Sunday, October 18, 2009

Thoughts on Trust

I was asked for my thoughts on trust, in relation to groups and networks. This was my response, not directly addressing the issue, but framing it I think in a relevant way.

I wrote this, which touches on it: http://www.downes.ca/post/12

I have very mixed feelings about trust in and of itself.

My first reaction is that discussions of trust get started precisely in cases where there is no trust, and that this manifests itself in two areas:

- software and content vendors do not trust their consumers, and attempt to for conditions of authentication and registration on them - hence the misnamed miniker "trusted computing", which is actually an area of your own computer that is outside your control, and completely in the hands of the companies. Similarily, mobile phone are often thought of as "trusted platforms" precidely because complete control of the operating system environment is in the hands of the vendor - which is why Apple, eg., can remove applications at will

- customers do not trust the software and content vendors. Hence the need for people to be reassured that it is 'safe' for them to submit their credit card numbers and personal information to commerce sites and social networks. There are also issues regarding the ownership of their own content (vendors, so protective opf their own content, are careless to the point of irresponsibility with the rights of their customers)

A lot of the time, people talking about "trust" will say things that sound like they're talking about the second sort (whether people truth the vendors) but the solutions they propose (such as suthentication) are intended to solve issues of the first sort.

Two other dimensions of trust are almost never discussed at all:

- vendor-to-vendor trust. For the most part, companies on the internet do not trust each other at all. With good reason. This is why interactions between the vendors are tightly controled, via APIs or other arms-length mechanisms. Varioius trust mechanistms are build into the the technology, like anonymizing of data (notice how this applies in everything from financial transactions to OAuth to distribution of research results). These mechanisms are not put in place to protect users (though that is what will be said) but instead to protect themselves from the other vendors. Over time, this dimension mof (lack of) truth tends to lead toward the development of (closed) federations, rather than open networks, to the detriment of the wider internet.

- person to person. We don't truth each other (and we shouldn't). Spam, viruses and phishing are the most manifest cases of this sort of breach of trust. Consequently, we have attempted to create walls around ourselves - spam filters, social network buddy lists, so-not-call registries. We seek control over the flow of information into and out of our systems through technology over which we have less and less control (because of the needs of the other forms of 'trust'). How ironic it is that the mechanisms used to ensure vendors can trust computers are precisely those that lead to abuses such as spam and identity theft!

So what do I conclude from all this?

- the root of trust is mistrust
- different forms of trust are at odds with each other
- mechanisms that create trust often hurt the network as a whole
- for the network to work, we must all give up control - but at a measured pace, in step with each other, to avoid one element of the other abusing this greater openness
- and yet, this giving up of control cannot be absolute - in the final analysis, we must be able to assert ownership over out own environments (which means, either absolute ownership over the contents of them, or the right to remove that which we do not own)

So - there's a full paper, I think (or it would be after references and summaries of the discussion were added). Hope it was useful.

5 comments:

  1. Talk of trust and trusted computing reminded me of this video.

    ReplyDelete
  2. Kia ora e Stephen.

    You say, "the root of trust is mistrust." The assumption that we start with a zero (trust) balance means that trust has to be earned.

    I don't go along with the idea of different forms of trust, but I'm inclined to think that there are different levels of it.

    It comes down to belief. If there are different forms of trust, then there must also be different forms of belief. My take is that you either believe it or you don't, the only clause being that you are still making a decision on that.

    Catchya later

    ReplyDelete
  3. For me at the heart of trust is not mistrust, but a sense of belonging, of wanting to be associated with someone or something. This association will mean that something of value can be shared and you only want to do that with someone you feel comfortable with and know would not deceive you.

    ReplyDelete
  4. Corrie ten Boom is an amazing woman - she tells this story. She was in a foreign country and they drove up on an old bridge and were deciding if they were going to cross it. There was an engineer with him and he got out and examined the bridge to see if it was trustworthy. He determined in his expertise that it was and they drove across without a problem. Notice that he did not ask the occupants of the car if they trusted the bridge - their level of trust (or distrust for that matter) was irrelevant.

    So, when I look at who to trust, these are the things I consider. Is the PERSON trustworthy but I have to know that they are a human. So, in our humanness we mess up but if they are a person of integrity, if they mess up they will try to make it right - if they are not and prove to be untrustworthy then NEVER AGAIN my friend will I trust that person.

    I think that distrust or as some will say cynicism has permeated our global society because it is so unbelievably easy for people to pretend to be something they are not. We see this all the time when the "experts" sign up their classes for our projects and we find that the person doesn't check email and doesn't engage at all in the project because they are too busy talking about all the things they are doing. That kind of person does not have integrity if they do this consistently.

    Here in "the South" (of the USA) a person's word is very important as is a person's reputation and it is something that we all value highly but there are so many people that don't see it that way.

    I think your point is valid that we must be careful in whom we put our trust or the things that we put our trust to make sure that they are things of worth that hold up. We also have to look at what is at risk -- in corrie's example it was their lives so they'd better make totally sure that it was OK. However, if it is just my own personal experience of having a technology not work - that is no big deal. If it is something that my students are going to work in - that is a big deal. So, again, we have to understand the level to which the trust we give is going to affect others.

    It is all about knowing a person to me. I feel like I know you and know a little tiny bit about where you are coming from and so when you post something I feel like you will disclose it. Does it mean that I trust you to tell me what I should use with my class -- well, I will take what you say and TEST IT MYSELF and then decide.

    This is a pretty long answer here but I just felt the need to pontificate on this one. It is just very very important for all of us to know that we should verify things and check things out and also that everything is not as it appears.

    If research is sponsored by a company - did the company "pay off" the researcher in a way? If a person does not like another and gives them a bad recommendation is that other person really not up to measure or is the person saying negative things just jealous.

    Point being: beware of taking things at face value and use that noggin that sits between your shoulders to check things out for yourself and make up your own mind.

    Great thoughts. Thank you for sharing!

    ReplyDelete
  5. Stephen, I resonate with your ideas about trust. It's more complicated than what I first conceived, especially trust in online virtual environment. I met you face to face, and that may be the only "trust" we both have, when you know a real me, not another avatar. So, would trust be based on such intricate interaction rather than those exchange of ideas only. For me, trust would be at different levels, but there could be conflicts of trust as you mentioned, when there are are conflicting or disagreement arising from the interaction, especially at person to person level. There is a threshold of trust, especially when people felt "betrayed" in an interaction or engagement online.
    "Would you trust me?" may be a question asking in doubt or without confidence. But surely you would trust me may be too over powering. What do you think?
    Thanks for sharing.
    John

    ReplyDelete

I welcome your comments - I'm really sorry about the moderation, but Google's filters are basically ineffective.