Ethical Dimensions of User Centric Regulation

In this paper, we question the ethical role of information technology (IT) designers in IT regulation. We situate how designers can respond to their ethical and legal duties to end users. We focus on how they mediate user activities through IT design and their wider responsibilities to act in an ethical manner as points for reflection. We illustrate our arguments through the emerging technological setting of smart cities. We use our concept of user centric regulation (UCR) to frame our ethical analysis of what a closer alignment of IT design and regulation could mean. Our concept asserts that human computer interaction (HCI) designers are now regulators and as designers are not traditionally involved in the practice of regulation, meaning their role is ill-defined. Designers need support in understanding what their new role entails, particularly managing ethical dimensions that go beyond law and compliance. Our conceptual analysis assists in this regard by consolidating perspectives from across Human Computer Interaction, Information Technology Law and Regulation, Computer Ethics, Philosophy of Technology, and beyond.


Introduction
We explore the role of IT designers in regulation and question the ethical dimensions of their work. The turn to the IT design community to help address hard regulatory issues posed by emerging IT systems needs deeper analysis. Through our concept of User Centric Regulation (UCR), we question the nature of their role, with specific reference to end users and their legal rights. UCR developed from wider analysis of how a specific domain of IT design, human computer interaction, can interact with a field of regulation, information technology law. 1 Accordingly, for this discussion we focus on unpacking two ethical dimensions of involving IT designers in the practice of regulation. Firstly, the nature of their wider responsibilities to users and secondly, the relationship between mediating user experiences through IT design and regulation. We look at these issues in the context of the challenges posed by smart cities.

Part I: Introducing User Centric Regulation
Our concept of UCR supports thinking about ethical dimensions of the role of IT designers in regulation. Underpinning UCR are several key assertions, which we need to briefly unpack. This is a shorter explanation, as the arguments are developed more fully in other, longer work. 2 As mentioned in the introduction, we argue the following: -Human computer interaction (HCI) designers are now regulators; -Technology designers are not traditionally involved in the practice of regulation and accordingly, the nature of their role in regulation is ill-defined; -Support for understanding what this new role entails is necessary, particularly managing ethical dimensions beyond legal compliance.
To understand these claims, we need to understand that the concept of regulation, and who acts as a regulator, has been broadening. Traditional definitions of regulation, such as those offered by Selznick, are overtly state centric, arguing regulation is the "sustained and focused control exercised by a public agency, on the basis of a legislative mandate over activities that are generally regarded as desirable to society" 3 . In contrast, Black's more contemporary definition is much wider, arguing regulation is "the sustained and focused attempt to alter the behaviour of others to standards or goals with the intention of producing a broadly identified outcome or outcomes, which may involve mechanisms of standard setting, information gathering and behaviour-modification". 4 As we can see, the activities of non-state actors can now be viewed under the umbrella of regulation. This could include corporations, non-governmental organisations (NGOs) and technical standard setting bodies like World Wide Web Consortium, Internet Engineering Task Force. Nevertheless, the state still retains a key role in defining agendas for action through legislative mandates or formal policy. State authority and legitimacy to exercise control over a jurisdiction and the actors therein is a key aspect of their power. 5 However, they no longer exercise an absolute monopoly in setting standards, implementing social control mechanisms and shaping behaviour of citizens. 6 Government often encourages hybrid regulation between state and non-state actors in both self-regulation and coregulation 7 and increasingly we see 'regulation in many rooms'. 8 Accordingly, non-state actors, like IT designers, can draw on a variety of methods to shape, persuade and change behaviour to realise specific outcomes. Importantly, by mediating actions of users through their design decisions, they can define the nature of a user's interactions with a technology, and regulate what they do.
Within IT law, the importance of technology design as a regulatory tool has longstanding provenance. 9 More formally, legislative mandates embed this idea and bring law and design closer in practice. This is often to address complexities of regulating emerging technologies and with the intent of addressing legal regulation lagging behind technology development. The concept of information privacy by design (PbD), as instantiated in Article 25 of the new EU General Data Protection Regulation (GDPR) 2016, typifies the turn to design to assist in the practice of regulation.
A turn to design means a turn to designers, but we feel the nature of their role is still not well settled in IT regulation. There is a significant gap between the legal understanding of design, and the practices and epistemic commitments of design communities, such as those within HCI. 10  Indeed, a key strength of HCI is developing situated understandings of how users interact with IT in context. HCI designers utilise a range of approaches developing systems, experiences and interactions with users. These vary from conducting co-design processes with users, testing and iteratively developing prototypes and conducting design ethnographies to understand the requirements of a setting and the practices therein. 17 We believe the HCI community can help address hard regulatory challenges and shape how legal interests of IT users are protected in practice.
Nevertheless, by calling on non-state actors like designers to be involved in regulation, lack of legitimacy must be addressed, as they are not held to the same standards of accountability or transparency as the state. However, we believe the user centric nature of HCI is one route to the designers obtaining legitimacy as regulators. HCI designers can addressing the gap in current regulatory practices left by seeing users as 'nodes' or 'dots' instead of understanding of how actual users interact with technology in practice. Indeed, if HCI designers can understand the needs of end users in a grounded manner, they can respond to regulatory challenges in more contextually appropriate ways.
Bridging the gap between IT law and HCI communities is critical. Engaging with the practices, concepts and epistemic commitments of the HCI community, is the first step to unpacking what role design, and designers, can play in IT regulation. Nevertheless, accepting their role as regulators, within this paper, we want to briefly reflect on two elements of their role. We are interested in where ethical responsibilities designers owe to users' stem from. 18 As HCI designers shape behaviour and 'regulate' users by 'mediating' their interactions with IT, how they do so offers scope for ethical reflection, and we want to consider this more deeply in Part II.

Part II: Ethical Dimensions of User Centric Regulation
To better situate the nature of an IT designer's responsibility and ethical nature of their role in mediating behaviour through design, we turn to the long lineage of work in computer ethics (CE In terms of practical tools supporting ethical conduct of IT designers, codes of ethics play an important role. Codes, like those associated with membership of specialist bodies are primarily orientated towards professional responsibility. 24 The Association of Computing Machinery (ACM), Institute of Electrical and Electronic Engineers (IEEE) and British Computing Society (BCS) 25 have been providing guidance for members through respective codes of ethics and conduct for decades (for IEEE, since 1963). The IEEE Code of Ethics, asks members to consider how their work impacts quality of life of others, and introduces broader notions of responsibility to public welfare, safety and health. Critical reflection on these codes highlights significant focus on protecting reputation as opposed to having more aspirational expectations of members. 26 Nevertheless, they have considerable value in defining high level principles and values of the community.
The responsible research and innovation agenda prompts reflection on ethical questions by reasserting the relationship between innovation and the social consequences. As Stilgoe et al put it, RRI is "taking care of the future through collective stewardship of science and innovation in the present" 27 . To do this, instead of a code of conduct, their RRI framework draws on four elements of anticipation, reflexivity, inclusion, and responsiveness. These principles direct reflection on questions of "uncertainty (in its multiple forms), purposes, motivations, social and political constitutions, trajectories and directions of innovation" 28 . Such considerations clearly pertain to the ethical dimensions of a IT designer's role, as those involved in research and development of new products and services in organisations like university labs, start-ups, hackspaces, multinational R&D labs and beyond. Anticipation involves systematic consideration of risks posed by new technologies, with special precaution around forecasting unforeseen issues. Reflexivity requires reflection on assumptions, actions and appreciating alternative points of view may exist. Inclusion seeks legitimacy through dialogue and engagement with more stakeholders impacted by technologies. 29 In terms of UCR, and considering the HCI and IT law communities, these principles have existing counterparts. Within the latter context, labour laws form a mandate for action and responsibility, however for RRI, the nature of responsibility is often more complex. Stahl, Eden, and Jirotka note, responsibility in RRI largely falls to individuals, who can be subject to many forms. 36 A software engineer may have professional responsibilities to customers, moral responsibilities to users, role responsibilities as leaders to peers, or legal responsibilities to compliance with laws. 37 Their interviews with scientists for the FRRIICT 38 project, broadly showed less sense of responsibility for social consequences when conducting 'fundamental', 'generic', 'enabling' research than those closer to or working with specific end user groups, doing more 'applied', 'application orientated' work . 39 Accordingly, whilst HCI and IT designers have different dimensions of responsibility for the wider social implications of their work, the ways they reflect on these wider responsibilities are multifaceted. Any role for IT designers in regulation needs to go beyond just legal compliance, to reflect on the wider ethical dimensions of their role. However, supporting them in doing so is a complex task. 30  We will now briefly consider how IT designers mediate experiences of users through their design decisions. We feel this offers an opportunity to reflect on ethical implications of design. As there has been considerable work in the field of engineering ethics on mediation and the role of designers, we now turn there.
The relationship between ethics and design is strong. As Verbeek argues, "engineering design is an inherently moral activity" 40 57 This can be useful insofar as it motivates a response to these issues as early as possible, as engineers seek to avoid such overload in the future.
Fundamentally, designers are not neutral and by participating in design processes, they are making ethical decisions. 58 Seeing ethics as a process of reflection, not necessarily tied to normative absolutes (e.g. privacy is good or bad), but instead on reflecting on the mediating effects of a technology on the user can be useful. 59  between use and design needs to be addressed. From a UCR perspective, whilst legislation may define thresholds for legal requirements and rules, such as safety guidelines, product safety or accessibility specifications, engineers/designers can still make choices, to exceed these and reach to a higher ethical standard. The esoteric nature of laws and regulations can challenge this, as baseline understanding of law may necessitate translation to make standards relevant to designers' work, an area requiring increased attention. 60 Designers need mechanisms to support reflection on both regulatory and ethical impacts of their design decisions. In aligning HCI and IT law, there are a range of options, such as value sensitive design (VSD) or participatory design frameworks mentioned earlier, and discussed in depth in our longer paper. 61 To introduce one briefly, VSD, Friedman et al argue for including 'values with ethical import' in design, namely those which 'centre on human well-being, human dignity, justice, welfare and human rights'. 62  For HCI and IT law communities, UCR can support concepts from each community to find new perspectives on regulatory challenges. We see opportunities in extending VSD from ethical to legal values. Privacy, ethical and even social impact assessments can also have a key role in structuring reflection on both ethical and legal dimensions of design. Privacy patterns are another useful design tool. 67 In other work, we have sought to bring these communities closer together. One example is repurposing Benford et al's trajectories framework 68 used for designing interactive user experiences to developing adequate consent mechanisms in the Internet of Things (IoT). 69 Another is our deck of physical privacy by design playing cards in workshops to help structure reflection by system designers on data protection concerns in IT design. 70 For this paper, we do not reiterate these ideas in detail. Instead we briefly suggest another HCI concept to consider for UCR below, seamful design, and suggest how it can frame reflection on the role of designers in regulation through the context of smart cities.

Part III: UCR and Smart Cities
To understand seamful design, we first must understand seamless design. The utopian vision of Ubicomp, a forbearer to the current IoT and smart city trends, is for users to have seamless interactions with IT across different contexts. IT has become so integrated into daily life that it is invisible in use. 71 Realising this future prompted many strands of research in computer science, from Ambient Intelligence and pervasive computing to context aware and calm computing. 72 The engineering principles of seamless networking and invisibility in use through new interface designs, networking protocols and so forth were never far from the research agenda.
However, within the HCI community, increased critical reflection on these goals sugested adherence to engineering design principles of near future technical visions, such as seamlessness, often led to neglect of user interests and the realities of the present. 73 Research on smart homes, for example, shows user interests are often side-lined for the desire to engineer the technical vision of contextually relevant, responsive devices and services to make life simpler and more convenient. 74 We see similar trends emerging in smart cities, where utopian rhetoric abounds. Multiple stakeholders driving forth a multitude of agendas are normally framed around efficiency, convenience and security from the smart urban future. As Kitchin argues "the smart city promises to solve a fundamental conundrum of cities -how to reduce costs and create economic growth and resilience at the same time as producing sustainability and improving services, participation and quality of life -and to do so in commonsensical, pragmatic, neutral and supposedly apolitical ways by utilising a fast-flowing torrent of urban data and data analytics, algorithmic governance, and responsive, networked urban infrastructure." 75 Interaction between local government and multinational corporations are a key relationship to consider in these changes. The significant investment in Glasgow, through the Future Cities project before the 2014 Commonwealth Games is a good practical example. Goals such as opening-up access to streams of data through smart city dashboards aim to encourage innovation and create value added services and foster local economic growth were important. 76 Multinationals corporations offer 'smart city in a box' type solutions, providing software and hardware to upgrade dated infrastructure to become intelligent. 77 As the vision goes, sensors, networking and actuators can manage many parts of civic life. Urban congestion can be decreased by intelligently rerouting rush hour traffic. 78 Crime can be managed more effectively with smart CCTV systems using machine learning to detect suspicious visual behaviour or microphones to monitor noise volumes in the street. More efficient street lighting can stretch already tight local government budgets, whilst supporting carbon footprint reduction targets and wider environmental sustainability goals. 79 Despite these admirable goals, a key challenge with this vision, as with Ubicomp or smart homes that have gone before, is how to use data to make city life better for citizens and local communities. 80 Turning again to authors like Kitchin, we see concerns about lack of attention paid to local interests and how this can impact the nature of emerging smart cities. As he argues, "the realities of implementation are messier and more complex than the marketing hype of corporations or city managers portrays and there are a number of social, political, ethical and legal concerns with respect to the kind of society smart city initiatives seek to create". 81 Similarly, researchers Murakami Wood and Graham are concerned about links between smart cities, increased surveillance and militarisation of urban space, unpacking how increased urban control might impact citizens human rights. 82 Indeed, those building and managing cities need to understand the inhabitants, and respect what they need from their urban environment. Cities exist within regulatory frameworks, where different actors have both rights and responsibilities, for example around ensuring privacy in public spaces or ethical standards of policing. Within these frameworks, smart cities pose a range of regulatory challenges. 83 Edwards has argued that smart cities bring together the regulatory challenges inherent in three IT sectors: big data, cloud computing and ubiquitous computing. She argues this creates a 'perfect storm' of privacy and security threats. 84 Designing adequate consent mechanisms for IoT, lack of algorithmic transparency for big data, and third country data transfer with the cloud are just three of the many regulatory challenges she argues smart cities can pose. 85 In responding to these, we believe the practices of the HCI community, as a new type of regulator, can come to the fore. They can draw on their key route to legitimacy as regulators, user centricity, to engage with the needs of local citizens. By understanding their interests, HCI designers can both establish ethical or regulatory concerns but then act, by how they decide to design, and consequently mediate interactions, through their technological deployments. It is important to remember, that designers do not operate in isolation or a vacuum, and will be subject to the competing interests of other smart city stakeholders. Nevertheless, they have a clear opportunity for action and thus an important role to play.
To unpack this further, users living in a personal data rich smart city may require designers to create more effective consent mechanisms when interacting with smart public infrastructure, 86 increased transparency around how personal data flows between users and these services, and even build in the ability for users to 'go under the radar', to resist being monitored in their daily lives. Users have legal privacy rights, such as the right to be forgotten (Article 17 GDPR) or the right to object (Article 21 GDPR), which could support realisation of such resistance practices. Indeed, new clothing that confuses smart CCTV algorithms has been developed to assist in this regard. 87 Without the HCI designers who can mediate the user/IT interactions, and implement these perspectives, realising these rights in practice will be more complex. The benefit of aligning these IT regulation and design questions under the concept of UCR is the ability for action, for designers to listen to and respond to the needs of users, particularly around their legal rights. The alternative of leaving users to rely on expensive, after the fact legal action through litigation, is less than ideal.
Nevertheless, even if designers have routes for action, and a sense of responsibility to respond to their users' interests, the complexity and uncertainty of the legal landscape may make it hard to know what rights users have and how these may look in practice.
Accordingly, we think the notion of seamful design, as an HCI concept, 88 is useful here. Seamful design involves embracing the physical features and limitations inherent in designing interactive user experiences, where a key example is network connectivity. It is unlikely that there will always be reliable WiFi, GPS, or 3G signal for designing truly seamless user interactions 'in the wild', even now. There are often dead-zones with no connectivity, and depending upon how a system interface is designed this can impact the functionality and overall experience for end users. Accordingly, seamful design suggests recognising features and restraints that will shape the overall design and then responding by reflecting or highlighting these in the new end user experiences.
Repurposing this notion slightly, we can foresee seamful design as a way of surfacing uncertainty in IT regulation. Legislation may exist to cover regulation of a new technology, such as GDPR, but interpretation may be challenging. It may be a new piece of law with a lack of test cases, or the nature of what it requires, as is often the case, may be quite nebulous and inaccessible to non-lawyers. This can be exacerbated by the lag between law and technology, where the scope of legal challenges a new technology can pose are hard to determine with certainty, as it is a substantially new or disruptive system.
Actively playing with and raising awareness of the uncertainty in regulation of emerging technologies can be a role for designers. Thinking about legal uncertainty as a seam gives scope for law and HCI to come together in creative ways to reframe how user experiences and the associated legal rights of users come to be mediated in practice.
With consent mechanisms in smart city infrastructure, for example, how the legal threshold of informed, explicit consent in Article 7 GDPR for special categories of personal data 89 (racial or ethnic origin, genetic data, biometric data etc) is achieved in practice, is uncertain. However, designers have opportunities for action, to obtain input from users as to what they think this requires, and to respond accordingly. Building on the formal legal requirements as a baseline, the seams of uncertainty in interpreting the law can be highlighted in the end user experience. Through joint reflection by designers and users on how these rights and requirements might manifest in practice, new mechanisms and interpretations for how to obtain explicit consent in practice may emerge. Similarly, for the right to be forgotten, there is scope for designers to co-create new ephemeral interactions with users, to both realise the legal intent whilst creating engaging and rewarding user experiences. The challenges of doing this at scale in the smart city context adds a layer of complication, but also offers new opportunities.
Contrasts between designing interactions for transient visitors who may only visit the city and local residents who are there for decades are just one attribute to consider. Another is how to implement change whilst engaging with the diverse assemblage of local practices of neighbourhoods and communities, and not disrupting the patchwork that makes up life in that area. Another is managing the volume and diversity of stakeholders in a city, each with competing demands from design interventions, where the differing levels of input from investors, government bodies (local and state), industry, retail businesses and other residents will shape what is possible through design.
To conclude this part, thinking about smart cities in terms of local practices, relationships and interactions with technology is key. It moves us past how macro level visions of a 'smart city in a box' can solve all the socio-economic problems of an urban environment. It returns thinking to how user interactions with these technologies can be constructed in ways that respect their legal rights and wider interests. By bringing HCI designers into the remit of IT regulation, there are great opportunities to understand the impact of smart city developments at this local level, and to creatively address some of the big challenges they pose for users. However, greater interaction is needed between the law and HCI communities to support designers in doing this. 90 We now turn to some brief conclusions.

Part IV: Conclusion
In this paper, we discussed the importance of bringing HCI and IT law communities closer together. We did this through our concept of UCR. Turns in technology regulation to design coupled with growing awareness in HCI of the wider social implications of IT underpin this. We discussed how HCI designers can shape behaviour and regulate users through design. We focused on the importance of their role in mediating user interactions through IT, but concurrently, we recognise user relationships with IT may play out differently in use. Designers need to reflect on these complexities when considering how to address legal and ethical dimensions of their work. 91 We explored some challenges posed by smart cities, and considered the role designers may have in addressing these, for example by using the concept of seamful design to engage with uncertainty in the law. Importantly, HCI designers need to obtain legitimacy as regulators. We argue their proximity to end users and their tools for understanding user relationships and interactions with technology in context are key to this. Importantly for UCR, this offers opportunities for new regulatory strategies to emerge. HCI designers can begin to understand and then shape the relationships between ethical and legal interests of users and IT design in practice.