BigHook2014: Trust

September 8-10, Woods Hole, Massachusetts

Whereas the overall theme for BigHook, since its inception, has been, "leaving the best network possible to our grandchildren," the annual theme for BigHook2014 is trust.

The concept of trust has at least three clusters of referents:

• Systems trust: trusted systems, trusted connections, trusted networks, etc.
• Social trust: trusted people and organizations
• Financial/Legal trust: trust entities that have business interests or financial/fiduciary duties

Ed Gerck, considering primarily systems trust, wrote in 1998,

[Trust] is recognized by  many to be cardinal to information security, security policies, accountability, reliability, corporate management  models,  business relationships,  interpersonal relationships,  etc.  However ... what is trust? What are the conditions under which trust exists, its truth conditions? What does it denote, what are its truth-values? Still today, there are no satisfactory answers, no consensus and no well-defined models.

Gerck's definition of trust is surprisingly simple:

"trust is that which is essential to a communication channel but cannot be transferred from a source to a destination using that channel"

Is this definition adequate? Does it mean that trust is equivalent to the communications protocol itself?

L. Jean Camp, in an essay (2003) that attempts to comprehend both social and systems trust, writes:

Experts focus on the considerable technological challenges of securing networks, building trust mechanisms, and devising security policies. Although these efforts are essential, that trust and security would be even better served if designs more systematically addressed the (sometimes irrational) people and institutions served by networked information systems. In order to address human concepts of trust, privacy must be a consideration and not an enemy or afterthought of the implementation.

[. . . ]

Design for trust requires examining all assumptions about a system and the user of the system. Sometimes those assumptions are based on class (e.g., the user has a credit card). Sometimes those assumptions are based on the capacities of the human (e.g., the user must select a large number of context-free random passwords). Sometimes the assumptions are necessary to enable a functioning design. Design for trust requires enumerating the social assumptions and examining how those assumptions can function to put some user of the system at risk. In order to understand and design trust systems, acknowledgement of the social and human elements are required.

Bruce Schneier primarily addresses social trust:

" . . . there are many different definitions of trust floating around. The trust I am writing about isn't personal, it's societal. By my definition, when we trust a person, an institution, or a system, we trust they will behave as we expect them to. It's more consistency or predictability than intimacy. And if you think about it, this is exactly the sort of trust our complex society runs on. I trust airline pilots, hotel clerks, ATMs, restaurant kitchens, and the company that built the computer I'm writing these answers on."

Bruce goes on:

Cooperating--or acting in a trustworthy manner--sometimes means putting group interest ahead of individual interest. Defecting means acting in one's self-interest as opposed to the group interest. To put it in concrete terms: we are collectively better off if no one steals, but I am individually better off if I steal other people's stuff. But if everyone did that, society would collapse. So we need societal pressures to induce cooperation--to prevent people from stealing.

There are two basic types of defectors. In this example, the first are people who know stealing is wrong, but steal anyway. The second are people who believe that, in some circumstances, stealing is right. Think of Robin Hood, who stole from the rich and gave to the poor. Or Jean Valjean from Les Miserables, who stole to feed his starving family . . . When society is in the wrong, it's defectors who are in the vanguard for change. So it was defectors who helped escaped slaves in the antebellum American South. It's defectors who are agitating to overthrow repressive regimes in the Middle East. And it's defectors who are fueling the Occupy Wall Street movement. Without defectors, society stagnates.

Ben Gaucherin contributes the below (8Sep14):

L Jean Camp paper on Net Trust
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=707139

There is also an interesting YouTube video of a talk Jean gave at Purdue a few years ago
https://www.youtube.com/watch?v=KjvpdO9kR3A

And on the technical side of things. Ken Thompson's Reflections on Trusting Trust speech. Most of the moral really bothers me, but the underlying point is interesting "You can't trust code that you did not totally create yourself. ":
http://cm.bell-labs.com/who/ken/trust.html

Jon Lebkowsky contributes the below (8Sep14):

Interview with Bruce Schneier, discussing Liars & Outliers:
http://www.well.com/conf/inkwell.vue/topics/452/Bruce-Schneier-Liars-and-Outlier-page01.html

In the interview, he refers to this summary of his book:
http://whatever.scalzi.com/2012/02/16/the-big-idea-bruce-schneier/

[Under construction as of 31 Aug 2014. More soon . . . ]

Reminder: the theme is not designed to constrain the conversation. Anything related to the network we want to leave to our grandchildren is fair game. The theme is simply to give the discussion a central tendency.

Agenda

Monday, September 8

Noon to 1:30 PM: Check in, lunch, swimming, meet fellow participants
1:30 to 3:30 PM: Session 1a: Extended Personal Introductions
3:30 to 4:00 PM: Break
4:00 to 5:30 PM, Session 1b: More Intros
5:30 to 8:00 PM: Dinner
8:00 to 10:00 PM (or so), Session 2: Spectacular Musical Event plus advance screening of the mostly-complete movie "A Good American," a documentary about Bill Binney and the NSA.
After that: whatever

Tuesday, September 9

7:00 to 8:30 AM: Breakfast
8:30 to 10:00 AM, Session 3a: Discussion
10:00 to 10:30: Break
10:30 AM to Noon, Session 3b: More Discussion
Noon to 2:00 PM: Lunch, swimming
2:00 to 3:30 PM, Session 4a: Yet more discussion
3:30 to 4:00 PM: Break
4:00 to 5:30, Session 4b: More discussion
5:30 to 8:00 PM: Dinner
8:00 to 9:30 PM, Session 5: Spectacular music and a fascinating talk.
9:30 to Whenever: Whatever