Forget the Global Marketplace—Trade with Someone You Know

by Andy Oram
December 29, 2000

Trust is a big theme these days. Consultants report that a large percentage of people refuse to go online because they won’t entrust sites with their personal data. The European Union is trying to define consistent rules for commerce so that consumers don’t worry about fraud. And the flagship publication of the largest professional organization in computing, the Communications of the ACM, focused its December issue on the cover theme “Trusting Technology.”

Many of the “Trusting Technology” articles tried to impress the reader with cutting-edge techniques in artificial intelligence or GUI design that would lead users to trust automated systems, never examining the question of whether such systems deserve the trust. Other articles talked in rather general terms about the infrastructure for trust, such as reputation systems and cryptography.

None of the “Trusting Technology” authors, strangely enough, cited the recent and highly publicized book by security expert Bruce Schneier, Secrets and Lies. Perhaps the ACM authors found his conclusions too challenging. He lists automated digital systems and instant global communications as part of a problem, not part of the solution.

Actually, Schneier is by no means the Cassandra he is made out to be in some casual reports. He still believes in using the Internet and in striving for security, but he warns us that systems must be secured in many old-fashioned ways, such as auditing transactions and providing legal recourse to victims. Ultimately, his recent work has made me rethink the globalization ideal where we all buy Oriental rugs directly from Pakistan and where Bulgarian medical patients do real-time consultations at Web sites in Boston.

Some themes from Secrets and Lies

I won’t offer a full review of Schneier’s book in this article, because I don’t have the time or background to do his subtle arguments justice and because I want to return quickly to the theme of global commerce. In any case, most of his points are familiar (or ought to be) to readers of Web Review. Yet even for such readers, accustomed to securing computer systems, his book provides valuable training in viewing the world through a security expert’s eyes.

I was thinking of Schneier’s taxonomy while driving through the Boston area this past week. A protocol attack is illustrated by the driver who zips down the left-turn-only lane to bypass a line of waiting cars, only to make a right turn at the end. By contrast, the pedestrian who runs in front of my car is exploiting my ability to do instant risk assessment. While I find it a hassle to stop for the pedestrian, it’s less of a hassle than dealing with the police and insurance companies. (Psychologists have also recently posited an in-born biological tendency toward altruism, but don’t place your bets on that when you get in my way.)

Now let’s consider the relationship between network security and commerce. What protects me from fraud when I give my credit card number to the Bumbling Bumble-Bee web site?

Not SSL, as Schneier points out—all SSL does is keep someone from attaching a sniffer to my line and stealing the credit card number. It doesn’t even ensure that the Web site offering a certificate has any legitimacy. Once the Bumbling Bumble-Bee has the number, no amount of computer or network security can keep a malicious employee or manager from misusing it; I am protected only by auditing and legal protections within the good old real-world banking system. And incidentally, those same protections form an important backup in case SSL fails. (Security systems are all intertwined: along with legal protections, SSL is still a good thing, and so are strict access policies on the Bumbling Bumble-Bee’s computer and the banks’ intelligent, automated computer tracking systems.)

SSL comes out looking relatively good in Secrets and Lies. Schneier has much more scathing criticisms to offer concerning digital signatures, certificate authorities, cell phones, and smart cards. When he considers more familiar and carefully designed protocols, the usual gallery of side-channel attacks makes its appearance. And while he doesn’t have as many specifics to offer about Internet-connected phones and other devices (because their widespread use is very new) recent news reports show that they provide a colorful playground to would-be attackers. The Garden of Eden does not reside in wireless networks.

The Real World Ain’t No Garden Either

We might as well use the Internet to improve the reach of trade. There are risks on the Internet, but there are always risks in the physical world too. We’ve learned to manage physical risks; managing the digital ones just means playing catch-up to new ruses.

On the Internet, as many have pointed out, there are no visual and verbal clues as to who is trustworthy. And that’s a good thing. Ten years ago, here in Boston, several guys dressed in policemen’s uniforms gained the confidence of the guards in the world-renowned Isabella Stewart Gardner Museum. The purported policemen tied up the guards and made off with several irreplaceable paintings that were never recovered, including a Vermeer and a Rembrandt.

Everything else we know about real-world trust is also subject to an asterisk and a footnote. For instance, every organization needs to trust its employees, but just last week the Boston Globe reported the arrest of several staff at the Registry of Motor Vehicles for forging credentials. (Just think of what you can get away with if you sport a fake driver’s license.)

And I think back several years ago to the sweet-natured bank employee in this area who warmed everyone’s heart by helping the elderly fill out their deposit forms. It took the bank several years to realize he had defrauded hundreds of people of many thousands of dollars. I am choosing incidents I happened to hear about in Boston, but they must happen everywhere.

Go Global—But With Care

So we should go ahead and use the Internet for commerce; we just have to act cautiously in the face of its particular dangers. I no longer believe we can handle those dangers through mathematics and protocols; probably not even through policies and treaties.

Commerce is the central concern of the European Union (though they do give a nod to education, public debate, and other non-profit concerns). And a few years ago, the leaders of the European Union realized that merely promoting the spread of technology was not enough to glean the potential benefits of online commerce. Thus, they have released several documents trying to harmonize different national laws and ensure that an individual who is wronged by a business in another country can get recompense within his own country. (The much-publicized cybercrime treaty is one brick in this edifice with particularly controversial implications.)

But can treaties and laws provide the culture that underlies trust? Laws or no laws, some countries will punish companies that do wrong things like knowingly making tires that blow out, and some countries will not. It’s not just the legislature that’s involved; one also needs a strong court system—and corporate actions can be greatly influenced by such soft factors as a press that exposes problems and a public that apportions rewards and punishments.

Many researchers and companies are doing interesting work on computerized reputation systems, which try to formalize trust. While I think the work is useful, it will not replace a real-world infrastructure that includes legislatures, courts, the press, and public opinion.

Let’s invent a country called Sleezyland where companies often ship shoddy products and provide poor customer service. Maybe the courts don’t care and the press is concerned with more pressing political matters. In another country with higher standards and a healthy, transparent public life—let’s call this country Zenofobia—a few consumers may buy products from Sleezyland, but word will eventually get around that results are poor and the trade from Zenofobia will stop.

Writing this, I am extremely conscious that I live in a country where a presidential candidate with powerful back-room connections just undermined the electoral process, and where the Supreme Court threw up its hands and essentially said, “We don’t know how to run a fair election in this country.” It will be interesting to see whether a concern for transparency and a level playing field survives in any area of American life. (Should George W. Bush ever be investigated for using fuzzy math, he will still be able to commiserate with such luminaries as Helmut Kohl, Jacques Chirac, and Benjamin Netanyahu.)

And I also know that, while we prosecute companies for making tires that blow out in the U.S., American companies can do far worse things in other countries without being reined in by the American legal system. Still, in the area of commerce I think the U.S., along with every other country, is open to scrutiny by consumers.

Until we see evidence that a reasonably secure reputation system works, we should use the same clues for online trade that we have in bricks-and-mortar trade. Branding is certainly important, and reports from friends can assure us we’re dealing with the right people. International communications can still aid the internationalization of trade, because more of us know people who live in countries all around the world. As Schneier says in his conclusion, “Trust is personal.”

Thus, if I want to know whether a company in northeastern India or Austria or South Australia has a good reputation, I now have a couple people in each of those areas I can ask. Theoretically, I could do research at online sites run within each of those areas (though my knowledge of German probably isn’t up to the task), and well-known rating sites may emerge over time to fill the public’s knowledge gap. But most of us would rather send email to someone who’s in the area that has fine tea and ask him, “From whom do you buy your tea?” We may also know people who are just as far from the site geographically as we are, but have dealt with the site and can offer personal opinions.

So perhaps the model for international commerce should not be Wal-Mart or General Motors, but the corner storefront. We’ll go abroad for certain things, but we’ll try the vendors frequented by people we know. We won’t have a global marketplace (in the sense that anybody can buy from anybody else, interchangeably) but we’ll extend our trust to particular sites on other continents. In that day, worldwide commerce will be powered by a web of trust as much as by the World Wide Web.

Andy Oram is an editor at O’Reilly Media. This article represents his views only. It was originally published in the online magazine Web Review.