Without trust, innovation stalls

Without trust, innovation stalls

Summary: From EU to US, ever more frequent cries are going out for restoration of trust.


Trust. It's gone missing.

Privacy is getting all the attention and headlines. But trust is the foundation that privacy, and so much of the virtual world, stands on.

Brennan believes the Internet can't evolve much further without improved trust.

In terms of identity, argue about passwords, tokens, fingerprints, iris, heart beats, brain waves or whatever authentication method your Tarot Cards call for, but without trust it all falls apart.

Why is trust a big deal? For one, the inherent benefits of global connectivity, including secure universal access controls, can't be realized without it.

"It's possible that we never really have had 'trust' yet, but we're starting to understand what trust can and should look like and how to move the ball incrementally to that space," said Joni Brennan, executive director of the Kantara Initiative, a group that helps develop and accredit Trust Frameworks.

"We certainly now see what trust does not look like," she said. Brennan believes the Internet can't evolve much further without improved trust.

Given recent events, evolution may be out of gas.

Last week, European Commission vice-president Neelie Kroes, told the audience at the CeBit tech fair in Hanover, Germany, that "trust can never again be taken for granted." She added that no less than the future of the Internet is based on it.

Also, NSA whistleblower Edward Snowden appeared virtually at the South by Southwest conference and presented the audience with more questions they should ask themselves about entrusting their personal data to third-parties, namely U.S. cloud providers.

Last month, RSA Security CEO Art Coviello stood up in front of thousands of people at the company's security conference seeking to reclaim trust amid accusations of an RSA backdoor-deal with the NSA.

The advertised keynote topic that he abandoned ironically centered on the redefined role of identity, but that had become a moot point. It was the second time in three years Coviello had used the stage in an attempt to regain trust (the first being the SecureID hack).

At the same conference, new FBI director James Comey told the crowd what is no longer the obvious; that the FBI cares about security and civil liberties. His tone was more an admission that the agency understands it is swimming upstream in the modern current of eroding trust.

Trust is the first thing we cling to out of the womb, and it is a basic truth in any lasting connections. And it runs through all levels of the real and digital world.

Access controls that are used across domains can't be effective without trust. In fact, the complexity and liabilities inherent in such trust within the virtual world has been one of the gating factors in the scalability of federating identity credentials across security boundaries.

In today's climate, questions of trust are even more difficult for enterprises as they contemplate accepting access credentials - either for users or for APIs - from a multitude of providers outside their control and their firewalls.

Gartner analyst Gregg Kreizman predicted this week that by 2020 60% of all digital identities interacting with enterprises would come from an external provider. That's a small window for improving trust among a large collection of players.

Forrester analyst Eve Maler argues privacy encompasses context, control, choice and respect. Kantara's Brennan says those terms also frame trust and that users, businesses and governments should work within those parameters.

"If industry can focus in that space than everyone stands to gain as these lacking qualities seem to be integral to establishing trust - in both the digital and real world," said Brennan. "That's a starting visualization to meet on a reasonable playing field for all."

Are trust issues causing your company to alter IT decisions or strategy? Or is this turbulence just the normal course of an evolving digital world? What is trust?

Related coverage:


Topics: Security, Networking, Privacy


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What??

    Trust started eroding the minute companies like Google, Yahoo, and others started gathering all our personal information to target us with adds and selling our info to 3d parties. I don't want them to have my info, sell my info, and I surely don't want their targeted adds claiming they are doing us a favor. You can't get away from the info stealing if you visit even on site. I think this subject is even more scary than the NSA.
    • You took the words right outta my mouth

      Frankly, I trust the NSA and FBI, CIA, all the alphabet soup of the government. I know how hard those guys work. They are people, citizens just like us, and they don't want to violate the public trust. They have THANKLESS JOBS and must be extraordinarily patriotic to stay in service. It's not a sinecure, anymore.

      But Google, MSFT, Yahoo, and the rest of them, I don't trust at all; not, because I'm worried what they will do with my data; but because their programming has gone from bad to worse, especially over the last 18 months. It's like they've all gone nuts in top management. If they are SO THOUGHTLESS AND HITLERIAN in their designs of things they sell us, then there are going to be serious data losses and leaks of all kinds.

      I just bought a Win7 machine, fresh from Dell. Plugged it in and guess what -- there were 111 security updates needed. THAT many? So tell me again why XP isn't safer?

      Google creates a different problem: everything you do must be broadcast across all its products. Now, I can't even download my gmail when setting up a new account on Outlook, but oh my: anyone in Google Plus can add me to his list, and even email me, without knowing my email address? This is sick. Very sick. Not to mention, you can't even operate in Youtube anymore. That place is dead now, all because of the forced changes in Google Plus.

      Yahoo, same problem. I suddenly can't create an MS Office Outlook account on Windows 7, but my XP Outlook Express is working just fine. Was on hold for over 40 minutes before getting a live person at Yahoo, and then suddenly the line goes dead, and he didn't call me back. I have a paid domain with them (brainout.net). It's only on esoteric Bible stuff (like how you prove original authorship of Bible via its Hebrew or Greek METER, which no one on earth but me knows about right now, I discovered it by mistake).. but what if it were a BUSINESS?

      So the threat is way bigger with these commercial enterprises, than with the Government.
  • Trust and Ethics

    What is missing is a trustworthy person or organization is fundamentally ethical. A lack of sound ethics means ultimately the person or organization statements can not be trusted. If there is an situation requiring an ethical decision they are not likely to make the ethical choice.

    The antics of the NSA, FBI, etc with their spying programs has show these agencies do not have an ethical core. Thus, they can not be trusted to make an ethical decision.
  • what a laughingstock

    Most people voluntarily proffer all their private data to so called "social network" ... despite better knowledge. But even when shunning that fad a simple account at Amazon is fairly telltale to your income and lifestyle. You might resort to a "cash only" purchasing strategy just to come across as a person exhibiting highly suspicious behavioral pattern. It's a quandary.

    From that I conclude that actually apart from a minuscule minority hardly anybody cares about her data. Come to terms with the fact that in a modern society partly because of convenience and partly because of security reasons "privacy" is a property/state that no longer exists.
  • The big difference

    is that Google, Microsoft, Yahoo, Apple, Amazon, and all the rest cannot send a SWAT team to your house and haul you off to the Gulag, such as the government and its agencies are able to do. I don't mind getting advertisements based on what I like and use, but getting put on the no-fly list based on comments on Facebook is something only the government is able to do.