Difference between revisions of "Trust"
|Line 77:||Line 77:|
Revision as of 17:38, 31 July 2018
- 1 Full Title or Meme
- 2 Context
- 3 Problems
- 4 Solutions
- 5 References
Full Title or Meme
Tom Jones 2018-07-25
Goals and Scope
The content on this page is intended to describe the tools to evaluate what can be trusted by an individual in a digital age.
Creation of trust in a digital ecosystem is both very hard and very easy. It is very easy in the sense that we have great examples of trustworthy ecosystems in eBay and Amazon.  It is very hard in the sense that creating and maintaining such an ecosystem is an awful lot of real continuing effort that must be diligently and faithfully nurtured. Andrei Hagiu's theory can explain why platforms, seem to steer consumers towards established products and sellers. The major problems are Recovery and Redress, which see. All of the current tumult about trust on the internet is created by a bunch of legislatures and technologists that are trying to convince the world that a problem exists that they are uniquely capable of resolving. Caveat Emptor. The following looks at some of the open issues.
There are two ways to approach the problem of trust in networked digital systems. Each approach creates their own distinct context.
The scientific approach looks for a set of laws that can be formulated and tested to provide the desired trust.
When this approach does not work in C2B interactions the computer scientist always try to blame the users and propose educating the users. This approach never winds up meeting the goals.
The social approach to trust is exploited by con men attacking our human weaknesses every day. Creating trustworthy computer systems can not be overcome this sort of attack. One good example
Only a good user experience
- Federated Trust is a page that describes another way to address trust by the creation of a trusted sub-net where all members have been vetted by a mutually trusted third party.
- Reliance is “the act of relying, or the condition or quality of being reliant; dependence; confidence; trust; repose of mind upon what is deemed sufficient support or authority.” In this case trust that the actors will perform as expected.
- Relying Party is web site that trusts the authority of some identifier providers' assurances or attribute verifiers in making their own trust decision to authorize some access by a user.
- User Trust of a Web Site is a page that drills into the user experience at a web site that might engender trust.
The Technological Problem
It is easy to set up a Web Site that promises to solve the Trust Problem. Several have done so. The challenge is that there is no particular reason to trust a web site just because they claim to provide trust. In general, if some entity needs to tell you about some attribute on the site, the validity of the assertion should be immediately be suspect. Some examples are: (1) the Wells Fargo assertions of trustworthiness immediately after receiving a billion dollar fine, or (2) the release of privacy data by LifeLock after claiming for years to help you protect your User Private Information. Also several new technology initiatives seem to claim to be trust anchors, when all they provide is a means to time-stamp a document. (see the page on Distributed Identity for details.) In general be very wary of any claim made for a technological solution to a Trust problem.
The Philosophical Problem
What does it even mean to Trust that some outcome will occur? Part of the problem is that Trust is context dependent. I am content to trust my money to my banker, but not my brother-in-law. On the other hand I am content to trust my children to my brother-in-law, but not my banker. In his discussion on logic, Karl Popper determines that any logical proof of a statement of fact requires some specialized language where the statements can be made in a manner that does not allow for any ambiguity of meaning. In the internet we see an example of this sort of language in the X.509 Certificate chains that bind the name of a web site to a root certificate of known trustworthiness. There are a set of rules issued by the CA|B forum that specify the conditions under which a web browser can accept a web site as trust worthy. At the end of 2015 when Google discoved that Symantic was not following these rules, they dropped the offending root certificate from the list accepted by the Chrome browser. The strict meaning of the rules were tested, and the rules won in this case. Before any other logically acceptable trust metric is instituted on the internet, a similar strict definition of the context and the language will be needed.
The Psychological Problem
The philosopher Karl Popper defined the psychological problem The psychologist
The Ethical Conduct Problem
Ethics and trust are inextricably linked. We are interested in ethics in large part because we are concerned, even obsessed, with the question of who we can trust is a world where there is risk and uncertainty. In our relationships, we humans are much more concerned about assessing trustworthiness of others than we are in trying to figure out how ethical they are. So what is trust and what is trustworthiness? The mountain image on right depicts our human situation of uncertainty.
Our lives are embedded in human networks where we need to assess trust (see Trust Choice Schematic). The Decision to Trust Model (DTM Model) was developed (see below HBR 2006 article or Jossey Bass 2012 book) to help us make better decisions about discerning trustworthiness and even repairing trust.
Trustworthiness relates directly to ethics on two specific dimensions: integrity and benevolence. In brief: ‘‘A trustworthy party is one that will not unfairly exploit the vulnerabilities of the other party in the relationship.’’ (see Banerjee, Bowie and Pavone An Ethical Analysis of the Trust Relationship page 308 in Bachmann and Zaheer eds. Handbook of Trust Research in book chapter below).
Trust relationships exist at many levels: between two people, among members of a team, between teams, within an organization, between workers and management and even within an entire system, like the financial system or the air traffic control system. The further removed individuals are from the locus of the relationship, it becomes more complicated to assess trustworthiness. For example, how do you judge the trustworthiness of a bank or a financial system that is saving your money? We would like use a combination of personal and impersonal cues. For example, if we were making a trust judgment about a doctor for surgery, we might assess not only the doctor but also in the doctor's hospital.
Conduct Risk is a new field of auditing that is a response to the huge loss in value of companies like Arthur Anderson, Wells Fargo or Equifax suffered as a result of the manner in which they conducted their business.
Trust is earned. Where Ethics are lacking Trust cannot survive. They are reciprocal concepts as high trust environments will encourage good ethics of participants and good ethical values in on-line interchanges will build trust.
Bootstrapping Trust from the User's Device
How can a User know when Web Site Security is sufficient for them to trust. While that page discusses the issue from the perspective of what the web site can do, this topic is what can a user do to create a source of trust that they can use not only to show that they are trustworthy, but that they can use to test the trustworthiness of the web sites that they visit. This all starts with a trusted User Agent running on a trusted User Device, a computer or cell phone that can express its own level of security. This is a problem that has been solved many times over the past decades. In 2012 Bryan Parno published an article titled "Trust Extension for Commodity Computers" that described a technology solution based on the TPM chip that had already been installed in 350 million computers. This article describes dome the the challenges of deploying such a secure solution as requiring some protected execution environment as could be obtained from a virtual machine environment. While that was prohibitively expensive at the time, current computer systems embed the modern equivalent of the TPM in every Intel or ARM computer chip and Windows 10 laptop computers now run protected code in a virtual machine environment. So the technology exists to bootstrap trust from the user's personal device. The operational assumption is that the security of any trust statement is determined by the proctection and access to the key, which is only accessible in a Trusted Execution Environment. Expect to see more offering about this in the near future.
Chain of Trust
For certificates, and most particularly for CCITT X.509 certificates, the trust of the certificate can chain back to a root of trust certificate. If a Site puts that root of trust certificate into their trust repository, then all of the certificates which chain off of it are also trusted to the extent listed in the certificate itself. The implication of this is that all self-signed certificates must be explicitly included int the trust repository if they are to be trusted. The assumption behind all chains of trust is that every signing key, including the subject's, is well protected as described above.
Since most of us do not have the capability to evaluate even a small fraction of the requests that we receive on a daily basis, we are compelled to trust things that are vouched by others as trustworthy. As one example, Microsoft has created a trustworthy computing initiative in 2002. "Fundamental to that decision was the understanding that a company’s greatest asset is customer trust." It sounds like they want us to trust then with our computing decisions. Even for the most trusted decision of all, what software to run in kernel mode on our personal computers, they don't seem to able to perform without error. Still, the only possible decision to be made, if we want to use the modern conveniences of a digital lifestyle, is whether we could make a better decision than companies like Microsoft. It seems clear that most of us will need to find a collection of organizations that we, individually, decide are best capable of looking after our interests and trust whom they tell us to trust.
- John Herrman Want to understand all that ails the modern internet? Look to eBay its first megaplatform - and the blueprint for everything that followed. (2018-06-24) The New York Times Magazine p. 14ff
- Andrei Hagiu +1, Platforms and the exploration of new products (2018-06-18) http://andreihagiu.com/wp-content/uploads/2018/06/Exploration-new-sellers-and-products-06142018.pdf
- Muneesh Kumar, Trust and Technology in B2B E-Commerce: Practices and Strategies for Assurance Google Books IGI ISBN 978-1613503539
- Merriam Webster 3rd International Dictionary
- Donna Borak, Wells Fargo fined $1 billion for insurance and mortgage abuses (2018-04-20) CNN https://money.cnn.com/2018/04/20/news/companies/wells-fargo-regulators-auto-lending-fine/index.html/
- Kim Zetter, Lifelock Once Again Failed at Its One Job: Protecting Data (2015-07-21) Wired https://www.wired.com/2015/07/lifelock-failed-one-job-protecting-data/
- Karl Popper, Conjectures and Refutations. (1963) Routledge chapter 9 ISBN 0-415-28594-1
- CAB Forum, Baseline Requirements https://cabforum.org/baseline-requirements-documents/
- Larry Loeb, Google No Longer Trusts Symantec’s Root Certificate. https://securityintelligence.com/news/google-no-longer-trusts-symantecs-root-certificate/
- Trust http://www.ethicalsystems.org/content/trust
- Linda Fisher Thornton Ethics and Trust are Reciprocal https://leadingincontext.com/2014/06/18/ethics-and-trust/
- Bryan Parno, Trust Extension for Commodity Computers CACM 55 No 6 (2012-06) p 76ff
- Microsoft. Windows Defender Application Guard overview (2018-07-09) https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview
- Microsoft. Certificates [in Widows]. https://technet.microsoft.com/en-us/library/cc700805.aspx
- Scott Charney https://news.microsoft.com/2012/01/12/at-10-year-milestone-microsofts-trustworthy-computing-initiative-more-important-than-ever/
- CEO (unnamed) of Paramount Defenses, Alarming! : Windows Update Automatically Downloaded and Installed an Untrusted Self-Signed Kernel-mode Lenovo Driver on New Surface Device http://www.cyber-security-blog.com/2018/06/windows-update-installed-an-untrusted-lenovo-driver-on-a-microsoft-surface-device.html?m=1