Everybody knew Facebook was using our preferences to target advertising on an individualized basis back at us. That was the trade-off for it offering the public “free” use of Facebook. However, the use of our personal preferences to attempt to manipulate us into believing specific political ideas is too much of a Faustian bargain. Internet trust is an important concept.
Trust
The term “trust” with respect to the Internet has been popularized in the field of information security. Development of a pragmatic, formalized concept of trust has progressed. Methods of measuring trust and its extension are continuing to be developed as the importance of trust in economic relationships becomes more explicit. Characteristics of trust that have been classified as important in the process of developing information security standards and practices include expertise, variance, accuracy, history, accreditation, repetition, and proximity. Following are brief explanations of these concepts as they relate to the concept of trust:
Elements of Trust
- Expertise, in the form of a proclamation by a professional who is known to be trusted with regard to information about an area of specialty, such as a licensed physician, is an element of trust.
- Variance, the relative degree to which a single assertion differs from actual, measured experience or history (a set of assertions and events over time), is a component of trust.
- Accreditation is another example of trust. It is a trusted organization’s assertion about another group or an individual. The Better Business Bureau asserting that a business is trust¬worthy is an example of accreditation. Licensing is an official or government-mandated form of accreditation.
- History of a party or class of parties and the existence of a history of experience with a party or class of parties are indicators of trust. History and variance are closely linked elements of trust.
- Accuracy describes the degree to which one assertion’s correctness matches another’s exactitude. In other words, the closeness of a similar assertion to a known, correct assertion improves its reliability. Accuracy and variance are closely related. Accuracy is conformity to the truth of an accepted model or standard. Variance is a measure of the deviation between two observations, regardless of whether one or the other is an accepted model or standard.
- Repetition refers to multiple actions over time as an indicator of trust. Repetition refers to the act of performing in the same manner.
- Proximity means that a basis for believing something may be its affinity, or similarity, with something or someone else. In other words, an association between a known entity and another entity may be used as a basis for believing in the other entity.
Assuring trust requires security. As trust decreases, a need to minimize doubt and to formulate transfer of this risk (of doubt) is developing. Minimization of doubt is a key directive in the field of information security.
Information Security Triad of Concerns
In this field, it is customary to approach a client’s needs from a triad of concerns. Confidentiality and control are the first interests of security professionals. A clear and precise definition of confidentiality and the methods and systems in place to enforce confidentiality requirements are prerequisites to providing security. Client resource control (possession) is also a requirement for secured information.
Client resource control asks questions such as:
- Who has possession of a firm’s passwords and encryption (scrambling) methods and controls?
- What means are employed in physically securing passwords and encrypted keys (i.e., scrambled passwords)?
- How do human elements (such as background checks) affect the firm’s security?
Information integrity addresses the question, “Who can edit, delete, or perform other actions on the data?” as a means of assuring that the information is what its users think it is. Authentication addresses the question, “Who did what and when?” and involves methods of assuring clients that their customers are who they claim to be and of verifying or repudiating their claims. The concern of repudiation is addressed when measures are taken to incorporate computer security procedure compliance into personnel performance evaluations. Collectively, these are known as issues of identification and are the second concerns of information security professionals.
Information availability and utility are the third information security class of concern. Access by employers to employee passwords and encrypted materials is one of the issues explored in this area of inquiry. Addressing this class of problems involves the areas of data control and data audit.