Aspects and characteristics of Trust and its impact on Human Societal Dynamics and E-Commerce

 

Introduction
While recent developments in electronic commerce have fueled a surge in interest around the subject of trust, it is an aspect of human interaction that is as old as civilization itself. Going further, it could even be said that it is one of  its foundations.

We typically think of trust as something that spans between two or more humans and provides a basis for their interactions. While this is a true characterization of trust it is not an exclusive one. Recent advances in technology within the past 20 years have served to greatly change both the scope and meaning of this paradigm. One of the primary reasons for this is that the scope and capability of interaction has increased in a like manner. Interactions occur not only between humans, but human to machine as well as machine to machine. Furthermore, these interactions can be chained by way of a conditional policy basis to allow for complex communication profiles that in some instances may not involve the direct participation of a human at all.

This paper is intended to analyze the subject of trust and its close association to other subjects such as risk, assurance and identity and the impact that it has on technology and the dynamics of human interaction. We will begin by looking at trust in the basic definition and historical (as well as pre-historical) context. This will serve to set the stage for later focus into the impact on areas of technology and advanced communication capabilities that have become prevalent in our lives. It is the hope of the author that this diatribe will allow for a better understanding of the subject from both a philosophical and practical standpoint.

 

How do I trust you?

This is the classic question, and one that is hard to quantify. Indeed, the answer may be different for different people. The reason for this is that some people are simply more ‘trusting’ (the cynical reader might think ‘gullible’) than others. There is also a degree of context, which is very closely related to assumed risk on behalf of the trusting party that comes into play with every decision of trust. If we think about it, the manifestations can quickly become boggling. After all, there is a big difference between trusting your neighbors’ kid to cut your grass versus trusting that same kid to baby-sit your own. There are certain pieces of additional information that you will typically need to extend your trust into the deeper context. This additional information will typically (if you decide to let him or her baby-sit) provide you with the additional level of assurance to extend the trust into the new scenario.

So while the possible manifestations are quite numerous and complex, we can already see that there are some common elements that are present in every instance. The first point being that trust is always extended based on some level of assurance. The second point being that this relationship between trust and assurance is dependant upon the context of the subject matter on which trust is established. Going further, this context will always have an element of risk that is assumed by the extension of trust. This results in a threefold vector relationship that is shown in figure 1. What the diagram attempts to illustrate is that the threefold vector is universal and that the subjects of trust (the context of its extension, if you will) fall in relative positions on the trust axis.

The vector relationship between context, assurance & trust

Figure 1. The vector relationship between context, assurance & trust

 As the figure above illustrates there is a somewhat linear relationship between the three vectors. It is the subject of trust that provides for the degree of non-linearity. Some subjects are rather relative. As an example, I might not me too picky about my lawn but others might be as sensitive as to rate the level of trust to be in close equivalence to baby-sitting their kids. Some parents may be so sensitive to the issue of baby-sitting that they will require a full back ground check prior to the extension of trust. In other instances, things are rather absolute. A good example of this is the trusting of an individual with the ‘Foot Ball’, which is a top secret attaché that covers the instructions, authorization & access codes for the nuclear warheads involved in the defense of the United States of America. For this subject, we are assuming that the individual is a member of the Department of Defense with relatively high rank and has passed the integrity and background checks as well as psychological stability testing to provide the level of assurance to extend what could be perceived as the ultimate level of trust. Also consider that there is no ‘one’ person that has this type of authority, it is a network of individuals that needs to act in a synchronous fashion according to well defined procedures. This reduces the possibility of last minute ‘rogue’ behavior.

There is another thing to consider as well and this is something known as an assurance cycle. For some extensions of trust, a one time validation of assurance is all that is required. As an example, even the pickiest of yard owners will typically validate someone’s skill just once. After that, there is the assumption that that skill level is appropriate and is unlikely to change. This is often the case as well for baby-sitting. Seldom will even the most selective parents do a full background check every time the same kid is brought in to do the job. It will usually take some exception, such as a poor mowing job or a bad event during baby-sitting that causes this degree of trust to be compromised and hence require re-validation. There are some positions however that are extremely sensitive, have huge potential impact and are non-reversible. A good example is the extension of trust to handle the ‘Foot Ball’. In this instance, there are several regular security and psychological tests that occur as well as random spot testing and background checks to assure that the individual’s integrity as well as those that support him or her are not in any way compromised.

So from the above we can assume that there are four major elements to trust. First is the aspect of context, what is it that the trust is about. In this there is always an element of risk that the party who extends the trust assumes; Second is the level of assurance, what will it take to enable and establish the extension of trust; The third is the element of validation, how often will I need assurance to keep the extension of trust and then finally there is the element of trust itself.

There are also modes of trust that occur, some of which are deemed to be more solid that others. These modes are found in three basic types. First there is what is termed as ‘initial trust’. This is the trust that you need to get up out of bed in the morning to face the world. This is basically the concept that the world is not outright hostile and that while still a jungle you have trust in your own ability to make progress in it. A good example is that in most neighborhoods you can pass someone on the sidewalk and ‘trust’ in the fact the individual will not try to attack you. Note that this requires a two way equation, the other individual has to have the same perception. This is a key ingredient and provides the bootstrap for the other two – more sophisticated forms of trust. Another commonly used term for this is trusting at ‘face value’. Second is something termed as ‘associative trust’. This is the extension of trust to someone or something based on the reference and recommendation of another individual in which you have already established a trusting relationship. Both initial trust and associative trust could be classified as temporary states of trust that require the third and last mode which is ‘assured trust’. This is where the initial trust is then validated by actual experience or some other system of assurance. This and associative trust provide a degree of historical context to the paradigm and begins to develop the concept of reputation. In essence, (though perhaps not always true) if you were trustworthy in the past it is likely that you will be trustworthy in the future. As an example, if my neighbor told me that a certain kid was great lawnmower, I am more likely to extend the initial trust based on this recommendation. Once the kid performs the job well and up to expectations the mode of trust then becomes extended to ‘assured’. I have seen the job that the kid does with my own eyes (note I have extended some degree of risk here – he could have scalped my lawn) and I am now happy with the job. The relationship with the kid is now direct, between my self and him or her. The neighbor has faded off as the relationship has matured. Although the neighbor’s opinion may still carry some value; for instance if I were told of something being damaged or stolen I might experience a compromise in the degree of assured trust that has been established between myself and the rumored individual. This can begin to uncover the potential corrosive effects of gossip and hearsay in inter-personal relationships but it also shows the capability of social systems to create feedback loops in which trust can be built up or eroded based on an individual’s behavior.

One last aspect to consider is the fact of identity. This may seem out of place in this face to face example. Obviously, I do not need identification to be assured of the fact the neighborhood kid is who he says he is. I can see this with my own eyes and establish it with easy conversation. However, there is something known as abstraction that becomes prevalent in more complex examples of trust. Also, as the assumed risk gets higher along with the increase in abstraction, the need to be certain of an individual’s identity becomes a requirement. As we shall see though, this is not required, or rather it is more implicit in the simpler examples of trust. However, as human interaction becomes more indirect and the relationship of worth to risk becomes higher, getting assurance of an individual’s identity becomes explicitly paramount.

I have this goat that I would like to trade for your cow

Since it is established that trust is a major requirement for a human societies, it makes sense to look at the phenomenon in the context of human societal evolution. For this, we need to look at the historical use of trust, particularly prior to the recent era of technological innovation. This will serve two purposes; first it will provide once again a simplified view of the paradigm. In a sense, it provides a form a reductionism because all of the newer trappings and manifestations of trust that technology requires are removed because they simply did not exist yet. Second, it will serve to provide a view of the phenomenon of trust in context of both social and commercial scopes. As an additional note, the following historical analysis is decidedly ‘western’ in its recourse and perspectives. This is not to indicate that the concept of trust or any of its resulting paradigms are solely western. The focus on western culture is done for one simple reason. Covering all cultural manifestations of trust and their evolutions would be exhaustive and well beyond the intended scope of this paper. Additionally, most if not all of the foundational concepts such as credit and currency are, aside from cultural trappings, largely the same.

If we go back to the time of hunter-gatherers, trust was something that was somewhat limited and narrow in scope. The limitation to the scope was simply because of the fact that humans had contact lists that were numbered in ten or perhaps twenty individuals. These were the individual’s tribe. This is where literally one hundred percent of social interaction took place. Additionally, these individuals were most often direct relations to the individual so there was still a grey area between genetic familial interactions versus interactions of a true non-familial social context. The scope was limited simply because humans did not ‘do’ a lot. We pretty much spent most of our time gathering roots and tubers as well as hunting.

While things were admittedly more limited back then, it could be argued that the table stakes were much higher. A single individual who makes a mistake in a large animal hunt could injure or kill themselves and perhaps several other prime members of the tribe. A single individual who did not know the difference between benign and poisonous plant species could endanger the whole tribe. So while the scope was both limited and narrow, the context was everything. In the high stakes game of Neolithic hunter-gatherer societies a single error would often spell disaster for everyone. For this reason the time of education was often well past adolescence and into young adulthood. Accompanying this were (and still are) complex initiation processes and ceremonies which are basically symbols of the tribes extension of trust to the individual as a fully functioning member of the society.

Here we still have the basic three vector relationship of figure one. Indeed, in order to be universal to the paradigm it needs to be so chronologically as well. There is still, 1). The context of the trust – I will trust you next to me with a spear; 2). The level of assurance – I worked with your father to teach you; and 3). The resultant extension of trust – let’s go hunt something that is ten times our size together. While the whole paradigm is much simpler, the stakes are very high. In some ways they are ultimate. Almost equivalent to the level of trust extended in the example of the ‘Foot Ball’.

With the invention of agriculture the phenomenon of trust had to change and evolve. At first, this was a simple extension to the Neolithic hunter-gatherer model. If you lived in a village on the Asian steppes at the end of the Stone Age it is likely that you were very isolated. It was probably unlikely that you ever saw an individual from a neighboring village as these other villages were often hundreds of miles in the distance. Consequently, the scope of trust was still limited to the tribe. The scope while still limited was becoming less narrow however. The reason for this is the element of possession. With the advent of agriculture and animal husbandry came the concept of possession. After all, if one and ones family spent their time and energy to raise crops and herds. There would undoubtedly evolve a sense of worth and ownership of that worth. With this came the concept of trading and bartering. The introduction of this simplest form of commerce occurred simply because it allowed individuals to specialize and thereby maximize the resources available to the tribe. At first this may have been communal, but as time passed and certain trades became differentiated, a sense of value for those trades became evident. We can see this from the archeological evidence of the early Bronze Age.

Trading in this context almost always happened within the tribe. External trading between tribes did not really occur in mainstream until the advent of the chiefdom. There are several reasons for this as we will later see. At the earlier stage, because of the limited scope, trust was often established on a handshake basis. If an individual wanted to trade an animal for some grain or another animal. The individual in that tribe who specialized in that trade was approached. There was often direct personal relationships that went back several if not dozens of generations between families. Trust you might say was embedded.

Something interesting also happened around the same time. Gradually, it came to light that there was not only a sense of worth for what an individual owned, like a goat or cow; but it began to extend to services that one could render. Such skills as medicine, metal smith, and yes even religion and tribal leadership (often which were synonymous at this stage) could be classified as such. With this splintering of occupations came the abstract concept of a contract. Even though the agreement was more often than not implicit and verbal, it was typically done with witnesses, was based on familial honor and the tribal penalties for breaking good faith were often severe.

As societies embraced all forms of agriculture there resulted in every instance a surge in population within the societies. This created a positive feedback loop that actually better enabled the tribe to survive and in turn grow further. That is… at first. It is commonly assumed that resource shortages are something that is new to humanity. This most definitely is not the case.  Many early societies quickly outstripped their surroundings of one resource or another. Often this resource was water. It is not a coincidence that the first advent of organized chiefdoms occurred in semi-arid regions that were tipping towards further arid conditions. Whether this happened because of communal agreement by all members or by force through a stratification of society (it was usually a combination of both), it is undeniable that this was a trend that occurred globally at various times in pre-history. As this happened throughout the Bronze Age there was an implicit extension of trust to the leader of the tribe that came along with it. It was not always given willingly, but in most instances it was absolute. With this came the evolution of the ‘divine’ rights of chiefs and their families and the quasi-religious merging of tribal leadership and religion that is often a signature of this stage in societal development. Even with this however, most chiefs did not long survive breaches of trust with the populous, at least at first. As ruling classes became more powerful, rule by force became possible and indeed many times attempted. Many things changed at this point as we shall see. Humankind had reached a sort of critical mass.

I want my silk and I am willing to do what it takes to get it

As human society progressed these isolated communities began to reach out and establish contact with one another. The reasons for this were varied but there is no doubt that pre-historic trade was widespread and would even traverse continental boundaries in some instances. There is one thing that is true with primates and humans are no exception. Once different societies or cultures establish contact, ignoring one another is not a long term option. Sooner or later they will interact. Whether this interaction is peaceful or warlike is to a great degree determined by trust. Societies that trust one another tend to establish trade and share cultural traits and ideals. Societies that do not trust one another tend to avoid contact and when they do have contact it tends to be of a violent nature. Again, we can get into boggling possible iterations that might occur for a virtually unlimited set of reasons. In some instances there may be vast ideological differences that cause the animosity. In other instances, (and it should be noted that this is by far the predominant cause) it was based on something known as circumscription. This is when one society sees another in a predatory sense. Most often the reason for predation was for territory or resources, both natural and human. What is important is that this trend again was self reinforcing. As the prevalence of aggressive societies increased there in turn increased the need for strong leadership and military capability within societies as a whole to either carry out the acts of circumscription or defend oneself from it.

At this stage of societal development we see each of the great civilizations enter to the empire phase. This phase which some would argue not to be a phase but an integral characteristic of human culture has dominated our history. As we shall see however, any empire that withstood the test of time realized that in order to do so one must have willing, or at the very least submissive subjects. These subjects must see the empire as the greater good or at least the lesser of two evils. Here we see the beginnings of the concept of a social contract known as citizenship. Where there are certain benefits, privileges and rights to being one. This is something that reached an ancient epitome with the Roman Empire. The wiser emperors were very astute to this concept. Some were masters at public display and acts of imperial benevolence done in a public fashion to assure wide reaching knowledge of the act. Such acts were cheap in relation to the revenue and value that it served to continue securing for the empire. In addition, there was the constant presence of hostile neighbors, which the emperor did not have to necessarily manufacture to create the additional rationale of keeping distant kingdoms within the fold. After all, if the emperor placed enough legions in the locale to defend it, it was often of the dual purpose of keeping it subdued as well.

None the less however, the Romans were keen on extending citizenship. It was once boasted of the Romanized Britain’s that they were ‘more Roman than the Romans themselves’. They were certainly no exception. It was very common across the empire to see a sense of membership in it. Some kingdoms were more willing subjects that others but by and large an entity as large as the Roman Empire simply could not be ruled by force alone. Again, the wiser emperors understood this and leveraged it to the hilt. There was a sense of pride and trust in being a Roman citizen. Particularly if you were a free merchant who looked at trade abroad (across the Mediterranean) as desirable.

Parallel to this is the development and maturity of two other concepts. One is the independent representation of worth. This is the development of a system of currency. This was certainly not new with the Romans but they did bring it to a level of maturity and perfection that can rival the process of today’s mints. Another thing that they did was remove any local intermediary to imperial allegiance. Roman citizens were to declare direct allegiance to the emperor, not to the local king who then claimed allegiance in turn. Each citizen was to take the oath directly. In this sense, a king was no different from his subjects. This way allegiance was not to local kings who could come and go (and be deposed at will by the emperor) but to Rome itself which stood ‘forever’ and was the greater good or greater obligation depending on your perspective. In either case, it superseded any allegiance at a local level.

With such systems in place trade was seen to prosper within the empire. Along with this surge in trade came the relative prosperity of the provinces that participated in it. Aside from the benefits however, there was the required abstraction of worth that came along with it. Within this more sophisticated commercial environment there were many intermediaries. With additional parties and complexities came the inevitable individuals who attempted to circumvent the system of governance. In the simple Neolithic village trade, it was very difficult if not impossible to subvert the trade. The trade was face to face, based on the trust of family to family and the transaction was solid not abstract. It was a real time exchange. There simply was no opportunity for infringement on the transaction. With the introduction of sophisticated monetary based commerce, this was no longer the case. There was now plenty of opportunity for enterprising but less than honest individuals who could now make a ‘little extra’ on the side within the normal flurry of business transactions. As this occurred, more formal systems of governance were created to provide the additional assurance that goods and services were rendered fairly and appropriately. Again, this is not new with the Romans but it could be said that they brought the concept of governance and law to a level of true maturity that there to fore had not been attained by any civilization (perhaps with the exception of China). Indeed, today many countries still base their legal systems on the precepts of Roman law.

If we look at all of this we can begin to see a resonant balance of concepts. Some, like the legal system are positive and reinforcing; others like thievery and embezzlement are negative and corrosive. Others can be either such a reputation. It is the delicate balance of these negative and positive influences that create an ecosystem of trust with the ultimate trust ecosystem being the very existence of civilization itself.

In the late 5th century the emperor Justinian had an issue with getting access to certain eastern products. Justinian tried to find new routes for the eastern trade, which was suffering badly from the wars with the Persians. One important luxury product was silk and the famed purple dye used to color imperial robes, which was imported and then processed in the empire. In order to protect the manufacture of these products, Justinian granted a monopoly to the imperial factories in 541 AD. In order to bypass the Persian land route, Justinian established friendly relations with the Abyssinians, whom he wanted to act as trade mediators by transporting Indian silk to the empire; the Abyssinians, however, were unable to compete with the Persian merchants in India. Then, in the early 550’s, two monks succeeded in smuggling eggs of silk worms from Central Asia back to Constantinople, and silk then became an indigenous Byzantine product.

What we see here is a natural progression of steps that served to provide stronger assurance to Rome that it would get the products that it valued. The first set of steps attempted to remove unpredictable and hostile trade paths with those which were more friendly and stable. The final steps moved to remove intermediaries all together and thereby attain the highest level of assurance by direct control of the product.

All of this was for naught however. Despite all these measures to protect trade, the empire suffered several major setbacks in the course of the 6th century. The first one was the plague, which lasted from 541 to 543 and, by decimating the empire’s population, probably created a scarcity of labor and a rising of wages. The lack of manpower also led to a significant increase in the number of “barbarians” in the Byzantine armies after the early 540s. The protracted war in Italy and the wars with the Persians themselves laid a heavy burden on the empire’s resources, and Justinian was criticized for curtailing the government-run post service, which he limited to only one eastern route of military importance, the silk highway. Also under Justinian I, the army which had once numbered 645,000 men in Roman times, shrank to 150,000 men.

What this in essence shows is that even whole civilizations can collapse under the weight of history, bad circumstance and limited decisions by the ruling party. As the trust in the systems of governance waned, individuals tended to seek security at more local levels. As this happened the implosion of the culture was a certain result. The imperial contract was broken. Feudal society became the method de jure for the next one thousand years.

Adam Smith’s hidden (but shaky) Hand – the rise of the Market

It could be said that as the Roman Empire fell there was a pulling back of trust to the more local and limited scope that was prevalent prior to its existence. It would take several hundred years before economies and systems of trust and governance extended beyond the castle walls once again. With the advent of the renaissance and the rise of the merchant class much of the momentum that had been lost with the fall of Rome began to be regained. Gradually and with an accelerating pace Merchant and Guild classes began to develop.  Modern nationalistic attitudes began to appear and the concept of a ‘marketplace’ began to evolve where trading could occur with the assurance that transactions would happen in a lawful and orderly fashion. Once again we find the threefold vector relationship of context, assurance and trust that served to set the foundations of an independent but entirely abstract entity known as the Market. At first, these early markets were largely under the control of the trading companies. Individuals or businesses could gain a stake into the lucrative potential gains (and associated risks) of ‘global’ trade by investing in shares of the trading company. With this revenue, the trading company would be able to pay for the building of the required ships and crews for the expanding trade routes. The investors made their investment based on the trust in the worth of the shares that they bought. At some point in the future, if the trading expedition went well, the shares would be worth some value above what was invested.

Back at home, less adventurous individuals would focus on crafts trades by gaining access to one of the many Guilds that were springing up across Europe. Again there was an element of trust here. In this instance there is trust in the organization. There was trust in the fact that if one joined a Guild and went through the appropriate training and apprenticeship, one was more or less assured of getting a job upon completion.

As these social constructs began to gain momentum they found an eventual convergence in the industrial revolution and the rise of the modern trading market place. During this time a new branch of science began to be developed known as economics. One of the practitioners of this discipline known as Adam Smith noticed that there was a resonant feedback mechanism between profit and competition that seemed to keep the market balanced so that products and services were levied at fair rates of exchange. This he coined ‘the invisible hand’ of the marketplace. As the concept evolved, several practitioners began to assume that the market was predictable and could be ‘trusted’. This was based on the assumption that market behavior was essentially Gaussian and that it, in combination with this ‘invisible hand’ would serve to provide an overall stability to the marketplace.

As we all know now, this assumption was largely incorrect. The stock market crash and the following deep depression were largely fueled by an overextension in the market that was based on this false assumption of predictability. As a matter of fact, one week prior to crash of October 1929, Irving Fisher of Yale University who was perhaps the most revered US economist of the time claimed that the American economy had reached a “permanently high plateau”.  As little as three years later the national income had fallen by over fifty percent. In essence, no one, not single economist saw it coming. This was a prime example of misplaced trust and overconfidence that had been built up over the centuries from the initial days of the cognizant risk that was assumed by those investing into the early trade expeditions. What served to allow this? Again, it was the abstraction of worth and also of the risk assumed on that worth.

When early investors bought into a voyage, there was a direct one to one relationship to the success or failure of that voyage. If the ship went down so did your profits along with the initial investment. There was very little present to abstract or protect from the risk. In the modern marketplace however, wealth could be moved and transferred from one interest to another. This capability gave the impression of lessened risk. In reality the overall risk was spread among various interests, so it did reduce the risk, but in a single investment, and this is a key point. If the whole market crashed as it did on that fateful Monday morning and all of your assets were in the market at that time it did not matter how well spread out your investments were, the market crashed and so did your assets! There was no difference. In essence, the market was your ship.

What this serves to illustrate is that while abstraction allows for greater scale, volume, and agility; it reduces the overall visibility of assumed risk but does not eliminate the risk itself. This is an important principle that we will re-visit once again as we begin to look at the recent trends of trust in e-commerce.

 The new commerce paradigm

When you purchase something on the web today, you very seldom if ever get a chance to interact with another human being. When you think about it, there is a great degree of abstraction in the e-commerce model that the on line purchaser simply needs to accept. This is nothing new. It has been happening gradually over the years. It was even occurring back in Justinian’s day. After all, it is highly unlikely that Justinian ever met the actual proprietors of the dyes or silks in person. He had emissaries that handled his relationships with them. Note also that in the end he chose to remove all intermediaries to the product including the proprietor.

If we think about it, currency is the first level of abstraction that allows for all the others to occur. The concept of independent representation of worth allows for trading at a distance without moving huge hordes of product as barter or direct trade would require. One party could pay for product with currency, typically gold or silver. As time progressed, the concept of currency evolved into a ‘certificate’ paper form that represented an amount of gold or silver, which is then held in a reserve by some organization. One of the first organizations to do this were the Knights Templar in Europe to provide for safe transfer of wealth to the Holy Land for would be pilgrims. This added an additional level of abstraction, but with this new approach a business deal could happen in a totally separate occurrence from the actual movement of product or gold and this is more often than not the case. This is one of the primary tenets of commodity trading. For many centuries, currency through banking and a postal capacity addressed the requirements of distant trade and commerce. (Remember that Justinian kept the postal service to the east.) In more recent times, we can reference the use of the Pony Express and soon after the locomotive that allowed for the significant growth the countries of North America experienced, but the basic paradigm did not change. It was still a combination of currency and postal service. The only thing that was happening was that the information regarding commerce and the product being traded was moving faster.

All of this changed with the invention of the telegraph and soon afterwards the telephone and the further abstraction of worth, the ‘wiring of currency’. At this point the delta of time between information and product truly diverged. It could be argued that it is easier and faster to move a letter versus goods. However, in most instances, particularly with the locomotive, both moved on the same train. Telecommunications made its big impact by the ability to communicate far faster than the movement of goods. As a matter of fact, it allowed for the total separation of commerce information and product flow. This is the primary feature that has allowed for our modern world.

Everything is Virtual (in its own way)

The inception of the Internet could be viewed as a continuation of the telecommunications commerce paradigm. There is however a critical difference. There is a critical set of additional abstractions that it allows for true e-commerce to occur. The first is that commerce is no longer limited to physical commerce, whether it be products or services. Think about it, with a telephone even of the highest quality channel, the only thing I can do is talk to you. Now granted, there are some things of value here. Perhaps even valuable enough to pay for if I happened to be a lawyer, accountant, or some other form of consultant. The list is pretty narrow though because it has to be limited to talking. The fax machine changed this slightly so that now I can send a facsimile (hence the term ‘fax’) of a document and then talk to you about it over the telephone. There is more value for the service here. In the case of legal consultation, it might be a contract or agreement. In the case accounting it might be a balance sheet or cash flow statement. In either instance the value of the service is increased because you did not have to wait for two or three days for the letter or document to reach you by mail before I can call you about it. For quite some time, this was the state of the art for business communications.

With the Internet however whole processes and services can be productized in a virtual fashion and sold electronically. In essence, currency moves (virtually as well – we shall discuss this next) and nothing happens physically. No product is shipped; no person picks up a hammer or a shovel as a result. Something happens in cyberspace instead. More importantly, something happens in cyberspace that creates an eventual real world result.

There are many companies that serve as examples for this. Paychex™ provides electronic outsourcing of company payrolls. EBay™ provides an on line auctioning service where folks and companies can sell their belongings and products in a virtual garage auction type of setting. In all of this though, on line stock trading is the one with perhaps the biggest impact on the movement of wealth in today’s world. This ability has greatly improved the trader’s response time to market trends. This is accomplished not only by the use of the Internet and computing but by the removal of the intermediaries. (Sounds like Justinian doesn’t it?) While this has certainly been a boon for the typical individual many economists have indicated that the implications can be a knee-jerk economy, where herding behavior among trading communities can be greatly accelerated, sometimes to the detriment of the market.

Along with the virtualization of products and services there has been an equal and parallel trend in the virtualization of wealth. Much of our wealth today is paid out to us and then relayed to those we are indebted to without ever being realized physically. In other words whole cycles of revenue transfer happen in a totally virtual context. As an example, my mobile phone bill is automatically paid by my corporate card, and my corporate card is in turn paid electronically out of my checking account which is funded by electronic deposit by the company’s payroll service. None of the monies ever becomes physically realized. It is the transfer of the balance (in essence nothing more than a number) that moves the wealth. Indeed, at the very base reality it is the manipulation of numbers in different account records that represents the transfer of that wealth. I never touch the gold, but I realize the values of the benefits.

When we put these concepts together we arrive at the contemporary paradigm of e-commerce. Let’s take the example of an individual that buys a product on line and uses a credit card. The e-vendor charges to the account number and the individual incurs a charge on their account. They may have the card set up on an automatic payment from a checking account which in turn is funded by electronic payroll deposit from the company they work for. Everything in the end to end commerce flow is virtual. The only tangibles in the whole end to end commerce model are the hours worked by the individual and the product that (hopefully) eventually arrives at his home in good condition. This is something that most folks simply take for granted. They trust the paradigm. There are others who are more cautious, those who only trust a part or portion of the paradigm. An example would be an individual who is completely comfortable with electronic deposit from their company but prefers to write a check (which is in turn a paper abstraction of wealth that could be viewed as a precursor to the current paradigm) to pay their credit card bill. This same individual however, might be totally amicable with purchasing a product on line from an on line vendor using that card.

Then of course, there are those who would trust no such abstractions. Indeed, there are those who insist on being paid in cash and would not relinquish that cash to any entity for holding. All of their charges and bills they incur and pay on a personal basis. One has to wonder, in today’s society how limiting and restrictive this approach is. Any extension out of the normal day to day life would require significant effort and expense. As well as risk, this individual is carrying his whole wealth on his person. He is at extreme risk on the physical side. He could be mugged and most probably harmed, perhaps killed for the wealth he carries. So any extension of the constricted life style would be more costly, even if it went as projected. So there can be a cost for not trusting as well.

From this we can see a spectrum of trust, one that runs from total trust where everything is virtual to total mistrust where everything is physical. We could also argue to extend this to say that both are extremes and that as such they would represent the population according to Gaussian distribution with the majority of the population lying somewhere in the middle. At both ends of the spectrum there are extremes of risk as well. On the virtual side, all of the risks are in turn virtual (There is however the real loss of wealth in cyber-crime and identity theft. Most credit companies will protect their customers from any charges incurred – this begins to touch on the concepts of insurance and the spreading of the risk factor which we will discuss shortly), on the physical side all of the risks are physical including one critical difference – the risk of physical harm. Indeed, it is most probable that this was one of the primary motivations for abstraction (virtualization) of wealth to begin with. Recall the Templars, who founded the first embodiment of modern banking. They became powerful and wealthy on the holdings and transferal of wealth for pilgrims to the Holy Land so that risk was reduced on the individual who made the trip. In essence, the wealth was ‘virtualized’ during the trip. There was a degree of separation of the individual and their associated wealth. Over course of the sojourn the individual was fed and defended (for a substantial fee) and when they arrived at the Holy Land they could cash in their deposit checks and they were flush once again. The revenues were transferred by more secure military means or more ideally, the revenues existed in Jerusalem prior. Either way, the pilgrim received their gold at the end of the trip, less the substantial fee of course.

 Go ahead – everything will be alright…

If the aspect of risk is somehow primary to trust then there is a related value in the level of assurance provided to the individual entity that enters into the relationship as well. Again these are related in a vector relationship that is exactly that as shown in figure one. As the level of risk gets higher in the trust relationship the level of assurance must in turn be sufficient to ‘cover’ it.  There are more dimensions to consider however. We need to consider the aspect of reward.

Reward could be considered to be a positive dimension of risk. The two exist in opposition. As the ratio of reward to assumed risk becomes higher, it is more likely that an individual will move forward and assume the risk. It is almost as if an individual reduces the risk factor in their own mind when taken in context of reward. This is what causes individuals to do things that they would otherwise not ordinarily do, such as clicking on an icon on a questionable web page. In instances where the degree of risk is higher than the potential reward an individual is likely to pass the opportunity by. This relationship is shown by the diagram below. Note that there are two vectors in this diagram one is the lower risk or liberal risk vector because the expected level of assurance is lower per given equivalency in context. The higher risk vector represents the more conservative risk vector, as stronger expectation of assurance is expected for relatively lower extension of trust. The sinusoidal line in the middle represents the decision vector of the individual or entity. It is represented as such because it could be described as a waveform that is unique to the entity. Some individuals or organizations may be fairly liberal, other may be more conservative, but each one will be sinusoidal in that the decision hinges between perceived potential risk and reward. It is also important to note that at the nexus of the graph the sinusoidal pattern is smaller and increases in relation to the absolute boundary vectors which illustrate the potential range of decision.

Figure_2

   

 

 

 

 

 

Figure 2. The relationship of reward and risk in trust

Note that as the risk and reward grow more significant the sinusoid grows in relation; which represents the state of ‘indecision’ that we typically encounter in high stakes affairs where the risk and reward potentials are exceptionally high.

This is common sense to some degree. Few of us would argue this. However, there are a few important points to consider that are pertinent in today’s ecommerce environment. First, when we say assumed risk or potential reward, we mean ‘perceived’ assumed risk or potential reward. What an individual perceives and what is really occurring are two totally different things. Herein lies the root to all scamming and racketeering activities and the addition of a cyber environment only provides another level of cover for further abstractions between perceptions and truth.

The second important consideration is that assurance (or insurance) can change this relationship. Both can serve to decrease the degree of risk assumed and hence push the individual in the direction of a positive decision.

As an example, neither you nor I would purchase a book from an unknown vendor on line with no validation and no privacy. The level of risk (placing your credit card number on line unprotected) versus the reward (a book – that you must want otherwise we wouldn’t be having this thought exercise) is simply too high. However, if it is a well known vendor and your credit card information is held in a profile that does not go on line, the level of risk is minimal and the purchase becomes a very trivial decision that is almost equivalent to standing in an actual book store. This is even more the case if you happen to have coverage on your credit card for fraudulent activity. This is illustrated by a modification of the figure below. As systems of assurance are put in place they provide a positive ‘pressure’ on a given situation. This pressure serves to reduce the perceived (and hopefully actual) degree of risk.Figure_3

 

 

 

 

 

 

Figure 3. The positive influence of increased assurance or insurance

From this we can deduce that providing increased assurance to individuals who participate in ecommerce is a good thing and will produce positive results. This is indeed the case. It also means however that individuals can be misled. They can be misled either by the degree of the perceived reward (think fake lotteries and sweepstakes) or by the degree of perceived assurance (anonymous SSL is the main avenue here). Many scams will try to do both. A good example is a sweepstakes email from a seemingly reputable company name that has the happy news that you are the winner and you only need to fill in some required information on a ‘secure’ web site. You even get the SSL connection with the lock icon in the bottom on the browser screen! So assurance is a two edged sword. If the potential reward is big enough and the ‘illusion’ of assurance can be provided, then the basic ingredients for a scam are present.

This can be carried further by the ingenious but nefarious use of software code that can provide the ability to place key loggers, bots and Trojans on a users’ PC as a result to the mere visiting of a web page. Once the code is resident, all sorts of information can be garnered off of that compromised system. With this approach there is no need to dupe the user into entering anything on-line. The malignant party need only wait for the scheduled updates from its cyber-minion. That is all that is needed in this scenario is a moment of indiscretion on behalf of a user who is ‘dazzled’ momentarily by the perception of some great potential reward. The code does the rest.

So what is a user to do? It seems that we are going back in a cyber sense to the days immediately following the fall of the Roman Empire or in the days of the Old West where your very survival often depended on the whims of the environment. Interestingly, there are many analogies about the Internet and the Old West. We are now at a point in evolution where the analogy to the time following the Roman Empire (known as the Dark Ages) may be more appropriate. Many of the malicious parties are no longer just college kids or folks looking for a quick buck. As systems automation has become more prevalent many malicious activities are being sourced against infrastructure. Some of these activities can even be traced back to national, religious or political interests. So things are getting into the big leagues and like a good ball player, we need to change our mentalities to play in the league.

In this model, you might view the typical enterprise as a feudal kingdom that lies behind solid defenses of rock and earth. From these ramparts an enterprise does its business via various ways of securely providing for access across its defenses. As we carry the analogy further, the single Internet user is like a peasant in a mud hut outside the walls. Their defense is only as good as the probability of contact with malicious forces. They may run anti-virus software and have security check updates, but the real bottom line is that there is always a lead with malice ware, just as there is always a lead in weapons versus defense. If the user is frequenting unclean sites then it is only a matter of time before they contract something that neither the security checks nor the anti-virus software recognizes… that is until it is too late. So the analogy is very good. In the Dark Ages, if you were living in a mud hut you where at very similar odds. If no one came along, you were fine (the analogy here is that your software is up to date and recognizes the threat)… if not, then not; because most often your defenses were paltry in comparison to those who threatened you.

 So what does all this mean?

 What we will do now is take a look at the information regarding the subject of trust that we have gathered by our walk through history and see how it relates to these modern day issues. Some of the results that we will find will be obvious, other results may be startling. Some may even provide discredit to some major industry trends. In all of this it is important to keep an open mind and to remember that history often does repeat itself – it just happens in a different context.

First, let’s be clear. The Internet was never like the Roman Empire, except perhaps in the earliest days of DARPA. From the outset, the analogy of the old west or the dark ages was the most appropriate way to describe the environment. What I would like to do however is bring the analogy a level higher in scope and say that the typical enterprise is the typical empire or kingdom and that each enterprise is responsible for its own domains and the interests that its enterprise represents. This is certainly a valid analogy in that even Rome co-existed with other empires though not always peacefully. Persia and Carthage are two examples. So in a similar fashion different enterprises may be seen to interact, sometimes friendly such as a supplier relationship, other times not; such as a competitive relationship. This however is not the point. The point is that each enterprise is responsible for securing its own domains, just as each empire was responsible for theirs. Here the analogy is true. As an enterprise, my organization can not be made responsible for the security of my suppliers or even my customers. It is up to them to make sure that their own house is in order. The bottom line is that some may be more diligent than others.

So what is the first thing that we can draw from this? Well, first off empires existed by virtue of the ability to leverage wealth. They did this by maintaining well protected trade routes to the various other empires or nations that provided or desired products for trade. We might view Virtual Private Networking and data encryption as the modern day equivalent of this. Business to business connections happen securely when they are properly administered as their widespread use can testify. (Note however that recent attacks on IPSec VPN gateways have been documented, just as attacks on well protected trade routes occurred.) Secure remote connections can happen for end users within enterprises (I am using one now) as well. All of this can occur because the enterprise, like the empire has the ability to set the policies for its security practices.

Like well protected trade routes to the empire, VPN’s are only a part of the answer for the enterprises defense. Each Enterprise also has a well protected border that is maintained by threat protection and security devices just as empires maintained well protected borders by the use of armies or legions.

In the industry today there is a major push to an end to end security model. In this model, everything is authenticated and encrypted directly from the user’s device to the server that they are accessing. This approach has it’s benefits but it also has a drawback in that intermediate security devices such as threat detection and firewalls are blind to the traffic that is coming across the border. As such, encryption could provide a cover of darkness for a would-be attacker instead of providing the protections that it was intended for. Parallel to this is a major thrust for the decomposition of the security framework within the enterprise. In this paradigm, intermediate security devices are labeled as antiquated and not up to the challenge of protecting the enterprise in today’s e-commerce environment. Instead, the function of security becomes increasingly resident in the server and the client in the end to end scenario. If we carry this analogy to the empire, this is equivalent to leaving the borders less protected in lieu of depending purely on trade routes. This brings to mind Justinian’s reduction of the armies and the resultant reduction in control of territory that the empire experienced.

Perhaps a clearer analogy is the foot soldier. This is a paradigm I like to term as the ‘Naked Samurai’. In this analogy, the trend of security decomposition can be made equivalent to a Samurai who disrobes of all armor prior to entering into battle. (While this was never a practice of the Samurai, it was known to happen with Scots, which scared the devil out of the Romans – but didn’t do well for the attrition levels of the Scots. It should be noted that they eventually abandoned the practice and started to use armor like everyone else.) In order to survive the endeavor, the soldier must be flawless in his reactions. Each response must be perfect because ‘any’ error would be grievous. Even a minor injury would prove fatal as it would likely lead to further errors via pain and blood loss that eventually would prove to be his demise. As a result, no sane soldier would enter into the thick of battle without armor and yes medieval Japan had its share of armor. In many ways, this is equivalent to the current decomposition trend. In the end to end encryption paradigm, the first point of defense is the last point of defense. As a result, any threats that the server experiences it must be perfect in its response to. As we covered earlier, it is not always possible for security code updates to catch the latest mal-ware. In this model it is also not possible to always monitor or protect the client end system because the client may very well visit sites that are compromised. As the client system gains access to the server, it can then in turn infect the more important system. Without intermediate security, there is nothing that can be done to rectify the situation.

To carry the analogy further, this is parallel to the fall of the empire and the rise of the feudal kingdom in its place where the feudal kingdom becomes analogous to the server. Arguably the feudal kingdom like the server is less able to defend itself than the empire like the enterprise. Most certainly, any defense it does have is much more local and as a result much more easily compromised. More so, once it is compromised there is no cavalry to rescue it because the intermediate security devices are blind to the encrypted traffic. Also consider that the compromised system is now an enemy outpost within the enterprise data center where it can further entrench and infect other systems. This is analogous to the Dark Ages castle opening its drawbridge and filling in its moats. All folks coming into the castle are escorted by a secure squad of guards to their place of business. All of this sounds well and good, but no one did it. Why? Because, such a practice would have been construed as insane.

It is clear that a good security practice involves a combination of components. It is also clear that security has strong impacts on degrees of assurance, whether it is for medieval merchants or for e-commerce enterprises. Secure borders, rock walls, earthen ramparts, armed guards and armed trade caravans, all of these were required in order to fully secure a domain of interest which was the empire. The very same thing holds true for the enterprise. To succumb to the notion that defending the border is just too difficult is to succumb to the notion that destruction or at the very least fragmentation of the larger entity in question is eminent. No enterprise would accept such a notion, just as no empire would. Yet, empires have fallen for these very precise reasons. Ominously enterprise networks, particularly those that depend on e-commerce within their business models, could be viewed in very close analogy here.

Fortunately, there are differences in the fact that unlike empires, enterprises do not have to control all of the territory connecting their sites in a physical sense. They do however have to deal with the secure inter-connections across vast geographic domains. As a result enterprises require multiple layers in the security model to properly protect its resources and interests. Firewalls, VPN gateways, Threat Detection & Remediation to name a few, as well as end to end security are required to totally secure an enterprise. All of them provide value, the question then becomes – ‘How do two paradigms like end to end encryption and intermediate security devices co-exist and provide value to the enterprise?’ Well, the answer is rather straight forward. It is the same as that which provided the answer for the empire. It is a term known as ‘Federation’.

I’ll trust you if you’ll trust me

Merriam-Webster dictionary defines a ‘federation’ as an encompassing political or societal entity formed by uniting smaller or more localized entities: as a:) a federal government b:) a union of organizations 2: the act of creating or becoming a federation; especially : the forming of a federal union. Extending this into the area of security technology it is interpreted as a system for common governance and implementation of consistent policy for the domains of interest. I say ‘domains’ in plural because this is one of the major uses of federation, the tying of enterprises for B2B usage. Such an approach allows for the ability to extend trust across domain boundaries for very specific reasons as well as the ability to limit any such trust only to those services that are made open. This is analogous to the opening of the draw bridge or the border to a trading party that has established friendly intentions. The figure below shows such a relationship. In the diagram we show an enterprise (enterprise A) that has a relationship with three other companies (B, C &D). One is a supplier to enterprise A and is connected to enterprise A over a provider network. In this scenario, the two companies use an actual VPN with dedicated gateways. Both enterprises extend basic trust and each one administers their own relevant firewalls and access control policies but they will trust the credentials of the other enterprise by the use of federated digital identity.

Figure_4

 

 

 

 

 

 

Figure 4. An example of a Federated Business Ecosystem

In the other relationship Enterprise A is the e-commerce vendor and has business relationships with enterprises C & D as a supplier of products. For these relationships enterprise A provides a secure web services portal over a provider network. In this scenario, there are no VPN gateways. Instead, enterprise A provides directory services for its customers based on a federated B2B relationship. As a result to the federation, the enterprise trusts the credentials that enterprise C & D users offer when they access enterprise A’s secure web portal. As they gain access to the portal they are in turn offered a certificate based secure encrypted transport via SSL or some similar method. Once that occurs they have access to the secure portal and can do their business within the allowance of the access control policies. Note that while Enterprise A has relationships with all companies, there is no provision for direct connectivity between Enterprises B, C & D in the context of ‘this’ business ecosystem. Other contexts may allow it.

Further federation of the internal security frameworks would allow for the autonomic modification of security policies (i.e. Firewalls) and access according to the higher level governance of the policy environment of the larger Federation. Federation allows all of these companies to interact and execute a business ecosystem in a relatively secure fashion that does not demand undue opening of each company’s security border.

Sidebar – The Neurobiology of Trust

Recent studies have shown that the phenomenon of trust is strongly related to the quantity of the hormone oxytocin in the bodily system. A monitored test with a variety of a game of trust indicated that during periods of relatively trusting interactions the hormone was seen to markedly increase in particular portions of the brain that revolve around facial recognition and social interactions. Conversely, the hormone was seen to decrease in instances where the other players actions illicit a feeling of mistrust. Along with this decrease in oxytocin, there are also telltale ‘fight or flight’ indicators such as colder hands – which reflect the surge of blood to the body core. Furrowed brows are another key indicator along with escalated heart rate and corresponding increase in blood pressure.

Additionally, other studies have shown that facial expressions or genuflections that are meant to indicate friendly intentions such as waving or smiling will also cause a marked increase in the presence of the hormone.

The question remains on how whole heartedly trust can be generated and maintained with the at best indirect human interactions that are often the case in ecommerce situations. These studies do indicate that there are biological reactions that can actually be measured within the human brain. This fact leads to the possibility of designing ecommerce sites where test users are monitored for the presence of oxytocin in the system as they navigate through the prototype site. Such design approaches will allow for the redesign of ecommerce sites that are better suited to the human aspects of trust. In the future, real-time biometric sensors may be able to report some of these indicators back to the ecommerce site to provide feedback of the customer’s level of comfort as they use the ecommerce site.

 What about the guy in the mud hut?

 All of this is well and good for enterprises, but what about individual users who are not affiliated with an enterprise? Unlike the enterprise, these individuals do not have the convenience of large budgets for security. The analogy here is very close to the farmer who lived in the mud hut and traded his wares with larger kingdoms in return for the needs of life. When you think about it, the e-commerce paradigm is quite frightening for these users. They are using a network that they do not administrate or control to gain access to services that they also do not control to purchase products. Very often they are required to put fairly sensitive data into the web interface that they are using. All with very little level of assurance that no foul play will occur. When put this way, it is a wonder that anyone does anything on line that has to do with credit or financing. Yet, many do. The convenience outweighs the perception of risk. Even with this motivation however, the level of internet sales during the Christmas holiday season has experienced a sharp decline with many folks opting to investigate on line but actually get in the car and physically go to the store to buy the product in person. Internet sales were shown to be down forty percent during the 2006 holiday shopping season. While the numbers are not yet in for 2007, many fear that it will reflect further depressed numbers. When asked why through the use of surveys and such, many users cited fears about identity theft and the commandeering of credit cards for illicit use, and this concern is to some degree validated. A study by the Federal Trade Commission (This study can be found at: http://www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf ) has shown that Identity Theft reports hover at around 4% of the surveyed population with losses totaling 15 billion dollars in the 2006 time frame with an average cost per user to be around five hundred dollars. These statistics are intimidating. Moreover the experience of identity theft is even more so. Most users become very leery of e-commerce of any kind once they become victims. Indeed, many psychologists are saying that the same post stress symptoms that individuals experience after a mugging or robbery are being experienced by folks that are unfortunate enough to experience cyber fraud or identity theft. Obviously, there is no threat of physical harm, but the feeling of violation and loss of control are just as acute. As more users undergo this type of experience, they take it into their social context. They tell friends and family of the ordeal and by word of mouth provide a dampening effect on e-commerce activity by the reduction in the perception of assurance. This is very similar to my neighbor telling me about the shoddy job that the neighborhood kid did on his or her lawn. As a result, I will tend to be more diligent and inspect the job more thoroughly when it is completed and even perhaps pick out some thing I might otherwise disregard. My degree of trust has been compromised because of the reduction in assurance by my neighbor’s comments. This would be even more so if it were a baby-sitter because if the increase in the level of assumed risk. We can find a direct analogy in e-commerce that speaks to some of the reasons behind the downturn in activity.

Clearly, there needs to be some sort of governance for security within domains of public Internet access. Internet Service Providers are increasingly moving to meet this new set of requirements. Many will provide SPAM protection, anti-virus updates, free firewalls and other security related code and services as a bundled part of the access service. The movement to security governance in the provider space is the only way to further secure the guy in the mud hut. Many Internet purists bristle at any such proposal. I would argue that Internet purists are not ‘real world’ just as Adam Smith wasn’t on the economy. There is a real threat to the common Internet user, and security domains of interest (i.e. by the companies who provide Internet access) are the only way to combat the problem. Software updates to users PC’s are only part of the answer however. Providers need to incorporate stronger security policies based on histograms of problematic sources. As users become known perpetrators in cyber-crime or even spamming activities, providers need to crack down and revoke access as well as if appropriate, forward the incident to legal authorities. Believe it or not this actually does occur. During the 2005 timeframe the FBI executed a significant string of arrests on child pornography trafficking; all with the cooperation of Internet Service Providers. Other arrests have occurred in the areas of identity theft and cyber-fraud that show that it is possible to do enforcement, which after all, is a key ingredient in any system of governance.

Given all of this there is still something more. We have thought about protection of identity and privacy. We have talked about active components that can police and provide this boundary of security domain. We have also talked about the role that the user’s machine can play in the security paradigm. There was also the discussion of the federation of these systems and methods so as to provide a coordinated system of governance for infrastructure and policy. What is missing is a key element that goes back to the days of the Templar Knights; reducing the element of reward or temptation.

What’s in your wallet?

 If I have a credit card account that is in good standing is there really any reason to put the number of the account on line when I buy something on the web? Really, think about it… do I really need to do that? Would it not be better to hash out a string that is unique for the transaction and then share it with my card provider (via a dedicated secure connection between us) which I in turn then present in equivalence to the e-commerce vendor? Which would of course, occur over a different secure connection. The e-vendor (if I may use the term) would then in turn present the hashed token to the card provider. The card provider would then research its record of transactions for the user and then (hopefully) find that it is ‘open’ from a transaction standpoint. The card provider would then honor the credit and then update the account. Now yes, there is the argument that someone could steal that hash, but it is limited to the value of the transaction only. It will likewise be a one time only occurrence within space & time that can only be valid for the transaction at hand. Given the speed of most levels of Internet access, there will potentially be only micro-seconds worth in time where a potential thief could ‘steal’ the transaction. Consequently, a strong level of assurance would be provided to the user that ensures their trust.

The key concept of the above is that while abstraction has been the enemy of the commerce paradigm from the standpoint of this paper so far; it is also an avenue for further entrenchment of security services into the e-commerce paradigm. While abstraction from the original concrete transaction (remember the village trading example) has caused a series of potential security holes where criminal activity can occur, in a very real sense further abstraction of certain aspects can help alleviate them.

This concept of the digital wallet yields a system which simply generates credential hashes that are used in tandem with Identity assertion tokens to ‘point’ to entities that can in turn validate the transaction. These ‘pointers’ are only valid for the context of the transaction, with the vendor that it is intended for and for a limited duration. All of this closes the window of risk exposure considerably. The direct credit card information is never out on the wire. There is never any instance of where it needs to be presented. This thereby attains complete abstraction from the actual credit card number information. This is a critical move that greatly reduces the assumed risk for the purchaser. It also significantly lessens the level of temptation for any would be cyber-thief. The level of assurance increases, or more so, the level of required assurance decreases in like (recall figure 3). Provided that there can be a solid way to identify valid e-vendors, the level of assurance with existing technologies could be enough to provide the boost in activity that e-commerce needs at this point in its growth as a market sector.

If such a system could be built that not only incorporated the abstraction concepts described above but also included a consortium of e-vendors and credit card providers, a cyber shopper could then look for the ‘brand’ label that provides the added level of assurance that this is a safe site that participates in the business ecosystem consortium. They will know that they can enter the site and buy something by the hash generation technique mentioned above and that they will not at any time during the course of the shopping cart experience ever be asked to put in a credit card number. But this only works if there is the assurance of participation in the system of governance and the ability to identify oneself as such.

 Just who are you?

 In all of this what is consistent? From the initial Stone Age village trade to the next generation e-commerce transaction what shifts and what doesn’t? Well, as we have seen almost everything shifts. The concepts of representation of worth and the methods for doing so have definitely changed. The methods of advertisement and business have most definitely changed as well. In both instances, the changes have led to more abstract models of function. In turn, the aspect of identity has been necessarily been abstracted to fit into this new environment. But interestingly, it is the one thing that, at the end of the day, has not changed. After all, the human that traded his cow for grain in Neolithic times could be viewed to be no different from us modern humans outside of all of the additional trappings of civilization. In all of this garbled abstraction that has gotten added to the commerce model there is still the humble human who is looking to buy or sell something and of course during the course of business make a few bucks! Even in light of complicated autonomic business processes where the human who is buying something is not acting with another human ‘at the other end of the line’, but is instead working with fairly inhuman process oriented flows; there is still a group of humans who set up the automated process environment. It is also assumed that these humans did so with the intention of making a few bucks. So the fact of identity does not go away with automation. As a matter of fact, it has now become one of the most critical pieces to indicating the success or failure of the e-commerce model. To be clear, while the need for identity has been consistent, what it means has had to change drastically.

If we recall the Neolithic village trading example, we were in a village in central Asia before the advent of the Bronze Age or perhaps right at it inception. The whole population of the village was most probably around one hundred and fifty individuals. Comparing this with most isolated villages in central Asia today would give credence to such an estimate. Given these numbers, it is highly likely if not almost certain that the two individuals knew each other well. It is also highly probable that each individual’s families knew each other as well. In other words, identity was part and parcel to the Neolithic trade. If someone came in from across the tundra with a cow that they wanted to trade for grain the result would probably not be a good one for the ‘would be’ trader.  In real life, he would probably be killed quickly and the cow simply taken by the family that did the killing. At the very best, it would probably work out that the village would simply take the cow and leave the stranger, perhaps bantered about a bit. In any case, the least probable outcome would be for everyone to sit down at the fire and draw up an equitable trade agreement for the animal. Why? The answer is simply that the stranger is not ‘one of them’ and because of his singularity has no leverage. He is not part of the social fabric of the village, so unless he had something really outstanding and had the ability to defend it – and there were points in pre-history where things like this did occur – he would usually be turned away or worse, killed

This is really no different today. We do not kill folks that are not part of our social circle any longer, but someone who is not part of the normal social eco-system will usually find it harder to do business in person to person exchanges. The problem is, with e-commerce it is very hard to hold this kind of line at all. As soon as you go on line, you are dealing with folks you don’t know and probably never will meet. Granted there could be a small percentage of folks who you know who own e-commerce companies, but I think that you will find the list to be quite short. The real fact of the matter is that in most instances you do not know the folks that you are doing business with. This has been cited as one of the major issues that folks have with e-commerce. The fact that there is very little that can be provided to assure the user that they are talking to who they think that they are talking to and that there is no one in the middle.

Identity may be a consistent historical feature in assurance, but in the new e-commerce model the concept needs to change. Clearly, if any real capability for identity is to be brought into the e-commerce paradigm we need to consider the human in the cyber environment. First, all instances of human presence on the Internet are composite instances. The reason for this is that no human can access the Internet directly. All humans require some type of device as well as some type of network access with that device to get on line. The composite goes further as well, there are the aspects of the capabilities of the device; the bandwidth available, the type of video or audio supported, perhaps even the location of the individual as they access the network as well as the application they are using! All of these characteristics build up the composite entity that is a human being on line. The figure below illustrates this concept, note that there is a layered instance of the human over some type of interface into an application which is in turn supported by an operating system for the device and lastly the device hardware itself. All of this together adds up to the complete instance of a human presence on the network. Does this mean that a human with one device is different for that same human using another type of device? The answer is yes. Particularly if there is a significant difference is device capability, particularly in the area of security.

Figure_5

 

 

 

 

 

 

Figure 5. The Composite on-line Entity

 Going further, we could extrapolate this out to non-human instances of presence as well. It would apply to application servers or to thinner types of devices as well such as sensors of the physical environment like video surveillance cameras. In these cases, there is no human sitting at the ‘other end of the line’. Instead there is just a machine. But the machine is also a complex of composite elements. It also has an application, an operating system, hardware elements and many other items that make it a server or sensor device. As the figure below shows, the same could even be held true for the simple video surveillance camera. As the figure below shows, both the server and the camera have interfaces so that a user can log into that entity. It is by this logging in that an association then occurs between the entity and the human, which we must remember is in turn a composite instance on the network. So things can get fairly complex and convoluted in terms of who is who and who is running what. In order to clarify how these relationships can be embodied we will go through a couple of mundane examples of network resource usages and how the aspects of identity are inherited.

Perhaps the best and most clear example of the transference of identity by system log on is in the case of video surveillance. The reason for this is that by logging into the system, the direct visual perception of the individual at the console is literally extended on a virtually unlimited basis. In essence, a person could be sitting in Europe watching real time video (less the latency for delivery of the data) of camera feeds in the United States or elsewhere. This relationship is shown by the diagram below. This is a rather obvious fact. However, one of the things that needs to be considered is that the systems intentions and integrity are directly associated with the whims and motives of the human being that is logged into it. In other words, there is a big difference between law enforcement personnel, illegal voyeurism and potential terrorists.Figure_6

 

 

 

 

 

 

Figure 6. An example of how identity transits composite entities

The issues get more complicated with automated process flows. In reality all process flows have initial human sources. Even process flows that are completely automated and self configured were designed by humans for a particular purpose. A good example is the recent flurry of Service Oriented Architectures (SOA) that are now the IT industry vogue. Based on web services concepts, a given process or application is packaged into a ‘service’ definition which is in turn represented into the SOA framework as a ‘service’. A service would typically represent some sort of application that drove a business process or a function for an overall business process. An example could be an application that performs order processing or billing within an end to end business transaction. A simple SOA process flow is shown in the figure below.Figure_7

 

 

 

 

 

 

Figure 7. A Simple High Level SOA Process Flow

It illustrates a simple e-commerce order process flow. Each part of the end to end process is represented as a service within the overall process flow. Each is a web service application or a legacy application that has been adapted to a web services architecture. Each was created by a human being or multiple human beings for a specific purpose. Indeed a good degree of equivalence could be drawn between the old time order clerk, who manually fulfilled the order by paper and the application that now processes the order electronically. Just as there was the old time possibility of the clerk fudging the order and embezzling the remainder, so too there exists today the possibility of an embezzling web service that is purposely designed to accomplish that end. Perhaps more feasibly, a rogue web service could be designed by less than honest staff that could be inserted into the process that might behave perfectly well on the front end. This is shown in the figure below.

Figure_8

 

 

 

 

 

 

Figure 8. An example of a ‘Dark’ SOA Service extension

On the back end that same service that checks and validates credit accounts might export customer credit card numbers to a dark server somewhere on the network before being taken off site or otherwise forwarded. This ‘dark’ portion of the service is not represented in its services description to the SOA environment. It is for all intensive purposes an invisible portion of the service due to the abstraction that SOA infrastructures provide. In essence the only way for this service is by monitoring its conversations and data exchanges directly.

The whole point of this is that systems and process automation do not by themselves, address the issue of trust. In some respects, the issue is made more difficult by process automation. This is particularly true if systems of governance for Web Services within the organization are lax. There is an additional point to this however. Each of the web services is a composite entity. Each entity possesses the capability for damaging activity. How damaging depends on what the service does in the end to end business process. This means that identity is just as critical here as it is in the human interaction model. Additionally, histograms of activity for a service need to be monitored so that any unknown or undefined communications coming from it or going to it are quickly analyzed and dealt with. It must be considered that in this environment, a lot of damage could happen in a very short period of time. Hence, the systems of identity and governance must in turn be automated and extremely dynamic.

The Dark Delta – The difference between perception and reality

Trust is clearly something that is related to our perception of risk. The main problem here is that our perception may not always be totally accurate. Furthermore, it could be argued that our perception can ‘never’ be totally accurate. This gets into some very important aspects of the physical universe and our consciousness and awareness of it and the events within it. In essence, we never see reality as it is. We only see our representations of it within our own minds. At one time cognitive theorists proposed that our minds were in essence reflections of the events that transpire. This implies total accuracy of recall in those events. Subsequent findings have shown that our pictures of reality are in essence pictures that we generate in our head against an inventory of symbols and images that we learned and hold in our heads. What this means is that we do not totally recall events as they transpire but rather will swap and integrate the perceptions of events with the memories and symbols that are pre-resident in our minds. It is by this ‘strange loop’ (similar as in the mathematical concepts of Godel’s theorem) that allows for us to ruminate and in turn induct new symbols and perhaps even create new symbols in light of information received. If this were not the case then insight and invention would be impossible for us. We would simply be mirrors to what we see and react accordingly. This is obviously not the case. But while this innovative twist in cognition plays a critical role in what makes us human, it also introduces some thing that I term as the ‘Dark Delta’. Between the actual physical universe and our perceptions of it there is always a potential delta of information and as you can readily see there is no way to eliminate it. We can only narrow it.

Now we could go as far as to dismiss this to philosophical conjecture. After all, for every day occurrences this delta is very small. Generally, what we see and what we think we see align fairly well. However, let us consider how perception can be thwarted. First off, one commonly unknown fact that because of the latency in perception there is an inherent sub-second delta between what we see and what is there. For normal speeds, the delta is negligible, going at a speed of 60 miles an hour down the highway however our minds perceive us to be 11 feet ‘behind’ where we actually are. This translates to a critical subtraction of the time delta for decision making. The faster you go the more the delta expands, so that if you are piloting a jet going at six hundred miles per hour, your perception is 110 feet off from reality. This is just in speed and the latency of perception. Let’s now add in interpretation. Going back to our Neolithic ancestors, or even to a modern human in the jungles, a Tiger’s stripes can readily be perceived to be part of a tall stand of grasses. Lack of proper match between what you think is there and what is really there could get you killed. This carries forth into our modern world. Recently in New Orleans there was a woman who was approached by a well dressed and manicured man as she exited a quick mart and got into her car. He held out a five dollar bill and said that she dropped it in the parking lot on her way to the car. Fortunately, she had not yet put the change back into her purse and was able to quickly see that he was mistaken. She indicated so and went to close the door. The man quickly attempted to prevent her and insisted that she in turn was mistaken. After she managed to get the door closed the man began banging on the window. She quickly pulled out and away from the location. Shaken, she decided to call 911 and report the incident. As a result, she was contacted by the police and called down to the station. Puzzled by being called down for a seemingly odd but non-criminal event, she soon found out that a serial killer had been operating in the area and was somehow gaining access to women in broad daylight and in a populated area. The police were puzzled at how the killer was gaining access. This woman very narrowly missed what could have been a fatal incident. What saved her? It was information. Because of the fact that she did not put the money back into her purse, she was able to use this informational context to narrow the dark delta. By this narrowing of the delta she was able to arrive at the conclusion that ‘something’ was not quite right.

So we can see that the Dark Delta is not just philosophical mumbo-jumbo. It is something that we deal with every waking moment of our lives. (One could argue that during our sleep the delta is significantly widened – perhaps even infinite). When we move into a cyber-environment, this delta widens considerably. Importantly, it widens not only in the context of perception and interpretation because of the implied levels of abstraction we have spoken to previously, it also widens because of speed. Not the speed at what the user is traveling but in how fast transactions can occur in relation to the awareness of the user. In short, in a cyber- environment things happen fast and we are not always totally aware of exactly ‘what’ occurs. As a result there is a whole underground culture and industry that capitalizes on this expanded delta just as a whole culture and industry grew up around the various levels of abstraction that have evolved prior to cyber-commerce.

We can also show that the context of the delta shifts as well. In the case of the woman in New Orleans, the delta was in the perceived ‘intentions’ of the man. As noted in the previous section, in cyber-space this can extend to the very ‘identity’ of the man. The man can not only pretend to be nice, he can also pretend to be some one that she knows and trusts. This particular expansion of the delta pushes things into a third new critical dimension. Three dimensions being speed (latency), perception of intention, and perception of identity. The combination has fueled a surge of child predator’s that use the cyber-environment to gain the trust and to some degree control over youth that they would otherwise never gain from direct personal contact.

Information and Context – The light that narrows the delta

As we pointed out above, the fortunate woman in New Orleans was saved from what could been a fatal incident by information and context. As a result, information and context needs to be considered in the overall trust model. At first light, we could simply classify it as another issue of assurance and indeed it could be. As we look a little closer however we can see that the information and context more appropriately serves as a degree of ‘measurement’ in the ‘accuracy’ of the assurance. This is a key difference. In the case of the woman, the man’s appearance provided a sense of assurance that there was little risk to be assumed. This misunderstanding however led to the demise of many unfortunate victims. What the added information and context did for the woman was to highlight that fact that somewhere there were inaccuracies in this perception of low risk. Note that she did not know why – but it could be argued that that was not required. The inconsistency was enough to put her on guard and in an alarmed state. You could almost say that the context and information was like a torch or a flashlight that cut through the darkness and highlighted inconsistencies. This highlighted awareness perhaps saved her life.

We can draw the same analogy in the cyber-space environment. Many representations are made in cyber-space. Some are implicit in functions such as IP addressing and naming resolution, others are more explicit such as user identification and passwords. All of them can be manipulated, spoofed and stolen. There are also potential ambiguities as to what is actually on the wire versus what is perceived to be on the wire. Examples of this are Trojan payloads and masked XML data insertions. It is in drawing out these inconsistencies that provide us insight into potentially nefarious activities such as spoofing, insertion attacks and bot-nets. It should be noted that often attacks are caught by the symptoms of abnormality, not by the event itself. Searching for the attack instance itself or trying to find the exact event on the wire is like trying to find a needle in a haystack. This is part of the argument to do away with perimeter security. There is somehow the false impression that once you get authorized access and the appropriate health checks you are good to go of the rest of the time. There is also the false impression that you and your intentions and your machine and its intentions (for lack of a better term) are the same thing. They most certainly are not. You could be honestly accessing your systems and doing your job quite innocently while your machine is mounting attacks and/or running executables to pirate data. It is in highlighting the inconsistencies and abnormalities that where we find the best reference to the clues of such nefarious activity.

It could also be argued that if you wait for the attack and recognize it at the system that is being attacked, you are too late. This provides further argument against the total decomposition of the security perimeter to the server itself. The ubiquitous presence of the Dark Delta further exacerbates this model. The server is by analogy equivalent to the woman and the perimeter security systems to the information and context. The reason for this is that the Dark Delta applies for all entities, not just humans. By removing the perimeter security, the server is left to its own limited perceptions of what is actually going on or coming its way. Also consider that any element of time has also been removed, an attack is real-time and imminent. It also needs to be established that there is also a dark delta in known signatures for attack and virus recognition, so the server itself may not be able to discern a piece of malicious code or data because it has no context to reference and hence provide a match. Recall our symbol matching ability – as an example if you’ve never seen a poisonous snake you are much more likely to identify it incorrectly and perhaps even be willy-nilly in the way you choose to approach it. Such a mistake obviously could be fatal to you.  The security perimeter provides an additional perspective and informational context (equivalent to our internal symbol inventory) that can highlight and narrow the Dark Delta considerably.  It also provides the obvious role of intermediate remediation of any events which we typically attribute to such systems. By creating systems and architectures that can provide context and information that can be ‘cross referenced’ and validated, light can be shown into this Dark Delta and narrow it considerably by removing ambiguities and increasing the accuracy in the perception of ‘reality’ on the wire. Increasing this revealing light for users could potentially highlight inconsistencies in representation and intentions by highlighting unexpected address combinations, network ingress patterns, spoofed system names and addresses as well as whole web sites.

In a very real sense, the same elements that serve to save the Neolithic hunter or unsuspecting victim in a parking lot are the same elements that serve to protect and ‘save’ our information systems and infrastructures. A Neolithic hunter is saved by noticing an inconsistency in the textures and colors or in the shadows within the grass and moves well away prior. If he waits to find out it is a tiger he is probably too late. Next generation security architectures also ideally aim save the systems they protect by noticing and highlighting inconsistencies prior to finding the tiger in the grass first hand.

 In Summary

 As this paper closes on the subject of trust we find a number of parallels and traits that are characteristic and universal to the paradigm. As the human race moves into the next generation virtual world of cyber-commerce, these parallels will be extended and retrofitted to work into this new environment that same way that they have been retrofitted to monetary commerce and market based economies.

As shown early in the paper, the paradigm of trust has been challenged time and time again by increasing abstraction in the way we humans interact. What was initially a very concrete attribute to a relationship has become increasingly abstract and disjointed both spatially and temporally as we move into the 21st century. As this evolution of commerce moved into a more virtual construct, we in turn developed methods of governance to provide assurance that transactions of commerce happened in a predictable fashion and with rules that insured participants complied. In addition to this element of governance there was an equal need that developed for enforcement so that the rules of governance were followed and those that violated the ‘contract’ were dealt with appropriately. This delicate balance has for the most part been maintained to allow for the sophisticated commerce culture that we have today. If one thinks about it, the culture relies on many things that are taken for granted. Once that balance is upset, many of those things fall asunder and a society can fall into severe and potentially fatal upset. We pointed out historical instances where this has occurred and provided insight into how the seed of demise came about. It became apparent that the lack in the ability to enforce the mandates of governance led to an overall reduction in the level of trust in the systems of the time. With this reduction of trust, the foundations of commerce began to implode and as a result the society as a whole reached a point of collapse.

I think that it should be apparent by now that trust is something that is inherent to the human condition. At the risk of extending the paper, it could be argued that trust is an integral ingredient to any social animal. Once an animal chooses to become social it ‘gives up’ certain things so that it can ‘gain’ others. Usually gain outweighs loss. A good example of this are the social evolution of wolves who give up independence in lieu of certain other benefits such as the superior hunting capability that they are so well known for. Each wolf ‘trusts’ in the system, and it works. This works the same way with us but it is made far more complex by the ‘strange loop’ phenomenon that was mentioned earlier. With humans, as we have seen – it is not so simple. Humans (and certain other primates) have this ability to intentionally deceive others within its social circle. This strategy has been successful over the millennia. This must be so, otherwise all people would be honest. This is obviously not the case.

This subversion of trust required systems of governance to assure proper bounds of behavior within the society and commerce system. Enforcement is therefore a key element to trust that may be somewhat indirect with it but directly related to the concept of assurance. This in turn shows that while we as social animals may have a magnetic tendency towards groups, we require rules and methods of enforcement to stay together in large groups for any length of time. We can view the modern requirement for network and systems security to be evolutionary results to this ‘arms race’ between subversion and governance that is as old as society itself.

There are some historical lessons to learn however. The first is that while decomposition and collapsing of the security boundary may seem more cost effective and scalable, it is not a feasible approach as it removes intermediate systems of defense that may prove to be critical during attack. Additionally, these systems add layers to the overall defense network as well as a different perspective that the server itself could never have. Rather than decompose and collapse, it makes sense to decompose and distribute security functions without removing critical layers of defense from the infrastructure. By doing so, there is necessarily the requirement that the server and application policy environment act in an orchestrated and federated fashion with the network if such coordinated services are available but then revert to a simple decomposed model when they are not. In the instances where it is not available, more constrained access policies may be put into place to assure that access is limited for the application called and nothing more. This approach can in turn offer the best of both worlds to the mobile user with the varying degrees of trust that are established.

We also discussed the delta that exists between perception and reality as well as how it relates to the concept of trust and assurance. We went on to illustrate that the level of perceived risk to the ratio of potential reward was the primary determinate in the trust decision process. It was shown that systems could be put into place to provide further assurance or insurance to the user. This in turn can push the level of perceived risk down and further encourage the user to continue with their on-line purchase. The proviso being that the user is secure in the fact that they are dealing with who they think they are.

This in turn led to the concepts of identity and the important foundational role that it plays in trust. We discussed how the aspect of identity gets fuzzy and rather complicated in the cyber environment as well as how identity can become smeared across the network by the user logging into different systems. We also discussed the fact that with systems automation we need to consider machines and the services they render in much the same way as we consider humans. Machines and their resident services need to be challenged, authenticated and authorized just as humans are required to do so. Systems of governance also need to be put into place to provide the right monitoring capabilities to assure proper behavior within the scope of authorization that has been allowed. Enforcement capabilities also need to be available so that entities that violate the scope of authorization are dealt with appropriately.

The delta between perception and reality was also discussed in both its inherency and its impact. We termed this the ‘Dark Delta’, which in essence represents the inherent aspect of the unknowable within a moment of space and time between what an entity (human or machine) sees or otherwise experiences and what is really there. We discussed the fact that there is always a nominal delta but that in most instances this minute difference is not enough to be of any significance. In instances where the delta widens, there is usually a strong cause for concern because decisions can be made by the entity in question that it might not otherwise make. In many cases, being in a scenario where decisions are made against incorrect or incomplete information can be dangerous. As with the tiger in the grass, it could be fatal.

Clearly, work to reduce the Dark Delta is required in order to establish and maintain a trusting environment that does not have undue risk for the individual extending it. In legacy commerce environments these systems have been in place since the birth of monetary based commerce. Many of these systems have simply been transposed into the ecommerce environment with little or no modification. This failure to evolve paradigms has resulted in a significant widening of the dark delta in ecommerce. This is reflected by the recent downturn in holiday season on line shopping – with fear or concern of identity theft being the number one cited reason.

One of the final premises of this paper is that in some case further well designed abstraction can in turn complicate things for the would be thief. Additionally working towards shortening the length of time and lessening the potential reward of pirating a transaction or its associated data will further reduce the window of opportunity to a level where it is longer worth the effort to subvert. By this further abstraction and by creating systems to reduce the dark delta within interactions (this includes all modes of interactions – person to person, person to machine and machine to machine) an environment can be reached where consumers will feel the degree of comfort that they require to move towards an ecommerce paradigm. Many would argue that the fate of the free market commerce system hangs on its success. Whether this is true or not will remain to be seen. It is however certain that the aspect of trust is foundational to human societal dynamics and its most recent embodiment in the Internet and ecommerce.

 

Epilogue

In light of the economic down turn of late 2008 it seems prudent to provide an epilogue to the summary and the conclusions that this paper reached. While many of the examples and analogies used in this paper seemed to be rather prophetic, it should not however be considered as special in any way. The reason for this is the fact that the basic elements of commerce and society have not changed. They are the same today as they were two thousand years ago. Technology has not served to change any of them. More so, it has served to enhance or inhibit them, but the basic elements have remained the same. Trust in the system requires trust in its governance, which extends to its rule of law and enforcement of it. Once these systems are eroded serious consequences are often the result. With the recent events of impropriety and even thievery at unprecedented levels, along with the long list of bail outs for firms that have come to the point they are at by mismanagement and overextension of risk. It is little wonder that trust is in short supply from the perspective of the common man.

It is not an exaggeration to say that very edifices and foundations of trust in our free market system have been severely shaken. Again history has shown that at such times, the collapsing system of commerce, if not corrected can result in follow on collapses in the trust of the systems of society. At these times, governments are often forced to implement martial law and strong centralize government to maintain order by rule of force. President Obama was quite correct when he alluded to the fact that stronger regulation and transparency were key elements in restoring faith in our systems of free commerce as well as our way of life.

As this paper has illustrated, while the basic elements of society and commerce have not changed, the dynamics are strongly affected by technology. On a closing note, history has shown that technology tends to ‘grease the skids’ for commerce and society. It can serve accelerate the rebound of such systems after down turn events. The reason for this is that human societies will tend to pull inward as a result to down turns. After the fall of the Roman Empire, both systems of commerce and society were in ruin. The pulling in of society was severe – perhaps the most severe in the history of mankind. Society and commerce often did not go beyond the walls of the castle or fortress. The pulling in at this time was also of a very long duration – lasting hundreds of years.

Subsequent down turns have not been so severe and in each instance technology served to allow for quick and more consistent rebounds to the economy. The reason for this is simple…communication. Each new innovation in the movement of information has served to re-establish the critical links of human communication that are so critical for the re-establishment of trust. It is the opinion of the author that this down turn is no different. As pointed out earlier, as a result to a down turn societies turn inwards in the way they operate. Commerce reverts to more local community levels. With the internet and modern communications ‘local’ no longer has to be geographically local but local in the form of context. The World Wide Web has allowed for the growth of communities of interest in which ‘local’ groups can interact on issue and motives of common interest. As an example, a vendor in North America can do business with a partner based out of Southeast Asia based on the fact that they were room mates in college. Now they are on opposite sides of the globe, but can leverage the personal relationship that they have just as if it were at a local level. Recent services such as LinkedIn™, Face Book™ and technology trends such as Cloud Computing and Service Oriented Architectures are good examples of this. On the web, local cyber communities can serve to re-establish on line commerce without requiring full blown trust in the monolithic world of high finance. By allowing technology to enhance traditional human patterns of interaction, the pulling inwards that accompany economic down turns can be accommodated without the severing of long distance and cross cultural ties that have typically been the result in the past. For the first time in history the term local is not limited to merely geography. This has had and will continue to have profound impact on human society, systems of commerce and the trust that these systems require in order to exist.

Advertisements

10 Responses to “Aspects and characteristics of Trust and its impact on Human Societal Dynamics and E-Commerce”

  1. Mim Bizic Says:

    Thanks for the information. Wasn’t aware of the Dark Delta.

    Here’s another example for you like the woman/well-dressed man/$5.00.

    Happened not too long ago. A very social (pleasant sounding) man called the real-estate agency to see a few houses. Well-dressed, he went to visit a few of the houses he saw on line with the professional realtor. Near the end of the “tour,” he asked the female real estate agent to show him one more home that was in the outskirts (farm-like area). He was a real good actor, viewing other rooms and expressing interest in home. Wanted to see the basement. Once there, he raped the poor real estate agent. The case was just in the papers last week.

  2. 41745 Says:

    Nice post. I’m studying something similar here at Winston-Salem University. It’s really stimulating to understand content from
    other people and observe a little bit from their source.
    If it’s okay, I’d greatly appreciate it if I might use
    a few of the articles on your blog. Naturally, I’ll feature
    a hyperlink to %target_domain% on my blog. Thanks
    for posting.

  3. wooden doors Singapore Says:

    I will immediately clutch your rss as I can not in finding your e-mail subscription link or e-newsletter service.
    Do you have any? Kindly permit me recognize so that I could subscribe.
    Thanks.

  4. click here Says:

    Good post. I’m facing some of these issues as well..

  5. download RP generator Says:

    When I initially commented I clicked the “Notify me when new comments are added” checkbox and now
    each time a comment is added I get three emails with the same comment.
    Is there any way you can remove people from that service?
    Bless you!

  6. http://www.incaradvancements.co.uk Says:

    Simply want to say your article is as amazing.

    The clearness in your post is simply excellent and i could assume you are
    an expert on this subject. Fine with your permission let me to grab your feed to keep up to date with forthcoming post.
    Thanks a million and please carry on the enjoyable work.

    • edkoehler Says:

      Thank you so much! I am truly flattered and am honored to have my content used to facilitate further education.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: