Steve Magennis
Founder, Polywug
Examining Trust at a Distance
June 1, 2020
When technology acts as an intermediary between humans, as it does every day on the internet, on social media, over email and even with smart devices, people have to make quick decisions about trusting one another without the benefit of in-person contact. Technology standards give us a level of confidence that the flow of information between digital endpoints is reliable, but does nothing to help us evaluate the reputation, integrity or intent of the party at the other end of the connection.
Last week I had the opportunity to explore ideas about “trust at a distance” with a number of very insightful people who, like myself, have been spending a lot of time lately looking at trust in the context of a new Linux Foundation project called Trust Over IP (ToIP). The goal of the project is to help people be much more confident in trusting the human interactions that take place when technology is the channel of communications between people.
Trust is a human construct
Some people describe trust as a mental model that we use to make predictions about future outcomes and their impact on us personally. Do I trust that the sandwich on the food truck won’t make me sick? Do I trust that my neighbor will keep my child safe after school? Do I trust that my bank will give me my money when I ask for it?
With technology, phrases like ‘trusted execution environments,’ ‘digital trust,’ ‘trustworthy computing’ more accurately refer to trust that we as humans have in the technology rather than any intrinsic property of the machinery or system. As far as we know, computers have no concept of, or interest in trust.
Trust is contextual
I may trust a pilot to get me safely to my destination and I may trust my dentist to fill my cavity, but I certainly wouldn’t extend my trust in those individuals beyond the job they’re trained to do. I certainly wouldn’t trust each to do the other’s job, for instance. Trust can change over time as situations, circumstances and people change. Trust is anything but static.
Trust is personal
Alice may trust Bob to take care of her dog while she is out of town, whereas Carol may not even trust Bob enough to let him feed her goldfish. Bob is one person but Alice and Carol trust him in very different ways.
Think about your daily news feeds. How you interpret and react to information contained within an article is often significantly influenced by your personal view of the publisher.
Engendering trust is a multi-facited activity
The ToIP project approaches trust from a multi-disciplinary perspective. Having trust in underlying protocols and technology is necessary but since the goal is to elevate trust between people who are connected by technology, trust in technology alone is insufficient. This kind of trust also requires trust in the people and institutions that build, operate and maintain the ecosystems in which people interact.
The credit card ecosystem exemplifies many of the attributes we’re talking about and can be viewed as a working model illustrating why a multi-disciplinary approach is necessary for achieving the goals of ToIP.
A credit card network can readily be described as an ecosystem that enables large numbers of people to interact at a distance, using technology as the channel for their communications. Everything about the technology chain from the cards, chip readers, network protocols and back-end processing is based on standards, certifications and auditing. All of this engenders trust by the network participants that if implemented properly, data will flow correctly and securely between holder, merchant and bank. The other half of the solution, though, is the trust that must exist between the network participants irrespective of the supporting technology. Imagine if a bank simply decided to pay a merchant half now and half next month for a purchase made at their store. Imagine if a cardholder approved a $100 purchase but then the merchant submitted a charge for $110. Without a set of clear, enforceable rules and penalties, participants would quickly lose trust in the ecosystem and it would collapse.
In the case of card networks, the set of rules and obligations are maintained by the credit card company, permitted by local legal authority, agreed to by participants, enforced by the credit card company and backstopped by a judicial system. Together, these elements are designed to engender trust that the whole thing works as it should. While each participant is expected to be trustworthy in their role and operate in good faith, breaches of trust, carelessness and mistakes are actively monitored and mitigated. Once the technology component is up and running, the primary role of sustaining viability of the network is about managing the trust in, and reputation of, the ecosystem.
The ToIP project is hoping to make trust at a distance work for many use cases and is a very exciting and challenging piece of work. Creating an open framework that maps out foundational trust components and offers templates for projects to leverage will accelerate people’s ability to design systems that finally put the human component of interactions on a first-class footing with technology.