What is the relationship between trust and security, security and privacy, privacy and personal data protection? For some time now, I knew that there was something wrong with the so-called trust technologies, but I did not take the time to pin down what the source of the problem was. Apart from rechristening them as distrust technologies, I did not make the effort to explore any further the matter. Here are two excerpts from previous posts:
Is there an escape from an alternative that can only lead to an escalation in the development of distrust technologies? in Why Open Badges Could Kill the Desire to Learn?
One of the most interesting and undervalued features of the Open Badge Infrastructure is trust: I have commented before that there is a risk for the Open Badges’ pretty pictures to become what the proverbial tree is to the forest of trust. I’ve also written that OBI is a native trust infrastructure, while most of the so-called trust architectures would be better described as distrust architectures (in a native trust environment, trust is by default, while distrust is generated by experience; in a distrust environment distrust is by default while trust is generated by experience). in Punished by Open Badges?
Designing Principles for a (dis)Trusted Environment
What brought me to explore further the issue of trust and security was the participation at a workshop organised by the Aspen Institute at SXSWedu 2015. The participants were invited to produce a series of scenarios eliciting the design principles of a trusted [digital] environment. The workshop took place the day following a session on “Designing Principles for a Trusted Environment” during which the winners of the DML Trust Challenge were announced.
While the challenge we were invited to address was the design of a trusted environment what struck me in most of the proposed scenarios was that they did exactly the opposite: they designed an environment where distrust was the founding principle. The designing principles for a distrusted environment were:
If you have a problem with trust the solution is increased control and security measures.
While this principle might sound fine to the superficial reader, the problem is that it reveals a misconception of what trust is about and, consequently, on how to deal with situations where low levels of trust are an issue. While both trust and security are related to safety, they are at the two ends of a spectrum.
While one can take security measures, send security forces, one cannot take trust measures and send trust forces. Security is something you can do to things, trust is something you can only get from within. Mistaking one for the other, trust for security, could (and generally does) have deleterious effects on trust.