Users and Trust in Cyberspace (Transcript of Discussion)

I did my PhD in decentralised authorisation, but I guess now I’m jumping right through the rat hole of this conference by speaking about trust. I’m trying to look at trust from a psychological point of view, not so much from the technical point of view, and trying to point out some of the observations that have been made about how users perceive trust in cyberspace. I am presenting work that I am doing with one of my PhD students, Kristiina Karvonen. She is doing research on what trust is from the user’s point of view in the Web, but I am more interested in how we could generalise these issues to uses of computer communications other than the Web, and how we could possibly make computers understand trust in some limited sense. First I am going to speak a little bit about our motivations, then try and define what wemean with the word trust (and I hope it is an acceptable definition even though it’s a limited one), and then I’m going to tread on thin ice and try to contemplate whether we could make computers understand trust in this limited sense. It seems to be a fact that the Web is getting everywhere and, at least in Finland, everybody these days has to have a cellular telephone. Teenagers are the most active cell phone user group in Finland, sending short messages to each other all the time, and some schools have banned cell phones altogether. Even primary school kids have cell phones, and this has a number of privacy concerns that make me think really hard. How could I change the world so that when my daughter comes to the age that she wants to have a cell phone that the operator doesn’t get all the information about her habits and friendships and so on? And in the more distant future it seems to be that these kind of devices will get integrated into our clothing and jewellery and maybe some people will turn into cyborgs! Now when we are starting to look at security concepts from that point of view, instead of an organisational point of view, so we are speaking about protecting the personal data and privacy in this kind of connected world, then we get quite a different view to what is trust, and whom should we trust, and whom have we to trust. That’s what we are trying to address. From this point of view it seems that when we are speaking about trust, it’s first that trust implies lack of knowledge; so trust is a special kind of belief meaning that when we make a trust decision, when we decide to believe, it has quite a heavy emotional load from the psychological point of view. We make a commitment in trusting and we make ourselves more vulnerable when we decide to trust something or somebody. So we made ourselves dependent and when we are speaking about computers it seems that trust implies that we made a decision that our attitudes or perception towards the computer system is that we decide

[1]  Oren Etzioni,et al.  Privacy interfaces for information management , 1999, CACM.

[2]  Pekka Nikander,et al.  Extending Jini with decentralized trust management , 2000 .

[3]  Juha Paajarvi XML Encoding of SPKI Certificates , 2000 .

[4]  Thomas Beth,et al.  Trust-Based Navigation in Distribution Systems , 1994, Comput. Syst..

[5]  Pekka Nikander,et al.  Certifying Trust , 1998, Public Key Cryptography.

[6]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[7]  Catherine A. Meadows,et al.  The Role of Trust in Information Integrity Protocols , 1995, J. Comput. Secur..

[8]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  A. Seligman The Problem of Trust , 2021 .

[10]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[11]  Rune Gustavsson,et al.  Agents with power , 1999, CACM.

[12]  M. Angela Sasse,et al.  Privacy Issues in Ubiquitous Multimedia Environments: Wake Sleeping Dogs, or Let Them Lie? , 1999, INTERACT.

[13]  Elena Rocco,et al.  Trust breaks down in electronic contexts but can be repaired by some initial face-to-face contact , 1998, CHI.

[14]  Holger Luczak,et al.  Teams without trust? Investigations in the influence of video-mediated communication on the origin of trust among cooperating persons , 1999, Behav. Inf. Technol..

[15]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[16]  Ronald Fagin,et al.  I'm OK if you're OK: On the notion of trusting communication , 1988, J. Philos. Log..

[17]  Donna L. Hoffman,et al.  Building consumer trust online , 1999, CACM.

[18]  Paola Benassi,et al.  TRUSTe: an online privacy seal program , 1999, CACM.

[19]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[21]  G. J. Simmons An introduction to the mathematics of trust in security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[22]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[23]  Roger Clarke,et al.  Internet privacy concerns confirm the case for intervention , 1999, CACM.

[24]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[25]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[26]  Gerald L. Lohse,et al.  Predictors of online buying behavior , 1999, CACM.

[27]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[28]  F. Ketelaar,et al.  Can we trust information , 1997 .

[29]  A. Jøsang TRUST-BASED DECISION MAKING FOR ELECTRONIC TRANSACTIONS , 1999 .