Trust in Computer Systems and the Cloud. Mike Bursell
Читать онлайн книгу.
that it becomes more valuable to keep to it than to diverge from it.
Fiscal Power The power of central banks, even when not fully controlled by a government, allows them significant control over fiscal matters domestically and sometimes internationally.
Cultural Power Latterly, the position of the BBC (British Broadcasting Company) within Great Britain, the British Empire, and later the British Commonwealth was such that it wielded considerable cultural power, allowing, even in the 1980s, the rise of the Acorn BBC microcomputer as a significant computing platform in the UK.
Utility Power A particular organisation has sufficient effective control over a utility, tool, or device that they gain significant power, such as Google's power to promote companies in search results or Facebook's ability to influence what news we see.
Perhaps the most important example of an endorsing authority in our context is that of certificate authorities. As the Internet grew and the World Wide Web exploded in popularity in the mid-1990s, it became clear that there was a need to be able to identify the computer system—typically the web server—to which you were connecting. More accurately, there was a need to tie the identity of the entity—person or organisation—owning or operating that computer to that computer and the information it was providing. The invention of public-key cryptography and associated public-key infrastructure (PKI) based on asymmetric cryptography offered a way to do this, and a number of companies started offering a service by which they cryptographically signed certificates that could be requested by companies and then hosted on computers to prove their ownership: these companies became known as certificate authorities (CAs). They checked the identity of the requesting party and their ownership of the computer system (or associated DNS record), issued a certificate, and made legal representations around the service they were providing.
The complexity and importance of the trust relationships to CAs and public-key cryptography within our day-to-day interactions with computing systems should not be underestimated, and we will be undertaking a deep analysis of the issue later in the book. The relevant point here is that CAs became endorsing authorities through the identification of a need, the development of clearly defined processes, and the application of legal frameworks to support the services offered, which led to a new type of endorsing authority. The particular authority that they were endorsing was a series of cryptographic root certificates to which other certificates could be linked, leading to a chain of trust. These root certificates have come to be known as trust anchors, creating a concept that we will adopt and expand as we look beyond just PKI and into trust more generally.
While this shift to an expert-led, rationality-based, authority-endorsed approach to trust has been largely successful, particularly in the fields of science and technology, it is not without its detractors. Whether it is the doubt cast on the radical logical positivism that was proposed in the 1920s to the more recent populist antiscience movement, there has been a growing reaction against the authority of science and expert knowledge to what is becoming, in certain circles, a more post-expert world. The results of this move are concerning to many and have led to such extremes as:
The anti-vaccination (anti-vaxxers) movement
The leading British politician Michael Gove refusing to name any economists who supported his “pro-Brexit” stance and saying that “people in this country have had enough of experts”30
Holocaust deniers
A move by some to deny the validity of the scientific consensus on climate change31 Exactly what has brought this antiscience movement about—and how to try to reverse it—is the subject of much debate, but this is not a new concern. In the 1990s, for instance, Steven Nock suggested that the change in who and what people trust could be traced to young people moving away from larger family units, arguing that an increase in privacy leads to a reduction in sufficient social relationships to allow trust to build up.32 This change away from trusting established authorities has not all been bad nor all based on the rejection of qualified experts, however. Some of the foundations on which Western civilisation has long been considered to be based have come under prolonged and justified fire. The most obvious example of such an attack would be that of feminism on the patriarchal Establishment, with multiple waves of action and theoretical underpinnings (such as those put forward by Julia Kristeva and Luce Irigaray), but colonialism, racism, and many other long-held assumptions around authority have also come under scrutiny. Philosophical and literary critical theories such as post-structuralism and the deconstructionism espoused by Jacques Derrida have provided approaches that allow for the criticism of established authorities without a free-for-all rejection of their values and underpinnings (an example being the hermeneutics of suspicion).
Some of these approaches have led to developments that are important and relevant to our field of study, the most obvious being interest in using blockchains as the basis of crypto-currencies, providing an alternative to fiat currencies and research into self-sovereign identity (SSI). This approach rejects state, national, regional, or commercial organisations as the appropriate repositories for, and owners of, personal information held about individuals, such as their health or financial data, and seeks to provide means to allow the individuals to control this data and how it is collected, used, and changed. The mechanics of handling different types of data and its various usages are still under debate, and the trust issues also are still being studied. Other movements that we could associate with these approaches include the copyleft movement, which attempts to undermine the controls put in place to support copyright, and the open source movement,33 a subject of discussion later in the book.
To return to the more general anti-authority, pro-individualist movement, the problem with trusting only in oneself is that it makes it almost impossible to build systems and processes involving other people in ways that allow for any useful cooperation or economies of scale or scope. Authorities of some type do end up being important to our larger set of requirements, and even movements that aim to reduce the number of trust relationships to as few as possible generally recognise the need for authorities in some guise or another. A good example of this is oracles, a concept within the field of blockchain that accepts the need to trust information from certain sources. Equally, standards—whether formal or de facto—are typically vital in allowing individual entities to work together, two classic historical examples being the regularisation of time across the United Kingdom with the rise of the railway and the standardisation of the systems of measurement that allowed government, commerce, and science to collaborate with less friction and confusion (the canonical example of this within the science community is the loss of a Mars Rover in 1999, due to a lack of standardisation on a particular measurement—metric or imperial units34—but the problem has been around for much longer than this35). We can expect that as we delve deeper into considerations of trust, we will need to consider what authorities we need to establish a trust relationship with, and the question of endorsement: one of the most troubling concerns around existing discussions of trust is how often such relationships are created with little or no consideration, and sometimes just assumed, leaving implicit relationships that, as they are not stated, cannot be critically examined.
Trusting Individuals
Having spent some time considering the questions associated with trusting institutions of various types, we need to look at issues around trusting individuals. In what may seem like a strange move, we are going to start by asking whether we can even trust ourselves.
Trusting Ourselves