Coverage AreasServicesAbout UsPressClient AccessComplimentary ContentContact Us
Burton Group Home  


Burton GroupPress
 About 
 Categories 
 Burton Group News
 Digital Rights Management
 Directory Services
 Essays & Columns
 General
 Identity Management
 Infrastructure
 Personal Notes
 Science
 Security
 Web services
 Recent Posts 
 Hurry, Get 'Em While They're Hot!
 Signs of the Times?
 Seriosity Looks Interesting
 IdPS Blog is Up
 Microsoft's Open Specification Promise
 Cloning RFID Passports
 The End of This Story?
 Can You Say "BackLash"?
 What About Bob?, Part II
 On Blakley
Jamie Lewis - CEO and Research Chair
Opinions from Burton Group's CEO and Research Chair

« Turtles All the Way Down | Main | Asphalt and Cars Clarified »

May 06, 2005

Thinking Out Loud About Trust, Part II

In my previous post on trust, I outlined some basic definitions of how “trust” works in a business context. The responses to that post provide a good back drop for expanding the discussion to how we view “trust” in a social, as opposed to a business, context.

Put simply, a lot of social interaction isn’t preceded by complex negotiations between lawyers, resulting in documents that assign and disclaim liability. (Okay, before someone says it, there are pre-nuptials, and maybe lawyers should precede some relationships, and do far too often, especially in the United States, but I think you know what I’m trying to say.) When two people meet at a conference, they don’t have their attorneys negotiate a relationship. They start interacting based on an equally complex, but more intangible and tacit set of social cues and protocols.

The Social Context 

The term “trust” has obvious social connotations, such as having confidence in someone, confiding in someone, or believing what someone tells you. And all of those connotations have clear implications when it comes to digital identity and on-line relationships. But as is the case in the business context, the term “trust” can be deceiving in terms of what we’re really talking about.

Take the social software movement, for example, which advocates a new kind of “place” in which people can interact socially. That means taking the social cues and protocols that we all unconsciously use in physical space—actions that have evolved over thousands of years--and replicating or instantiating them in a virtual construct. That’s a tall order. 

Think about what it means to trust someone on a personal level. I, like most of you, have had the experience of meeting someone and, in the first five minutes after meeting them, knowing that I really like the person, want to get to know him or her better, and am excited about the prospect of doing so. I’ve also had the opposite experience of meeting someone, noticing that the hair on the back of my neck is standing up, and knowing that I want to get as far away from that person as possible as quickly as possible. How and why does that I happen? How do I know that I “trust” Kim or the other folks I know in a social context?

Digging Deep 

Both in a recent response to my first post on trust, and in an older post of his that I made note of a while back, P. T. Ong says that “trust is an emotion.” Trust certainly has an emotional component. We get angry when trust is abrogated, and we feel good when we have trusted friends we can turn to. But I wonder if there’s not something even deeper and more mysterious going on.

So let’s try this on for size: Trust is an instinct. 

I’m talking reptilian brain stuff, something buried deep in our genetic code, an intrinsic part of our primitive survival skills. We (hopefully) sense danger and safety equally well. I’m not a psychologist, and I’m perfectly willing to defer to other more learned colleagues on the matter. (I'm thinking out loud, after all.) But describing that gut feeling you have about situations and people as an instinct seems sensible to me.

More relevant to our discussion, how do you instantiate that in working systems software? 

Recognition

That’s why I like the term “recognition.” In a post from some time back, Phil Windley brought up the term, essentially equating it with “trust.” Both “trust” and “recognition” came up in the Gilmor Gaggle identity discussion from many months back, when Kim Cameron suggested using “recognition” instead of “trust.” While the two terms are clearly related, however, I don’t think they're the same thing. (And I don’t think Kim meant that the terms are interchangeable, but I’ll leave it to him to clarify that.) I like the term “recognition” because it strikes me as a very social thing, and a component of relationship building that has been largely absent from the business context for “trust.” I think recognition will be an important function, and as Kim might put it, a better way “to describe the means by which we evaluate the truthfulness of digital identity claims,” at least in a social context.

When he started his blog, Drummond Reed's first post was titled "it’s all about naming." Certainly naming is important. But again I’m wondering if there isn’t a more elemental issue at the root here.

So let’s try this on for size: In a social context, it’s all about the knowing. 

Who you know, how you know them, and what you know about them will have a huge impact on how you interact with anyone in any space. When two people, or even an ad hoc group of people, start interacting, they often don’t need a third party to broker trust. They just need to know and recognize each other, reliabily. 

Building the Layers

In other words, trust is an emergent property. It ebbs and flows as a relationship grows and changes. Trust grows in a feedback loop, based on what you experience directly, and what you hear from others that you trust. It doesn’t take a genius to make the leap from these factors to realizing that reputation systems may well play an important role in an identity system. Clearly, reputation systems can be gamed, and good ones must mitigate that problem. But the power of reputation systems is clear. Indeed, reliable reputation systems may help establish an early threshold of “knowing,” helping bootstrap relationships by enabling early shades of trust (or low degrees of mistrust, depending on how you look at it). 

In combination, recognition systems (which help me remember who’s who), reputation systems (which help me remember who did what to whom), and other constructs may help us create a rudimentary virtual version of the social context in which the cues -- and instincts -- that constitute personal “trust” can manifest themselves naturally, as they do in the physical world today.

And that goes back to one of my earlier themes: the organic nature of the metasystem and how it will evolve. We must create the space in which trust can emerge as a social function, not just a business or a cryptographic one. And that’s why it’s so interesting to see things like FOAF, InfoCards, Sxip, social software and other systems emerge. They’re the early stages of the evolution toward such a place. But we must be careful not to burden that system unnecessarily with business notions of trust, or it might not work. Conversely, we must not forget that the business implications I discussed in my earlier post are equally important. And that brings us back to why we need a metasystem, one that supports a spectrum of functions, from basic self-asserted identity to brokered “trust.” But that’s a discussion for Part III, if I can find more time to write it.

May 6, 2005 in Identity Management | Permalink


 

HomeTerms of UsePrivacy PolicySite MapFeedback © 2003 Burton Group. All rights reserved