D1.1 - Interdisciplinary foundations of Smart Societies by Smart Society Project

SmartSociety Hybrid and Diversity-Aware Collective Adaptive Systems When People Meet Machines to Build a Smarter Society Grant Agreement No. 600854

Delverable 1 Workpackage 1

Interdisciplinary foundations of Smart Societies

Dissemination level (Confidentiality)1:

Delivery date in Annex I:

31st December 2013

Actual delivery date:

31st December 2013

Status2:

Total number of pages:

131

Keywords:

Interdisciplinary foundations SmartSociety

PU: Public; RE: Restricted to Group; PP: Restricted to Programme; CO: Consortium Confidential as specified in the Grant Agreement 2 F: Final; D: Draft; RD: Revised Draft

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

Disclaimer This document contains material, which is the copyright of SmartSociety Consortium parties, and no copying or distributing, in any form or by any means, is allowed without the prior written agreement of the owner of the property rights. The commercial use of any information contained in this document may require a license from the proprietor of that information. Neither the SmartSociety Consortium as a whole, nor a certain party of the SmartSociety Consortium warrant that the information contained in this document is suitable for use, nor that the use of the information is free from risk, and accepts no liability for loss or damage suffered by any person using this information. This document reflects only the authorsâ&#x20AC;&#x2122; view. The European Community is not liable for any use that may be made of the information contained herein.

Full project title:

SmartSociety - Hybrid and Diversity-Aware Collective Adaptive Systems: When People Meet Machines to Build a Smarter Society

Project Acronym:

SmartSociety

Grant Agreement Number:

600854

Number and title of work package:

D1.1 Interdisciplinary foundations of Smart Societies

Document title:

Interdisciplinary foundations of Smart Societies

Work-package leader:

Marina Jirotka, UOXF

Deliverable owner:

Mark Hartsxwood, UOXF

Quality Assessor:

Michael Rovatsos

Page 2 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

List of contributors

Partner Acronym

Contributor

UOXF

Mark Hartswood

UOXF

Marina Jirotka

Simone Fischer-Hübner

Leonardo A. Martucci

SOUTH

Luc Moreau

UEDIN

Stuart Anderson

TUW

Ognjen Scekic

TUW

Hong-Linh Truong

TUW

Schahram Dustdar

UEDIN

Micheal Rovatsos

UNITN

Vincenzo Maltese

UNITN

Fausto Giunchiglia

DFKI

George Kampis

DFKI

Paul Lukowicz

BGU

Kobi Gal

UNITN

Alethia Hume

Iacopo Carreras

Daniele Miorandi

IMG

Imaginary

UEDIN

Aris Valtazanos

We also wish to acknowledge Barbara Grimpe from Oxford University who contributed valuable suggestions on the social values and governance sections.

Page 3 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

Executive summary This deliverable represents the sum of work conducted by WP1 during the first year of the SmartSociety project with the aim of creating an interdisciplinary foundation of concepts and tools upon which subsequent work packages can build. These are presented under the following topic headings: 1. Foundational concepts. SmartSociety is motivated by the idea of forming powerful collectives of human and computational agents to work together solve problems of modern urban living. Lying at its heart are a series of foundational concepts that set the research challenges and define the requirements for SmartSociety solutions. The first section of this deliverable aims to clearly articulate the projects' deepening understanding of Hybridity, Diversity and DiversityAwareness, Compositionality, and how we should consider Collectives, Adaptive behaviour, and Collective Adaptive Systems themselves. Our purpose is to reflect how these concepts are being elaborated, refined and brought to life via the ongoing activities of project partners in working towards a Smarter Society. Contributions have been informed by ongoing activity within SmartSociety, they have been compiled by four experts from across the project, and peer reviewed within the project to further promote consensus and shared understanding of these critical foundational concepts. 2. Social values and ethical governance. Research and innovation is increasingly being examined with an eye for the problems it can create for individuals and society as well as the benefits it may bring. The ways that mobile and social technologies in particular have become deeply intertwined with all aspects of our lives raise a series of concerns about the extent our lives are being transformed and the control we have over those transformations. Thus as the negative consequences of technological change has received greater public attention, government bodies, such as funding agencies, have become increasingly keen to regulate research and innovation to avoid harm. SmartSociety itself is a programme of work that intends to harness and to transform social processes. It behoves the project to understand the social and social values, both as a medium with which it works, and as a place where its actions have both positive and negative consequences. To this end this section of the deliverable explores Ethical Implications of SmartSociety, Privacy issues and its Ethical Governance. These sections have been informed by an ongoing programme of empirical work into social values involving interviews and focus groups which are detailed in appendix II. 3. Formal models. Along with new computational concepts and paradigms, such as Diversity and Hybridity, come challenges for how these phenomena are modelled in a formal way in order to build a firm foundation of software engineering principles for SmartSociety. Here there are a series of ongoing research challenges about how to formally represent Diversity and Hybridity within a SmartSociety implementation. The aim is to provide: a) a data model (supporting Diversity), stipulating the way in which data is represented and communicated between agents; b) a programming framework (supporting Hybridity), enabling social computations. The state-of-the-art document in Appendix III is a literature review with contributions from every project partner on each facet of the SmartSociety vision to create a platform of existing knowledge on which the various strands of the SmartSociety programme build. Appendix I presents a case study taken from the fieldwork that demonstrates how the SmartSociety approach might play out in the context of residential care setting in a way that exemplifies the major themes of this document, namely foundational concepts, social values and formal models. Appendix II details the empirical work that has to date informed the work on Social Values and explores how this work has met the challenges posed in the Description Of Work (DOW).

Page 4 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Motivating examples A number of ‘motivating examples’ and ‘scenarios’ have been utilised in SmartSociety to provide a common context for interdisciplinary collaboration across Work Packages (WPs) and as devices to help illuminate SmartSociety concepts. There are frequent references in this document to four such examples which are briefly introduced here to aid comprehension: The Ride Share scenario: Has emerged from a collaboration focusing on WPs 2, 5 and 6 around an application that allows drivers and commuters to offer and accept lifts to utilise spare capacity in the cars of those already intending to travel. It is modelled after an existing web-based service operated for students attending Ben-Gurion University. Of course, the aim of the scenario is to consider how ride sharing would be approached from a SmartSociety perspective, which has allowed collaborators to think through issues to do with provenance, incentives, social orchestration and social values for a common example with manageable scope. The Care House scenario: This scenario was conceived within WP1 to be a concise depiction of a Hybrid Diversity-Aware Collective Adaptive System (HDA-CAS) in a concrete setting. One aim was to give an overview of a simple HDA-CAS demonstrating how the WP contributions fit together. Another was to show how the concepts developed in WP1 relating to social values, governance and formal models could be applied in a realistic case (full details of the scenario can be found in appendix I). The Care House scenario was motivated by a WP1 interview with an IT consultant working on the Mirror project – an EU project developing apps that aid reflective practice for those working in caring professions. In the original system the app consists of sensors worn by care staff and residents that record how long each member of staff is in proximity with each resident during the course of every working day. The carers can then access analytics describing the level of ‘attention’ received by each resident from each member of staff to stimulate reflection upon practices and routines with the aim of improving the care given to residents. This might work, for example, to allow care staff identify that a resident is being somewhat neglected, or to prompt re-organising shift patterns to make more effective use of care resources. As for the Ride Share scenario, this base scenario was extended to incorporate SmartSociety features. The speed bump: A speed bump is a feature of traffic regulation in several countries that aims to regulate driving speed by creating a raised section of road that drivers have to slow down to negotiate comfortably. A description of speed bumps as part of traffic management is used as a motivating example in section 2.3 to explore different types of governance, how they interrelate and their relevance to SmartSociety. Smart Tourism: Tourism is one of the main motivating scenarios for SmartSociety and is the most mature of the scenario's being elaborated by WP9. Tourism is an important application domain for SmartSociety because it exhibits a number of tensions of the sort that SmartSociety aims to address. Thus the increasing numbers of tourists, and increasing expectations of richer, more varied and authentic travel experiences is set against the need to conserve resources, preserve heritage sites and safeguard local cultures. Effective SmartSociety solutions would seek to create new sorts of resources by tapping into the expertise and skills of collectives comprised of tourists, locals and tourism workers, perhaps creating new types of employment and delivering new sorts of services. These will provide tourists with richer experiences while at the same time shaping tourists' travel plans to balance demand across attractions and service providers, but in ways that are not felt to be overtly heavy-handed. Thus tourism scenario is also an interesting source of challenges relating to ethics and social values in the context of SmartSociety. Sections of this document consider safety issues relating to the use by tourists of more casual services provided by locals such as offers of accommodation in private homes.

Page 5 of (133)

Deliverable D1.1

Table of Contents Table of Contents ............................................................................................................................................. 6 1. Introduction .............................................................................................................................................. 10 2. Foundational concepts of SmartSociety ................................................................................................... 11 2.1 Overview of SmartSociety ................................................................................................................ 11 2.2 Collective and Adaptive in CAS's ..................................................................................................... 11 2.3 CASs in SmartSociety....................................................................................................................... 13 2.3.1 Initial Focus ............................................................................................................................... 14 2.3.2 Technical Issues ......................................................................................................................... 14 2.4 Diversity-awareness as a foundational notion in CASs .................................................................... 15 2.5 Diversity as a way to characterize agents and their knowledge ........................................................ 16 2.6 Hybridity in Collective Adaptive Systems ........................................................................................ 17 2.6.1 Introduction................................................................................................................................ 17 2.6.2 Dynamic and multi-aspect hybridity.......................................................................................... 17 2.6.3 A unified service unit model for hybridity in a collective ......................................................... 18 2.7 Compositionality in SmartSociety .................................................................................................... 18 2.8 Foundational Concepts – concluding remarks .................................................................................. 20 2.9 Foundational Concepts – next steps .................................................................................................. 20 3. Social values and ethical governance ....................................................................................................... 21 3.1 Societal and ethical consequences of CAS ....................................................................................... 21 3.1.1 Contextual issues ....................................................................................................................... 21 3.1.2 Emerging issues ......................................................................................................................... 22 3.2 Privacy .............................................................................................................................................. 23 3.3 Basic Privacy Principles.................................................................................................................... 24 3.3.1 Privacy in SmartSociety............................................................................................................. 25 3.3.2 Privacy, Diversity and Hybridity ............................................................................................... 25 3.3.3 Privacy and Operating Principles .............................................................................................. 26 3.3.4 Privacy, Compositionality and Collectives ................................................................................ 26 3.3.5 Privacy and Evolutionary and Design Principles....................................................................... 27 3.3.6 Summary .................................................................................................................................... 27 3.4 The ethical governance of SmartSociety........................................................................................... 27 3.4.1 Understanding governance ........................................................................................................ 28 3.4.2 Governance mechanisms as layered and intersecting ................................................................ 30 3.4.3 Ethical governance..................................................................................................................... 32 3.4.4 Guidance for governance design................................................................................................ 33 3.5 Social Values – concluding remarks ................................................................................................. 34 3.6 Social Values – next steps ................................................................................................................. 35 4. Formal data models .................................................................................................................................. 36 4.1 The need for a formal data model ..................................................................................................... 36 4.2 Diversity-aware knowledge bases ..................................................................................................... 37 4.3 Extending diversity-aware knowledge bases with schematic knowledge ......................................... 39 4.4 Modelling Hybridity ......................................................................................................................... 42 4.4.1 Introduction................................................................................................................................ 42 4.4.2 Fundamental elements modelling hybridity............................................................................... 42 4.4.3 Representing HCU with formal semantic schemas ................................................................... 44 4.4.4 Towards Granularity Design, Forming and Instantiation HCU ................................................. 44 4.5 Formal Models – concluding remarks............................................................................................... 45 4.6 Formal Models - next steps ............................................................................................................... 45 5. References ................................................................................................................................................ 47 Appendix I A worked example of a HDA-CAS in a care setting. ............................................................ 49 I.1 Description ........................................................................................................................................ 49 I.2 SmartSociety extensions ................................................................................................................... 49 I.3 Social values and governance ........................................................................................................... 50 I.3.1 Embedded regulation ................................................................................................................. 50 I.3.2 Accountability regimes .............................................................................................................. 50 Page 6 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

I.3.3 Polycentric governance .............................................................................................................. 51 I.3.4 Motivational regulation.............................................................................................................. 51 I.3.5 Adaptive governance ................................................................................................................. 51 I.3.6 Political governance................................................................................................................... 52 I.4 Formal Model.................................................................................................................................... 52 I.4.1 Variants:..................................................................................................................................... 52 I.4.2 Sources of diversity: .................................................................................................................. 53 I.4.3 Formal data model: .................................................................................................................... 53 I.4.4 HDA-CAS Programming:.......................................................................................................... 55 Appendix II Overview of empirical work .................................................................................................. 57 II.1 Research Questions: .......................................................................................................................... 57 II.2 Important things promised in the DOW for D1.1: ............................................................................ 58 II.3 Empirical approach underpinning governance, ethics and social values. ......................................... 59 Appendix III State of the Art ....................................................................................................................... 63 III.1 Summary of the state-of-the-art document .................................................................................... 63 III.2 Ethical Governance for Collective Adaptive Systems. ................................................................. 65 III.2.1 Introduction................................................................................................................................ 65 III.2.2 Technology and human values .................................................................................................. 65 III.2.3 The politics of automated mechanisms and embedded algorithms............................................ 66 III.2.4 Values attached to social practices ............................................................................................ 66 III.2.5 Values attached to labour ........................................................................................................... 67 III.2.6 Interpersonal values ................................................................................................................... 67 III.2.7 Social sorting and social exclusion ............................................................................................ 67 III.2.8 Value Sensitive Design (VSD) and Responsible Research and Innovation .............................. 68 III.2.9 Beyond the state of the art - towards ethical governance for HDA-CAS ................................. 69 III.2.10 References .............................................................................................................................. 69 III.3 Privacy ........................................................................................................................................... 71 III.3.1 Introduction................................................................................................................................ 71 III.3.2 Related Work ............................................................................................................................. 71 III.3.3 Privacy and Diversity................................................................................................................. 71 III.3.4 Privacy and Hybridity ................................................................................................................ 72 III.3.5 Privacy, Compositionality and Collectives ................................................................................ 73 III.3.6 Privacy and Evolutionary and Design Principles....................................................................... 73 III.3.7 Beyond the state of the art ......................................................................................................... 74 III.3.8 References.................................................................................................................................. 74 III.4 Provenance Trust and Reputation.................................................................................................. 75 III.4.1 Introduction................................................................................................................................ 75 III.4.2 Drivers for Provenance .............................................................................................................. 75 III.4.3 From Provenance to Reputation and Trust ................................................................................ 76 III.4.4 PROV: the W3C Recommendation for Provenance .................................................................. 77 III.4.5 Beyond the state of the art ......................................................................................................... 78 III.4.6 References.................................................................................................................................. 79 III.5 Collective Adaptive Systems ......................................................................................................... 79 III.5.1 Introduction................................................................................................................................ 79 III.5.2 Definitions of CASs ................................................................................................................... 79 III.5.3 Examples of CASs ..................................................................................................................... 80 III.5.4 The Collective in CASs ............................................................................................................. 80 III.5.5 The Adaptive in CASs ............................................................................................................... 80 III.5.6 The interest, analytical power and applicability of CASs .......................................................... 81 III.5.7 References.................................................................................................................................. 82 III.6 Human-based and social computation ........................................................................................... 82 III.6.1 Introduction................................................................................................................................ 82 III.6.2 Team/community/crowd representation .................................................................................... 82 III.6.3 Team formation ......................................................................................................................... 83 III.6.4 Task description ......................................................................................................................... 83 III.6.5 Task assignment, routing and delegation ................................................................................... 83 III.6.6 Task life-cycle management ...................................................................................................... 84 ÂŠ SmartSociety Consortium 2013 - 2017 Page 7 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

III.6.7 Actor coordination and collaboration ........................................................................................ 84 III.6.8 References.................................................................................................................................. 84 III.7 Compositionality ........................................................................................................................... 85 III.7.1 Introduction................................................................................................................................ 85 III.7.2 Composition mechanisms .......................................................................................................... 85 III.7.3 Complex systems ....................................................................................................................... 86 III.7.4 Multiagent systems .................................................................................................................... 87 III.7.5 Challenges and future directions................................................................................................ 89 III.7.6 References.................................................................................................................................. 89 III.8 Diversity ........................................................................................................................................ 91 III.8.1 Introduction................................................................................................................................ 91 III.8.2 Diversity dimensions ................................................................................................................. 91 III.8.3 Diversity-aware knowledge bases ............................................................................................. 92 III.8.4 Domains ..................................................................................................................................... 92 III.8.5 Context....................................................................................................................................... 95 5.1 Beyond the state of the art................................................................................................................. 96 5.2 References ......................................................................................................................................... 96 III.9 Vertical diversity and the semantic gap between humans and machines ...................................... 97 III.9.1 Introduction................................................................................................................................ 97 III.9.2 Outlook to Smart Society........................................................................................................... 97 III.9.3 The classic landscape: machines as aids .................................................................................... 97 III.9.4 The new status quo: human-machine collaboration................................................................... 98 III.9.5 Constituting the difference......................................................................................................... 98 III.9.6 Minding the gap ......................................................................................................................... 99 III.9.7 References.................................................................................................................................. 99 III.10 Incentive Design .......................................................................................................................... 100 III.10.1 Introduction .......................................................................................................................... 100 III.10.2 Artificial Intelligence ........................................................................................................... 100 III.10.3 Human Computation ............................................................................................................ 101 III.10.4 Economics ............................................................................................................................ 101 III.10.5 Challenges with respect to Smart Societies.......................................................................... 102 III.10.6 References ............................................................................................................................ 102 III.11 Resilience .................................................................................................................................... 103 III.11.1 Introduction .......................................................................................................................... 103 III.11.2 Roots of Resilience .............................................................................................................. 103 III.11.3 Ecological Resilience ........................................................................................................... 103 III.11.4 Infrastructure Resilience ...................................................................................................... 105 III.11.5 Safety-critical Resilience ..................................................................................................... 105 III.11.6 Why resilience is salient to HDA-CASs .............................................................................. 106 III.11.7 Means of Achieving Resilience............................................................................................ 106 III.11.8 How this relates to Operation, Design and Evolution in CASs............................................ 107 III.11.9 Operation .............................................................................................................................. 107 III.11.10 Design .................................................................................................................................. 107 III.11.11 Evolution .............................................................................................................................. 107 III.11.12 What CASs can do for Resilience ........................................................................................ 107 III.11.13 What Hybridity and Diversity Awareness do for Resilience in CASs ................................. 107 III.11.14 Resilient Governance ........................................................................................................... 107 III.11.15 Summary .............................................................................................................................. 108 III.11.16 References ............................................................................................................................ 108 III.12 Activity and context recognition: State-of-the-Art...................................................................... 108 III.12.1 General Overview ................................................................................................................ 108 III.12.2 Types of activity recognition: video and sensor-based ........................................................ 109 III.12.3 Wearable sensor-based activity monitoring ......................................................................... 110 III.12.4 Various aspects of activity recognition ................................................................................ 111 III.12.5 Context recognition and context awareness ......................................................................... 112 III.13 P2P Search................................................................................................................................... 114 III.13.1 Introduction .......................................................................................................................... 114 Page 8 of (133) http://www.smart-society-project.eu/

Deliverable D1.1

III.13.2 Types of P2P search ............................................................................................................. 114 III.13.3 Unstructured Search ............................................................................................................. 114 III.13.4 Structured Search ................................................................................................................. 115 III.13.5 Beyond the State of the Art .................................................................................................. 116 III.13.6 References ............................................................................................................................ 116 III.14 Programming models & languages for Socio-technical systems ................................................ 117 III.14.1 Introduction .......................................................................................................................... 117 III.14.2 State of the art ...................................................................................................................... 117 III.14.3 Beyond state of the art.......................................................................................................... 119 III.14.4 References ............................................................................................................................ 119 III.15 Digital Cities................................................................................................................................ 120 III.15.1 Introduction .......................................................................................................................... 120 III.15.2 A Data Centric Approach ..................................................................................................... 121 III.15.3 Digital Cities Service Domains ............................................................................................ 122 III.15.4 Examples of Digital Cities and Projects ............................................................................... 122 III.15.5 Beyond the State of the Art .................................................................................................. 123 III.16 Serious Games and Immersive Technology ................................................................................ 124 III.16.1 Introduction .......................................................................................................................... 124 III.16.2 Serious Game ....................................................................................................................... 124 III.16.3 Immersive Technologies ...................................................................................................... 125 III.16.4 Case Studies ......................................................................................................................... 126 III.16.5 Beyond the State of the Art .................................................................................................. 128 III.16.6 References ............................................................................................................................ 128 III.17 Swarm and other collective systems............................................................................................ 129 III.17.1 References: ........................................................................................................................... 131 III.18 Identity management ................................................................................................................... 132

Page 9 of (133)

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

1. Introduction This document represents the culmination of the work of Work Package 1 (WP1), Interdisciplinary Foundations during the first year of the SmartSociety project. The aim of WP1 is to provide empirical and conceptual foundations to be drawn upon by downstream work packages as they progress towards the realisation of Hybrid, Diversity-Aware Collective Adaptive Systems (HDA-CAS) that underpin the SmartSociety vision. WP1 is composed of two main strands of research with the following aims: 1. Understanding how to create and deploy CAS in a socially responsible way. 2. To create modelling frameworks that allow us to reason about important aspects of CAS. WP1 is a cyclic work package its core tasks have two iterations, the second of which begins again at month 24. Thus the results presented in this document represent a first iteration of the goals of WP1, with the second affording an opportunity to test, strengthen and deepen these initial conclusions. The work of this document has been driven by three central WP1 collaborators: the University of Oxford (UOXF), Karlstads University (KU) and the University of Trento (UNITN) who contributed work on Social Values, Privacy and Formal Models respectively. The work of WP1 has progressed through empirical studies, conceptual investigations and collaborative workshops and data sessions held at a number of venues across the project. WP1 has also received important contributions from each and every partner in the SmartSociety consortium towards the state-of-the-art document that forms Appendix III of this deliverable, and to the foundational concepts of SmartSociety detailed in section 2. It can be hard to embed understandings of social values into technical work streams and WP1 realised from an early stage of the importance of working closely with technical WPs. Similarly, the formal modelling developed by UNITN will be but one part of a mosaic of models owned by different project partners that correspond to different SmartSociety concepts and components, necessitating that the modelling aspect of the WP1 also follows an integrative approach. For these reasons UOXF, KU and UNITN have collaborated across WPs to help with domain specific investigations of social values, understand how to embed privacy principles into SmartSociety components, and to align modelling activities between different project partners. Notably TUWien have also made a significant contribution to the modelling work. Thus some of the activities of the core partners of WP1 are recorded in the deliverables of other work packages, although in most cases mention is made also in this deliverable. In this deliverable the work of WP1 reported in three main sections: 1. Foundational concepts of SmartSociety. Setting out contributions from experts as to the current state of thinking on the key SmartSociety concepts of Collective Adaptive Systems, Hybridity, Compositionality, Diversity-Awareness, Diversity-Awareness to characterise agents' knowledge, the nature of Collectives and of Adaptivity. 2. Social values and ethical governance. Considers the potential societal impacts of SmartSociety, methods for understanding and working with social values, privacy issues and research questions posed by CAS technologies and concepts for privacy concepts, and outlines a framework for governance design for CAS. 3. Formal models. Describes formal models corresponding to the key SmartSociety principles of Diversity and human-machine computation (hybridity) that also underpin engineering principles for important SmartSociety components, namely diversity-aware knowledge bases (UNITN) and the hybridity programming framework (contributed by TUWien). In addition Appendix I provides a worked example of a HDA-CAS in social care to show how the various SmartSociety components and strands of work come together in a simple example. Appendix II provides an overview of the empirical work for WP1, explores how far this work answers questions posed in the DOW, and provides a general overview of insights from field research not covered elsewhere in this deliverable. Page 10 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

2. Foundational concepts of SmartSociety The SmartSociety vision is complex and the project has many collaborators each possessing important yet diverse expertise. Thus forging a common identity and purpose within the consortium has been an important activity during the course of the first year. A key part of this has been to elaborate and refine the project’s central concepts to provide a common grounding and direction for the technical work and for the work of exploring social values. Thus the first section of this deliverable lays out the emerging shared understanding of HDA-CAS from the perspective of four SmartSociety project members with expertise in HDA-CAS itself (Stuart Anderson), diversity (Vincenzo Maltese), hybridity (Hong-Linh Truong) and compositionality (Michael Rovatsos). 2.1 Overview of SmartSociety3 Research in collective adaptive systems (CAS) (Holland, 2006) has mostly focused on providing or imposing some form of harmonization or lightweight coordination of meaning and actions, where machines do most of the computation and humans mostly act as service/data consumers. Even systems that involve so-called human-based computation, and in which human intelligence (Brown and Lauder, 2000) is used to execute computational tasks, are usually handcrafted to satisfy a specific application objective and lack a solid engineering design methodology. In these settings, collectives are generally homogeneous and are orchestrated to achieve a common global goal with limited or no knowledge adaptation. Our goal is to move towards a hybrid system, where people and machines work together tightly to build a smarter society. In these systems humans and machines compose to synergistically complement each other, thus bridging the semantic gap between the low-level machine interpretation of data and the high-level human one. In particular human capacity to make sense of the open-ended nature of context and its role human understanding plays a key bridging role here. In such systems, humans and technologies interoperate collectively to achieve their possibly conflicting goals at individual, organizational and societal levels. This approach is based on the assumption that there are tasks humans are better than machines at (Giunchiglia and Robertson, 2010). For instance, while machines are very effective in computational tasks, they cannot compete with humans in creativity, making judgments, expressing subjective opinions, abstract thinking and scientific reasoning. Operationally, peers in the system will implement a continuous unbounded cycle in which data is sensed, interpreted, shared, elaborated and acted upon. Actions are taken on the basis of system suggestions and the way humans react to them. Actions generate new data, thus driving the adaptation and evolution of the system. By overcoming current limitations of CAS in terms of quantity and heterogeneity of agents and data that can be managed, these systems offer the ability to scale up to the Internet scale. While massive-scale current Web systems (e.g., Google, Facebook) are already managing global user communities of hundreds of millions of users, they are only able to support only rather ‘crude’ machine-human interactions, such as data entry, search, and offline data analysis. They are instead unable to combine heterogeneous complex interactions in an adaptive, diversity-aware fashion. Reaching this ambitious goal requires interdisciplinarity. Ethics is fundamental to the governance of smart societies and the definition of their design principles, including novel techniques for ensuring privacy by design in their application. Data and knowledge representation and human computer interaction are fundamental in determining the underlying diversity-aware data model and the mechanisms supporting the incremental construction of the shared semantics as well as achieving interoperability between peers. Agent systems will have to focus on reasoning and decision making about interaction situations (Shoham, 2009) and be able to make good enough decisions fast, and support methods to combine human and machine computation (Schall, Dudstar and Brake, 2010). ICT in general is fundamental for the development of the infrastructure supporting the overall system. 2.2 Collective and Adaptive in CAS's This section introduces working definitions for the basic elements of HDA-CASs. These are working definitions in the sense that we think they may need modification as the project proceeds and we come to a better understanding of the key concepts in HDA-CASs but meantime we find them useful to understand the notion of HDA-CASs. 3

This text is take from: F. Giunchiglia, V. Maltese, S. Anderson, D. Miorandi (2013). Towards Hybrid and DiversityAware Collective Adaptive Systems. First FOCAS Workshop on Fundamentals of Collective Systems @ECAL 2013. © SmartSociety Consortium 2013 - 2017 Page 11 of (133)

Deliverable D1.1

Collective: our working definition is “a collection of individuals that identify with each other as a group”. Here the key aspect is the notion that the group is formed via some process whereby individuals identify with one another. In the Care House scenario (appendix I) we might see identification arising out of the activities individuals undertake. So there is a collective of carers who undertake caring activity including taking responsibility for people under their care. Similarly those being cared for will identify themselves as being cared for. There may be overlaps between the groups since some of the more active people being cared for may also take on a caring role form time to time. In terms of operation, design and evolution of a CAS we can think about tools that help shape the way identification works. For example, reminiscence tools with photographs, timelines and memories tend to build solidarity in a peer group around particular localities and familiar patterns of behaviour. In the Care House scenario we could see an attempt to strengthen the cared for group by giving them specific responsibilities for the environment and providing feedback on how well the environment is maintained. If there is a wide spectrum of capability in the group one could imagine having different teams stratified by capability with different responsibilities that might encourage several collectives of cared-for people all with different characteristics. Similarly in the carer group one could imagine there is a collective of professional carers, of volunteer carers and trainee carers again with different characteristics. Thus in looking at operational aspects of a CAS one might consider what tools are necessary to maintain a particular pattern of collectives. In design we would consider the characteristics of the collectives we might want to form as part of the CAS and provide tools that let the systems self organise into collectives with desirable properties. In evolution we might consider what tools we need to provide or make unavailable to allow the notion of identity to evolve. Adaptive: our working definition of adaptive in HDA-CASs is “having the capacity to reflect on responsive behaviour and modify it in response to reflection”. Typically this may involve accessing some data that captures behaviour of the CAS and possibly some (predictive) model that suggests how things will be in the future on the basis of historical behaviour (at its simples the model might be things in the future will be like things in the recent past…) In the Care House scenario, the data from the proximity badges provides some capture of past behaviour and the routine in the care house might (or might not) provide tools to reflect on that behaviour. For example it may be a routine that each individual reflects o their individual performance at the end of the day, or that professionals review trainees’ data that they are mentoring in order to review and improve their performance. More complex tools could also be employed that let the carers see the overall pattern without being able to disaggregate to individual carers or they may share individually attributable data. These two different reflection tools would support quite different modes of review and organisation of the carer collective. Similarly unattributed data could be shared with cared-for people so they can identify members of the group who get less attention. More radically one could imagine sharing such data with the relatives of the cared-for group to provide evidence that their relative is being treated fairly. In all of these cases there are opportunities for the collectives involved to adapt the way they work in order to take account of the reflective information. The extent to which adaptation is driven or mandated depends on the architecture of the system and the surrounding governance and regulation. For example, one could imagine setting carers a Key Performance Indicator (KPI) of being proximate to a particular individual 10% of the time but this is unlikely to be a very effective measure since the system can probably be gamed by taking off the badge either of patient or carer and keeping the two badges proximate. Designing incentives, regulation and governance to help shape behaviour that meet the needs of people is a complex matter and is considered in more detail in section 4.2. Hybrid: here hybridity involves the participation of human individuals in the system. Consequent on taking human individuals into account, we must consider the means we have available to shape and support people’s participation in a CAS. Typically this involves deciding on what resources people need to identify as a collective and what resources collectives need in order to take collective action. In addition, we might consider what kinds of incentives a collective need in order to be able to act appropriately. Finally we should consider sanctions, ranging from governance and regulation through to criminal law. Diversity-Awareness: in HDA-CASs we assume that all aspects of the operation of the CAS should be sensitive to the identification behaviour of the individuals and collectives in the system. This provides information on the relationships between collectives and assists with the interpretation of communication between individuals and collectives. This diversity-awareness is particularly concerned with both the tools that we provide to help build awareness of identity in the participants of the CAS and in how aspects of identity help shape communication. Page 12 of (133) http://www.smart-society-project.eu/

Deliverable D1.1

2.3 CASs in SmartSociety Collective Adaptive Systems comprise three different kinds of resource: 

 

Collectives that are made up of individuals. Usually, in the CASs we consider here, individuals are people but in the broader perspective of the FOCAS proactive initiative these could be simple biological agents or robots or perhaps even software agents of some sort. Generally, collectives are grouped around some sense of shared identity that all individuals in the collective have some access to. For example, this could be possessing a particular skill (e.g. nurse practitioners, or neurosurgeons, or plumbers), or living in a particular locality or time period (e.g. Londoners or Baby Boomers). In some situations, it may be the case that the identity of a group is not accessible to its members because it is applied externally e.g. the allocation of individuals to particular consumer categories by market researchers. In this case the identity is essentially a label applied to particular patterns of behaviour. Computational infrastructure that will comprise services, data, agents, APIs, … that are aimed at providing the computational element of a CAS. Regulation: this comprises laws, governance, regulations, norms, conventions incentives, traditions, cultures that provide the intangible binding between the human and computational resources in the CAS. Of course these intangible things have written down artefacts that try to capture them but ultimately these are lived out in the context of the CAS.

In SmartSociety we study the operation, design, and evolution of CASs with the particular additional characteristics of hybridity (they are human/machine systems) and diversity-awareness (to accommodate collectives that have diverse membership) which are considered later in this section. In thinking about the operation, design and evolution of CASs we need to consider all three forms of resource and in order to simplify our task we will focus on the challenges of building the necessary computational Infrastructure to support these processes. Before considering the challenges in some detail we will break off to discuss adaptivity. We will take a particularly “hardline” view on what constitutes adaptivity and will illustrate this with an example. We know from the literature that Indian and German pedestrians have different response to crowded situations (Helbing et al, 2005). In crowds, Indians walk faster than their normal pace while Germans walk slower. The question is whether we see either Indian or German behaviour as adaptative. Since this is “fixed” behaviour that is (more or less) dependent just on how crowded it is, we don’t count this as adaptive because there is no required change in the strategy adopted by the groups. However if we consider a German Church congregation in a large Indian city that goes in a group to worship each Sunday through very crowded parts of the city that forms a groups that ensures each person in the group has personal space but the group as a whole goes at Indian pace then we might consider that adaptation because the strategy has adapted to a new situation and crowds no longer evoke the “standard” German behaviour in crowds4. Given this notion of adaptation, it appears that issues around reflection are particularly important in the sense that adaptation will often require reflection to provide evidence that directs adaptive behaviour. Given this definition of adaptive behaviour we can now go on to illustrate some of the challenges: 1. Scale: CASs at the scale of a city transport system or all consumers of energy in a region pose particular problems in terms of supporting individuals and collectives and in managing issues that only manifest after passing through some phase transition. For example in crowds, very little structure is evident when there are small numbers of people involved but once crowds reach moderate size then they start to illustrate the emergence of “lanes” and various other structures that provide order for the crowd. 2. Heterogeneity: we cannot expect individuals and collectives to have completely aligned objectives and aspirations thus we must expect conflict and deviancy amongst participants in a CAS. In general, this will involve conflict and contention over resources and what is a resource depends on your perspective. So some code in a hybrid algorithm might consider individuals or collectives as 4

For the avoidance of doubt, I do not believe that these are universal laws of German and Indian behaviour but I am prepared to live with the fiction to illustrate the point about adaptive behaviour. © SmartSociety Consortium 2013 - 2017 Page 13 of (133)

Deliverable D1.1

being resources when they compute something that needs human judgement. Similarly people might view data or apps on some infrastructure as resources necessary to complete a task. In all situations where resource provides the potential for contention we see the potential for conflict. Of course, conflict can arise for other reasons than resources. 3. Distribution in space and time: the reach of such CASs goes beyond the traditional local communities to connect potentially very diverse groups lessening the effects of geographical separation and temporal distance. This can result in the CAS becoming a component in a much more complex, tightly coupled system with the potential for much more unpredictable behaviour (Perrow, 1984; Beck, 1992). 4. Openness: In considering the computational infrastructure for CASs in SmartSociety we are considering an infrastructure that is part of an open system both in the sense that we anticipate the need to respond resiliently to new phenomena and that the existing structure and response to known phenomena may need to be repeatedly renegotiated. (Hollnagel, Woods and Leveson 2012) 5. Reflection: Providing support for adaptation will inevitably require some element of reflection and this will often mean that our CASs contain some element of monitoring together with a model of how to interpret those observations (even if the model is just “the recent past is a good predictor of near future”). This list will be further extended through the life of the project but is does reflect the current primary concerns. The remaining two sections briefly consider the aspects of CASs we will take as our initial focus of interest and the underpinning technical issues that we believe will contribute to resolving some of the issues that will arise in our focus areas. 2.3.1 Initial Focus 1. Practice: a CAS will typically involve many interlocking communities of practice so “practice” is an important focus area because “practice” is a key unit of analysis for activity in CASs. Our goal is to use the analysis of practice in a variety of contexts (Shove, Pantzar and Wilson 2012). This analysis will help inform how the CAS concept might be developed better support practice and how individual CASs might also be better adapted to the practices they are intended to support.. We have already identified issues in the literature that point to a need for openness (McKenzie 2008), negotiation (Bowker and Star 1999) and control of confusion between representations of practice, reflection on practice and practice itself (Pentland and Feldman 2008). 2. Interesting cases of CASs: We have already identified the case of Social Sensemaking as a crucial special case of CASs where collectives are responsible for the curation and interpretation of datasets. This limited setting raises many issues in sharp detail and points to the potential for the tight coupling human/machine resources in completing the task. This highlights the need for hybridity in CASs. In addition, the interpretation issues highlight the polysemous nature of data and so this case encapsulates many of the diversity awareness issues that drive SmartSociety towards Hybrid Diversity-Aware CASs (HDA-CASs). We anticipate identifying other interesting special cases. 3. Regulation, Governance: This area is critical both because many of the examples we are investigating already exist within a regulated environment and so we need to find good ways to support regulation and governance in any proposed infrastructure. In addition, even in quite informal, unregulated CASs as the infrastructure develops, there will be increasing need for good governance to ensure effective support and control of abuse. This is a key element to ensure Responsible Research and Innovation principles are built into our emerging CAS support infrastructure. 2.3.2 Technical Issues We outline just two linked technical issues that emerge from this choice of focus areas. There are many more and both of these issues can be “unpacked” to yield many more detailed technical issues. However, they are indicative of some immediate issues that arise in the context of our issues identified above. Page 14 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

1. Openness: This issue suggests we need to revisit the underpinning model of information in the computational infrastructure of a CAS. Our immediate response is to consider a model that takes incomplete and inconsistent information as the normal rather than the exceptional situation. There is also a potential to consider uncertainty here – depending on whether we see the incompleteness as an ontological or an epistemic issue. This has immediate potential consequences both for the model of diversity awareness and hybridity. This may also influence the detailed formulation of our chosen model of social computation since some sources of incompleteness and inconsistency can certainly be resolved by reference to people who are capable of open-ended observation, memory, etc. 2. Development Process: The previous issue raises questions about the formulation of the programming model for the computational infrastructure of a CAS. This raises a much wider issue of the development process for CASs looking at issues of Operation, Design and Evolution. CASs can be highly reflexive so this suggests the infrastructure should support this and it may be important, particularly for issues of regulation and governance to consider representing the CAS development process as part of the CAS. 2.4 Diversity-awareness as a foundational notion in CASs Diversity is an almost universal phenomenon of populations. If we take any population of individuals and a measurable feature of the population it will exhibit diversity in the sense that different individuals will have different values for the feature. In some situation this may be a well-behaved distribution (e.g. inter-arrival times for requests for service) but in others this may not be the case (e.g. people’s time of getting up in the morning measured in milliseconds modulo 1000 will look pretty uniformly distributed). Diversity is closely linked to collectives and to adaptivity and in particular to notions of identity that underpin collectives and to reflection that underpins notions of adaptivity. Diversity and collectives: In any CAS we will have the capacity to encourage or shape the capacity of individuals to identify each other as members of collectives. Information, processes and practices all contribute to the pattern of identification and consequently the pattern of collectives in a CAS. Each collective is a sub population of the overall population of CAS stakeholders. When we form such a subpopulation we also create new distributions of attributes we are interested in. For example in education, if we look at learners then there are distinctively different learning styles and this often meant that “one size fits all” teaching is not particularly effective for any student. If we can give individuals the resources to identify their learning style and form a collective that identifies with a particular style then we can tailor learning to the style associated with the collective and our overall learning strategy. Thus one important driver on the resources we make available to facilitate collective formation is the attributes we are interested in and the diversity of those attributes. Diversity and adaptivity: using diversity as a critical asset in identifying the collectives in a CAS suggests how this might be useful in devising our adaptive strategy. If we choose attributes that influence a collective response as important in the criteria that contribute to the shaping of the collectives in a particular CAS, then we can aim for structured diversity in response to events. For example, if we helped form collectives on the basis of response to emergency situation we might identify two sub-collectives that respond in different ways. One collective may respond by speeding up and task them with going through the routine of bringing unaffected parts of the system to a safe state. Another may respond by taking an analytical perspective and might be allocated the task of analyzing the situation to attempt to discover the source of the issue. In general, diversity using diversity as a driver in the creation of collectives can also be used to drive diversity of response in the overall CAS. If we provide a range of tools to respond to situations that take account of the diversity in the collectives we will see diversity in response as collectives play to their strengths. Overall we will want to exploit diversity in the population to shape the resources of the CAS to provide a diverse response that is appropriate to the situation. We may also want to inhibit the response of sub-collectives that adapt poorly to certain circumstances too, such as those who respond maliciously in times of crisis.

Page 15 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

Thus we argue that diversity is a key foundational notion in the construction of a CAS. This diversity of characteristics pervades CASs. In the next section we consider how this pervasive characteristic affects knowledge and communication in CASs. 2.5 Diversity as a way to characterize agents and their knowledge In our settings, a CAS is essentially a â&#x20AC;&#x153;hybridâ&#x20AC;? multi-agent system composed of people and machines. One of the most important goals of SmartSociety is to devise mechanisms to represent agents and data they handle for and effective communication and coordination in the network. This is especially important when the system is distributed (i.e. when each agent acts as a peer in the system), when there is no centralized mechanism to enforce uniformity of language and data formats (i.e. there is not a unique global schema or interaction protocol), when there is a high heterogeneity of the units/nodes in terms of their nature (humans or machines, hybrid CAS), their computational capabilities, skills and descriptive features (diversity-aware CAS). One important aspect to take into consideration in any multi-agent environment (for instance also in the Web) is constituted by the difficulties that typically arise in communication due to the intrinsic diversity of the agents. In SmartSociety, we assume that communication happens in a CAS in form of exchange of data that may differ in format (diversity in syntax), language used (diversity in language), and content (diversity in knowledge). We assume data to provide a description of the properties of the real world entities (for instance people, locations, facilities, events, mind products) that agents need to deal with. In other words, data represents a description of what the agents know. For instance, in a tourism scenario (see for instance the work in WP9) agents may need to describe people like tourists and operators, and facilities like hotels, museums and restaurants. Each agent only has partial knowledge of the relevant entities and may describe them in different, possibly conflicting, ways. In this respect, the main focus in SmartSociety is in the way diversity - as a function of local goals, needs, competences, beliefs, culture, opinions and personal experience - is manifested in language (i.e., the terms used by the agents to describe the entities) and knowledge (i.e., what the agents know about the entities which are relevant in the scenario) both at the level of a single agent (when the terms used and the entities described are meaningful only locally to a single agent) and at the level of a group of agents (when the meaning of the terms used and the entities described are agreed and shared by two or more agents). As example of diversity in language, people may speak different languages (e.g. English, Italian); within the same language (e.g. English) a term can have multiple meanings in different contexts (homonymous terms) and the same meaning can be conveyed by different terms (synonymous terms). For instance, the term bug represents a malfunction in computer science, but also the main ingredient of some delicious dishes (at least in some cultures) and the main subject in entomology; bug and insect are synonyms in the latter domain. In using such terms, agents need to negotiate their meaning and agree on a shared vocabulary (or dictionary) in order to establish an effective communication. As example of diversity in knowledge, while on the one hand entities of the same kind can be described with similar attributes (but different values), on the other hand the same entity can be described in multiple ways by agents having different opinions or viewpoints. For instance, while all restaurants serve food, they may differ according to the kind of food served, e.g. Indian restaurants and Chinese restaurants; one agent could describe a certain restaurant as a Chinese Restaurant located in Rome, while another one could describe the same entity as an ethnic restaurant located in Italy serving delicious dishes made out of bugs. Inconsistency may arise when contrastive information is provided about the same entity by different agents, for instance when providing two different addresses for the same restaurant. However, this may be caused by incompleteness, e.g. the restaurant recently moved from one place to another. In this case, what is missing is temporal information. Yet, people are rarely conscious of the polysemous nature of individual terms because people are deeply embedded in the physical and social context within which a discourse is taking place (namely the meaning is part of their implicit assumptions that they can find hard, or not worth to make it explicit). As a matter of fact, it is always hard to determine the right level of generality of what is asserted (i.e. the right amount of language and knowledge required) which in turn has an impact on the computational complexity of the Page 16 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

automatic reasoning (Maltese et al, 2009). In other words, the more is made explicit the more it impacts the performance of the system. By contrast the notion of context is difficult for machines to represent and capture (Giunchiglia et al, 2012). In a CAS, agents (and groups or collectives of agents) themselves can be subject of descriptions being exchanged. In fact, being able to describe a CAS in terms of its agents and collectives (see the work on task and peer profiling in WP4) is fundamental to model the entire system and to reason about it. Diversity is also important for its capacity to frame populations into clusters, i.e. to identify subsets of the agents sharing a similar property or characteristic. In fact, as specified in (McCarthy, 1987), diversity in knowledge can be formalized in terms of diversity dimensions, namely the dimensions by which knowledge is framed. Such dimensions generate a multidimensional space in which entities of a certain kind can be placed. For instance, agents in a CAS can be distinguished, clustered, or ranked by their provenance, language, skills, resources, culture or any other attribute by which they are described. This can be seen both as a prerequisite to search for them (see the work on search and ranking in WP4), for instance to find those agents able to perform a certain task under specific conditions, and as a way to analyse proprieties of entire populations (by aggregation and stratification). However, the latter does not apply only to agents, but to populations of any kind (e.g., of documents, movies or products). In order to make a CAS diversity-aware, diversity should permeate the way data is represented and communicated. This in particular includes the language and the specific attributes used to describe agents and collectives (the profiling of individual humans, machines, and groups), their knowledge (the local representation of the entities they know), the tasks they are able or willing to perform, and their resources (the description of what they can use to accomplish a certain task). 2.6 Hybridity in Collective Adaptive Systems 2.6.1 Introduction The “Social Computer” in SmartSociety is a Collective Adaptive System (CAS) which is a mixture of different types of computing and data resources working in concert in the same collective. These resources might have different individual objectives but they join together to contribute to solutions for solving a common (global) problem. The basic types of resources that can be part of CAS are: humans, software and things (e.g., sensors). We view the hybridity of CAS as rooted in these types of computing and data resources. Therefore, we need to capture and model different aspects of these types of resources in order to characterize the hybridity of CAS. 2.6.2 Dynamic and multi-aspect hybridity From within the structure of a collective, the following dynamic aspects of hybridity are apparent:  

Different types of computing and data resources, including machine-based, human-based and thingbased ones. Different roles performed within the same collective. There may be different types of computing resources or a single computing resource that performs different roles or the same role at different times based on different computing capabilities.

Therefore, in SmartSociety, we must be able to model and capture hybridity of computing models in a collective that are associated with these types of resources. The hybridity-aware structure of CAS from the view of computing resources can be observed through (i) the hybrid processing unit (e.g., the CPU/core for machine-based computing, the human brain for human-based computing, and the sensor for things-based computing), (ii) the hybrid architecture (e.g., the cluster of machines for machine-based computing, the individual/team for human-based computing, and the web of things for things-based computing), and (iii) the hybrid communication (e.g., the TCP/IP for machine-based computing, the social network for human-based computing, and the RFID for things-based computing). Within a collective we will have a mixture of these processing units, architectures and communications. The properties of these hybrid elements have a strong impact on the way SmartSociety supports the composition, coordination and programming of a CAS. From the view of the service a collective might provide, or other dynamic properties of hybridity, then the following aspects assume importance: © SmartSociety Consortium 2013 - 2017

Page 17 of (133)

 

Deliverable D1.1

The mixture of variation in quality from a single collective given a specific goal: a collective is dynamic w.r.t. structures, interactions, and performance. Therefore, it can produce variable quality (e.g., time, availability, incentives, to name just a few), depending on different settings. The mixture of cost/benefit models: a collective might operate in parallel to perform a service (offer a capability) according to different cost/benefit models that may or may not vary in quality.

Such dynamic hybridity characteristics must be captured and associated with CAS to enable the selection and utilization of suitable CAS for different goals and with different quality expectations (e.g, specifying desired performance, cost, and quality of data). Furthermore, these hybridity properties would have a strong influence on how CAS would be managed, coordinated and provisioned to meet consumer expectation. 2.6.3 A unified service unit model for hybridity in a collective To capture and model hybridity in a collective, SmartSociety will need to develop a unified model that is able to capture different types of processing units, architecture, communication, quality, costs and benefits which establish the dynamics, structures and contexts of CAS. This can be achieved by (i) considering computing resources under the service unit which offers different functions utilizing the cloud and service computing models (Dustdar and Truong, 2012; Truong, Dustdar, Truong and Bhattacharya, 2012) and (ii) developing a hybrid compute unit capturing different types of resources (Dustdar, Truong and Bhattacharya, 2013) and hybridity-aware relationships among these units (Truong et al, 2013). A service unit can offer a function which is provisioned, consumed and paid for via well-defined interfaces and which can be composed easily with other units, regardless of whether the function is performed by a piece of software, a human or a thing. A hybrid compute unit can be defined as a set of service units including software-based services, human-based services and things-based services that can be provisioned, deployed and utilized as a collective, on-demand based on different quality, pricing and incentive models. Hybridity-aware relationships not only include typical relationships for collectives of software agents, such as composition, data and control dependencies, but also characterize the similarity among different types of units, the social relations among them, and the elasticity of the collective. The core concepts of service units, hybrid compute units and hybridity-aware relationships will be provided as programming elements and constructs (in WP7) that enable CASs to be programmed in a flexible way. 2.7 Compositionality in SmartSociety The engineering of complex socio-technical systems invariably requires various methods of composing complex elements out of simpler ones, whether these be data, processes, hardware, or users. Conventional systems engineering paradigms, which operate under mostly “closed-world assumptions”, rely on the compositionality principle, whereby the result of combining various elements can be predicted purely on an understanding of the elements themselves, and the operation used to combine them: the meaning of “1+2” is obvious if you know what “1”, “2”, and “+” mean. This makes the effects of composition predictable, its results well-defined, and is foundational for reductionist models and the engineering methods that these give rise to. The kinds of systems we are interested in break this assumption. Hybridity implies that a significant part of the computation will be performed by humans, acting voluntarily, and not in predictable, easily reproducible, or coherent ways. Diversity means that every single individual contribution (of machines, but even more those of humans) may vary in terms of quality, reliability, execution time, or interpretation of the task in hand. Collectives participating in these systems may exhibit dynamics that go beyond the “sum of their members”, through social influence, contagion, stratification, and continual re-organisation. Adaptivity implies constant change of components’ behaviours, leading to a constant re-definition of the system environment. In summary, all these features create an “open-world” environment, in which a multitude of views co-exist in parallel, system boundaries are constantly shifting, and correct functioning of the system depends on rich contextual information, usually not available at design time, or accessible to purely computational artefacts. Our aim is to “reconquer” compositionality, to the extent that this may be at all possible, in HDA-CAS with Page 18 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

the help of human users assisted by advanced intelligent systems techniques, and a new approach to design. This requires: 1. Providing an infrastructure that enables complex interaction among humans and machine components in a scale-free, lightweight way. The only existing example of such an infrastructure that allows interoperation and integration across heterogeneous systems and massive-scale collectives, is the World Wide Web. We will endeavour to specify our social orchestration framework, i.e. the computational architecture used to organise complex social computations, on the basis of minimal existing Web architecture elements. 2. Introducing collectives as first-order citizens in the specification and execution of computations through aggregation (groups act through representatives), stratification (individuals are viewed as members of groups), generalisation (different individuals can enact similar roles). These design primitives will guide the engineering of HDA-CAS in a radically different way from conventional, individual-centric design, and help achieve diversity-aware, scale-free systems composition. 3. Exploring new methods for composing people, machines, and their environment that help reintroduce compositionality in open-ended HDA-CAS. Conventional computational methods for sequential and parallel composition, hierarchical abstraction, inference over data and knowledge are all expected to “break” under realistic social computation conditions. We will develop CAScompliant versions of each of these operations by capturing context using human- and machineassisted methods to reinstate their compositionality properties. To exemplify the way by which these methods could help produce sound social computations where initially compositionality seems out of reach, consider the example of a Web-based Ride Share platform: The way in which a multi-part journey is put together algorithmically (process composition) will often contradict human willingness to participate. For example, it might be the case that a suggestion for a person on a bus to meet the driver of a car in a certain location at a certain time is not acceptable, because the bus is unreliable (system lacks human domain knowledge). Yet having a “plan B” alternative (semi-automated contingency planning) should the driver have to wait for too long could resolve this. Putting a young woman with a man for a night-time journey (composition of users) without any additional travellers will be unacceptable for the female ridesharer (lack of cultural context), yet might make sense in terms of cost optimality. She or he could find a third co-traveller and offer them a monetary incentive to join (human-designed incentive). An unreliable driver might have a low reputation score (machine-computed) and not be proposed by the system, yet his friends might enjoy sharing a journey with him nonetheless (lack of social context). Having a hundred rideshares use the same main road (parallel composition) might lead to congestion (lack of knowledge of side-effects), though it may be the preferred solution for travellers. A reward for some of them to take a slightly longer, alternative route might be sufficient to resolve this (machine-designed incentive, multicriteria optimisation). Methodologically, pushing the boundaries of the key aspects of HDA-CAS will be a key element of our programme of work: massive numbers of participants will force us to reason about collectives, high diversity of actors will require robustness in the face of large variations in participants’ motivations, skills, and culture, and the volatility induced by individual and collective adaptation will require constant identification of emergent behaviour and appropriate system adaptation. In the ridesharing example, one can imagine how the quality of the “repair” mechanisms can be put to the test by applying these principles: the more modes of transport and geographical areas are considered, the more human domain expertise might be ignored, and more suggested trips might become unacceptable to humans (but, at the same time, more options become available); the more different types of participants and cultures are involved, the more social constraints will be unknown to the system, and more variability in response to different incentive schemes might be experienced (but, at the same time, more individual capabilities, skills, and background can be exploited); the more users there are in the system, the more undesirable side-effects might occur (but, equally, they enlarge the potential solution space, and their presence makes the use of predictive analytics more effective). Thus, as far as dealing with compositionality is concerned, the biggest threats to achieving it in HDA-CAS are also the greatest opportunities that these systems offer. In a sense, the SmartSociety approach will be to study these phenomena and develop methods for turning them into design principles that will help us tackle compositionality issues. Finally, we should remark that we don’t expect any reasonably complex HDA-CAS ever to be fully compositional, especially as emergent phenomena will always create unexpected behaviours © SmartSociety Consortium 2013 - 2017

Page 19 of (133)

Deliverable D1.1

after any design intervention which will not be accounted for by the intervention. Still, we hope that a principled exploration of the mechanisms listed above will allow us to make some progress in developing a new mindset regarding the composition of HDA-CAS that is more appropriate for this new kind of system than traditional design methodologies. 2.8 Foundational Concepts – concluding remarks The above sections have elaborated upon a number of interrelated foundational concepts that underpin the SmartSociety vision. Reaching this degree of detail and precision has been a significant collaborative achievement with section authors drawing upon the many discussions held across the project during its first year as well as on their own evolving expertise. The aim of these sections has been to provide a common frame of reference to understand HDA-CAS and to understand how to build them with the aim of guiding later technical implementations. To bring these contributions into focus and provide a conceptual overview, below we recap the key messages of this section: A central concept for SmartSociety is that of Collectives, which are defined as groups of people with some attributes in common that confer a shared identity. Collectives can be stronger or weaker, and membership might be more or less explicit. On this definition, to create a CAS one would provide tools to enable collectives to form by supporting the emergence of a shared identity, or by leveraging off existing shared identities. Tools would also be provided that enable adaptivity through practices of reflection leading to changes in behaviour and capabilities that accommodate new circumstances. With these definitions as starting points we explored the conceptual characteristics of HDA-CAS that give shape to the engineering challenges ahead, such as the consequences for CAS of being Open, Heterogeneous, Distributed and monitoring the state of the CAS to enable Reflection as a pre-requisite for adaptation. Diversity-awareness is a foundational notion for CAS because of the need to accommodate and draw upon a multiplicity of perspectives and skills. Here we discuss the intimate relations between diversity and adaptivity in that diversity can enable sub-populations to each adapt helpfully to an emerging situation according to the specialised capability they are able to bring to bear. Diversity plays a significant role in how agents use language to communicate and is increasingly problematic in larger distributed collectives that may not closely share language conventions or knowledge. This stimulates us to think of how such differences can be reconciled so that we can for instance identify sub-collectives whose members share common attributes but express those attributes in different ways. Hybridity refers to the blending of the capabilities of humans and machines, and we consider a conceptual model of hybridity that supports combining human and computational resources via a programming framework that can work with different service level specifications. Finally, this section considers Compositionality which concerns how the different sorts of resources available to a CAS can be combined in coherent and meaningful ways. Problems of compositionality occur because we intend CAS to work in the context of multiple open systems with a high likelihood of confounded factors the nature of which we may well be unaware. This implies that when we bring resources together to achieve some goal in an environment that we do not control we have to learn how to do this in ways that give us some level of confidence in the outcome. 2.9 Foundational Concepts – next steps These core concepts provide the foundations on which the SmartSociety can build as it moves into its second year. At the same time, as the work progresses and the project puts an increasingly concrete shape to the vision of a Smart Society, the foundational concepts as stated here will inevitably be subject to re-evaluation or refinement. The ‘next steps’ then are to keep the foundational concepts alive and help them to stay relevant through periodic restatement, debate and revision as part of reflective processes within the SmartSociety project itself.

Page 20 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

3. Social values and ethical governance Research and innovation is increasingly being examined with an eye for the problems it can create for individuals and society as well as the benefits it may bring. The ways that mobile and social technologies in particular have become deeply intertwined with all aspects of our lives raise a series of concerns about the extent our lives are being transformed and the control we have over those transformations. Thus the negative consequences of technological change has received greater public attention, government bodies, such as funding agencies, have become increasingly keen to regulate research and innovation to avoid harm. SmartSociety itself is a programme of work that intends to harness and to transform social processes. It behoves the project to understand the social and social values, both as a medium with which it works, and as a place where its actions have both positive and negative consequences. To this end this section of the deliverable explores Ethical Implications of SmartSociety; the Privacy issues and the Ethical Governance of SmartSociety. These sections have been informed by an ongoing programme of empirical work into social values involving interviews and focus groups which are detailed in appendix II. 3.1 Societal and ethical consequences of CAS We have found it useful to distinguish between contextual and emergent ethical issues in relation to CAS. Contextual issues refer to pre-existing ethical sensitivities within a given socio-technical system that reflect interactions between cultural values, supportive infrastructures and system goals. Emergent ethical issues are ones that arise, or are amplified or diminished as a consequence both of reengineering an existing system to function more like a HDA-CAS, or by virtue of the CAS's evolution. This distinction is important because it enables us to take seriously pre-existing ethical concerns, whilst at the same time keeping an open mind as to which ethical issues will assume importance in the future. This awareness of emerging system properties and corresponding ethical issues builds on practice theories of socio-technical order (Schatzki et al., 2001; Pickering, 1993). In the case at hand, it entails an ongoing process for identifying and managing ethical concerns that should function continuously as the HDA-CAS is implemented, as it evolves and as it interacts with wider social and social-technical systems. Given that ethical concerns are often debatable, conflicting or present as dilemmas then we need to avoid the idea that we can, for the most part, solve ethical problems (cf. Kjolberg 2010: 6). Rather we wish to provide a space for them to be surfaced, negotiated and to enable working compromises to be reached. We take these processes of identifying and managing ethical concerns to constitute the 'ethical governance' of HDA-CAS. We develop some preliminary ideas as to what this governance process should look like and how it intersects with other aspects of CAS governance later on in this document. Here we prime that discussion by drawing upon empirical data to focus on categories of ethical issues that appear relevant to HDA-CAS and Smart City application domains. The intention is to create a sensibility towards relevant ethical concerns, including particular sorts of contemporary or domain specific ethical issues, but also to point to categories of issue attached to wider techno-social trends and anticipated HDA-CAS properties5. 3.1.1 Contextual issues A preliminary analysis of interviews and focus groups conducted as part of WP1 (and in conjunction with WPs 5 and 9) has revealed a variety of pre-existing ethical sensitivities in domains such as social care, tourism and transport. One such example6 revolves around the safety concerns of those participating in schemes that support ‘Couch Surfing’ as a source of cheap accommodation, and ‘Ride Sharing’ as a means towards inexpensive travel7. Some female travellers in particular were concerned they may be exposed to risk using these service for instance if they accepted a lift at night alone with a man they did not know. Interviews and focus groups revealed variation in degrees of concern and an array of ad-hoc strategies used to reduce risk. These included: avoiding use of the service altogether; preferring a telephone conversation to arrange the ride to help gain an impression of the driver’s character; keeping a personal record of driver ‘reputation’; becoming less cautious with experience; and by choosing ‘safer’ rides (e.g. a daytime ride with other passengers). Thus a concerted investigation into a setting can provide valuable insight into important social values that need to be accommodated within the design of a CAS, and yet the process of 5

See appendix II for a more detailed review of the empirical work in WP1, its scope and findings. Further examples of embedded ethical concerns can be found for social care in appendix I and for other Smart City contexts in appendix II 7 See appendix I for more examples from the domain of social care. © SmartSociety Consortium 2013 - 2017 Page 21 of (133) 6

Deliverable D1.1

accommodating social values is often not straightforward. One reason for this is because different social values are often compete with eachother. In the Ride Share scenario, for example, it is hard to balance the need to enhance privacy on the one hand with the need to reveal personal details about drivers and passengers to enhance safety on the other. Layering on properties envisioned for CAS adds further intricacies to these already complicated situations. An example of this is that users of the existing Ride Share system can choose freely from offers of lifts, whereas SmartSociety would use incentives to steer that selection, perhaps to encourage optimal journey times or maximum occupancy. This has the effect of shifting some of the responsibility for choosing a ride to the CAS, implying that if someone should come to harm then liability may then be attached to the CAS or its designers. With these complexities in mind our approach is not to attempt a fixed design that roughly satisfies constraints of competing social values as they exist at a point in time, but instead to use an enquiry into social values to inform the design of flexible governance structures that can be renegotiated and modified as circumstances change and as the system evolves. We cover this topic in detail in section 4.2. One thing to note from this discussion is that contextual and emerging ethical concerns are not entirely separable. Starting from contextual issues, it is quite natural to then consider how a planned implementation may ‘mangle’ those issues into new types of problem (Pickering 1993). Thus, understanding existing issues forms the basis for anticipating emerging ethical dilemmas. 3.1.2 Emerging issues Emergence is a key feature of HDA-CAS, and new sorts of ethical dilemmas may arise alongside emerging capabilities and impacts. Forecasting future ethical concerns for evolving, complex, open-ended systems seems a hard task. However, practical methods have been developed towards envisioning a range of alternative possible futures to provide traction for design choices made in the present (Guston, 2010). These fall under the rubric of 'anticipatory governance', defined as the coupling of foresight and policy to achieve earlier responses to the 'unexpected' or emergent consequences of non-linear systems (Fuerth, 2009). In this context, foresight is not taken as prediction, but rather as a resource for negotiating possible futures that is informed by combining several sources of knowledge, including: hindsight (i.e. awareness of prior 'surprises'), awareness of techno-social trends and dynamics, expertise and perspectives from a range of stakeholders and disciplines, domain overviews, and model based forecasts (Guston 2010; Fureth 2009). Our approach throughout this section has in a modest way been to utilise some of the above anticipation and foresight approaches to understand the implications of governing CAS. For instance, in the remainder of this section we draw out lessons for social values from the accumulated experience of large-scale socio-technical systems with properties similar to CAS that is available from the literature and from our own empirical work. In later sections we seek to understand how CASs may regulate collectives, and anticipate the different propensities attached to alternate governance regimes. Finally we draw these together with an empirically founded 'worked example' (i.e. one drawing upon domain expertise) that considers the governance requirements of a CAS in a care setting detailed in appendix I. Here we return to possible emergent ethical issues for CAS based upon the sorts of social transformations already wrought by existing complex socio-technical systems: 

CAS that are diversity-aware aim to be sensitive to the mix of capabilities and values present within collectives, and able to stratify populations to target incentives and recruit expertise. However, such an approach is open to undesirable forms of social sorting, identified as the ways that surveillance technologies sift populations and thereby regulate entitlement or access to resources (Lyon, 2003).



There are important related questions to do with user representation and transparency. Who decides the global goals a CAS should pursue, and to what extent will participants understand that their behaviour is being directed through the use of incentives and persuasive technologies? Although CAS are envisaged as creating societal benefits, various forms of accountability are needed to ensure such ends are not subverted. It may be suspected that CAS really aim to make life more convenient or lucrative for well-off sponsors, thus certain forms of transparency become needed to preserve confidence and trust.

Page 22 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1



The metaphor of ‘herding sheep’ have been used to explore how the behaviour of collectives can be directed8, raising the question as to who gets to set the system's direction - or train and influence the sheepdogs? Similarly the 'God of the SmartSociety' has been proposed9 as an evocative metaphor for the unseen hand guiding the collective's behaviour, raising the question as to whether a SmartSociety should be more paternalistic or more democratic in its constitution?



Attempts to influence human behaviour can result in 'perverse outcomes' on those occasions when incentives drive unanticipated and undesired behaviours (e.g. Seddon, 2008). This raises issues about monitoring CAS to ensure that its emergent properties are positive and intended. This becomes harder to achieve as the system scales because of the increasing diversity of outcomes and the increasing diversity of views over what outcomes are actually desirable. So although noble intentions are envisaged for CAS such as, reducing traffic congestion or pollution, or creating community goods where none existed previously, defining such intentions will in practice depend upon negotiating between contested perspectives.



CAS boundaries are a further site of ethical concern. Will non-participants be disadvantaged? One can image that business owners who depend on passing trade will be upset by changing commuting patterns as drivers participate in a CAS that aims to reduce congestion. Will these ‘indirect’ stakeholders be given a say in how those CAS are configured?



Hybridity within CAS aims to blend the capabilities of humans and machines to solve problems either would struggle to solve alone. Questions arise here whether participation is fairly rewarded, whether professional roles are displaced, and how to guard against malicious forms of participation (Silberman et al, 2010; Lanier, 2013).



Attention is need to the wider impacts of CAS across time and space as they alter flows and mobilities within the proposed Smart City setting. This is because CAS aim to influence the movement of traffic, people, material and immaterial goods, patterns of consumption, transform the knowledge, skills and resources needed to participate in markets, access services and engage in political discourse. With all of these effects there are likely to be winners and losers. As Hannam et al. (2006) have argued, increasing the mobility of some stakeholders may entail ‘immobilities’ for other groups.



Automation raises a gamut of issues including the degree of control ceded to algorithms, the redistribution of responsibility and liability (discussed above for the Ride Share scenario), the performative shaping of participation (e.g. job applicants aligning their behaviour to the matching algorithm in online job markets such as 'Elance'10), the opaqueness of algorithms and their adaptations, and the filtering effect they have on human experience of the world (Johnson & Mulvey, 1995; Fleischmann and Wallace, 2009; Introna and Nissembaum, forthcoming; Knobel and Bowker, 2011).

Finally there are a series of values that relate aspects of personal integrity and autonomy such as trust, safety, security and privacy, some of which are discussed above, and others come to the fore in discussions of privacy, which we turn to in the following section. 3.2 Privacy Privacy is a core value and is recognized either explicitly or implicitly as a fundamental human right by most constitutions of democratic societies. In the end of the 19th century, the American lawyers Warren and Brandeis defined privacy as the “right to be let alone” (Warren and Brandeis, 1890). Another definition from the early years of computing is by Alan Westin, who defined privacy as the “the claim of individuals, groups 8

"In a similar fashion to herding sheep, the goal is to steer a group of living individuals to comply with our goals." Adaptive Collective Systems: Herding Black Sheep. BookSprints for ICT Research (p61) 9

By a member of the SmartSociety project during a project meeting when the conversation turned to types of ethical concern raised by the project. 10 www.elance.com © SmartSociety Consortium 2013 - 2017 Page 23 of (133)

Deliverable D1.1

and institutions to determine for themselves, when, how and to what extent information about them is communicated to others” (Westin, 1967). In general, the concept of personal privacy has several dimensions, including the dimensions of Informational privacy (by controlling whether and how personal data can be processed or disseminated – see also Westin’s definition), territorial privacy (by protecting the close physical area surrounding a person) and privacy of a person (by protecting a person against undue interferences) (Fischer- Hübner, 2001). In the context of the SmartSociety project, the aspect of informational privacy will be the most relevant one. 3.3 Basic Privacy Principles Privacy, however, is not absolute right, as it can be in conflict with rights of others or other legal values, and because individuals cannot participate fully in society without revealing personal data. Nevertheless, even in cases where privacy has to be restricted, the very core of privacy still needs to be protected. Therefore, privacy and data protection laws have the objective to define fundamental privacy principles that need to be enforced if personal data is collected, stored or processed. In the following section, we give an overview to internationally accepted, basic legal privacy principles, which are part of the general EU Data Protection Directive 95/46/EC (Directive 95/46/EC, 1995), which has been an important legal instrument for privacy protection in Europe, as it codifies general privacy principles that have been implemented in the national privacy laws of all EU member states and of many other states. The principles also correspond to principles of the OECD Privacy Guidelines (Organization for Economic Co-operation and Development, 1980) to which we will also refer to. 1) Legitimacy: Personal data processing has to be legitimate, which is according to Art.7 EU Directive 95/46/EC usually the case if the data subject11 has given his unambiguous (and informed) consent, if there is a legal obligation, or contractual agreement (cf. the Collection Limitation Principle of the OECD Guidelines). 2) Purpose specification and purpose binding: Personal data must be collected for specified, explicit and legitimate purposes and may not be further processed in a way incompatible with these purposes (Art.6 I b EU Directive 95/46/EC - cf. Purpose Specification and Use Limitation Principles of the OECD Guidelines). 3) Data minimization: The processing to personal data must be limited to data that are adequate, relevant and not excessive (Art.6 I (c) EU Directive 95/46/EC). Besides, data should not be kept in a personally identifiable form any longer than necessary (Art.6 I (e) EU Directive 95/46/EC – cf. Data Quality Principle of the OECD Guidelines, which requires that data should be relevant to the purposes for which they are to be used). In other words, the collection of personal data and extend to what personal data are used should be minimized, allowing for instance users to act anonymously or pseudonymously. Obviously privacy is best protected if no personal data at all (or at least as little data as possible) are collected or processed. 4) Restriction for the processing of sensitive data: According to Art.8 EU Directive 95/46/EC, the processing of so-called special categories of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or aspects of health or sex life are generally prohibited, subject to exceptions (such as explicit consent). 5) Transparency and Rights of the Data Subjects: Transparency of data processing means informing a data subject at least about the data processing purposes as the identity of the data controller12, as well as further information, such as information about the possible recipients of the data and the rights and controls the data subject has in regard to his personal data. The Directive 95/46/EC provides data subjects with respective information rights according to its Art.10. Further rights of the data subjects include the right of access to data (Art.12 (a) EU Directive 95/46/EC), the right to object to the processing of personal data (Art.14 EU Directive 95/46/EC), and the right to correction, erasure or blocking of incorrect or illegally stored data

A data subject is a person about whom personal data is processed. EU Directive 95/¤5/EC defines a data controller as the entity that alone or jointly with others determines the purposes and means of personal data processing. 11 12

Page 24 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

(Art.12 (b) EU Directive 95/46/EC, cf. Openness and Individual Participation Principle of the OECD Guidelines). Of special interest for the SmartSociety project, are data subject rights in the context of automated decisions that are for instance made based on profiling: The right to access data according to Art. 12 (a) includes the right to obtain from the data controller “knowledge of the logic involved in any automatic processing of data concerning the data subject at least in the case of the automated decisions”. Pursuant to Art 15 (1), individuals have in principle “the right not to be subject to a decision which produces legal effects concerning him or significantly affects him and which is based solely on automated processing of data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc.” 6) Security of data processing: The data controller needs to implement appropriate technical and organizational security mechanisms to guarantee the confidentiality, integrity, and availability of personal data (Art.17 EU Directive 95/46/EC - Cf. Security Safeguards Principle of the OECD Guidelines); In January 2012, the EU Commission published a proposal for a new EU General Data Protection Regulation (GDPR – EU Commission, 2012), which defines a single set of modernized privacy rules, and which will (once the regulation will be in force) be directly valid across the EU. On October 12, 2013, the LIBE Committee (Committee on Civil Liberties, Justice and Home Affairs) of the European Parliament voted on compromise amendments to the GDPR (EU Commission, 2013). In particular, it includes the principle of data protection by design and by default (Art. 23), requiring building privacy enhancing technologies (PETs) already into the initial system design. Besides, the requirements of transparency of data handling by concise, transparent, clear and easily accessible policies (Art. 11) is explicitly stressed, and the right to erasure is newly introduced in Art. 17 (which was initially branded as the right to be forgotten in the GDPR from January 2012). Important in the context of SmartSociety are also newly introduced rules on profiling (Art. 20), including the data subject’s right to object to profiling as well as prohibition of profiling that has a discriminatory effect on the grounds of race, ethnic origin, political opinions, religion, philosophical beliefs, trade union membership, sexual orientation or gender identity. “The controller shall implement effective protection against possible discrimination resulting from profiling”. Even though the GDPR and its amendment are not enacted yet, it contains legal principles that have been broadly accepted as being important for the protection of privacy in the future, and should thus also be addressed by the SmartSociety project. 3.3.1 Privacy in SmartSociety In SmartSociety, privacy is intertwined with HDA-CAS aspects and is a constituent and essential part of basically all SmartSociety work packages. The underlying privacy aspects related to ethics, social values, and governance and its relation to each of the main characteristics of HDA-CAS is part of the WP1 work package. Privacy is a cornerstone principle in WP8, where it is to be fully incorporated in the system architecture that will support the integration of the input from all other work packages. Privacy is also an integral part of the work packages dealing with compositionality, task and peer profiling (WP3, 4 and 6). Moreover, protection of personal data influences the project work related to trust, reputation and incentives, which are aspects mainly addressed in WP2 and WP5. Privacy is, therefore, a cross-cutting non-functional requirement that is of essential importance in the project work. The goal of this section is to introduce and discuss the research challenges and directions towards the integration of privacy in HDA-CAS especially regarding the tasks related to WP1. In this section, we revisit each of the fundamental aspects of HDA-CAS and analyse the future research landscape in advances of privacy and privacy-enhancing technologies in the scope of SmartSociety. 3.3.2 Privacy, Diversity and Hybridity Diversity is a key component in anonymity metrics, i.e., standards of measurements that aim at quantifying the level of privacy of a subject, and can have either a positive or negative effect on it, especially regarding personal informational stored in structured databases (see State of the Art – Privacy in Appendix III). Therefore, a number of research questions can be drawn around the notion of diversity of data in HDA-CAS. © SmartSociety Consortium 2013 - 2017

Page 25 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

Identifying how diversity of data of individuals forming a collective can be used to maximize the level of privacy of subjects in a HD-CAS scenario is a research question to be answered for instance. From the socio-cultural point of view, diversity is an important notion with deep consequences for privacy because its concept may change significantly between different societies and cultures. Hence, HDA-CAS applications need to adapt to the socio-cultural contexts that are relevant to the environment and to requirements of individual users in different cultures. Hybridity allows a user to act under multiple (partial) identities using possibly different devices. This allows a user to play different roles and show different â&#x20AC;&#x153;facesâ&#x20AC;? to different audiences, and thus supports audience segregation (cf. Goffman, 1959). Technically sound proposals for audience segregation include privacy-enhancing identity management systems and unlinkable pseudonyms that were proposed for distributed systems, which are based on privacy policy languages and methods, such as the PrimeLife Policy Language PPL (PrimeLife, 2011). However, the existing proposals may not be fully compatible with all HDA-CAS features and may need to be adapted, redesigned or advanced for hybrid and collective systems. In hybrid systems, peer profiles of machines could include personal data of one or even several data subjects. For instance, in the Care House scenario, sensors capture data about when and for how long health care professionals and patients have met. This implies that the sensor readings may reveal both personal information about health care professionals and the patients. In this context, a critical question is under which conditions data subjects of data relating also to other data subjects can exercise their data subject rights (if for example the data is only intended for the health care professionals to organise their work, the patient (or their relatives) may still have the right to access data items that relate to them). The hybridity aspect of HDA-CAS and its relevance to privacy cannot be analyzed in isolation because of the important influence of other HDA-CAS features such as diversity, collectives, the heterogeneous nature and goals of interactions (fractal property), operating principles, and security requirements that prevent abuse of the system. The research work related to privacy and hybridity in HDA-CAS is part of WP4. 3.3.3 Privacy and Operating Principles The provisioning of privacy has to be aligned and balanced with the operating principles of HDA-CAS, which include the profiling of tasks and peers, transparency, provenance and incentives. It is yet not clear what are the effects of maximizing privacy provisioning on the operating principles of HDA-CAS and what is the extent of those effects. While some operating principles, such as profiling potentially threatens privacy, other operating principles, such as provenance, if designed in a privacy-friendly manner, could also help to promote the privacy principle of transparency. Therefore, to better understand and evaluate those effects, several research questions need to be addressed. Regarding peer-profiling, a key question is how peerprofiling can be performed in a privacy-preserving manner. Privacy policy languages such as PPL can play a key role in that respect. Further relevant research questions are how peer profiles of individuals can be anonymised or pseudonymised, how peer profiles of collectives can be formed in an anonymous manner. Privacy-preserving schemes and mechanisms for data provenance in HDA-CAS need also to be designed in a way that it is possible to identify the provenance of data to a level that is satisfying both functional and privacy requirements. A relevant research questions is how data provenance techniques can be enhanced to provide privacy-enhanced ex post transparency informing data subjects about how their personal data have been handled without leaking this information to other unauthorised parties. The research work on privacy and the operating principles of HDA-CAS is included in WP4 and with the privacy aspects of the Ride Share scenario, which is an initial scenario for WPs 2, 5 and 6. 3.3.4 Privacy, Compositionality and Collectives The research work on compositionality, collectives and privacy involves several research questions. Some of the important questions are related to digital identifiers and security in HDA-CAS. An initial question is how to construct identifiers that preserve privacy in HDA-CAS and are, at the same time, secure (e.g., against Page 26 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Sybil attacks). The distributed nature of HDA-CAS and the possible absence of an authentication server available at all times define some of the requirements of privacy-enhancing identifiers. Another question is how the system can select or compose collectives, which do not allow to uniquely identify its individuals or do not allow to derive personal data about its individuals, and are thus providing certain degrees of anonymity. Compositionality of users and machines, such as sensor devices, is especially noticeable in participatory sensing applications. This research area is still in its infancy, and there are still many research questions that need to be addressed, especially on improving existing privacy-enhancing tools and verifying their adaptability to HDA-CAS application scenarios. The impact of compositionality on privacy and core services in HDA-CAS, such as security (taking into account that security and privacy do not always compose (see e.g., McCullough, 2009)), is another important research problem that needs to be assessed. 3.3.5 Privacy and Evolutionary and Design Principles The evolutionary and design principles of HDA-CAS require that privacy properties are continuously verified and checked against ethical and legal requirements, which also evolve but in a much slower pace than HDA-CAS applications. Therefore, a constant assessment of the privacy impact of HDA-CAS is required. This is of fundamental importance to prevent the misuse of collected data for purposes beyond the ones specified during time of collection, i.e., application creep. We follow the Privacy by Design (PbD) framework (Cavoukian, 2009) and the proposed Ride Share scenario is now been evaluated following a Privacy Impact Assessment (PIA) process (Clarke, 2009). The PIA of the Ride Share scenario is mainly part of WP6 but also influence strongly the research and development in WPs 2, 4 and 6. 3.3.6 Summary In this section, we analyzed the research landscape related to the privacy in HDA-CAS. The research questions were organized around the main characteristics of HDA-CAS: hybridity, compositionality, collectives, diversity, and operating, evolutionary and design principles. We highlighted some of the current research work in privacy related to other work packages and the Ride Share scenario. 3.4 The ethical governance of SmartSociety This section sets out a simple example to help illustrate principles of governance, their interrelationship and to how principles of governance are relevant to SmartSociety. Our conceptual analysis of governance has lead us to the view that the ways in which CAS might be regulated (to operate in socially acceptable ways) are quite intimately tied to the ways in which CAS themselves aim to regulate collectives (through targeted incentives, for example). In other words, a more thorough understanding of how different forms of governance interact to deliver social regulation help not only with working out how to design CAS effectively to influence how resources are used, but also to see how this can be done in ways that are ethically sensitive to different contexts. The example we present in this section concerns regulation of public highways to ensure they function effectively as a shared resource. We explore how speed bumps, sometimes known as ‘sleeping policeman’ are employed to regulate traffic speed. We illustrate how 'speed bumps' feature simultaneously in several intersecting governance regimes, and discuss how any HDA-CAS must similarly exist at the intersection of several governance regimes. We then make the case that CAS design is shaped by, and shapes, governance design. Finally, we explore what this implies for ethical governance for HDA-CAS.

Page 27 of (133)

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

3.4.1

Understanding governance

Speed bumps, like the one shown in figure 1, configure the driving environment and help regulate traffic speeds in sensitive areas. They are a small component of a wider system of traffic regulation, which we explore in detail below.

Figure 1 Example of Speed bumps

Speed bumps are an example of â&#x20AC;&#x2DC;environmentally embedded regulationâ&#x20AC;&#x2122; (e.g. Shah and Kesan, 2007) illustrating the approach of configuring the physical environment to constrain driving practices in certain ways, in this case to regulate speed for reasons (perhaps) of pedestrian safety. At a base level the material features of the roads and their organisation create a balance of affordances and constraints that shape the possibilities for road use (e.g. speed and overtaking are possible on straight sections, but not where the road bends). This potential of the built environment to regulate social practices is actively exploited by town planners who configure urban spaces in ways that inhibit crime and anti-social behaviour13. Analogously, obtaining desired forms of social computation depends upon carefully structuring virtual user-environments to regulate patterns of social behaviour in specific ways (Erickson and Kellogg, 2000). An example of this is how the moves an ESP game14 are carefully arranged to produce game play that is generative of useful metadata tags. Whilst the 'rules of the road' might be given physicality in the form of speed-bumps or other traffic calming measures, there are a huge range of regulatory cues (signs, lines, grids, lights etc) that signal conventions of road use but do not by themselves enforce compliance. These are part of a hierarchical and centralised mode of regulation deriving from legal or institutional authority and policed by the state. Drivers are socialised to these rules formally via driving lessons and the driving test, and compliance is in part maintained through the threat of state (or professionally or institutionally) authorised sanctions. Centralised or hierarchical forms of regulation, in common with other forms, do not determine behaviour. Policing is imperfect, people are willing to risk sanction for some other benefit and the interpretation of rules is a matter of social convention, as is the degree to which they are enforced. So although shared norms and conventions amongst drivers take account of legally sanctioned regulations, they are not wholly determined by them. An example of this is the difference between the actual speed limit on UK motorways (70MPH) and the de facto speed limit which is closer to 80MPH15. Moreover, circumstances continually arise as part of road use that require improvisation and negotiation that would be impossible if official regulation were adhered to rigidly. In computing, this type of regulation is perhaps analogous to the terms and conditions attached to services that typically include expected standards of behaviour, allowable and prohibited ways that the service might be used, and sanctions that might be applied should the code deem to have been broken.

E.g. http://www.portsmouth.gov.uk/media/Reducing_Crime_Through_Design_SPD.pdf A serious game used to generate image metadata such as descriptive tags http://en.wikipedia.org/wiki/ESP_game 15 A concern voiced about raising the official limit to 80MPH is that the de-facto limit will then become 90MPH. The difference arises due to cultural expectations about how regulations are policed. In the UK there is an expectation that the police will not enforce the rule rigidly, but instead allow some leeway, which for all practical purposes leads to raised limit. http://www.independent.co.uk/news/uk/home-news/motorways-not-safe-enough-for-speed-limit-rise-to80mph-7745678.html 14

Page 28 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

The calming effect of speed bumps depends on drivers noticing them, anticipating the jolt and adjusting their practices accordingly - a process that can become more automatic over time. Much of the moment-bymoment organisation of road use depends upon a mix of prior socialisation and situated decision-making, including an appraisal of environmental cues, what other drivers are doing or are likely to do, what the local conventions are, and expectations of how certain traffic situations are likely to evolve (Büscher et al, 2011). This in turn depends upon reading the intentions of other road users, signalling one's own intentions, continually adapting one's own approach in response, as well as adjusting to the adaptations of others. This can be seen as a form of polycentric governance (Ostrom, 2010)16, often contrasted to more centralised and hierarchical forms of social regulation, whereby communicating agents collaboratively self-regulate their use of a shared resource. This has components of mutual accommodation, sanction and reward, and plays into processes of community norm formation. Polycentric governance is seen to underpin the regulation of knowledge creating communities within Wikipedia, where formation and policing of community norms occurs as part of the communicative practices of community members, rather than being imposed externally. It is also visible in the 'discussion fora' of sites like 'Zooniverse' where a shared understanding and classificatory practices can emerge for what would otherwise be isolated decision-making tasks of individuals classifying astronomical objects17. There are a number of attributes that make polycentric governance a possibility - but a principle among these is "cheap talk" (Ostrom, 2010) - i.e. easily accessible channels of communication between users of a resource. Design of HDA-CAS should orient to the channels of communication available between participants to take advantage of this type of self-regulation. Speed bumps are a motivational form of governance (e.g. Osterloh et al, 2001). They threaten discomfort, the chagrin of passengers and damage to the vehicle should a driver maintain an inappropriate speed. (Of course a thrill seeking teenager might find the bumps a motivation for driving faster.) Many types of social regulation seek to influence human actions through rewards and sanctions built around understandings of how peoples’ actions are motivated18. SmartSociety aims explicitly to regulate the use of resources though motivational mechanisms such as, incentives, persuasive technologies and reputation services. These are also common approaches to Smart City applications and a feature of interviews with Smart City consultants and implementers. Thus programmes towards more effective domestic energy use outlined by WP1 interviewees turned upon making energy consumption visible and therefore accountable19, either on a household or neighbourhood basis, perhaps with explicit elements of competition and reward. Sometimes motivational aspects were present in stronger or weaker forms. For example, one interviewee in charge of a regional transport information service wanted to encourage network users to use public transport as often as possible and always provided a public transport option in query results, but stopped short of using explicit incentives, partly so that responsibility for the choice remained with the user. Speed bumps are an adaptation. They are typically placed in response to neighbourhood concerns or other evidence of incautious driving. The approach of adjusting governance measures in response to changing circumstances is referred to as 'adaptive governance' and comprises of iterative cycles of monitoring, policy formulation and implementation (Voß and Bornemann 2011; McNutt and Rayner, 2010). A key element of adaptive governance as applied to socio-environmental systems is to bring together diverse forms of expertise, particularly 'native' expertise of peoples living within the system as to how complex socioecological systems might evolve in response to change (ibid). In the context of HDA-CAS, adaptive governance would involve forms of reflection that would bring together the expertise of smart society participants with a range of aggregated data describing how a HDA-CAS is behaving. Adaptive governance processes correspond to the cycle of sensing and adapting envisioned for HDA-CAS. Adaptive governance is an ongoing process since various conditions of the CAS may change. An evolving CAS may respond 16

Admittedly speed bumps are somewhat peripheral to polycentric modes of governance. But as we argue below, all the forms of governance presented here are interrelated. Thus how the driving environment is organised (including the presence or absence of speed bumps) shapes the sort of polycentric responses that are possible. 17 https://www.zooniverse.org/ 18 Benkler suggests there are three classes of reward that people are motivated by: Money, Pleasure (“Intrinsic hedonistic rewords” and Social (“Social-psychological rewards”). 19 There are a whole series of ethical issues attached to playing off accountability arrangements, particularly how they can create pressure that vulnerable people may be particularly susceptible to, shape behaviour in unwanted ways and encourage 'gaming' of the system. The worked example at the end of this chapter provides shows some of these properties for a technology of accountability operating in a care domain. © SmartSociety Consortium 2013 - 2017 Page 29 of (133)

Deliverable D1.1

unpredictably to changes in regulation, groups within CAS may demonstrate counter-adaptations, new ways of making measurements may emerge, or the environment of the CAS may change. The ‘speed bump’ sits within a nexus of diverse concerns voiced by many interested parties, – road users (of varying stripes), pedestrians, residents, motoring organisations, emergency services, environmental organisations, safety campaigners and so on. In this respect the roads analogy bears a strong resemblance to the ambition of HDA-CAS that aim to support diverse user groups with conflicting interests, since road users often have diametrically opposed interests (e.g. cyclists and motorist) and yet have to be accommodated within the same network. The mechanisms by which these voices are heard, how influence is wielded and how resources are allocated form the system of 'political governance' of the highways, usually handled in a multi-tiered way via local and national governments and their agencies, but also via other forms of political expression such as campaigning activity. Political governance is a way organising power and influence and can be configured to respond to the diversity of interests and values that have to be brokered to create a functional network that roughly satisfies the requirements of many different users and user constituencies. In order to help satisfy the requirement of diversity within HDA-CAS, thought has to be given as to how those user constituencies can influence HDA-CAS configurations. 3.4.2 Governance mechanisms as layered and intersecting It should be clear from the above illustrations that managing a complex shared resource like a roads network involves a constellation of governance mechanisms operating simultaneously that serve a variety of purposes whilst at the same time continually interacting and influencing each other. For example, 'polycentric' and 'embedded regulation' do not preclude one another, but instead tend to occur in mutually supportive (or sometimes disruptive) arrangements. Thus, a junction regulated by traffic lights still depends upon the selfcoordinating practices of drivers to achieve its effect. When the lights break down, then traffic will typically continue to flow, but its management shifts towards greater polycentric regulation as the drivers themselves now have to coordinate turn taking (Baker, 2009). Similar sorts of interdependency relationships can be found with motivational regulation. These are perhaps visible in the way that different studies emphasise either the polycentric and motivational governance mechanisms underpinning peer production in Wikipedia (Benkler, 2003; Forte and Bruckman, 2009). These can perhaps be viewed as different perspectives on a composite phenomenon, rather than as competing explanations. Adaptive governance can be seen to intersect with polycentric, motivational, and embedded modes in aiming towards specific regulatory effects by iterative modification of the physical, informational or incentive structures that underpin those regimes. Similarly political regulation operates over a slower time frame (except for some campaigns being enacted as deliberately surprising, quick interventions in public space) and can also appear ‘layered on’ to other mechanisms 20 – although experience of the roads network, communication with other users and access to data about the network are all possible occasions or venues for political discourse or action. Figure 2 shows the rough the relationships between different governance regimes and how they may correspond to SmartSociety concepts of evolution and operation. Table 1 shows sample governance mechanism and implementation approaches relevant to computer applications. Building a CAS can be seen analogously as designing and implementing an ecosystem of governance mechanisms that caters for a diversity of users and fosters the emergence of certain patterns of resource use. This isn’t the same as designing the behaviour itself. Relationship between these governance elements needs to be carefully thought out in order to allow the system as a whole to emerge in a coherent way.

An article on the history of Speed ‘Humps’ in Berkley on the City Authority’s web page (http://www.ci.berkeley.ca.us/ContentDisplay.aspx?id=8238) tells of how speed humps became contentious and how opposition to them led to shaping how humps are used as an adaptive regulatory measure (“speed hump locations chosen must provide clear safety benefits to balance any potential negative impact”).

Page 30 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Governance Regimes Political Governance CAS Evolution Adaptive Governance

Motivational Governance

Hierarchical governance

CAS Operation Polycentric governance

Embedded governance

Figure 2 Shows a rough logical arrangement of governance regimes and their relationships to CAS concepts of evolution and operation. This diagram simplifies tremendously the complexity of the relationships between these different aspects of governance.

Governance regime

Mechanism

Implementation approach

Polycentric

“Cheap talk” – ability to sanction

Motivational

Seeking of monetary, socialpsychological or hedonistic reward. Avoidance of sanction. Structuring physical or virtual environment to achieve regulatory effects. Laws, regulation, codes of conduct, institutionally backed sanctions and policing. Cycles of monitoring, policy formation and implementation.

Discussion boards, chat channels, collaborative filtering, provision of information about the state of the resources and resource users... Policing, monitoring, logging, reputation services, incentives...

Environmentally embedded

Hierarchical

Adaptive

Political

Representation and decision-making processes.

Visibility arrangements, signs, alerts, workflow organisation, ease or difficulty of interactions.... Terms and conditions, service agreements, codes of conduct, monitoring, penalties, exclusion. Sentiment data, sensor data and provenance data, analytics, engagement with users and other experts, discussion fora, AB testing... A constitution, stakeholder representation, discussion fora, executive officers, voting, petitioning...

Table 1 Shows sample mechanism and implementation approaches for different forms of governance.

Page 31 of (133)

Deliverable D1.1

3.4.3 Ethical governance Now we turn to the role that 'ethical governance' has in relation to these various governance regimes. To maintain the analogy with a roads network, we can consider how the road builders and maintainers may have parallels with the designers, developers and builders of Collective Adaptive Systems 21. The road builders wield considerable power over road users in the decisions they make about which roads are built and how the traffic network is regulated - decisions that can affect livelihoods (e.g. where businesses are dependent on passing trade), safety, quality of life (both of drivers and neighbourhoods), the comfort of driving, and impact upon the environment. Designers and implementers of CAS will wield similar powers with respect to a given domain of CAS implementation. Taking care in the production of governance regimes for CAS could include: 

Orienting to the practical circumstances in which the activity takes place and considering if the regulation itself poses annoyance, frustration or potential harm to users. The 'speed bump' example works well here, because as a mode of regulation it can be potentially very annoying as well as damaging to vehicles if not noticed. The one in figure 1 is painted yellow to help make speed regulation via bumps less uncomfortable and more palatable.



Adjusting regulatory mechanisms to achieve some new effect has implications at a collective level where understanding the values and social norms associated with the collective, or with communities within the collective, becomes important. An example here lies with the Ride Share scenario where interviews with participants reveal a regime of fixed prices between particular destinations based upon communitarian principles of sharing resources and costs. Attempts to raise the price are typically viewed as being 'greedy' and resisted. As part of HDACAS we might aim to motivate Ride Share participants in new ways (perhaps to improve environmental outcomes), but on the basis of existing norms we can see that achieving this via market based principles might be tricky. This might lead us to select a different approach to motivational regulation that relies less on monetary reward for its effect. The Ride Share scheme does not have a central constitution or enforcement mechanisms, but it is evident from the interviews that participants orient to a strong set of community norms and standards of behaviour, indicating a strong polycentric aspect to its regulation. Safety has been identified as of key importance to Ride Share, and providing for appropriate social regulation to prevent people coming to harm is an important factor to enable a Ride Share CAS to gain acceptance beyond single institutional contexts.



A broader principle building upon the above point is to understand, build upon and build out from existing community norms and regulatory mechanisms.



When CAS are designed to transform how shared resources are managed over existing practices, perhaps by connecting community members in new ways, then one also has to think through what new sorts of regulation might be required in these transformed circumstances. In the Care House scenario described in Appendix I, potential of CAS to transform accountability regimes, and the danger of losing a qualitative notion of compassion when care tasks are quantified, calls for specific regulatory mechanisms to safe-guard certain core values.



Fashioning an appropriate balance between regimes is important, as each approach contributes important attributes in a mosaic-like way to the overall system of governance. Thus, a builder of a CAS might ask himself which parts of the regulation need to be freer and community directed, and which need to be more rigid and embedded, and which need to be driven by incentives. Failing to think through provision in a particular area could lead to inequity. For instance, a lack of explicit and appropriate structure for political expression could lead to increasing marginalisation of already vulnerable groups.

Assuming the Collective Adaptive System doesn't emerge 'spontaneously' as an effect of integrating existing infrastructures and regulatory functions.

Page 32 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1



Governance mechanisms themselves are attached to particular values. They can be more or less democratic or participatory in their implementation, for example. Polycentric governance in particular has an important link to autonomy. In writing about digitally augmented mobilities, Büscher et al (2011) propose that people are "served humanely" when representations of the sensed network are used as a resource for "improvised situated action" rather than centralised control. Thus, a system that minimises polycentrism and drives embedded and motivational governance risks being overly controlling and oppressive.



At the point of emergence a CAS might carry a lot of intentional design. Once in operation, however, provision should be made for adaptive governance processes to take over the ongoing redesign of the system. This can be kick-started by making the initial design rounds very much like the adaptive governance cycle, with investigations into the prospective domain, participatory policy formation and trial implementation.



Governance design should be proportionate to the scale of the system envisaged and the types of communities implicated. Governance of a nationwide traffic network is immensely complicated and intricate, and has evolved to its current form over the entire history of road use. While it serves as a motivating example for this discussion, one should maintain a sense of proportion when bringing the ideas to any real world example.



As the scale of a CAS changes, it is likely that governance mechanism may become strained and new patterns of governance will be needed to succeed them. For example, issues that can be handled informally between a pair of collaborating colleagues might need a more formal project management structure to be properly managed within an international research team. An example is how within Wikipedia, governance patterns have changed with changing scale and learning within the wikipedia community (Forte et al, 2009).

3.4.4 Guidance for governance design This section considers the sort of design procedure one would follow to realise governance mechanisms with the characteristics outlined above. Treating the design of HDA-CAS as if it were a problem in governance design has the helpful property that social values become first class objects for design, as opposed to being 'relegated' to informing categories of non-functional requirements which might be addressed late in the day and/or incompletely. That is to say if one wishes to engineer patterns of social behaviour, then one has to understand and work with sociality. Another way to put this is that if we accept that the speed bump's symbolism is in fact part of its regulatory effect, thinking about how to convey values to influence social orders also becomes an important aspect of design (e.g. Shah and Kesan, 2007). On this basis, we suggest the following steps for design of HDA-CAS: 1) Characterising the domain in terms of how it functions as a social system - the sort of collective that it corresponds to, the important sub-collectives of which it is composed, how the collective regulates itself, understanding what its core values are and the range of diverse values present. There are a number of tools that can help surface social values in a concerted way. Perhaps the most prominent of these are Value-Sensitive Design and Reflective Design approaches (Freidman et al, 2002; Sengers et al, 2005) that depend upon social science modes of enquiry and 'disruptive' design practices to probe existing values. An important research issue is to develop these tools to address dimensions of collectivity since current versions focus more on the values of implicated individual stakeholders rather than of communities. A disclosive computer ethics approaches can also be used to surface social values that become silently embedded in computer systems. (Brey, 2000). 'Anticipatory Governance' too has an important role to play in helping us see the consequences of alternate design choices by generating insights into possible futures. The Care House scenario in appendix I shows how the altering the balance between different governance regimes can have a significant effect on the overall properties of the system, and illustrates entry points for translating an knowledge of social values into governance design.

Page 33 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

2) Bringing together diverse forms of information, expertise and interests, including: the 'native' domain expertise of CAS participants, sensor and other quantitative data from existing sources, technical expertise, social science expertise and psychosocial understandings22 of how human practices are influenced by persuasion and incentives. This reflects the 'enquiry' phase of an adaptive governance cycle and implies strong participatory approaches. It also resonates with RRI maxims of socially embedded and socially responsive innovation (Owen et al, 2012). Participatory design approaches can work at scale (e.g. Neuhauser et al, 2009), and it makes sense to implement these by using the SmartSociety platform to engage collectives in design-oriented tasks. Finding ways to balance the influence of designers and different constituencies of native participants will provide clues as to the sorts of political governance mechanisms required. 3) Designing for governance. Drawing on prior steps, the aim would be to identify key regulatory objectives and implement these through a balance of governance mechanisms. These would aim to produce the desired sorts of social organisation and to regulate system as a whole to behave in ways that are acceptable to the participating collectives. Working out how to translate from information about a domain (from prior steps) into operational governance regimes presents a real challenge to innovate design approaches that can help deliver Smart Society applications. Some starting points include: using our understanding of governance approaches as outlined above as a way of structuring the design challenges (e.g. as a 'checklist' of issues that need to be covered); developing a toolkit of governance structures, such as discussion fora, voting mechanisms, chat channels, incentive mechanism, transparency arrangements, constitutional statements etc (see table1) that can be composed into a working application; providing mechanisms that set limits or boundaries on the platform that constrain CAS behaviour along particular dimensions to anticipate and contain certain sorts of unwanted adaptation 3.5 Social Values â&#x20AC;&#x201C; concluding remarks Drawing both upon empirical work and conceptual analysis the work of WP1 has made significant inroads towards understanding the sorts of ethical dilemmas that HDA-CAS may pose. It has also made important advances towards a framework for ethical governance of a SmartSociety that takes on the central challenge of an evolving CAS that will continuously find new ways to interact with social values. Thus we have shown the importance of both embedded as well as emergent ethical concerns so as to ground the design of a CAS in existing community values, but then to create flexible governance structures that anticipate new ethical issues thrown up by changes within the CAS and to the CASs environment. We return to topic of governing CAS below. Significant progress has been made too for understanding the privacy issues raised by HDA-CAS and thier implementation within SmartSociety deriving from a series of cross-WP collaborations. Privacy is revealed as a very important cross cutting concern for SmartSociety and the importance of solutions that enhance the privacy of participants cannot be underestimated. At the same time, many CAS properties challenge the current state of the art in privacy research, for instance, capitalising on emergent behaviour is at odds with the privacy principle of not using data beyond the purposes for which it was originally collected. Resolving these tensions will be an important aim of privacy research in SmartSociety going forward. While some technologies underpinning HDA-CAS, such as peer profiling, pose privacy risks, its operating principles and characteristics of provenance and compositionality could on the other hand also utilized to promote privacy principles of transparency and data minimisation/anonymity provided that the respective technical functions for providing provenance and compositionality are designed in a privacy-preserving manner. In SmartSocity, we will follow a Privacy by Design approach for taking care that privacy is considered from the beginning and integrated into the system design. Our approach to the ethical governance of CAS has been to consider the relationship between CAS and social regulation more generally. Our exposition of several intersecting governance regimes present in the regulation of road networks demonstrate simultaneously aspects of self-organisation, motivational regulation, policing and adaptation that correspond closely with features promised for CAS. Our approach 22

For instance, the literature underpinning the work in WP5 on incentives.

Page 34 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

has been to frame CAS design as consonant with governance design, and to show how the initial design of balanced governance regimes can be informed by the important social values present in particular context. The worked example of a CAS presented in appendix I (Care House scenario) aims to provide a clear and succinct illustration of this approach based upon empirical data. One promise made in the DOW was to work towards a reusable evaluation framework that ensures the CAS we develop are value sensitive and socially embedded. This is ongoing work, but based on the on the governance design principles outlined for HDA-CAS outlined in section 4.2, we would recommend the following 'checklist' that should be undertaken as part of requirements capture and design: a. Is a process in place uncovering of stakeholders' values in a given application domain (e.g. via 'reflective design' or other values-sensitive approaches)? b. Has an 'anticipatory governance' exercise been undertaken to uncover alternate possible futures as a way of understanding ethical tradeoffs and used as a creative resource for design? c. Have appropriate stages of governance design been undertaken based upon a. and b. above? (This would ensure that appropriate governance is in place, including embedded, motivational, polycentric, adaptive governance etc and attention to political processes, commensurate with the scale of the system envisaged and the scope of its impacts). Because CAS are complex system likely to exhibit emergent behaviour and become entangled in new sorts of ethical concern, then the above three steps should be viewed as a cyclic process that continues ad-infinitum so long as the CAS continues to operate. Thus a fourth 'checklist item' is: d. Has provision been made to support multiple rounds of values identification, anticipatory governance and ongoing governance redesign? 3.6 Social Values – next steps Going forward the work on social values within SmartSociety aims to:    



further elaborate and deepen our understanding of the relationship between governance and CAS design and to partner with other WPs to experiment with alternate governance mechanisms; extend and validate the evaluation framework outlined above; continue to add to the corpus of interview data and deepen its analysis to provide a resource that all project partners can draw upon to engender a sensitivity across the project to issues raised by social values; continue to work with project partners to help them augment technical work with insights into social values. This may take the form of helping to design and undertake empirical work as we have already done with WP5, or it might be to take existing empirical findings and translate them to be easily appropriable by technical partners within the project; continue to create productive partnerships across the project to explore how privacy can be embedded within technical work packages and to work towards privacy-by-design for CAS.

Page 35 of (133)

Deliverable D1.1

4. Formal data models Along with new computational concepts and paradigms, such as Diversity and Hybridity, come challenges for how these phenomena are modelled in a formal way in order to build a firm foundation of software engineering principles for SmartSociety. Here there are a series of ongoing research challenges about how to formally represent Diversity and Hybridity within a SmartSociety implementation. The aim is to provide: a) a data model (supporting Diversity), stipulating the way in which data is represented and communicated between agents; b) a programming framework (supporting Hybridity), enabling social computations. 4.1 The need for a formal data model Figure 3 shows an example of a distributed HDA-CAS where computational units act as peers interacting between each other. Each of them offers or consumes services and may exchange data with the others. Each peer may independently store data in some kind of data store (e.g. databases) where relevant real world objects are locally described. Peers sharing similar characteristics form collectives. Each peer may belong to different collectives at the same time.

Unit Collective Data store Human agent A

Software agent C Collective agent

Figure 3 – Hybrid and diversity-aware CAS The fact that the CAS is hybrid means that each computational unit can be operated by a human agent, a software agent or a more complex, possibly hybrid, collective agent (for instance representing an organization or an augmented human). The latter triggers important issues about how to combine the capabilities of different agents within a collective or among collectives (compositionality addressed in WP6) and how to combine human and sensor data (the semantic gap addressed in WP3). The fact that the CAS is diversity-aware means that the system is aware that: 



Different agents may describe different real world objects. This relates to partiality of knowledge, i.e. the fact that each agent has a partial view of the world and therefore describes only a subset of the possible objects. This reflects their diversity in local goals, culture, language and viewpoints. The same real world object may be described in different ways by different agents. This may be due to diversity in language (e.g. somebody describes a restaurant in English and somebody else in Italian), in knowledge (e.g. somebody knows the restaurant as being a Chinese restaurant located in Paris, and somebody else as an ethnic restaurant located in France), and in opinions or viewpoints (e.g. somebody may consider the restaurant to be a good one, somebody else to be very bad). Among other things, this may cause misunderstanding (when despite they are diverse they are consistent) or conflicts (when they are inconsistent). Agents may describe other agents. Agents can be described by other agents as part of what they known. Therefore, different, possibly conflicting, profiles of the same agent can simultaneously be present in a CAS.

Page 36 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Therefore the system is able to codify agents’ profiles and what agents individually know about relevant real world objects and other agents in the CAS. For example, agent A may know that Trento is a location in Italy, while agent B may know that Trento is a city in Trentino at an average altitude of 194 m. Here there is clearly an issue of how to establish an effective communication between A and B, which presupposes them to reach an agreement about the fact that they are referring to the same Trento (misunderstanding). If and when an agreement is reached, there will be a shift from local to shared semantics. As a matter of fact, whenever there is a need for two parties to effectively communicate we have to face the semantic heterogeneity problem, namely the difficulty of establishing a certain level of connectivity between people, software agents or IT systems (Uschold and Gruninger, 2004) at the purpose of enabling each of the parties to appropriately understand the exchanged information (Pollock, 2002). Early connectivity has focused on physical (e.g. ODBC data gateways and software adapters) and syntactic (e.g. the institution of a common format or of a common vocabulary of terms) layers only. This rigidity and lack of explicit meaning causes very high maintenance costs (up to 95% of the overall ownership costs) as well as integration failure (up to 88% of the projects) (Pollock, 2002). Standard vocabularies, by fixing the terminology to be used in a broad area, mitigate the problem but they are difficult to develop and maintain. In fact, they imply accomplishing a very high level of agreement between the parties. Ultimately, these solutions aim at integration, i.e. at a very tight and rigid connection between the parties. An alternative solution, that is at the basis of the Semantic Web vision [0] (Berners-Lee et al, 2001), is represented by the establishment of some form of semantic interoperability between the parties, i.e. the possibility to exchange information by reaching a certain degree of agreement about the content meaning, still maintaining local autonomy in the maintained data, in the way the terminology is used and in the way the computation is performed locally. In turn, by not hard coding all knowledge in proprietary code and scripts, interoperability solutions allow reducing operational and maintenance costs. Typically, such solutions rely on the usage of a common vocabulary or ontology codifying what is shared in terms of terminology and knowledge (semantic mediation) and mechanisms by which an agreement is reached by mapping similar data elements maintained by the two parties (semantic mapping). The mapping has contextual validity, i.e. it has to be used by taking into account the conditions and the purposes for which it was generated (context sensitivity). For instance, in order to determine that agents A and B are talking about the same Trento, they need: (a) a common ontology specifying that city and location are two geographical classes where city is more specific than location, that altitude is an attribute specifying the elevation in meters above the sea level, and that Trentino is a region in Italy; (b) some mechanisms to align the two descriptions of Trento such that they are mapped as denoting the same entity. In SmartSociety, we adopt semantic interoperability solutions with a focus on the first aspect, i.e. the way in which a common ontology should be developed and maintained in order to effectively support agent-to-agent communication. In the rest of the section, we explain the advantages of using diversity-aware knowledge bases to store and support access to data (in contrast to traditional solutions such as databases) and how they are extended with what we call schematic knowledge. 4.2 Diversity-aware knowledge bases Several systems and tools have been developed for an effective storage, access and exchange of data. Among them, two prominent technologies include: 

Databases: they store and support access to data with the usage of appropriate data structures; for instance, in relational databases data is stored in relational tables described and organized according to the entity-relationship model (Codd, 2001). Indexes are typically employed to guarantee an effective access to data. A database management system (DBMS) is a software system designed to allow the definition, creation, querying, update and administration of databases.

Page 37 of (133)



Deliverable D1.1

Knowledge bases: they are data repositories consisting of an ontological part providing the domain terminology and the semantic relations between the terms, called the TBox (intensional knowledge about a domain), which are used to formally describe the actual content in terms of facts about individual entities, called the ABox (extensional knowledge about the individuals of a domain). Data contained in knowledge bases have an explicit semantics, which enables powerful reasoning facilities able to infer logical consequences from the defined facts.

Relational databases represent the most widespread kind of database (Codd, 2001), and are currently the predominant choice for application development because of their efﬁciency and ﬂexibility (Martinez-Cruz et al, 2012). Yet, with the advent of the Semantic Web, semantic content (data with attached meaning) is becoming increasingly important, and databases do not represent an effective solution for such data. In fact, semantic content is highly expressive and heterogeneous, while databases have rigid schemas and constraints, thus limiting interoperability and representational power. The advent of knowledge bases, together with the development of Web languages of different expressiveness, such as RDF and OWL, allows semantically-enriched data to be represented, shared, exchanged or integrated from different sources, thus enabling applications to reuse data in different contexts. For instance, while a database can only specify that Trento is a city (by defining a relational table city and by creating a tuple providing the attributes of Trento), a knowledge base can provide explicit meaning such as a definition for city (“a large and densely populated urban area”) and that city is more specific than location. This allows more powerful queries to be formulated. For instance, while with a database we can search for cities with a certain altitude, with a knowledge base we can get them even if we search for locations. In fact, because of transitivity, the fact that Trento is a location can be inferred from the fact that city is a kind of location. The more expressive is the language employed the more complex can be the facts stored and the more powerful the reasoning. However, the more expressive is the language the less efficient turns out to be the reasoning computationally. In fact, while databases proved their effectiveness and scalability, knowledge bases technology still suffers for inefficiency when the size of data increases significantly and when highly expressive languages (like OWL) are used. For this reason, several applications tend to use the two technologies in combination (Martinez-Cruz et al, 2012). A diversity-aware knowledge base is a knowledge base which goes beyond the standard distinction into just a TBox and ABox. In fact, in order to scale and to capture the diversity of the world, a diversity-aware knowledge base is partitioned into domains (e.g. geography, music, sport) which are provided along three different levels (Giunchiglia et al, 2012): 

Natural language level: it provides the domain specific-terminology in form of natural language vocabularies. Each vocabulary is constituted by a set of words, where words with same meaning are grouped together into sets of synonyms and given a natural language gloss. This level can be instantiated in multiple languages (e.g., in English and Italian) and ensures a high flexibility in the way data can be described and communicated. This is in contrast with current standards where typically only one term is imposed to denote a certain concept [0] (Dutta et al, 2009). This level clearly addresses diversity in language.



Formal language level: it codifies the terminology of the domain in a language-independent fashion. Each group of synonyms in one vocabulary corresponds to a unique notion which is represented at this level as a language-independent concept with a precise meaning and role in (logical) semantics. The same concept may correspond to different lexicalizations in different languages. Following the DERA approach [0] (Giunchiglia et al, 2013), concepts are categorized into entity classes (E), relations (R) and attributes (A). Within each category, concepts and semantic relations between them form hierarchies called facets (Giunchiglia et al, 2009), each of them codifying a different aspect of the domain. In such hierarchies, semantic relations may include is-a, part-of and value-of. This level allows to abstracting the meaning from the way it is expressed in a certain natural language. In this way, reasoning can be performed independently from any language.

Page 38 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 

Knowledge level: it codifies what is known about individual entities (e.g. Danube) in terms of classes (e.g. Danube is an instance of stream), attributes (e.g. Danube is long in length), and relations between them (e.g. Danube is part of Europe). The terms used to describe entities are taken from the formal language level in order to be language-independent (with the exception of arbitrarily long natural language descriptions that may be provided). This level addresses diversity in knowledge and can accommodate for diversity in viewpoints when multiple descriptions of the same real world object are allowed to co-exist.

Figure 4 provides an example of diversity-aware knowledge base with content relevant for the geography domain where the natural language level is instantiated in English.

NATURAL LANGUAGE vocabularies in multiple languages

FORMAL LANGUAGE language independent ontological terminology KNOWLEDGE instantiation of the ontological level

stream

watercourse

body of water The part of the earth's surface covered with water

A natural body of running water flowing on or under the earth

is-a

#123

#345

instance-of Danube

Figure 4 – The structure of a diversity-aware knowledge base with a small example of content In the example, the concept of “a natural body of running water flowing on or under the earth” can be expressed at natural language level in English with either the term stream or watercourse (they are synonyms), while the concept of “the part of the earth's surface covered with water” is expressed with the term body of water. At formal language level, it codifies that they correspond to two different notions, where the first is more specific than the other (i.e. a stream is a kind of body of water). At knowledge level, it codifies that the entity Danube is an instance of stream. Among other things, the fact that the natural language level can be extended by adding new languages allows to express what we know in the new language without any change at formal and knowledge level. For instance, by adding the information that concept #123 is lexicalized as fiume in Italian allows to state that Adige is a fiume. 4.3 Extending diversity-aware knowledge bases with schematic knowledge By employing diversity-aware knowledge bases we are able to capture the diversity of the world by means of effective ways to represent, use and communicate data, knowledge and agent profiles, still accommodating for the presence of different, possibly conflicting, viewpoints. In order for this to be fully supported, we need to go beyond the configuration of diversity-aware knowledge bases as they are described in Guinchiglia et al, (2012), in particular by extending the formal language level in order to impose a more complex structure to knowledge. The novelty is represented by the introduction of what we call schematic knowledge, namely a semantic schema (in opposition to syntactic schemas which are typical of databases) providing constraints - in form of templates - on the attributes and relations that entities of specific kinds (e.g. locations, organizations, persons, events) can instantiate and the language that can be used to express them. In line with the ideas of semantic interoperability promoted by the Semantic Web, a semantic schema imposes a certain level of standardization, still giving the users the flexibility to define their own metadata and use different natural language terms to denote the same concept. Semantic schemas are grounded on the following fundamental notions: 

Entity: a (digital) description of any real world physical or abstract object so important to be denoted with a name. A single person, a place or an organization are all examples of entities. For instance, the stream Danube.

Page 39 of (133)

 



Deliverable D1.1

Concept: a formal notion at formal language level denoting an element of a DERA domain. They include entity classes, relations, attribute names and attribute values. Concepts constitute the language that can be used to describe entities. Attribute: any data property of an entity. Each attribute has a name and one or more values taken from a range of possible values. We distinguish between quantitative and qualitative values. Quantitative values are expressed numerically (e.g. the length of a river can be expressed quantitatively in meters), while qualitative values correspond to concepts (e.g. length may be long or short). Relation: any object property used to connect two entities. Typical examples of relations include part-of (e.g. Trento is part of Italy), friend-of (e.g. Enzo is friend of Mark) and affiliated-to (e.g. Mark is affiliated to the University of Oxford). Relations take their values from the instances of a certain class. For instance, part-of can be defined between places, while affiliated-to between a person and an organization.

Semantic schemas are then defined and imposed over a diversity-aware knowledge base as follows:  



Semantic schema: A semantic schema S = <{ET}> is a non-empty set of entity types. Entity type: an entity type provides a template for the creation of entities by establishing a set of constraints about the metadata (attributes and relations) that entities of that type can instantiate. It is defined as a tuple ET = <ID, EC, {PT}, {AD}, {RD} > where: o ID is a numeric unique identifier o EC is a concept taken from the entity classes (E) in a given domain from the formal language denoting the name of the entity type o {PT} is a (possibly empty) set of concepts denoting parent entity types; it indicates that ET inherits the attribute definitions and relation definitions of the parent etypes in {ET}; o {AD} is a non-empty set of attribute definitions o {AR} is a non-empty set of relation definitions Attribute definition: an attribute definition imposes an explicit constraint about the name and the quantitative or qualitative values of a certain attribute that can be associated to an entity. An attribute definition is a tuple AD = <ID, AN, DT> where: o ID is a numeric unique identifier o AN is a concept taken from the attributes (A) in a given domain from the formal language denoting the attribute name o DT is a data type among a set of system defined ones (e.g. integer, float, date); the data type is set to concept for qualitative values Relation definition: similarly to attributes, a relation definition imposes an explicit constraint about the name and the values of a certain relation that can be associated to an entity. A relation definition is a tuple RD = <ID, RN, {ET}> where: o ID is a numeric unique identifier o RN is a concept taken from the relations (R) in a given domain from the formal language denoting the relation name o {ET} is a set of entity types denoting the type of the entities which can be target of the relation

The actual content of a diversity-aware knowledge base is constituted by knowledge that instantiates a given semantic schema. We define it as follows:  

Knowledge: the knowledge over a certain semantic schema S is denoted as K(S) = <{E}> and corresponds to a set (possibly empty) of entities consistent with the constraints imposed by S. Entity: an entity is a tuple E = <ID, ET, {A}, {R}> where: o ID is a numeric unique identifier o ET is the entity type of the entity taken from the semantic schema o {A} is a non-empty set of attributes, such that the corresponding attribute definition AD is included in ET or it is inherited from any parent entity type o {R} is a non-empty set of relations, such that the corresponding relation definition RD is included in ET or it is inherited from any parent entity type

Page 40 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 



Attribute: an attribute is a tuple A = <ID, AD, {AV}> where: o ID is a numeric unique identifier o AD is an attribute definition o {AV} is a set of attribute values Attribute value: an attribute value is a tuple AV = <V, {VAL}, P> where: o V can be either a quantitative or qualitative value; it has to be defined in accordance to the data type DT of AD of the corresponding attribute; o {VAL} is a possibly empty set of validity time intervals of the form [t1, t2] specifying the period(s) of time of validity of the attribute value o P is provenance information whose data structures will be defined as part of the work to be done in WP2 Relation: a relation is a tuple A = <ID, RD, {RV}> where: o ID is a numeric unique identifier o RD is a relation definition o {RV} is a set of relation values Relation value: a relation value is a tuple RV = <EID, {VAL}, P> where: o EID is the ID of an entity of one of the entity types ET specified in the relation definition RD of the corresponding relation o {VAL} is a possibly empty set of validity time intervals, like in attribute values o P is provenance information, like in attribute values

THE SEMANTIC SCHEMA Entity name: class: description: start: end:

string concept string date date

Location EXTENDS Entity

Stream EXTENDS Location

latitude: longitude: altitude: part-of:

length: {long, short}

float float float Location

THE KNOWLEDGE Danube INSTANCE-OF Stream

Europe INSTANCE-OF Location

name: class: description: latitude: longitude: altitude: part-of: length:

name: class: description:

Danube river a river in Central Europe 45.21 29.76 1,078 m Europe long

Europe continent one of the 7 continents

Figure 5 – An example of semantic schema and corresponding knowledge Figure 5 provides an example of schematic knowledge and corresponding knowledge associated to a diversity-aware knowledge base. In the example three different entity types are defined where Entity is the parent of Location that in turn is the parent of Stream. Overall they define nine attributes and one relation. Among the attributes, class is a special attribute codifying the instance-of relation that is used to specify the class of the entity. It is a qualitative attribute and corresponds to a concept that must be more specific than the concept of the entity type. Altitude is an example of attribute defined quantitatively. Length is an example of attribute defined qualitatively with two possible values: long and short. The knowledge is © SmartSociety Consortium 2013 - 2017

Page 41 of (133)

Deliverable D1.1

constituted by two entities, where Danube is a river and Europe is a continent with respective attributes and corresponding values. Diversity-aware knowledge bases, extended with schematic knowledge, can be effectively employed in CAS to represent and communicate data, knowledge, agent profiles in a distributed environment. In fact: 



Different agents may describe different real world objects. This is supported by allowing each peer to maintain its own local knowledge base encoding what the peer knows. As part of the work in WP4 peer profiles, what peers know and the resources they can employ will be described in terms of entity types (the schema) and corresponding entities (the instantiation of the schema). The same real world object may be described in different ways by different agents. This is supported by allowing different, possibly conflicting, entity descriptions - with different attributes, relations and values eventually expressed with different terms or in different languages - of the same real world object to co-exist in different knowledge bases or even within the same knowledge base. This allows accommodating for different opinions and viewpoints. Agents may describe other agents. This is supported by allowing each peer to store in its own knowledge base any profile about any other peer in the CAS. This can be seen as a combination of the two points above where a peer is a real world object.

4.4 Modelling Hybridity 4.4.1 Introduction As mentioned in Section 2.6 (Hybridity for CAS), a hybrid compute unit (HCU) includes software-based, human-based and things-based services as a collective that can be provisioned, deployed and utilized ondemand based on different quality, pricing and incentive models. To model a hybrid compute unit, two fundamental concepts are considered: 



Service concepts: the concept of service units allow us to model functions offering by any kind of computing units in a dynamic and well-defined way (Dustdar and Truong, 2012). Services can offer well defined interfaces for other to access their functions and non-functional properties as well as to allow different economic and provisioning models, e.g., as in service-oriented and cloud computing cloud environments. The service model allows to abstract physical entities (e.g., humans and machines) and focuses on the provisioning of functions they offer. Service relationships: they allow us to capture dynamic relationships among different types of services w.r.t. functional and non-functional aspects. They can be used to describe how we can combine, replace, and interchange different computing units to establish the right architecture and coordination/communication models for hybrid compute units.

4.4.2 Fundamental elements modelling hybridity As the hybrid compute unit is constructed from fundamental human-based and software-based service units, in this conceptual model, we focus on describing basic elements constituting the hybrid compute unit. Figure 6 depicts fundamental elements used to model hybridity of CAS. Most of these elements are firstly described in detail in (Truong et al, 2013); they are revised and extended in this document. In our model, a function offered by a computing unit is provided via the concept of ServiceUnit (Dustdar and Truong, 2012).

Page 42 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Figure 6: Fundamental conceptual elements modeling hybridity

This enables the inclusion of Internet-scale of diverse types of computing units provisioned on demand based on different costs, benefits and quality into hybrid compute units. The diversity of computing units reflects via three fundamental types of ServiceUnit: Software-based Services (SBS) representing services offering functions performed by machines/software, Human-based Services (HBS) representing services offering functions performed by humans, and Thing-based Service (TBS) representing service offering by things. We further divide HBS into ICU (Individual Compute Unit – representing a service offered by an individual) and SCU (Social Compute Unit – representing a service offered by a team of people). HBS, SBS and TBS units can potentially support elasticity in terms of offering different function (representing the Function element), cost (the Cost element), benefits (the Benefit element) and quality (the Quality Element) (Truong, Dustdar, and Bhattacharya, 2013). For example, a SBS for data analytics can increase its cost when being asked to provide higher analysis accuracy or a SCU can reduce its size and the cost when being asked to reduce the quality of the result. To support programming elasticity capabilities, we model elasticity capability (ElasticityCapability) and associate it with Unit. A SBS is further divided into different forms offered in cloud computing models, such as IaaS (e.g., Amazon EC), DaaS (e.g., Microsoft Azure Data Marketplace), PaaS (e.g., Google App Engine) or SaaS (e.g., Salesforce.com). For HBS, their computing capability is specified in terms of human skills and skill levels. Therefore, in our model a HBS unit has a set of Skills, each of which is associated with a skill level. Skills associated with a HBS are defined consistently within a particular service provisioning platform (using evaluation techniques, benchmarking, or mapping skills from different sources into a common view for the whole platform) for a particular domain. Therefore, we associate each HBS with a Human Power Unit (HPU) ) (Truong, Dustdar, and Bhattacharya, 2013), a value defined by the HBS provisioning platform to describe the computing power of the HBS based on its skills and skill levels, which are always associated with specific Archetypes indicating the domain in which the skills are established. A HCU is a collective, hybrid service-based units among which there exist different types of relationships, covering human-specific, software-specific, as well as human-software specific ones. A HCU, as a collective unit, can be elastic based on principles of multi-dimensional elasticity (Dustdar et al, 2011). It can be expanded and reduced based on specific conditions.

Page 43 of (133)

Deliverable D1.1

Relationship Type Similarity

HBS

SBS

TBS

HCU Description

Yes

Composition

Yes

Data Dependency

Yes

Control Dependency Location Dependency Forwarding

Yes

The locations of two service units are dependent, e.g., collocated in the same data center or country

Yes

Delegation

Yes

Social Relation

Yes

Elasticity

Yes

This is a form of brokering/outsourcing in which a task is forwarded form one service to another. This is a form of brokering/outsourcing in which a service delegates a task to another service. This relationship describes different types of social relations (e.g. family or Linkedin connection) between two services This relationship describes how a service unit is formed by elasticizing another service unit, e.g. via resizing, replacing or (de)composing elements of the later to offer similar functions but different cost, benefit and quality at runtime.

This traditional type of relationship indicates how similar a service is to another. In principle, similarity can be measured in terms of functions, non-functional parameters and social contexts. This well-known type of service relationships indicates that a service is composed of several other services. A service depends on another service if the former requires the latter for providing a certain data for one of its functions. A service depends on another service if the outcome of latter determines whether former should be executed or not.

Table 2: Main relationships within HCU 4.4.3

Representing HCU with formal semantic schemas

Utilizing fundamental elements in HCU, we can program CAS based on the formal model of CAS. By programming, we mean the way to establish and instantiate CAS. “Unit” in the CAS model (Figure 3, Section 4.1 “The need for a formal model”) will be mapped to ServiceUnit. The type of agents, e.g., software agent, human agent and collective agent, will be mapped to the type of the ServiceUnit, e.g., HBS, SBS and HCU, respectively. The “Store” can be considered as an SBS that can be used by other types of services. Semantic schema notations can naturally be used to represent HCU. Essentially the notation “Entity” can be used to represent all fundamental elements in HCU – describing different types of ServiceUnit, Relationship, Function, Cost, Benefit and Quality. The “Attribute” notation is used to describe properties of HCU entities, while the Relation notation is used to describe the association among entity properties and the entities. 4.4.4 Towards Granularity Design, Forming and Instantiation HCU The above-mentioned concepts modeling the hybridity perspective of CAS only present a high-level view of how a CAS is structured. Therefore, for detailed design, programming, management and execution of hybrid compute units, we need to address several other issues to capture enough information about detailed structures and how HCUs work, covering both static and dynamic information for programming, execution and management of HCUs. We outline here some main points, which should be addressed in appropriate workpackages:    

Profile of units: the detail of description of service units for at design and runtime, such as functions, costs, pricing models, skills, reputation, etc. should be addressed in WP2 and WP4 Relationships and interactions among diverse types of units should be addressed by WP3 Possible formation, composability and coordination of elements in HCUs should be addressed in WP6 Concrete programming language constructs to support the description of these units and relationships should be addressed in WP7

Page 44 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 

Runtime privacy, incentive, provenance monitoring, evaluation and enforcement should be addressed in WP2, WP5 and WP8

4.5 Formal Models – concluding remarks In this report, we have stressed that in a CAS, like in any multi-agent system, the ability to cope with diversity in language, knowledge, opinions and viewpoints is fundamental for an effective communication and coordination. This has to be supported both locally, when terms used and entities described are meaningful at the level of a single agent, and socially, when the meaning of terms used and entities described are agreed and shared by two or more agents. In SmartSociety we have proposed to support this by developing a formal data model based on diversity-aware knowledge bases (i.e. knowledge bases centered on the notion of entity and with a clear split between formal language, natural language and knowledge levels), extended with the ability to define semantic schemas that provide constraints on the attributes and relations that entities of specific kinds (e.g. locations, organizations, persons, events) can instantiate and the terminology that can be used to express them. They are more than database schemas as, among other things, they also provide the meaning of the terms used, and therefore play a fundamental role in interoperability. In particular, diversity-aware knowledge bases allow agents to provide different partial, possibly overlapping or conflicting, views of the world by describing the entities which are relevant for them, eventually by using different terminology and languages (e.g. English and Italian). This includes the possibility for agents to store and communicate information about other agents as part of the world they describe. While the formal data model describes agents’ knowledge of the world, the hybridity model provides an abstraction of composable human and machine computational ‘units’ that provide SmartSociety with a hybrid computational capability. The approach aims to hide implementation details and provide a clean interface for programmers to draw upon human and machine capabilities in ways that allow requirements such as cost, scale and quality to be paramerised. 4.6 Formal Models - next steps With the first year of activity in WP1 we mainly concentrated on individual contributions. At it is foreseen by the methodology described in the DOW, during the first 30 months of the project (the first cycle) it will be important to make sure that all the contributions are aligned and operate in synergy towards a first initial solution. This will require addressing the following issues: 1. How social values permeate the formal data model: to understand if and how the ethical governance of a CAS affects or it is required to be supported by the formal data model. 2. How privacy principles permeate the formal data model: privacy starts to become an issue when the data model is used to profile people (while it is not an issue when other entities are described). The issue of the integration of privacy-enhancing technologies with the model will be addressed in WP4. 3. Aligning the data model developed in WP1 with the provenance data model in WP2: currently, the model provided in WP2 to represent and deal with provenance is independent from the data model provided in WP1 designed to deal with diversity. Next year WP1 will investigate if and how the latter can be represented and embedded into the former, thus having one unified data model for both. 4. How to employ the formal data model in the hybrid programming framework: with the formal start of the activities in WP7, it will be fundamental to understand how the formal data model can be integrated into the programming framework. 5. Understanding the role of the formal data model in compositionality: so far, diversity has been studied form the point of view of the role played in describing a single agent of what a single agent knows; on the other hand, compositionality is the property of a model to derive the meaning of composite structures based on the meanings of their constituents where the composite structures are more (or less) than the sum of the parts. This may potentially go far ahead the classical paradigms of logics where complex structures are built from the logical AND/OR of the atomic constituents. An important point to address in WP1 and WP4, in collaboration with WP6, will be to understand the relationship(s) occurring between the profile of a collective and the profile of the constituent agents in the static data model. © SmartSociety Consortium 2013 - 2017

Page 45 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

6. Designing a formal data model for a specific problem: For each specific problem, a different formal data model, based on the general SmartSociety diversity-aware formal model, will have to be designed. In order to be more systematic and efficient in the design process, we foresee an important activity as next steps (to be addressed at a crossroad between WP1 and WP4), that is the development of a core data model to be reused, extended and adapted according to the specific needs of each scenario. We also need a design methodology to identify a suitable and effective data model for a certain scenario. 7. The hybrid programming framework will be extended to include other possible fine-grained fundamental service units of hybrid computation for modelling and programming. The properties of service units will be further elaborated to explore how relationships between humans and computers within CAS can be studied and modelled as hybrid compute units. An important future step is a close collaboration with the programming workpackage (WP7) to support the design of these units and relationships in programming constructs and to revise the hybridity model based on experiences obtained from programming experiments for realistic scenarios.

Page 46 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

5. References Beck, U. Risk Society: Towards a New Modernity. NY: SAGE, 1992. Bowker, G. C., and Star, S. L. Sorting Things Out: Classification and Its Consequences. Boston: MIT Press, 1999. Baker, L. (2009) Removing Roads and Traffic Lights Speeds Urban Travel. Scientific American. Online: http://www.scientificamerican.com/article.cfm?id=removing-roads-and-traffic-lights Benkler Y (2003) Coase’s Penguin, or, Linux and The Nature of the Firm. The Yale Law Journal. 112 Berners-Lee, T., Hendler, J., Lassila, O. (2001). The Semantic Web. Scientific America, 34-43. Brey, P. (2000). 'Disclosive Computer Ethics: The Exposure and Evaluation of Embedded Normativity in Computer Technology,' Computers and Society, 30(4): 10-16. Brown, L. (2000). Collective intelligence. In S. Baron, J. Field & T Schuller. Social Capital: Critical Perspectives. New York: Oxford University Press. Büscher, M., Coulton, P., Efstratiou, C., Gellersen, H., Hemment, D. (2011) Connected,Computed, Collective: Smart Mobilities. In Grieco, M. and Urry, J. Mobilities: New Perspectives on Transport and Society. Burlington: Ashgate, pp. 135-158. Cavoukian, A. Privacy by Design. Information and Privacy Commissioner of Ontario. [Online] 2009. Available at: http://www.privacybydesign.ca/index.php/paper/privacy-by-design/ Claramunt, C., Levashkin, S., and Bertolotto, M. (Eds.), GEOS conference, Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, 6631, pp 133–150. Clarke, R. (2009) Privacy impact assessment: Its origins and development. Computer Law& Security Review 25(2), 123-135. Codd E. F. (2001). A Relational Model of Data for Large Shared Data Banks. Communications of the ACM, 13 (6), 377–387. Dustdar, S., Guo, Y., Satzger, B., Truong, H., L. (2011) Principles of Elastic Processes. IEEE Internet Computing 15(5): 66-71. Dustdar, S., Truong, H. L. (2012) Virtualizing Software and Humans for Elastic Processes in Multiple Clouds- a Service Management Perspective. IJNGC 3(2). Dutta, B., Giunchiglia, F. and Maltese, V. (2011) A Facet-based Methodology for Geo-Spatial Modeling. In proceedings of the 4th International Conference on Geospatial Semantics (GEOS). Erickson T. and Kellogg A. (2000) Social Translucence: An Approach to Designing Systems that Support Social Processes ACM Transactions on Computer-Human Interaction, Vol. 7, No. 1, March 2000, 59–83. Forte A., Larco V. and Bruckman A. (2009) Decentralisation in Wikipedia Governance. Journal of Management Information Systems. 26(1) 49-72. Friedman, B., Kahn, P. and Borning, A. (2002) Value sensitive design: theory and methods. UW CSE Technical Report (2002). http://www.urbansim.org/pub/Research/ResearchPapers/vsd-theory-methods-tr.pdf Fuerth L. S. (2009) Foresight and anticipatory governance. Foresight. 11(4), 14-32. Guston H. D. (2010) The Anticipatory Governance of Emerging Technologies. Journal of the Korean Vacuum Society 19(6), November 2010, 432-441. Hannam, K., Sheller, M. and Urry, J (2006) “Editorial: Mobilities, Immobilities and Moorings”. Mobilities, 1(1), 1-22. Giunchiglia, F., Dutta, B. and Maltese, V. (2009). Faceted lightweight ontologies. In “Conceptual Modeling: Foundations and Applications”, A. Borgida, V. Chaudhri, P. Giorgini, Eric Yu (Eds.) LNCS 5600 Springer. Giunchiglia, F. and Robertson D. (2010). The social computer – Combining machine and human computation. DISI Technical Report (http://eprints.biblio.unitn.it/1851/) Giunchiglia, F., Maltese, V. and Dutta B. (2012). Domains and context: first steps towards managing diversity in knowledge. Journal of Web Semantics, special issue on Reasoning with Context in the Semantic Web. Giunchiglia F., Dutta, B. and Maltese, V. (2013). From Knowledge Organization to Knowledge Representation. ISKO UK Conference. Goffman, E. (1959) The presentation of self in everyday life. Doubleday. Helbing, D., Buzna, L., Johansson, T. and Werner T. (2005) Self-organized pedestrian crowd dynamics: Experiments, simulations, and design solutions. Transportation Science 39 (1), 1-24. Hollnagel, E., David D. Woods, and Leveson, N. (2012) Resilience Engineering: Concepts and Precepts. Aldershot, Hants: Ashgate. Introna, L. D. and Nissembaum H. (forthcoming) Shaping the web: Why the politics of search engines matters. he In ormation Society. www.nyu.edu pro ects nissenbaum papers searchengines.pd Johnson, D. G. and Mulvey, J. M., (1995) Accountability and computer decision systems, Communications of the ACM 38(12) 5864. Knobel, C. and Bowker, C. G. (2011) Values in Design, Communications of the ACM, 54(7) 26-28. Kjolberg, K. (2010) “ he Notion o ‘Responsible Development’ in New Approaches to Governance o Nanosciences and Nanotechnologies.” Doctoral Dissertation, University of Bergen. Retrieved December 11, 2013 (https://bora.uib.no/bitstream/handle/1956/4470/Dr.thesis_Kamilla%20A.%20L.%20Kjolberg.pdf?sequence=1). Lanier, J. (2013) Who Owns The Future? Pub. Allen Lane. Lyon, D. (ed). (2003) Surveillance as social sorting. Privacy, risk and digital discrimination. Routledge. Maltese, V., Giunchiglia, F., Denecke, K., Lewis, P., Wallner, C., Baldry, A. and Madalli D. (2009). On the interdisciplinary foundations of diversity. At the first Living Web Workshop at ISWC. Martinez-Cruz, C., Blanco, I. J. and Vila, M. A. (2012). Ontologies versus relational databases: are they so different? A comparison. Artificial Intelligence Review, 38 (4), 271-290. McCarthy, J. (1987). Generality in artificial intelligence. Communications ACM, pp. 1030-1035. DOI=10.1145/33447.33448 http://doi.acm.org/10.1145/33447.33448 McCullough, D. (1988) Non-interference and the composability of security properties, In Proc of the 1988 IEEE conference on Security and Privacy (S&P). McKenzie, D. (2008) “Producing Accounts: Finitism, echnology and Rule Following.” In Knowledge as Social Order: Rethinking the Social Theory of Barry Barnes, by Massimo Mazzotti, 99-117. Aldershot, Hants: Ashgate.

Page 47 of (133)

Deliverable D1.1

McNutt, K. and Rayner, J. (2010) Valuing Metaphor: A Constructivist Account of Reflexive Governance in Policy Networks. 5th Conference on Interpretive Policy Analysis. June 23-25. Grenoble, France. Neuhauser, L., Rothschild, B., Graham, C., Ivey S. L. and Konishi, S. (2009) Participatory Design of Mass Health Communication in Three Languages for Seniors and People With Disabilities on Medicaid. American Journal of Public Health. December; 99(12), 2188-2195. Ostrom, E. (2010) Beyond Markets and States: Polycentric Governance of Complex Economic Systems. The American Economic Review 100(3), 641-672. Osterloh, M., Frey, B. S. and Frost, J. (2001) Managing motivation, organization and governance. Journal of Management and Governance 5(3), 231-239. Owen, R., Macnaghten, P., and Stilgoe, J. (2012) Responsible research and innovation: From science in society to science for society, with society. Science and Public Policy 39, 751–760. Pentland, B. and Feldman, M. (2008) Designing routines: On the folly of designing artifacts, while hoping for patterns of action. Information and Organization 18, 235-250. Perrow, C. (1984) Normal Accidents: Living with High Risk Technologies. Princeton: Princeton University Press. Pickering, A. (1993) The Mangle of Practice: Agency and Emergence in the Sociology of Science. The American Journal of Sociology 99(3), 559–89. Pollock, J. (2002). Integration’s Dirty Little Secret: It’s a Matter o Semantics. Whitepaper, he Interoperability Company. PrimeLife. Privacy and Identity Management in Europe for Life - Policy Languages. [Online]. Available at: http://primelife.ercim.eu/results/primer/133-policy-languages. 2011. Seddon, J. (2008). Systems Thinking in the Public Sector. Triarchy Press, Axminster. Sengers, P., Boehner, K., David, S., and Kaye, J. “Jo ish”. (2005) Reflective design. In Proc. Critical Computing 2005, ACM Press, 49–58. Schall, D., Dustdar, S. and Brake, M. B. (2010). Programming Human and Software-Based Web Services. Computer, 43(7), 82-85. Schatzki, T, Knorr Cetina, K and von Savigny, E (2001) The Practice Turn in Contemporary Theory. New York: Routledge. Shah, R. C., and Kesan, J. P. (2007) How Architecture Regulates. Journal of Architectural and Planning Research, 24(4), 350-359. Shoham, Leyton-Brown (2009). Multiagent Systems: Algorithmic, Game Theoretic and Logical Foundations. Cambridge University Press. Shove, E., Pantzar, M. and Wilson, M. (2012) The Dynamics of Social Practice: Everyday Life and how it Changes. NY: SAGE. Silberman, M. S., Irani, L. and Ross, J. (2010) Ethics and tactics of professional crowdwork. XRDS: Crossroads, The ACM Magazine for Students. 17(2), 39-43. Tai, S., Leitner, P. and Dustdar, S. (2012) Design by Units: Abstractions for Human and Compute Resources for Elastic Systems. IEEE Internet Computing 16(4), 84-88. Truong, H-L., Dustdar, S., and Bhattacharya, K. (2012) Programming Hybrid Services in the Cloud. ICSOC 2012: 96-110 Truong, H-L., Dustdar, S., and Bhattacharya, K. (2013) "Conceptualizing and Programming Hybrid Services in the Cloud", International Journal of Cooperative Information Systems, (c) World Scientific Publishing, Accepted Truong, H-L., Dam, K-H., Ghose, A. and Dustdar, S. (2013) Augmenting Complex Problem Solving with Hybrid Compute Unit. In proceedings of the 9th International Workshop on Engineering Service-Oriented Application (WESOA's 2013), In conjunction with ICSOC 2013, Dec 2, 2013, Berlin, Germany. Voß J-P, and Bornemann B. (2011) The politics of reflexive governance: challenges for designing adaptive management and transition management. Ecology and Society 16(2): 9. [online] URL: http://www.ecologyandsociety.org/vol16/iss2/art9/ Uschold, M. and Gruninger, M. (2004). Ontologies and semantics for seamless connectivity. SIGMOD Rec., 33(4), 58–64.

Page 48 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Appendix I I.1

A worked example of a HDA-CAS in a care setting. Description

This example derives from an interview with a research consultant working on a project to explore how proximity sensors worn by care home staff and residents can be used as an aid to ‘reflective practice’ 23 The sensors register each time a carer comes within 1.5 meters of a resident. The carer can then view analytics that show those residents they were proximal to, when, and for how long, as well as how overall contact time is shared between residents. A sensor is also located on the care home computer to indicate how much time is spent on administrative tasks. The idea is that staff can interpret this data to rethink their own practice, perhaps prompting consideration of who they spend more time with, who less, and why. This example has a number of advantages for exemplifying SmartSociety concepts: 1. It is a simple case that can be easily extended to incorporate features that give it the properties of a HDA-CAS (an elaborated version is described below). 2. There are evident social values and governance issues attached to the system’s use. 3. It falls within the application area of social care, which is seen as an important focus for SmartSociety as it moves forward, particularly in relation to use of sensors to assist the delivery of care. The discussion below attempts to illustrate some of the issues and potential solutions in the governance of a HDA-CAS based upon the principles outlined earlier. The idea is to stimulate a certain way of thinking about CAS and their design, particularly to give attention to the issues, tensions and contradictions that emerge when applied to a real world context. The analysis is not meant to be exhaustive and many of the disciplines within SmartSociety would have strong suggestions as to the sorts of mechanism or approaches that might be used to address the different issues that are raised and in particular: how incentives can be effectively configured; how reputational and provenance can be factored in; and how social orchestration can be designed to help create the 'right' sorts of hybridity. Finally, the example does not reflect in any way the actual intentions of the Mirror project24 which created the original sensor based app for reflective practice. The projection of an extended system exists only within the context of SmartSociety.

I.2

SmartSociety extensions

While the computer system is able to aggregate the pattern and duration of contacts, these aggregated traces are not particularly meaningful by themselves. As the interviewee has it: “[the sensor] doesn't tell you the quality of the interaction it simply tells you an interaction's occurred”. Interpreting the sensor trace depends on the care staff supplying missing contextual detail: where do the residents usually sit? Which residents prefer attention, which prefer to be left alone? Which registrations are likely to be ‘artefacts’, and which correspond to ‘real’ interaction? This interpretation of the pattern of contacts by care staff is already a social computation and demonstrates hybridity between machine and human capabilities. In particular, it shows how human interpretation can help bridge the 'semantic gap' between sense data and meaning. Of course, in developing this as a SmartSociety scenario, the contribution of human-factors colleagues would be to improve activity detection through better sensors and algorithms – although this is unlikely to eliminate the need for human judgment; but perhaps it would alter the sorts of judgment required, with the human needing less to ‘repair’ sensor readings, and able to concentrate more fully on assessing their significance. While human expertise helps bridge the 'semantic gap' between sense data and meaningful interpretations', part of the SmartSociety vision is to deliver automated support for sense-making and decision-taking in areas where the computation is easiest for the machine. An extension to the proximity sensor system enabling the 23

Reflective practice is a common feature of caring and medical professions aiming to promote self-awareness towards ones professional conduct with the aim of understanding which aspects were more or less effective and how well one's practice aligns with professional values. Usually it involves taking time to critically reflect upon one's own practice, either alone, as a written exercise or together with colleagues. 24 The EU Mirror project aims to create a series of applications to support reflective professional practice. http://www.mirror-project.eu/ © SmartSociety Consortium 2013 - 2017 Page 49 of (133)

Deliverable D1.1

discovery of helpful permutations of staff given constraints of duty rotas and shift patterns could be an example of this sort of automation. The work within the project on lightweight social orchestration would be concerned with how the blend of automation and human control is realised in practice. The example has elements of evolution and adaptation built-in, since the aim is for the care staff to adjust their practice on the basis of reflecting on sensor data. Simple extensions to the example provide a means to explore diversity and scale. Diversity could be present in a number of ways, including: perhaps use of different types of sensor that vary in the way they provide descriptions of proximity, or to incorporate the different preferences, knowledge and skills of carers and residents (this may enable the system to help determine combinations of carers best able to meet a resident’s care needs because of shared interests or values). Diversity becomes an increasingly important consideration when the system is scaled up from a single care home to encompass improving care provision across an administrative region. With scale, governance issues also come increasingly to the fore, since decision-making and planning would be implicated at multiple levels of organization with each level orienting to different sorts of goals – these are unpicked more fully in a discussion of governance and social values below. Finally, there is scope for building in reputation mechanisms and incentives, perhaps via resident’s rating of the care they receive, through ‘badges’ or other rewards for thoughtful practice.

I.3

Social values and governance

The issues presented below represent a value sensitive analysis of the care home example based upon the interview data obtained as part of the empirical component of SmartSociety, a conceptual analysis based on our understanding of types of social impact, and an analysis of the technology characteristics. The discussion revolves around design based upon the principles outlined in the governance principles discussed earlier in this chapter. I.3.1

Embedded regulation

The following quote provides a very good example of how values can be embedded in design, of embedded forms of regulation and illustrates how a balance can be struck between different regulatory approaches: " the original the developers [developer's name] they came up with a kind of dashboard you know 100% to 0% - critical and you know colour coded all the way along - Woo Hoo - I said no, no - take off all values - we are not here to tell them what is good or bad, what's critical or what's adequate (...?) not our job. " The proposed colour coding pre-configures how 'readings' of contact time should be interpreted and as such embeds judgments about what constitutes an appropriate level of contact. These inscribed values imply a regulatory effect similar to that of a thermostat where the aim would be to get the 'readings' within an acceptable range. This set-up runs the risk of pushing careers to orient to 'getting the reading in the green' as a metric of good care, rather than orienting to quality of interactions and individual need. This illustrates the more generic danger posed by technologies that quantify as framing care in terms of metrics rather than as personal, compassionate, empathic and responsive - characteristics of the quality of interactions . It also shows the power and subtlety of regulatory cues embedded within the user environment and how these should be used mindfully and with sensitivity. In the quote, the IT consultant orients towards a more polycentric mode of regulation that favours greater hybridity by placing a greater emphasis on the discretion and contextual knowledge of the professional carers. We discuss this in further detail in the section on polycentrism below. I.3.2

Accountability regimes

The extent and types of information flows that a technology enables are also implicated in various regulatory effects. An extended version of the sensor system can be configured to create different patterns of disclosure to different audiences and thus, bring different balances of regulatory mechanism into play. Each of the following patterns of disclosure opens up a different dimension of accountability: (1) only you see your data. Page 50 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

Self reflection. (2) the data is shared within the team of carers. Group reflection and oversight. (3) the data is available to the care home manager. Managerial oversight. (4) the data is shared with residents and or their relatives. Customer oversight I.3.3

Polycentric governance

If we think of the care staff as a bounded resource that needs to be allocated effectively to meet the diverse needs of residents then we can also see how, within the context of normal practice, a variety of regulatory structures will play a role in managing the shared resource. One aspect of this will be 'centralised' management practices such as the production of a staff rota to ensure that there is appropriate 'cover' at all times. These specifications will not, however, detail precisely who does what and when, which will be a matter partly of routine, partly of negotiation and partly of response to contingency - i.e. regulation of care resources at certain levels within the 'system' have a high degree of polycentrism. That is to say it is the staff and residents collaborate in planning and self-organise their moment-by-moment activities around a negotiated and continually evolving shared sense of what needs doing and what division of labour would best achieve those tasks (which will of course be reflected in more static instruments such as the rota). The sensor system of this example provides an additional source of information that can feed into reflective practices crucial to polycentric forms of self and mutual regulation. As an aid to self-reflection where a staff member only sees data corresponding to their own activities, this perhaps will prompt them to make adjustments to their own work practices. Sharing everyone's data between all team members may have a greater potential for insights, ideas and mutual reweaving of priorities, practices and routines. It will also carries greater risks (in extreme cases maybe associated with work place bullying), and will exert subtle pressures toward conforming to the metric of the system. I.3.4

Motivational regulation

One way of viewing the sensor system may be like a rather neutral source of information that can be incorporated into reflective practice to optimise use of a constrained care resource. Another is to acknowledge that at the same time, sensor reading can carry very strong moral overtones as to, for example, whether staff are performing as they should, and whether residents are receiving equal and appropriate care, and so on. Hence the high degree of sensitivity that can be attached to how far the sensor traces circulate how easily subjects can be identified. Thus, while in the original example the system is intended as an aid to reflective practice, this ostensive purpose is not fixed, and the tool's strong evaluative potential in particular, is something that people can seek to exploit: " one of the reviewers he clearly cottoned on to it very quickly and said you are really on to something here - you could sell this, it says, as a quality assess- assurance for relatives - so it's not the carers that get the data it's the relatives that get the data an you think 'oh my god' you know - but that's exactly your issue now - how far down that road - whose data is it? " It is a very common experience that people are motivated to adjust their practices if they feel they are being observed or assessed, and it would be easy to behave in a way that gave a 'positive' account of resident contact time without actually increasing positive interactions with residents. Thus adaptations motivated by these new types of accountability (from managers or relatives) may be quite negative (involving 'gaming' the system, for instance), and may devalue the sensor systems' use as an aid to reflection (because the sensor reading can no longer be trusted). I.3.5

Adaptive governance

In the section above on embedded regulation, we saw how the IT consultant argued against the use of 'colour coding' precisely to remove evaluative connotations. We can see this as a very simple instance of adaptive governance, where the technology is reconfigured to deliver a different regulatory effect by reflecting upon and anticipating its likely or actual effect. ÂŠ SmartSociety Consortium 2013 - 2017

Page 51 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

In the above sections we have formulated a problem. The sensor tool threatens to connect residents, managers, relatives and careers in new ways creating new means of surveillance and accountability that contain the possibility for unwanted and unhelpful adaptations, as well as positive ones. In expanding the system to help beyond personal reflective practices, we have to think of the forms of adaptation that might enable these different functions to more happily co-exist. One strategy might be to use techniques of anonymisation or aggregation, so that data can be examined at a management level or beyond without implicating individuals or individual care homes. This data would still likely be useful, although not ideal, but provide less strong motivations to 'game' the system. Another might be in finding ways of keeping the carers honest such as, enabling residents to annotate data to give some indication of the quality of the interaction in contexts where this may be possible. There are many further possibilities and combinations of possibilities that have the potential to shape different patterns of practice. These occur at different levels within the system with different implications for the quality of the data that emerges and whether the 'real' goals of the system are being met. The point of adaptive governance is that these types of solution should be investigated, trialled and re-evaluated in an ongoing loop of information gathering, reflection and experimentation. There may be a number of adaptive cycles at different 'levels' within the system. Thus the care staff themselves might experiment with different ways of displaying, sharing and interpreting the data locally that helps maintain an emphasis on the 'human' elements of care. While at the same time similar processes could be occurring for how data across the region is used to inform care policy, staffing levels and so on. I.3.6

Political governance "But you could imagine - or you could very easily imagine - care home managers deciding that they would want to find these things out and the carers will wear these sensors whether they like it or not and there could be problems without a doubt because - we did come across a couple of carers that didn't want to wear them. And obviously, you know, we didn't force them although- ... I mean it was a small group because we I think there was nine carers in this group and one of them I remember in this test just felt comfortable but peer pressure carried the day and so she says "ok I will do". "

This quote points us towards the politics of the workplace, and by extension, wider spheres of political involvement that would come to encompass unions, professional bodies, governments, resident and relative care pressure groups, particularly as the scale and scope of the system expands. One issue that may have political ramifications is how such an expanding system would change the nature and character of care work as a profession. A system that more closely matches need with care expertise across a geographic region could lead to changing shift patterns and demand increasing flexibility or mobility of carers. Such a framework might also enable care increasingly to be delivered remotely or virtually or via robots. It could also alter the sorts of qualifications needed to participate into care and entry into the profession, and how care professionals are remunerated. In the end, it could change or challenge broader social attitudes to care. These issues all raise questions as to who should be setting or shaping and monitoring the overall goals of the system, and the sorts of social and political participation needed to review the values underpinning those goals.

I.4

Formal Model

I.4.1

Variants:

It was suggested that to better stress the different implications, especially on social values and privacy, we may consider the following variants of the problem: 1. No sensor: none of the actors involved has a sensor Page 52 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

2. No sharing: the sensors can be accessed only privately by each actor 3. Limited sharing: the sensors can be accessed only by cares during dedicated sessions 4. Full sharing: the content of the sensors is stored in a central repository available to everyone

I.4.2

Sources of diversity:

Diversity in language: If agents are humans, they may differ in the language they speak (e.g. English, Italian), in the words they use (e.g. one might use the term “near” and other might use “close” to denote the fact that they are at a short distance) and in the meaning they attach to them (for some people being near may mean within 3 meters, for some others it may mean within 1 meter). If agents are machines, they may differ in the way they sense proximity and turn what they sense is something meaningful to humans (this is addressed in WP3). In fact, according to the technology used, there are various ways to detect proximity25. Diversity in knowledge: In this scenario, information about the proximity contacts is kept local to a certain peer. Therefore each peer only has partial knowledge about what is happening in the CAS, i.e. in form of the list of contacts she had with the patients and computers. Each peer may have her own way to codify this information (stored in a sensor or simply on a sheet of paper), with different levels of granularity; for instance, one peer can just take note of the time of the contact, some others may also take note of the reason of contact (e.g. giving medicine). Diversity in viewpoint: We can envision cases in which a patient is near two caregivers at the same time. This situation can be identified only when crossing the data stored by the two caregivers. When this is done we may discover conflicts. For instance, caregivers may report about two treatments which are incompatible. I.4.3

Formal data model:

From a modeling point of view, the basic scenario is very simple, though the level of detail can vary according to the kind of analysis we want to support on the collected data. In fact, the data model should be always a direct function of the services we want to support and should only account for what is strictly required. As the declared goal of the experiment is only to collect data such that caregivers can just have a look at those (without any further analysis), what we need to store is only a temporal sequence of proximity contacts either between a caregiver and a patient (for curing them) or between a caregiver and a personal computer (for administrative work). Though we could abstract them just as generic entities staying near to each other in a certain interval of time [t1, t2], this can be done in a slightly more structured way by introducing a semantic schema S with three different entity types26: S = < Patient, Caregiver, Computer> (entity types) Patient Computer Caregiver

= <ID = t01, EC = c01, PT = -, {Name}, {-}> = <ID = t02, EC = c02, PT = -, {Name}, {-}> = <ID = t03, EC = c03, PT = -, {Name}, {Near} >

(attribute definitions) Name = <ID = a01, AN = c04, String> (relation definitions) Near = <ID = r01, RN = c05, {Patient, Computer}>

http://en.wikipedia.org/wiki/Proximity_sensor Notice that here we may actually further extend the schema to four entity types by moving the common attribute definition for Name at the level of a common parent entity type called Entity. © SmartSociety Consortium 2013 - 2017 Page 53 of (133) 26

Deliverable D1.1

(concepts with English lexicalization) c01 = < WORDS = {patient}, GLOSS = “a person who requires personal care”, LANG = “eng”)> c02 = < WORDS = {computer, computing machine}, GLOSS = “a machine for performing calculations automatically”, LANG = “eng”)> c03 = < WORDS = {caregiver, carer}, GLOSS = “a person who is responsible for attending to the needs of a child or dependent adult”, LANG = “eng”)> c04 = < WORDS = {name}, GLOSS = “a language unit by which a thing is known”, LANG = “eng”)> c05 = < WORDS = {near, close}, GLOSS = “not far distant in time or space or degree or circumstances”, LANG = “eng”)>

The instantiation of the semantic schema S is a set of entities. For instance, the following knowledge depicts a situation where there is one caregiver, two patients and one computer (notice that here no provenance is provided): K(S) = <{E1, E2, E3, E4}> (entities) E1 = <ID = e01, ET = Patient, {a}, {-}> E2 = <ID = e02, ET = Patient, {b}, {-}> E3 = <ID = e03, ET = Computer, {c}, {-}> E4 = <ID = e04, ET = Caregiver, {d}, {e}> (attributes with corresponding values) a = <ID = v01, AD = Name, {<“Mary”, -, ->}> b = <ID = v02, AD = Name, {<“Paul”, -, ->}> c = <ID = v03, AD = Name, {<“PC1”, -, ->}> d = <ID = v04, AD = Name, {<“George”, -, ->}> (relations with corresponding values) e = <ID = r01, AD = Near, {<E1, {[t1, t2], [t3, t4]}, ->, <E2, {[t5, t6]}, ->, <E3, {[t7, t8]}, ->}>

PAUL

MARY

GEORGE NEAR

NEAR

[t1, t2] [t3, t4]

[t5, t6]

PC1 NEAR [t7, t8]

Page 54 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 I.4.4

HDA-CAS Programming:

In the following, we will illustrate how we can model and program a collective for the Care House scenario. From three types of entities (Patient, Computer, Caregiver) we see that there are two types of ServiceUnit that can be used to implement these types of entities. First, SBS can be used for the entity type “Computer”. Second ICU can be used to implement Patient and Caregiver entities. Furthermore, the relation definition “Near” can be implemented by using the LocationDependency which is used to indicate location dependencies among service units. Other attributes in the schema can be mapped into properties of ServiceUnit and Relationship in our hybridity concepts, such as “Name” of an entity is a property of a ServiceUnit or Relationship. Given a schema <S> for a situation of one caregiver, two patients and one computer, we can have four instances of ServiceUnit in an HCU: HCU carehouse = new HCU(); //create a collective ICU icup1 = new ICU(); //serviceunit for patient 1 ICU icup2 = new ICU(); //serviceunit for patient 2 ICU icuc = new ICU(); //serviceunit for caregiver SBS sbs = new SBS(); //define an HCU with 4 service units carehouse.add(icup1); carehouse.add(icup2); carehouse.add(icupc); carehouse.add(sbs); In which icup1 and icup2 represent the two patients, icuc1 represent the caregiver, and sbs represent the computer. Furthermore we can specify the function of these units, such as: /* to describe the function of icuc1 is to attend to the need of patients */ icuc1.function.setName(”attendingTotheNeed”); /* to describe the function of SBS is to perform some calculation*/ sbs.function.setName(”calculating”);

Note that we specify the function name to describe the expected abstract functionality that a service should provide. In a real implementation, the function can be described by complex set of information. Given the condition of the “Near” relation described above, we could program the relationships among services as follows: //define a relationship LocationDependency ld = new LocationDependency(); // describe a “near” distance ld.relativeDistance.setValue(”Near”); //patient 1 is near the caregiver ld.setDependency (icup1,icuc); //patient 2 is near the caregiver ld.setDependency (icup2,icuc); // the caregiver is near the computer © SmartSociety Consortium 2013 - 2017

Page 55 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

ld.setDependency (icuc, sbs); The above-mentioned pseudo code just illustrates some main programming statements that show how a collective can be programmed using our hybridity concepts.

Page 56 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Appendix II

ÂŠ SmartSociety Consortium 2013 - 2017

Overview of empirical work

The governance and social values sections in this document draw upon a series of empirical sources as part of the ongoing research of WP1. Early on we produced a research design that outlined our approach framed around a value centred design approach.

II.1

Research Questions:

1. What ways do CAS impact on existing values of societal groups and how does this occasion tradeoffs between conflicting social values? Numerous examples have been identified and presented in this document, including, for example, the trade-off between privacy and safety in the Ride Share scenario and between reflection and accountability in the Care House scenario Appendix I. Rather than seeking a 'final solution' for these types of conflicts, our approach has been to show (a) how choices between alternate governance regimes can offer working solutions each with a different balance of outcomes across stakeholders, and (b) how attention to adaptive and political governance supports stakeholder ownership and ongoing reassessment of those choices. 2. What operating principles or governance frameworks are appropriate for systems that evolve and have emergent behaviours? This has become an important part of our thinking, and we have identified adaptive and polycentric governance in particular as playing an important role in mediating adaptation and emergence. See section 3.3 on governance. 3. What are the important entities, activities, and value relations that are important in the context of SmartCities and existing CAS-like systems to inform the formal model developed as part of WP1. The task of working out the relation between formal models and social values is ongoing. An important component of this is constituted by the work that will be carried out between WP1 and WP4 (peer profiling) to develop common entity types (e.g. person, location, event) for entities that may be encountered in SmartSociety domains (see D4.1). This aims to provide a degree of genericity to lower the overhead of model creation when tackling a new domain. We plan to explore how the WP1 empirical data might best inform this process. It became clearer during the course of WP1 that conceptual issues related to social values and governance, particularly for properties such as adaptation and emergence, are not necessarily accommodated by the WP1 modelling activity that has focussed on elaborating a diversity- aware knowledge base for HDA-CAS. Instead, these issues might more properly be aligned with modelling activities occurring later in the project that are more concerned with dynamic aspects of the system, and which play a stronger role in describing information flows (e.g., access control models). An important activity will be to map out the full range models that play a role in various aspects of SmartSociety, understand their interaction, and to consider how they respond to the requirements deriving from the work on social values. For instance, it is important in the Care House scenario know who has access to the sensor data and at what level of granularity for how care staff then respond to different forms of 'surveillance'. Thus in SmartSociety it would be helpful to be able to reason about information flows, for instance, to prove that a Care House manager will or will not be able to access certain information with a particular system configuration. To achieve this one might need to draw together privacy work (WP1), access control (WP4) and provenance (WP2). ÂŠ SmartSociety Consortium 2013 - 2017

Page 57 of (133)

Deliverable D1.1

II.2

Important things promised in the DOW for D1.1:

1. concrete indications about the way in which smart societies might present both societal and ethical consequences, both positive and negative. WP 1 has catalogued an extensive array of ethical issues relating to SmartCity programmes, SmartSociety technologies and focal application domains for SmartSociety such as Care, Tourism, Transport and Policing. These derive from existing literatures and WP1 empirical work and are summarised in section 3.1 of this document. A more detailed treatment of the literature can be found in the state-of-the-art section. A number of generic issues raised by the interviews and not documented elsewhere are detailed below. The rich qualitative dataset being accumulated by WP1 will be a valuable asset for the project as a whole and efforts will continue to deepen the analysis, as well as generating insights which can be fed into the ongoing work of all WPs. 2. recommendations for dealing with risks and uncertainties. There are a number of aspects of the WP1 work that consider how to manage risks and uncertainties. In a sense risk is an inevitable side-effect of trying to capitalise on properties of selforganisation and emergence envisioned for CAS, which may just as well have negative as opposed to positive consequences. In this respect the governance principles outlined in section 3.3.3 help to mitigate risk by being responsive to these types of change. Processes such as anticipatory governance help surface risks that a SmartSociety implementation may have for social values, although, some anticipatory tools, such as model-based forecasting, are beyond the scope of SmartSociety. We will continue consider how risk in a SmartSociety application can be managed, perhaps exploring how approaches such as ‘misuse case analysis’ can be folded into our valuesbased approach. 3. develop a novel framework for the assessment of values in emerging technologies (e.g. how to make the Values Sensitive Design approach relevant to CAS, a model of disclosive computer ethics ). This has not turned out quite as we had expected. Rather than extending VSD to design CAS according to a values-sensitive approach, or creating a model of disclosive computer ethics, we find instead that these are tools in a toolkit that help us towards the much broader requirement of governance design. This is an important point. Approaches such as VSD tell us about the ethical concerns now, but CAS will mangle them into new forms, implying the need to constantly track emerging issues. As suggested above, this implies that we attend to governance design, and in a way that create ‘living’ governance structures, themselves able to adapt to cater for emerging circumstances that the CAS creates. 4. a detailed picture of how the SmartSociety should be administrated and function (in terms of data lifecycle; requirements for transparency, privacy policies, and so on). Our view on this is that detailed administrative and operating procedures will have large domain specific components (aside from complying with legal requirements). For instance, the requirement for safety in the Ride Share scenario suggests different sorts of operating procedures than those needed to manage the accountability issues raised within the Care House scenario. We suggest that a focus at the level of governance design provides a framework from which operating procedures from many different sorts of CAS to be derived.

Page 58 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Although our methodological thinking has subsequently evolved, we initially based the empirical work in WP1 on a Value-Sensitive Design (VSD) approach. VSD has three components, conceptual, empirical and technological. Our response to each of these is detailed below: 1. Conceptual: Exploring existing normative, regulative or philosophical concerns, A key plank of the conceptual investigation has been the privacy work conducted by KAU who have undertaken a careful study of the privacy principles within the current European Legal Privacy Framework and drawn out their implications for SmartSociety. They have worked closely with project partners across a range of workpackages to guide them towards privacy compliant and enhancing approaches and technologies. Through exercises including developing a Privacy Impact Assessment for the Ride Share Scenario, the privacy team has deepened out understanding of how privacy concerns intersect with SmartSociety goals, and is developing a research agenda (outlined in this deliverable) towards Privacy by Design for HDA-CAS. At the same time we have undertaken a conceptual analysis of governance concepts to inform governance design for SmartSociety (section 4.2). 2. Empirical: Exploring stakeholder perspectives, settings of use, SmartCity projects involve the application of network, mobile and sensor technologies to solve problems of urban living. SmartSociety aims to extend the SmartCities agenda by fostering the emergence of powerful (HDA) Collective Adaptive Systems that enable new forms of public goods to emerge, and enable existing common pool resources to be exploited more effectively. Although HDA-CAS do not yet exist in the form envisaged by the project, many SmartCity initiatives are in progress, and many existing solutions have some elements in common with different parts of the SmartSociety vision. Our approach to empirical investigation has been to engage with stakeholders developing SmartCity type solutions to draw upon their expertise of emergent issues are with respect to ethics and social values. This ongoing programme of work is outlined in greater depth below. 3. Technological: Examining how technological and infrastructural affordances intersect with values in use. We have attended to this through the literature on the ethical potential of social, mobile and network technologies. One of the ways we have achieved this is by forging links with the SOCIAM project 27 which is exploring the theory and practice of social machines. We have been able to tap into their work programme by attending seminars and workshops to draw on their emerging expertise and understanding of social computation and social machines. Our approach to governance for CAS (which might be thought of as a coalition of social machines) emerged from thinking about the governance of individual social machines.

II.3

Empirical approach underpinning governance, ethics and social values.

It is impossible to study HDA-CAS ‘in the wild’ as the sorts of HDA-CAS envisaged by SmartSociety do not yet exist. Thus to understand the implications of HDA-CAS for ethical governance we need to adopt a series of more indirect approaches which are detailed below. These involve examining: 

Emergent ethical issues of contemporary trends in networked, social and mobile computing. This has principally involved exploring the extensive existing literatures on this topic informing the state-of-the-art document and section 3.1.2 of the main deliverable.



Existing systems or programmes that have some properties in common with HDA-CAS, or that are driven by a similar vision.

http://sociam.org/ © SmartSociety Consortium 2013 - 2017

Page 59 of (133)

Deliverable D1.1

Here we have conducted a series of ‘elite’ interviews with powerful stakeholders driving the SmartCity agenda. ‘Elite interviews’ aim to explore and learn from the experiences of those in positions of power and influence within a particular arena, be it politics, business, academia or the public sector. This approach allows us to access the accumulated learning accrued from implementing real-life SmartCity visions and CAS-like systems. 

User perspectives in contexts corresponding to SmartSociety scenarios. We have conducted interviews and focus groups with our project partners in the SmartSociety consortium. We have helped WP5 design and undertake interviews with Ride Share participants in Ben-Gurion University. We have assisted WP9 conduct focus groups to probe the tourism scenario, and contributed data from a focus group we organised in the UK with young travellers.



Reflective discussions within the SmartSociety project itself. SmartSociety project members naturally reflect on the ethical potential of the technologies during co-located and virtual meetings across the project and these are valid and valuable forms of insight.

We see all of these as valid sources of data for exploring ethical concerns, and consistent with valuesensitive design and reflective design practices. We also adhere to the principles of the Biography of Software Packages approach that suggests that technology is shaped in multiple locales, by different actors and over different timescales28. Thus our fieldwork has spanned across the following arenas and venues: 

   

SmartSociety Scenario Domains i.e. policing, care tourism (as defined by WP9) and transport (in the context of Ride Share). Two interviews with senior police officers overseeing SmartPolicing projects. One focus group with young travellers (with Imaginary). Eight interviews with Ride Share participants (with Ben-Gurion). One interview with an IT consultant developing SmartCare Apps. Academic Centres. Interviews with two respondents working within academic centres developing SmartCity applications. SmartCity solution providers. Interviews with four respondents working for international consultancy and system integrators businesses creating and managing SmartCity applications. Interview with one manager of an intelligent national traffic management scheme. Gonvernance Policy and Planning. Interview with one person from the civil service charged with facilitating adoption of SmartCity solutions. Technology and SmartCity conferences. Two Scottish events showcasing SmartCity applications and thinking.

Findings from these empirical studies have strongly contributed to the ideas presented in this deliverable, particularly relating to the challenges of governance for SmartSociety. Below we outline some further themes emerging from the interviews that we will seek to deepen as the project progresses. 

Interviews revealed the not infrequent use of ‘surveillance’ technologies leading to ambiguous privacy issues. An example of this is the implicit sensing of Bluetooth devices to track the flow of people and vehicles along roads and at festival events. These sorts of applications correspond to the sensing capabilities of SmartSociety being investigated by WP3. Dilemmas arise because on the one the one hand the information can offer social benefits –e.g. by electronic road signs that notify drivers of journey times to upcoming junctions, but on the other there can be a negative surveillance potential from identifiable data. Those interviewed to date do not share a unified perspective on what is permissible, nor does there seem to be a clear distinction between how these issues are handled in

Neil Pollock and Robin Williams (2009) Software and Organisations: The Biography of Enterprise Solutions or How SAP Conquered The World, London, Routledge.

Page 60 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

the public and private sectors. The handling of sensor data appears to be characterised by uncertainty, with sometimes a wry acknowledgement that some uses are problematic have the aura of ‘big brother’, even though ‘surveillance’ is often not the intention. Aggregation and anonymisation are used to limit the surveillance potential of this data, but then that also limits the data’s strategic value and inhibits the development of personalised services. Shifting towards use of personal data requires a greater investment in infrastructures to inform publics and manage data securely. However, it was not uncommon for respondents to be unclear what data protection policies were in place, and what provision made for informing publics of how data is being used. It was common for of SmartCity applications to be realised through a complex mix of services and providers, and to incorporate complex divisions of labour for different development and operational aspects of the system. This meant it was hard to maintain a coherent map of policy, information flow and responsibility for transparency and consent. Another issue surfaced was that possessing sensor data did not necessarily provide insight by itself, and that familiarity with the data, the development of tools and processes of learning took time. 

Managing emergent properties of CAS-like applications also proved problematic. The key instance here is resisting the evaluative potential of the proximity sensor described in the Care House scenario (see appendix I). Although emergence is a sought-after property of HDA-CAS, it is also one freighted with important implications for ethical governance and social values. As discussed in section 3.2 on privacy, there are privacy principles to guard against ‘function creep’. That is to say, users’ data shouldn’t be used for purposes different to those advertised when they signed up. On the other hand HDA-CAS are not conceived as static, but rather as open, flexible and evolving. This underscores our attention to adaptive modes of governance (outlined in section 3.3) that monitor and adjust governance regimes for CAS.



Our interviews show that as a national ‘intelligent’ transport system achieved prominence as a key source of information for the travelling public, emergency services, schools, private events and others, this at the same time heightened operational responsibilities of maintaining a high degree of availability and accuracy, particular at points when other infrastructures are strained, such as during periods of extreme weather. Thus the more a system becomes a socially embedded and depended upon the more it tends towards becoming a piece of critical infrastructure with an increasing requirement to be resilient. On a smaller scale this has been noted with the development of the Ride Share application where service level requirements come to the fore with along with the possibility of using the experimental platform ‘in the wild’.



Interviews raised a number of issues around transparency and responsibility in relation to automated systems. These often related to the use of algorithms in SmartCity contexts to filter or aggregate data sources, particularly where users of the data source are unaware this has happened. In one system obscenities are filtered from in a system that presents real time information to visiting dignitaries about an international sporting event. Such a ‘sanitised’ twitter stream has the side effect of creating bias in favour of positive sentiment of which the consumers of that stream were unaware. Another issue relating to social media is the view sometime apparent among SmartCity implementers how sentiment can be ‘read off’ twitter feeds in an unproblematic way as a means of gauging public opinion of matters of the day. Contrastingly, some studies show the complexity of drawing inferences from twitter feeds that make them less than a privileged source of insight than they might seem at first. Notably, one of the senior police officers interviewed was more sceptical about twitter as a source of sentiment data – particularly for sometimes contentious services like policing where ‘everyone has an opinion, whether they have had contact with the police or not’. Use of social media in policing raised very interesting conundrums of governance and social regulation. Thus while the police might like to engage the public help with investigating crimes via social media in a stronger

Page 61 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

way than at present, this also carried the risk of stimulating responses that verge on vigilantism. This creates the puzzle of how to leverage powerful public resources without people taking policing into their own hands. ď&#x201A;&#x2014;

Some academic respondents drew attention to the problematic aspects of SmartCity technologies for inclusivity and some of the more unpredictable and sometimes unwanted effects of enabling flows of people and information. An example given was the way online property markets can give a price advantage to the more technologically literate and connected. This reveals a general lesson for SmartSociety in how non-participants may be disadvantaged by not accessing the richer possibilities available to CAS participants, and with it the danger of creating new sorts of digital divides.

Page 62 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Appendix III State of the Art III.1

Summary of the state-of-the-art document

Executive summary SmartSociety is an ambitious project drawing on expertise and research from several disciplines spanning technical, social and psychological domains: 

Advances across a number of technical fields are required to create the infrastructure and tools to engineer Hybrid and Diversity Aware Collective Adaptive Systems (HDA-CAS).



Insights from complex systems research, human factors and psychology are needed to understand how the behaviour of populations of peers evolves, and can be aligned with HDA-CAS objectives.



Sociologically informed design approaches are required to ensure that HDA-CAS operate in an ethical and socially acceptable fashion.

By collecting together a précis from each contributing research strand this state of the art document can hopefully play two important roles as the project progresses. Firstly, it can be a source of material to be drawn upon by project members in compiling reports, papers and publicity materials. Secondly, and perhaps more importantly, by providing an overview it enables project members to achieve mutual understandings across the different disciplinary contributions and to begin to see how they will articulate together to create a Smarter Society. Contributors were given the brief of outlining the state of the art in a particular research domain and to do so with the cross-cutting themes of SmartSociety in mind (hybridity, diversity, collectives and so on), and then to outline the research challenges beyond the state of the art to realise SmartSociety objectives. A summary of each of the contributions is given below: Ethical governance: Explores the multiple and complex relationships between social values and innovation in digital technologies, how these can be factored into design, and the sorts of extension needed to valuesensitive design practices to meet the challenge of creating ethical and socially acceptable large-scale HDACAS. Privacy: Appropriately addressing privacy issues is key to trusted participation within a SmartSociety. This section details the armoury of available privacy protection strategies, including Privacy Impact Assessments, Privacy by Design and Privacy Enhancing Technologies, and outlines the issues of adapting these to information flows within HDA-CAS. Provenance Trust and Reputation: Provenance also underpins trust in SmartSociety by providing the basis for reputation and trust services and the ability to audit system actions to provide accountability to operational rules. The provenance approach will build upon the W3C prov standard suitably specialised for HDA-CAS, and address research questions associated with scale, collectives and hybridity. Collective Adaptive Systems (CAS): CAS attempt to capture a wide range of systems that are deeply socially embedded and the section outlines aspects of the collective and adaptive nature and considers whether there are interesting subclasses that might be studied. These subclasses have the potential to inform the design operation and evolution of systems to be envisaged in the SmartSociety scenarios. Human-based and Social Computation: This section explores the different modes of combining human intelligence within a social computation across dimensions of crowd (or team) representation and formation, task description, task assignment and lifecycle management of a crowd-sourced task. Compositionality: The concept of compositionality is important for HDA-CAS in multiple ways - including in how data can be meaningfully composed, and how aggregate phenomena arises from the collective © SmartSociety Consortium 2013 - 2017

Page 63 of (133)

Deliverable D1.1

behaviour of participating agents. This section surveys the multiple dimensions of compositionality in relation to multi-agent systems, complex systems and web services. Diversity: An important property of HDA-CAS is that they are diversity-aware– they are able to respond to the varying goals, knowledge, actions and values within participating agent populations. This contribution shows how knowledge bases have become diversity aware, and details DERA, a faceted approach to representing knowledge as an important component technology for HDA-CAS. Vertical diversity and the semantic gap between humans and machines: Vertical diversity is a key concept related to hybridity within HDA-CAS and concerns how humans, machines or a mix of humans and machines can occupy different roles at different hierarchical 'levels' of system operation or data interpretation. This piece considers the succession of approaches and theoretical perspectives that have informed how human machine symbiosis can be instrumented. Incentive design: An emphasis on incentives to shape the behaviour of populations of participating agents within a HDA-CAS is what sets apart SmartSociety from existing SmartCity approaches. This contribution lays out empirical and theoretical studies across AI, Human Computation and Economics of how agents respond to extrinsic motivations, such as reputation, financial gain and response to influential actions. Resilience: Resilience concerns a system's ability to keep functioning despite challenges to its integrity. Strategies for improving resilience include anticipating risks and making structural modifications such as decentralisation and increasing diversity and redundancy. Where providing vital services, resilience becomes a highly salient concern for the design and operation of HDA-CAS. Activity and context recognition: Understanding the activity of individuals and collectives will be an important source of data for HDA-CAS to enable it to identify and respond appropriately to situations. This section explores the techniques used create a chain of inference from data (e.g. from sensors, video or data traces) to action, to activity, and the importance of sensing context to aid disambiguation. P2P search: Details the existing approaches to searching for resources held by peers on a peer to peer (p2p) network and the trade-offs they exhibit between vulnerability, completeness and efficiency. Search is important for SmartSociety to identify populations of peers to access their knowledge or to target incentives. A promising approach for HDA-CAS lies with multi-level peer topologies that cluster peers according to semantic correspondences in ways that reflect their belonging to a collective. Programming models: This section describes existing high level programming APIs, languages and abstractions that enable the orchestration of individual or team contributions to computations, for example, in crowdsourcing applications. For SmartSociety, these approaches will be extended so that important HDACAS features, such as incentives, can be programmed as first class entities, to ease the engineering and evolution of HDA-CAS. Digital cities: Digital (or ‘Smart’) Cities aim to address the problems of increased pressure and complexity of urban life by making visible and responding to data that reveals the organisation and dynamics of various aspects of city life at different scales of organisation. Thus new services enabled by smart monitoring, visualisation and feedback in domains such as energy use, healthcare and transport all promise to improve the quality of life and make more effective use of resources. Serious games: Explores the emergence of games with a purpose and gamification where the principles of gaming are applied to serious purposes such as education, or incentivising participation in crowd-sourced challenges and spells out the importance of immersive environments for fostering a high degree of motivation and engagement. For SmartSociety advances beyond the state-of-the-art are needed to fuse the gaming experience with live real-world data from an instrumented city where gamers’ ‘solutions’ to problems have real-world consequences.

Page 64 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

III.2

Ethical Governance for Collective Adaptive Systems.

Mark Hartswood and Marina Jirotka III.2.1

Introduction

This state-of-the-art contribution explores how information technologies in crystallising social change stir up important human values related concerns and how value-sensitive approaches can help foresee and forestall the more serious risks to important values such as personal autonomy, privacy29, and social inclusion, as well as being a source of creative engagement for design. To begin we explore why human values have moved towards centre stage in digital technology design and unpick the multiple relationships that exist between technology and values. Secondly we examine a series of specific examples of how technology interacts with values or valued practices and show their potential relevance to HDA-CAS. Thirdly, we consider how value-sensitive design, as part of a Responsible Research and Innovation (RRI) agenda, can help articulate stakeholder values as an explicit part of the design process. Finally, we consider moving beyond the state-of-the-art in these areas towards a framework for the ethical governance of HDA-CAS. III.2.2

Technology and human values

As digital technologies have become deeply intertwined with all aspects of our lives, including work, leisure and our friendship and familial relations, then thinking through the subtle ways they interact with human values has emerged as a significant strand of human factors research (Sellen et al 2009; Friedman et al, 2006; Knobel and Bowker, 2011). This increased emphasis on values has a number of roots. One relates to a growing focus on ‘user-experience’ as a key element of technology design and the recognition that accommodating cultural values improves a technology’s acceptance (e.g. Marcus, 2000). Another has to do with how search, mobile and social technologies change how knowledge, transparency and accountability are socially distributed, and in doing so alter power dynamics across a wide range of relationships – interpersonal, doctor-patient, citizen-state, consumer-corporation (Kobsa, 2009; Mort et al, 2003; Lanier, 2013). Sellen et al (2009) draw these perspectives into a broader picture locating the need for a values-aware approach within five contemporary techno-cultural trends: 1. End of interface stability. No longer a single, well defined means of interacting with computers which are now more ubiquitous and embedded. 2. The growth of techno-dependency. Deep economic and cultural dependency on complex technical infrastructures and services with complex interactions, failure points and vulnerability. 3. The growth of hyper-connectivity. Attention consuming (always on, always connected) yet generative and powerful. 4. The end of the ephemeral. Traces of our activities are no longer fleeting, discarded, forgotten, but are recoverable, creating a digital footprint that has value but also problematics. 5. The growth of creative engagement. Computers as tools for expression and creativity rather than just mechanical problem solvers. We can all produce content, create programmes (e.g. IF This Then That), express opinions, create analysis, sift information for our friends, changing the balance between traditional patterns and modes of cultural production and consumption. Sellen et al’s (2009) analysis might be critiqued for clinging to traditional HCI concerns as their emphasis lies close to the interaction between individuals and computers. To balance this one might add a sixth category - especially relevant to Collective Adaptive Systems - the emergence of social computing – which is also associated with a complex moral terrain in ways that we unpick in later sections. It is useful at this point to clarify what we mean by ‘human values’, and to draw upon sociological literature to guide how we interpret their bearing on technology, and vice versa. Friedman et al in advocating ‘value sensitive design’ (which we discuss more fully later) as an approach to incorporating a values perspective into design, use a working definition of ‘social values’ as referring to the importance attached to things by a group or an individual (Friedman et al, 2006). This reading is close to our common sense interpretation that 29

Privacy is explored in detail in chapter 2 of this document. © SmartSociety Consortium 2013 - 2017

Page 65 of (133)

Deliverable D1.1

somebody (or some group) with an espoused set of values will tend to take a particular view, be involved in certain practices or behave in a particular way under given circumstances. In this sense, values equate to something that is close to the idea of a personal or shared ethos. Scholars exploring the relationship between values, culture, technology and social behaviour warn against developing these intuitive readings of values into positions of determinism. The two forms of determinism that are at stake here are ‘technical determinism’ – the idea that technologies straightforwardly shape values, and the converse position, ‘cultural determinism’, where social values are seen as central to technology selection (and the shaping of social patterns more generally) (Ackermann, 1981; Swidler, 1986). Rejecting deterministic accounts partially rests on the recognition that social values do not have a singular or primary role in social processes. For Ackermann social values have multiple aspects: they are evaluative and invoked in “situations of choice”, they are enacted through practice and cultural expression, and they play a role in sustaining patterns of social relations. Similarly for Swidler values are seen as resources for organising action, rather than determining social behaviour (Swidler, 1986). By implication, the intersection of technology with values is not singular and unambiguous, but multiple and complex. Thus the technology itself might be the thing that is valued, or symbolic of wider values, or implicated in the disruption (or creation) of valued practices. Several examples these types of relationships are given below. III.2.3

The politics of automated mechanisms and embedded algorithms.

Internet search is one of the commonest, most palpable encounters we have with a CAS-like social machine where sophisticated analytics shape search listings based upon continuously updated profiles of the web and of user activity. Search has become ethically and politically charged because of the powerful role it plays in ordering our experience of the virtual world and its physical world referents. Cultural assumptions are frequently and covertly embedded within the mechanisms for ranking and ordering search results in ways that are hard for users to discern and untangle (Introna and Nissembaum, forthcoming). This can have the effect of privileging some cultural perspectives while diluting others, for example, when searching in Google on the word ‘Cameroon’ it is not until the fourth or fifth page of results that a Cameroonian voice can be found (Knobel and Bowker, 2011). Moreover, each search made subtly contributes to everybody's search experience through incremental adjustments to ranking algorithms, sometimes creating an imprint or reflection that can be read as a dominant cultural preference. These can reflect negatively regarded views including racial biases or prejudices (Sweeney, 2013). Prior work examining the ethical principles important for developing and deploying algorithms embedded in computer models may prove a useful starting point for unpicking these types of issue. This work draws attention to the relationships of responsibility between algorithm developers and their ultimate users (Johnson and Mulvey, 1995), and the significance of, and means of, achieving visibility of mechanisms and embedded values (Fleischmann and Wallace, 2009). Implications for HDA-CAS: Because algorithms are complex and obscure, mediating collective adaptation can generate suspicion that values have been covertly embedded, or else enable adaptations that are partial or that reflect darker social values. Understandings here could help inform requirements for trust and transparency and thus, be of interest to the provenance work, for example, where there is loss of traceability with aggregation. III.2.4

Values attached to social practices

Values can interfere with the uptake of technologies. For example, the Senegalese were motivated by their government to adopt (“modern”) gas burners to replace charcoal stoves in a move to preserve forests and exploit surplus gas. While many units were purchased, few remained in routine use. One reason is that it was hard to use them to make good tea, an important practice in Senegalese family life, although many of the burners were kept for display to symbolise progressive values (Ackermann, 1983). A simple reading of this story is that dominant social practices associated with strongly held social values shaped the adoption and use of technology. More subtly, one can see the way that the proffered gas burners figured at different times in relation to different sets of values, sometimes as a bearer of those values, sometimes as a disruption to valued practices, and along an unfolding trajectory hard to discern from the outset. Implications for HDA-CAS: These perspectives could be important for work on Incentives and Decision-Making in exploring how HDACAS intersect with existing human values for their effective operation. For example, how might interference Page 66 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

with values attached to dominant social practices impede participation within HAD-CAS? Or conversely, how do we motivate participation by identifying, building upon and extending existing social practices and their attendant values? Finally, how might we understand the complex interactions and multiple roles technologies play in an evolving value system? III.2.5

Values attached to labour

Technological developments impact in a myriad of ways upon the character and availability of paid labour. Possible effects include, reduction in overall demand for labour, shifts in the availability of different forms of labour, changes to how labour is valued and remunerated, changes in patterns of work, the decline and extinction of some forms of work, and the emergence of new forms. Part of this turns on the sorts of markets enabled by networked technologies. On the one hand new market opportunities are heralded by opening up the ‘long tail’ of demand (Brynjolfsson & Smith, 2006), but on the other are the dystopian narratives of the erosion of skilled labour and middle class occupations and the concentration of power and wealth with socalled 'siren servers' (Lanier, 2013). Emerging labour markets driven by crowdsourcing approaches such as the MechanicalTurk, as well as creating new labour opportunities, have also attracted criticism for exploitative practices, (including low wages, and poor reward prospect for skilled contributions), placing the burden of risk with the worker and allowing enticements to participate in fraudulent activities (such as forging reviews and spamming) (Silberman et al, 2010). Although much crowdsourcing involves financial gain (for participants or organisers), others are based on non-monetary forms of value exchange such as a community participation and public acknowledgement and appear less likely to attract negative ethical appraisal (Karpinsky et al, n.d.). Implications for HDA-CAS: Important questions for HDA-CAS relate to the motivation and remuneration for crowds – how will the supply of this type of labour evolve along with increasing demand; what will future expectations be on the types of exchanges that are considered fair in digital participation? More subtly, what will be the effects of HDA-CAS on traditional work roles and what sorts of transitions should be anticipated and managed? The distribution of work between the people and the machine has interesting consequences in terms of who/what is responsible if things go wrong. This is important for SmartSociety where croudsourced solutions, perhaps using serious games, are applied to the real world, perhaps in close to real time, to solve problems of urban living. III.2.6

Interpersonal values

How do technologies intersect with values attendant on interpersonal relationships? For example, it is may be useful to use geo-locating services to track friends to enable spontaneous meeting and just-in-time arrangements. But those self-same technologies become technologies of accountability by creating a sense of entitlement to know where a partner is, or why they were offline (Kobsa, 2009). New services then emerge that enable people to lie about their location. (Knobel and Bowker, 2011). A second example is how the etiquettes and moral responsibilities of friendship are transformed by technologies such as Facebook via practices of ‘friending’ and ‘unfriending’ etc (Holmes, 2011). Implications for HDA-CAS Sensitivities where HDA-CAS touch upon collaborating networks of families and friends – e.g. when attempting to leverage a patient’s social network. Understanding in these areas will help inform tradeoffs between transparency and privacy. III.2.7

Social sorting and social exclusion

Social sorting concerns how surveillance technologies enable population to be stratified in ways that shape entitlement or access to services or resources (Lyons, 2003). An example would be corporations minimising their risks by adjusting services according to data they can gather about customers' health statuses. Ambient healthcare technologies are seen to have a high potential for generating detrimental social sorting (Kosta et al, 2010). Social exclusion is a related form of social partitioning whereby peoples’ material or social

Page 67 of (133)

Deliverable D1.1

disadvantage prevents them from participating in valued social practices, which can be exacerbated by lack of access to socially enabling technologies (e.g. Valentine et al, 2009). Implications for HDA-CAS This may help us understand the risks that peer profiles pose as a resource for (unwanted and detrimental) social sorting. A more general point concerns what we understand about the populations who participate in a HDA-CAS (and the populations that are disengaged) and how different sorts of inclusiveness make some statistical measures less reliable. III.2.8

Value Sensitive Design (VSD) and Responsible Research and Innovation

Value sensitive design is an approach to digital technology design that aims incorporates an exploration of stakeholders' values into the design process by making visible values related concerns such as those outlined above. VSD can be seen as belonging to a swathe of approaches contributing to the ‘ethical governance’ of emerging technology that come together under the banner of Responsible Research and Innovation (RRI). RRI aims to mitigate the negative consequences of technological progress through a mix of ethical practices, regulation and governance appropriate to a scientific domain. These include: foresight, democratisation, public engagement, and the fostering of outcomes-sensitive innovation and design practices (Stahl, 2013, Von Schomberg, 2013 ; Owen et al, 2012). Value centred design is an approach to technology design that incorporates an appreciation of human values to enable more socially acceptable forms of technology to emerge. It does this in a number of ways: By helping design to proceed in full awareness of what is at stake and for whom; so that when decisions are taken they are not done so blindly or in ignorance. It also aims for sensitivity to emergent values, and how technologies transform existing value regimes by bringing newly valued practices, objects and capabilities into play. Lastly, but not least, understanding values has a creative potential to inform the sorts of services that would be meaningful to stakeholders, and to help foster desired forms of participation and social behaviour. VSD employs three forms of investigation to uncover relevant values (Friedman et al, 2002): 1. Conceptual investigations: To identify who is affected, in what way, what values are at stake and how trade-offs between competing values might be managed. This is typically a desk-based research that could involve exploring the philosophical basis for concepts such as ‘consent’ or analysing a technology scenario from the perspective of normative values and existing governance and legislative frameworks. 2. Empirical Investigations: Deepens the conceptual investigation by exploring value issues at play in relevant personal, organisational or societal contexts. Empirical investigations might reveal the interplay of values within a setting, or across settings, or it might focus on the sorts of values that are apparent through the use of a particular technology, for example, what are the determinants of privacy preferences in Facebook? 3. Technical Investigations: Understand the interplay between technological affordances and specific value regimes. A good example here is the concern raised by Google Glass which discretely embeds a video camera in a wearable item thereby greatly increasing the potential for unappreciated digital surveillance. VSD makes an important distinction between ‘direct stakeholders’, who are recognised within existing design approaches, and ‘indirect stakeholders’ who are neither immediate users nor developers, nor owners, but whose lives may nonetheless be affected. Drawing again on the Google Glass example, an indirect stakeholder might be someone who is inadvertently caught on video by a Google Glass user. VSD also makes a series of distinctions between designer values, explicitly supported (or designed in) values and stakeholder values, each of which might be distinct and non-overlapping. The aim is to ensure that the explicitly supported values are not merely an embedding of the designer’s own values or preconceptions.

Page 68 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 III.2.9

Beyond the state of the art - towards ethical governance for HDA-CAS

For SmartSociety several questions emerge as how we move beyond the state of the art in the ethical governance of technologies to inform the development of HDA-CAS. Moreover, the specific issue of how a HDA-CAS might be governed raises particular questions of its own: Who will set the rules for HDA-CAS? What will be its constitution? How will power be vested? The functional design of social machines and the design of their governance mechanisms are intimately linked because social regulation is also key for enabling the sought after social computation (Hendler et al, 2008; Ericson and Kellogg, 2000). It follows that design for emergent social behaviour depends as much upon artfully embedding appropriate social values as it does on the creation of structures and interactions around which the social behaviours cohere. Our contention is that the design of effective social machines needs to take account of the ways values are communicated though structure, and the role they play to underpin social interaction. By way of analogy, modern architectural practice recognises how social values embedded in, or symbolically communicated by, the built environment are important to regulating human behaviour in the physical world (Shah & Kesan, 2007). Thus, ethical governance for Social Machines has inward and outward facing aspects. Inwardly, the way that the Social Machine is constituted needs to reflect the ethos of the computations (e.g. meeting standards of authorship in Wikipedia), to offer reciprocity for participation and discourage malicious forms of participation. Outwardly, the role that Social Machines play within a wider societal context is important, e.g. preventing social machines from being put to malicious purposes such as their use by spammers to circumventing Captchas, or in promulgating exploitative labour practices (Silberman et al, 2010). This implies that we have a layered and interacting series of governance concerns and with important ethical considerations emerging at each ‘level'. To design governance mechanisms for HDA-CAS we can draw upon well-known governance mechanisms in other domains, including: professional codes of conduct, democratic processes and other structured forms of decision-making and accountability practices. The governance mechanisms of Wikipedia have been extensively studied as a celebrated example of the potential of socially orchestrated knowledge production. An important finding here is how the governance of Wikipedia has evolved in line with the changing demands of its growing scope and sophistication (Aaltonen and Francesco, 2011). One can draw upon the governance literature more generally to survey candidate governance mechanisms, for example, 'polycentric governance' concerns how users of a commons (with appropriate resources for enforcement and transparency) can better co-regulate its exploitation than could a centralised authority (Ostrom, 2010). ‘Adaptive governance’ approaches developed for socio-ecological systems, are suited to systems whose dynamically unfolding character drives the need for regulatory regimes to co-develop in a responsive way (Hatfield-Dodds et al, 2007). Thus, ethically sensitive approaches to developing and operating HDA-CAS would draw upon existing approaches, but in all likelihood weave them into new configurations. For example, VSD provides a sound starting point, but the practices of design for social machines well may be different to those of more conventional technologies. For social machines design is more like fine tuning the conditions for emergence, rather than the creation of a rigid working solution based upon a static specification (McBride, 2011). Also, the adaptive and evolutionary properties envisaged for HDA-CAS give us a temporally extended view of values and stakeholders. So an initial analysis is unlikely to reveal downstream impacts as the HDA-CAS evolves via learning and in response to changes to its external environment. A values-sensitive approach would need to be responsive to the emerging implications as it adapts and evolves. Lastly, but not least, value-sensitive approaches acknowledge that populations will hold diverse values, and lead us to consider mechanisms to articulate conflicting values and mediate tradeoffs. III.2.10

References

Ackerman, W (1981) Cultural Values and Social Choice of Technologies, International Social Science Journal, 33 (3) 447–465. A. Aaltonen and L. G. Francesco (2011) Governing Social Production in the Internet : The Case of Wikipedia ' in The proceedings of 19th European Conference on Information Systems (ECIS). Brynjolfsson, E., Y. J. Hu, M. D. Smith (2006). From Niches to Riches: Anatomy of the Long Tail, MIT Sloan Management Review, 47(4), 67-71.

Page 69 of (133)

Deliverable D1.1

Erickson, T. and Kellogg, W., A. (2000) Social translucence: an approach to designing systems that support social processes. ACM Transactions on Computer-Human Interaction. 7(1) 59-83. Friedman B., Kahn P., Borning A. (2002). Value Sensitive Design: Theory and Methods. UW CSE Technical Report 02-12-01, http://www.urbansim.org/pub/Research/ResearchPapers/vsd-theory-methods-tr.pdf. Hatfield-Dodds, S., Nelson, R., and Cook, D. (2007) Adaptive governance: An introduction, and implications for public policy. Paper presented at the 51st Annual conference of the Australian Agricultural and Resource Economics Society, Queenstown NZ, 13-16 February 2007 Hendler, J., Shadbolt, N., Hall, W., Berners-Lee, T. and Weitzner (2008) Web science: An Interdisciplinary Approach to Understanding the Web. Communications of the ACM 58(7) 60-69. Holmes, M. (2011) Emotional Reflexivity in Contemporary Friendships: Understanding It Using Elias and Facebook Etiquette, Sociological Research Online, 16(1) 11 http://www.socresonline.org.uk/16/1/11.html https://mywebspace.wisc.edu/stenerson/web/documents/EthicsPaper.pdf Introna, L. D. and Nissembaum H. (forthcoming) Shaping the web: Why the politics of search engines matters. The Information Society. www.nyu.edu/projects/nissenbaum/papers/searchengines.pdf Fleischmann, K and Wallace, W., 2009, Ensuring transparency in computational modeling. Communications of the ACM, 52(3) 131134. http://dl.acm.org/citation.cfm?id=1467278 Friedman, B., Kahn Jr, P. H., and Borning A. (2006) Value Sensitive Design and Information Systems Forthcoming in P. Zhang & D. Galletta (Eds.), Human-Computer Interaction in Management Information Systems: Foundations. M.E. Sharpe, Inc: NY. Johnson, D. G. and Mulvey, J. M., 1995, Accountability and computer decision systems, Communications of the ACM 38(12) 58-64. Karpinsky, N., Lall, C., Moore, D., and Stenerson M. Ethics of Crowdsourcing (web manuscript) Kennedy, H. (2012) Perspectives on Sentiment Analysis. Journal of Broadcasting & Electronic Media 56(4) 435-450. Knobel, C. and Bowker, C. G. (2011) Values in Design, Communications of the ACM, 54(7) 26-28. Kobsa, A. (2009) The Circles of Lattitude. Adoption and Usage of Location Tracking in Online Social Networking. IEEE International Conference on Computational Science and Engineering, Vancouver, Canada, 2009, 1027-1030. Kosta, E., Pitkänen O., Niemelä, M. and Kaasinen, E (2010) Mobile-Centric Ambient Intelligence in Health- and Homecare— Anticipating Ethical and Legal Challenges. Science and Engineering Ethics June 2010, Volume 16, Issue 2, pp 303-323 Lanier J (2013) Who Owns The Future? Pub. Allen Lane. Lyon, D. (ed). (2003) Surveillance as social sorting. Privacy, risk and digital discrimination. Routledge. N. McBride (2011) From Social Machine to Social Commodity: Redefining the concept of social machine as a precursor to creating new web development approaches ACM Web Science Conference, Koblenz, June 14-17 2011. url: http://www.websci11.org/fileadmin/websci/Posters/155_paper.pdf Marcus, A. and Gould, E., W. (2000) Crosscurrents: cultural dimensions and global Web user-interface design. ACM Interactions Magazine 7(4) 32-46. Mort M, May C R and Williams T (2003) Remote doctors and absent patients: Acting at a distance in telemedicine. Science, Technology and Human Values 28(2) 274-295. Ostrom, E. (2010) Beyond Markets and States: Polycentric Governance of Complex Economic Systems. The American Economic Review, 100(3) 641-672. Owens, R., Macnaghten, P. and Stilgoe, J. (2012) Responsible Research and Innovation: From science in society to science for society, with society. Science and Public Policy 39, 751-760. Sellen, A., Rogers, Y., Harper, R. and Rodden T. (2009) Reflecting Human Values in a Digital Age. Communications of the ACM (52)3 58-66. Shah, R. C., & Kesan, J. P. (2007) How Architecture Regulates. Journal of Architectural and Planning Research, 24(4), 350-359. Stahl, B. C., Eden, G., & Jirotka, M. (2013). Responsible Research and Innovation in Information and Communication Technology Identifying and engaging with the ethical implications of ICTs. In R. Owen, M. Heintz, & J. Bessant (Eds.), Responsible Innovation (pp. 199-218). Wiley. Silberman, M. S., Irani, L. and Ross, J. (2010) Ethics and tactics of professional crowdwork. XRDS: Crossroads, The ACM Magazine for Students. 17(2), 39-43. Swidler, Ann. 1986. “Culture in Action: Symbols and Strategies”. American Sociological Review 51(2):273–286.) Sweeney, L. (2013) Discrimination in Online Ad Delivery. Online manuscript. (? Peer reviewed). http://arxiv.org/ftp/arxiv/papers/1301/1301.6822.pdf Valentine, G., Holloway, S., and Bingham, N. (2002) The Digital Generation?: Children, ICT and the Everyday Nature of Social Exclusion. 34(2) 298-315. Von Schomberg, Rene ( 2013). "A vision of responsible innovation". In: R. Owen, M. Heintz and J Bessant (eds.) Responsible Innovation. London: John Wiley, forthcoming

Page 70 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

III.3

ÂŠ SmartSociety Consortium 2013 - 2017

Privacy

Leonardo A. Martucci and Simone Fischer-HĂźbner III.3.1

Introduction

Privacy is a core value that needs to be fully integrated in HDA-CAS. Therefore, basic privacy principles, such as the principles of legitimacy of data processing, purpose specification and binding, data minimization, transparency and rights of data subjects, and security have to be embedded in the development and deployment of HDA-CAS. To achieve the objective of integrating privacy in HDA-CAS, privacy-enhancing technologies that are specially tailored for HDA-CAS need to be designed and developed to provide theoretical foundations and tools for building a privacy-friendly SmartSociety of the future. To provide a foundation on which Privacy work in SmartSociety can progress, this document outlines the state-of-the-art of privacy research relating it to core concepts of HDA-CAS. III.3.2

Related Work

Privacy in Collective Adaptive Systems has so far been looked at from the perspective of specific application scenarios, such as participatory sensing and ambient intelligence. Some building blocks of CAS, such as peer-to-peer (P2P) networks and databases, and tools and mechanisms designed to operate on top of those blocks, such as data mining and network protocols, have been extensively studied and analyzed from the privacy perspective. In this section we revisit the related work in the field of privacy in Collective Adaptive Systems and other similar systems in different contexts, such as cyber-physical systems and social networks, and we review tools for privacy protection and transparency in the context of CAS, including location privacy. III.3.3

Privacy and Diversity

The notion of diversity is a key component in anonymity metrics, i.e., standards of measurements that aim at quantifying the level of privacy of a subject. Anonymity means that a subject is not identifiable within a set of subjects (the anonymity set) who might have caused a given action (Pfitzmann and Hansen, 2010) or associated to a given piece of information (Sweeney, 2010). The cardinality of the anonymity set can be used as a privacy metric. Diversity has a strong impact, either positive or negative, on the privacy of subjects. First of all, diversity decreases the homogeneity of the set of subjects and, thus, may also reduce the cardinality of anonymity sets and the level of privacy for the subjects (persons) that are elements of these sets. The anonymity set size is related to another metric, the k-anonymity. K-anonymity (Sweeney, 2010) is a formal privacy protection model that aims at preventing the reidentification of individuals in a given person-specific field-structured data (structured database) while maintaining the utility (usefulness) of the data. The idea behind k-anonymity is that a record from a database is released only if there are at least (k-1) other similar records, i.e., whose values of quasi-identifiers are indistinguishable from the each other. Thus, there are at least k subjects that can be linked to a given release of data. In addition, k-anonymity can be used to quantify anonymity in location-based services, as shown in (Gruteser and Grunwald, 2003; Gedik and Lui, 2008). L-diversity (Machanavajjhala, 2007) is a model that extends k-anonymity. It proposes a solution for the blindness of k-anonymity regarding diversity in sensitive information that can be exploited using attacks that use public (non-sensitive) information to obtain sensitive information. The idea behind l-diversity is that the diversity of sensitive attributes has be at least l (where l > 1). Therefore, lack of diversity of sensitive attributes can also negatively affect privacy.

ÂŠ SmartSociety Consortium 2013 - 2017

Page 71 of (133)

Deliverable D1.1

Moreover. the understanding of privacy changes significantly between different societies (Lunheim and Sindre, 1993) and therefore the understanding of what is considered private or public information is influenced by the local norms and culture. For instance, in Sweden, tax reports are considered public information while they are considered private information in Germany or the United States. III.3.4

Privacy and Hybridity

The sociologist Erving Goffman described the concept of audience segregation, meaning that people usually play different roles in different situations and perform differently for different audiences (Goffman, 1959). Privacy-enhancing identity management systems (see e.g. Camenisch et al, 2011) technically enforces audience segregation by allowing users to selectively disclose subsets of their personal data, so-called partial identities, under different pseudonyms to different communication partners dependent on their current context. Hybrid distributed systems could allow a user to use different agents, which represent different (partial) identities of the user in dependence on the current context. While establishing multiple identities prevents users and their agents from being completely profiled under one identity and thus promotes privacy, it also enables compromises by so-called Sibyl attacks. In (Martucci et al, 2008), the concept of self-certified Sybil-free pseudonyms is presented, which allows protecting against Sybil attacks on distributed systems in a privacy-friendly manner. III.3.4.1 

Privacy and Operating Principles

Profiling

Legal surveys and analyses of the implications of group and personalized profiling on privacy and democracy at the level of the collection of data, the construction of profiles and at the level of their applications has been conducted within the scope of the EU FP6 NoE project FIDIS (Future of Identity in the Information Society) (Schreurs, 2005; Hildebrant and Gutwirth, 2008). Technical approaches to privacy-enhanced profiling include approaches for constructing or storing profiles on the devices and under the control of the individuals concerned (FIDIS D9.3 ) as well as privacyenhancing data mining techniques, which for instance add noise to statistical profiles in such a manner that the statistics do not leak personal information while still providing utility (see e.g., Aggarwal and Yu, 2008). The privacy-friendly release of data from statistical databases is also an important aspect related to profiling. Section III.3.3 presented how the notion of diversity affects privacy. The privacy models k-anonymity and ldiversity are used to evaluate the privacy impact of data releases. T-closeness (Li et al, 2007) extends ldiversity by proposing restrictions to the disclosed sensitive data, which should follow the distribution of the overall table. . Differential privacy (Dwork, 2008) is a formal model that ensures that addition or removal of single items of a database does not significantly affect the outcome of an analysis. Differential privacy shows that any statistical database that releases data with a non-trivial utility also leaks personal information. Differential privacy also offers means to quantify the level of loss of personal information against the utility of the data retrieved from the database. Data mining with formal privacy guarantees based on differential privacy is described in (Friedman and Schuster, 2010). 

Transparency and Provenance

As mentioned in Section 3.3, transparency of personal data processing for data subjects is a basic privacy principle, and consequently the Legal European Data Protection Framework grants data subjects rights to information for making the processing of their data transparent. Transparency-enhancing tools (TETs) provide technical means for enforcing these data subject rights. According to Hildebrandt (2009), TETs can be divided into ex ante TETs which enable the anticipation of consequences before data is actually disclosed, and ex post TETs which inform about consequences if data already has been revealed. Examples for ex ante TETs are privacy policy languages, such as P3P (W3C P3P, 2006) or PPL (PrimeLife), which could also be used in the context of SmartSociety for informing users more transparently about privacy policies, e.g. when they have to provide their informed consent to disclose personal data for peer profiling or other purposes. Ex post TETs comprise tools that provide data subjects with online access to their data at the service provider’s side (e.g., Wästlund and Fischer-Hübner, 2010) or access to logs documenting how their data were processed. As logs that are recording who has accessed data Page 72 of (133) http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

and how the data has been processed in turn also include personal data (e.g., the fact that a medical record of a patient has been accessed by a psychiatrist reveals sensitive personal information), they have to be designed in a privacy-friendly manner. Privacy preserving transparency logging schemes are introduced in (Pulls, 2012; Hedbom et al, 2010). They propose methods for the encryption of log records in such a way that the records are only accessible by the data subjects to which the records relate. The ex post TETs based on logging the data accesses is related to data provenance and privacy-preserving schemes could also be applied in adapted form for a privacy-friendly design of data provenance schemes. III.3.5

Privacy, Compositionality and Collectives

Compositionality and collectives are key aspects when referring to privacy in the context of CAS. The notion of compositionality and its relation to privacy has so far been addressed from the point of view of pervasive applications, such as participatory sensing, and systems based on human-based computation, especially for the prevention of Sybil attacks. A Sybil attack is an identification attack that occurs when a malicious user influences the network by controlling multiple logical identifiers from a single physical device. In a Sybil attack, malicious users assume multiple identifiers, preventing the usage of security mechanisms based on filters, reputation or trust assumptions (Dourceur, 2002). A privacy-preserving framework for participatory sensing applications, i.e., applications in which users voluntarily report data using their mobile devices on (often) environmental conditions, is described in (Christin et al, 2013). Mitigation against automated Sybil attacks is often performed with CAPTCHAs (completely automated public Turing test to tell computers and humans apart), which are specific purpose human-based computation systems to differentiate humans from computers. Collectives are strongly linked to the provisioning of privacy in large and distributed systems. Peer-to-peer anonymous communication mechanisms, such as Crowds (Reiter and Rubin, 1997) and Chameleon (Martucci et al, 2006), are run by the collective of users and based on the compositionality of individual interactions. Tor (Dingledine et al, 2004), an anonymous communication system, is also supported and run by collective that voluntarily offers networking and computing resources to provide anonymity to Internet users. Online social networks can aggregate collectives and are potential important means for providing compositionality between collectives and machines, as the social networks provide an invaluable source for machines to learn from people. Safebook (Cutillo, 2009) and Diaspora are distributed peer-to-peer privacyfriendly online social networks that were proposed and lately implemented. The notion of compositionality is also relevant when discussing privacy in relation to data security. Privacy and security services do not always compose (McCullough, 2009), as they may have conflicting requirements and properties that may void their desired functionality. III.3.6

Privacy and Evolutionary and Design Principles

Privacy Impact Assessment (PIA) is a systematic process for evaluating the effects on privacy (Clarke, 2009). It consists of multiple procedural and sequential steps that are related to: the characterization and use of information, retention of data, internal and external sharing and disclosure, notice, access, redress, correction, technical access to information, security aspects and technologies involved. PIA provides means of understanding privacy-related concerns regarding the adoption and deployment of new technologies and services, and also helps to mitigate risks to business (Clarke, 2009). Privacy by Design (PbD) is a framework for embedding privacy into the design of and architecture of IT systems (Cavoukain, 2009). It is based on a number of principles, including: a proactive approach to privacy, promoting user-centric systems, visibility and transparency. By embedding privacy protection into the design of IT-systems, privacy becomes an essential property of all system components. In addition, it may well be applicable for evolving systems, as privacy properties are constantly been analyzed and addressed as systems evolve. PbD also specifies full lifecycle protection of personal information into IT systems (Cavoukain, 2009), according to the PbD guidelines, as all data is securely collected, stored, used and destroyed.

ÂŠ SmartSociety Consortium 2013 - 2017

Page 73 of (133)

III.3.7

Deliverable D1.1

Beyond the state of the art

In the SmartSociety project we will advance the state of the art by developing methods and deeply integrating privacy, a key non-functional requirement, in HDA-CAS. Privacy-enhancing technologies that are specially designed or tailored for HDA-CAS are going to provide the foundations and tools for a privacy-friendly society of the future. In HDA-CAS, privacy is strongly connected to, and has a strong influence on how provenance, matching and ranking, compositionality and information flows are offered in smart societies. Embedding privacy in the design stage of the SmartSociety architecture and providing guidelines for privacy protection in HDA-CAS. Research in the field of privacy in SmartSociety goes beyond the state of the art by addressing the following research challenges:     

How can privacy-enhancing identity management and access control methods e.g., role-based access control (RBAC), be used for audience segregation of peers? How can the PbD framework be adapted to the properties of HDA-CAS, especially regarding diversity, compositionality and evolutionary principles? How can the distributed nature of HDA-CAS be to built-in privacy? How can privacy-preserving data provenance schemes be designed for HDA-CAS? How can peer-profiling be performed in a privacy-preserving manner?

III.3.8

References

C. Aggarwal and P. Yu. Privacy-Preserving Data Mining - Models and Algorithms. Springer. 2008. J. Vaidya and C. Clifton. Privacy-Preserving Data Mining: Why, How and When. IEEE Security & Privacy. Nov/Dec 2004. J. Camenisch, S. Fischer-Hübner and K. Rannenberg. Privacy and Identity Management for Life. Springer. 2011. A. Cavoukian. Privacy by Design. Information and Privacy Commissioner of Ontario. [Online] 2009. Available at: http://www.privacybydesign.ca/index.php/paper/privacy-by-design/ D. Christin, J. Guillemet, A. Reinhardt, M. Hollick, and S. S. Kanhere: Privacy-preserving Collaborative Path Hiding for Participatory Sensing Applications. In Proc of the 8th IEEE Int Conference on Mobile Ad-hoc and Sensor Systems (MASS), pages 341–350, 2011. D. Christin, C. Roßkopf, M. Hollick, L. A. Martucci and S. S. Kanhere, IncogniSense: An Anonymity-preserving Reputation Framework for Participatory Sensing Applications. In: Journal of Pervasive and Mobile Computing. 2013 R. Clarke. Privacy impact assessment: Its origins and development. Computer Law& Security Review 25(2), 123-135 (2009). J. R. Douceur. The Sybil Attack. In P. Druschel, F. Kaashoek, and A. Rowstron, editors, Peer-to-Peer Systems: Proc. of the 1st Int. Peer-to-Peer Systems Workshop (IPTPS), volume 2429, pp. 251–260. Springer-Verlag, 2002 L. A. Cutillo, R. Molva, T. Strufe. Safebook: A privacy-preserving online social network leveraging on real-life trust. In IEEE Communications Magazine 47.12 (2009): 94-101. R. Dingledine, N. Mathewson and P. Syverson. Tor: The Second-Generation Onion Router, Naval Research Lab Washington DC, 2004. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L No.281, 23 Nov 1995. European Commission. Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR), COD 2012/0011, 25 Jan 2012. European Commission. Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 C7 0025/2012 2012/0011(COD)) Compromise amendments on Articles 1-29," Available from http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/comp_am_art_01-29/comp_am_art_01-29en.pdf, 21.10.2013. C. Dwork. Differential Privacy: A Survey of Results. In: Proc. of 5th Int Conf on Theory and Applications of Models of Computation (TAFC), volume 4978 of Lecture Notes in Computer Science, pp. 1–19, 2008. Simone Fischer-Hübner. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms, volume 1958 of Lecture Notes in Computer Science. Springer-Verlag Berlin/Heidelberg, 2001. A. Friedman and A. Schuster. Data Mining with Differential Privacy. In Proc of the 16th ACM Conf. on Knowledge Discovery (KDD), Washington, DC, USA, 2010. B. Gedik and L. Liu. Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans on Mobile Computing, vol. 7, no. 1, Jan 2008. E. Goffman. The presentation of self in everyday life. Doubleday, 1959. M. Gruteser and D. Grunwald. Anonymous usage of location-based services through apatial and temporal cloaking. In Proc. of the 1st Int. Conf. on Mobile Systems, Applications, and Services (MobiSys). USENIX, May 2003. H. Hedbom, T. Pulls, P. Hjärtquist and A. Lavén. Adding Secure Transparency Logging to the PRIME Core. In 5th IFIP WG 9.2,9.6/11.7,11.4,11.6/PrimeLife Int. Summer School, revised selected papers, Springer, 2010.

Page 74 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

M. Hildebrandt and S. Gutwirth. Profiling the European Citizen - Cross-Disciplinary Perspectives, Springer 2008. M. Hildebrandt. Behavioural biometric profiling and transparency enhancing tools. In: Future of Identity in the Information Science (FIDIS, Network of Excellence within the European Community's 6th Framework Program, No. 507512), Deliverable 7.12, 2009. R. Lunheim and G. Sindre. Privacy and Computing: a Cultural Perspective. In Richard Sizer, Louise Yngström, Henrik Kaspersen, and Simone Fischer-Hübner, editors, Proceedings of the IFIP TC9/WG9.6 Working Conference on Security and Control of Information Technology in Society, pages 25–40. North-Holland, 12–17 Aug 1993. ISBN 0-444-81831-6. N. Li, T. Li and S. Venkatasubramanian. t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. In Proc of the 23rd IEEE Int Conf on Data Engineering (ICDE), pp. 106-115, 2007. A. Machanavajjhala, D. Kifer, J. Gehrke and M. Ventikasubramaniam. L-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD). vol.1 i.1, 2007. L. A. Martucci, C. Andersson, and S. Fischer-Hübner. Chameleon and the Identity-Anonymity Paradox: Anonymity in Mobile Ad Hoc Networks. In Proc of the 1st Int Workshop on Security (IWSEC) - Short Papers, pp. 123–134, 2006. L. A. Martucci, M. Kohlweiss, C. Andersson, A. Panchenko. Self-certified Sybil-Free Pseudonyms. In: Proc. of the 1st ACM Conference on Wireless Network Security (WiSec). 2008. Alexandria, VA, USA. p.154-159. D. McCullough, “Non-inter erence and the composability o security properties”, In Proc of the 1988 IEEE conference on Security and Privacy (S&P). 1988. Organization for Economic Co-operation and Development. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Paris, France, 1980. A. Pfitzmann and M. Hansen. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. v.0.34. Aug. 2010. PrimeLife. Privacy and Identity Management in Europe for Life - Policy Languages. [Online]. Available at: http://primelife.ercim.eu/results/primer/133-policy-languages. T. Pulls. Privacy-Preserving Transparency-Enhancing Tools. Licentiate Thesis. Karlstad University Studies. 2012:57 M. Reiter and A. Rubin. Crowds: Anonymity for Web Transactions. In DIMACS Technical report, pages 97–115, 1997. W. Schreurs, M. Hildebrandt, M. Gasson and K. Warwick. Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence. In: Future of Identity in the Information Science (FIDIS, Network of Excellence within the European Community's 6th Framework Program, No. 507512), Deliverable 7.3, 2005. L. Sweeney. k-Anonymity: A Model for Protecting Privacy, Int. Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, nr. 5, pp. 571-588, 2002. W3C. P3P – The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, 2006. [Online]. Available at: http://www.w3.org/P3P/. S. Warren and L. Brandeis. The Right to Privacy. Harvard Law Review, 4(5), 15 Dec 1890. A. F. Westin. Privacy and Freedom. Atheneum, New York, NY, USA, 1967. E. Wästlund and S. Fischer-Hübner, End User Transparency Tools: UI Prototypes, PrimeLife Deliverable D4.2.2. 2010 Available at: www.primelife.eu.

III.4

Provenance Trust and Reputation30

Luc Moreau III.4.1

Introduction

Provenance, i.e., the origin or source of something, is becoming an important concern for several research communities in computer science, since it offers the means to verify data products, to infer their quality, to analyse the processes that led to them, and to decide whether they can be trusted. In fact, provenance is an intrinsic property of data, which gives data value, when accurately captured. To motivate the need for provenance, its potential benefits are reviewed in several contexts: e-science, curated databases and Semantic Web. Furthermore, the provenance philosophy is showed not to be restricted to data in computer systems, but also to apply to real-life artifacts, such as ingredients in the food industry, parts in manufacturing and works of art. III.4.2

Drivers for Provenance

As the e-science vision becomes reality (Hendler, 2003; Hey and Trefethen, 2003), researchers in the scientific community are increasingly perceived as providers of online data, which take the form of raw data sets from sensors and instruments, data products produced by work flow-based intensive computations (Gill et al, 2007), or databases resulting from sophisticated curation (Buneman et al, 2008). While science is becoming computation and data intensive, the fundamental tenet of the scientific method remains unchanged: experimental results need to be reproducible. In contrast to a workflow, which can be viewed as a recipe that can be applied in the future, provenance is regarded as the equivalent of a logbook, capturing all the steps that were involved in the actual derivation of a result, and which could be used to replay the

The material in this section is copied from Moreau (2010) and Moreau and Groth (in preparation). Page 75 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

execution that led to that result so as to validate it. Curated databases typically represent the efforts of a dedicated group of people to produce a definitive description of some subject area (Buneman et al, 2008). They cover a vast range of application domains from SwissProt, which is a protein knowledge-base that is manually annotated and reviewed, to Wikipedia, a crowd-sourced encyclopedia, with increasingly sophisticated editorial processes. Such databases are generally published on the Web; they are heavily cross-referenced with, and include data from, other databases. Curated databases therefore bring out the problem of attribution (who initially created a description), and raise questions about the source, or provenance, of such descriptions (where were descriptions initially published). Meanwhile, the Web has evolved into a network of blogs, information portals, and social bookmarking services which provide automated feeds between subscribers. As the Web allows information sharing, discovery, aggregation, filtering and flow in an unprecedented manner, it also becomes very difficult to identify, reliably, the original source that produced an information item on the Web. Without knowing the provenance of information, information services may not be able to undertake the necessary due diligence about their content, they may be the subject of fraud or spam, and overall they may be judged as unreliable. Provenance is in fact identified as one of the many salient factors that affect how users determine trust in content provided by Web information sources (Gill and Artz, 2007). This view is echoed by Lynch (2002), who argues that among the consequences of this shift to new highly distributed dissemination systems, will be a new emphasis on the provenance of data and metadata, and the need for information retrieval systems to permit users to factor in trust preferences about this information. Where the Web originally consisted largely of documents intended to be read by humans, the Semantic Web [430] (Berners-Lee et al, 2001) envisions a Web of information and knowledge processable by computer systems which undertake automated reasoning. Central to this effort are RDF (Klyne and Carroll, 2004) and OWL (Dean et al, 2004), the frameworks in which to express metadata, vocabularies and perform associated reasoning. This vision is being deployed by means of Linked Data (Bizer et al, 2009; Shadbolt et al, 2006 ), an information space in which data is being enriched by typed links expressed in RDF (Klyne and Carroll, 2004), cross-referencing data sets, in a machine-processable fashion. Given the possibility for anybody (or system) to publish sets of Linked Data that refer to others, reasoners will need explicit representations of provenance information in order to make trust judgements about the information they use (W3C Incubator activity, 2009). The issue of provenance is in no way limited to data, information or knowledge. It also applies to physical artifacts, for example in the food industry. From wine to meat, from dairy products to whisky, from coffee to vegetables, the food industry is very keen to be able to demonstrate the origin of the ingredients consumers purchase and eat. Understanding the provenance of food, i.e. its origin, how it is produced, transported, and delivered to consumers, is turned into a competitive advantage by the food industry, since it allows it to demonstrate quality (in taste, in carbon footprint, or in ethics). Furthermore, across the world, governments and associated regulatory authorities are interested in food safety, and typically require the traceability of food. Likewise, manufacturers focus on compliance and traceability initiatives for a variety of reasons. Understanding past processes is critical to discover bottlenecks, inefficiencies, wastage, and learn how to improve them. Exact traceability is essential to manage product recalls efficiently and minimise their economic impact. Similarly to the food industry, provenance of products is used to build customer trust. And of course, in the context of art, the provenance of art objects is so important that available evidence is typically produced before auctions in order to maximize the price obtained for these objects. III.4.3

From Provenance to Reputation and Trust

We adopt he W3C (World Wide Web Consortium) Provenance Working Group's definition of provenance (Moreau et al, 2013) Page 76 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Provenance is defined as a record that describes the people, institutions, entities, and activities involved in producing, influencing, or delivering a piece of data or a thing. Importantly, in the context of the Web, provenance is a record that can be created by, exchanged between, and processed by computers. This record contains descriptions of events that led to a piece of data or a thing being in a given state: thus, provenance can be pertaining to documents, data, or more generally resources over the Web, but also to things in real or even imaginary worlds. In Tim Berners-Lee vision for the Semantic Web, provenance is a crucial component in establishing trust. The idea is that if one can determine where data and documents come from, one can decide whether they can be trusted. Weitzner et al. (2008) argue that, for information, “accountability must become a primary means through which society addresses appropriate use". For them, “information accountability means the use of information should be transparent so it is possible to determine whether a particular use is appropriate under a given set of rules, and that the system enables individuals and institutions to be held accountable for misuse”. Dynamically assembled systems need to be made accountable for users to gain confidence in them, i.e., their past executions must be auditable so that compliance with, or violations of, policies can be asserted and explained. Weitzner et al. (2008) note the similarity between accountability and provenance in scientific experiments. Provenance is a key enabler for accountable systems since it consists of an explicit representation of past processes, which allows us to trace the origin of data, actions and decisions (whether automated or humandriven). It therefore provides the necessary logs to reason about compliance or violations As users delegate important tasks to systems and endow them with private data, it is crucial that they can put their trust in such systems. Accountability as defined previously is a way by which trust can be built, since action transparency and audit help users gain trust in systems. However, users may not always want (or have the resources) to audit systems; instead, they would like to be given a measure of trust, which they can rely upon to decide whether to use a system or not. The topic of trust has been extensively reviewed (Goldbeck, 2008; Gill and Artz, 2007; Ramchurn et al, 2004; Luke et al, 2005). Trust is usually based on an agent's own experience with respect to past interactions with other agents, whereas reputation draws upon information gathered from third-parties. In a multi-agent context (Ramchurn et al, 2004), trust is defined as: Trust is a belief an agent has that the other party will do what it says it will (being honest and reliable) or reciprocate (being reciprocative for the common good of both), given an opportunity to defect to get higher payoffs. The focus of multi-agent systems trust in on actions performed by agents. It is to be distinguished from trust of information (or content trust (Gill and Artz, 2007)) defined as follows: Content trust is a trust judgment on a particular piece of information in a given context. Reputation is acquired from the experiences of other agents in the community. Reputation can also be believed reliability in doing what an agent says it will do regarding particular issues of a contract, or alternatively is reliability of a particular piece of information. Trust and reputation models typically introduce a measure, to represent how trustworthy or reputable a system or individual is. This measure is then typically summarized in a label (trustworthy/not trustworthy), and used to make decisions. III.4.4

PROV: the W3C Recommendation for Provenance

PROV is a recent recommendation of the W3C for representing provenance over the Web. PROV is a conceptual data model (prov-dm), which can be mapped and serialized to different technologies. There is an © SmartSociety Consortium 2013 - 2017

Page 77 of (133)

Deliverable D1.1

OWL2 ontology for prov (prov-o), allowing mapping to RDF, an XML schema for provenance, and a textual representation for prov (prov-n). Furthermore, there is also a native representation in json. The following figure [3] summarises the core of PROV. There are three notions: entities (the data or things for which we want to express provenance), activities (representing what happens in systems), and agents (bearing responsibility for things and activities). These three concepts can be related with 7 relations.  Derivation view: entities may be derived from other entities  Responsibility view: agents may be responsible for other entities (wasAttributedTo), for activities (wasAssociatedWith), or for other agents (actedOnBehalfOf).  Process view: activities used entities, and vice-versa entities were generated by activities. Furthermore, activities can be informed by other activities.

III.4.5

B e y ond the state of the art

Provenance models have been developed in the context of database systems, workflow systems and the (Semantic) web. No work has specifically tackled provenance in the context of CAS. As far as provenance is concerned, a number of issues are critical to be investigated to develop successful CASs.  

 

Techniques are required to generate provenance automatically from programming language runtimes, in particular, for coordination languages. Those techniques will need to be scalable. A CAS provenance model needs to be specified, as a specialization of the W3C PROV standard. Two challenging aspects will require our attention: how to model humans and their interactions with CAS, and how to model collectives. Such collectives may be hybrid (humans and machines) and diversity-aware (consisting of multiple types of agents). Given that provenance constitutes a log of human activities in the context of CAS, privacy and ethical considerations need to be investigated. Finally, the interrelation between provenance, trust, reputation will need to be investigated, in particular how trust measures based on provenance can be exposed to CAS, and how decisions influenced by trust and reputation can be documented in provenance. The novelty of the approach is to try and ground trust/reputation measures on provenance.

Page 78 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 III.4.6

References

Tim Berners-Lee, James Hendler, and Ora Lassila. The Semantic Web. Scienti_c American, 284(5):34{43, 2001. (url: http://www.scientificamerican.com/article.cfm?id=the-semantic-web). Christian Bizer, Tom Heath, and Tim Berners-Lee. Linked data - the story so far. International Journal on Semantic Web and Information Systems (IJSWIS), 2009. (url: http://tomheath.com/papers/bizer-heath-berners-lee-ijswis-linked-data.pdf). Peter Buneman, James Cheney,Wang-Chiew Tan, and Stijn Vansummeren. Curated databases. In PODS '08: Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 1-12, New York, NY, USA, 2008. ACM. (doi:http://doi.acm.org/10.1145/1376916.1376918). Mike Dean (ed), Guus Schreiber (ed.) Sean Bechhofer, Frank van Harmelen, Jim Hendler, Ian Horrocks, Deborah L. McGuinness, Peter F. PatelSchneider, and Lynn Andrea Stein. OWL web ontology language reference. W3c recommendation, World Wide Web Consortium, February 2004. (url:http://www.w3.org/TR/owl-ref/). Yolanda Gil and Donovan Artz. Towards content trust of web resources. Web Semant., 5(4):227{239, 2007. (doi: http://dx.doi.org/10.1016/j.websem.2007.09.005). James Hendler. COMMUNICATION: Enhanced: Science and the Semantic Web. Science, 299(5606):520{521, 2003. (doi: http://dx.doi.org/10.1126/science.1078874). A J G Hey and A E Trefethen. The data deluge: An e-science perspective. 2003. (url: http://eprints.ecs.soton.ac.uk/7648/1/The_Data_Deluge.pdf). Graham Klyne and Jeremy J. Carroll. Resource description framework (rdf): Concepts and abstract syntax. W3c recommendation, WorldWide Web Consortium, February 2004. (url:http://www.w3.org/TR/rdf-concepts/). Yolanda Gil, Ewa Deelman, Mark Ellisman, Thomas Fahringer, Geoffrey Fox, Dennis Gannon, Carole Goble, Miron Livny, Luc Moreau, and Jim Myers. Examining the challenges of scientific workflows. IEEE Computer, 40(12):26{34, December 2007. (doi:http://doi.ieeecomputersociety.org/10.1109/MC.2007.421). Jennifer Golbeck. Trust on the world wide web: a survey. Found. Trends Web Sci., 1(2):131-197,2008. (doi: http://dx.doi.org/10.1561/1800000006). Clifford A. Lynch. When documents deceive: trust and provenance as new factors for information retrieval in a tangled web. Journal of the American Society for Information Science and Technology, 52(1):12-17, 2001. (doi:/10.1002/15322890(2000)52:1<12::AID-ASI1062>3.3.CO;2-M). W. T. Luke Teacy, Jigar Patel, Nicholas R. Jennings, and Michael Luck. Coping with inaccurate reputation sources: experimental analysis of a probabilistic trust model. In AAMAS '05: Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, pages 997-1004, New York, NY, USA, 2005. ACM. (doi:http://doi.acm.org/10.1145/1082473.1082624). Moreau, Luc (2010) The Foundations for Provenance on the Web. Foundations and Trends in Web Science, 2, (2-3), 99-241. http://eprints.soton.ac.uk/271691/ L. Moreau, P. Groth, An introduction to PROV. Book in preparation. Morgan & Claypool Publishers. Luc Moreau, Paolo Missier (eds.), Khalid Belha ame, Reza B’Far, James Cheney, Sam Coppens, Stephen Cresswell, Yolanda Gil, Paul Groth, Graham Klyne, Timothy Lebo, Jim McCusker, Simon Miles, James Myers, Satya Sahoo, and Curt Tilmes. Prov-dm: The prov data model. W3C Recommendation REC-prov-dm-20130430, World Wide Web Consortium, April 2013. Sarvapali D. Ramchurn, Dong Huynh, and Nicholas R. Jennings. Trust in multi-agent systems. Knowl. Eng. Rev., 19(1):1{25, 2004. (doi:http://dx.doi.org/10.1017/S0269888904000116). Nigel Shadbolt, Tim Berners-Lee, and Wendy Hall. The semantic web revisited. IEEE Intelligent Systems, 21(3):96{101, 2006. (doi:http://doi.ieeecomputersociety.org/10.1109/MIS.2006.62). W3C Incubator Activity. Provenance incubator group charter, September 2009. (url:http://www.w3.org/2005/Incubator/prov/charter). Daniel J. Weitzner, Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Geral Jay Sussman. Information accountability. Commun. ACM, 51(6):81{87, June 2008. (doi:http://doi.acm.org/10.1145/1349026.1349043).

III.5

Collective Adaptive Systems

Stuart Anderson III.5.1

Introduction

CASs have their origins in bio-inspired, pervasive (A. Ferscha, 2011), and self-organizing systems, together with evolutionary and adaptive control strategies. III.5.2

Definitions of CASs

There is no single definition of CASs that circumscribes the field but there is a list of properties one would expect to see in any system that should be understood to be a CAS: 1. Fractal-like properties - systems of systems with significant self-similarity. 2. Evolutionary self organization - systems that have substantial capacity for reflection. 3. Stability in open environments - ensuring openness does not result in long-term oscillation. © SmartSociety Consortium 2013 - 2017

Page 79 of (133)

Deliverable D1.1

4. Control of emergent behaviour - systems will exhibit emergence but this should be controllable within the CAS. 5. Challenging data - in terms of scale, complexity and noise. 6. Impact – on all classes of users, including the comprehensibility of a CAS. 7. It is not essential that a CAS exhibits all of these features but one would expect to see any CAS exhibit more than one of the characteristics. III.5.3

Examples of CASs

The consultation document suggests: cities, mobile communication networks, and internet routing as examples of CASs. All of these operate at massive scale and over very long time periods. On a smaller scale one could consider something like a medical contact centre offering advice and support to people with health issues as an example. Arguably it has all of the main characteristics (fractal nature is probably the weakest of these) and it is a relatively contained and controllable system. Complex organisations whose operation is driven by the execution of routines can be seen as a CAS. We are surrounded by such systems because we live in an environment where bureaucracies control many aspects of our lives and bureaucracies exhibit all of the main characteristics of a CAS. Of course there are many other possible structures that give rise to CAS behaviour, for example colonies of robots, mixed machine/biological systems, biological systems like bacterial communities. All of these are of potential interest in the study of CASs and there is considerable research potential in investigating the creation of hybrids of these organisations where elements of biological systems are used in human- or machine based CASs. III.5.4

The Collective in CASs

In the discussion document (FET Proactive, 2009) (A. Ferscha, 2011) that established the FOCAS FET Proactive initiative the following text attempts to capture the collective in CASs: “Collectiveness: Systems typically comprise multiple units (often very large numbers), which have autonomy in terms of their own individual properties, objectives and actions. Decision-making is highly dispersed and interaction between the units may lead to the emergence of new and/or unexpected phenomena and behaviours.” We know that collectives are a powerful source of emergent behaviour. For example in bacterial communities quorum sensing mechanisms bring about sharp transitions in behaviour. When we choose to model large-scale groups as random networks we also see emergent properties as very sharp phase transitions in global properties. The simplest of these is the emergence of giant components in random graphs as the probability of two nodes being connected exceeds 1/n. Thus features like connectivity, the existence of hubs, short path lengths between any two nodes can all be very directly influenced be small changes in micro-scale behaviour of the participants in social networks. The study of features such as dynamic equilibria are also of considerable interest in this context. The study of these phenomena is quite well developed theoretically but the exploitation of these phenomena in the creation of effective networks of actors is still developing rapidly. In particular, the connection between incentives offered to actors, their choice of incentive, how that affects their micro-scale behaviour and the emergent macro-scale effects is a rapidly developing field of study that will grow significantly over the next few years. III.5.5

The Adaptive in CASs

CASs also operate dynamically in multiple scales of space and time. This means the overall system must accommodate potentially a very large number of local contexts (Liang Guang, 2012) in which relatively autonomous behaviour is taking place. In addition, CASs operate on potentially very short decision making timescales to respond to rapid changes in the environment and on much longer timescales that are oriented to maintaining some desirable property or achieving the creation of a particular pattern and distribution of resource. Achieving this requires sophisticated adaptive strategies because adaptation at any particular scale can arise from micro-scale interactions at lower level in a contexts arising from larger-scale structure. Understanding such interactions is difficult, while attempting to design, operate and evolve such systems is Page 80 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

extremely challenging. In systems of this scale conflict arises. For example, similar decisions taken at different times and locations might conflict. Such a situation is easily tolerated provided these contexts do not overlap but if they do there will need to be some resolution mechanism. Also, in decision taking, disagreement is entirely reasonable, for example, it can arise from different history, and perspective of those involved and for some decision there may be no good outcome and arriving at a decision will inevitably disadvantage some of the parties in the decision making process. In addition environments change both locally and globally in time and space and the system must constantly adapt to take account of changing responses to the surrounding environments in the CAS. CASs are also sufficiently large-scale in both time and space that there will be a need continuously to learn from experience and adapt goals and imperatives to take account of the dynamics of the system and other exogenous factors. III.5.6

The interest, analytical power and applicability of CASs

The CAS concept is very broad and embraces many real-world situations and systems at hugely different scales. For example both a bacterial community and a city exhibit CAS-like characteristics but the traditions involved in their analysis is very different and on the face of it appears that the power of these analytical traditions derives from the particular domain. Our goal in studying CASs is to make theoretical inroads into the CAS notion in terms of design, operation and evolution that, where possible, are general in the sense that they are valid for CASs in general. One potentially useful approach is to begin by considering special cases and considering the extent to which the special cases are universally generalizable to all CASs. In education (Liang Guang, 2012) the CAS notion has been proposed to develop educational resources. One particular form of CAS we have begun to consider is computer-mediated social sensemaking (CMSS). A good example of CMSS is telemonitoring of patients with chronic conditions. Ideally, we should just be able to automatically record vital signs and then decide on the basis of the time series whether the monitored individual requires medical attention. In real life this is very far from the truth, since this approach almost invariably leads to a very large number of false positives because the data is very noisy because the context of the monitoring is inadequately captured and accounted for tin the model. In particular, phenomena like recent physical or emotional disturbance, interference by others (e.g. grandchildren) etc can result in a highly anomalous reading. A CMSS approach in this context would involve a group of family and friends “curating” the telemonitoring time series of observations for a particular individual. The structure would be a group with the responsibility of working with interactive machine learning algorithms to identify when medical help is required for the condition. This would illustrate the following CAS-like features: 

The individual group would be dynamic and evolving both in membership and in decision taking because their expertise would develop as they curated their data set and the membership could change depending on circumstances to include lay helpers or professionals. At a second level of communities of groups curating “similar” patients would evolve on the basis of learning from the experience of others. At the highest level, covering the entire population, the overall system could consider the overall stratification into different similar groups and consider how this matches to care pathways and consider adaptations to a bottomup categorization of similarity by offering incentives to individual groups to reconsider how they classify data.  If care pathways provided by health and care services are poorly matched to the “natural” stratification of patient data that arises from the individual experience of groups curating data for single patients then the process of incentivizing change in classificatory behaviour may result in long term oscillation as incentives take effect to change behaviour but as carers become habituated to the incentives they will return to the old pattern. In this setting it may be necessary to adapt the care pathways to avoid this oscillation.  In such a CMSS system an important goal would be the development of expertise in the individual care groups surrounding the patient. This could be achieved by a variety of mechanisms but one approach could be a “patients like me” approach where groups curating similar data are “buddied” to anonymously share data in order to learn form others. In this © SmartSociety Consortium 2013 - 2017 Page 81 of (133)



Deliverable D1.1

situation we may well see the emergence of patterns of practice that are either highly conservative or excessively risk bearing for the patient. In these circumstances we should seek to identify such sub communities and restructure to avoid emergence of such practice. This system also has some elements of self-similarity in as much as the higher level classification and stratification activities are similar to those taking place at the level of patients.

This subclass of CASs is already quite complex and is a useful framework that arises in a number of settings. We believe this illustrates the applicability of CASs but it remains to be seen if the features (Liang Guang, 2012)of such a system can be abstracted sufficiently to provide some analytical insight into the behaviour of a CAS, its design and evolution. III.5.7

References

A. Ferscha, N. D. (2011). Pervasive Socio-Technical Fabric. Procedia Computer Science , 7, 88-91. FET Proactive. (2009). Collective Adaptive Systems: Expert Consultation Workshop Report. Leuven: DG INFSO. Ilon, L. A. (2012). Using Collective Adaptive Networks to Solve Education Problems in Poor Countries. College of Engineering. Seoul: Seoul National University. Liang Guang, E. N. (2012). Vertical and horizontal integration towards collective adaptive system: a visionary approach. Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp '12) , 762-765.

Human-based and social computation31

III.6

Ognjen Scekic, Hong-Linh Truong, Schahram Dustdar III.6.1

Introduction

The term social (crowd) computing is used to denote broadly the intersection of social behavioral sciences and computational systems. It is an interdisciplinary research area grown out of Computer-Supported Cooperative Work (CSCW) (Grudin 1994) – a term still sometimes used interchangeably with social computing. The research domain includes the following (often overlapping) sub-areas:   

Human Computation Systems – Systems in which human actors perform assigned tasks in a precisely defined sequence (e.g., by following an algorithm). The execution is explicitly controlled and coordinated by the system and expected to yield precise results (Law 2011; Parameswaran 2011). Crowdsourcing Systems – Systems in which the task is offered, rather than assigned explicitly, to an unknown and usually large group of people who can freely accept and perform the tasks. A comprehensive review can be found in (Doan 2011). Mixed (Hybrid) Systems – Systems where both human and computer actors process the tasks. Humans are deeply integrated into the system, making both types of actors first-class citizens of it. The decision on who processes a particular task can be made by the system. While computerperformed tasks are accurate, employing humans for certain tasks requires dealing with uncertainties both in terms of human behavior and the quality of results (Schall 2008; Bikram 2012).

A review of past work on human computation is best presented through discussion of important research questions in the area: III.6.2

Team/community/crowd representation

Actor teams are almost exclusively modeled as undirected or directed graphs with nodes repre-senting people or teams of people and edges representing social relationships between them (Newman 2010; Caverlee 2008). Often, the edge is associated with a weight describing the amount of interaction between the two nodes it connects and annotated with a context.

This section is based on the authors’ upcoming article in Springer’s Encyclopedia of Social Network Analysis and Mining (ESNAM), http://refworks.springer.com/mrw/index.php?id=4366

Page 82 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 III.6.3 



III.6.4

Team formation Self-organizing – The actors themselves lead the team formation in a collective-intelligence fashion and set up the collaboration environment. The assumption is that the actors taking part in collaboration will perform best if they are given the possibility to modify and adapt the collaborative environment. This includes also the initial team formation. For example, in (Gaston 2005) the authors investigate a system that enables actors to locally modify their collaborative environment according to their social network preferences (i.e., to re-wire the local network topology) with the goal of achieving globally-noticeable, collective performance improvement. The most problematic aspect of self-organizing teams is the discrepancy between local and global effects. Although we rely on the collective intelligence of the actors, in practice, actors may not know how or when to modify the local network to achieve global improvements, since their actions are based upon their partial views only. Centralized – Team formation and setting up of collaborative environment is managed by the system. Centralized team formation is entirely handled by the system. Internally, the system can employ an algorithm or human actors to assemble the team: o Human-managed team formation – relies on human actors offering their referrals and recommendations via Web Services, thus leveraging crowdsourcing techniques to identify the best candidates from their social networks. An example of such a system is PeopleCloud (Lopez 2010). o Algorithmic team formation – relies on an algorithm to select actors and assemble the team. A lot of research efforts have been directed in this sense, producing a number of different algorithms. In (Schall 2010) and (Schall 2012), the authors modify the well-known page ranking algorithms PageRank and HITS to identify the best team members, based on their previous interactions. In (Lappas 2009) and (Anagnostopoulos 2012), the goal is to minimize the total coordination cost of the newly established team, while in (Dorn 2010) the optimal team is chosen as a trade-off between skill coverage and actor connectivity. In (Caverlee 2010), the social trust between the team members is regarded as the most important factor in forming efficient collaborations. Task description

Considering the general nature of the tasks that can be handled by a team composed of human actors, describing tasks precisely and unambiguously is extremely difficult. The difficulty lies in expressing the information that needs to be interpreted by each actor in the same way. At the same time, the effort required to interpret a task's objectives must be considerably smaller compared to the effort required to perform the task itself. 



III.6.5

Informally describing tasks means expressing the required outcomes in natural language, accompanied with simple examples. This approach is usually taken by today's crowdsourcing platforms that handle simple tasks. Also, informal description may be preferred in cases where tasks require aesthetic judgment, or when the required outcome of the task is too vague to be expressed more precisely (e.g., on web sites running creativity contests). Formal task description is usually used in specific environments, most notably in business process modeling (BPM). An extension to BPEL, known as BPEL4People was proposed in 2005 to allow modeling of human interactions within business processes by introducing the concept of People Activities. A people activity can be described according to the WS-HumanTask specification32. In this way, humans can be internally represented as Web Services and integrated into the system. Task assignment, routing and delegation

Task delegation mechanisms are being explored as forms of coordination and load balancing in human computation. The concept of social routing in (Dustdar 2011) is a form of delegation of tasks by task owners to actors from their social, professional, other context-based community networks or the crowd. Delegation measures can be used in trust/reputation inference mechanisms (Skopik 2010).

http://public.dhe.ibm.com/software/dw/specs/ws-bpel4people/WS-HumanTask\_v1.pdf

Page 83 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

Commercial business process execution engines support a number of interaction patterns related to task assignment and delegation, supporting at the same time the concept of human roles, which may also be useful for CASs. The main delegation patterns are detailed in (Kloppmann 2005). III.6.6

Task life-cycle management

In cases when sub-tasks are clearly delimited and sub-task dependencies are static and do not change in time, parallelizing a task execution is fairly easy. Some application domains, such as crowdsourcing systems are characterized by exactly such properties. This has led researchers to dedicate a lot of effort to automate task life-cycle management transparently for the programmer, by developing a number of programming language extensions/libraries that work on top of existing commercial crowdsourcing systems, such as Amazon Mechanical Turk33. The extensions are typically able to automatically split a task, to assign/offer the subtasks to the actors in the crowd respecting the dependency, cost and time constraints, and to merge the processed sub-tasks into the final resulting task. Additionally, automated quality control processes may be also offered. Most commonly, these are based on peer reviews or on a combination of redundant processing and majority rule. Data quality requirements can have a direct influence on task assignment, as they may introduce assignments not explicitly required by the user, but performed transparently by the system. In fact, the main purpose of algorithmic handling of task assignment is exactly to move the burden of task life-cycle management from the user to the system. Collaboration systems can manage task assignments automatically throughout the entire execution time, repeating them when needed. For example, (Little 2009) shows a system offering the possibility of iterative task execution, by re-assigning previously processed tasks a number of times in order to improve the final quality of work by incrementally building upon previous work. In (Marcus 2011) a system can autonomously decide when to assign pleasing tasks to specific actors in order to motivate/reward them. In (Barowy 2012) the system can adjust task prices and time allotments based on the feedback obtained from monitoring data. III.6.7

Actor coordination and collaboration

An interesting evaluation of the quality of execution with parallel and iterative approaches in open systems can be found in (Little 2010). In (Quinn 2011a), the authors investigate the collaborative implications when tasks are assigned in one-to-one, many-to-one, many-to-many and few-to-one fashion. In open collaborations a task can be actively shaped by the actors. The actors (often belonging to a professional community or an interest-based community) contribute freely to the task resolution during runtime. A task is not strictly assigned to a particular actor, but instead it is editable by (m)any community members upon their wish. In this case the coordination between the actors can affect the quality of the task (Kittur 2008). Data quality is controlled by the system itself and/or by a designated entity, but the quality is mainly evaluated by feedback information from actors. Open collaboration is particularly suitable for longer running, best-effort tasks, with no strict quality and time constraints, but requiring distributed know-how. Wikipedia and community-based Q&A web sites are examples of open collaboration. III.6.8

References

Anagnostopoulos A, Becchetti L, Castillo C, Gionis A, Leonardi S (2012) Online team formation in social networks. In: Proceedings of the 21st international conference on World Wide Web WWW'12, ACM Press, New York, New York, USA, p 839 Barowy D, Berger E (2012) AUTOMAN: A Platform for Integrating Human-Based and Digital Computation, SIGPLAN Not. 47, 10 (October 2012), 639-654 Bikram S, Anshu J, Bhattacharya K, Truong H-L, Dustdar S (2012) Who Do You Call? Problem Resolution through Social Compute Units. In: Lecture Notes in Computer Science, vol. 7636, pp. 48-62, Springer Berlin Heidelberg. Caverlee J, Liu L, Webb S (2008) Social trust: tamper-resilient trust establishment in online communities. In: Proceedings of the 8th ACM/IEEECS joint conference on Digital libraries, ACM, pp.104-113. Caverlee J, Cheng Z, Eoff B, Hsu CF, Kamath K, Kashoob S, Kelley J, Khabiri E, Lee K (2010) SocialTrust++: Building community-based trust in Social Information Systems, In: Proc. of 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 9-12. Doan A, Ramakrishnan R, Halevy AY (2011) Crowdsourcing systems on the World-Wide Web. Communications of the ACM, vol. 54, no. 4, pp. 86-96.

www.mturk.com

Page 84 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Dorn C, Dustdar S (2010) Composing near-optimal expert teams: a trade-off between skills and connectivity. On the Move to Meaningful Internet Systems: OTM 2010 pp 472-489. Dustdar S, Bhattacharya K (2011) The Social Compute Unit. Internet Computing, IEEE 15(3):64-69. Gaston ME, DesJardins M (2005) Agent-organized networks for dynamic team formation. Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems - AAMAS '05 p 230. Grudin J (1994) Computer-supported cooperative work: history and focus. Computer 27(5):19-26, Kittur A, Kraut RE (2008) Harnessing the wisdom of crowds in wikipedia. In: Proceedings of the ACM 2008 conference on Computer supported cooperative work - CSCW '08, ACM, ACM Press, New York, New York, USA, CSCW '08, vol San Diego, pp 37-46. Kloppmann M, Koenig D, Leymann F, Pfau G, Rickayzen A, Schmidt P, Trickovic I (2005) WS-BPEL Extension for People (July):1-18. Lappas T, Liu K, Terzi E (2009) Finding a team of experts in social networks. Proceedings of the 15th ACM International Conference on Knowledge Discovery and Data Mining (2009) 7120(4):467. Law E (2011) Defining (Human) Computation. In: Workshop on Crowdsourcing and Human Computation CHI 2011, May 7–12, 2011, Vancouver, BC, Canada. Little G, Chilton LB, Goldman M, Miller R (2010) Exploring iterative and parallel human computation processes. Proceedings of the 28th of the international conference extended abstracts on Human factors in computing systems - CHI EA '10 p 4309. Lopez M, Vukovic M, Laredo J (2010) PeopleCloud -- Service for Enterprise Crowdsourcing. 2010 IEEE International Conference on Services Computing pp 538-545. Marcus A, Wu E, Karger DR, Madden S, Miller RC (2011) Platform Considerations in Human Computation. In: Workshop on Crowdsourcing and Human Computation CHI 2011, Vancouver, BC, Canada Newman MEJ (2010) Networks: An Introduction. Parameswaran A, Polyzotis N (2011) Answering Queries using Humans, Algorithms and Databases. Tech. rep., Stanford University. Quinn AJ, Bederson BB (2011) Human computation: a survey and taxonomy of a growing field. In: Proceedings of the 2011 annual conference on Human factors in computing systems - CHI '11, ACM Press, New York, New York, USA, p 1403. Schall D, Truong H-L, Dustdar S (2008) Unifying Human and Software Services in Web-Scale Collaborations. IEEE Internet Computing, vol. 12, No. 3., May/June 2008. Schall D, Dustdar S (2010) Dynamic context-sensitive PageRank for expertise mining. In: Proceedings of the Second international conference on Social informatics, Springer-Verlag, Berlin, Heidelberg, pp. 160-175. Schall D, Skopik F, Dustdar S (2012) Expert Discovery and Interactions in Mixed Service-Oriented Systems. IEEE Transactions on Services Computing 5(2):233-245. Skopik F, Schall D, Dustdar S (2009) The Cycle of Trust in Mixed Service-Oriented Systems. 35th Euromicro Conference on Software Engineering and Advanced Applications, pp 72-79.

III.7

Compositionality

Michael Rovatsos III.7.1

Introduction

Compositionality is not a standard term used in the study of Collective Adaptive Systems (CASs). It is more commonly associated with philosophical logic, mathematics, and theoretical linguistics where it is usually defined as a principle that states that “the meaning of a complex expression is determined by the meanings of its constituent expressions and the rules used to combine them”34. When considering the transition from individual to collective intelligence, we can view much of the existing research as an attempt to answer the question whether this principle also applies to the constituents of CAS intelligence. That is, whether the collective phenomena we are interested in can be explained (and, ultimately, engineered) by viewing them as the result of the composition of individual processes. This section surveys the main areas of investigation and approaches that address this issue in different ways, and attempts to outline future challenges in this direction. III.7.2

Composition mechanisms

When considering the structure of computer-mediated CASs, a number of general conceptual categories come immediately to mind: data, obtained from various sources in the system environment and from the observation of behaviour; knowledge, derived from interpreting information by means of concept generation, inference performed on previous knowledge, and revision of existing beliefs based on new information; tasks that provide the teleological framing of activity in a system, and actors performing these tasks using different action capabilities. For each of these elements, we can identify vertical composition mechanisms that abstract from individual entities, and horizontal composition mechanisms that aggregate entities in a 34

Stanford Encyclopedia of Philosophy, entry for Compositionality

Page 85 of (133)

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

cumulative way. A non-exhaustive list of common composition mechanisms for data, knowledge, tasks, and actors is shown in Table 1. Entity Data Knowledge Task Actor

Vertical composition Pattern recognition Ontology generation Task abstraction Hierarchies/roles

Horizontal composition Observation/data collection Inference processes Workflow Group formation

Table 1: Common composition mechanisms for core concepts in computer-mediated CASs For data, fields such as machine learning and data mining (Bishop 2007) provide vertical composition methods that generate patterns describing aggregate phenomena, whereas horizontal composition focuses on observation and the creation of datasets. As far as knowledge is concerned, vertical composition of individual concepts or statements is provided in the taxonomies studied in ontology research (Staab and Studer 2009), while horizontal composition means chaining individual knowledge items to produce new, inferred knowledge, e.g. through symbolic (Brachman and Levesque 2004) or probabilistic (Pearl 1988) reasoning. When putting together tasks, workflow engineering methods (van der Aalst and van Hee, 2004), AI planning systems (Nau, Ghallab and Traverso 2004), and process algebras (Bergstra, Ponse and Smolka 2001) are used to describe complex control flows over activities and the dependencies among them along the horizontal axis, whereas task abstraction explains how higher-level tasks can be broken down into lowerlevel ones. Strongly related to this kind of process composition is also a great body of work in the area of service-oriented computing, primarily in the context of Web service composition (Dustdar and Schreiner 2005), including methods for optimising complex decentralised services (Ardagna and Pernici 2007; Alrifai, Skoutas, and Risse 2010), and automating composition to predefined quality requirements (Zeng et al 2003). In areas such as organisational science and business process management (van der Aalst, Ter Hofstede and Weske 2003), vertical composition is modelled through hierarchies, roles and relationships between them, while horizontal composition creates aggregates such as groups and networks. While this list of mechanisms is not meant to be exhaustive, it certainly provides a useful overview of the main composition mechanisms that can be used in building and analysing CASs. It is important to note that while each of the above individual composition mechanisms is fairly well-understood by long-established research areas, their use in combination with each other, which is likely to be required for future CASs, is not. III.7.3

Complex systems

The study of complex systems (Waldrop 1992) encompasses a broad range of disciplines from mathematics and physics to biology, ecology, economics, and computer science, and is chiefly concerned with understanding phenomena in systems that are typically too complex to lend themselves to the traditional, mechanistic model of scientific explanation. Typically, the processes studied are made up of large numbers of interacting, potentially highly diverse, elements, which exhibit non-linear dynamics, and whose collective behaviour can usually not be described as the sum of the behaviours of their parts. Complex adaptive systems (Gros 2008; Levin 1998) are a special type of complex systems where individual entities adapt to the environment to self-organise in order to ensure their own survival and that of the collective structure. Emergence (Holland 1998) of complex phenomena from relatively simple, local interactions is important in this context, where the collective phenomena can be simpler than the sum of their parts, or more complex and unpredictable, as, for example, in settings where chaos-theoretic approaches are employed. A number of different research areas are prominent within this space, which are relevant to the study of compositionality within CASs: Complexity science (Gershenson and Fernandez 2012; Israel 2005) uses mathematical modelling and computer simulation to describe complex systems, often applying techniques from areas such as theoretical physics. Network science (Easley and Kleinberg, 2010) focuses on the study of networks of interconnected components, and has developed various concepts for specific types of networks common in natural and social systems, such as, for example, small-world and scale-free networks, and which often exhibit regularities that are far from the random structures one would expect to emerge in large collectives. Collective intelligence (LĂŠvy and Bonomo 1999; Malone, Laubacher and Dellarocas 2010) studies how digital systems can be used to capture and combine the individual knowledge of human contributors via crowdsourcing, wikis, and similar new technologies. Within bio-inspired AI (Floreano and Page 86 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

Mattiussi 2008; Nolfi and Floreano 2000), approaches such as artificial life, genetic algorithms and evolutionary computation, particle swarm and ant colony optimisation, and artificial immune systems take inspiration from natural complex systems to develop optimisation methods for hard computational problems, to improve the evolvability and adaptability of artificial intelligent systems, or to improve the resilience and robustness of so-called autonomic systems (Kephart and Chess 2003). Game theory (Myerson 1997) and related mathematical methods from economics that attempt to model the rational behaviour of interacting individuals play an important role in complex systems, as they help understand the dynamics of competition and cooperation that may determine the evolution of collective structures in social, biological, or economic systems. Subfields such as evolutionary game theory (Weibull 1995), network games (Tardos 2004, Galeoti et al, 2010), and algorithmic game theory (Nisan 2007) combine game-theoretic concerns with elements relevant to some of the other areas mentioned above. The main strength of complex systems research is its strong emphasis on phenomena related to compositionality - in fact, one could argue that compositionality is essentially what complex systems research is about. It offers a broad arsenal of mathematically rigorous methods to study how collective behaviour can be explained, how complex natural and artificial collectives adapt to changing environments, mutate, and evolve, and how the intelligence and motivations of individuals give rise to globally intelligent behaviour under appropriate boundary conditions. However, with the exception of bio-inspired AI, the focus here is largely on analysis and explanation, and not on deriving design methodologies or building systems to concrete design objectives for CASs. And, even within bio-inspired AI, phenomena observed in natural systems are mostly used to solve computational problems, and the resulting systems only rarely involve humans as actors in a collective. Thus, it is hard to reuse research results from these areas directly when building hybrid CASs that involve humans and machines. This shortcoming is also reflected by the fact that if we look at the composition mechanisms listed in section a., one immediately notices that the overlap between complex system methods and the computational methods mentioned there is fairly limited. Also, one can clearly discern an emphasis on data and actors as opposed to knowledge and tasks, which receive far less attention in complex systems research. III.7.4

Multiagent systems

Multiagent systems (MAS) (Shoham and Leyton-Brown 2009) is a branch of AI that studies intelligent systems composed of individual intelligent agents interacting in a common environment. Within AI, it is arguably the area that attempts to combine most of the composition mechanisms described above, and though some of the bio-inspired AI approaches listed before bear close resemblance to multiagent techniques, the emphasis within MAS research is different in terms of the topics and issues addressed: Research on agent architectures proposes different ways of composing intelligence capabilities within a single autonomous agent, e.g. knowledge representation and rational reasoning, deliberation, planning, and decision making, learning, and communication. This often involves higher-level models of knowledge (e.g. using logic-based or probabilistic inference methods and deductive knowledge bases) and complex reasoning and decision-making processes (e.g. the Belief-Desire-Intention model of rational agency and reactive planning (Rao and Georgeff 1995)). Work on agent communication involves the specification of interoperable communication languages, and the study of protocols used for reaching agreement (e.g. argumentation (Rahwan 2006)), task and resource allocation (e.g. auctions), coalition formation, bargaining etc. Within purely cooperative MAS, where agents pursue a shared objective, the emphasis is on multiagent planning (de Weerdt and Clement 2009), coordination, and teamwork (Pynadath and Tambe 2003) techniques, as well as on norms, conventions, and social laws (Shoham and Tennenholtz 1995; Esteva et al 2004) that provide scaffolding for coherent social action. In non-cooperative systems, where individual agents are motivated by self-interest and there is potential conflict of interest, computational mechanism design (Dash, Jennings and Parkes 2003) studies distributed decision-making mechanisms (e.g. auction protocols or voting procedures) under game-theoretic assumptions to ensure properties such as nonmanipulability, incentive-compatibility, and computational efficiency. Trust and reputation mechanisms (Sabater and Sierra 2005) are also used in such non-cooperative systems to evaluate agent behaviour a posteriori in order to provide protection against malicious or untrustworthy individuals. ÂŠ SmartSociety Consortium 2013 - 2017

Page 87 of (133)

Deliverable D1.1

Research in multiagent learning (Shoham, Powers and Grenager, 2007) investigates systems of individual learners learning with, from, and about each other, both in cooperative as in competitive settings. (Multi)Agent-based social simulation (Gilbert 2004) uses agent-based modelling to study phenomena in natural social systems, and overlaps partially with the simulation methods used in complex systems research. While compositionality certainly plays a more important role in MAS than in other areas of AI research, and developing collectively intelligent systems (or studying the effects of having individually intelligent systems interact in a shared environment) is a key driver for work done in this area, its study is not the main object of investigation. Instead, coordination, i.e. the effective management of interdependencies between agents (Malone and Crowston 1994), assumes a more prominent position, as the focus is on developing methods that will enable an individual agent or the designer of a multiagent system to achieve their design objectives through effective coordination with others. Thereby, MAS research emphasises task and knowledge composition, rather than the composition of actors and data: Methods like GPGP (Lesser et al 2004), for example, provide coordination frameworks to align different viewpoints of heterogeneous, locally reasoning agents with limited knowledge effectively. Coordination frameworks like teamwork (Pynadath and Tambe 2003) enable a MAS to successfully merge individuals’ capabilities, knowledge, and to coordinate the execution o complex distributed tasks in a completely decentralised way. Methods for ontology alignment and ontology mapping (Kalfoglou and Schorlemmer 2003) allow agents with different conceptualisations of the same domain to reach a common understanding in order to communicate effectively with each other. Argumentation methods allow agents to agree on a shared view of the world at a different level, by resolving disagreement through rational discourse. In mechanism design, we seek to ensure, for example, that even though individual agents may have different objectives, the interaction procedure makes it irrational (or too hard) for agents to lie – this can be viewed as a mechanism for composing a joint decision procedure out of individual preferences while satisfying certain desirable global criteria. Cooperative multiagent learning architectures allow decentralised learning processes to exchange data, intermediate hypotheses, and evaluations of potential candidate hypotheses in parallel with their local learning activities (Tozicka et al 2008), while competitive multiagent learning techniques allow agents to optimise their decisions based on the evolution o other agents’ strategies in a shared environment (Shoham, Powers, and Grenager 2007). These methods provide a rich set of enabling techniques for systems that exploit compositionality, and can be viewed as the core contribution of the area to this topic. However, several issues are largely overlooked: Firstly, the focus is mostly on artificial intelligent systems. While there is a body of work that involves “human-in-the-loop” element, these mostly ocus either on ad ustable autonomy ( ambe, Scerri and Pynadath 2002) (i.e. methods that enable human operators to control autonomous systems to variable extents), or on optimising interactions between agents and human users (van Wissen et al 2012). To date, there is fairly little on systems that mainly involve human rather than artificial agents, and which addresses the collective properties of such human-based MAS (though recently work on, for example, strategic analysis of human-based computation systems has started to appear (Jain, Chen, and Parkes 2009)). Also, there is very little work on designing incentives to mobilise human participants, apart from a limited number of studies of human behaviour in game-like social computation scenarios (Kearns 2012; Talman et al 2005). Secondly, issues surrounding emergent behaviour, self-organisation, and collective adaptability are largely overlooked. Approaches that assume learning agents are mostly confined to designing appropriate local learning mechanisms (as, for example, in ad hoc team formation (Stone et al 2010) where agents are confronted with unknown partners they have to interact with) or to the design of interaction platforms that will make learning agents converge to a desirable behaviour (as, e.g. in the COIN framework (Tumer and Wolpert 2004) that attempts to optimise the utility function agents receive to promote certain types of behaviour, given rational adaptive agents). In particular, MAS research hardly ever looks at very large-scale systems composed of thousands or millions of agents, and thus cannot offer much insight into how collective dynamics of behaviour are linked to the algorithmic and architectural design decisions made when building individual agents and the interaction mechanisms they can use. Thirdly, the methodological perspective taken by MAS research is heavily influenced by AI and mainstream computer science, and only lends itself to modelling existing real-world systems to a limited extent. For example, game-theoretic analysis of interaction mechanisms requires a fairly reductionist approach in order to be able to model the underlying social process mathematically, which implies that many elements of the real-world domain need to be abstracted away. Or, as another example, the behaviour exhibited by agents is always modelled as the output Page 88 of (133) http://www.smart-society-project.eu/

Deliverable D1.1

of a computational structure and algorithm, which is unlikely to be sufficient if we want to account for all relevant aspects of human intelligence in real-world domains. III.7.5

Challenges and future directions

The above overview of existing research that addresses compositionality issues in CASs (though admittedly biased by our own understanding of the research landscape) shows that there is a massive gap between the techniques used for analysing and modelling real-world collective intellignce, and those used when attempting to replicate it in artificial systems. The obvious conclusion from this observation is that we should attempt to combine the strengths of these disparate fields, yet it is not at all obvious how this could be achieved. If we are interested in CASs in which humans play an important role, one possible approach would be to attempt to build “human multiagent systems” where the modelling primitives used are those o MAS approaches, and we would attempt to “dig deeper” into the cognitive processes involved in inter-action among individuals within CASs than this is done by complex systems research. In the opposite direction, it seems necessary to apply the macro-level analysis tools offered by complex systems science to large-scale MAS that have been designed bottom-up with full computational control over every component involved. For example, overlaying a very large number of agent teams acting in parallel with a network structure that captures influence relationships between individual agents or their actions would help us study the stability of these systems under different assumptions about the social or physical environment. While these are only preliminary suggestions, what is clear is that the apparent excessive focus on the individual in MAS and on collectives in complex systems is a barrier to a deeper understanding of how we can design, control, and adapt diverse, hybrid, large-scale CASs within which humans and machines collaborate to solve significant real-world application problems. At a more abstract level, what is also needed is a deeper understanding of compositionality in CASs. The list of composition mechanisms suggested above merely scratches the surface in this direction, and already hints at a number of important research questions that immediately arise, for example: To what extent are composition mechanisms for data, knowledge, tasks, and actors comparable, compatible, and combinable? What problem parameters suggest the use of any of these mechanisms for a given application problem? Which of these mechanisms, if any, can be used at arbitrary levels of abstraction? Is it possible to detect new dependencies that arise among entities created in a compositional way, and to identify whether they result in overall increasing or decreasing system complexity? How flexible are different composition mechanisms, i.e. how diverse and heterogeneous can the elements be that they combine? How robust are compositions obtained through the use of these mechanisms to perturbations from the environment or to changes in their constituents? How adaptive are composed entities in comparison to their building blocks? Can their adaptation be explained in terms of the adaptation and learning processes ocurring in these building blocks? To what extent can computational methods that implement these mechanisms be easily understood by humans in a CASs, and (to what extent) is such an understanding necessary? To what extent can incentive mechanisms be developed in a compositional way to mobilise human participation itself in a compositional way (i.e. to solve complex tasks from simpler tasks for which appropriate incentivisation mechanisms exist)? We expect that our own research will involve addressing some of these questions systematically, by taking a constructive approach to building CASs rather than only analysing existing ones, while at the same time not neglecting analysis and empirical investigation of the resulting systems. III.7.6

References

W. van der Aalst and K. M. van Hee. Workflow management: models, methods, and systems. MIT press, 2004. W. van der Aalst, A. Ter Hofstede and M. Weske. Business process management. Springer, Berlin, 2003. D. Ardagna and B. Pernici. Adaptive Service Composition in Flexible Processes, IEEE Transactions on Software Engineering, 33(6):369-384, 2007. M. Alrifai, D. Skoutas, and T. Risse. Selecting skyline services for QoS-based web service composition. In Proceedings of the 19th International conference on the World Wide Web (WWW '10), New York, NY, USA, pp. 11-20, 2010. J. A. Bergstra, A. Ponse and S. A. Smolka, eds. Handbook of process algebra. Elsevier Science, 2001. C. M. Bishop. Pattern Recognition and Machine Learning. Springer, 2007. R. Brachman and H. Levesque. Knowledge Representation and Reasoning, Morgan Kaufmann, May 2004. R. K. Dash, N. R. Jennings, and D. C. Parkes. Computational Mechanism Design: A Call to Arms. IEEE Intelligent Systems, 18(6):40-47, 2003. S. Dustdar and W. Schreiner. A survey on web services composition. Int. J. Web Grid Serv. 1(1):1-30, 2005. D. Easley and J. Kleinberg. Networks, crowds, and markets. New York: Cambridge University Press, 2010. M. Esteva, B. Rosell, J. A. Rodríguez-Aguilar, and J. Lluís Arcos. Ameli: An Agent-Based Middleware for Electronic Institutions. Procs AAMAS 2004, pp. 236–243, 2004.

Page 89 of (133)

Deliverable D1.1

D. Floreano and C. Mattiussi. Bio-Inspired Artificial Intelligence: Theories, Methods, and Technologies, MIT Press, 2008. A. Galeotti, S. Goyal, M. O. Jackson, F. Vega-Redondo and L. Yariv, L. Network games. The review of economic studies, 77(1), pp. 218-244, 2010. C. Gershenson and N. Fernández. Complexity and information: Measuring emergence, self-organization, and homeostasis at multiple scales. Complexity, 18(2):29-44, 2012. N. Gilbert, Nigel. Agent-based social simulation: dealing with complexity." The Complex Systems Network of Excellence, 9(25):1-14, 2004. C. Gros. Complex and Adaptive Dynamical Systems: A Primer, Springer, 2008. J. H. Holland, Emergence: From Chaos to Order, Helix Books, New York, 1998. Y. Kalfoglou and M. Schorlemmer. Ontology mapping: the state of the art. Knowledge Enginee-ring Review, 18(01):1-31, 2003. G. Israel, The Science of Complexity: Epistemological Problems and Perspectives Science in Context, 18(3):479-509, 2005. S. Jain, Y. Chen, and D. C. Parkes. Designing Incentives for Online Question and Answers Forums, Proceedings EC’09, 2009. M. Kearns. Experiments in Social Computation. Communications of the ACM, October 2012 J. O. Kephart and D. M. Chess. The vision of autonomic computing. Computer, 36(1), pp. 41-50, 2003. S. A. Levin, Ecosystems and the Biosphere as Complex Adaptive Systems, Ecosystems, 1(5):431-436, 1998. P. Lévy and Robert Bonomo. Collective intelligence: Mankind's emerging world in cyberspace. Perseus Publishing, 1999. V. Lesser et al. Evolution of the GPGP/TAEMS Domain-Independent Coordination Framework, Autonomous Agents and MultiAgent Systems, 9(1):87-143, 2004. T. W. Malone and K. Crowston. The interdisciplinary study of coordination. ACM Computing Surveys, 26(1):87-119, 1994. T. W. Malone, R. Laubacher, and C. Dellarocas. The collective intelligence genome. MIT Sloan Management Review, 51(3):21-31, 2010. R. B. Myerson. Game theory: analysis of conflict. Harvard University Press, 1997. D. Nau, M. Ghallab, and P. Traverso. Automated Planning: Theory & Practice. Morgan Kaufmann, San Francisco, 2004. N. Nisan, ed. Algorithmic game theory. Cambridge University Press, 2007. S. Nolfi and D. Floreano. Evolutionary Robotics: The Biology, Intelligence, and Technology of Self-organizing Machines. MIT Press, 2000. J. Pearl. Probabilistic Reasoning in Intelligent Systems, Morgan-Kaufmann, 1988. N. Peled, Y. Gal, and S. Kraus. A Study of Computational and Human Strategies in Revelation Games. Procs AAMAS 2011, Taipei, Taiwan, May 2011. D. V. Pynadath, P. Scerri, and M. Tambe. Towards Adjustable Autonomy for the Real World, Journal Of Artificial Intelligence Research, Volume 17, pp. 171-228, 2002. D. V. Pynadath and M. Tambe. An Automated Teamwork Infrastructure for Heterogeneous Software Agents and Humans. J Auton Agents and Multiagent Systems, 7:71–100, 2003. I. Rahwan. Guest Editorial: Argumentation in Multi-Agent Systems. Autonomous Agents and Multiagent Systems. 11(2):115-125, 2006. A. S. Rao and M. P. Georgeff. BDI agents: From theory to practice. In Proceedings ICMAS-95, pp. 312-319, 1995. J. Sabater and C. Sierra. Review on computational trust and reputation models. Artificial Intelligence Review, 24(1):33-60, 2005. Y. Shoham and K. Leyton-Brown. Multiagent Systems – Algorithmic, Game-Theoretic, and Logical Foundations. Cambridge University Press, 2009. Y. Shoham, R. Powers and T. Grenager. If Multi-Agent Learning is the Answer, What is the Question? Artificial Intelligence, 171(7), pp. 365-377, 2007. Y. Shoham and M. Tennenholtz. On Social Laws for Artificial Agent Societies: offline design. Artificial Intelligence, 73(1-2), 1995. S. Staab and R. Studer, eds. Handbook on Ontologies, Springer, Berlin et al, 2009. P. Stone, G. A. Kaminka, S. Kraus, and J. S. Rosenschein. Ad Hoc Autonomous Agent Teams: Collaboration without PreCoordination. In Proceedings AAAI 2010, 2010. S. Talman, Y. Gal, M. Hadad, S. Kraus. Adapting to Agents' Personalities in Negotiation. Proceedings AAMAS 2005, Utrecht, 2005. É. Tardos. Network games. Proc 36th ACM Symposium on Theory of Computing. ACM, 2004. M. de Weerdt and B. J. Clement. Introduction to Planning in Multiagent Systems. Multiagent and Grid Systems, 5(4):345-355, 2009. M. Tambe, P. Scerri, and D. V. Pynadath. Adjustable autonomy for the real world. Journal of Artificial Intelligence Research 17:171-228, 2002. J. Tozicka, M. Rovatsos, M. Pechoucek, and S. Urban. MALEF: Framework for distributed machine learning and data mining, International Journal on Intelligent Information and Database Systems, 2(1):6-24, 2008. K. Tumer and D. Wolpert. A Survey of Collectives. Collectives and the Design of Complex Systems, pp. 1–42, Springer, 2004. M. M. Waldrop. Complexity: The Emerging Science at the Edge of Order and Chaos. Simon & Schuster, 1992. Weibull, Jörgen W. Evolutionary game theory. The MIT press, 1995. A. van Wissen, Y. Gal, B. Kamphorst, and V. Dignum. Human-Agent Team Formation in Dynamic Environments. Computers in Human Behavior, 28:23-33, 2012. L. Zeng, B. Benatallah, M. Dumas, J. Kalagnanam, and Q. Z. Sheng. Quality driven web services composition. In Proceedings of the 12th international conference on World Wide Web (WWW '03), New York, Ny, USA, pp. 411-421, 2003.

Page 90 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

III.8

ÂŠ SmartSociety Consortium 2013 - 2017

Diversity

Vincenzo Maltese III.8.1

Introduction

Diversity, especially manifested in language (i.e., the terms used to describe) and knowledge (i.e., the entities being described), is a function of local goals, needs, competences, beliefs, culture, opinions and personal experience (Giuinchiglia et al 2012a; Giunchiglia 2006). It is an unavoidable and intrinsic property of the world and as such it cannot be avoided. Diversity in values and needs between social groups is at the root of the resilience of cultures and pervades human discourse resulting in different responses to same events. As example of diversity in language, the term bug represents a malfunction in computer science, while it is the main subject in entomology (homonymous terms); in alternative to the term bug, in the latter domain one could also use the term insect (synonymous terms). As example of diversity in knowledge, restaurants may differ according to the kind of food served, e.g., Indian restaurants, Chinese restaurants and Italian restaurants. As example of diversity due to culture and opinion, bugs are also an ingredient for delicious dishes in some cultures, but people may like or dislike them. Yet, people are rarely conscious of the polysemous nature of individual terms because people are deeply embedded in the physical and social context within which a discourse is taking place (namely the meaning is part of their implicit assumptions). By contrast the notion of context is difficult for machines to represent and capture (Giunchiglia et al 2012b). Diversity has been studied in depth, following a highly interdisciplinary approach, in the LivingKnowledge EU FET project35. III.8.2

Diversity dimensions

Diversity in knowledge was formalized in LivingKnowledge in terms of diversity dimensions (Maltese et al 2009), namely the dimensions by which knowledge is framed. Such dimensions generate a multidimensional space in which entities of a certain kind can be placed. For instance, wines can be distinguished by their organoleptic properties such as color, smell, taste and aftertaste. It is interesting to notice that Media Content Analysis characterizes diversity in text (see, e.g., McDonald and Dimmick 2003) as the co-existence of contradictory opinions and/or statements which can be measured in terms of the following diversity dimensions (Maltese et al 2009): Diversity of sources (multiplicity of sources of texts and images); Diversity of resources (e.g., images, text); Diversity of topics; Diversity of opinions; Diversity of speakers/actors/opinion holders; Diversity of genre (e.g., blogs, news, comments); Diversity of language; Geographical/spatial diversity; Temporal diversity. More specifically, dimensions of diversity in text can be distinguished at document and at statement level. Appropriate dimensions can also be recognized to characterize diversity in images. Such a characterization of diversity was exploited in LivingKnowledge for the development of diversityaware tools at the purpose of analyzing and placing documents as well as images along diversity dimensions. For instance, significant work has been done towards diversification of search results (Skoutas et al 2010) and in particular on methods about topical diversification (Minack et al 2010), sentiment analysis for controversial topics (Demartini and Siersdorfer 2010; Johansson and Moschitti 2010)(diversity in opinion), incremental diversification of very large sets based on data streams (Minack et al 2011), applications and methods to cluster, classify and aggregate data by diversity dimensions (Siersdorfer et al 2011). Work on

http://livingknowledge-project.eu/ ÂŠ SmartSociety Consortium 2013 - 2017

Page 91 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

indexing, matching and clustering images was based on SIFT features (Hare et al 2011). The interested reader can refer to (Giunchiglia et al, 2012a) for an extensive list of these and other tools. III.8.3

Diversity-aware knowledge bases

To make diversity traceable, understandable and exploitable, and let people as well as machines understand each other it is essential to provide effective ways to make the meaning of the words used in a certain setting (i.e., their semantics) explicit and unambiguous. This would favor semantic interoperability, namely the possibility to effectively exchange information between two parties by reaching a certain degree of agreement between them about the content meaning, still maintaining local autonomy in the maintained data, in the way the terminology is used and in the way the computation is performed locally (Maltese 2012). For instance, once it is agreed - as minimum common ground - that novelist is a term that in English indicates â&#x20AC;&#x153;a person who writes novelsâ&#x20AC;? (language), and that Salman Rushdie is a British Indian novelist (knowledge), people may provide different descriptions of the same entity in terms of personal opinion or in level of richness (i.e., in the type and number of properties and their level of detail). For instance, in terms of personal opinion it might range from overwhelmingly positive among western intellectuals to extremely negative among Muslim communities. In terms of richness, one may mention his date of birth, another may not. It has been observed that a fundamental preliminary step towards this goal is the creation of a diversityaware knowledge base (Giunchiglia et al 2012b) namely a repository where - being aware of the diversity of the world, especially in language and knowledge - facts about the real world are codified using a formal terminology. For instance, the knowledge base could actually provide the definition for the word novelist in English (language), and the fact that Salman Rushdie is a novelist and that he was born in Bombay the 19th June 1947 (knowledge). Appropriate methodologies are required for knowledge base representation, construction and maintenance. In fact, to be useful, a knowledge base should be very large, virtually unbound and able to capture the diversity of the world in language, knowledge and personal experience, as well as to reduce the complexity of reasoning at run-time. At this purpose the notions of domain, as originated from Library and Information Science (LIS), and context, as originated from Artificial Intelligence (AI), have been indicated as essential for diversity-aware knowledge bases. III.8.4

Domains

The notion of domain originates from LIS and more precisely it is inspired to the faceted approach, a wellestablished technique introduced by the Indian librarian Ranganathan at the beginning of the last century and used with profit for building classificatory structures at the purpose of organizing (physically or virtually) bibliographic material in libraries (Ranganathan 1967) A domain can be defined as any area of knowledge or field of study that we are interested in or that we are communicating about that deals with specific kinds of entities (Giunchiglia et al 2013). They may include any conventional field of study (e.g., library science, mathematics, physics), applications of pure disciplines (e.g., engineering, agriculture), any aggregate of such fields (e.g., physical sciences, social sciences), and they may also capture knowledge about our everyday lives (e.g., music, movie, sport, Space, Time, recipes, tourism). The DERA faceted knowledge representation (KR) approach (Giunchiglia et al 2013) formally provides the terminology of a domain (e.g., the definition of novelist) at the purpose of describing relevant real world entities (such as Salman Rushdie) in terms of their basic properties (e.g. his place and date of birth). DERA is faceted as the methodology engaged for the construction and maintenance of domain ontologies is inspired by the principles and canons of the faceted approach; this makes DERA capable of dealing with large-scale dynamic ever growing knowledge. DERA is a KR approach as it accounts for the entity classes (E), relations (R) and attributes (A) of the relevant entities in the domain (D) and model them as ontologies; this allows exploiting well-established KR techniques for the automation of complex tasks, such as entity search. Each ontology in a DERA domain is called a facet, as it codifies a different aspect of the domain, and corresponds to what in KR is called a descriptive ontology, i.e., an ontology built at the purpose of describing and reason about real world entities (Giunchiglia 2009). A DERA domain is defined as a tuple D = <E, R, A>, where: Page 92 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

E (for Entity class) is a set of facets grouping terms denoting entity classes, whose instances have either perceptual or conceptual existence. Terms in these hierarchies are explicitly connected by is-a (genus-species) or part-of (whole-part) semantic relation. R (for Relation) is a set of facets grouping terms denoting relations between entities. Terms in these hierarchies are connected by is-a relation. A (for Attribute) is a set of facets grouping terms denoting qualitative/quantitative or descriptive attributes of the entities. We differentiate between attribute names and attribute values such that each attribute name is associated corresponding values. Attribute names are connected by is-a relation, while attribute values are connected to corresponding attribute names by value-of relations. is-a, part-of and value-of semantic relations form the backbone of facets, are assumed to be transitive and asymmetric, and hence are said to be hierarchical. Other relations, whenever defined, not having such properties are said to be associative and connect terms in different facets. When facets are populated with entities, instance-of relations connect entities to their respective classes. For instance, within the geography domain relevant entities may include inter-alia land formations (e.g., continents, islands), bodies of water (e.g., seas, streams), geological formations (e.g., mountains, valleys), administrative divisions (e.g., wards and provinces) and populated places (e.g., cities, villages). Each of them generates a different facet of entity classes. Relations between them may include near, adjacent, in front. They generate facets of relations. Entities may be described in terms of their length (e.g., of a river, with values long and short) or depth (e.g., of a lake, with values deep and shallow). They generate facets of attributes. The Dead Sea (an entity) can be described as an instance of lake (entity class in the facet of body of water), located in Jordan (relation) with an average depth (attribute name) of 118 m which can be considered deep (attribute value). Domains are organized along three levels: Formal language level: it provides the terms of the formal language, thus they are language independent, used to denote the elements in E/R/A. Each term in E denotes an entity class (e.g. lake, river and city). Each term in R represents the name of a relation (e.g. direction). Each term in A denotes either an attribute name (e.g. depth) or an attribute value (e.g. deep). Knowledge level: it codifies what is known about the entities (e.g. the Dead Sea) which are instances of the classes in E, in terms of corresponding classes (e.g. Dead Sea is an instance of lake), attributes (e.g. Dead Sea is deep) and relations between them (e.g. Dead Sea is part of Israel). Entities are at the leaves of the facets and populate them. The knowledge level is codified using the formal language and is, therefore, also language independent; Natural language level: we define a natural language as a set of words (i.e. strings) in one natural language such that words with same meaning are grouped together and mapped to the same term at formal language level. This level can be instantiated to multiple languages. The formal language level corresponds to what in logics is called a TBox, while the knowledge level corresponds to an ABox (Baader et al 2002). They can be therefore exploited for automated reasoning. The natural language level can be instead exploited by natural language processing (NLP) tools. The picture below shows an exemplified version of the geography domain in DERA. Classes are represented with circles, entities with squares, relation names with hexagons, attribute names with trapezoids and attribute values with stars. Letters inside the nodes (capital letters for entities and small letters for classes, relations and attributes) denote formal terms, while corresponding terms in natural language are provided as labels of the nodes. For sake of simplicity, synonyms are not given. Arrows denote relations between the elements in E/R/A; solid arrows represent those relations constituting the facets (is-a, part-of and value-of) and which are part of the formal language level; dashed arrows represent instance-of, part-of and the other relations or attributes which are part of the knowledge level. Here the hierarchies rooted in body of water, populated place and landmass are facets of entity classes and are subdivisions of location, the one rooted in direction is a facet of relations and the one rooted in depth is a facet of attributes. ÂŠ SmartSociety Consortium 2013 - 2017

Page 93 of (133)

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

location

is-a

body of water b

is-a

lake

is-a

river

city

instance-of

Garda lake

country

instance-of part-of

Tiber

n landmass

is-a

part-of

populated place

part-of

C Italy

Rome

Europe

depth

direction

h depth

is-a

north

is-a

value-of

south

deep

shallow

LEGENDA Class

Entity

Relation name

Relations of the formal language level

Attribute name

Attribute value

Relations of the knowledge level

Fig. 1 - A small fragment of the geography domain Entities are described in DERA as a set {a} of attributes/relations each of them being in turn a pair <AN, AV> where AN is the attribute/relation name and AV one of its values consistent with what is defined in A (definition of the attributes) and R (definition of the relations). Each entity is then associated one or more classes in E through instance-of relation. The picture below shows Dead Sea as an example of entity following the data model. Dead Sea instance-of depth latitude longitude part-of

lake deep 31.50 35.50 Israel

Fig. 2 â&#x20AC;&#x201C; An example of entity Domains have two important properties. They are the main means by which diversity is captured, in terms of language, knowledge and personal experience. For instance, according to the personal perception and purpose, the geography domain may or may not include buildings and man-made structures; the food domain may or may not include dogs according to the local customs. The degree by which a certain level of agreement can be reached corresponds to the degree by which there is a hope to establish effective Page 94 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

communication between two parties. Moreover, domains allow scaling as with them it is possible to add new knowledge at any time as needed. For instance, while initially local applications may require only knowledge of the geography domain, due to new scenarios, the food domain might be needed and added (Dutta et al 2011). The obvious scalability issues are being explicitly addressed via the development of a collaborative platform for the construction and maintenance of domain ontologies and the establishment of a world-wide community of experts in multiple domains and in multiple languages. DERA comes with a methodology for the construction and maintenance of domain knowledge. Guiding principles are inspired to those proposed in the faceted approach (Dutta et al 2011). As proved by decades of research in LIS, the use of the principles at the basis of the faceted approach guarantees the creation of better quality - in terms of robustness, extensibility, reusability, compactness and flexibility - and easier to maintain domain ontologies. However, while the original approach focuses on ontologies for the classification of documents, DERA aims at the development of descriptive ontologies. Therefore, both the aim and the means are different. The new methodology has already proved effective in experiments conducted in the geography domain, for instance for the encoding of the relevant knowledge (Giunchiglia et al 2012c) and the search of maps in semantic geo-catalogues (Farazi et al 2012). This takes an orthogonal direction with respect to the approach currently followed, for instance by the Semantic Web research community, where people tend to the homogenization of semantics under some kind of global schema. Diversity is generally addressed by creating standard schemes that set the basic features of diverse agents. For instance, the way this is address by INSPIRE36, the EU initiative aiming at enabling the sharing of environmental spatial information among public sector organizations and better facilitate public access to spatial information across Europe, is by establishing a fixed terminology to indicate geo-spatial classes and properties. However, it is broadly recognized that a fixed terminology is an obstacle towards achieving semantic interoperability (Kuhn 2005). For example, if it is decided that the standard term to denote a terminal where subways load and unload passengers must be metro station, it would fail in applications where the same concept is denoted with subway station (Maltese 2013). That approach does not scale in general or outside specific applications domains. In practice, this is one of the main difficulties towards Internet-scale distributed problem solving. In fact, this weakness has been explicitly identified as one of the key issues for the future of the INSPIRE implementation (see for instance Lutz et al 2009). III.8.5

Context

First formal computational theories on context were proposed by McCarthy (McCarthy 1993) and Giunchiglia (Giunchiglia 1993). In both the approaches a context is a logical theory over a certain language and domain of interpretation. McCarthy understands context as a way to partition knowledge into a set of locally true axioms with common implicit assumptions. To simplify local reasoning such axioms should be at the right level of abstraction, thus excluding irrelevant details (as from the generality principle (McCarthy 1987)), but a broader context can always be constructed (by local decontextualization by means of lift rules). CYC is an example of knowledge base that follows this approach, partitioning knowledge into smaller, easier to manage, sets of axioms (Guha and Lenat 1993). Motivated by the intuition that reasoning is always local and represents a partial approximate theory and subjective view of the world, Giunchiglia presents context as a tool to localize reasoning to a subset of true facts known by a certain agent with its own language, grammar and theory (Bouquet et al 2003). This approach leads to the maximum level of local autonomy. Under this view and unlike McCarthy, the existence of a common global schema is not guaranteed. Taking into account common implicit assumptions, it might be possible to (partially) relate compatible axioms in distinct contexts instead (Ghidini and Giunchiglia 2001). Such relations (or bridges) are the basis for interoperability. Determining the context allows on the one hand a better disambiguation of the terms used (i.e. by making explicit some of the assumptions left implicit) and on the other hand, by selecting from the relevant domains

http://inspire.jrc.ec.europa.eu/ ÂŠ SmartSociety Consortium 2013 - 2017

Page 95 of (133)

Deliverable D1.1

the language and the knowledge which are strictly necessary to solve the problem at hand, it allows reducing the complexity of reasoning at run-time (Giunchiglia et al 2012b). 5.1 Beyond the state of the art Current work on CAS mainly focuses on homogeneous collectives of artificial agents. Therefore, in the context of CAS several challenges still need to be addressed:  Investigate about hybrid and diversity-aware CAS, made of heterogeneous collectives of both human and artificial agents with different capabilities, skills, knowledge and resources;  Develop methods for making CAS able to capture the diversity of the world in language (the terms used to describe entities), knowledge (the entities described), personal experience (the different opinions about them, also related to culture) and action (diversity of response);  Understand the way diversity impacts the profiling of the agents (in terms of their capabilities, skills, knowledge), the processes and the data exchanged within a CAS;  Investigate the role of diversity in task decomposition, in the identification of those agents that are able to accomplish a certain task, right agent selection and in the structuring networks of participating agents, especially in the ways by which the same agent can belong to different collectives at different time or even simultaneously. 5.2

References

F. Baader, D. Calvanese, D. McGuinness, D. Nardi and P. F. Patel-Schneider (2002). The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press. P. Bouquet, C. Ghidini, F. Giunchiglia and E. Blanzieri (2003). Theories and uses of context in knowledge representation and reasoning. Journal of Pragmatics, 35 (3). G. Demartini and S. Siersdor er (2010). Dear search engine: What’s your opinion about...? - sentiment analysis for semantic enrichment of web search results. Semantic Search workshop at WWW. B. Dutta, F. Giunchiglia and V. Maltese, (2011). A Facet-based Methodology for Geo-Spatial Modeling. C. Claramunt, S. Levashkin, and M. Bertolotto (Eds.), GEOS conference, Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, 6631, pp 133–150. F. Farazi, V. Maltese, B. Dutta, A. Ivanyukovich and V. Rizzi, (2012). A semantic geo-catalogue for a local administration. Artificial Intelligence Review, 1-20. F. Giunchiglia (1993). Contextual reasoning. Epistemologica - Special Issue on I Linguaggi e le Macchine, 16, 345–364. F. Giunchiglia (2006). Managing Diversity in Knowledge, Invited Talk at the European Conference on Artificial Intelligence ECAI, Lecture Notes in Artificial Intelligence. F. Giunchiglia, B. Dutta and V. Maltese (2009). Faceted lightweight ontologies. In “Conceptual Modeling: Foundations and Applications”, LNCS Springer. F. Giunchiglia, V. Maltese, A. Baldry and B. Dutta (2012a). Living Knowledge. In: “Web genres and web tools: contributions from the Living Knowledge pro ect”, edited by Giulia Magazzù et al., IBIS, Como-Pavia F. Giunchiglia, B. Dutta, V. Maltese and F. Farazi (2012b). A facet-based methodology for the construction of a large-scale geospatial ontology. Journal on Data Semantics,1(1),57-73 F. Giunchiglia, V. Maltese and B. Dutta (2012c). Domains and context: first steps towards managing diversity in knowledge. Journal of Web Semantics, special issue on Reasoning with Context in the Semantic Web. F. Giunchiglia, B. Dutta and V. Maltese (2013). From Knowledge Organization to Knowledge Representation. ISKO UK Conference. C. Ghidini and F. Giunchiglia (2001). Local Model Semantics, or Contextual Reasoning = Locality + Compatibility, Artificial Intelligence, 127 (2), 221–259. R. Guha and D. Lenat (1993). Context dependence of representations in cyc. Colloque ICO. J. Hare, S. Samangooei and P. Lewis (2011). Efficient clustering and quantisation of SIFT features: Exploiting characteristics of the SIFT descriptor and interest region detectors under image inversion. The ACM International Conference on Multimedia Retrieval (ICMR). R. Johansson and A. Moschitti (2010). Syntactic and Semantic Structure for Opinion Expression Detection. In CoNLL. W. Kuhn (2005). Geospatial semantics: Why, of What, and How? Journal of Data Semantics (JoDS), III, pp. 1–24. M. Lutz, N. Ostlander, X. Kechagioglou and H. Cao (2009). Challenges for Metadata Creation and Discovery in a multilingual SDI Facing INSPIRE. ISRSE conference. V. Maltese, F. Giunchiglia, K. Denecke, P. Lewis, C. Wallner, A. Baldry and D. Madalli (2009). On the interdisciplinary foundations of diversity. At the first Living Web Workshop at ISWC. V. Maltese (2012). Dealing with semantic heterogeneity in classifications. PhD thesis. V. Maltese and F. Farazi (2013). A semantic schema for GeoNames. In the proceedings of the INSPIRE conference. J. McCarthy (1987). Generality in artificial intelligence. Communications of ACM, 30, 1030–1035. J. McCarthy (1993). Notes on formalizing context, Bajcsy, R. (Ed.), Thirteenth International Joint Conference on Artificial Intelligence, IJCAI, 555-560. D. McDonald and J. G. Dimmick (2003). The Conceptualization and Measurement of Diversity. In Communication Research, 30 (1), pp. 60-79 E. Minack, G. Demartini and W. Nejdl (2009). Current Approaches to Search Result Diversification. First International Workshop on Living Web: Making Web Diversity a true asset held in conjunction with the International Semantic Web Conference.

Page 96 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

E. Minack, W. Siberski and W. Nejdl (2011). Incremental Diversification for Very Large Sets: a Streaming-based Approach. In SIGIR. S. R. Ranganathan (1967). Prolegomena to library classification, Asia Publishing House. D. Skoutas and E. Minack, W. Nejdl (2010). Increasing diversity in web search results. In WebSci10: Extending the Frontiers of Society On-Line. S. Siersdorfer, J. S. Pedro and M. Sanderson (2011). Content Redundancy in YouTube and its Application to Video Tagging ACM Transactions on Information Systems (TOIS).

III.9

Vertical diversity and the semantic gap between humans and machines

George Kampis III.9.1

Introduction

Vertical diversity is understood as the layered, hierarchical heterogeneity of agents in a CAS, an example of which is the shift from machines to humans. A key question for vertical diversity is about the essential difference between humans and machines: what makes them occupy different layers in the system and what to do about those differences in order to build systems where the actors are symbiotic or more interchangeable. An essential feature of humans is sense-making, and thus a closely related question is that of the semantic gap between humans and machines, that is, humans' ability above computers to understand at the level of meaning and context, an issue to be dealt with separately. III.9.2

Outlook to Smart Society

Our concern will be to define models of human-machine symbiosis and cooperation, focusing on the leveraging of their respective strengths. To understand what is possible by their combination, we should consider their individual strengths and weaknesses first. Classic models focus on the human use of computers but there is a more recent switch to more collaborative interaction. A missing element is considering group as opposed to individual interaction. III.9.3

The classic landscape: machines as aids

Historically, Likcklider has been one of the first to advocate the use of computers to “augment human intellect by freeing it from mundane tasks” (Licklider, 1960). Based on the relative abilities of human and computers, he suggested symbiotic roles that computers might play to enhance the abilities of humans: ‘Men will set the goals, formulate the hypotheses, determine the criteria, and perform the evaluations. Computing machines will do the routinizable work that must be done to prepare the way for insights and decisions in technical and scientific thinking. Preliminary analyses indicate that the symbiotic partnership will perform intellectual operations much more effectively than man alone can perform them.’ This programme was turned into action by Engelbart (1968) and several others. Personal computers, online databases or the internet, and in particular "smart“ software are examples of this development today. Foster (2007) refines the picture, however, by noting that “the number of operations that remain susceptible to automation remains large—indeed, is perhaps unbounded”. He focuses on the various services machines can provide to humans, and envisions a new approach for creating, discovering, and accessing those services. In particular, he stresses the significance of provenance and machine aided tools to prove origins, both in the human but context but also for recording the provenance of computational results. An example highlighted is the generation of automated protocols for science to help “machine supported” science happen. This idea is of particular relevance today with the advent of community-based tools and social computing for “innovation acceleration” (van Harmelen et al, 2012). Roy (2004) of MIT envisions a new form of human machine symbiosis, which he calls “Human-Machine Superperformance”. To achieve this goal, he suggests to explore collaborative human-machine systems in which machines have become perceptually engaged, physically embodied, representation-grounded, learning systems. Within this expanded framework, he suggests systems can magnify human performance along various new cognitive and physical dimensions, in particular: Perceptual computing — machines with a sense of the world; Natural representation — giving symbols meaning; Learning and expression — beyond © SmartSociety Consortium 2013 - 2017

Page 97 of (133)

Deliverable D1.1

programming. In this context he expects a rapid acceleration if various human capabilities by a new augmentation: "10x memory, 10x expression, 10x listening, 10x learning and understanding, 10x physical skills, 10x awareness”- however, the details of the approach and the promised performance gains are yet to be seen. Recent summaries of the augmentation view are Greef (2007) and Saniotis (2009). III.9.4

The new status quo: human-machine collaboration

At the same time however, a shift from human-computer interaction (Karray et al, 2008), or HCI, to humanmachine collaboration (HMC) has taken place. Ex-Stanford Shyam Sankar outlines the essence of the new strategy in his recent TED talk (Sankar, 2012) using the example of collaborative chess. A recent tournament where persons together with their machines were pitted against supercomputers was won by two amateurs using three average laptops, beating top ranked players allied with supercomputers. Sankar concludes: “The interface between man and machine … is more important than the power of the man or the power of the machine in determining overall capability.” An important forerunner of this view is Hoc (2000, 2001). He stresses the importance for human-computer systems to adapt to unforeseen contingencies and discusses how to go beyond augmentation by using a new conception of function allocation. The classical augmentation view assumes that humans are better in certain tasks (e.g. those requiring intuition) whereas machines are better in others (e.g. number crunching). Instead of decomposing human-machine systems into elementary functions carried out separately, he suggests revision cycles to go beyond over-self-confidence and “complacency”, i.e. blind refusal or blind acceptance of the other agent’s competence in a function or a task. Cognitive aspects of cooperation can be built into machines in a simplified form, where cooperation is considered from a functional point of view – i.e., understood as the existence of activities not performed when acting alone. Generation and maintenance of a “common frame of reference” is argued to be a key that makes joint action and joint planning possible. In essence, as Sankar says, the important point is not ability, but the coordination of different abilities via a suitable interface. III.9.5

Constituting the difference

But what are these different abilities? The dominant perspective is cognitive and focuses on the intentionality and agency of humans. Levin et al. (2008) uses psychological experiments to reveal concepts about the capabilities of computers and robots. Machine agents are supposed to engage in more location-based, and feature-based behaviors whereas humans engage in more goal-based, and category-based behaviors. They “find that subjects assume that robots created with future technology may become more intentional, but will not be fully equivalent to humans, and that even a fully human-controlled robot will not be as intentional as a human. These results suggest that subjects strongly distinguish intelligent agents based on intentionality, and that the basic living/mechanical distinction is powerful". This suggests, that from the cognitive point of view it is maybe not just an “uncanny valley” (Mori 1970) but a deeper chasm that separates machines and humans. In the uncanny valley argument it is assumed that with an increasing similarity between machines and humans the machines are judged as less human (the comparison capitalizing on the differences rather than similarities after a point), but that finally there is convergence: however, the above experiments suggest this is not the case. Nevertheless, a bridge can be built, again, in collaborative situations. A further application of the intentionality view, with a twist, comes from the works of Scheutz et al. (e.g. 2011) that study decision making, turn taking, and the flow of control in mixed human-robot systems (where the robot was in fact simulated as a software agent). They found that, after an initial training period and under time pressure in a collaboration task, the human assessment of the machine companion has radically changed in the positive direction. When barely sufficient time was left to accomplish a task together, humans tended to hand control over to the machine co-player. At the same time, they also reported about the latter using more human expressions. This indicates a possibility for reconciliation strategies and probably the importance of trust (Abeler 2001) emerging from past success, i.e. reputation, and a possible role it might play in closing the chasm.

Page 98 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 III.9.6

Minding the gap

There is also a narrower sense in which a human-machine gap can be addressed and that relates to sensemaking or semantics. Recently, a major domain of investigation is in the visual context and especially in image analysis, where the question is to provide automatic textual annotations similar to those of humans, i.e. using higher order concepts and “understanding”. Reviewing the problem, Hare et al. (2006) speaks of 4 levels: pixel, feature vector (descriptor), objects (common and individual names, e.g. mountain or Mount Everest), and finally “relationships between the objects as depicted in the image, and the variety of connotations invoked, the implied relationship with the world at large, implied actions, and the broader context“. In a recent experimental paper in PNAS, Fleuret et al. (2011) find that “the performance of machines in providing rich semantic descriptions of natural scenes from digital images remains highly limited and hugely inferior to that of humans“, leaving space for much of future research on the topic which they expect to be based on parts modeling. More important for our project is text and action-based semantics “understanding” (by either machines and humans). Language-enabled applications are currently limited by their ability to understand the actual meanings of words because words can be contextual or bear ambiguity – hence higher units such as sentences or paragraph tend to be highly incomplete. Event descriptions and dependency-based parsing (Vilain, 2008) provide an example to move forward from this point and to improve machine performance on common knowledge acquisition tasks. Still further, Hellmann (2010) offers converting natural language text (with implicit knowledge) into a more expressive formalism, OWL. The explicated meaning then serves as input for (high-level) algorithms and applications. The model is further enriched by fragments of existing knowledge cases from external sources such as DBpedia (Bizer et al. 2009), a semantic web version of Wikipedia, and part of the Linked Open Data initiative. The moral of the approach is that opening up to external (machine or human) generated information sources helps disambiguation and completion and hence the acquisition of meaning readily understandable for both machines and humans. This area will be exploited in SmartSociety research to attempt narrowing the gap. III.9.7

References

Aberer, K., & Despotovic, Z. (2001, October). Managing trust in a peer-2-peer information system. In Proceedings of the tenth international conference on Information and knowledge management (pp. 310-317). ACM. Bizer, C., Lehmann, J., Kobilarov, G., Auer, S., Becker, C., Cyganiak, R., & Hellmann, S. (2009). DBpedia-A crystallization point for the Web of Data. Web Semantics: Science, Services and Agents on the World Wide Web, 7(3), 154-165. Engelbart, D.C. and English, W.K. A Research Center for Augmenting Human Intellect. in Proceedings of AFIPS 1968 Fall Joint Computer Conference, San Francisco, CA, 1968. Fleuret, F., Li, T., Dubout, C., Wampler, E. K., Yantis, S., & Geman, D. (2011). Comparing machines and humans on a visual categorization test. Proceedings of the National Academy of Sciences, 108(43), 17621-17625. Foster, I. (2007). Human-Machine Symbiosis, 50 Years On. arXiv preprint arXiv:0712.2255. Greef, T., Dongen, K., Grootjen, M. & Lindenberg, J. (2007). Augmenting Cognition: Reviewing the Symbiotic Relation Between Man and Machine. In Foundations of Augmented Cognition. Springer Berlin / Heidelberg Hare, J. S., Lewis, P. H., Enser, P. G., & Sandom, C. J. (2006, January). Mind the gap: another look at the problem of the semantic gap in image retrieval. In Electronic Imaging 2006 (pp. 607309-607309). International Society for Optics and Photonics. Hellmann, S. (2010). The semantic gap of formalized meaning. In The Semantic Web: Research and Applications (pp. 462-466). Springer Berlin Heidelberg. Hoc, Jean-Michel (2000): From human – machine interaction to human – machine cooperation, Ergonomics, 43:7, 833-843, http://dx.doi.org/10.1080/001401300409044. Hoc, Jean-Michel (2001) Int. J. Human-Computer Studies ,54, 509}540 doi:10.1006/ijhc.2000.0454 Karl Aberer, Zoran Despotovic: Managing Trust in a Peer-2-Peer Information System. CIKM 2001: 310-317 Serge Kernbach, Heiko Hamann, Jürgen Stradner, Ronald Thenius, Thomas Schmickl, Karl Crailsheim, A.C. van Rossum, Michele Sebag, Nicolas Bredeche, Yao Yao, Guy Baele, et al.: On Adaptive Self-Organization in Artificial Robot Organisms. The First International Conference on Adaptive and Self-adaptive Systems and Applications (2009) Karray, F., Alemzadeh, M., Saleh, J. A., & Arab, M. N. (2008). Human-computer interaction: Overview on state of the art. International Journal on Smart Sensing and Intelligent Systems, 1(1), 137-159. Kurzweil, R. (2000). The age of spiritual machines: When computers exceed human intelligence. New York: Penguin. Licklider, J.R. (1960) Man-Computer Symbiosis. IRE Transactions on Human Factors in Electronics, HFE-1. 4-11. Mori, M. (1970). The uncanny valley. Energy, 7(4), 33-35. Roy, D. (2004) 10x: Human-machine symbiosis. BT Technology Journal, Vol. 22, No. 4, October 2004. Retrieved on 17 May 2010 from http://10x.media.mit.edu/10x%20draft.pdf Sankar, S. (2012): The rise of human-computer cooperation. (http://www.ted.com/talks/shyam_sankar_the_rise_of_human_computer_cooperation.html)

Page 99 of (133)

Deliverable D1.1

Saniotis, A. (2009) Present and Future Developments in Cognitive Enhancement Technologies. In Journal of Futures Studies, Vol. 14, No. 1, p. 27–38. Retrieved on 22 May M Scheutz and R Cantrell and P Schermerhorn (2011): Toward humanlike task-based dialogue processing for human robot interaction, ai magazine, 32, 4, 77-78 Shyam Sankar, The rise of human-computer cooperation, http://www.ted.com/talks/shyam_sankar_the_rise_of_human_computer_cooperation.html van Harmelen, F., Kampis, G., Börner, K., van den Besselaar, P., Schultes, E., Goble, C., ... & Helbing, D. (2012). Theoretical and technological building blocks for an innovation accelerator. The European Physical Journal Special Topics, 214(1), 183-214.

III.10

Incentive Design

Kobi Gal III.10.1

Introduction

Incentives motivate, direct and influence the behaviour of individuals and groups over time. The study of incentive structures is thus central to research in decision-making in fields such as economics, computer science, psychology and most recently, human computation. This document will review work on incentive design. The study of mechanisms for in influencing the behaviour of individuals and groups towards achieving desired behaviour such as collaboration and coordination, energy conservation and efficiency. We shall focus on quantifiable and measurable types of incentives such as monetary payments, in influential actions taken by a second party and reputation points. There is significant cant work on intrinsic factors that lead people's decision-making including enjoyment, altruism and social reward, which remains outside the scope of this review. See the seminal survey by Fehr and Falk (2002) for a detailed account of intrinsic factors. III.10.2

Artificial Intelligence

A body of work in artificial intelligence has focused on strategies for use by a principal agent wishing to modify another agent's behaviour in order to meet an external objective (which may align or not with the agent's own objectives). We provide some motivating examples of the principal-agent paradigm in the context of possible CAS applications that are relevant for SmartSocieties. The principal may provide incentives directly to the agent, by explicitly modifying its reward function (e.g., allowing cars with more than 2 passengers to use fast-lanes during rush hours), or indirectly, by changing the environment, (e.g., varying the tactile rigidity of a joystick to improve the performance of a user with shaking hands) or by taking actions meant to influence and induce desired behaviour from the agent (e.g., revealing the amount of water used by consumers to their neighbours in order to promote conversation.) The principal faces the optimization problem of choosing which actions to take to induce the desired behaviour from the agent while minimizing the cost of these actions. The settings considered in AI are motivated by the real world and are associated with several challenges: The agent and the principal agent interact repeatedly, and the principal need to adapt to the ways the agent responds and reacts to different incentives (e.g., in an educational system context, rewarding a student for each question he or she solves correctly in the homework may lead the student to expect to be rewarded for each correct question in future home-works). 

The amount of incentives that can be given is often limited (e.g., a teacher may only give a fixed number of brownies to its students).



The value of incentives may diminish over time (e.g., a consumer may prefer an immediate discount to a mail-in rebate).



The agent's preferences may be complex and may not adhere completely to its preferences. (e.g., a student may make a mistake when answering questions or perform exploratory actions).



The agent's preferences may be unknown or only partially observed by the interested party. (e.g., the teacher does not know how much the student values solving an easy question incorrectly over solving a hard question incorrectly).

Page 100 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017

Work in policy teaching or reward shaping induces the agent to meet external goals by directly modifying the rewards in its utility function. The agent is assumed to be strategic, that is it maintains a belief about the value for each action which may update based on experience and selects at each time step the action with the maximal sum of value and associated incentive. Specially, Zhang et al. (2009) provide algorithms that iteratively learn the agent's reward function using inverse reinforcement learning techniques, and used the learned information to change the agent's reward function. The agent does not actively model or manipulate the principal in this work. They provide a bound on the number of iterations needed to return a solution to the policy teaching problem (if one exists). Their results show that even with unknown rewards, the algorithm can induce the desired behaviour from the agent in a relatively small number of interactions. A more complex setting was considered the principal observes the agent's actions, but has no information about the agent's beliefs (Chen et al., 2011). A related approach called apprenticeship learning in which incentives consist of the principal demonstrating its desired actions to the agent (Coates et al., 2009). Such an approach is useful in situations in which the reward function is hard to de ne or is unknown (e.g., teaching an agent how to drive by demonstrating proper driving practices rather than modifying its reward function directly). In such settings the agent learns its policy by mimicking the desired behaviour of the principal. This approach was shown to be successful in autonomous driving and helicopter flying domains (Abbeel et al., 2007). Valtazanos and Ramamoorthy (2013) have studied the more challenging, competitive setting in which the agent is an adversary, and the teacher must lead it to a desired joint state. They demonstrate the efficiency of their approach in robotic soccer. Lastly a significant body of work studies reputation mechanisms that distribute information about agents' capabilities (or other agents' opinion and beliefs about these capabilities). Agents use such reputation information (whether it originates from a central mechanism, or in the form of "gossip" from other agents) as a guide for estimating the possibly unknown capabilities of other agents. We refer the reader to the recent survey by Pinyol and Sabater-Mir (2012) for a description of reputation and trust studies, and mention recent work on "badge" systems that represent people's reputation in online market-places and internet forums (Antin and Churchill, 2011). Badges are given to users for particular contributions, like answering questions in a forum. The work by Anderson et al. (2013) analyzed the ways in which badges can steer users to change their behaviour, providing a theoretical model that is empirically evaluated on task over flow. Specifically, they investigate the problem of how to optimally place badges in order to induce desired user behaviour. III.10.3

Human Computation

Work on the analysis and the design of incentive structures is relevant when monitoring and guaranteeing good quality of contributions in popular information-sharing sites Malone et al. (2009) as well as on-line labour markets such as Amazon Mechanical Turk (MTurk) Paolacci et al. (2010). A common incentive method in these settings is to pay participants by their individual performance. However such a scheme is manipulable by the workers (Kamar and Horvitz, 2012). An alternative measure is the peer-prediction rule (Miller et al., 2005), in which users' payment is determined by how well their report is able to predict others' reports. Kamar and Horvitz (2012) demonstrate the way payments can be computed with the peer prediction rules for consensus tasks, a common class of problems for which there is a ground truth (which may or may not be known by the owner of the task), and participants' solutions to the problem can be verified for correctness. Examples of such tasks are protein folding, picture tagging, information extraction and translation. Another rule is the consensus prediction rule, which rewards participants according to how well their report can predict the outcome of a consensus-based aggregation of participants individual actions. Specifically, the pro t of participants depends on how much their report improves performance on a test set. III.10.4

Economics

Work on incentive mechanisms in economics is vast, and originated with the design of contractual agreements and protocols in settings where information is distributed across agents and agents may have different objectives or goals (Bolton and Dewatripont, 2005). The principal-agent model that is common in AI originated in economic theory Lamont and Martimort (2001). A significant body of work in game theory has focused on the principal-agent model, most notably in persuasion games, in which the principal needs to decide how much information to disclose to the agent in an attempt to encourage it to take a specific action (Milgrom and Roberts, 1986, Crawford and Sobel, 1982, Glazer and Rubinstein, 2006, Pillai, 2009, Forges ÂŠ SmartSociety Consortium 2013 - 2017

Page 101 of (133)

Deliverable D1.1

and Koessler, 2005, Ryan and Vaithianathan, 2011, Sher, 2011). Unlike the work in AI and human computation, most work in economics limit the interaction between the principal and the agent to a one-shot interactions and assume unbounded computational agents that may follow equilibrium strategies. Some notable exceptions is the work by Milgrom and Roberts (1986) who considered a "novice" agent having limited information processing capacity, although the agent used equilibrium strategies. Sher (2011) studied settings in which communication was limited and depended on the type of information available to the principle. Lastly, Forges and Koessler (2005) studied equilibrium notions in Bayesian games in which messages communicated by the parties were not necessarily reliable and could only be partially verified. III.10.5

Challenges with respect to Smart Societies

Incentive design with Collaborative Adaptive Systems in mind faces numerous challenges: 

We often cannot redefine people's reward function at will, nor can we employ coercion. In CAS, we need to provide incentives that induce people to behave in a desired fashion according to their inherent reward function as well as the provided incentive.



We will need to adapt the incentive design to the social diversity embedded in heterogeneous groups that characterize CAS. In the face of diversity, is it possible to offer different incentives in parallel to different groups? is that ethical?



We have to assume that people may not follow their declared preferences, or deviate from them in some controlled fashion.



The size of the incentives must concur with the scale of the reward function of the agent. For example, providing a five dollar discount to a person buying a car would most likely not be sufficient. Thus we need to consider both the shape and size of the utility function.



How to leverage the complementary strengths of humans and computer agents to solve crowdsourcing tasks more efficiently?



How to mesh different incentive mechanisms running in parallel that may compete or collaborate with each other?

III.10.6

References

P. Abbeel, A. Coates, M. Quigley, and A. Y Ng. An application of reinforcement learning to aerobatic helicopter flight. Advances in neural information processing systems, 19:1, 2007. A. Anderson, D. Huttenlocher, J. Kleinberg, and J. Leskovec. Steering user behaviour with badges. In world wide web, 2013. J. Antin and E. F. Churchill. Badges in social media: A social psychological perspective, 2011. P. Bolton and M. Dewatripont. Contract theory, 2005. Y. Chen, J. Kung, D. C. Parkes, A. D. Procaccia, and H. Zhang. Incentive design for adaptive agents. In The 10th International Conference on Autonomous Agents and Multiagent Systems-Volume 2, pages 627{634. International Foundation for Autonomous Agents and Multiagent Systems, 2011. Adam Coates, Pieter Abbeel, and Andrew Y Ng. Apprenticeship learning for helicopter control. Communications of the ACM, 52(7):97{105, 2009. V. Crawford and J. Sobel. Strategic information transmission. Econometrica, 50:1431{1451, 1982. E. Fehr and A. Falk. Psychological foundations of incentives. European Economic Review, 46(4):687{724, 2002. F. Forges and F. Koessler. Communication equilibria with partially verifiable types. Journal of Mathematical Economics, 41:793{811, 2005. J. Glazer and A. Rubinstein. A study in the pragmatics of persuasion: A game theoretical approach. Theoretical Economics, 1:395{410, 2006. E. Kamar and E. Horvitz. Incentives for truthful reporting in crowdsourcing. In Proceedings of AAMAS, 2012. J-J. Lamont and D. Martimort. The theory of incentives: the principal-agent model. Princeton University Press, 2001. Thomas Malone, Robert Laubacher, and Chrysanthos Dellarocas. Harnessing crowds: Mapping the genome of collective intelligence. 2009. P. Milgrom and J. Roberts. Relying on the information of interested parties. Rand J. of Economics, 17:18{32, 1986. N. Miller, P. Resnick, and R. Zeckhauser. Eliciting informative feedback: The peer-prediction method. Management Science, 51(9):1359{1373, 2005.

Page 102 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

G. Paolacci, J. Chandler, and P. G. Ipeirotis. Running experiments on Amazon Mechanical Turk. Judgment and Decision Making, 5(5), 2010. E. Turkay Pillai. Two-sided uncertainty in persuasion games, working paper, 2009. I. Pinyol and J. Sabater-Mir. Computational trust and reputation models for open multi-agent systems: a review. Artificial Intelligence Review, pages 1-25, 2012. M. Ryan and R. Vaithianathan. Veri ability and neologism-proofness in a sender-receiver game. Journal of Economic Behavior and Organization, 79 (3):256 -262, 2011. I. Sher. Credibility and determinism in a game of persuasion. Games and Economic Behavior, 71(2):409 -419, 2011. A. Valtazanos and S. Ramamoorthy. Bayesian interaction shaping: learning to influence strategic interactions in mixed robotic domains. In Proceedings of AAMAS, 2013. H. Zhang, D. C Parkes, and Y. Chen. Policy teaching through reward function learning. In Proceedings of the 10th ACM conference on Electronic commerce, pages 295-304, 2009.

III.11

Resilience

Stuart Anderson III.11.1

Introduction

Resilience is the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation (Hollnagel, 2006). So resilience is a property of the whole system and its context of operation. It is difficult to characterize and measure because of the open-ended nature of faults and challenges. In particular there is an inexhaustible list of potential challenges not all of which can be handled by the system. In addition it may be difficult to measure resilience in the face of a particular challenge because the loss of some aspects of a service may be critical in some contexts and non-critical in others. Resilience is also a property of systems that is difficult to reason about in a straightforwardly compositional manner. For example a system composed of two “resilient” components may not be resilient and the composition of two non-resilient components may be resilient (just because the components contribute to the context and so may mask or reveal previously unobserved behaviour). III.11.2

Roots of Resilience

Resilience has appeared in a variety of guises. For our requirements we will just consider three main contexts: ecological systems, critical infrastructure and safety critical systems. Each illustrates a slightly different aspect of resilience. III.11.3

Ecological Resilience

Notions of Ecological Resilience first appeared in Holling (1973). This looked at issues like the time taken for an ecosystem to return to equilibrium after disturbance and the capacity to absorb disturbance while retaining essentially the same structure. These features are important when we consider particular kinds of disturbance. For example, disturbances like intensification of agricultural management can affect the structure of an ecosystem in significant ways that may, in the long run, demonstrate poor resilience in the ecosystem. Intensive agriculture may reduce the capacity of an ecosystem to replenish nutrients in the soil and in the medium term this may lead to catastrophic change of ecosystem, as demonstrated by the “dustbowl” phenomenon in the continental US (in this context overfishing can permanently change a fishery). In its origin this notion of resilience had rather specific threats in mind but as our concern over the environment has grown it has become clear that ecosystems may face quite unpredictable threats from the wider geosystem for example global warming and volcanic eruptions which can change the climate system significantly. Assessments of resilience play important roles in assessing the sustainability of interventions since setting the level of intervention inside the resilience of the system will help maintain sustainability. Resilience is also useful in setting policy and management measures for ecosystems since this allows us set policy to prevent excessive shock to the environment. © SmartSociety Consortium 2013 - 2017 Page 103 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Page 104 of (133)

Deliverable D1.1

http://www.smart-society-project.eu/

Deliverable D1.1

Measures to improve resilience in ecosystems might include:  

III.11.4

Improving species diversity so things like susceptibility to disease or change in climate will enable the survival of some relevant species that fills a critical role in the ecosystem. Manipulating the structure in the environment to ensure that the likelihood of some challenges is reduced. Examples here are flood reduction measures, or creating habitats that offer viable alternatives to critical species. Infrastructure Resilience

Since 9/11 and the creation of the department for homeland security in the US there has been increasing interest in critical infrastructure and its resilience. Critical infrastructure is defined as: “those assets the loss of which would result in great harm to the nation’s security, economy, health and safety, and morale.” (Moteff, 2012) This includes things like the power infrastructure, transport, telecommunications, food, water, … In many ways the approach to Infrastructure Resilience mirrors the approach to resilience in environmental systems:  Increasing diversity, for example in sources of electrical power by using renewable, plus fossil plus nuclear rather than relying on one source.  Making structural changes - using more decentralized structures as backups to centralized structures has the potential to increase resilience. So in networking having a backup point-to-point wireless network that does not rely on a fibre backhaul infrastructure decreases dependency on elements of large-scale infrastructure.  In addition there are policy dimensions that can aim to increase diversity or dependency on centralized infrastructures e.g. policies on company competition that discourages infrastructure sharing. This has the potential to increase resilience but may also increase cost. III.11.5

Safety-critical Resilience

The tradition of safety-critical engineering has been the control of risk based on historical information on the threats to systems and their likelihood. Thus the construction and training around safety critical sociotechnical systems has mainly focused on elimination or mitigating past risk. Over the past 20 years, Eric Hollnagel, David Woods and other co-workers have developed the “Resilience Engineering” approach to the safety of socio-technical systems. To quote from their Lund report (Dekker et al, 2008): “In Resilience Engineering failures do not stand for a breakdown or malfunctioning of normal system functions, but rather represent the converse of the adaptations necessary to cope with the real world complexity. Individuals and organisations must always adjust their performance to the current conditions; and because resources and time are finite it is inevitable that such adjustments are approximate. Success has been ascribed to the ability of groups, individuals, and organisations to anticipate the changing shape of risk before damage occurs; failure is simply the temporary or permanent absence of that.” Thus for Resilience Engineering the focus of resilience is not the management of past failure but rather a focus on the adaptive capacity of socio-technical systems to anticipate future risks and the evolving shape of risk and take appropriate action to avoid risk or put in place the means to manage the threat associated with a risk if it manifests itself. The approach taken by Resilience Engineering is to consider the dynamically changing context of operation and consider broad strategies to mitigate emerging risk. Paraphrasing the Lund report, these strategies are:  

To avoid taking past success as guarantee of future safety. Past results are not enough to guarantee that the current adaptive strategies will keep working. So there must be evolving review of the adaptive strategy. The discussion of risk is kept alive even when everything looks safe. That things look safe doesn’t mean they are: the model of what is risky may have become old and wrong, so it is in need of constant update.

Page 105 of (133)

 

Deliverable D1.1

Diversity of perspectives on problems is essential to the continuous review and update of adaptive strategy. Minority viewpoints, invite doubt, and encourage curious and open-minded, complexly sensitized to the diversity of potential hazards and response strategies. People in the system are incentivized to have the courage to say “no” to trading chronic safety concerns for acute production pressures; the courage to put the foot down and invest in safety when everybody else says that they can’t. Because that is exactly the time when such investments may be necessary.

In this brief review of three key area of work on resilience we see repeated themes emerging. In particular in the Resilience Engineering setting there are many strong resonances between the settings, threats and responses and the fundamental elements of CASs. We go on to consider this in the next section. III.11.6

Why resilience is salient to HDA-CASs

Many of the leading examples of HDA-CASs that we are considering play infrastructural and safety- or mission-critical roles. Thus we should consider how to achieve resilience in these settings. This suggests that in our contributions to the operation, design and evolution of CASs we should give explicit consideration to achieving Resilience. The context of HDA-CASs is a particularly rich context to consider resilience because the system boundary is set broadly enough that many elements that are traditionally excluded from consideration can be included in developing the means to bring about Resilience. Thus we should consider the extent to which there are generic tasks that are oriented towards improving Resilience and should look at the development of social computations that allocate resource to these tasks and allow the highly adaptive implementation of Resilience improvement. III.11.7

Means of Achieving Resilience

In the preceding section we have seen the repeated emphasis on the development and continuous updating of adaptive strategies that are directed to evaluating risk in the current contexts and developing adaptive strategies to cope with potential negative events associated with the risk. Thus, in some sense, we could say that the natural setting to consider resilience is a CAS. In addition, if we consider HDA-CASs we can see we are adding key capacities to achieve and maintain Resilience: 



 



Hybridity: the leverage of social groups to created hybrid social computations incorporates the central role of people in the achievement of Resilience. Because we want Resilience maintenance mechanisms to be forward- rather than backward-looking we need to incorporate the open-ended, inquisitive aspect of the activity of human individuals and social groups. The centrality of this hybrid approach to social computation suggests it is a particularly rich setting to consider achieving and maintaining resilience. Diversity is one of the primary mechanisms considered across all the areas of Resilience we consider in this section. Diversity of strategy, diversity in mechanisms, diversity in social groups and their perspectives and support for diversity in the form of minority and potentially contradictory and confrontational views within a Resilient system are all encompassed by the notion of Diversityawareness included within the HDA-CAS notion. The notion of risk model and risk moderation and adaptation are all enriched if we consider these to be social computations that already embed human capacities into the core of risk management for the system. Incentives play a key role in shaping the response of humans and social groups to the affordances of HDA-CASs. The Resilience perspective on incentives is interesting because we are interested in incentives that potentially encourage disagreement, dissent and competition in different social groups. The social computation perspective adopted in the HDA-CAS setting also provides for mechanisms that can capture and codify more of the Resilience management behaviour of a system. This means that the people involved in an HDA-CAS have improved resources to reflect on the operation of the CAS.

Page 106 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 III.11.8

How this relates to Operation, Design and Evolution in CASs

The previous section suggests that we should consider the Resilience requirements of the Smart Society scenarios as the project develops considering both what specific practices we might want to encourage and whether there are generic adaptive practices we might want to build in to any HDA-CAS. This short section is not the place to expand this possibility fully, but in the short sections below we do suggest some ideas on what such generic practices could be. III.11.9

Operation

Here we should consider guarding against inadvertent loss of diversity arising from the operation of the system. For example, any long-lived system will see people leaving the system to be replaced by other people. This is clearly a opportunity to lose or gain diversity in terms of identifying bias or disincentives to certain groups to join and how to incentivize the maintenance of diversity and the potential to expand diversity if the risk model indicates new emerging threats. III.11.10

Design

The design of the CAS should consider what the initial diversity requirement should be. For example, in the case of health provision it should ideally include social groups that are excluded from some forms of healthcare in order that opposing views are engaged in shaping the way risks are managed. This is particularly true where risks might include the potential for the system to transfer elements of the disease burden to excluded groups in order to make system performance metrics look better. III.11.11

Evolution

Evolution in HDA-CASs will often be in response to some significant perturbation in the environment (or context of operation) and at that point there will need to be a considered review of whether the diversity of perspective in the CAS gives adequate sight to the potential risks in the new environment. Carrying out such a review should probably involve social groups that lie outside the current range of the CAS in order to ensure diversity in adapting to evolution. The above examples are necessarily brief and focus exclusively on generic diversity considerations. They are intended as illustrations of the sorts of considerations we need to take into account in building Resilience into our CAS infrastructure. III.11.12

What CASs can do for Resilience

We would argue that the CAS framework and particularly HDA-CASs provide the almost perfect environment to consider Resilience of systems. The explicit focus on human/machine hybridity and the explicit focus on diversity position key Resilience concerns at the centre of systems design. In addition the Smart Society focus on Social Computation and explicit programming models that involve how to design incentives and the human environment to shape the response of individuals and groups provides the potential for highly reflexive process where the HDA-CAS can consider its modes of operation by exploring the explicit (and potentially transparent) programming account of the operation of the CAS. As the Smart Society scenarios are developed we should consider the detailed resilience strategies for some of the scenarios. This will give an opportunity to identify additional generic strategies and will capture some of the richness of incorporating resilience into a specific domain of application. This process will help us identify generic Resilience capacity that can contribute to the study of resilience in a wide range of settings. III.11.13

What Hybridity and Diversity Awareness do for Resilience in CASs

Since the Smart Society focus is on Hybridity and Diversity awareness we should attempt to characterize the “added-value” of these features to the notion of CAS that has the notion of Collective and Adaptive built into it. How to illustrate and potentially quantify the benefits of hybridity and Diversity-Awareness will be difficult and in the end we may be reduced to demonstrating the added value in particular scenarios. III.11.14

Resilient Governance

Particularly in public service settings governance issues are very prominent. There is a thread of work in Resilience Engineering on considering Ostrom’s Polycentric Governance models as an important template © SmartSociety Consortium 2013 - 2017 Page 107 of (133)

Deliverable D1.1

for governance that retains Resilience (e.g. Ostrom, 1990). Again this seems to be highly relevant in the Smart Society context. III.11.15

Summary

It appears that there is strong synergy between Resilience notions and HDA-CASs and that this can valuably be explored in the project. In addition to the facets explored above there are also considerable potential connections to ethical aspects in Responsible Research and Innovation (dissenting voices, heterogeneity of view, vigilance to changing circumstances, …) and to the use of provenance, trust and reputation information in helping to support Resilience-relevant decision taking. III.11.16

References

S. Dekker, E. Hollnagel, D. Woods and R Cook (2008), “Resilience Engineering: New directions for measuring and maintaining sa ety in complex systems”, Final Report, Lund University, School of Aviation. C.S. Holling (1973). "Resilience and stability of ecological systems". Annual Review of Ecology and Systematics 4: 1–23. doi:10.1146/annurev.es.04.110173.000245 E. Hollnagel, D. D. Woods and N. Leveson (2006) Resilience Engineering: Concepts and Precepts. Ashgate. J. D. Mote (2012), “Critical In rastructure Resilience: he Evolution o Policy and Programs and Issues or Congress”, Congressional Research Service, R42683 E. Ostrom (1990). Governing the Commons: The Evolution of Institutions for Collective Action. New York: Cambridge Univ. Press.

III.12

Activity and context recognition: State-of-the-Art

George Kampis and Paul Lukowicz Activity recognition is the objective of recognizing the activities and goals of an agent or of several agents using observations of the agents’ bodily actions and environmental conditions. It is closely related to but also different form the task of context recognition, where location or other items of modal information (such as the state, process) of an agent are identified – typically however, not from sensor recordings but from realtime data. These notions stand in close relation to smart spaces (cities, houses) and Smart Society. In order to support complex human-computer interaction tasks, such as “socially aware computing” (Lukowicz et al, 2012), or “understanding, creating, and managing complex techno-socio-economic systems” (Helbing et al, 2012), performed human actions and their situated embedding must be “understood” in the same way by computers, as they are by fellow humans. The current review focuses on activity recognition based on sensors. Such activity recognition traditionally starts from the very sensor data, while complementary new approaches, exemplified by intention recognition and detailed below, emerge today. Currently, many different communities are involved in research related to activity recognition, including the core ubicomp (i.e. pervasive and ubiquitous computing) community, human computer interaction, computer vision, cognitive science and artificial intelligence. Of these, we focus here on the pervasive and ubiquitous computing perspective. III.12.1

General Overview

Many commercial systems exist today that utilize a broad range of sensors to facilitate gesture and motionbased interaction. Examples range from multi-touch surfaces, tilt control in mobile phone applications, to complex motion-based game controllers, such as Nintendo WII and Microsoft Kinect. While these systems are mainstream, the next basic research challenge is activity-driven, implicit bodily interaction. Two key differences to existing systems are:  

the interpretation of complex human activities, and the extension of interaction from dedicated periods where a user consciously performs control gestures, to permanent monitoring of all sorts of regular user activity.

Conceptually, activity-driven interaction builds on the vision of context awareness developed since the 1990s. Despite their demonstrated potential, currently only very simple activity based applications such as physical activity monitoring have managed to go beyond the early stage lab demonstrations. From the Page 108 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

scientific point of view, the question is how to map information available from unreliable, often simple sources onto complex human activities. The main challenges stem from the combination of these factors: 

 

In everyday situations, sensor choice, placement and configuration is often dictated by practicability, usability, and user acceptance constraints, rather than by the very scientific or engineering requirements of the recognition system. In addition, the available system configuration may dynamically change. The diversity of human behavior. Even the simplest activities can be performed in a multitude of ways differing not only between people, but also between individual execution instances of a single person (e.g. using different arms, different hand positions, or even the hip to closer a drawer). The complexity of human behavior. Relevant human actions are seldom atomic and independent in reality. Instead, a complex hierarchy of actions that may be executed in parallel, overlap and interleave is to be considered by the recognition system.

Besides, the field lacks definitions for many commonly used terms including "action," "sensor," "evidence," and even "activity" itself, leading to ambiguity in scientific discourse. For example, the conceptual grounding provided by Nardi and Kaptelinin in their definition of Activity Theory (2006) are perfectly understandable to a human. Yet, they are not easily codified into machine programmable constructs. The theory recognizes that elements of "activity" such as goal and motive are socially constructed, depending on the perspectives of the actors in the system. Privacy concerns are a critical barrier to adoption of activity-based technologies. These concerns range from risk of criminal activities (e.g., stalking and identity theft), to social issues of managing personal relationships. Technological approaches to addressing the concerns must, therefore, also be based on a deep understanding of the psychological, sociological and political constraints under which people will operate activity-based systems. III.12.2

Types of activity recognition: video and sensor-based

There is a fundamental difference between visual (Aggarwal and Ryoo, 2011) and sensor-based (Chen et al, 2012) activity recognition. It is common to them that typical applications include surveillance systems, patient monitoring systems and a variety of systems that involve interactions between persons and electronic devices such as human-computer interfaces. Most of these applications require an automated recognition of high-level activities, composed of multiple simple (or atomic) actions of persons. The goal of visual activity recognition is to automatically analyze ongoing activities from an unknown video source (i.e. a sequence of image frames). In a simplest case where a video is segmented to contain only one execution of a single human activity, the objective of the system is to correctly classify the video into its activity category. In more general cases, the continuous recognition of human activities must be performed, detecting starting and ending times of all occurring activities from an input video (Aggarwal and Ryoo (2011) provide an in-depth review of goals, concepts and techniques of the approach). By contrast, sensor-based activity recognition deals with information collected directly from the actions and activities of the agents themselves, by dedicated sensors deployed to or worn by the agents. The in-depth review of Chen et al. (2012) identifies four basic tasks: 1) to choose and deploy appropriate sensors to objects and environments in order to monitor and capture a user’s behavior along with the state change of the environment; 2) to collect, store, and process perceived information through data analysis techniques and/or knowledge representation formalisms at appropriate levels of abstraction; 3) to create computational activity models in a way that allows software systems/agents to conduct reasoning and manipulation; and 4) to select or develop reasoning algorithms to infer activities from sensor data. (Note that 3 is about activity models (top down) and 4 about activity mining (bottom up).) Again, our main focus is here on the sensor-based approaches, as this pertains to our SmartSociety tasks and competences. In particular, over the past decade, sensor technologies, especially low-power, low-cost, highcapacity, and miniaturized sensors, as well wired and different wireless communication networks including specialized electro-magnetic devices (Pantelopoulos and Bourbakis, 2010; Alemdar and Ersoy, 2010; Ding et al, 2011) have made significant progress, and a substantial number of projects and initiatives have been © SmartSociety Consortium 2013 - 2017

Page 109 of (133)

Deliverable D1.1

initiated37. The main drivers are mobile computing (Weiser, 1991; Choudhury et al, 2008) surveillance-based security, context-aware computing and, in particular, Ambient Assistive Living or AAL. As a result of the wave of intensive investigation, there have seen a plethora of impressive works on sensor-based activity recognition in the past several years. References to and summaries of these works is given in the survey by Chen et al. (2012). Applications range from sports, through mobile gaming, information retrieval, and personal healthcare to industrial work support. For example, monitoring certain activities can support therapy in areas ranging from cardiovascular diseases to psychiatric disorders and cognitive disabilities. A particular example is the detection of stress via smartphones and the monitoring of bipolar disorder (Bauer and Lukowicz, 2012; Grünerbl et al, 2012). Activity based support (automatically showing correct manual pages, pointing out mistakes) can speed up industrial maintenance tasks by a significant factor. One of the main topics is location-based applications aiming to respond to users’ whereabouts and to the activities normally associated with them (e.g. shop-shopping, restaurant-seating or ordering). Ongoing research on electromagnetic localization in indoor spaces (Pirkl and Lukowicz, 2012) makes identification possible even in the absence of smart devices, pointing towards a possibility of ubiquitous sensing that does not require user interaction. III.12.3

Wearable sensor-based activity monitoring

The core of wearable activity recognition work is based on motion sensors (such as accelerometers, gyros, IMUs magnetic hand trackers) affixed to different body parts e.g. Van Laerhoven and Cakmakci (2000), Mantyjarvi et al. (2001). Accelerometers (found e.g. in smart phones and mobile devices) are often used in composition, where each accelerometer provides information about the orientation and movement of a corresponding body part. Lukowicz et al (2004) recognize workshop activities using body worn microphones and accelerometers. GPS sensors provide another widely used sensor tool for the monitoring of locationbased activities in open pervasive and mobile environments, starting with the work of Patterson et al. (2003). A huge body of work has demonstrated the recognition of a variety of activities and situations from fall detection (Chen et al, 2006), through modes of locomotion recognition (Junker et al, 2004), exercise support (Muehlbauer et al, 2011) to tracking complex processes such as car maintenance (Stiefmeier et al, 2008). Even when attaching sensors to several body parts is practicable, purely motionbased approaches are often limited by ambiguity of human actions. Thus, the same arm movement may be used to pick something from the table and switch on a light. To address this point a variety of additional sensors were investigated. Examples include:     

Arm worn RFID readers (Smith et al, 2005) or body worn cameras (Kurata et al, 2004) to detect the object with which the user is interacting, Force sensitive resistors (FSRs) providing more details about muscle activity (Amft et al, 2006). Active capacitive sensing to detect swallowing (Cheng et al, 2010) or to monitor finger motions through the analysis of muscle activity in the wrist (Cheng et al, 2012) Various approaches to analysing sound including body sound caused by swallowing (Amft and Tröster, 2006) or muscle motions. Inclusion of physiological sensors such as pulse or GSR, pulse or breathing as background information. All of the above have been shown to improve recognition in specific scenarios (Maurer et al, 2006).

In summary, current state of the art in wearable activity recognition is dominated by the tradeoffs between how obtrusive the system is to the user (mostly due to the need to place many devices on the body) and how much information it provides. A newly starting project (“SimpleSkin”) led by Lukowicz and perfomed in collaboration with Schmidt, Amft and others addresses these issues in the context of new innovative capacitive textile sensors woven into garments and utilized in a flexible “Garment-OS” for software configuration and data extraction. Backgrounds include previous work in DFKI on textile active capacitive 37

www.aal-europe.eu, http://www.icta.ufl.edu/gt.htm, http://awarehome.imtc.gatech.edu, http://cswww.essex.ac.uk/iieg/idorm.htm

Page 110 of (133)

http://architecture.mit.edu/house_n, http://www.inhaus.fraunhofer.de, http://domus.usherbrooke.ca,

http://www.smart-society-project.eu/

Deliverable D1.1

sensors (Cheng et al, 2010), with textile pressure sensors (Meyer et al, 2006) and with the use of FSRs for muscle activity monitoring and interpretation (Junker et al, 2004). Activity recognition based on motion sensors [Ward et al. 2006] will be the basis for utilizing different ways of sensing posture and body parts motion. Extensive experience with sensor fusion for activity recognition (Roggen et al, 2009) will be the basis for developing methods for using multimodal information from the universal sensing textiles. III.12.4 III.12.4.1

Various aspects of activity recognition Dense Sensing-Based Activity Monitoring

Dense sensing-based activity monitoring refers to the practice that sensors are attached to objects and activities are monitored by detecting user–object interactions. The approach is based on the real-world observation that activities are often best characterized by the objects that are manipulated during users’ actions. A simple indication of an object being used can often provide powerful clues about the activity being undertaken. Dense sensing-based activity monitoring has been widely adopted in AAL, via the smart home paradigm (e.g. Chan et al, 2008, Nugent, 2010). III.12.4.2

Modeling, Data Mining and Knowledge-driven Approaches

Sensory data are difficult to handle and sensor data analysis is a whole separate domain. Data-driven activity modeling can be classified into two main categories: generative (e.g. Bayesian or Markov, attempting to generate similar patterns to those observed) and description based (essentially based on machine learning and data mining, e.g. using neural networks or clustering). Again the difference is that of top down (model driven) or bottom up (data driven). An approach of particular interest is knowledge-driven activity modeling, motivated by the observation that for most situations, the list of objects required for a particular activity is highly limited and functionally related. Even if the activity can be performed in different ways, the number and type of the involved objects do not vary significantly. For example, we see that the activity “making coffee” consists of a sequence of actions involving a coffee pot (or a mug), hot water, a cup, coffee, sugar, and milk, and so on; the activity “brush teeth” contains actions involving a toothbrush, toothpaste, water tap, cup, and towel, and in a more or less rigid order. Such “workflows” assume a prior knowledge of the goal-directed action. Where such knowledge is not available, a post-hoc activity workflow reconstruction akin to plan recognition (Gal et al, 2012) is necessary. The modular nature of tasks is central to both approaches, adding to the similarity. (Note, however, the complementarity: plan recognition enters where workflow modeling fails.) Humans have different lifestyles, habits, or abilities, and they may perform various activities in different ways. This implies several research problems on identity, hierarchy/subsumption, and implicit relations between entities and contexts. Also knowledge structures can be modeled and represented in different forms, such as schemas, rules, or networks, or even – using a different approach – ontologies. III.12.4.3

Complex Activity Recognition

Recent work on activity recognition has mainly focused on simplified use scenarios involving single-user single-activity recognition. In real-world situations, human activities are involved in complex tasks however. Using a mixture of direct sensing and knowledge-based (or ontology-based, (Chen et al, 2004)) approaches, the research on complex activities and workflows promises an efficient recognition and control of various new contexts such as car assembly lines and health care tasks (nursing, cooking in AAL situations, e.g. Blasco (2013) etc.). Identification of complex activities is often helped by available classification systems such as the International Classification of Functioning, Disability and Health of the WHO (Üstün et al 2003; WHO, 2007). Using advanced acceleration sensors mounted on limbs, gait and arm movements, and even positional information can be identified. This becomes particularly important in the new field of workflow analysis – such as working in a car assembly line, or in a hospital nursing and care situation. Textile based capacitive sensors can easily identify (or distinguish) complex bodily functions as gasping or grabbing using machine learning classification of characteristic records. © SmartSociety Consortium 2013 - 2017

Page 111 of (133)

Deliverable D1.1

Within Pervasive Computing the recent focus is on context awareness and its applications, as discussed below. Accordingly, Socially Interactive Computing is driven by the vision of extending the notion of context awareness from a “single user single systems” to systems that interact with humans at community level, effectively combining aspects of pervasive computing, activity recognition, and social networking. III.12.4.4

Intent or Goal Recognition

Classical activity recognition is a bottom-up approach starting from the sensor data, discovering the class of activity and ideally identifying the purposes of the user. An emerging trend is to adopt a complementary, topdown approach (Chen et al, 2012) to 1) recognize or discover the intent or goal of a user, 2) identify the activities that can achieve the goal, 3) monitor the user’s behavior including his/her performed actions, 4) decide whether the user is performing the appropriate actions in terms of the activity model and the monitored behavior, and 5) provide personalized context-aware interactions or assistance when needed. Workflow models discussed above provide a nature sandbox for this research. Goals can be either explicitly given, such as in an industrial workflow, or learnt from domain context as in social situations. Activities should be predefined in some flexible way and linked to specific goals. Once a goal is specified or identified, applications can instruct/remind users to perform the corresponding activity or correct behavior. III.12.5

Context recognition and context awareness

In computer science and human-computer interactions, “context” is understood in the narrow form as a description of the way humans locate their experience within their whole environment, to give it meaning. Environmental state, making sense or giving meaning to a given situation is described by state markers (typically provided by sensors or other user-specific information sources, such as e.g. cell position in a cellular phone network). Context aware devices may also try to make assumptions about the user's current situation. Dey (2001) defines context as "any information that can be used to characterize the situation of an entity." For example, a context aware mobile phone application may know that it is (presumably together with the user) currently located in a meeting room, and that the user has sat down. The phone may thus conclude that the user is currently at a meeting and should reject any unimportant calls (Schmidt et al, 1999; Schmidt, Beigl and Gellersen 1999; Lukowicz et al, 2010). In the architecture of a context-aware system, context design is carried out by modeling the elements that affect the knowledge/services/actions that have to be made available to the user at run-time, when a context becomes active, in order to (a) adapt interfaces, (b) tailor the set of application-relevant data, (c) increase the precision of information retrieval, (d) discover services, (e) make the user interaction implicit, and (f) build smart environments (Bolchini et al, 2007). In the recent SOCIONICAL project (Wirz et al, 2012) the aim was to achieve crowd management via the use of smartphones in the context of decentralized sensing of collective behaviors in human groups. The project has resulted in an App, which was deployed and successfully used at various public events including the Dutch coronation ceremony. Widyawan et al (2012) envision a Virtual lifeline by multimodal sensor data fusion for navigation in unknown environments, made possible by a synthesis of various activity recognition and context sensing methods and modalities. III.12.5.1

References

J. K. Aggarwal and M. S. Ryoo (2011), Human Activity Analysis: A Review, ACM Computing Surveys (CSUR), 43(3). H. Alemdar and C. Ersoy (2010) Wireless sensor networks or healthcare: A survey,” Comput. Netw., vol. 54, no. 15, pp. 2688–2710. Amft O, Junker H, Lukowicz P, Troster G and Schuster C. (2006): Sensing muscle activities with body-worn sensors. In: International Workshop on Wearable and Implantable Body Sensor Networks. Amft, O. and Tröster, G. (2008) Recognition of dietary activity events using on-body sensors. Artif Intell Med, 42(2), pp. 121-136. Amft, O. & Tröster, G (2006): Methods for Detection and Classification of Normal Swallowing from Muscle Activation and Sound. PHC 2006: Proceedings of the First International Conference on Pervasive Computing Technologies for Healthcare, ICST, IEEE digital library, pp. 1-10. Atallah L, Lo B, King R, GuangMZhong Yang (2010). Sensor Placement for Activity Detection Using Wearable Accelerometers In: Body Sensor Networks (BSN), 2010 International Conference on, 24- 29. Bannach D, Lukowicz P, Amft O. (2008): Rapid Prototyping of Activity Recognition Applications In: Pervasive Computing, IEEE , vol.7(2), 22-31.

Page 112 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Gerald Bauer; Paul Lukowicz (2012): Can smartphones detect stress-related changes in the behaviour of individuals? In: PerCom Workshops'12. IEEE International Conference on Pervasive Computing and Communications (PerCom-2012), March 19-23, Lugano, Switzerland, Pages 423-426, ISBN 978-1-4673-0258-6, IEEE. Blasco, R. 2013: Smart Kitchen for Ambient Assisted Living, PhD Thesis, University of Zararoza. Bolchini, C., Curino, C. A., Quintarelli, E., Schreiber, F. A., & Tanca, L. (2007). A data-oriented survey of context models. ACM Sigmod Record, 36(4), 19-26. M. Chan, D. Este`ve, C. Escriba, and E. Campo (2008): A review of smart homes—present state and future challenges, Comput. Methods Programs Biomed., vol. 91, no. 1, pp. 55–81. D. Chen, J. Yang, and H. D. Wactlar (2004): Towards automatic analysis of social interaction patterns in a nursing home environment from video, in Proc. 6th ACM SIGMM Int. Workshop Multimedia Inf. Retrieval, pp. 283–290. Liming Chen; Hoey, J.; Nugent, C.D.; Cook, D.J.; Zhiwen Yu (2012): Sensor-Based Activity Recognition, IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, (Volume:42 , Issue: 6 ), Page(s): 790 – 808. Jingyuan Cheng; Oliver Amft; Paul Lukowicz (2010): Active Capacitive Sensing: Exploring a New Wearable Sensing Modality for Activity Recognition. In: Proceedings of 8th International Conference on Pervasive Computing. International Conference on Pervasive Computing (Pervasive-10), 8th, May 17-20, Helsinki, Finland, Pages 319-336, Lecture Notes in Computer Science (LNCS), Vol. 6030, Springer. Jingyuan Cheng; Gernot Bahle; Paul Lukowicz (2012): A Simple Wristband Based on Capacitive Sensors for Recognition of Complex Hand Motions. In: Proceedings of the 2012 IEEE Conference on Sensors. IEEE Conference on Sensors (SENSORS-12), October 28-31, Taipei, Taiwan. T. Choudhury, S. Consolvo, and B. Harrison (2008): The mobile sensing platform: An embedded activity recognition system,” IEEE Pervasive Com- put., vol. 7, no. 2, pp. 32–41. Dey, A. K. (2001). Understanding and using context. Personal and ubiquitous computing, 5(1), 4-7. D. Ding, R. A. Cooper, P. F. Pasquina, and L. Fici-Pasquina, (2011): Sensor technology or smart homes,” Maturitas, vol. 69, no. 2, pp. 131–136. Gal, Y., Reddy, S., Shieber, S. M., Rubin, A., & Grosz, B. J. (2012). Plan recognition in exploratory domains. Artificial Intelligence, 176(1), 2270-2290. Agnes Grünerbl; Gernot Bahle; Jens Weppner; Patricia Oleksy; Christian Haring; Paul Lukowicz (2012): Towards Smart Phone Based Monitoring of Bipolar Disorder. In: mHealthSys '12: Proceedings of the Second ACM Workshop on Mobile Systems, Applications, and Services for Healthcare. ACM Conference on Embedded Network Sensor Systems (SenSys-2012), 10th, November 6-9, Toronto, ON, Canada, ACM. D. Helbing; S. Balietti; S. Bishop; Paul Lukowicz (2011): Understanding, creating, and managing complex techno-socio-economic systems: Challenges and perspectives. In: The European Physical Journal - Special Topics, Vol. 195, Pages 165-186, Springer, Berlin / Heidelberg. International classification of functioning, disability and health: children & youth version: ICF-CY. World Health Organization, 2007 Junker H, Lukowicz P, Tröster G. (2004): Locomotion Analysis using a Simple Feature Derived from Force Sensitive Resistors In: Proceedings on Biomedical Engineering, Kaptelinin, V., & Nardi, B. A. (2006). Acting with technology. Mit Press. Chen J, Kwong K, Chang D, Luk J, Bajcsy R. (2006): Wearable Sensors for Reliable Fall Detection In: Engineering in Medicine and Biology Society, 2005. IEEE-EMBS 2005. 27th Annual International Conference of the, 3551-3554, Kurata T, Sakata N, Kourogi M, Kuzuoka H, Billinghurst M. (2004): Remote collaboration using a shoulder-worn active camera/laser In: Wearable Computers, 2004. ISWC 2004. Eighth International Symposium on, 62- 69. P. Lukowicz, J. A. Ward, H. Junker, and T. Starner (2004): Recognizing workshop activity using body worn microphones and accelerometers, Proc. Pervasive Comput., pp. 18–23. Paul Lukowicz; Oliver Amft; Daniel Roggen; Jingyuan Cheng (2010): On-Body Sensing: From Gesture-Based Input to ActivityDriven Interaction. In: IEEE Computer, Vol. 43, No. 10, Pages 92-96. Paul Lukowicz; S. Pentland; A. Ferscha (2012): From context awareness to socially aware computing. In: IEEE Pervasive Computing, Vol. 11, No. 1, Pages 32-41. Mantyjarvi J, Himberg T, Seppanen and N.R. Center (2001): Recognizing human motion with multiple acceleration sensors. In: Systems, Man, and Cybernetics, 2001 IEEE International Conference on, vol.2, 2001. Maurer U, Smailagic A, Siewiorek DP. and Deisher M. (2006): Activity recognition and monitoring using multiple sensors on different body positions. In: Wearable and Implantable Body Sensor Networks, 2006. BSN 2006. International Workshop on. Meyer J, Lukowicz P, Tröster G. (2006): Textile Pressure Sensor for Muscle Activity and Motion Detection In: Wearable Computers, 2006 10th IEEE International Symposium on, 69-72. Muehlbauer M, Bahle G, Lukowicz P. (2011) What Can an Arm Holster Worn Smart Phone Do for Activity Recognition? In: Wearable Computers (ISWC), 2011 15th Annual International Symposium on, 79-82. C. D. Nugent (2010): Experiences in the development of a smart lab, Int. J. Biomed. Eng. Technol., vol. 2, no. 4, pp. 319–331. Schmidt, A., Aidoo, K. A., Takaluoma, A., Tuomela, U., Van Laerhoven, K., & Van de Velde, W. (1999). Advanced interaction in context. In Handheld and ubiquitous computing (pp. 89-101). Springer Berlin Heidelberg. Schmidt, A., Beigl, M., & Gellersen, H. W. (1999). There is more to context than location. Computers & Graphics, 23(6), 893-901. Smith J R, Fishkin K P, Jiang B, Mamishev A, Philipose M, Rea A D, Roy S and Sundara-Rajan K. (2005): RFID-based techniques for human-activity detection In: Communications of the ACM - Special issue: RFID, vol.48(9), 39-44. Stiefmeier T, Roggen D, Tröster G, Ogris G, Lukowicz P. (2008): Wearable Activity Tracking in Car Manufacturing In: Pervasive Computing, IEEE , vol.7(2), 42-50, G. Ogris, P. Lukowicz, T. Stiefmeier, and G. Tröster (2012): Continuous activity recognition in a maintenance scenario: combining motion sensors and ultrasonic hands tracking. Pattern Analysis & Applications, pages 1–25. A. Pantelopoulos and N. G. Bourbakis (2010): A survey on wearable sensor-based systems for health monitoring and prognosis, IEEE Trans. Syst., Man, Cybern. C, Appl. Rev., vol. 40, no. 1, pp. 1–12.

Page 113 of (133)

Deliverable D1.1

D. J. Patterson, L. Liao, D. Fox, and H. Kautz (2003): “In erring high-level  behavior from low-level sensors,” in Proc. 5th Conf. Ubiquitous Comput., pp. 73–89. Gerald Pirkl; Paul Lukowicz (2012): Robust, low cost indoor positioning using magnetic resonant coupling. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing. International Conference on Ubiquitous Computing (Ubicomp-2012), 14th, September 5-8, Pittsburgh, PA, USA, Pages 431-440, ISBN 978-1-4503-1224-0, ACM. Roggen D, Forster K, Calatroni A, Holleczek T, Yu Fang, Tröster G, Lukowicz P, Pirkl G, Bannach D, Kunze K, Ferscha A, Holzmann C, Riener A, Chavarriaga R, del R. Millan J (2009): OPPORTUNITY: Towards opportunistic activity and context recognition systems In: World of Wireless, Mobile and Multimedia Networks & Workshops, 2009. WoWMoM 2009. IEEE International Symposium on a, 1-6. Üstün, T. B., Chatterji, S., Bickenbach, J., Kostanjsek, N., & Schneider, M. (2003). The International Classification of Functioning, Disability and Health: a new tool for understanding disability and health. Disability & Rehabilitation, 25(11-12), 565-571. Van Laerhoven K and Cakmakci O. (2000). What shall we teach our pants? In: Wearable Computers, The Fourth International Symposium on, 77–83. Ward J A, Lukowicz P, Tröster G, Starner T E. (2006): Activity Recognition of Assembly Tasks Using Body-Worn Microphones and Accelerometers In: Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol.28 (10), 1553-1567. Ward, J.A., P. Lukowicz, G. Troster, and T.E. Starner (2006). Activity recognition of assembly tasks using body-worn microphones and accelerometers. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 28(10):1553–1567. M. Weiser (1991): The computer for the twenty-first century, Scientific Amer., vol. 265, no. 3, pp. 94–104. Widyawan; Gerald Pirkl; Daniele Munaretto; Carl Fischer; Chunlei An; Paul Lukowicz; Martin Klepal; Andreas Timm-Giel; Joerg Widmer; Dirk Pesch; Hans Gellersen (2012): Virtual lifeline: Multimodal sensor data fusion for robust navigation in unknown environments. In: Pervasive and Mobile Computing, Vol. 8, No. 3, Pages 388-401. Martin Wirz; Tobias Franke; Daniel Roggen; Eve Mitleton-Kelly; Paul Lukowicz; Gerhard Troster (2012): Inferring Crowd Conditions from Pedestrians' Location Traces for Real-Time Crowd Monitoring during City-Scale Mass Gatherings. In: Proceedings of the 2012 IEEE 21st International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. 21st, June 25-27, Toulouse, France, Pages 367-372, WETICE '12, ISBN 978-0-7695-4717-6, IEEE Computer Society.

III.13

P2P Search

Alethia Hume III.13.1

Introduction

Search, in information technology systems, is a topic that has been extensively studied. In particular, in the Smart Society Project we aim at using search approaches to find peers that match with a given set of characteristics including their availability, resources, skills and knowledge. In this sense, we see a relation with p2p search, which studies the problem of finding candidate peers that may have a desired content object, e.g., a desired file in a file sharing application or a shared resource in collaborative applications. P2P search approaches propose a number of techniques in order to address highly dynamic scenarios with independent and autonomous peers, which can have unpredictable behavior, different levels of reliability (i.e., they can fail at any point in time) as well as different (and variable) capabilities. They were popularized mostly by content sharing systems, in particular digital data sharing (e.g., files, web pages and others). We give an overview of different p2p search types in the following section, for more detailed discussion the reader is referred to (Risson and Moors, 2006). III.13.2

Types of P2P search

Different dimensions can be used to classify P2P search approaches. According to the precision of the process followed during search, we broadly classify them between unstructured, structured and semistructured. III.13.3

Unstructured Search

One type of unstructured search is one that stores all the information about the characteristic of peers in a centralized index. In fact, an application can benefit from building a centralized index because they can solve complex queries, they have full control over the information that is available in the network and the cost (both in terms of latency and traffic load) of indexing and querying are minimum. An example of this is Napster (n.d.), which stores information about the content of peers in a central directory. On the other hand, this approach is not scalable; it shows a single point of failure and a single source of trust (i.e., the central server), which can raise some concerns related to privacy policies of the system.

Page 114 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

An approach is also called unstructured when the search does not follow a precise rule (e.g., Gnutella n.d.). In general, each peer maintains a list of randomly selected neighbor peers, used to propagate search requests or advertisements (i.e., information about what can be provided by a peer). Then, different mechanisms like flooding, random walks or gossiping are used for the propagation. With this type of approaches, all the peers can potentially get to know what all the other peers are able to provide. However, such knowledge come with a high cost in terms of traffic load and becomes unmanageable. To address the scalability problem and to guarantee the termination of the algorithm, some approaches limit the number of times that an advertisement, or query, is forwarded. This results in a random sampling of the available information, which means that the search can only provide a best-effort solution and cannot guarantee that all relevant peers will be found. III.13.4

Structured Search

Structured P2P search uses Distributed Hash Tables (DHTs) to store and retrieve information. DHTs allow indexing pairs of ⟨key, value⟩, each peer and value in the DHT have a unique identifier called key. Then, each indexed pair is stored at the node that is closer (by key) in the network. Search follows a deterministic process to retrieve the value associated with a given key. In general, the idea of using DHTs works under the assumption that the data can be clustered based on some common characteristics (i.e., keys). Therefore, they can be useful when working with structured data (Cai and Frank, 2004; Giunchiglia and Hume, 2013; Kaodi et al, 2008). Some well-known examples of DHTs are CAN, Chord, Kademlia, Pastry and Tapestry (see Sarmady (2010) for a survey). They are known for their scalability and they can guarantee the location of the information in the network. A limitation of DHTs is that they are designed to index values (i.e., objects) that are represented by a single attribute (i.e., the key). We also need to know the exact key in order to retrieve the indexed value. As a consequence, they are not efficient to perform search of range queries or queries based on multi-attribute descriptions. Moreover, the approximate matching of the searched keys might be needed, for example when we have only an approximate description of the searched element. There are some techniques that can be used to perform multi-keyword search over DHTs, but they can be very expensive in terms of required storage and generated traffic (e.g., see Li et al, 2003). III.13.4.1

Semi-structured Search

Semi-structured approaches use clustering techniques to group and link peers with similar characteristics (Bawa et al, 2003; Cohen et al, 2003; Spripanidkulchai, 2003). The goal behind this idea is to add more structure to the search in order to improve scalability, while maintaining flexibility of unstructured approaches. Upon the arrival of a query, first, the most relevant group to answer the query is searched and then, the peers that can actually answer the query are only searched in that group. When the clustering technique takes into consideration the semantics of the peers, we say that the approach is based in a semantic topology (Crespo, 2002; Giunchiglia et al, 2001; Haaase et al, 2004; Haase, Siebes and Harmelen, 2004; Joseph, 2002; Nejdl, 2002; Xiao and Cruz, 2006; Zhuge et al, 2005). The semantics of a peer refers to understanding what the peer can contribute to the particular application scenario. Some approaches rely on global schemes or a shared ontology to achieve interoperability between the semantics of different peers. For example, a semantic link p2p topology is built by computing the semantic relations between peers’ data schemas in Zhuge (2005). The routing of queries is based on semantic similarity of peers, and queries are reformulated using a schema-mapping algorithm. On the other hand, in the Semantic Flooding approach (Giunchiglia et al, 2009) each peer has classification hierarchies that codify its interest profile. A semantic overlay is built by computing the semantic relation between concepts encoded by the nodes in the classifications of different peers. This semantic overlay is used to forward search requests to relevant peers. In Xiao and Cruz (2006), a data management system is presented, where search is based on ontology mapping and query processing. There are also other solutions that build hierarchical structures by combining clustering techniques with DHTs (Ganesan et al, 2004; Garcés-Erice et al, 2003; Janakiram et al, 2011). These solutions can be useful to build hybrid (and more flexible) approaches by applying different search methods in the different levels of the hierarchy. Semantic information has also been introduced in hierarchical approaches (Guinchiglia et al, 2009; Janakiram et al, 2011, Tang et al, 2003). For example, in Janakiram et al (2011), a two-layered architecture distinguishes between a global (or universal) layer and a community layer. The global layer has © SmartSociety Consortium 2013 - 2017

Page 115 of (133)

Deliverable D1.1

a universal knowledge base that is used to represent the characteristics of the different communities. At the community layer, each community maintains its own background knowledge, which can evolve independently from others and is used to achieve interoperability between the peers in that community. The global layer is used to find the best community to answer a query, while the responses to the query are searched inside the relevant community. This approach envisions mainly human peers and uses the communities to group the peers with similar interests. The idea behind the distinction of the two layers is to incorporate the awareness of the diversity in terms of knowledge of peers into the search. III.13.5

Beyond the State of the Art

Some challenges that can be identified regarding p2p search, in the context of HDA-CAS are as follows:  As we mentioned before, the unpredictability of peers is taken into consideration by existing p2p search approaches. Some system specific techniques distinguish between categories of more or less stable peers. In HDA-CAS we need to analyze if peers may show patterns in their behavior and if different patterns can be associated to the same peer in different context. For example, a peer connected from a smart-phone might be idle when it is at home or office but very active while it is traveling. This information can be useful to understand the level of interaction (attention) that we can expect from the peer or the availability of some of its resources (for example, its capacity to perform a computational task).  Existing applications are, to some extend, aware of the heterogeneity of peers in terms of their capacities, type of content and knowledge. We need to investigate how the heterogeneity in different dimensions of agents in HDA-CAS influences the profiling and matching of peers and tasks.  P2P systems, and search approaches, are aware of the fact that peers content can change in time (i.e., evolve). In fact, the network itself can evolve as a consequence of peers leaving and joining the network. We need to analyze if and how the techniques that are used in p2p systems to deal with changes can be applied (or mapped) to the evolutionary characteristic of agents in HDA-CAS.  How the collectives from CAS differentiate from individuals in the search model. Can we profile collective in the same way in which individuals are profiled? What are the main differences?  In terms of compositionality, we need to study the differences between the composition of data (which is considered by p2p search approaches) and composition of tasks that need to be performed in HDA-CAS.  In particular, in Smart Society, we need to investigate how the interaction between human and machine peers can influence the search process. Are some tasks that should be allocated to machine peers? Can the human peers (or collective of human peers) participate in the search algorithm through some social computation of the peers able to perform a given task?

III.13.6

References

Napster. http://en.wikipedia.org/wiki/Napster. Gnutella. http://en.wikipedia.org/wiki/Gnutella. Bawa, M., Manku, G., & Raghavan, P. (2003) SETS: Search enhanced by topic segmentation. : Proceedings of The 26th Annual International ACM SIGIR Conference, pp. 306-313. Cai, M. & Frank, M. (2004) RDFPeers: a scalable distributed RDF repository based on a structured peer-to-peer network. : Proceedings of the 13th international conference on World Wide Web, pp. 650--657. Cohen, E., Kaplan, H., & Fiat, A. (2003) Associative search in peer to peer networks: Harnessing latent semantics. : Proceedings of IEEE INFOCOM. Crespo, A. & Garcia-Molina, H. (2002) Semantic Overlay Networks for P2P Systems. Ganesan, P., Gummadi, K., & Garcia-Molina, H. (2004) Canon in G major: designing DHTs with hierarchical structure. : Distributed Computing Systems, 2004. Proceedings. 24th International Conference on, pp. 263 - 272. Garcés-Erice, L., Biersack, E. W., Felber, P., Ross, K. W., & Urvoy-Keller, G. (2003) Hierarchical Peer-to-Peer Systems. : Euro-Par, pp. 1230-1239. Giunchiglia, F. & Hume, A. (2013) A Distributed Entity Directory. Giunchiglia, F., Kharkevich, U., & Hume, A. (2011) Semantic Flooding: Semantic Search across Distributed Lightweight Ontologies. : World Wide Web, pp. 1-19 Giunchiglia, F., Kharkevich, U., & S.R.H. Noori Noori, S. (2009) P2P Concept Search: some preliminary results. Haase, P., Broekstra, J., Ehrig, M., Menken, M., Mika, P., Plechawski, M., Pyszlak, P., Schnizler, B., Siebes, R., Staab, S., & Tempich, C. (2004) Bibster - A Semantics-Based Bibliographic Peer-to-Peer System. : Proceedings of the 3rd ISWC, pp. 122-136. Haase, P., Siebes, R., & Harmelen, F. V. (2004) Peer selection in peer-to-peer networks with semantic topologies. : Int. Conference on Semantics of a Networked World: Semantics for Grid Databases.

Page 116 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Janakiram, D., Giunchiglia, F., Haridas, H., & Kharkevich, U. (2011) Two-layered architecture for peer-to-peer concept search. : 4th International Semantic Search Workshop. Joseph, S. (2002) NeuroGrid: Semantically Routing Queries in Peer-to-Peer Networks. : Proc. Intl. Workshop on Peer-to-Peer Computing, pp. 202--214. Kaoudi, Z., Miliaraki, I., & Koubarakis, M. (2008) RDFS Reasoning and Query Answering on Top of DHTs. : Proceedings of the 7th International Conference on The Semantic Web, pp. 499--516. Li, J., Thau, B., Joseph, L., Hellerstein, M., & Kaashoek, M. F. (2003) On the Feasibility of Peer-to-Peer Web Indexing and Search. : 2nd International Workshop on Peer-to-Peer Systems (IPTPS 2003). Nejdl, W., Wolf, B., Qu, C., Decker, S., Sintek, M., Naeve, A., Nilsson, M., Palmer, M., & Risch, T. (2002) Edutella: A P2P networking infrastructure based on RDF. : Proceedings of WWW'02. Risson, J. & Moors, T. (2006) Survey of research towards robust peer-to-peer networks: Search methods. : Computer Networks, Vol. 50, pp. 3485--3521. Sarmady, S. (2010) A Survey on Peer-to-Peer and DHT. : CoRR, Vol. abs/1006.4708. Spripanidkulchai, K., Maggs, B., & Zhang, H. (2003) Efficient content location using interest-based locality in peer-to-peer systems. : Proceedings of IEEE INFOCOM, Vol. 3, pp. 2166-2176. Tang, C., Xu, Z., & Dwarkadas, S. (2003) Peer-to-peer information retrieval using self-organizing semantic overlay networks. : Proceedings of ACM SIGCOMM, pp. 175-186. Xiao, H. & Cruz, I. F. (2006) Ontology-based Query Rewriting in Peer-to-Peer Networks. : Proceedings of the 2nd Int. Conf. on Knowledge Engineering and Decision Support, pp. 11-18. Zhuge, H., Liu, J., Feng, L., Sun, X., & He, C. (2005) Query Routing In a Peer-To-Peer Semantic Link Network. : Computational Intelligence, Vol. 21, pp. 197-216.

III.14

Programming models & languages for Socio-technical systems

Hong-Linh Truong and Schahram Dustdar III.14.1

Introduction

Within social-technical systems of machines and humans, the capabilities to “program” different applications solving complex and diverse types of tasks by using combined computation powers from machines and humans are crucial. Generally, programming models, languages, and frameworks for programming applications atop social-technical systems might offer different features at different levels of abstraction. In this section, we discuss the state of the art on programming models and languages relevant to hybrid collective adaptive systems of machines and humans. The state of the art presented in this report substantially extends our discussion on state of the arts in previous works (Truong et al, 2013; Dustdar and Truong, 2012; Description of Work, 2013) III.14.2 III.14.2.1

State of the art Modeling humans and machines as computation units

In order to take into account humans and machines capabilities into applications, the question of how to model humans and machines as computation units is crucial. For machine capabilities, several abstractions have been developed. In particular, in the context of today internet-scale social-technical systems, the computing service model plays a crucial role. Basically, the service model can enable well-defined interfaces for us to access diverse types of resources. Furthermore, cloud provisioning models (Mell and Grance, 2011), such as software-as-a-service, pay-per-use and elasticity, enable dynamically, elastically utilization of different types of computational resources. Tai et. al outlined several research questions in cloud service engineering to support “everything is a service” in which services can be provided/integrated from different providers and charged based on different costs and values (Tai et al, 2012) . The service unit concept (Tai et al, 2010) is a powerful abstraction for modeling humans and machines as computation units. Such concepts and models are well supported today for machines via software as a service, etc. However, they are not well supported for humans and the combination of units of humans and software. The Human-provided Service (HPS) model (Schall et al, 2008) is one of the few works that introduces techniques and frameworks for humans to specify their capabilities using Web services interfaces. It, however, aims at modeling capabilities associated with individuals. Recently, the concept of Social Compute Unit (SCU) (Dustdar and Bhattacharya, 2011) represents a collection of individuals working together in a team manner. SCU should be formed, utilized and dissolved on-demand based on pay-per-use principles. Truong et al. further conceptualize clouds of human-based services (Truong et al, 2012; Truong et al, 2013). Such recent developments provide foundations for the modeling of machines and humans as (collective) computation units for the programming models and languages in SmartSociety. © SmartSociety Consortium 2013 - 2017 Page 117 of (133)

Deliverable D1.1

ÂŠ SmartSociety Consortium 2013 - 2017 III.14.2.2

APIs accessing human and machine capabilities

While modeling humans and machines provide an abstraction for accessing humans and machine capabilities, programming frameworks and languages must access such capabilities via APIs to enable programming features. APIs are quite common and well-understood means for programming applications. Contemporary systems focus only on software-based services. Several frameworks for engineering technical systems based on different IaaS, PaaS and SaaS, such as Aneka0 (Rodrigo et al, 2012) and BOOM (Alvaro et al, 2010) have been introduced. Generally, they utilize software-based cloud resources via different sets of APIs, such as JClouds38, Boto39, and OpenStack40, to develop applications under different programming models, such as MapReduce and dataflows. These frameworks do not consider service units consisting of software-based services (SBS) and human-based services (HBS). In fact, to date, APIs developed for accessing human capabilities are still under development. Some crowd platforms, such as MTurks41, provide APIs for publishing tasks and executing tasks but they are not focused on APIs for negotiating, acquiring, and interacting with human-based units. A recent work in the context of the Smart Society focuses on APIs for accessing clouds of human-based services. Further development in this direction will need to be investigated. III.14.2.3

Programming frameworks

Most clouds of SBS offer different possibilities to acquire SBS on-demand. However, researchers have not devoted similar efforts for HBS. A common way to utilize human capabilities is to exploit human computation programming frameworks, e.g. Crowdforge (Kittur et al, 2011) and TurKit (Little et al, 2009) and Jabberwocky framework (Ahmad et al, 2011), for utilizing crowds for solving complex problems (Brew et al, 2010; Doan et al, 2011). However, these works do not consider how to integrate and virtualize software in a similar manner to that for humans. As we have analyzed, current support can be divided in three approaches (Dustdar et al, 2012): (i) using plug-ins to interface to human, such as BPEL4People (WBPEL4People, 2009) or tasks integrated into SQL processing systems (Marcus et al, 2011), (ii) using separate crowdsourcing platforms, such as MTurk (Amazon mechanical turk, 2011), and (iii) using workflows, such as Turkomatic (Kulkarni et al, 2011). A drawback is that all of them consider humans individually and human capabilities have not been provisioned in a similar manner like software capabilities. They lack capabilities to support diversity and collectivity w.r.t the combination of machines and humans in a single collective unit. As a result, an application must split tasks into sub-tasks that are suitable for individual humans, which do not collaborate to each other, before the application can invoke humans to solve these sub-tasks. Furthermore, the application must join the results from several sub-tasks and it is difficult to integrate work performed by software with work performed by humans. This is not trivial for the application when dealing with complex problems requiring human capabilities. In terms of communication models and coordination models, existing models also support messages push/pull/mediator but they are platforms/middleware built-in rather than reusable programming primitives of programming models. III.14.2.4

Programming languages

Some recent efforts have been devoted for software engineering tools of human services, such as (Dorn and Taylor, 2012), and general-purpose programming languages for human computation, such as CrowdLang (Minder and Bernstein, 2012). While they call for a better software engineering and programming languages support for human-centric systems, they do not address issues related to human services provisioning. However, programming different types of relationships among SBS and HBS are not supported. The developer has to do this on his/her own. Still they cannot program many relationships due to the lack of welldefined programming elements, in particular those related to cost, benefit, quality constraints and to mixed compositions of SBS and HBS. The use of generic â&#x20AC;&#x153;building blocksâ&#x20AC;? abstracting patterns and providing them via APIs to simplify the developer task is well-known. Code generation based on models is also well-

http://www.jclouds.org/ http://boto.s3.amazonaws.com/index.html 40 http://www.openstack.org/ 41 http://docs.aws.amazon.com/AWSMechTurk/latest/AWSMturkAPI/Welcome.html 39

Page 118 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

developed. However, no high-level program constructs and code generation have been proposed for HBS and SBS in cloud environments. III.14.3

Beyond state of the art

Overall, although both humans and software can perform similar work and several complex problems need both of them in the same system, currently there is a lack of programming models and languages for hybrid services of SBS and HBS. The SmartSociety supporting on programming models and languages will address the following points:  Modeling machines and human capabilities as computation units: SmartSociety will take the service unit and cloud provisioning concepts to model machines and human capabilities. To this end, both individual and collective compute units will be abstracted and modeled. We will support individual compute units (ICU), social compute units (SCU) and hybrid compute units (HCU) of software and humans. SmartSociety compute units will be provisioned, utilized and dissolved on demand, based on the concept of “pay-per-use”, in which quality, costs and incentives will be used to form, extend and reduce compute units on the fly. 

APIs: we will provide a unified but extensible set of APIs for provisioning and programming hybrid compute units. These APIs will enable different communication patterns, task assignments and executions, as well as quality, cost and incentives negotiation and enforcements. The APIs will enable the programmer to code their applications to utilize software-based services as well as human-based services in both individual and collective manners.



High-level programming languages and constructs: we develop models for clouds of HBS. Our techniques for virtualizing HBS and programming HBS in a similar way to SBS are different from related work. Such techniques can be used by high-level programming primitives and languages for social computers. Costs and other benefits, such as incentives (Scekic et al, 2013a), will be considered as first-class entities in programming models. Furthermore, high-level programming constructs, such as composition, similarity, and elasticity code patterns, will be developed for hybrid compute units.



Integrated programming frameworks for hybrid, collective compute units of software and humans: the abstraction, APIs and provisioning models for hybrid and collective compute units will be integrated with high-level programming languages and constructs into an integrated programming framework. This framework will enable not only the programming of different compositions of hybrid units for different tasks but also allowing the programming of incentives (Scekic et al, 2013b).

III.14.4

References

WS-BPEL Extension for People (BPEL4People) Specification Version 1.1, November 2009. http://docs.oasisopen.org/bpel4people/bpel4people-1.1-spec-cd-06.pdf. Amazon mechanical turk, 2011. Last access: 27 Nov 2011. Salman Ahmad, Alexis Battle, Zahan Malkani, and Sepander Kamvar. The jabberwocky programming environment for structured social computing. In Proceedings of the 24th annual ACM symposium on User inter ace so tware and technology, UIS ’11, pages 53–64, New York, NY, USA, 2011. ACM. Peter Alvaro, William R. Marczak, Neil Conway, Joseph M. Hellerstein, David Maier, and Russell Sears. Dedalus: Datalog in time and space. In Oege de Moor, Georg Gottlob, Tim Furche, and Andrew Jon Sellers, editors, Datalog, volume 6702 of Lecture Notes in Computer Science, pages 262–281. Springer, 2010. Discription of Work (2013), SmartSociety internal project document. Anthony Brew, Derek Greene, and P´adraig Cunningham. Using crowdsourcing and active learning to track sentiment in online media. In Proceeding of the 2010 conference on ECAI 2010: 19th European Conference on Artificial Intelligence, pages 145–150, Amsterdam, The Netherlands,The Netherlands, 2010. IOS Press. Rodrigo N. Calheiros, Christian Vecchiola, Dileban Karunamoorthy, and Rajkumar Buyya. The aneka platform and qos-driven resource provisioning for elastic applications on hybrid clouds. Future Generation Comp. Syst., 28(6):861–870, 2012. AnHai Doan, Raghu Ramakrishnan, and Alon Y. Halevy. Crowdsourcing systems on the worldwide web. Commun. ACM, 54(4):86– 96, 2011.

Page 119 of (133)

Deliverable D1.1

Christoph Dorn and Richard N. Taylor. Co-adapting human collaborations and software architectures. In Martin Glinz, Gail C. Murphy, and Mauro Pezz`e, editors, ICSE, pages 1277–1280. IEEE, 2012. Schahram Dustdar and Kamal Bhattacharya. The social compute unit. IEEE Internet Computing, 15(3):64–69, 2011. Schahram Dustdar and Hong Linh Truong. Virtualizing software and humans for elastic processes in multiple clouds- a service management perspective. IJNGC, 3(2), 2012. (Not used)John Joseph Horton and Lydia B. Chilton. The labor economics of paid crowdsourcing. In Proceedings of the 11th ACM conference on Electronic commerce, EC ’10, pages 209–218, NewYork, NY, USA, 2010. ACM. Aniket Kittur, Boris Smus, Susheel Khamkar, and Robert E. Kraut. Crowdforge: crowdsourcing complex work. In Proceedings of the 24th annual ACM symposium on User interface software and technology, UIS ’11, pages 43–52, New York, NY, USA, 2011. ACM. Anand P. Kulkarni, Matthew Can, and Bjoern Hartmann. Turkomatic: automatic recursive task and workflow design for mechanical turk. In Proceedings of the 2011 annual conference extended abstracts on Human actors in computing systems, CHI EA ’11, pages 2053–2058, New York, NY, USA, 2011. ACM. Greg Little, Lydia B. Chilton, Max Goldman, and Robert C. Miller. Turkit: tools for iterative tasks on mechanical turk. In Proceedings of the ACM SIGKDD Workshop on Human Computation, HCOMP ’09, pages 29–30, New York, NY, USA, 2009. ACM. Adam Marcus, EugeneWu, David Karger, Samuel Madden, and Robert Miller. Human-powered sorts and joins. Proc. VLDB Endow., 5:13–24, September 2011. Patrick Minder and Abraham Bernstein. Crowdlang: A programming language for the systematic exploration of human computation systems. In Karl Aberer, Andreas Flache, Wander Jager,Ling Liu, Jie Tang, and Christophe Gu´eret, editors, SocInfo, volume 7710 of Lecture Notes in Computer Science, pages 124–137. Springer, 2012. Peter Mell and Tim Grance. The NIST Definition of Cloud Computing, 2009. Alexander J. Quinn and Benjamin B. Bederson. Human computation: a survey and taxonomy of a growing field. In Desney S. Tan, Saleema Amershi, Bo Begole,Wendy A. Kellogg, and ManasTungare, editors, CHI, pages 1403–1412. ACM, 2011. Ognjen Scekic, Hong-Linh Truong, and Schahram Dustdar. Incentives and Rewarding in Social Computing. Communications of the ACM, 2013. Ognjen Scekic, Hong-Linh Truong, and Schahram Dustdar. Programming incentives in information systems. In 25th International Conference on Advanced Information Systems Engineering (CAISE 2013), Valencia, Spain, June 17-21 2013. Daniel Schall, Hong Linh Truong, and Schahram Dustdar. Unifying human and software services in web-scale collaborations. IEEE Internet Computing, 12(3):62–68, 2008. Stefan Tai, Philipp Leitner, and Schahram Dustdar. Design by units: Abstractions for human and compute resources for elastic systems. IEEE Internet Computing, 16(4):84–88, 2012. Stefan Tai, Jens Nimis, Alexander Lenk, and Markus Klems. Cloud service engineering. In Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2, ICSE ’10, pages 475–476, New York, NY, USA, 2010. ACM. Hong Linh Truong, Schahram Dustdar, and Kamal Bhattacharya. Programming hybrid services in the cloud. In Chengfei Liu, Heiko Ludwig, Farouk Toumani, and Qi Yu, editors, ICSOC, volume 7636 of Lecture Notes in Computer Science, pages 96–110. Springer, 2012. Hong Linh Truong, Schahram Dustdar, and Kamal Bhattacharya. Conceptualizing and Programming Hybrid Services in the Cloud. International Journal of Cooperative Information Systems, May 2013, under submission

III.15

Digital Cities

Iacopo Carreras III.15.1

Introduction

The march of urbanisation is inexorable and is inextricably linked with economic development and now, for the first time in history, more people live in urban than in rural areas (United Nations, 2007). As of today, 50% of the population lives in cities and this proportion it is likely to increase to 80% by the end of the century. This rapid transition to a highly urbanized population places significant stress on city infrastructure as demand outpaces supply for energy, transportation, healthcare, education and safety. This is creating major challenges to the planning, development and operation of cities, with a major impact on their sustainability and the quality of life of people. Many European cities (including Stockholm (City of Stockholm, n.d.) and Edinburgh (Edinburgh City Council, n.d.)) have addressed these issues through “sustainability” or “green” strategies, which define overarching goals for the evolution of the urban infrastructure. Such strategies are typically translated into policies, which are, however, often contradictory. As an example, mobility policies are often contradicting with urban politics. Reconciling these contradictions and achieving a balance across different interest groups in the city can be difficult. Further, until now most cities have taken a “one size fits all” approach to issues like road pricing, smart mobility, parking management, and emissions control in an attempt to generate a more sustainable approach to building a sustainable transport infrastructure. This is mostly due to the fact that the urban landscape is becoming characterized by a multi-layered complexity, where social interactions, the provisioning of living space, the development of infrastructure and other crucial human factors of everyday life are interlinked with each Page 120 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

other at multiple scales and involve a variety of different actors, each one characterized by its own objectives and expectations. Addressing such complexity requires a deep understanding of the city dynamics at multiple temporal and spatial scales and the ability to dynamically control and adapt the city infrastructure and its future developments. The initial attempt to tackle such challenges consisted in trying to understand and model cities by exploiting the fast rise of inexpensive pervasive sensor technologies (Zardini and Schivelbusch, 2006). Such pervasive infrastructure allows public administrators and service providers to monitor the “pulse” of the urban landscape by means of pervasive sensing technologies. The result of this process is what is nowadays called a Digital City (Naphade et al, 2006), i.e. a dense environment where people, urban processes and services interact in a complex and multi-layered fashion and where ubiquitous sensor networks create a digital “shadow” of real world urban processes. The concept of Digital City is typically centered around the idea that there is a “need for cities worldwide to become smarter in how they manage their infrastructure and resources to cater to the existing and future needs of their citizenry” (European Commission, 2011; Giffinger et al, 2007; European Smart Cities, n.d.; Net!Works, 2011). Besides this, cities are nowadays in competition with regard to different economic, social and geographical characteristics in order to reveal the best places for certain activities or, more in general, for people to leave (European Commission, 2011; Giffinger et al, 2007; European Smart Cities, n.d.; Resch et al, In Press). City-rankings (Giffinger et al, 2007) have become a central instrument for assessing the attractiveness of urban regions over the last 20 years. By rankings, companies decide where to relocate executives or themselves. Being smart becomes then the way for cities to identify strengths and weaknesses in a comparative way. The need for investments in advanced infrastructures becomes then also a need to ensure the sustainability and competitiveness of the city itself. Various frameworks and indicators have been developed in order to define when a city can be considered “smart”. As an example, (Net!Works, 2011; Giffinger et al, 2007) identifies 6 key dimensions of smart cities: economy (competitiveness), people (social and human capital), governance (participation), mobility (transport and ICT), environment (natural resources), and living (quality of life). An indicator has then been developed based on a combination of these dimensions, and it has been used as the driver for ranking cities in Europe. Similarly, (Giffinger, 2007) presents a study which groups the same previous dimensions into 5 topics: (i) Exonomic, (ii) Developing e-government, (iii) Health, Inclusion and Assisted living, (iv) Intelligent transportation systems, (v) Smart grids, energy efficiency and environment. Also in this case, such topics are used to define indicators to measure the quality of the urban infrastructures throughout various European cities. III.15.2

A Data Centric Approach

State of the art approaches to Digital Cities aim to infrastructure the urban landscape with sensors capable of providing a real-time view of what is currently happening (Singapore Live Traffic, n.d.; Sensable City, n.d.; Smart Santander, n.d.). Through such sensors, large amounts of data are collected and stored for later analysis. This creates a “shared information space”, which allows governments, municipal authorities, and private sector companies to architect and build more efficient infrastructures and services. This is an extremely challenging task, since modern cities can be considered as interconnected systems of systems, where data represents the only driver to obtain an holistic view of what it is happening. Indeed, different services and infrastructures interact with each other in a way that is very difficult to model, without the support of advanced ICT technologies, which allow to implement multi-domain analyses and to obtain a comprehensive view of problems. As an example, by combining analytics, sensor data, and optimization models, IBM was able to recommend the best places in the water supply system where to install pressure reducing valves and detect the presence of leakages, which are considered responsible for the waste of 29% of the water produced (IBM, n.d.). Or by collecting and analysing data from cars, road sensors and telecommunication networks in near-real time, it is possible to provide authorities with critical information they need to quickly resolve traffic issues. This field can be referred to as urban analytics (MIT, n.d.) and focuses on data-driven analyses of economic activity, urban perception, human behavior, mobility patterns, and resource consumption to inform the city design process. In particular, through data-driven evidence public authorities have the possibility to use © SmartSociety Consortium 2013 - 2017

Page 121 of (133)

Deliverable D1.1

design tools in order to evaluate the expected impact of certain decisions such as, e.g., new streets, mobility regulation, etc.. Data availability is then perceived as an important pre-requisite to accelerate the creation of innovative and creative services in modern cities. Through the availability of open data (Auer, 2007; Schaffers, 2011), local governments can unleash the creational power of thousands of application or service developers. The main assumption is that by collating such information in one place and present it in a way that is accessible to software developers and app makers, this will be enough to significantly accelerate innovation in smart cities. As an example, open mobility data was released by the Amsterdam city government, and this led to creation of various mobile applications such as Park Shark (ParkShark, n.d.). A similar approach was used in the smart energy sector, through the availability of data from smart meters. III.15.3

Digital Cities Service Domains

The areas of intervention in a city are typically two: (i) planning and management, which targets the daily management of cities starting from data-driven evidence (ii) infrastructure, which address the need for fundamental service infrastructure such as transportation or utilities (European Smart Cities, 2013). Each one of these areas is typically linked to a specific service, for which different interventions can be planned and then executed. Examples of these areas include: 



Health, Inclusion and Assisted Living (IBM Global Business Services, 2006): with the increasing age of world’s population, and the number of 60+ people expected to reach over 2 Billion by 2050, healthcare services and support for assisted living are becoming a critical factor for the evaluation of smart cities. Advanced ICT technologies represent a key element to provide advanced healthcare services, as well as to reduce the healthcare delivery costs. Consumers worldwide are demanding more and better healthcare services. Yet, in virtually every country, the growth in healthcare demand is increasing more rapidly than the willingness and, more ominously, the ability to pay for it (IBM Global Business Services, 2006, Net!Works, n.d.). Intelligent Transportation Systems (Singapore Live Traffic, n.d.; MIT Live Singapore, n.d.): ensuring an effective and sustainable mobility of citizens in cities represents a major challenge to be tackled to achieve improvements in economy, quality of life, equity and sustainable growth. Currently, almost all metropolitan areas in the world suffer of traffic congestions, with harmful environmental and economic consequences. This comes, to a large extent, from an inadequate match between demand and offer of mobility services, which creates huge waste of money for inefficiency in economic systems. Smart Grids, Energy Efficiency, and Environment (IBM, n.d.; Smart Ahrus, n.d.): traditionally, energy systems were designed around a few-to-many paradigm. Few, large and fully controlled power plants were used to deliver energy to a number of distributed, purely passive customers. New technologies and regulations have dramatically changed this picture: smart energy grids are becoming the backbone of modern Smart Cities, through the use of smart meters, micro-grids and renewable energy sources, energy will become a pervasive resource which is created and consumed with a much higher efficiency, and reduced impact on the environment.

III.15.4

Examples of Digital Cities and Projects

Various cities have embraced a Smart City approach, incrementally deploying innovative services aimed at improving the efficiency of the urban infrastructure, as well as providing better services to citizens. In the following we report a few examples: 



Smart Santander (IBM Global Business Services, 2006), which provides a city-scale infrastructure in support of typical applications and services for a smart. Santander represents probably today’s largest Wireless Sensor Network deployment, with more than 2000 sensors installed in the city. Examples of the services delivered include mobility and traffic management, irrigation of public parks and gardens, public street lighting, waste management. Singapore (MIT City Science, n.d.) is providing data in real-time on the operation of many different and heterogeneous city services, emphasizing the possibility of creatively combining multiple streams in the subsequent design of applications on top of the platform.

Page 122 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 

Aahrus (Yigitcanlar, 2008) is focusing on the creative use of ICT in the water and sewage utility. The main focus is to collect information about the water and sewage infrastructure, structure the information and act on the information in an intelligent and autonomous way. The expectation is to provide intelligence to the water and sewage utility and to improve on service levels, efficiencies, cost effectiveness and communication with the customers and citizens.

Besides more infrastructural approaches to Digital Cities, many exploratory projects are being run with the aim of better understanding, or creating awareness on, the functioning of modern cities. In addition, they exploit citizens in to collect data on the urban digital landscape. These projects are typically based on the use of advanced sensing technologies in order to explore and understand aspects of cities, which are not directly observable. As an example, through the use of location-detecting hardware and software Brazilians are investigating how recyclers find and collect material in the city [0] (MIT Forage Tracking, n.d.). Similarly, a “trash tag” was developed by MIT in order to understand the trash removal-chain. Tags were attached to waste objects, and their position was tracked over time in order to reveal the invisible journey of our trash. (MIT Trash Track, n.d.). III.15.5

Beyond the State of the Art

Smart cities, while having achieved notable results in terms of ubiquitous sensing technologies and related services, largely ignore the role of people and communities in cities and the rich complexity characterizing the interactions among people and the city infrastructure. Modern cities are becoming “social organisms” where people interact on many different levels and within/across many different communities. To some extent this has always been the case but the cities of the 21st century are at unprecedented scale and to survive they need the support of an information infrastructure that plays the role of a “digital skeleton” that carries the social structure provides the leverage for social action. The result is a complex socio-technical system of systems, where people are the true prosumers of cities’ resources and services and play a fundamental role in the way cities are being utilized, produced and consumed. Existing infrastructure, while being able to collect large amounts of data related to the city daily operations and dynamics, currently lacks the necessary tools to efficiently interpret and reason about such information. Such a semantic gap results critical to effectively address the problems experienced by cities and, more importantly, its inhabitants. Being able to include the social perspective would then represent a major progress for Smart Cities, and would enable policy makers and service providers to tackle problems from users’ perspectives, thus filling such a semantic gap. SmartSociety will advance the state of the art in the Digital City domain by modelling cities as collective adaptive systems where the various stakeholders (people, policy makers, service providers, etc.) become active components of the digital city computational infrastructure. This will allow policy makers to devise optimal strategies to deploy resources and mechanisms in radically different combinations, whereas different social groups can take very different perspectives on the prioritisation of issues in achieving similar goals. Further, such approach will be integrated with the pervasive sensing infrastructure, thus providing an overarching view of the considered socio-technical system. Such social perspective will provide an input on the various domains characterizing digital cities. This is expected to proactively evidence emergent patterns as experienced by collectivises of users. III.15.5.1

References

Auer, S., Bizer, C., Kobilarov, G., Lehmann, J. and Ives, Z. (2007) ‘DBpedia: A Nucleus or a Web o Open Data’, in Proc. o Semantic Web Conference, Busan, Korea City of Stockholm, [Online], http://international.stockholm.se/Stockholm-by-theme/A-sustainable-city/ [20 Jun. 2013] Edinburgh City Council, [Online], http://www.edinburgh.gov.uk/download/downloads/id/4827/sustainable_edinburgh_2020engaging_with_our_citys_future-full_version [20 Jun. 2013] European Commission (2011) ‘Cities of Tomorrow – Challenges, visions, ways forward’ European smart cities, [Online], Available: http://www.smart-cities.eu [20 Jun 2013]. Galis, A. Gavras, T. Zahariadis, and D. Lambert (eds.), The future internet, Berlin, Heidelberg, Springer-Verlag Giffinger, R., Fertner, C., Kramar, H., Kalasek, R., Pichler-Milanovic N. and Mei ers, E. (2007) ‘Smart Cities – Ranking of European Medium-Sized Cities’, Research Report, Vienna University o echnology, Vienna, Austria. IBM, Ireland eyes its water supply, [Online], http://www.research.ibm.com/articles/ireland-water-management.shtml [20 Jun 2013]. IBM Global Business Service (2006) ‘Healthcare 2015: Win-win or lose-lose?’, Book Healthcare 2015: Win-win or lose-lose?

Page 123 of (133)

Deliverable D1.1

MIT City Science, [Online], http://cities.media.mit.edu [20 Jun 2013]. MIT Forage Tracking, [Online], http://senseable.mit.edu/foragetracking [20 Jun 2013]. MIT Live Singapore , [Online], http://senseable.mit.edu/livesingapore [20 Jun 2013]. MIT Trash Track, [Online], http://senseable.mit.edu/trashtrack [20 Jun 2013]. Naphade, M., Banavar, G., Harrison, C., Paraszczak, J. and Morris, R. (2011) 'Smarter Cities and Their Innovation Challenges', IEEE Computer, Vol. 44, no. 6, pp. 32-39 Net!Works European Technology Platform (2011) ‘Smart Cities Applications and Requirements’, White paper ParkShark Park Shark Amsterdam – API, [Online], Available: http://api.parkshark.nl/index.html [20 Jun 2013]. Resch, B., Britter, R., and Ratti, C. ‘Live Urbanism, “Towards the Senseable Cities and Beyond”’, in P. Pardalos, S. and Rassia (eds.), Sustainable Architectural Design: Impacts on Health, Springer, In Press. Schaffers, H., Komninos, N., Pallot, M., Trousse, B., Nilsson, M. and Oliveira A. (2011) 'Smart cities and the future internet: towards cooperation frameworks for open innovation'. in J. Domingue, A. United Nations (2007) ‘State o World Population 2007: Unleashing the Potential o Urban Growth’, United Nations Population Fund Report, New York, NY, UNFPA. Sensable city, [Online], http://senseable.mit.edu [20 Jun 2013]. Singapore LiveTraffic, [Online], http://www.livetraffic.sg/mobileapp [20 Jun 2013]. Smart Ahrus, , [Online], http://www.smartaarhus.eu [20 Jun 2013]. Smart Santander, [Online], http://www.smartsantander.eu [20 Jun 2013]. Yigitcanlar, T., Velibeyoglu, K. and Baum, S. (2008) ‘Knowledge-Based Urban Development: Planning and Applications in the Information Era’, IGI Global Zardini, M., Schivelbusch, W. (2006) ‘Sense of the City: An Alternate Approach to Urbanism’, M. Zardini and W. Schivelbusch (eds.), Baden, Swit erland : Lars Muller Publishers

III.16

Serious Games and Immersive Technology

Contribution to the State of the art by IMAGINARY III.16.1

Introduction

With 174 million players in the United States alone, we now live in a world where every generation will be a gamer generation (McGonigal 2011). Studies have shown that serious games are able to engage all age group of players as well as to promote behaviour and attitudinal change (Knighta et al. 2009). Games can promote learning (Van Eck 2006), spatial abilities (De Lisi and Wolford 2002), improve self-monitoring, problem recognition and problem-solving, decision-making, enhance short-term and long-term memory, and increase social skills e.g. collaboration, negotiation (Mitchell and Savill-Smith 2004). The following section provides an overview of serious games. Section 3 outlines immersive technologies that are exploited to engage players in serious games. Section 4 discusses some games that could benefit the Smart society project. The last section concludes with possibilities for advancing the state of the art. III.16.2

Serious Game

Over the past decade, the numbers of non-entertainment games is rapidly increasing. Many commercial games are already in use for other than entertainment purpose, for instance SimCity (simcity 2012), Civilization (civilization 2012), Hidden Agenda (Wikipedia 2013), and others have been used as learning tools in various domains. Jane McGonigal, in her Reality Is Broken book, demonstrates how we can leverage the power of games to tackle real world challenges from social problems such as depression and obesity, to global issues such as poverty and climate change. There are many cutting-edge games that are already changing the business, education, and non-profit worlds (McGonigal 2011). The popularity of video games, especially among younger generation, makes them as an ideal medium for educational purposes (Malone and Lepper 1987). As a result, a new field of computer and video games, applied to non-entertainment purposes, is growing steadily and represents a significant new opportunity for game developers, interactive development tools and technology providers. Using games beyond entertainment has led to the rise of two areas: Serious Games and Gamification. Serious games refer to computer games that have an educational and learning aspect and are not used just for entertainment purposes, typically for some form of knowledge or skill development (Freitas and Liarokapis 2011). Michael Zyda defines serious game as a mental contest, played with a computer in accordance with Page 124 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

specific rules that uses entertainment to further government or corporate training, education, health, public policy, and strategic communication objectives. It is the result of applying games and simulations technology to non-entertainment domains (Zyda 2005). The Serious Games Initiative, launched in 2002 by Ben Sawyer and David Rejecsk, aims to bring together academia, industry, and military to build games for training and simulation purposes (Michael and Chen 2005). The Serious Games Initiative is focused on uses for games in exploring management and leadership challenges facing the public sectors. Serious games have a broad application spectrum, for instance, healthcare, defense, public policy, strategic communication, education, game evaluation. “American Army” is a prominent example, used by the American army to enrol future soldiers. The notion of ‘gamification’ has recently come to the fore as an expression of the pervasive of gaming in everyday ((Susi and Johannesson 2007; Anderson et al. 2009; Freitas and Liarokapis 2011). Gamification is the use of game elements and game design techniques in non-game contexts such as economics and business (Deterding et al. 2011; Werbach and Hunter 2012). Serious Games are different from Gamification. Serious Games are digital games and simulations that have been built for teaching and training purposes, whereas Gamification takes advantage of game design techniques and elements to address the problems in other fields. These ideas have been pushed further to design games that address global problems such as climate change and health (McGonigal 2011) Serious games have become increasingly popular as an educational tool in schools, as a training device for professionals and as a means that may add entertainment to teaching and training, making the learning experience more fun and motivating. Collective intelligence emerging from users playing serious games is important to the SmartSociety project, in that serious games can be used in the direction of networked collaboration and solving grand challenges. As Foldit (Cooper et al. 2011), an online protein folding puzzle game, demonstrated, the problem that has been befuddling researchers for years only took players few days to solve. The massively distributed puzzle pieces were tracked down and analysed by individuals. By combining the strength of computers and people as well as by engaging participants to cooperate to solve problems by playing, the game-based hive mind augments individual perspectives, collectively. III.16.3

Immersive Technologies

Immersive technology refers both to technology and techniques that blur the line between the physical world and digital, thus creating a sense of immersion (Wikipedia). Ubiquitous wireless sensors and immersive technologies play a very large role in the development of smart city and smart society applications. For instance, South Korea (Workman 2013; Roach et al. 2010) has invested heavily in its telecommunications infrastructure and high speed wireless networks to use mobile applications and location based services to support modern living, and make city more attractive and friendly to tourists. From a societal perspective, immersive technologies, serious games and social networks are now being used to shape societal behaviour and attitudes to address some of the critical environmental and health issues ahead of our society. Sensor technologies are being integrated into smart homes to help citizens better manage their energy usage (University 2013) and an increasing number of health monitoring sensors are being used to motivate citizens to better exercise and manage their health. In immersive technology, sensory channel research plays a fundamental role in games technology. Spatial and immersive sound are key elements for creating immersive serious games. Haptics technology takes games into tactile realm. Affective computing measures a person’s physical and emotional state and provides this information as input to the game, which can also exploit this to potentially adapt games according to each individual reaction to the them. Advanced user interfaces become key as computer moves from the standard desktop to mobile platforms (Zyda 2005). Sensor technologies, artificial intelligence (McCarthy 2007) and crowdsourcing are being used to provide personalisation of many of these services based on user profiles automatically created and adapted by virtue of the sensors’ and behavioural data captured. AI is playing an increasingly important role in the game industry. Galactic Arms Race (GAR), based on AI, is one of the earliest video games that explore the © SmartSociety Consortium 2013 - 2017 Page 125 of (133)

Deliverable D1.1

potential for procedural content generation technology to intelligently create content for games. As such, the content is automatically and implicitly driven by players' choice (Armstrong 2008). III.16.3.1

Immersion

In the Virtual Reality (VR) and Virtual Environment (VE) research community, immersion factors are mainly related to the technology. Immersion can be objectively assessed as the characteristics of a technology, and has dimension such as the extend to which a display system can deliver an inclusive, extensive, surrounding, and vivid illusion of virtual environment to a participant (Slater and Wilbur 1997). Nevertheless, Bob G. Witmer suggests that immersion is rather a psychological state that can be influenced by the immersive tendencies of the individual participant (Witmer and Singer 1998). Immersion is the experience of losing track of the outside world and the boundaries of the magic circle, the imaginative space in which the game is placed (Adams 2009). Immersion can be influenced by usability, control, modes of interaction, aesthetics, flow and, choice of location (Carrigy et al. 2010). Computer graphics, sound and haptics; affective computing – sensing human state and emotion and advanced user interfaces contribute to engage game players mind and build a feeling of immersion (Zyda 2005). Fun and immersion are characteristics of games that are used to address threats such as boredom, anxiety and distraction, cognitive states of mind that are also associated with the theory of flow (Csikszentmihalyi 1990), in the activities that require concentration and engagement. Educational games and simulations are being increasingly adopted in public schools (Honey and Hilton 2011). Four main types of gameplay immersion can be identified in games, respectively, Spatial immersion, Sensory-Motoric immersion, Cognitive immersion and Emotional immersion (Bjork 2005). The increasing convergence and mobility of digital network technologies have also given rise to new, massively scaled modes of social interaction where the physical and virtual worlds meet. Immersive gaming therefore has a great opportunity to harness the increasingly widespread penetration and convergence of network technologies for collective social and political action (McGonigal 2003). Jane McGonigal points out that immersive players frequently transform game to reality and reality to game, choosing the interface that best suits their current problem-solving needs and experiential desires. She also suggests that immersive players' lingering belief in the world as a “real game” could also empower people and lead them to action toward real-world problems. “The game is now over….[yet] The game has just begun (Ng 2001)”. This is an aspect of immersion particularly crucial in developing the effectiveness of the smart society applications, in that it means integrating the virtual play fully into the online and offline players' daily life. Providing immersive environments within which humans can interact - among themselves, with other objects, or the computer - is another research area that raises the level of user experience when combined with the above mentioned intuitive human gesture recognition. “Immersion” is an essential design criterion in the SmartSociety project. In particularly, serious games together with “immersive experiences” are proving more engaging and motivating than standard approaches to training and education and more evidence of this efficacy has been demonstrated in the literature (Freitas and Liarokapis 2011). III.16.4

Case Studies

Serious games raise awareness about issues, harnessing the power of collective intelligence to resolve current and future problems, the ability of alternate reality games to encourage immersion and engagement allows development team to channel “play” for good (Andersen 2008). Serious games use entertainment principles, creativity, and technology to build games that carry out a government or cooperate objective (Zyda 2005). This section introduces several serious games examples such as an effective teaching and training tool to help players increase their awareness of real world issues as well as seek and exercise solutions to the problem.

Page 126 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1 III.16.4.1

CityOne

CityOne (Katsaliaki and Mustafee 2012) is a single player game that puts players in the role of master planner of a new city. The player is in charge of implementing technological solutions to improve the health and welfare of the city with respect to the energy, water, retail, and banking industries while balancing their budgets and the needs of the citizenry. The game help organizations and industries adapt to new demands and build a sustainable advantage. As most Serious Games, CityOne contains fixed data within predefined scenarios, nevertheless IBM SmartPlay Framework backed by AI and power of crowdsourcing, which takes game to a new level, introducing real data, real business models and real analytics into games (IBM 2011). III.16.4.2

EnergyVille

Similarly, ENERGYVILLE is another game presented by Chevron and developed by the Economist Group (Chevron 2007). Energyville is a simulation game based on finding the appropriate mix of energy sources to power a developing city. Players balance economic, environmental, and security impacts while minimizing costs and appeasing consumers. Players receive points based on how well they perform and compete against the high scores of other players. III.16.4.3

World Without Oil

When considering the possibility of developing Smart Cities Games it is necessary to take into account the concept of Alternate Reality Games (ARGs), defined as an interactive experience that uses the real world as a platform to tell a story that may be affected by participants' ideas or actions. World Without Oil (puppetmaster 2007; WWO 2007) is a multi-players game. An alternative reality game is created to call attention and plan for solutions to a possible near future global oil shortage. The game sketches out the overarching conditions of a realistic oil shock, then calls upon players to imagine and document their lives under those conditions (puppetmaster 2007). WWO exploits collective intelligence and the wisdom of crowds. Players work together to gain grassroots insights into the forces that will rule at street level in a crisis. WWO stimulates peer learning and inquirybased exploration of the roots, outcomes and prevention of an oil crisis (WWO 2007). III.16.4.4

Traces of Hope

Traces of Hope (Cross 2008) is developed by the British Red Cross as part of Civilians and Conflict Month. This story is based on tragic events that have happened to real people in any number of conflicts around the world. Joseph’s story forms the basis of an online game. This game combines storytelling, detective work, technology and treasure-hunting style game play to engage players. The ARGs have the potential to attract casual or non-players, because 'what if' is a game anyone can play. III.16.4.5

Evoke

Evoke is an online educational game created for a World Bank’s communication campaign. It utilizes a variety of social media tools and narrative approaches commonly found in video games. Evoke is designed to empower young people all over the world to start solving urgent social problems like hunger, poverty, disease, conflict, climate change, sustainable energy, health care, education, and human rights (Gaible et al. 2010). It is meant to encourage young people to investigate the grand challenges around the world, collaborate to develop innovative solutions. An important aspect of this game is that it allows players to act to turn ideas into reality within their own communities and beyond. In addition, the game provides many insights and strengthens players’ skills – collective problem solving, probability analysis, shared decision-making etc. III.16.4.6

Power House

Power House (University 2013) is an interactive energy conservation game created by Stanford University, Kuma Games, and Seriosity. The game employs the technology of Google Power Meter to incorporate real energy use data from players' homes. It uses real energy data from players home in the game. Players can see graphs of their home energy consumption, track their personal progress and savings over time as well as get © SmartSociety Consortium 2013 - 2017

Page 127 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

useful and easy recommendations on how to cut down the energy use. Real-time data and recommendation play an important role in this game. The underpinning principle in the aforementioned examples is using games as a means for collective intelligence in different venues for various purposes. They raise awareness about real-world problems by playing them out in a serious way. They lead players to consider different strategies and change their thinking about issues. Players increase their self-confidence in participating in a larger discussion on the topic, as well as awakening a sense of future potential. Some games apply collective intelligence and imagination to the problem in advance, and create a record that has value for educators, policymakers, and the common people to help anticipate the future and prevent its worst outcomes. These games normally have compelling stories, exploit entertaining game play and add important real-world information. These games also demonstrate increased abilities of serious games to find, organize and creatively make use of the knowledge resources and human resources necessary to address local, national, regional and international challenges in new ways. All these principles should be reflected in the smart city and smart society applications. III.16.5

Beyond the State of the Art

Serious Games and immersive technologies together can be the next big leap in life-long education. The aforementioned research and games provide potentially valuable solutions to create smart society applications. Some limitations can be however identified concerning the results achieved by previous studies. Most games use fixed data within predefined scenarios, while games based on AI to create personalised content are still few, not to mention introducing the emergent behaviour of the real world. Integrating real data will have a stronger impact, as it extends the vision beyond the fictional world into the world real time visualization and optimization and it also supports decision-making. Moreover, serious games as a means for collective intelligence help citizens learn and convey insights into infrastructure investments, applying real city data to the simulated city to vet public policy. Games, virtual worlds and social networking applications play an important role in developing the effectiveness of smart city and smart society applications. However the existing games which seek to simulate society and civilisation cannot really be classified as genuine Smart City or Smart Society applications as they do not integrate real-time or live data. With respect to the immersion, current serious games tend to limit in the virtual space, while a more influential game should integrate the virtual play into the physical world. The SmartSociety project will develop a proof-of-concept simulation platform, that will use similar engines and algorithms to those used by serious games but at the same time it will populate them with real-world data. By integrating real data into simulations, visualisations and game-like environments users and software form a partnership that enables actions and motivations to have a genuine impact on real world outcomes. To enhance immersion, players will be empowered to create their own structure and mechanisms within the shared platform as well as to extend certain virtual activities into the real world. III.16.6

References

Adams E (2009) Fundamentals of Game Design. 2 edn. New Riders, Andersen M (2008) Traces of Hope: British Red Cross Launches ARG for Civilians and Conflict Month. http://www.argn.com/2008/09/traces_of_hope_british_red_cross_launches_arg_for_civilians_and_conflict_month/. Accessed 23. Feb 2013 Anderson EF, McLoughlin L, Liarokapis F, Peters C, Petridis P, Freitas Sd Serious Games in Cultural Heritage. In: The 10th VAST Intâ&#x20AC;&#x2122;l Symposium on Virtual Reality, Malta, 2009. pp 29-48 Armstrong A (2008) Applying Evolutionary Algorithms to the Galactic Arms Race. http://aigamedev.com/open/interviews/galacticarms-race/. Accessed 05, May 2013 Bjork S (2005) Patterns In Game Design. Charles River Media Game Development. Charles River Media,

Page 128 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

Carrigy T, Naliuka K, Paterson N, Haahr M (2010) Design and evaluation of player experience of a location-based mobile game. Paper presented at the Proceedings of the 6th Nordic Conference on Human-Computer Interaction: Extending Boundaries, Reykjavik, Iceland, Chevron (2007) EnergyVille. http://www.energyville.com/. Accessed 14 May 2013 civilization (2012) civilization. http://www.civilization.com/. Accessed 3 June 2013 Cooper S, Khatib F, Makedon I, Lu H, Barbero J, Baker D, Fogarty J, Popovi Z, #263, players F (2011) Analysis of social gameplay macros in the Foldit cookbook. Paper presented at the Proceedings of the 6th International Conference on Foundations of Digital Games, Bordeaux, France, Cross BR (2008) Traces of Hope. http://tracesofhope.com. Accessed 10 March 2013 Csikszentmihalyi M (1990) Flow: The Psychology of Optimal Experience. HarperCollins Publishers, New York De Lisi R, Wolford J (2002) Improving children's mental rotation accuracy with computer game playing. J Genet Psychol 163 (3):272-282 Deterding S, Sicart M, Nacke L, O'Hara K, Dixon D (2011) Gamification. using game-design elements in non-gaming contexts. Paper presented at the CHI '11 Extended Abstracts on Human Factors in Computing Systems, Vancouver, BC, Canada, Freitas Sd, Liarokapis F (2011) Serious Games: A New Paradigm for Education? In: Nikolaos Antonopolous MM, Lakhmi C. Jain, Andreas Oikonomou, John Sear (ed) Serious Games and Edutainment Applications. Springer, Gaible E, Dabla A, Group TN (2010) Project Evaluation EVOKE.83 Honey MA, Hilton M (2011) Learning Science Through Computer Games and Simulations. In. The National Academies Press, IBM (2011) Smarter Serious Games. http://www-935.ibm.com/services/us/gbs/gaming/. Accessed 10 May 2013 Katsaliaki K, Mustafee N (2012) A survey of serious games on sustainable development. Paper presented at the Proceedings of the Winter Simulation Conference, Berlin, Germany, Knighta JF, Carleyb S, Tregunnac B, Jarvisc S, Smithiesd R, Freitase Sd, Dunwelle I, Mackway-Jonesb K (2009) Serious gaming technology in major incident triage training: A pragmatic controlled trial. Resuscitation Journal 81 (9):1174-1179 Malone TW, Lepper MR (1987) Making learning fun: A taxonomy of intrinsic motivations for learning. Aptitude,learning and instruction: III Conative and affective processanalyses Vol. 3 223-253 McCarthy J (2007) What is Artiﬁcial Intelligence. http://www-formal.stanford.edu/jmc/whatisai/whatisai.html. Accessed 06 May 2013 2013 McGonigal J (2003) 'This Is Not a Game': Immersive Aesthetics and Collective Play. Paper presented at the Melbourne DAC 2003 Melbourne McGonigal J (2011) Reality Is Broken. Why Games Make Us Better and How They Can Change the World. The Penguin Press, Michael D, Chen S (2005) Serious Games: Games That Educate, Train, and Inform. Course Technology PTR, Mitchell A, Savill-Smith C (2004) The use of computer and video games for learning: A review of the literature. Ng E (2001) Editorials: The Integrated Game. http://cloudmakers.org/editorials/eng628.shtml. Accessed 09 May 2013 puppetmaster (2007) World Without Oil. http://en.wikipedia.org/wiki/World_Without_Oil. Accessed 27. Feb 2013 Roach SS, Lamm S, Dobbs R, Villinger R, Graves C (2010) South Korea: Finding its place on the world stage. http://www.mckinsey.com/insights/winning_in_emerging_markets/south_korea_finding_its_place_on_the_world_stage. simcity (2012) simcity. http://www.simcity.com/. Accessed 3. June 2013 Slater M, Wilbur S (1997) A Framework for Immersive Virtual Environments (FIVE) - Speculations on the Role of Presence in Virtual Environments. Teleoperators and Virtual Environments 6 (6):603-616 Susi T, Johannesson M, & Backlund, P. (2007) Serious games - an overview. University S (2013) Power House. http://powerhouse.stanford.edu/?q=welcome. Accessed 5 March 2013 Van Eck R (2006) Digital Game-Based Learning: It's Not Just the Digital Natives Who Are Restless. EDUCAUSE Review 40 (2):16-30 Werbach K, Hunter D (2012) For the Win: How Game Thinking Can Revolutionize Your Business. Wharton Digital Press, Wikipedia Immersive technology. http://en.wikipedia.org/wiki/Immersive_technology. Accessed 09 May 2013 Wikipedia (2013) Hidden Agenda. http://en.wikipedia.org/wiki/Hidden_Agenda_(computer_game). Accessed 3 June 2013 Witmer BG, Singer MJ (1998) Measuring Presence in Virtual Environments: A Presence Questionnaire. Presence: Teleoper Virtual Environ 7 (3):225-240. doi:10.1162/105474698565686 Workman B (2013) Mobile In East Asia: Why Japan, Korea And Singapore Lead The World In Mobile Monetization. http://au.businessinsider.com/mobile-growth-japan-south-korea-singapore-2013-5. Accessed 03 June 2013 WWO (2007) World Without Oil. http://worldwithoutoil.org. Zyda M (2005) From visual simulation to virtual reality to games. Computer 38 (9):25-32

III.17

Swarm and other collective systems

Aris Valtazanos This is a partial literature review of swarm and other collective systems, which forms a useful background for understanding the context of Collective Adaptive Systems. Collective robotic intelligence project (CRIP) (Kube et al, 1994): This study is concerned with study of social insects and other animal-like systems. Examples of social insects include bees, ants, and termites. Behaviours exhibited by these organisms are closely related to their sensing mechanisms and the groups and environments they live in. A group behaviour is defined here as “the task-achieving activity for which a system is a designed, and it consists of a commons set of rules for accomplishing the task”. Based on the collected observations, simulations of interesting collective behaviours are conducted in a robotic simulator. © SmartSociety Consortium 2013 - 2017 Page 129 of (133)

ÂŠ SmartSociety Consortium 2013 - 2017

Deliverable D1.1

The example considered in this phase is that of object manipulation (pushing a box around a space) using multiple robots, which must collaborate to achieve a common goal. Similar behaviours are implemented on real hardware platforms, and evaluated in a multi-robot experiment. Challenges beyond evolvability (Kernback et al, 2011): This paper reviews some of the challenging aspects of collective adaptive systems, inspired by domains such as swarm robotics and self-organisation in neural networks. These challenges are divided into four broad categories: controllability of long-term selfdevelopmental processes, which is concerned with the predictability of long-term behaviours, complexity of natural chemistry, or ability to modify the control system of an evolving entity, artificial sociality, i.e. studying the interactions between and within such systems, and emergence and controllability of self, which is centred on the principles of self-replication and self-development. Probabilistic Macroscopic Models for Swarm Robotic Systems (Lerman et al, 2005): This paper reviews models for describing the dynamics of collective behaviours in swarm robotic systems. These models are divided into two broad classes: microscopic and macroscopic. A microscopic model (Galstyan and Lerman, 2004; Gerkey et al, 2001) treats the robot as a the fundamental unit of the model. Interactions with other robots and the environment are viewed as a series of stochastic constraints. A macroscopic model describes the collective behaviour of a swarm directly. One common macroscopic method is the use of Stochastic Master and Rate Equations (Lerman and Galstyan, 2002) to describe and predict collective behaviours. This paper also presents simulated and real experiments assessing the predictability of different behaviours based on a given model. Collective Behaviours for Mobile Robots(Baldassarre et al, 2003): This paper studies evolutionary algorithms for multi-robot configuration and motion towards a specified target. The experimental platform used is the Khepera robot, a small wheeled robot with directional microphones, infrared, and ambient light sensors. These sensors are used for self-localisation and identification of the other robots. A neural network controller is developed and used to coordinate the robots, and a fitness function is designed to evolve the parameters of the controller. The experiments assess the evolutionary capability of different robot formations, ranging from simple flocks to more complex rose-shape motion patterns. Swarms, phase transitions, and collective intelligence (Millonas, 1992): This paper proposes a connectionist model for the coordination of a large number of locally acting organisms. The environment in which the organisms operate is discretised into different cell, which are connected to each other in a lattice. Motion between different cells is governed by probabilistic functions, whose weights depend on local substances called morphogens; these substances are similarly affected by the moves of the organisms. Experiments are conducted on a group of ants moving on a lattice. The intended functionality of the model is centred on the emergence of complex adaptive behaviours, the exploration of phase transitions in biological systems, and the specification of behavioural criteria for the evolution of behaviours in social organisms. Open problems in artificial life (Bedau et al, 2000): This paper describes and discusses various open problems of interest in artificial life systems. These problems can be broadly categorised as: a) how does life arise from the nonliving, and particularly how rules and symbols are generated from physical dynamics in living systems, b) what are the potentials and limits of living systems, such as the minimal conditions for evolutionary transitions, or the theoretical foundations of information flow in evolving systems, c) how is life related to mind, machines, and culture; for example, what is the interplay between cultural and biological evolution. The convergence of social and technological networks (Kleinberg, 2008): This article reviews concepts related to the increasingly many common features shared by heterogeneous social and technological networks. Examples of these features include the small world phenomenon, or how individuals are only a few degrees of separation apart even in large networks, and social contagion, or how different ideas can be spread in such networks. Important open problems in this domain include the study of the evolution of the structure of large networks over time, and the use of machine learning techniques in predicting events from network data. Threshold models of collective behaviour (Granovetter, 1978): In this study, the term threshold refers to the proportion of others who must make one decision before a given actor does so, i.e. the point where net Page 130 of (133) http://www.smart-society-project.eu/

Deliverable D1.1

benefits start to exceed net costs for that action. To determine such thresholds, the authors use frequency distributions in order to identify appropriate equilibria. Applications of interest include rumour diffusion, voting, and riot behaviours. Compositionality – Collective Sort (Gardelli et al, 2007): This article describes an architecture for selforganising environments based on reverse engineering from existing functional systems. The proposed system builds on a tuple space formalism, where the intention is to keep similar tuples clustered together. This would facilitate tasks such as obtaining relevant information based on previous experience. The proposed algorithm builds on the brood sorting method (Bonabeau, 1999), which is used in ant-colony optimisation problems. Collective sort aims at generalising brood sort to applications where the tuple space contains multiple classes. Dependability – Scalable proofs (Vain et al, 2008): This paper introduces and discusses formal methods for assessing the correctness of swarm models, and the complexity of coordination within a given swarm. The proposed approach is based on techniques such as bidding distance and the random waiting time protocol (as tools for avoiding race conditions between different members of the swarm). Hybriditity – Using selection to improve particle swarm optimisation (Ageline, 1998): This paper describes an evolutionary optimization algorithm that is a hybrid based on particle swarm but with the addition of a standard selection mechanism from evolutionary computations. A comparison is performed between hybrid swarm and particle swarm that shows selection to provide an advantage for some but not all complex functions. Diversity – Dynamic diversity in particle swarm optimisation (García-Villoriam, 2009): In this paper, a standard particle swarm optimisation algorithm is extended for the purposes of diversity through the incorporation of random velocity. The degree of the introduced diversity is not static (i.e. preset before running the algorithm) but instead changes dynamically according to the heterogeneity of the population (i.e. if the search has converged or not). Results are demonstrated on the NP-hard response time variability problem. Diversity – Preserving diversity in particle swarm optimisation (Hendtlass, 2003): The approach proposed in this paper extends the standard particle swarm optimisation algorithm by incorporating memory capacity for each of the deployed particles. The purpose of this extension is to provide a wider choice of target points at a given time, instead of using local greedy heuristics that do not account for multiple states. Diversity – The Attractive-Repulsive particle swarm optimiser (Riget and Vesterstrøm, 2002): The algorithm described in this paper is based on the principles of attraction and repulsion. Diversity is enforced by making the optimiser alternate between these two states, thus avoiding certain cases of premature optimisation when searching for an optimal solution. III.17.1

References:

Angeline, Peter J. "Using selection to improve particle swarm optimization." In Evolutionary Computation Proceedings, 1998. IEEE World Congress on Computational Intelligence., The 1998 IEEE International Conference on, pp. 84-89. IEEE, 1998. Baldassarre, Gianluca, Stefano Nolfi, and Domenico Parisi. "Evolving mobile robots able to display collective behaviors." Artificial Life 9, no. 3 (2003): 255-267. Bedau, Mark A., John S. McCaskill, Norman H. Packard, Steen Rasmussen, Chris Adami, David G. Green, Takashi Ikegami, Kunihiko Kaneko, and Thomas S. Ray. "Open problems in artificial life." Artificial life 6, no. 4 (2000): 363-376. Bonabeau, E., Dorigo, M., Theraulaz, G.: Swarm Intelligence: From Natural to Artificial Systems. Santa Fe Institute Studies in the Sciences of Complexity. Oxford University Press (1999) Galstyan, A. and Lerman, K. 2004. Analysis of a Stochastic Model of Adaptive Task Allocation in Robots, to appear in Workshop on Engineering Self-Organizing Systems at AAMAS-2004. García-Villoria, Alberto, and Rafael Pastor. "Introducing dynamic diversity into a discrete particle swarm optimization." Computers & Operations Research 36, no. 3 (2009): 951-966. Gardelli, Luca, Mirko Viroli, Matteo Casadei, and Andrea Omicini. "Designing self-organising MAS environments: the collective sort case." Environments for Multi-Agent Systems III (2007): 254-271. Gerkey, B. P., Vaughan, R. T., Stoy, K., Howard, A., Sukhatme G. S., Mataric, M. J. 2001. Most Valuable Player: A Robot Device Server for Distributed Control, in Proc. of the IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2001), Wailea, Hawaii, October 29–November 3, 2001. Granovetter, Mark. "Threshold models of collective behavior." American journal of sociology (1978): 1420-1443. Hendtlass, Tim. "Preserving diversity in particle swarm optimisation." Developments in Applied Artificial Intelligence (2003): 155199.

Page 131 of (133)

Deliverable D1.1

Kernbach, Serge, Thomas Schmickl, and Jon Timmis. "Collective adaptive systems: Challenges beyond evolvability." arXiv preprint arXiv:1108.5643 (2011). Kleinberg, Jon. "The convergence of social and technological networks." Communications of the ACM 51, no. 11 (2008): 66-72. Kube, C. Ronald, and Hong Zhang. "Collective robotics: From social insects to robots." Adaptive Behavior 2, no. 2 (1993): 189-218. Lerman, Kristina, Alcherio Martinoli, and Aram Galstyan. "A review of probabilistic macroscopic models for swarm robotic systems." Swarm robotics (2005): 143-152. Lerman, K. and Galstyan, A. 2002b. Two paradigms for the design of artificial collectives. In Proc. of the First Annual workshop on Collectives and Design of Complex Systems, NASA-Ames, CA. Millonas, Mark M. Swarms, phase transitions, and collective intelligence. No. LA-UR--92-3980; CONF-9206329--1. Los Alamos National Lab., NM (United States), 1992. Riget, Jacques, and Jakob S. Vesterstrøm. "A diversity-guided particle swarm optimizer-the ARPSO." Dept. Comput. Sci., Univ. of Aarhus, Aarhus, Denmark, Tech. Rep 2 (2002): 2002. Vain, J., T. Tammet, A. Kuusik, and S. Juurik. "Towards scalable proofs of robot swarm dependability." In Electronics Conference, 2008. BEC 2008. 11th International Biennial Baltic, pp. 199-202. IEEE, 2008.

III.18

Identity management

Vincenzo Maltese Different organizations typically maintain their datasets independently, often providing different or overlapping descriptions of the same real world entities, such as people, places, organizations, events. For instance, for a certain person, e.g., Salman Rushdie, one dataset may mention his name and date of birth, while another may provide his name, his place of birth and working contacts. Due to the diversity in language and knowledge (see dedicated section on diversity), without a minimum level of agreement it is impossible to achieve semantic interoperability and guarantee an effective exchange of information. Dedicated techniques, such as schema matching (see, e.g., Shvaiko and Euzenat, 2007; Giunchiglia et al, 2007) and entity matching (a.k.a. record linkage, entity consolidation, instance matching, duplicate detection; see, e.g., Hogan, 2012), aim at the identification of similarities between two datasets at the level of their schemas and their content, respectively. Given any two graph-like structures, e.g. classifications, database or XML schemas and ontologies, semantic matching is a schema matching operator which identifies those nodes in the two structures which semantically correspond to one another. For example, applied to databases it can identify that a relational table labeled “car” is semantically equivalent to another relational table labeled “automobile” because the two words are synonyms in English. Entity matching compares the description of two entities. For instance, it can recognize that two records in two different databases, or even in the same database, correspond to the same person because there is a partial match between the set of attributes describing them. Methods differ in the way such a match is established. Identity Management is a technique that allows managing the identity of entities, inside and across different datasets, through the assignment of unique identifiers. This presupposes the adoption of some mechanism which allows the identification of those entities that, under certain conditions, are recognized as compatible (Pane, 2012). For instance, the approach followed by the Semantic Web community relies on the usage of the owl:sameAs relation between two entity representations that are considered to be the same. The OKKAM framework (Bouquet et al, 2008) aims at providing entity identifiers for the Web following a proprietary URI42 scheme. Entities are untyped, i.e., they are not described with a fix schema. This makes the management of the entity identifier application independent and allows for the creation of OKKAM IDs for any kind of entities. The OKKAM framework provides services for adding new entities and creating their identifiers, adding/modifying/removing descriptions to existing entities and searching for entities already existing in their knowledge base. The Distributed Identity Management platform described in Pane (2012) differs from state of the art solutions as it provides a management architecture that distinguishes and manages both local and global views and identifiers. Moreover, in this system entities are typed. This can provide useful information on how to effectively compare descriptions and decide about their compatibility. For instance, the height of a mountain is different, at least in the scale, from the height of a person. We do not plan to explicitly address the issue of identity management in SmartSociety. However, as we will have to deal with peer profiles, we need to be aware of the impact that the representation mechanisms that we will establish can potentially have in the search and matching of profiles. 42

http://www.w3.org/wiki/URI

Page 132 of (133)

http://www.smart-society-project.eu/

Deliverable D1.1

P. Shvaiko, J. Euzenat (2007). Ontology Matching. Springer-Verlag New York, Inc. Secaucus, NJ, USA. F. Giunchiglia, M. Yatskevich, P. Shvaiko (2007). Semantic matching: Algorithms and implementation. Journal on Data Semantics. A. Hogan, A. Zimmermann, J. Umbrich, A. Polleres, S. Decker (2012). Scalable and distributed methods for entity matching, consolidation and disambiguation over linked data corpora. Web Semantics: Science, Services and Agents on the World Wide Web, 10. J. Pane (2012). Distributed Identity Management. PhD Thesis, University of Trento. P. Bouquet, H. Stoermer, B. Bazzanella (2008). An entity name system (ENS) for the semantic web. Proceedings of the 5th European Semantic Web Conference on The semantic web: research and applications (ESWC), pp. 258–272.

Page 133 of (133)