Shauna's Blog

Trust is also hard

Originally at http://www.shaunagm.net/blog/2014/10/trust-is-also-hard/

Building on my post about verification a few months ago, I want to talk about quantifying trust.  As full verification of all knowledge by a single individual is as impossible as drinking the sea, we are faced with two options: paranoia or trust.

Last year my friend Madeleine tried to persuade me that learning about gene patenting was important.  I agreed that gene patenting was important, but told her, “I don’t have time to learn about it and besides, I trust you. Whatever you tell me about gene patenting I will believe.”  I have said similar things to friends about a variety of topics, and I engage in a similar calculus when I trust a blog’s critique of a journal article or friend’s explanation of how a program on my computer works.  I could verify any given claim, but it would take days, weeks, months or even years that I don’t want to spend.  So I trust.

There have already been many efforts to quantify trust.  In a way, Google does this: page rank measures not just which websites are popular, but which are popular among popular websites.  One can view that as “trusting” the popular pages.  Less abstractly, sites like Yelp, Amazon, AirBnB, and many more monetize trust by making digestible our collective opinions of goods and services.  Some of these sites, like Yelp, have a social networking aspect, highlighting reviews from friends.  All of the sites allow some type of verification, in the form of reading reviews.  It’s not surprising to me that most efforts towards quantifying trust online are commercial - I would expect nothing less from our hypercapitalist culture - but it does lead to some ironies.  Thus TrustCloud, “a real time curated global positive reputation data service”, boasts that “our proprietary algorithms look for behaviors like responsiveness, consistency and longevity in online behavior”.  By keeping their methods proprietary they are, of course, saying “trust us”.

If commercial efforts towards quantifying trust are hamstrung by the assumed need for secrecy, what about non-commercial efforts?  There are many examples of implicit trust networks facilitating non-commercial projects.  The efforts of Debian Developers and Cochrane Collaborators spring to mind.  And yet, as I said, this trust is implicit and therefore difficult to leverage. We believe, holistically, that a Cochrane review is reliable and we can verify, with much effort, that a review has been done rigorously, but there is no automatized way for us to share that verification with others nor to build up a track record of whose work is consistently verified.  Unsurprisingly, the Debian community automates and quantifies a great deal more than Cochrane. Debian, a free software operating system, relies on individuals to manage sub-parts of the project, known as packages.  A number of statistics about these packages are compiled, including how often they’re used, how many predictable errors and warnings they provoke, and the number of reported bugs over the package’s lifetime.  But it’s not clear how these tools compare with implicit social trust networks in the success - or even continued functioning - of the project.

If a non-commercial project (or creatively and transparently commercial project) were to quantify trust, what would that look like?  I’d argue that it would have the following characteristics:

  • The methodology would be entirely transparent, even if some or all of the data being processed was kept private.
  • Such a system would facilitate verification to the fullest extent possible, while utilizing partial and incomplete verification.
  • This system would also enable snap judgments, distilling a multi-faceted trust network down to a single number or rating. Users could then choose what amount of engagement, from “snap judgment” to “full verification”, they care to perform.
  • It would follow the lead of social networking sites and recognize personal connections as a key source of trust.
  • It would allow individuals to disclose self-distrust by incorporating measures of confidence in their own statements, claims, verification processes, etc.

That’s just a first stab.  Already I can see problems, the most obvious being how terribly sad I would feel if I had a low trust score.  I will continue reading and thinking so that I can refine these ideas in a future blog post.

Thanks to Daf for answering some questions about Debian.