1 Introduction
2 Theoretical background
2.1 On the relationship of trust and risk
2.2 Trust and risk in IS literature
Perceived risks | Definition |
---|---|
Performance risk | A risk relating to the (under)performance and (mal)functioning of the purchased product |
Financial risk | A risk relating to the loss of money through the purchase, secondary costs, and fraud |
Time risk | A risk relating to the consumers losing time through the online purchase |
Psychological risk | A risk relating to the consumer’s mental state impairing, e.g., resulting from frustration with the online purchase or self-perceptions |
Social risk | A risk relating to a changed status of the consumer within their peer group as a result of an online purchase |
Privacy risk | A risk relating to the loss of privacy, e.g., by giving away personal information intendedly or unintendedly while making the purchase |
Overall risk | An assessment of all other risks taken together |
2.3 Trust and risk in e-government acceptance literature
3 Method
3.1 Data collection
3.2 Data analysis
Description | Representative quotes |
---|---|
Where does the risk stem from? Provider System/Service | |
Provider refers to the entity offering either the service or the system to its user. It is the entity liable for the provided service or content and may be congruent with the developer. Also, system and service provider may be the same entity. In the context of e-government, the provider is commonly the administration, the government, or any other public agency, but can also be a private company commissioned by the government, e.g., a private IT service provider or system integrator | “Moreover, every governmental institution resembles a monopolistic ‘business’ entity that provides services exclusive to a country […]. Without exposure to market forces, governmental institutions are often laden with a supplementary layer of political affinity. With e-governments acting as surrogates (or proxies) for governmental institutions, citizens may be compelled to question the aspirations and motivations behind such systems […]” (Lim et al. 2012, p. 1112) “Perceived risk is more related to the security of the government’s databases” (Roy et al. 2015, p. 358) |
Developer System/Service | |
Developer refers to the entity responsible for the technical development of a system or service. Causes for risk perceptions included in this category may refer to negligence but also to malevolence | “A national information infrastructure is a sociotechnological network of people (stakeholders), hardware (networked systems), software, and security and privacy policies that must deal with risks (threats such as equipment failure, extreme weather, hacking, and sabotage)” (Hole 2016, p. 69) “Distrust in e-voting systems and, as a result, low electoral activity of citizens may also arise due to lack of trust in developers and vendors who could provide the equipment and software solutions in the area.” (Kassen 2020, p. 321) |
Third Party | |
Third Party refers to, for example, hackers. It includes only parties that are not an intended party in the interaction of user and provider and developer | “Personal information shared with an organization digitally could either be exploited by the organization collecting the information or by unauthorized third parties that could access such information using sophisticated technologies.” (Beldad et al. 2012a, pp. 41–42) |
Infrastructure/Technology Internet/Own Device | |
Infrastructure may comprise the Internet in general as a source for risks, but also less generic technologies such as cloud computing or even the users’ own device | “In effect, negative experiences with the internet tend to increase concerns about internet risk, leading to a decrease in trust in online services.” (Alzahrani et al. 2018, p. 141) |
Users Administration (Employees)/Businesses/Citizens | |
Users are the human entities or groups of human entities that are offered a service/system or supervise a service (administration employees). Risks can stem from users’ inabilities to handle technology, their lack of knowledge or unwillingness. For the sub-category administration employees, we further consider statements that refer to the (malicious) behaviour of individuals within an organisation, particularly when this behaviour is in contrast to the general behavioural norms of the institution. For example, risks may arise through the misuse of personal data by government staff, although this behaviour is not tolerated/encouraged by the government | “Some individuals may also view the political world as corrupt and deceitful. Some voters may fear that political elites could somehow sabotage an online vote in their favor; […]” (Powell et al. 2012, p. 363) |
Act of God/ Environment/ Emergency | |
Risks can also arise from circumstances outside the control of the individual or an organisation, for example in case of natural catastrophes | “The second type of uncertainty is environmental, which originates because emergencies, by their nature, cannot usually be predicted in their exact timing or severity.” (Aloudat et al. 2014, p. 155) |
Who perceives a risk? | |
Internal entities | |
Employees may perceive risks in the use and provision of e-services | – |
External entities | |
External entities can be businesses other organisations, and citizens. Citizens as users of e-government services can perceive various risks that may or may not be congruent with actually existing risks | “In the context of e-government, perceived risk can be seen as the conviction by a citizen that he/she will suffer some sort of loss when using an e-government system.” (Verkijika & Wet 2018, p. 85) “In face of risky situations, decision makers, i.e. citizens, need trust as a bypass to these risk perceptions to be able to decide and act.” (Distel et al. 2021, 164) |
What is the type of risk? | |
Quality of information/data System-provided/User-driven | |
Quality of information/data pertains to, for example, accuracy, completeness and timeliness of data (according to Ballou & Pazer 1985; 1995). This might relate to both information provided to citizens and information on citizens stored and processed by administrative bodies. Furthermore, risks might occur on the part of users as they have to provide their information timely, accurately, and
complete as well | “The citizens’ perspective—The factors for acceptance include familiarity or experience with e-services and government; ease of use; perceived usefulness; trust in the organisation and service for example interacting with government on-line and the perceived safety/risk of providing information to government; perceived quality of information and service; and perceived behavioural control and subjective norms […]” (Tassabehji & Elliman 2006, p. 3) “I believe the information offered by the m-government applications is genuine […] I can rely on m-government applications for information about different services.” (Eid et al. 2021, p. 471) |
(Information) Security Confidentiality of information, data/Integrity of information, data/Availability of information, data | |
This category subsumes all statements that refer to the technical and information security of e-government systems and services as a potential risk Confidentiality refers to the risk perceptions that unauthorised parties get access to personal (or in rare cases: governmental) information. This includes any form of privacy risks Integrity refers to the risk perception that information received, provided and/or stored by organisations is incomplete, has been changed, or is inconsistent. Integrity refers to the immutability of information/data Availability refers to the risk perception that information might not be available to the service/provider/user. This category may include risks pertaining to the (technical) reliability of services. Hereunder fall also statements that indicate that a system or a service is not or not continuously available | “This implies that third parties can intercept, read and modify the information.” (Horst et al. 2007, p. 1839) “Although cloud computing can benefit e-government services, there are risks, both tangible (access, availability, infrastructure, and integrity) and intangible (reliability of the cloud, security, safety mechanisms, data confidentiality and privacy, and so on).” (Lian 2015, p. 100) “SEC1: Hackers may be able to intrude into government websites and steal my personal information stored on the web. SEC2: I would not feel secure sending sensitive information to e-government websites. SEC3: Overall, it is not safe sending sensitive information to e-government websites.” (Alzahrani et al. 2018, p. 132) |
What is the type of loss? | |
Asset-based losses | |
Personal data | |
Hereunder fall statements that refer to information of citizens that is actually lost in the process of service provision and cannot be restored | “In addition, e-government transaction risk can also involve loss of data which are of high importance to the citizen, beyond typical privacy concerns faced in e-commerce, such as tax or health information.” (Papadopoulou et al. 2010, p. 4) |
Financial resources | |
Statements of this kind indicate any form of financial loss for the service users. This might refer to payments that need to be made in order to receive a service, financial investments, or missed opportunities for financial gains | “Financial risk accounts for the potential monetary outlay associated with purchasing or maintaining a product or service […]. This concept includes criminal activity such as fraud.” (Kollmann et al. 2015, p. 309) “A group of citizens raised a concern regarding the use of their internet banking credentials for authenticating in these digital public services, as they believed that revealing their internet banking credentials might pose risks of their misuse by government (e.g. for taxation or other purposes); this reveals an important mistrust in the government concerning the way of use of this banking-related data provided by the citizens, which affects negatively the attitude of citizens towards the use of these e-services.” (Loukadounou et al. 2020, p. 231) |
Time | |
Statements indicate that actors can lose time or that the given process/behaviour might require more time as compared to another (traditional, habitual, status quo) process/behaviour | “Time risk is associated with the loss of time an individual may suffer owing to wasting time, for example, on opaque offers or useless sites […]” (Kollmann et al. 2015, pp. 309–310) “TR1: Using e-government websites to search for or request a government service could take up my time. […] TR2: Using e-government websites to search for or request a government service will require a lot of time TR3: Using e-government services will not waste my time.” (Alzahrani et al. 2018, p. 132) |
Interpersonal losses | |
Social risk | |
Hereunder fall risks pertaining to the social status of a person, their reputation and/or standing in the peer groups. It may also relate to the (anticipated) judgement of one’s behaviour by peers | “Social risk refers to the potential loss of status in a social group resulting from adopting a particular product or service […]” (Kollmann et al. 2015, p. 310) “In addition, social risks can occur as people might fear social pressure or social exclusion from using or not using the tracing app.” (Oldeweme et al. 2021, 2) |
Control over product/service Loss of democratic rights | |
Statements indicate that the actors lose control over the service consumed or product purchased. This category contains only statements that refer to the product/service, not statements referring to the availability of a system/information/data (see ‘availability’) A special form of lost control may be the loss of democratic rights that may occur in the course of electronic voting, for example | “First, task uncertainty and workflow uncertainty arise from the service process of e-government. When using an e-government service (e.g., online tax filing), citizens need to be provided with necessary information (e.g., user instructions and status updates) to accomplish service tasks (e.g., filing taxes) and keep track of the service workflow (e.g., checking tax refund status). With incomplete information, citizens may feel uncertain about how they can obtain desired services, and when and which government agencies will receive and process their service requests.” (Venkatesh et al. 2016, p. 90) |
Intrapersonal losses | |
Physical health | |
This category subsumes all statements that indicate that an actor risks his or her physical health in the course of requesting a service | “First, a perception of a personal risk could originate when the user is uncertain whether or not the LBS [location-based service] infrastructure would cope with the emergency situation, which might lead to a potential risk to the personal safety or the safety of important others (i.e. family members, friends, or working companions).” (Aloudat et al. 2014, p. 155) |
Psychological/mental health | |
This category subsumes all statements that indicate that an actor risks his or her mental health in the course of requesting a service. This includes statements referring to a general uneasiness related to e-service use, but also more severe forms of mental health issues such as fears | “Psychological risk occurs when an individual’s selection or performance has a negative impact on the individual’s peace of mind or self-perception […]. This includes feelings of frustration at not being able to achieve the expected outcome of a process or action […]” (Kollmann et al. 2015, p. 310) |