She considers herself an expert of Internet technology, and handles most of her life, work and private, through online channels. She keeps in contact with friends using social media, uses forums for keeping up with technical innovations, and handles all her financial operations through online channels. Being an early adopter, she owns cryptocurrency as a speculative investment, but doesn’t use other blockchain applications in her private life. In her eyes, they just didn’t grow up to offer truly useful services yet. While she is familiar with the theory and tools of end-to-end encryption, she never saw the need to use it for her personal communication. The potential consequences of her online communications being compromised just wasn’t big enough to make it worth the hassle.

She’s aware of the risks associated with using a single identity provider such as Facebook or Google to handle all or most of her online accounts, both in the possibility of a data breach, and through the chance that such an entity may use this position to gather data about her, and so she consciously chose not to use aggregate identity, and to register for each online service she uses independently with a separate set of credentials. She also uses one time passwords from the Google Authenticator application as a second authentication factor whenever this is offered by the service provider, to ensure the security of her account. Despite her security consciousness, she has never given it much thought what she could do if she lost access to an important online account in a breach. She said she would attempt automatic recovery options, and if these failed, she would contact customer service in a final desperate attempt. Not placing much trust in being able to successfully recover a lost account, she’s more focused on making sure her accounts are not lost in the first place.

Using a self-managed key to handle her online identity would give her a feeling of increased safety and confidence. While she “doesn’t see any field where it would not be useful”, she thinks it would provide the most benefits in areas where particularly high risk, sensitive data is being processed, such as banking or identifying herself to government services. She is aware of the risks involved in using a self-managed identity, and considers it a superior solution to the status quo nevertheless, and would be glad to expend the necessary effort to keep her signing key safe. Of the recovery options, she would prefer using a self-owned master key by far. She sees the option of having an institutional identity provider as a return to the status quo, and considers social authentication based on a web of trust inconvenient for people who aren’t extremely social to begin with.

35


4.7 George

George is a mathematician and software developer working on blockchain applications. He published an article about auditing public blockchain smart contracts on the Ethereum platform for vulnerabilities, and considers himself deeply involved in the forefront of blockchain technology and cryptography. He manages most of his life online, including shopping, finances and communication. He has lived in multiple countries, and so has foreign bank accounts he accesses exclusively online, and academic connections abroad he keeps up with using the Internet. He sees great potential in public blockchain applications and cryptocurrencies, so he owns a speculative investment portfolio of these. However, he hasn’t used other blockchain applications in his personal life beyond for the purpose of learning and experimentation. Also, while he’s familiar with end-to-end cryptography tools, and has experimented with PGP, he is not using it for actual communication. Being a “security geek”, he expressed a level of shame for this, but he finds such tools inconvenient, and he hasn’t found a reason to accept the inconvenience considering the risk profile of his personal online correspondence.

He uses one time passwords from the Google Authenticator application as a second authentication factor for Google mail, and a physical RSA code tumbler for his Italian bank account. The latter was required by the bank, and he found it to be more of a hindrance than a benefit. He actually closed another bank account in frustration when they would have required him to fly to Italy and get an additional authentication vector from them in person. Indeed, while being a self-described security geek, he made a conscious decision based primarily on convenience to trust Google as his aggregate identity provider, and uses his Google credentials to log onto all online services that allow this. In a lesser extent, he uses Facebook’s similar service as well. While he is aware of the threat of a central identity provider getting compromised, he believes that Google or Facebook going rogue or being hacked is much less likely than his own personal security failing due to malware or user error on his part.

He is ambivalent about the idea of attaching his identity to a self-managed key, for this very reason. While he would prefer the added safety provided by it in theory, he would be afraid of losing his key or of it being stolen due to insufficient security precautions. For recovery solutions, even with the low trust in his own security, he rejected the idea of a centralized identity management by a corporate or government actor, citing the pitfalls of bureaucracy, exemplified by his bad experience with the Italian bank, and considered a self-managed master key to be too much of a single point of failure. Therefore, if he had a choice, he would use a community recovery scheme based on a web of trust, as it provides the most distributed security model with least single points of failure, even if in a truly catastrophic scenario, getting in contact with acquaintances may become equally impossible as retrieving a master key that was physically stored somewhere.

36


5 Analysis

5.1 The worth of self-sovereignty

The most immediate revelation noticeable in the narratives is that the “future is already here” in that most of the respondents, even those seeing themselves as late adopters and non-technical, use online services almost to an exclusive degree for managing the common tasks of their lives such as shopping or banking. While the respondents were purposefully selected from a sample of active everyday users of information technology, the degree to which the respondents rely on the Internet proves that online communication is no longer an incumbent, but a highly mature technology, used comfortably by people from all demographics. Blockchain, in contrast, still seems to have a major roadblock to overcome in both practical applications and gathering user interest, as respondents often knew little beside the headlines about Bitcoin prices, and even the two blockchain experts, who work with this technology every day, see it as highly immature technology, standing today without any merits for everyday use beyond price speculation with cryptocurrencies. However, relatively new identity management solutions, such as cryptographic password managers, are actively being used by people, and interestingly it weren’t the professional technologists who proved to be the earliest adopters in this case. The similarity between a password manager application and a cryptographic self-sovereign identity, as mentioned in relevant literature (Eskandri et al., 2018), wasn’t lost on these respondents either. They consciously chose an identity management approach that can, for the most part, be considered self-sovereign within the limitations of today’s Internet ecosystem. While they were the earliest adopters of such a technology, they weren’t alone in the appreciation of self-sovereignty. In the light of the narratives gathered from the respondents, it can be said with confidence that self-sovereign identity as a concept was generally seen as enticing and valuable by the respondents, even if they had other considerations that would stop them from actively moving in this direction.

This eagerness for a self-sovereign solution was motivated mainly by frustrations expressed by several respondents with identity handling in current web applications. These frustrations came from both a convenience, and from a privacy viewpoint. Passwords, separate for each service, especially with the password strength requirements often placed on users, and divergent forms of two-factor authentication were seen generally as inconvenient, bothersome, and even unsafe. Conversely, in the field of privacy, the Snowden and the Cambridge Analytica scandals have certainly seeped into the respondents’ consciousness, and discomfort with data mining, mass surveillance, and the business model of social media companies showed to be issues and sources

37


of discomfort for several respondents. How each user chooses to respond to this discomfort, however, seems to be what makes the difference.

5.2 Users’ underlying values

Using a categorizing analysis, grouping similar sentiments from each interviewee, an inventory of values emerged that underlie their decisions concerning online identity. These included fundamental cultural values as described by Ajzen (2001), as in summary evaluations of abstract concepts such as the right to a private sphere online, as well as cognitively grounded attitudes toward certain features or issues, arising from experiential sources such as problematic incidents in the past.

5.2.1 Conservatism

Conservatism, as comfort with the status quo, and a preference for solutions that feel familiar and easy to navigate using existing knowledge was brought up most prominently by Beatrice. She expressed a level of pride on being a late adopter, and specifically preferred an institutional authority managing her identity for reasons of familiarity with existing solutions such as state identification and credit cards.

5.2.2 Convenience

Convenience was a core value expressed by almost all respondents I spoke to. The freedom to stop worrying about online identity, and just have it magically work, is something most users seem to really long for. This value, interestingly, divided the respondents in how favorably they viewed the status quo from its vantage. For example Beatrice expressed deep frustration with how identity management works (or rather, doesn’t work) for her, while others, such as George or Diana, were quite happy with the convenience provided them by aggregate identity providers. (cf. Productivity)

5.2.3 Independence (political)

Independence as a cultural value, when it was brought up by respondents, was important enough that it informed user behavior strongly in important matters, most notably in not relying on aggregate identity providers such as Facebook or Google. Alice, Fiona, and Ethan decided to instead individually register for each online service they use, despite the relative inconvenience. Some interviewees, like Alice, even mentioned specific strategies to protect themselves from assimilation and customer lock-in by Facebook, through independently making sure they have the phone numbers of each acquaintance they are in contact with.

38


5.2.4 Independence (practical)

The wish of being independent from institutions and bureaucracy, contrary to independence as a value, was mentioned without any political or privacy-related connotation, and as a practical reliability and convenience factor. Carol mentioned the ability to act with speed in emergencies as an important benefit of this form of independence, as instead of having to wait for an institutional actor, she could just mitigate a breach using her own master key (which she’d prefer to hold in a memorizable, mnemonic form). A similar sentiment was mentioned by Fiona. Bureaucratism, overprotectiveness and prioritizing security to the detriment of user-friendliness was a major accusation toward current centralized identity providers from several respondents, and being free of what they saw as counterproductive pestering was mentioned as an objective good. For example Beatrice, otherwise a conservative late adopter, saw this bureaucratism in password strength requirements and mandatory periodical password changes. George generalized a deep frustration with the tendency to oversecure, from his experience with an Italian bank requiring him to travel to Italy to accept a second authentication factor. Diana, similarly, found the idea of 2-factor authentication pointless, and more a burden on legitimate users than a valid protection against attackers.

5.2.5 Productivity

Diana was quite devoted to convenience, but her real focus was on getting her job done, while everything else “just works” for her. Productivity as a value was strongly shared by Beatrice and George as well. (cf. Convenience)

5.2.6 Privacy

Privacy as a social value was held it in very high regard by those who mentioned it. Alice and Carol, specifically, were very clear about how they consciously control their online behavior to protect their private sphere, and Ethan was also extremely vocal about the value he places on privacy. Lack of respect for privacy in the current Internet, especially on social networks, was a cause for great discomfort for several interviewees.

5.2.7 Recourse from human error

The freedom to make user errors and get away with minor inconveniences, seemed to be extremely important to several respondents. Beatrice was particularly upset by the thought of having a (master) key compromised with no recourse. “As if someone had moved into her apartment,” she described it. For George it was paramount, to the point of souring him on the thought of self-sovereign identity entirely, and even Ethan, despite his low trust in institutions,

39


found the siren song of having recourse for mistakes to outweigh his wish for privacy and independence in most situations.

5.2.8 Savviness

Savviness, the cultural value of being a tech geek, of being at the forefront of technology came up as implied, and sometimes proudly expressed self-identification. George self-identified several times as a “security geek”, while Carol and Ethan, who are non-technical professionals, seemed to be motivated by their “nerd cred” to get involved with, learn about and possibly use blockchain-related technologies. Being the future, the technical bleeding edge, blockchain was seen as highly enticing by mainly the two technical professionals, as well as Ethan, a tech enthusiast. George even went so far as to express shame about the discrepancy between his own “geekness”, and reluctance to use end-to-end encryption and blockchain technologies more in his online life.

5.2.9 Security and safety

Security and safety, somewhat separate from privacy and independence, was also mentioned as desirable by some respondents, however, it was always a somewhat secondary concern beyond other values. Several interviewees specifically said that they actively ignore the risks they intellectually know they face in their online lives.

5.3 Some user beliefs

Similarly to the values above, a number of common beliefs about technology, specifically online identity solutions, and about how it supports or opposes these values, emerged from an analysis of the interview texts.

5.3.1 “Passwords are inadequate”

The sentiment “I tend to forget knowledge based credentials” came up most prominently in Beatrice’s narrative, where it became the main driving force behind her eagerness for alternative solutions, whether self-sovereign or not. Less pronounced, but a similar sentiment was echoed by Diana, who expressed a preference for physical tokens used in ownership-based authentication for the reason of convenience.

5.3.2 “Physical tokens are inadequate”

“Tokens used for ownership-based authentication may potentially be stolen, destroyed, or otherwise unavailable when needed” was a centrally mentioned worry of Alice, Carol and Ethan,

40


and also came up to a degree in Diana’s narrative, as she considered the second factor in a 2-factor authentication to potentially work more against her than for her, through getting lost or stolen. Alice was worried that “she was prone to losing things”, Beatrice considered the damage from losing a master key for a hierarchical identity too high to accept, while Ethan worried about the key being destroyed in a fire, flood or other catastrophe. Beyond the concept of losing the key, the availability of a physical object also came into question, especially if it needs to be kept secure, such as a master key. Carol specifically said that she would greatly prefer a memorizable, knowledge-based representation of the secret key, while Diana said that her international, traveller lifestyle would make a recovery based on a physical printout or hardware key severely impractical.

5.3.3 “Service providers can’t be trusted”

Several interviewees expressed a very negative view of large online companies acting as identity providers, particularly social media giants, citing news stories about Facebook’s ethically questionable practices using and selling user data, and stories of data breaches. Alice, Carol and Fiona are so invested in this belief that they consciously limit their use of such online services to protect their private sphere.

5.3.4 “I cannot be trusted”

“I cannot be trusted to adequately take care of my information security” is how this belief can be best summed up. Ethan and George expressed in very similar terms that they consider the chances of a successful breach, or an irrecoverable destruction of data held by a major organization to be much less likely than a similar incident happening to data kept by themselves. George example explained that while self-sovereign identity feels safer than knowledge-based authentication, he cannot place enough trust in his own ability to keep his key safe, and would rather trust Google or Facebook to do the same for him. Note that this belief most certainly does not equate to high institutional trust, as both Ethan and George expressed a level of distrust of organizations, it seemed to be more a level of anxiety connected to security questions. (cf. computer anxiety, Venkatesh, 2000)

5.3.5 “Self-sovereign identity is safer”

Several respondents rated very highly the relative safety of a self-sovereign, cryptographic identification compared to the status quo. While it didn’t necessarily drive their intentions, this belief was quite pronounced in Diana, Ethan and Fiona.

41


5.3.6 “You can’t prepare for a real emergency”

This sentiment came up primarily with Ethan, but also to a degree with Beatrice and George. To a certain degree it seems to mirror some beliefs above, notably “I cannot be trusted” and “Physical tokens are inadequate”. This belief however is not primarily about one’s own ability to maintain adequate security, or whether ownership or knowledge based authentication is better, but rather a consideration that long-tail risks such as wars, catastrophes or even losing all of one’s papers and communication devices in a foreign country are risks the consequences of which no preparation can adequately mitigate, and therefore it’s best to attempt to avoid or ignore them.

5.3.7 “Identity should be recoverable”

All respondents expressed a degree of worry about losing their keys, tokens or passwords, and some even mentioned that they would rather refrain from using self-sovereign identity as long as it is not recoverable in the case of data loss, physical loss or forgetfulness affecting the signing key. (Others, however, were more willing to accept and work around this threat through devising a secure and safe key storage strategy.)

5.3.8 “Transactions should be revocable”

While the core promise of blockchain was irrevocability of transactions (Aste, 2017; Nakamoto, 2008), the usefulness or even desirability of this design decision was questioned by several respondents. For them, the finality of theft on today’s cryptocurrency networks was extremely disappointing. Beatrice and Carol, two respondents of entirely opposite values and characteristics expressed, in very similar ways, the thought that this feels like a definite step back into the past, where cash or other physical valuables could be stolen with no real possibility for recourse or recovery.

5.3.9 “One key good, many keys bad”

Beatrice and Diana were extremely enthusiastic about the promise to replace their many different passwords and online credentials with a single, core identity authenticated using a single key they can use, regardless of whether that key is physical or knowledge-based. For Beatrice, getting rid of the current multitude of authentication methods they are forced to use was the core reason, and maybe the only reason why they would consider self-sovereign identity useful; or at least it overshadowed for her all other considerations of security, independence and privacy. This belief seems to be behind the decision of some respondents to use aggregate identity providers, and for others, behind their adoption of password manager applications.

42


5.4 User archetypes

The following are not complex personality models, rather, as the name suggests, are symbolic archetypes built around core values and ways of thinking and acting that may capture some relevant part, but not the entirety of how we operate in real life. One person may embody one or more of these, maybe at the same time. Ethan was a good example for this, who admittedly had two very different behaviors and sets of preferences for online behavior for different life situations.

Figure 4. Values and beliefs behind online behavior by user archetype

The archetype significantly differ in what values and beliefs motivate their actions. Figure 4 above explores this relationship, connecting each inventoried value and belief to the archetypes for whom they are core motivators. Note how a certain value may drive very different behaviors, such as Security, which in the Self-doubter results in a level of paralysis, and a reliance on external providers, while in the Cyber-conscious, drives an active desire to keep one’s online identity in one’s own hand.

43


5.4.1 “The pragmatist”

A recurring pattern among respondents was the kind of user mentality that Steve Jobs seems to have based his Apple marketing on: that technology should “just work”. These pragmatist users have enough on their plates already as business owners, managers, professionals, and refuse to be bothered by technical details. Motivated primarily by convenience and practicality, they were the quickest to dismiss or accept the risks inherent in outsourcing their identity and data to online providers. The pragmatist, however is not a lost child in a jungle, unaware of their surrounding. George, one of the most technical-minded respondents, a professional cryptographer and developer, expressed views somewhat closely reflecting this pattern. Diana, another believer in technology just serving her from the background and requiring no particular attention, is a web startup owner, and as such very well informed for a non-technical person. They simply have better things to worry about.

Pragmatists are not invested in centralized identity providers or the status quo in any way other than the fact that it works. They just use them because this looks like the simplest, fastest, cheapest and most productive thing to do at the moment. They look at self-sovereign identity as a valuable and potentially great tool, Diana for example was quite enthusiastic about the concept, but they simply refuse to accept any setback in their convenience and thus productivity to entertain such newfangled solutions when the existing ones work for them flawlessly. Pragmatist users are hard customers, unlikely to be early adopters unless an innovative solution awes them with a clear value proposal that translates into a simpler life, and less energy spent on facilitating their digital lives, leaving more for actually getting on with working and living. However, if such a proposal were to arrive, they would be first to switch over.

5.4.2 “The self-doubter”

Self-doubting users are primarily driven by their anxiety around online security, along with a very strong preference for security and safety. They wish to stay safe without having to worry about security and safety, and to offload the burden of risk and responsibility for someone else to worry about.Self-doubters tend to worry quite a bit about long tail risks. It’s not so much having the freedom to do their work unfettered by technology that worries them, rather things like “what would happen if war broke out, or if an earthquake or a flood hit?” They value security high, but regardless of their trust in institutions, they have a comparatively low trust in their own personal security, and this drives them into the arms of centralized providers, whether gladly or grudgingly (Ethan would be a good example of the latter, who from a political standpoint distrusts institutions for their intentions, but trusts their security measures).

It is interesting to note that this type of user is quite aware of the threats faced by institutions and by users of centralized providers, both through acts of the providers themselves, and through data

44


breaches. Ethan, who, in situations that don’t require high levels of privacy, exhibited this archetype, listed quite an inventory of his knowledge of high-profile data breaches and dragnet data gathering, and finished up the sentence by explaining how he still believes his data would be more secure on a cloud server than in his own apartment. While these users want security and convenience, they are defined just as much by what they do not want: responsibility.

While they consider the idea of self-sovereign identity cool, it is probably these users who would be the last to adopt it in any way, unless a comprehensive solution could be offered them that takes all responsibility for securing their identity off their shoulders.

5.4.3 “The cyber-conscious”

Cyber-conscious users value security and privacy to a very high degree, and are willing to expend effort to create an adequate level of both according to their own level of comfort. They might be technical enthusiasts, or emotionally involved in political and human rights topics, and so are highly motivated to learn and work to stay in control of their digital footprint and identity. For them, securing their digital identity is not a hassle, as it would be for the “pragmatist” users, nor a hopeless battle as for the “self-doubters”, but rather an enjoyable and important part of their lives, their identity, and an activity important for them to feel free and in control.

While this user archetype could in some cases be a tinfoil hat war prepper, who looks upon the entire world with distrust and assumes all secret services are after him (as a popular example of this, Hunter S. Thompson comes to mind), this doesn’t have to be so, and none of the respondents in this study who exhibited this archetype were even remotely like that. The most notable respondents of this type were Alice and Carol, who both took very deliberate, calculated steps to keep themselves safe by not using aggregate identity, by utilizing password managers, by limiting their social media sharing, and in the case of Carol, actively compartmentalizing her online identity. These steps were clearly taken according to a realistic analysis of the threat model they face, whether consciously or unconsciously; for example, both of them were active on Facebook for reasons of convenience, but made sure that it was they who used social media, as opposed to being used by it.

These “cyber-conscious” users are aware of the risks involved in their online behavior, and change and adapt their behavior according to their ability and willingness to accept such risks. They do not reject managed identity and existing service providers in a wholesale manner, but neither do they attribute particular value to them. All respondents of this type were interested in, and enthusiastic about the idea of self-sovereign identity, and this type of user seems to be the most prepared to accept, and take conscious steps to mitigate, the risks involved with adopting it. In fact, Alice and Carol have already taken a step in this direction by using password manager applications.

45


It is notable however, that precisely because of the conscious approach of these users to online security and identity, they are unlikely to rush headlong into a new technology without seeing that it is in fact superior to their existing practices, is worth the effort and potential expense, and will actually benefit their security and privacy as opposed to hurt it. While in a way an opposite of “it should just work” users, they share their practical and demanding approach to new technology.

5.4.4 “The futurist”

Futurist users see technology as an end to itself rather than a means to an end. Whether to learn and thus be ready for the next wave of innovation with professional expertise that can then be turned into a lucrative job or business opportunity, or just to pass time and enjoy technology as a playground, these users are out specifically to ride the bleeding edge. This mentality was exhibited to some degree by all respondents who were intimate with technology, but it varied greatly how much it translated into actual behavior online. George, for example, expressed regret and a level of shame for not spending more time and energy using end-to-end encryption.

Currently, this type of user seems to be the primary early adopter of both blockchain and self-sovereign identity technology. It’s not so much the actual benefits, but rather the promise and sheer novelty of these solutions that draw these users in, and that is probably all right, as this very early adopter user base, with its playfulness, creates a low-stakes playground for testing and developing these tools for the future. While motivated by the political questions of online privacy and sovereignty, these are primarily coveted by futurists as “cool new technical features” rather than being sought for their actual political and human rights content, as is more the case for cyber-conscious users. (cf. computer playfulness, Venkatesh, 2000)

5.5 Designing for the archetypes

Blockchain technology is an emergent field with several startups and large companies aiming to build solutions utilizing it. One of the motivations behind this study was to lay down some groundwork on the topic of how blockchain applications could be designed to appeal to users. In the following section, some approaches are presented for this, based on the preferences and beliefs of the user archetypes described above.

5.5.1 Increased trust at no user cost

Blockchain solutions can, and are being used leveraged to increase the accountability of service providers and institutions (Aste et al., 2017, Sullivan & Burger, 2017). Online sovereignty does not need to be reached through a purely technical solution; technical tools to ensure strong Availability, Integrity and Non-repudiation of transactions concerning user data, something

46


blockchain is particularly good at (Aste et al., 2017), along with legal protections that are increasingly being adopted worldwide should lead to a more democratic and safer Internet.

This approach can be expected to be welcomed by all users, but is a particularly good fit for the self-doubter and pragmatist archetype, as such solutions expect no added effort or responsibility from their adopters, while at the same time can honestly claim real benefits derived from the practical application of bleeding edge technologies.

5.5.2 Hybrid identity models

It is, to a certain degree, possible to have the cake and eat it too. While self-sovereign and managed identity seem to exclude each other, again the strong Non-repudiation feature of blockchain technology (Aste et al., 2017) allows for very strong oversight on the operations an identity provider undertakes regarding a user’s public key certificates in a PKI-like approach to identity. Any misconduct or compromise of the provider should become immediately obvious, and given appropriate technical capabilities and legal assurances, reversible.

This approach should be most welcome by self-doubters, as it provides them with safe recourse from mistakes they might make, while at the same time allowing for most benefits of a self-sovereign identity. Depending on the actual usability and the legal framework overseeing it, the same may also draw in pragmatist and cyber-conscious users, as well as futurists for its novelty.

5.5.3 Less painful self-sovereignty

As discussed in the introduction and theory section, self-sovereign identity on public blockchains already exists, but it is wrought with usability challenges (Eskandri et al., 2018; Krombholz et al., 2016). A software or hardware solution that makes the actual motions of managing a self-sovereign identity easier, including various optional recovery mechanisms would be sure to gain traction among early adopters. A development fitting this mold, the so-called hierarchical deterministic wallets using a mnemonic phrase for generating a chain of signing keys to be used on a public blockchain (Eskandri et al, 2018), have gained widespread adoption already within cryptocurrency users.

These solutions should primarily appeal to early adopters: futurist users, and depending on the actual quality of implementation and usefulness, the cyber-conscious.

5.5.4 Choosing authentication form factors

A notable theme was that users find both “something you know” and “something you have” authentication unreliable. Biometric, “something you are” or “something you do” authentication,

47


possibly due to their low market penetration even with their prevalence on smartphones, did not appear mentioned in the narratives. Most attempts to make online identity more secure today seems to go in the direction of 2-factor approaches, where one needs both knowledge of a secret, and access to a physical token to prove their identity. However, looking at the respondents’ narratives, it might be a better choice to offer users an option in the case of self-sovereign identity implementations: eg. a hardcopy key and a mnemonic phrase, either of which would allow the user to successfully identify.

Users generally seemed to be more affected in their everyday lives by loss of credentials rather than by theft, and this informed their preferences greatly. Of course, such a decision would limit security against a potential attacker, however this could be mitigated by allowing the user to manage a hierarchy of keys, or through a social re-authentication scheme (such schemes, again, should be made optional, as respondents diverged greatly in the level of trust they would place in their circle of friends or family for purposes of identity recovery).

48


6 Discussion While the inventories of values and beliefs are simple and clear enough to directly inform the design of questionnaires or quantitative experiment protocols, the archetypes do not give themselves readily for quantitative operationalization. As described earlier, these generalized narratives of user thinking and behavior were built by reading and re-reading the interview texts, and identifying common patterns, and are more geared toward a holistic approach to technology acceptance. To find key points of these narratives relevant to existing scientific debate in the field, and help operationalize certain aspects, in the following they are reviewed in the light of the literature that informed the Theory section.

6.1 Anxiety and playfulness

Venkatesh (2000) attributed an anchoring effect of perceived ease of use in the Technology Access Model Davis (1989) to the affective factor of computer anxiety, and the intrinsic motivation factor of computer playfulness. Considering the results of this study, there seems to be reason to consider the refinement of the concept of computer anxiety. This measure was accepted by Venkatesh (2000) only after careful validation, given that even in the year 2000, the days when computers were a frightful novelty at workplaces were long gone. His backing research showed the variable to be alive, and a reliable determinant of ease of use. Even in this research, a level of computer anxiety was mentioned by one respondent, Beatrice, who, despite using computers extensively for her work, is still to a degree uncomfortable with them, and with her perceived lack of aptitude. There emerged a much more interesting potential factor however. Looking at the archetype of the Self-doubter, and sentiments expressed by Ethan and George, both of whom are self-styled “computer geeks”, with a very high apparent computer playfulness, and no mention of any anxiety about computer use at all. However, as Self-doubters, it was most certainly anxiety that informed several of their technology acceptance intentions and behaviors. The field of security and identity seems to be a field within a field where even experts fear to tread. I so propose the variable of security anxiety for future validation in refining the precursors of perceived ease of use in security-related technology acceptance situations, as a domain-specific form of the more generic computer anxiety. This potential variable seems to be supported by other previous research as well that looked at low user adoption of encryption technologies (Andersen, 2016; Bai et al., 2016; Carayannis & Turner, 2006; Krombholz et al., 2016).

In a similar vein, refining general computer playfulness into security playfulness could potentially help operationalize the difference between the intrinsic motivations of computer geek Self-doubters, and Cyber-conscious or Futurist users, all of whom seemed to possess a very high

49


level of computer playfulness, even as their intentions and behavior concerning online identity and security diverged greatly. An interesting question to observe in a quantitative manner may be the correlation of security anxiety and security playfulness, as well as a potential distinction of these measures as pertains to live system use where the innovative technology is utilized to secure significant real life value, or situations, where the technology is utilized only with the intention of learning and becoming familiar with it, or as a form of hobby activity, with comparatively low values being secured through it. George, being a cryptographer and a blockchain expert, was quite playful and intrinsically motivated to explore new encryption and identity technologies, and earned his salary conceptualizing and building systems for others to use, however, exhibiting the Self-doubter archetype, was too anxious to utilize these in his own personal life.

Figure 5. User archetypes by playfulness and risk aversion

Looking at the archetypes through the lens of the proposed concept of security playfulness, as well as their acceptance of, or aversion to risks encountered online, a quadrant model seems to emerge as shown in Figure 5. Note that this figure only considers playfulness, ie. the intrinsic motivation to learn about and experiment with technology for its own sake, as the horizontal axis, without any statement about the above mentioned security anxiety dimension. While respondents who mentioned a level of anxiety about certain tasks involved in securing their online identity, such as Beatrice being frustrated by the task of maintaining strong passwords and remembering them, this did not translate for them into a generalized anxiety about security online, however, neither were they motivated to seek out novelties and play with technology for

50


the sake of exploration. The vertical axis, risk aversion, shows the level of attention these archetypes seem to place on actively mitigating real or perceived risks in their technology use. While Futurists may pursue new technologies for the sake of learning and play, they tend to think more in terms of future benefits of such technologies, and place little emphasis on the risks involved therein, while the Cyber-conscious are more goal-oriented in their technology use to secure their online lives, and they tend to ensure to the best of their abilities that they do not take on more risks with a new technology than what its use potentially mitigates.

6.2 Self-efficacy

In following with the above line of thought, it is possible to fit the concept of self-efficacy (Bandura, 1982; Venkatesh & Davis, 1996; Venkatesh, 2000) into this framework. According to Venkatesh (2000), a statistical link between computer self-efficacy, computer playfulness, and (as an inverse link) computer anxiety was observed. This makes sense, as people seeing themselves as being more proficient using computers may be inclined to feel more at home, and thus be less anxious, and more playful using the system. Also, playfulness can be expected to actively translate into learning, and thus a higher level of self-efficacy belief. In the narratives observed, some of these links seem to be questioned, as shown above in the case of George, who, being a security and blockchain professional, comfortable with teaching large audiences on these topics and providing expert advice to businesses, can be expected to exhibit a high domain-specific self-efficacy along with the high level of playfulness mentioned above.

A potential solution to this apparent paradox may be, again, a separation of security into two domains. One domain, with its own self-efficacy belief, is a scholarly, abstract field where systems are tested, experimented on, and potentially developed and deployed for organizations to use, while the other domain is applying security best practices and maintaining a high level of security in one’s own professional and private life online, with a very different self-efficacy belief. It is quite possible that self-efficacy measures between the two domains do not correlate, and even an inverse correlation may be possible, given the fact that those highly informed in the topic of online security may hear disproportionately more about potential breaches and incidents compared to situations when precautions were sufficient, and threats were averted.

6.3 Acceptance of risk in old and new technologies

In a proposed extension to the Technology Acceptance Model, Featherman and Pavlou (2003) proposed the factor of perceived risk. It entails the negative usefulness, ie. the potential harm that could come from adopting a system as opposed to staying with the status quo. As an example, driving a bicycle may carry the perceived risk of a fatal accident, which would be far less likely when walking. In the belief inventory, a number of beliefs about perceived risks of various

51


technologies and solutions were identified, such as the risk of the irrecoverable loss of a self-sovereign identity, or the risk of personal data abuse by online companies. TAM literature tends to concentrate on the acceptance, and thus the specific traits of, and beliefs about new technologies, however it might be interesting to observe the interplay of beliefs about incumbent technologies and behavior as well, as it became quite clear from the narratives that both the Pragmatist and Self-doubter archetype seem to be more tolerant of risks in incumbent systems they are used to, and are comfortable utilizing, while innovations are more easily rejected based on the dimension of perceived risk.

6.4 Result demonstrability

In the Technology Acceptance Model 2, Venkatesh and Davis (2000) provided a set of precursor variables to perceived usefulness, including result demonstrability. This factor measures how easily a cognitive link can be made between the use of a technology, and the benefits it provides. If the benefits are invisible, or are hard to connect to technology use, the perceived usefulness may become lower. This seemed to be a particularly important observation when analyzing the above narratives about security. It can be expected that technology with primarily preventive benefits may have an intrinsically low result demonstrability, as can also be seen in the societal discourse about vaccinations: with no personal experience of infectious plagues, the technology preventing their recurrence is rated down in its perceived usefulness. Similarly, self-sovereign identity technology would primarily protect from personal injuries coming from an increased reliance on private services built on dictatorial models; and while such injuries do occur time to time, the respondents haven’t suffered such problems, and any incidents they had with their service providers were successfully resolved.

6.5 Value conflicts in online identity

Leidner and Kayworth (2006) argued in their study that technology is not devoid of values, and its acceptance is much more a deep cultural exchange formed by, and forming cultural values. The idea that values are attributed to technologies as a form of prejudice provides a new vantage point on the value inventory compiled from the narratives. In the above analysis, a number of emergent narratives were identified about cultural values mentioned by respondents, and it was observed that most respondents had thoughts about what values the various technologies of online identity align with, and how this meshes with their own value statements.

Figure 6 above shows the conflicts and agreements as expressed by interviewees between the inventoried values, and respectively the incumbent managed identity technologies such as Facebook and Google sign-in, and self-sovereign identity technologies such as public blockchains and GPG. In Leidner & Kayworth’s (2006) terminology, this is the dimension of

52


contribution conflict, ie. a conflict between one’s own values and the values attributed to the technology in question. In the figure above, an agreement means that respondents considered the respective technology to be supporting or embracing the value in question, while a conflict means they considered the technology to be in hindrance of, or even fundamentally antithetical to it. An ambivalent link, noted by a brown dot-dash line, was added where the technology was considered to have significant interplay with the value, but both in a positive and negative manner.

Figure 6. Perceived alignment and conflict between values and identity technologies

As shown above, the most prominent conflict was between values of independence (both practical and political), privacy, and the incumbent managed identity providers such as Google or Facebook. This conflict resulted in a decision by several interviewees to actively limit their use of such providers, while for others, was a source of discomfort even with a high level of utilization of such technologies. I expected to see more contribution conflicts involving self-sovereign identity, but possibly due to little knowledge about such systems, this dimension did not materialize to a significant degree in the respondents’ narratives. The values of convenience and productivity were particularly interesting in this light, as these were key drivers of the behaviors of several users, but there was disagreement among people, and even within the narratives of a single person, about how each technology relates to these values. Even users who use managed identity providers for reasons of convenience and productivity, such as Diana or Ethan, recounted situations where this agreement broke down, and the provider became a source of frustration in a security incident or a false positive resulting in their immediate access to their identity being hampered. On the other side, a very similar pattern could be observed connected to self-sovereign solutions, with a very pronounced agreement assumed between these values and the everyday use of a well-streamlined self-sovereign system, eg. through the use of a hardware key; however, the threat of key loss was considered to be a major souring point on this synergy,

53


and the clunkiness and low reach of current implementations were considered to generally be worth more trouble than worth.

6.6 Further hints for operationalizing results

At their core, the archetypes are links between values, beliefs and behaviors, as shown in Figure 4. A quantitative study attempting to validate the findings of this soft exploration over a wider and more uniformized sample could measure the co-occurrence of the values, beliefs and technology acceptance decisions motivated by the archetype narratives, either in a questionnaire or an experiment format. Care needs to be taken as to the fact that a single person may exhibit different archetypal behaviors in different fields of life, as explored under sections 6.1 and 6.2.

The values and beliefs themselves need to be validated and standardized as psychometric scales for truly valid quantitative use. Some of them may be closely relatable to existing scales, while for others the process of standardization may form the basis of a study in itself.

54


Conclusion My study was motivated by the fact that there seems to be a limited amount of research on what value users ascribe to self-sovereignty, whether such a value is even ascribed at all, and what social or psychological mechanisms underlie the low market adoption of the readily available technologies, including end to end encryption and blockchain, that may help realize it. I began my inquiry with the goal of gaining a soft understanding of technology acceptance decisions in the security-critical area of online identity, and laying the groundwork for forming well-motivated, relevant testable hypotheses for future, quantitative inquiry.

Through the interpretive analysis of seven active users’ narratives about their online behavior and their reasoning behind it, an inventory of the values and beliefs that the respondents saw as central in forming their decisions, as well as four generalized narratives of how a user may reason about technology acceptance or non-acceptance in the sphere of identity, the Pragmatist, Self-doubter, Cyber-conscious and Futurist user archetypes. The study also looks at how blockchain-focused developments, either private or public, may use this model to cater to requirements that form a coherent whole, and would make the product desirable and usable to a certain user base.

Naturally, as delineated in section 3.5 Delimitation and bias, this study does not aim to state anything beyond a generalized retelling of the technology acceptance narratives of the seven specific individuals interviewed, and disclaims any statistical validity over a broader population. However, it fills a gap in the field by motivating and informing future inquiry in a little explored subfield of technology acceptance research. Further studies may operationalize the inventories listed here as psychometric scales, and attempt to validate or refute the generalizability of the archetypes over a broader population, both in number and cultural diversity.

Still, it is a hopeful sign that the respondents, regardless of technical aptitude, were eager for alternative, more self-sovereign solutions to online identity, even if the perceived risk of irreversible key loss and user error can be expected to be a prohibitive roadblock to mainstream adoption.

55


References 1. Ajzen, I. (1991). The theory of planned behavior. Organizational behavior and human

decision processes, 50(2), 179-211. 2. Ajzen, I. (2001). Nature and operation of attitudes. Annual review of psychology, 52(1),

27-58. 3. Andersen, J. T. (2016). The Quest to Secure Email: A Usability Analysis of Key

Management Alternatives. Master of Science thesis, Brigham Young University. 4. Aste, T., Tasca, P., & Di Matteo, T. (2017). Blockchain Technologies: The Foreseeable

Impact on Society and Industry. Computer, 50(9), 18-28. 5. Bai, W., Namara, M., Qian, Y., Kelley, P. G., Mazurek, M. L., & Kim, D. (2016, June).

An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for Key-Directory Encryption Systems. In SOUPS (pp. 113-130).

6. Balsa, E., Brandimarte, L., Acquisti, A., Diaz, C., & Gurses, S. (2014). Spiny CACTOS: OSN users attitudes and perceptions towards cryptographic access control tools. Proceedings of Workshop on Usable Security (USEC 2014).

7. Bandura, A. (1982). Self-efficacy mechanism in human agency. American psychologist, 37(2), 122.

8. Carayannis, E. G., & Turner, E. (2006). Innovation diffusion and technology acceptance: The case of PKI technology. Technovation, 26(7), 847-855.

9. Clippinger, J. (2015). A new kind of social ordering: self-sovereignty, autonomous trust and P2P parity. ID3.

10. Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS quarterly, 319-340.

11. Dunphy, P., & Petitcolas, F. A. (2018). A first look at identity management schemes on the blockchain. arXiv preprint arXiv:1801.03294.

12. Eskandari, S., Clark, J., Barrera, D., & Stobert, E. (2018). A first look at the usability of bitcoin key management. arXiv preprint arXiv:1802.04351.

13. Faísca, J. G., & Rogado, J. Q. (2016, September). Decentralized semantic identity. In Proceedings of the 12th International Conference on Semantic Systems (pp. 177-180). ACM.

14. Featherman, M. S., & Pavlou, P. A. (2003). Predicting e-services adoption: a perceived risk facets perspective. International journal of human-computer studies, 59(4), 451-474.

15. Fitzgerald, B., & Howcroft, D. (1998). Towards dissolution of the IS research debate: from polarization to polarity. Journal of Information Technology, 13(4), 313-326.

16. Folkinshteyn, D., & Lennon, M. (2016). Braving Bitcoin: A technology acceptance model (TAM) analysis. Journal of Information Technology Case and Application Research, 18(4), 220-249.

56


17. Gonzalez, R., & Dahanayake, A. (2007). A concept map of Information Systems research approaches. In the Proceedings of the 2007 IRMA International Conference, Vancouver.

18. Krombholz, K., Judmayer, A., Gusenbauer, M., & Weippl, E. (2016, February). The other side of the coin: User experiences with bitcoin security and privacy. In International Conference on Financial Cryptography and Data Security (pp. 555-580). Springer, Berlin, Heidelberg.

19. Leidner, D. E., & Kayworth, T. (2006). A review of culture in information systems research: Toward a theory of information technology culture conflict. MIS quarterly, 30(2), 357-399.

20. Marangunić, N., & Granić, A. (2015). Technology acceptance model: a literature review from 1986 to 2013. Universal Access in the Information Society, 14(1), 81-95.

21. Maxwell, J. A. (2008). Designing a qualitative study. The SAGE handbook of applied social research methods, 2, 214-253.

22. McConaghy, M., McMullen, G., Parry, G., McConaghy, T., & Holtzman, D. (2017). Visibility and digital art: Blockchain as an ownership layer on the Internet. Strategic Change, 26(5), 461-470.

23. Mourouzis, T., & Filipou, C. (2017). The Blockchain Revolution: Insights from Top-Management. arXiv preprint arXiv:1712.04649.

24. Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. 25. Palatinus, M., Rusnak, P., Voisine, A., & Bowe, S. (2013). Mnemonic code for

generating deterministic keys. Bitcoin Improvement Proposals, 39 26. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital

signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126. 27. Sas, C., & Khairuddin, I. E. (2017, May). Design for Trust: An exploration of the

challenges and opportunities of bitcoin users. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (pp. 6499-6510). ACM.

28. Shapiro, E. (2017). Foundations of Internet-enabled Democracy. arXiv preprint arXiv:1710.02873.

29. Sullivan, C., & Burger, E. (2017). E-residency and blockchain. Computer Law & Security Review.

30. Venkatesh, V. (2000). Determinants of perceived ease of use: Integrating control, intrinsic motivation, and emotion into the technology acceptance model. Information systems research, 11(4), 342-365.

31. Venkatesh, V., & Davis, F. D. (1996). A model of the antecedents of perceived ease of use: Development and test. Decision sciences, 27(3), 451-481.

32. Venkatesh, V., & Davis, F. D. (2000). A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management science, 46(2), 186-204.

57


33. Vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., & Cleven, A. (2009, June). Reconstructing the giant: On the importance of rigour in documenting the literature search process. In Ecis (Vol. 9, pp. 2206-2217).

34. Wang, H., Chen, K., & Xu, D. (2016). A maturity model for blockchain adoption. Financial Innovation, 2(1), 12.

35. Wilson, D., & Ateniese, G. (2015, November). From pretty good to great: Enhancing PGP using bitcoin and the blockchain. In International conference on network and system security (pp. 368-375). Springer, Cham.

36. Winston, B. (2002). Media, technology and society: A history: From the telegraph to the Internet. Routledge.

58


Appendix: Interview structure The following sections formed the backbone of each interview:

1. How the interviewee uses the Internet, how familiar they are with information technology in general, and with public-key cryptography and blockchain applications specifically. How the interviewee uses and views existing, non-self-sovereign methods of identifying oneself on-line (such as centralized identity providers, 2-factor authentication), what their emotional relationship is to these systems, what their views are on the risks they may face online, and what are the values and beliefs consciously informing this behavior.

2. What the interviewee’s thoughts are about, and attitude toward potentially using a system that provides self-sovereign identification through a private signing key, held entirely in their ownership and responsibility. How do they mentally compare this solution to relying on centralized providers for identity, and how they think it would fit into their online lives. What their beliefs are about the likelihood and consequences of the threat of data loss or theft affecting such a self-managed key.

3. Finally, what the interviewee’s attitudes are toward three specific mitigation techniques against such data loss or theft, differing in the level of self-sovereignty provided:

○ Self-managed key hierarchy: A completely self-sovereign approach, where a self-managed, but rarely used master key can be utilized to revoke or replace everyday-use keys. (This can be, or has been implemented in ways such as the subkey functionality in PGP/GPG, or hierarchical-deterministic seeds in the cryptocurrency world.)

○ Social authentication: A social approach based on a web of trust, where a number of close acquaintances of a user can vote together to revoke lost signing keys, and link new ones to the original identity.

○ Central key management: A non-self-sovereign, centrally managed approach, where a trusted third party (government or corporate entity) has the ability to revoke or attest to the validity of personally owned and managed signing keys.

59

user attitudes around key management, and their impact on

Documents