​

POLICY MAKERS consider a number of factors when deciding what security policies to implement, including public acceptance of measures. But the public’s preferences concerning security procedures are often based on opinion polls or surveys, which permit only “yes” or “no” responses and do not quantify the extent to which people are willing to give up civil liberties or privacy to gain a security benefit.

A new RAND Europe report discusses a study that tried to get a more nuanced sense of the tradeoffs the public might be willing to accept through an Internet survey of 2,058 residents in the United Kingdom, selected to represent a cross-section of the country’s population.

Participants were asked about the levels of security they would accept in three scenarios: applying for a U.K. passport, traveling on the U.K. national rail network, and attending a major public event. The survey proposed a series of choices for each scenario.

In the passport application survey, participants were asked to choose between three options. Each option presented a different scenario using the following characteristics: total price for the passport, the processing time, the type of personal information required, the level of sharing of passport data, the additional uses of the passport, and the number of illegal immigrants and terrorists who may be identified. The respondent also had the opportunity to opt out of having a passport under all three options presented.

The researchers assessed answers using a mathematical model known as stated-preference discrete-choice to assign a monetary value to the amount people are willing to pay for security, or alternatively the amount they would require to accept a certain security policy or technology. For example, after analyzing the data, researchers determined that respondents would be willing to accept DNA collection for passports if there were a subsidy of £19 ($30) on the cost of the passport.

Photographs and even fingerprints, on the other hand, were viewed positively. Respondents showed a willingness to pay £7 ($11) on top of the cost of a passport, which is currently about £77.50 ($121), for these security measures. U.K. passports already include photographs and will include fingerprints by 2012.

The case yielded some surprising results, says Neil Robinson, one of the report’s co-authors: “We discovered that there was a stronger preference for people walking through automated detection systems than being patted down, having a bag searched or so forth, which we thought was an interesting result, given our understanding of the sort of potential for the data that is collected as you go through the archway to be passed on and moved around and the kind of loss of control or consent that is inherent in that.”

Robinson was also surprised at how comfortable respondents were with the prospective use of CCTV security cameras with face-detection technology. “The data might be taken in one of two ways,” Robinson says. “One way is to say, yes, people do recognize the importance of these technologies in the fight against international terrorism or whatever the expected and stated security purposes of using these technologies are, and the second thing, which perhaps is a bit more worrying, is the extent to which we’ve kind of, as the jargon goes, sleepwalked into a surveillance society.”

While individuals were willing to submit their personal data for purposes such as protecting against illegal immigration and terrorism, they were—not surprisingly—more reluctant to do so when they had reason to believe that the information would be circulated more widely. Respondents indicated that they would prefer to have their personal data kept within the U.K. Identity and Passport Service, rather than shared with other government departments, European nations, or the private sector.

The report found that large incentives would be necessary for respondents to acquiesce to having the government share their personal information with third parties. To share information with private companies, respondents said that passports would need to be discounted by £30 ($47), for example.

Under current U.K. policy, personal information held by the National Identity Register will be shared with other agencies and private business for identity verification and security purposes. The European Secure Identity Across Borders Linked project is also evaluating how to share information across EU Member States, the report notes.

Robinson says the research might help policy makers if they are open-minded. However, he notes that the study has received a lukewarm response, particularly from European data protection and privacy commissioners, who are frequently uncomfortable equating privacy rights with monetary equations.

“The right to privacy is seen—at least in the European policy community—as inalienable and fundamental and, therefore, not subject to economic appraisal,” the report notes. While other industries, such as the transportation field and the healthcare industry, have long used cost-benefit analyses that put an economic value on such hard-to-measure factors as human life, the use of quantitative approaches for measuring abstract rights like liberty and privacy in the security field is novel and controversial.

“If you speak to someone from the healthcare community...they’d have no problem understanding what we’re talking about,” notes Robinson. One goal of the study was to see whether the methodology applied in other fields could work for security, “which I think we’ve been able to do,” he says. It remains to be seen, however, whether it will be accepted by those in government and industry who make security policy decisions.