KAU, UNIL, UNI PASSAU
This Deliverable presents legal, social, and HCI (Human Computer Interaction) requirements for the PRISMACLOUD project, which were elicited within the first nine months of the project for clarifying the legal status of novel signature schemes to be used in the project and for following a humancentred design approach. Legal requirements for malleable and functional signatures, which will be used in PRISMACLOUD for enhancing privacy and verifiability of cloud computing, were derived though an analysis of the EU Regulation on Electronic Identification and Trust Services (EU 910/2014). The analysis concludes that the legal status of both malleable and functional signatures can depending on the cryptographic properties of the signature scheme be regarded as similar to that of a qualified electronic signature that has the same legal effect as a handwritten signature. Literature studies helped us to elicit on social factors determining end trust and technology acceptance that may be of importance for PRISMACLOUD, such as: comprehensibility of the extent to which they can act under pseudonyms and the properties, underlying assumptions and remaining risks of pseudonyms; trust that one can manage in a life-long way the information associated with different identities; awareness of trustworthy assessments of trustworthiness; perception of external control; perceived security and privacy; and actual privacy/security guarantees. For eliciting more in depth end user and HCI-related requirements, we conducted semi-structured interviews, surveys and focus groups with end users and key stakeholders that have a good understanding of the end user needs and expectations. The results of these elicitation activities are in particular confirming the need of usable guidelines, suitable metaphors and policies for the handling of personal data, clarifying the roles, rights and restrictions of actors for the use of malleable and functional signatures and other PRISMACLOUD crypto functions as well as templates for enforcing such restrictions. Branding, standardization and certification schemes as well as a restriction to private and/or European-based cloud will also play an important role for establishing end user trust in PRISMACLOUD solutions.
The full version will be made available after the deliverable has been accepted by the European Commission.