The Internet and trust
Updated on 07 August 2022
Reflections from the Science in Perspective discussion
A few days ago, as I was on my way to ETH Zürich to moderate a session on Internet and Trust, I took a close look at the importance of trust for my daily routines.
My iPhone alarm went off at 6 am. It did not fail me. It did not betray my trust. I chose my outfit based on the day’s weather forecast. My trust in the forecast paid off. My train for Zurich left on time. It’s Swiss time, after all. In every step of our daily lives, we place a considerable amount of trust in technology, people, and institutions.
My trust reflections provided a prelude for discussion at ETH’s first Science in Perspective talk, covering technical, legal, and social aspects of the Internet and trust. ETH’s main hall was the right venue for a discussion on the Internet and trust. The space conveys the history, solidity, and reputation of ETH. Society trusts ETH to produce leading scientists and engineers. This trust is reflected in ETH’s high place in international rankings, such as the Times Higher Education ranking where ETH takes 9th position for 2016-7. It is also reflected in the fact that 21 Nobel prize winners hail from ETH.
The Internet and Trust panel involved three computer scientists (Adrian Perrig, Timothy Roscoe, and Brian Trammell) and two lawyers (Stefan Bechtold and myself). Brian Trammell explained how the Internet was conceptualised and developed by a small scientific community based at a few American universities. The mutual level of trust was very high among these early Internet developers. Their peer-to-peer network was often cemented by beer-to-beer discussions. Trust was thick.
The more the Internet expanded beyond this close scientific circle, the thinner this trust became. The process led us to today’s three billion Internet users, where Internet trust has developed a completely new character (or character flaw). (Refer to the Timeline of ICT and digital policy for a zoomed-out view of global developments over time)
Metaphors play a crucial role when we talk about the Internet. Timothy Roscoe guided us through the transportation metaphor as a way to explain what the Internet is to newcomers. E-mail is thought of as a type of postal delivery; the image of a highway describes the routes used for navigating around digital networks. Metaphors help us to understand new concepts and situations through their parallels with what we already know. Metaphors have helped to build trust in the Internet by building understanding and knowledge.
But, as Timothy argued, metaphors have started to fail us. The old Internet metaphors cannot explain the new Internet reality. Ultimately, the metaphors which were a useful cognitive tool for Internet use until now have become confusing, and they may even undermine trust on the Internet. Can we find new metaphors to build better understanding of the current Internet? This remained an open question for the public in the room and the wider community. (see: Use of digital analogies and metaphors in An Introduction to Internet Governance (pp. 24–28).
After covering the evolution of the Internet and the concept of trust, the discussion moved to current challenges and how to address them. Adrian Perrig and his team have developed the SCION Internet Architecture, which helps users to deal with trust (or the lack of it) on the modern Internet. Like all impactful ideas, SCION is based on a simple notion, in this case, that we can decide for ourselves who we will trust and keep in our digital vicinity. Our trusted community may consist of our neighborhood, our country, and/or our family and friends, at our own discretion.
SCION enables us to stay within a trusted community, without being isolated from the three billion other Internet users. In SCION, trust is not binary (you have it or you don’t); it is analogue. You decide what level of trust you want to assign to your online group. SCION’s trust management system lets each of us decide when to have thick trust (deep commitment) and when to recognise that we are skating on thin trust. Can SCION offer a solution for how to be part of the great global network, while retaining control over whom, how, and to what extent we trust online? It looks promising.
Stefan Bechtold focused on legal considerations of online trust. One of the main legal issues that can undermine trust is jurisdiction online. Namely, it is very difficult for citizens and other entities to protect their legal interests online via existing court jurisdiction (e.g. how can a Swiss citizen deal with a libel case triggered by a Facebook post?).
Stefan provided some examples where trust plays a critical role. For example, ICANN (the Internet Corporation for Assigned Names and Numbers) is based on enduring and delicate trust-building processes (with a few bumps along the way). Internet organisations such as ICANN and the Internet Society have built trust capacity over the years by, among other things, ensuring that the Internet functions. The next major online trust challenge will be to ensure that Internet users can protect their own legal and other (privacy, safety, choice, cost) interests, including their core human rights.
Stefan also highlighted the tension between the ways that computer scientists and lawyers deal with risks and trust. Computer specialists aim to completely eliminate risk, however this goal can rarely be achieved, especially for technology used by people. Lawyers start from the presumption that risk cannot be eliminated, it can only be managed.
A few interesting issues emerged in the panel debate.
Timothy Roscoe triggered discussion on the ‘paradox of trust’. We put a lot of trust in Internet technology by using it and by providing our data (including private and intimate information). At the same time, technology is not as trustworthy as our habitual use might imply. Our data is not as secure as we expect. There are many security breaches. The Internet as a system has some in-built security loopholes. During the discussion, many people commented on the need to deal with this paradox and the risk that a potential major failure of the Internet – including the kill switch risks that Adrian Perrig mentioned – may destroy online trust. The ‘paradox of trust’ should be addressed by more transparency, awareness building, and strengthening the ‘digital hygiene’ of users worldwide (skills and techniques to protect security and data).
Is trust a Swiss asset in the global digital economy?
If there was a trust ranking, most likely Switzerland would be among the trust leaders in the world. In Switzerland, trust has been built in a number of ways. First, it is the result of a very carefully developed political system with a division of power between communes, cantons, and the confederation. Checks and balances, and public referendums, prevent private interests from capturing the political system. This political system ensures the trust of citizens in government and state.
Trust is also behind the Swiss banking sector. Choosing a Swiss bank to deposit your money is a sign of trust. Switzerland is a trusted mediator in dealing with delicate humanitarian issues, as shown by the recent Colombian peace negotiations, and the freeing of 82 Chibok schoolgirls from Boko Haram captivity. Geneva is a trusted venue for negotiations among people holding different political views and interests.
Can Switzerland transfer its big ‘trust capacity’ into a significant asset for the digital era, where trust will be more important than ever before? This trust could be manifested in various forms, from hosting servers with data, to providing a fair and reliable legal system, to dealing with disputes and ultimately facilitating a new type of international policy system as Microsoft suggested in the proposal for the Geneva Digital Convention.
In the debate that followed the panel interventions, one of the questions came from a person who had been attacked by ransomware. The police in Zurich could not help him; similarly, the police in many other countries cannot address such situations. His story opened an interesting discussion on the social contract in the Internet era. In essence, the social contract is a tacit agreement between citizens and the state, in which citizens pass some rights to the state in exchange for security and protection against anarchy (Thomas Hobbes’s Leviathan). Can the state deliver on its part of the social contract in an era and environment where it does not have the tools and means, for example, to protect citizens from ransomware? Currently, it cannot. This means that one of the pillars of trust – the trust of citizens in the state’s ability to provide security and justice – is seriously shaken.
Do we need a new social contract for the online era, which will re-establish the relationship of trust between citizens and state? Is it enough to bring citizens and the state to the same table? Or should today’s social contract also involve the technical community and the private sector, which manage most of the online world? Would a carefully designed checks and balances system with a high level of transparency be sufficient? Should the ‘digital social contract’ be global, or would regional and national arrangements work?
A social contract could address the main issues and lay the foundation for the development of a more trustworthy Internet. Is this a feasible solution? There is reason for cautious optimism based on shared interests in preserving the Internet. For Internet companies, the more users that trust them, the more profit they can make. For many governments, the Internet is a facilitator of social and economic growth. Even governments who see the Internet as a subversive tool need to think twice before they interrupt or prohibit any of its services. Our daily routines and personal lives are so intertwined with the Internet that any disruption to it will disrupt our broader society. Thus, a trustworthy Internet is in the interests of the majority.
Rationally speaking, a compromise around a new social contract for a trustworthy Internet is possible. However, our optimism should be cautious, since politics (especially global politics), like trust (and global trust), are not necessarily rational.