SlideShare a Scribd company logo

Trust and People-Centered Cybersecurity

Steve Marsh
Steve Marsh
1 of 23
Download to read offline
Let’s have a wee chat about… Trust (and Security) Stephen Marsh stephen.marsh@uoit.ca www.stephenmarsh.ca @smarsh2008 (25 minutes to change the world? It just might work)
Why Are We Here? “… we would like to frame the discussion around a more optimistic outlook trying to imagine what cybersecurity might look like ten years down the road if technologies, norms and policies align to produce a liberal, healthy and resilient digital ecosystem …”
Steve's  First  Rule  of  Computing Computing  is  about...   and  for...   People   (that's  us)  
Points to remember This is the case now This will be the case in the future
Well, isn’t this timely “The Internet-based economy has a bright future, provided that key conditions are in place, such as trust, education, and the right policy frameworks to promote participation, innovation, trade, competition and investment.” “Innovation and economic growth will depend on various factors such as access to capital, a skilled workforce and, not least, trust of end users.” “While a peaceful cyberspace provides us with many opportunities, the potential for malicious cyber activities by State and non-state actors to create instability and mistrust in international relations is increasing.” Chair's Statement, GCCS 2015 (April 17 2015)
Not to mention “For the Internet to remain a global engine of social and economic progress, confidence must be restored. The Commission calls on the global community to build a new social compact with the goal of restoring trust and enhancing confidence in the Internet.” GCIG (ourinternet.org), April 15 2015
And Finally “… real security on the Internet can only be realised within a broader context of trust and respect of fundamental human rights and values, such as privacy” Internet Society Statement on Collaborative Security, April 2015
 internetsociety.org

What? Trust? Confidence? • Indulge me whilst I quote that bastion of left-wing thinking, The Guardian:
 
 “Trust and confidence are an odd premise on which to advance this report. Think about these traits. They are fickle and human. Hard to gain and easy to lose, they are attributes of people, acquired by lifetimes of experience and the manifold clues embedded in our social fabric. 
 But machines, entities, infrastructure and artefacts – these are not things we trust. They are things we use, tolerate or begrudgingly accept, with varied levels of reflection and knowledge.
 We don’t want our corporations and security agencies fickle and fallible. Trust and confidence take hard work, time and evidence. They must be earned. And they will be earned by obeying laws, respecting and promoting human rights, and cracking down and remedying profligate corporate and government behaviour without fear or favour.”
 (Julia Powles, April 17 2015, gu.com/p/47tjq/stw, my emphasis)
Well, I beg to differ • Trust is absolutely the right way to frame the discussion • Indeed, when all else fails, it’s all there is left • Oddly enough, it’s also quite possible for people to think about people and machines in similar ways (kudos to Reeves and Nass) • This, naturally, applies to trust too
This works both ways • People can think about trust • Devices, tools, machines, can think about trust • They can all think about what this means about each other • Moreover, we can leverage trust to make people stronger
For the record, I do not remotely subscribe to the point of view that people are the weakest link
For the record, I do not remotely subscribe to the point of view that people are the weakest link (which point of view quite happily alienates the very people we should be working with!)
Trust There are plenty of definitions, let’s think about something that works here…
 A subjective probability, of sorts (Gambetta)
 In a circumstance of ambiguity
 Where control is not always possible (Cofta)
 And therefore where there is risk (Luhmann)
Trust  –  Control  –  Security   (+  Understanding) cf. Cofta, 2007; Luhmann, 1979; (et al)
Hang on Steve, what’s this session about? “Technical Solutions to Cybersecurity Challenges”
 
 Hmm… Better get down to it then
What we do, how we think Computational Trust and its siblings Foreground Trust, Trust Enablement Device Comfort Intelligent Information 10 Commandments
Computational Trust • Marsh, 1994, etc., etc. • Formalise Trust and its siblings • regret, forgiveness, wisdom, comfort, mistrust, distrust… • To be able to • Think about it and understand it better • Better define it (and its applicability) • Apply it and use it • There are lots of trust models out there, in lots of domains
Trust Enablement and Foreground Trust • Trust Enablement… • Dwyer, 2011; Dwyer & Marsh, 2015a, 2015b; Dwyer & Marsh, 2015 (in review) • Essentially: allow people to make trusting decisions, given the facts and context • Foreground Trust (extends this!) (Marsh et al, 2012) • Focus Trust Enablement on automated help for users in context - resulting in empowerment and understanding • Leverage the Media Equation (Reeves & Nass) • Yes, blatantly use trust
Device Comfort • Marsh et al, 2010; Storer et al, 2013; Atele-Williams, 2014 • An application of Foreground Trust and an extension of Briggs' Trust Daemon • Aimed at users of mobile devices • Now being examined elsewhere also • Uses Annoying Interfaces, Relationships, Trust… • Advise, Encourage, Warn (and Proscribe)
Intelligent Information • Based on the ACORN architecture (years old now!) • Wrapping information in agents • Allow the agents (information) to use trust, etc. reasoning to determine things like • Who to share with • For how long • When • Why • Transitivity • For info sharing. Privacy...
And think about People! • The cyberspace of the future must revolve around Steve’s First Law, or it will fail to be useful or valid • Part of this involves designing for people • Which is why Privacy by Design is such a powerful concept • But the key is to create security (and trust) models and practices that help people understand and take part • So, we have some commandments we try to live by (and naturally think others should too! what are commandments for otherwise…?)
(1) Make it for people. (2) Make it understandable, not just by maths profs... (amongst which number I am not) (3) Support monitoring and intervention. (4) Do not fail silent(ly) (5) Make it configurable (6) Make it queryable (No, it isn't a word. Should be though) (7) Cater for different time priorities and outlooks (8) Allow for incompleteness. (9) Foster an ongoing relationship (10) Acknowledge risk up front.
We’re done • Consider: • There is no future for people, without people • Cyber-anything is people-oriented and trust is key • Security must be people-oriented too, and trust is key • Just because it’s hard, doesn’t make it impossible • Just because people do it, doesn’t make it weak (or indeed strong) • You can’t do it without trust

Recommended

Artificial Intelligence in InfoSec
Artificial Intelligence in InfoSecArtificial Intelligence in InfoSec
Artificial Intelligence in InfoSecChris Roberts
 
Community Disaster Incident Response
Community Disaster Incident ResponseCommunity Disaster Incident Response
Community Disaster Incident ResponseDinesh O Bareja
 
Big Data and the Future of Money 2014
Big Data and the Future of Money 2014Big Data and the Future of Money 2014
Big Data and the Future of Money 2014Daniel Austin
 
XR Ethics Manifesto (UPDATED Nov 2, 2019)
XR Ethics Manifesto (UPDATED Nov 2, 2019) XR Ethics Manifesto (UPDATED Nov 2, 2019)
XR Ethics Manifesto (UPDATED Nov 2, 2019) Kent Bye
 
Jeff RESUME 2014 v2
Jeff RESUME 2014 v2Jeff RESUME 2014 v2
Jeff RESUME 2014 v2Jeff Tanner
 
Cisco campus technology_whitpaper
Cisco campus technology_whitpaperCisco campus technology_whitpaper
Cisco campus technology_whitpapereduardohb32
 
Test
TestTest
Testlearnsystem3
 
Katie
KatieKatie
KatieTurnhout
 

Recommended

Artificial Intelligence in InfoSec
Artificial Intelligence in InfoSecArtificial Intelligence in InfoSec
Artificial Intelligence in InfoSecChris Roberts
 
Community Disaster Incident Response
Community Disaster Incident ResponseCommunity Disaster Incident Response
Community Disaster Incident ResponseDinesh O Bareja
 
Big Data and the Future of Money 2014
Big Data and the Future of Money 2014Big Data and the Future of Money 2014
Big Data and the Future of Money 2014Daniel Austin
 
XR Ethics Manifesto (UPDATED Nov 2, 2019)
XR Ethics Manifesto (UPDATED Nov 2, 2019) XR Ethics Manifesto (UPDATED Nov 2, 2019)
XR Ethics Manifesto (UPDATED Nov 2, 2019) Kent Bye
 
Jeff RESUME 2014 v2
Jeff RESUME 2014 v2Jeff RESUME 2014 v2
Jeff RESUME 2014 v2Jeff Tanner
 
Cisco campus technology_whitpaper
Cisco campus technology_whitpaperCisco campus technology_whitpaper
Cisco campus technology_whitpapereduardohb32
 
Test
TestTest
Testlearnsystem3
 
Katie
KatieKatie
KatieTurnhout
 
Rodriguez l regulación del trabajo ctera_dictadura
Rodriguez l regulación del trabajo ctera_dictaduraRodriguez l regulación del trabajo ctera_dictadura
Rodriguez l regulación del trabajo ctera_dictadurapuntodocente
 
Adoption
AdoptionAdoption
AdoptionJames Pharr
 
cesar villarroel
cesar villarroel cesar villarroel
cesar villarroel cesarvillarroelgonzalez
 
Capacitación comscore
Capacitación comscoreCapacitación comscore
Capacitación comscoreMediaFem
 
Mapa conceptual características de la informatica
Mapa conceptual características de la informaticaMapa conceptual características de la informatica
Mapa conceptual características de la informaticaAniseAldana
 
Part of a plant
Part of a plantPart of a plant
Part of a plantwolcsyvonnec
 
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...Tim Bruysten
 
Partidos políticos y democracia
Partidos políticos y democraciaPartidos políticos y democracia
Partidos políticos y democraciaSuxyer
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Aral Balkan - The Universal Declaration of Cyborg Rights
Aral Balkan - The Universal Declaration of Cyborg RightsAral Balkan - The Universal Declaration of Cyborg Rights
Aral Balkan - The Universal Declaration of Cyborg RightsUX Lausanne
 
Short Essay On Spirit Of Success
Short Essay On Spirit Of SuccessShort Essay On Spirit Of Success
Short Essay On Spirit Of SuccessAndrea Warner
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella ConsultingTessella
 
Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Psychology of Risk Conference - Presentation by Robert Sams - March 2015Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Psychology of Risk Conference - Presentation by Robert Sams - March 2015Robert Sams
 
The other world of it
The other world of itThe other world of it
The other world of itFing
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdfDuongNguyenNgoc10
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
The Social Network of Things
The Social Network of ThingsThe Social Network of Things
The Social Network of ThingsSrinivas Koushik
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxDiscussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxduketjoy27252
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxDiscussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxedgar6wallace88877
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustnois3
 
Data Economy: Lessons learned and the Road ahead!
Data Economy: Lessons learned and the Road ahead!Data Economy: Lessons learned and the Road ahead!
Data Economy: Lessons learned and the Road ahead!Ahmet Bulut
 

More Related Content

Viewers also liked

Rodriguez l regulación del trabajo ctera_dictadura
Rodriguez l regulación del trabajo ctera_dictaduraRodriguez l regulación del trabajo ctera_dictadura
Rodriguez l regulación del trabajo ctera_dictadurapuntodocente
 
Capacitación comscore
Capacitación comscoreCapacitación comscore
Capacitación comscoreMediaFem
 
Mapa conceptual características de la informatica
Mapa conceptual características de la informaticaMapa conceptual características de la informatica
Mapa conceptual características de la informaticaAniseAldana
 
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...Tim Bruysten
 
Partidos políticos y democracia
Partidos políticos y democraciaPartidos políticos y democracia
Partidos políticos y democraciaSuxyer
 

Viewers also liked (8)

Rodriguez l regulación del trabajo ctera_dictadura
Rodriguez l regulación del trabajo ctera_dictaduraRodriguez l regulación del trabajo ctera_dictadura
Rodriguez l regulación del trabajo ctera_dictadura
 
Adoption
AdoptionAdoption
Adoption
 
cesar villarroel
cesar villarroel cesar villarroel
cesar villarroel
 
Capacitación comscore
Capacitación comscoreCapacitación comscore
Capacitación comscore
 
Mapa conceptual características de la informatica
Mapa conceptual características de la informaticaMapa conceptual características de la informatica
Mapa conceptual características de la informatica
 
Part of a plant
Part of a plantPart of a plant
Part of a plant
 
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
E-Trends & Future-Technologies. Herausforderungen (für Verlage) in einer digi...
 
Partidos políticos y democracia
Partidos políticos y democraciaPartidos políticos y democracia
Partidos políticos y democracia
 

Similar to Trust and People-Centered Cybersecurity

Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Aral Balkan - The Universal Declaration of Cyborg Rights
Aral Balkan - The Universal Declaration of Cyborg RightsAral Balkan - The Universal Declaration of Cyborg Rights
Aral Balkan - The Universal Declaration of Cyborg RightsUX Lausanne
 
Short Essay On Spirit Of Success
Short Essay On Spirit Of SuccessShort Essay On Spirit Of Success
Short Essay On Spirit Of SuccessAndrea Warner
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella ConsultingTessella
 
Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Psychology of Risk Conference - Presentation by Robert Sams - March 2015Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Psychology of Risk Conference - Presentation by Robert Sams - March 2015Robert Sams
 
The other world of it
The other world of itThe other world of it
The other world of itFing
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdfDuongNguyenNgoc10
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
The Social Network of Things
The Social Network of ThingsThe Social Network of Things
The Social Network of ThingsSrinivas Koushik
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxDiscussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxduketjoy27252
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxDiscussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxedgar6wallace88877
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustnois3
 
Data Economy: Lessons learned and the Road ahead!
Data Economy: Lessons learned and the Road ahead!Data Economy: Lessons learned and the Road ahead!
Data Economy: Lessons learned and the Road ahead!Ahmet Bulut
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialWill Gallego
 
UU innovation masters november 2010
UU innovation masters november 2010UU innovation masters november 2010
UU innovation masters november 2010Tim Willoughby
 
Trust building in virtual teams
Trust building in virtual teamsTrust building in virtual teams
Trust building in virtual teamsOsku Torro
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyTimothy Holborn
 
Therainforestgsh280412 120615043444-phpapp01
Therainforestgsh280412 120615043444-phpapp01Therainforestgsh280412 120615043444-phpapp01
Therainforestgsh280412 120615043444-phpapp01Territorial Prealpe
 
Building Trust in Artificial Intelligence
Building Trust in Artificial IntelligenceBuilding Trust in Artificial Intelligence
Building Trust in Artificial Intelligencemahaveermalhi1
 

Similar to Trust and People-Centered Cybersecurity (20)

Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
Aral Balkan - The Universal Declaration of Cyborg Rights
Aral Balkan - The Universal Declaration of Cyborg RightsAral Balkan - The Universal Declaration of Cyborg Rights
Aral Balkan - The Universal Declaration of Cyborg Rights
 
Short Essay On Spirit Of Success
Short Essay On Spirit Of SuccessShort Essay On Spirit Of Success
Short Essay On Spirit Of Success
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella Consulting
 
Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Psychology of Risk Conference - Presentation by Robert Sams - March 2015Psychology of Risk Conference - Presentation by Robert Sams - March 2015
Psychology of Risk Conference - Presentation by Robert Sams - March 2015
 
The other world of it
The other world of itThe other world of it
The other world of it
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdf
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication Skills
 
The Social Network of Things
The Social Network of ThingsThe Social Network of Things
The Social Network of Things
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxDiscussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docx
 
Discussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docxDiscussion Question 1 The Emergency Medical Treatment and Active .docx
Discussion Question 1 The Emergency Medical Treatment and Active .docx
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trust
 
Data Economy: Lessons learned and the Road ahead!
Data Economy: Lessons learned and the Road ahead!Data Economy: Lessons learned and the Road ahead!
Data Economy: Lessons learned and the Road ahead!
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
 
UU innovation masters november 2010
UU innovation masters november 2010UU innovation masters november 2010
UU innovation masters november 2010
 
Trust building in virtual teams
Trust building in virtual teamsTrust building in virtual teams
Trust building in virtual teams
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
 
Therainforestgsh280412 120615043444-phpapp01
Therainforestgsh280412 120615043444-phpapp01Therainforestgsh280412 120615043444-phpapp01
Therainforestgsh280412 120615043444-phpapp01
 
Building Trust in Artificial Intelligence
Building Trust in Artificial IntelligenceBuilding Trust in Artificial Intelligence
Building Trust in Artificial Intelligence
 

Trust and People-Centered Cybersecurity

  • 1. Let’s have a wee chat about… Trust (and Security) Stephen Marsh stephen.marsh@uoit.ca www.stephenmarsh.ca @smarsh2008 (25 minutes to change the world? It just might work)
  • 2. Why Are We Here? “… we would like to frame the discussion around a more optimistic outlook trying to imagine what cybersecurity might look like ten years down the road if technologies, norms and policies align to produce a liberal, healthy and resilient digital ecosystem …”
  • 3. Steve's  First  Rule  of  Computing Computing  is  about...   and  for...   People   (that's  us)  
  • 4. Points to remember This is the case now This will be the case in the future
  • 5. Well, isn’t this timely “The Internet-based economy has a bright future, provided that key conditions are in place, such as trust, education, and the right policy frameworks to promote participation, innovation, trade, competition and investment.” “Innovation and economic growth will depend on various factors such as access to capital, a skilled workforce and, not least, trust of end users.” “While a peaceful cyberspace provides us with many opportunities, the potential for malicious cyber activities by State and non-state actors to create instability and mistrust in international relations is increasing.” Chair's Statement, GCCS 2015 (April 17 2015)
  • 6. Not to mention “For the Internet to remain a global engine of social and economic progress, confidence must be restored. The Commission calls on the global community to build a new social compact with the goal of restoring trust and enhancing confidence in the Internet.” GCIG (ourinternet.org), April 15 2015
  • 7. And Finally “… real security on the Internet can only be realised within a broader context of trust and respect of fundamental human rights and values, such as privacy” Internet Society Statement on Collaborative Security, April 2015
 internetsociety.org

  • 8. What? Trust? Confidence? • Indulge me whilst I quote that bastion of left-wing thinking, The Guardian:
 
 “Trust and confidence are an odd premise on which to advance this report. Think about these traits. They are fickle and human. Hard to gain and easy to lose, they are attributes of people, acquired by lifetimes of experience and the manifold clues embedded in our social fabric. 
 But machines, entities, infrastructure and artefacts – these are not things we trust. They are things we use, tolerate or begrudgingly accept, with varied levels of reflection and knowledge.
 We don’t want our corporations and security agencies fickle and fallible. Trust and confidence take hard work, time and evidence. They must be earned. And they will be earned by obeying laws, respecting and promoting human rights, and cracking down and remedying profligate corporate and government behaviour without fear or favour.”
 (Julia Powles, April 17 2015, gu.com/p/47tjq/stw, my emphasis)
  • 9. Well, I beg to differ • Trust is absolutely the right way to frame the discussion • Indeed, when all else fails, it’s all there is left • Oddly enough, it’s also quite possible for people to think about people and machines in similar ways (kudos to Reeves and Nass) • This, naturally, applies to trust too
  • 10. This works both ways • People can think about trust • Devices, tools, machines, can think about trust • They can all think about what this means about each other • Moreover, we can leverage trust to make people stronger
  • 11. For the record, I do not remotely subscribe to the point of view that people are the weakest link
  • 12. For the record, I do not remotely subscribe to the point of view that people are the weakest link (which point of view quite happily alienates the very people we should be working with!)
  • 13. Trust There are plenty of definitions, let’s think about something that works here…
 A subjective probability, of sorts (Gambetta)
 In a circumstance of ambiguity
 Where control is not always possible (Cofta)
 And therefore where there is risk (Luhmann)
  • 14. Trust  –  Control  –  Security   (+  Understanding) cf. Cofta, 2007; Luhmann, 1979; (et al)
  • 15. Hang on Steve, what’s this session about? “Technical Solutions to Cybersecurity Challenges”
 
 Hmm… Better get down to it then
  • 16. What we do, how we think Computational Trust and its siblings Foreground Trust, Trust Enablement Device Comfort Intelligent Information 10 Commandments
  • 17. Computational Trust • Marsh, 1994, etc., etc. • Formalise Trust and its siblings • regret, forgiveness, wisdom, comfort, mistrust, distrust… • To be able to • Think about it and understand it better • Better define it (and its applicability) • Apply it and use it • There are lots of trust models out there, in lots of domains
  • 18. Trust Enablement and Foreground Trust • Trust Enablement… • Dwyer, 2011; Dwyer & Marsh, 2015a, 2015b; Dwyer & Marsh, 2015 (in review) • Essentially: allow people to make trusting decisions, given the facts and context • Foreground Trust (extends this!) (Marsh et al, 2012) • Focus Trust Enablement on automated help for users in context - resulting in empowerment and understanding • Leverage the Media Equation (Reeves & Nass) • Yes, blatantly use trust
  • 19. Device Comfort • Marsh et al, 2010; Storer et al, 2013; Atele-Williams, 2014 • An application of Foreground Trust and an extension of Briggs' Trust Daemon • Aimed at users of mobile devices • Now being examined elsewhere also • Uses Annoying Interfaces, Relationships, Trust… • Advise, Encourage, Warn (and Proscribe)
  • 20. Intelligent Information • Based on the ACORN architecture (years old now!) • Wrapping information in agents • Allow the agents (information) to use trust, etc. reasoning to determine things like • Who to share with • For how long • When • Why • Transitivity • For info sharing. Privacy...
  • 21. And think about People! • The cyberspace of the future must revolve around Steve’s First Law, or it will fail to be useful or valid • Part of this involves designing for people • Which is why Privacy by Design is such a powerful concept • But the key is to create security (and trust) models and practices that help people understand and take part • So, we have some commandments we try to live by (and naturally think others should too! what are commandments for otherwise…?)
  • 22. (1) Make it for people. (2) Make it understandable, not just by maths profs... (amongst which number I am not) (3) Support monitoring and intervention. (4) Do not fail silent(ly) (5) Make it configurable (6) Make it queryable (No, it isn't a word. Should be though) (7) Cater for different time priorities and outlooks (8) Allow for incompleteness. (9) Foster an ongoing relationship (10) Acknowledge risk up front.
  • 23. We’re done • Consider: • There is no future for people, without people • Cyber-anything is people-oriented and trust is key • Security must be people-oriented too, and trust is key • Just because it’s hard, doesn’t make it impossible • Just because people do it, doesn’t make it weak (or indeed strong) • You can’t do it without trust