Digital Benefits and Disbenefits (DBD) logo Digital Benefits and Disbenefits

Trust 2 (TR-2) Card

DBD Cornucopia > Deck > Trust > 2

Card Details - Two of Trust

Abbreviation

TR-2

Card's focus

The focus of this card is change control

Threat to claimants

Eden does not announce publicly all pending updated releases, and/or does not make releases publicly available for examination, testing, training and evaluation, and/or does not define what errors, regulations or otherwise are being addressed by each change

Image of Trust 2 card

Threat to claimants

Eden does not announce publicly all pending updated releases, and/or does not make releases publicly available for examination, testing, training and evaluation, and/or does not define what errors, regulations or otherwise are being addressed by each change.

Some examples of how this threat could lead to harms (negative effects on claimants)

The design recommendations and implications relevant to the card are listed below in the next section, but even those can be somewhat abstract and difficult to think about during practical day-to-day implementation. Therefore, some example harms are provided to complement the more formal research outputs. These examples are unique per card, and are only published on these web pages (i.e. in no other project outputs).

  • Professional advisors cannot check in advance whether upcoming service changes will affect any of the claimants they support, preventing them planning and leading to a flurry of help requests which overwhelms their own capabilities when the change occurs
  • Welfare benefit experts cannot check the changes are compatible with the relevant legislation and regulations prior to release, potentially meaning that claimants are needlessly disadvantaged for a period of time until the changes are corrected
  • Security researchers cannot test for vulnerabilities before the changes are made live, increasing risks to claimants from other threats such as identity theft, personal data loss, and reputational damage

The examples are to help understand the threat on the card, not to suppress thinking and innovation. Incorporating these examples exactly, or closely matching ones, should be scored down when playing DBD Cornucopia as a game.

Applicable design recommendations and implications

These are reproduced here from Research Briefing NO2. Multiple cards reference each design implication.

Acknowledge claimants as people in digital design

  1. Ensure system and state accountability to claimants
    Equalise accountability between claimants and the state. Promote a sense of fairness by enforcing an expectation that service level standards for actions and response times should be similar to those expected of claimants, with related penalties not disproportionately, or only, affecting claimants. Provide tools/methods for claimants to easily check, query and challenge actions and decisions.

Embrace a wider ecosystem and fuller claimant activity viewpoint for digitised public services

  1. Legitimise extensibility and customisation of digital infrastructure
    Deploy technology in ways that will permit, support and advocate integration with digital welfare by other actors. Provide timely, free and open access to system information, supporting content, and details of upcoming changes and updates to support these efforts.

General Notes

Card values (i.e. '2' for this card) are for game play and are not correlated with the severity of harm. This is because threats cannot be ranked directly since they can affect individuals in different ways due to situations and circumstances, or affect fewer or more claimants, or the harms can arise in claimants' support networks and wider society.

The threat description uses a person's name as the "attacker" (i.e. 'Eden' for this card), which can be thought of someone involved with implementation. They could have any role which influence digitisation. So they could be a database administrator, or a copy writer, or a quality assurance specialist, etc, or all of these. Everyone could have some influence on the claimant threat described. The names were randomly selected from those currently most popular as given names for boys and girls (UK Office for National Statistics).

The example harms provided are drawn from the research data (which explored not only parts of existing services but also the effects of possible changes to those), from the author's own knowledge of web application development and testing, the author's own experience of helping citizens to claim Universal Credit (UC) and Personal Independence Payment (PIP), and from suggestions submitted by other people (make a suggestion). The threats and example harms do not necessarily exist in the current UC or PIP deployments or in ecosystems around those services, but they might well do.

All the cards in this Trust suit are:  2  3  4  5  6  7  8  9  10  J  Q  K  A 

The other suits in the deck are: Scope, Architecture, Agency, Porosity and Cornucopia (plus Jokers).

'