Securing trust online: Wisdom or oxymoron?

Boston University Law Review

Volumn 81, Issue 3, 2001, Pages 635-664

  Nissenbaum, Helen ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

EID: 0035637350     PISSN: 00068047     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (104)

1. This paper is an outgrowth of a collaborative project with Edward Felten and Batya Friedman, and owes much to them. The work was supported by grants from the National Science Foundation, SBR-9729447 and SBR-9806234. I am enormously grateful to colleagues for probing questions and suggestions: Tamar Frankel, Jeroen van den Hoven, Rob Kling, and Mark Poster; for editorial and research assistance: Beth Kolko, Helen Moffett, Michael Cohen, and Hyeseung Song, Sayumi Takahashi, and Robert Young. Earlier versions of the paper were presented at: Computer Ethics: Philosophical Enquiry 2000, New York University School of Law: Conference on A Free Information Ecology, and Boston University School of Law: Conference on Trust Relationships.
2. See, e.g., COMMISSION ON INFO. SYS. TRUSTWORTHINESS, NATIONAL RESEARCH COUNCIL, TRUST IN CYBERSPACE 1 (Fred B. Schneider, ed. 1999) (hereinafter TRUST IN CYBERSPACE) ("The widespread interconnection of networked information systems allows outages and disruptions to spread from one system to others; it enables attacks to be waged anonymously and from a safe distance . . . .")
3. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
4. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
5. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
6. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
7. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
8. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
9. See, e.g., James P. Backhouse, Security: The Achilles Heel of Electronic Commerce, 35 SOC'Y 28, 28 (1998) (discussing security issues in e-commerce); Donna L. Hoffman et al., Building Consumer Trust Online, COMM. OF THE ACM Apr. 1999, at 80, 80 (addressing the trust issues between consumers and businesses in e-commerce); Robert Moskowitz, Ask Yourself: In Whom Can You Really Trust?, NETWORK COMPUTING 1, ¶ 1 (Jun. 15 1998) 〈http://www.networkcomputing.com/911/911colmoskowitz.html〉 (discussing the doubts that plague e-commerce); Pauline Ratnasingham, Implicit Trust Levels in EDI Security, 2 J. INTERNET SECURITY, 1, ¶ 1 (1999) 〈http://www.addsecure.net/jisec/1999-02.htm〉 (arguing that trust is an "important antecedent" for successful business relationships); Karl Salnoske, Building Trust in Electronic Commerce, 100 BUSINESS CREDIT 24, 24 (Jan. 1998) 〈http://www.nacm.org/bcmag/bcarchives/1998/articlesl998/jan/jan98art2. html〉 (commenting that both businesses and consumers regard transaction security as their biggest concern); Dennis D. Steinauer et al., Trust and Traceability in Electronic Commerce, 5 STANDARD VIEW 118, 118 (1997) (exploring "technology or other processes that can help increase the level of confidence . . . in electronic commerce"); David Woolford, Electronic Commerce: It's All a Matter of Trust, 25 COMPUTING CANADA 18, ¶ 1 (May 7, 1999) 〈http://www.plesman.eom/Archives/cc/1999/May/2518/cc251813b.html〉 (arguing that electronic deals suffer from the problems of "authenticity and integrity").
10. A misuse of language persists within the technical computer security community: proponents of a particular security device invariably use the term "trusted" to signal their faith that the system in question is trustworthy. This usage is misleading, as it suggests a general acceptance of the device in question when in fact it is the duty of the proponents to argue or prove that it is indeed worthy of this acceptance.
11. See, e.g., Alfarez Abdul-Rahman & Stephen Hailes, A Distributed Trust Model, in. NEW SECURITY PARADIGMS WORKSHOP 48, 48 (1998) (discussing the weaknesses of current security approaches for managing trust); DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (visited July 1, 1999) 〈http://www.all.net/books/orange〉 (classifying computer systems into four divisions of enhanced security protection); Rohit Khare & Adam Rifkin, Weaving a Web of Trust (visited Jan. 13, 2001) 〈http://www.w3journal.eom/7/s3.rifkin.wrap.html〉 (1997) ("develop[ing] a taxonomy for how trust assertions can be specified, justified and validated"); Michael K. Reiter, Distributing Trust with the Rampart Toolkit, COMM. OF THE ACM, Apr. 1996, at 71, 71 (describing group communication protocols which distributes trust among a group).
12. See, e.g., Alfarez Abdul-Rahman & Stephen Hailes, A Distributed Trust Model, in. NEW SECURITY PARADIGMS WORKSHOP 48, 48 (1998) (discussing the weaknesses of current security approaches for managing trust); DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (visited July 1, 1999) 〈http://www.all.net/books/orange〉 (classifying computer systems into four divisions of enhanced security protection); Rohit Khare & Adam Rifkin, Weaving a Web of Trust (visited Jan. 13, 2001) 〈http://www.w3journal.eom/7/s3.rifkin.wrap.html〉 (1997) ("develop[ing] a taxonomy for how trust assertions can be specified, justified and validated"); Michael K. Reiter, Distributing Trust with the Rampart Toolkit, COMM. OF THE ACM, Apr. 1996, at 71, 71 (describing group communication protocols which distributes trust among a group).
13. See, e.g., Alfarez Abdul-Rahman & Stephen Hailes, A Distributed Trust Model, in. NEW SECURITY PARADIGMS WORKSHOP 48, 48 (1998) (discussing the weaknesses of current security approaches for managing trust); DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (visited July 1, 1999) 〈http://www.all.net/books/orange〉 (classifying computer systems into four divisions of enhanced security protection); Rohit Khare & Adam Rifkin, Weaving a Web of Trust (visited Jan. 13, 2001) 〈http://www.w3journal.eom/7/s3.rifkin.wrap.html〉 (1997) ("develop[ing] a taxonomy for how trust assertions can be specified, justified and validated"); Michael K. Reiter, Distributing Trust with the Rampart Toolkit, COMM. OF THE ACM, Apr. 1996, at 71, 71 (describing group communication protocols which distributes trust among a group).
14. Although I do not discuss their work here, I must acknowledge another community of researchers: namely those interested in computer-human interaction, who are concerned with ways to elicit trust through the design of user interfaces. See, e.g., Ben Schneiderman, Designing Trust into Online Experiences, COMM. OF THE ACM, Dec. 2000, at 57, 58-59 (outlining certain steps, such as disclosing patterns of past performance and enforcing privacy and security policies, that designers can take to encourage trust in online relationships).
15. See TRUST IN CYBERSPACE, supra note 2, at 12-23 (evaluating whether and to what degree we can rely on existing networked information systems that support our critical infrastructures). This report urged a set of actions to increase trustworthiness and limit our vulnerability to harm, even catastrophe, that might result from failures due to malfunction or malicious attack. See id. at 240-55 (outlining the Commission's conclusions and recommendations).
16. See ADAM B. SELIGMAN, THE PROBLEM OF TRUST 19 (1997) (arguing that trust in systems entails confidence in a set of institutions).
17. See, e.g., Annette Baier, Trust and Antitrust, 96 ETHICS 231, 232 (1986) ("There are immoral as well as moral trust relationships, and trust-busting can be a morally proper goal.").
18. NIKLAS LUHMANN, Trust: A Mechanism for the Reduction of Social Complexity, in TRUST AND POWER: Two WORKS BY NIKLAS LUHMANN 8 (photo. reprint 1988) (1979) ("[T]rust constitutes a more effective form of complexity reduction.").
19. See id. at 20 (noting that trust evolves from past experiences that can guide future actions).
20. Id. at 20.
21. Id. at 25.
22. See generally FRANCIS FUKUYAMA, TRUST: THE SOCIAL VIRTUES AND THE CREATION OF PROSPERITY 7 (1995) (illustrating examples for the need for trust in economic life); Baier, supra note 9, at 239 (commenting that ordinary individuals must trust the mailman and the plumber to do their jobs properly); Lawrence C. Becker, Trust as Noncognitive Security about Motives, 107 ETHICS 43, 51 (1996) (discussing trust of government officials); Russell Hardin, Trustworthiness, 107 ETHICS 26, 33 (1996) (explaining how economic institutions are trustworthy with their customers); Philip Pettit, The Cunning of Trust, 24 PHIL. & PUB. AFF. 202, 204-05 (1995) (discussing the trust placed in a city bus driver).
23. See generally FRANCIS FUKUYAMA, TRUST: THE SOCIAL VIRTUES AND THE CREATION OF PROSPERITY 7 (1995) (illustrating examples for the need for trust in economic life); Baier, supra note 9, at 239 (commenting that ordinary individuals must trust the mailman and the plumber to do their jobs properly); Lawrence C. Becker, Trust as Noncognitive Security about Motives, 107 ETHICS 43, 51 (1996) (discussing trust of government officials); Russell Hardin, Trustworthiness, 107 ETHICS 26, 33 (1996) (explaining how economic institutions are trustworthy with their customers); Philip Pettit, The Cunning of Trust, 24 PHIL. & PUB. AFF. 202, 204-05 (1995) (discussing the trust placed in a city bus driver).
24. See generally FRANCIS FUKUYAMA, TRUST: THE SOCIAL VIRTUES AND THE CREATION OF PROSPERITY 7 (1995) (illustrating examples for the need for trust in economic life); Baier, supra note 9, at 239 (commenting that ordinary individuals must trust the mailman and the plumber to do their jobs properly); Lawrence C. Becker, Trust as Noncognitive Security about Motives, 107 ETHICS 43, 51 (1996) (discussing trust of government officials); Russell Hardin, Trustworthiness, 107 ETHICS 26, 33 (1996) (explaining how economic institutions are trustworthy with their customers); Philip Pettit, The Cunning of Trust, 24 PHIL. & PUB. AFF. 202, 204-05 (1995) (discussing the trust placed in a city bus driver).
25. See generally FRANCIS FUKUYAMA, TRUST: THE SOCIAL VIRTUES AND THE CREATION OF PROSPERITY 7 (1995) (illustrating examples for the need for trust in economic life); Baier, supra note 9, at 239 (commenting that ordinary individuals must trust the mailman and the plumber to do their jobs properly); Lawrence C. Becker, Trust as Noncognitive Security about Motives, 107 ETHICS 43, 51 (1996) (discussing trust of government officials); Russell Hardin, Trustworthiness, 107 ETHICS 26, 33 (1996) (explaining how economic institutions are trustworthy with their customers); Philip Pettit, The Cunning of Trust, 24 PHIL. & PUB. AFF. 202, 204-05 (1995) (discussing the trust placed in a city bus driver).
26. LUHMANN, supra note 10, at 40 (footnote omitted).
27. ROBERT D. PUTNAM, MAKING DEMOCRACY WORK: CIVIC TRADITIONS IN MODERN ITALY 169 (1993) (arguing that social capital increases when it is used and diminishes when it is not used).
28. Pettit, supra note 14, at 225.
29. See id. at 202 (arguing that society where people trust one another will most likely function "more harmoniously and fruitfully" than society devoid of trust); see also FUKUYAMA, supra note 14, at 47 (arguing that "sociability is critical to economic life because virtually all economic activity is carried out by groups rather than individuals"); PUTNAM, supra note 16, at 170 (asserting that trust is an "essential component" of social capital).
30. See Daniel M. Weinstock, Building Trust in Divided Societies, 7 POL. PHIL. 263, 263-83 (1999).
31. KENNETH J. ARROW, THE LIMITS OF ORGANIZATION 23 (1974).
32. See SELIGMAN, supra note 8, at 73 (arguing that solidarity must include some element of trust).
33. See Becker, supra note 12, at 51 (voicing that the majority of U.S. citizens trust the motives of public officials enough to combat the effect of receiving negative information about them).
34. Consider, for example, controversies over governance of a range of issues from speech and gambling to the allocation of Domain Names. For one of the classic (and controversial) positions on Internet governance, see David R. Johnson & David Post, Law and Borders -The Rise of Law in Cyberspace, 48 STAN. L. REV. 1367, 1367 (1996) (arguing that Cyberspace requires different laws than the laws that govern geographically-defined territories).
35. For a similar critique of social capital, see Alejandro Portes & Patricia Landolt, Social Capital: Promise and Pitfalls of its Role in Development, 32 J. LAT. AM. STUD. 529, 546 (2000) (commenting that "one must not be over-optimistic about what enforceable trust . . . can accomplish").
36. See Baier, supra note 9, at 259 (arguing that in some instances it is more prudent to distrust, rather than to trust).
37. See Becker, supra note 12, at 58 (noting that a "proper sense of security is a balance of cognitive control and noncognitive stability").
38. See SELIGMAN, supra note 8, at 16-21 (explaining the difference between trust and confidence).
39. Pettit, supra note 14, at 210 (arguing that the mechanisms of trust can explain why "trust builds on trust").
40. See id. at 203 (commenting that many are not proud of this trait).
41. Id. at 211.
42. See id. at 203 (arguing that people regard their desire for the good opinion of others as a disposition that is hard to shed).
43. See id. at 207 (arguing that "[w]here trust of this kind materializes and survives, people will take that as a token of proof of their being well disposed toward one another, so that the success of the trust should prove to be fruitful in other regards").
44. SELIGMAN, supra note 8, at 69 (arguing that familiarity relates to the "human bond" rooted in identity).
45. Id. at 69.
46. See PUTNAM, supra note 16, at 172 (arguing that reciprocity undergirds social trust, which facilitates cooperation in communities).
47. See, e.g., SELIGMAN, supra note 8, at 22 (arguing that the concept of social role has been "fundamental to modern sociological analysis"); Baier, supra note 9 at 256 (arguing that people trust others to perform their roles in society); Pettit, supra note 14, at 221 (arguing that divisions among people in a community are likely to reduce the chances of people from different sides trusting one another).
48. See LUHMANN, supra note 10, at 78-85 (discussing the conditions necessary for trust to be formed); Russell Hardin, The Street-Level Epistemology of Trust, 21 POL. & SOC'Y 505, 514 (1993) (asserting that the "terrible vision of a permanent underclass in American city ghettos may have its grounding in the lesson that the children of the ghetto are taught . . . that they cannot trust others"); Pettit, supra note 14, at 222 (arguing that a society in which trust is found only in small family groups might become very cynical); Weinstock, supra note 19, at 263-83.
49. See LUHMANN, supra note 10, at 78-85 (discussing the conditions necessary for trust to be formed); Russell Hardin, The Street-Level Epistemology of Trust, 21 POL. & SOC'Y 505, 514 (1993) (asserting that the "terrible vision of a permanent underclass in American city ghettos may have its grounding in the lesson that the children of the ghetto are taught . . . that they cannot trust others"); Pettit, supra note 14, at 222 (arguing that a society in which trust is found only in small family groups might become very cynical); Weinstock, supra note 19, at 263-83.
50. See LUHMANN, supra note 10, at 84 (commenting on how "complex and richly varied the social conditions for the formation of trust are").
51. See Hardin, supra note 37, at 522 (discussing social mechanisms that generate trust); Pettit, supra note 14, at 220 (arguing that the "trust-responsiveness mechanism" has implications for institutional design); Weinstock, supra note 19, at 263-83.
52. There is far more complexity to this issue than I need, or am able, to show here. See, e.g., Helen Nissenbaum, The Meaning of Anonymity in an Information Age, 15 INFO. SOC'Y 141, 141 (1999) (discussing anonymity and what it means to protect it); Kathleen Wallace, Anonymity, 1 ETHICS AND INFO. TECH. 23, 23 (1999) (offering a definition of anonymity).
53. There is far more complexity to this issue than I need, or am able, to show here. See, e.g., Helen Nissenbaum, The Meaning of Anonymity in an Information Age, 15 INFO. SOC'Y 141, 141 (1999) (discussing anonymity and what it means to protect it); Kathleen Wallace, Anonymity, 1 ETHICS AND INFO. TECH. 23, 23 (1999) (offering a definition of anonymity).
54. In 1999, a thirteen-year-old boy from Haddonfield, N.J. participated in Ebay auctions, bidding away $3.2 million dollars on items like a van Gogh sketch and a 1971 Corvette convertible. His parents were successful in freeing themselves from responsibility for these transactions. See Boy Bids $3M at Online Site, AP ONLINE (Haddonfield), Apr. 30, 1999, available in 1999 WL 17062405 (reporting the exploits of the eighth-grade online bidder).
55. See Julian Dibbell, A Rape in Cyberspace; or, How an Evil Clown, a Haitian Trickster Spirit, Two Wizards, and a Cast of Dozens Turned a Database into a Society, in FLAME WARS: THE DISCOURSE OF CYBERCULTURE 237, 237-40 (Mark Dery, ed. 1994) (describing a fictional virtual rape in an online multi-user domain).
56. This is what I mean by organizing according to functionality. Structurally, a password is a very different device to a locked door, but in relation to this aspect of computer security, namely access control, they are effectively the same.
57. See Ashley Dunn, Computer World Battles Faster-Moving Viruses Technology, LA TIMES, Oct. 4, 1999, at C1, C7 (reflecting on the "notorious" outbreak of the Morris Worm and explaining that an internet security clearinghouse was created in response to the damage done by the Morris Worm).
58. Khare & Rifkin, supra note 5, at ¶ 4.
59. Bruce Schneier, Risks of E-mail Borne Viruses, Worms, and Trojan Horses, 20 RISKS DIGEST 2, ¶¶ 1, 6, 9, 11, 12, 13 (June 17, 1999) 〈http://catless.ncl.ac.uk/Risks/20.45.html〉.
60. See, e.g., COMMITTEE ON INFORMATION SYSTEMS TRUSTWORTHINESS, NATIONAL RESEARCH COUNCIL, TRUST IN CYBERSPACE 134-37 (Fred B. Schneider ed., 1999) (defining firewalls and identifying them as one of the mechanisms used to prevented unwanted access to computer systems).
61. See, e.g., Gary McGraw & Edward Felten, Understanding the Keys to Java Security, JAVAWORLD, May 1, 1997, available in 1997 WL 28334788 (reporting that a "code-signing hole" had been found in Java software);
62. Richard King, Java Sun's Language is Scoring Some Early Points with Operators and Suppliers, TELE.COM, May 1, 1996, available in 1996 WL 16760663 (noting that "[s]everal security flaws have been reported since Sun [Microsystems, Inc.] announced Java").
63. See LAWRENCE LESSIG, CODE AND OTHER LAWS OF CYBERSPACE 34-35 (1999) (identifying three common architectures of identity used on Internet as passwords, "cookies," and digital certificates).
64. But cf. Helen Nissenbaum, The Meaning of Anonymity in an Information Age, 15 INFO. SOC'Y 141, 143 (1999) (arguing that the information age's capacity to aggregate and analyze the data necessary to identify an individual, even without access to a name, presents a new challenge to protecting anonymity, where society desires to do so).
65. Microsoft Explorer's security is based on this principle.
66. See Schneier, supra note 46, at ¶ 9 ("One problem is the permissive nature of the Internet.") 53 This seems to be the form of the Federal Intrusion Detection Network (FIDNet) system proposed by the National Security Council and endorsed by the Clinton administration to protect government computers. See Marc Lacey, Clinton Outlines Plan and Money to Tighten Computer Security, N.Y. TIMES, Jan. 8, 2000, at A14 (identifying FIDNet as part of the Clinton Administration's larger computer security plan); see also White House Fact Sheet: Cyber Security Budget Initiatives, U.S. NEWSWIRE, Feb. 15, 2000, available in 2000 WL 4141378 (outlining the Clinton Administration's budget initiatives related to cyber security for fiscal year 2001); THE WHITE HOUSE, DEFENDING AMERICA'S CYBERSPACE: NATIONAL PLAN FOR INFORMATION SYSTEMS PROTECTION, VERSION 1.0: AN INVITATION TO DIALOGUE, EXECUTIVE SUMMARY 15 (2000) (discussing various government intrusion detection systems). The FIDNet proposal has met with significant opposition from various civil liberties groups. See, e.g., John Markoff, The Strength of the Internet Proves to Be Its Weakness, N.Y. TIMES, Feb. 10, 2000, at C1 (noting that FIDNet caused alarm among civil libertarians who said it would be used to curtail privacy on the internet); see also Patrick Thibodeau, Senate Hears Objections to Cyberalarm, COMPUTERWORLD, Feb. 7, 2000, at 25, available in LEXIS, News Library, U.S. News, Combined File (reporting on privacy group's testimony before the U.S. Senate Judiciary Subcommittee on Technology, Terrorism and Government Information).
67. See Schneier, supra note 46, at ¶ 9 ("One problem is the permissive nature of the Internet.") 53 This seems to be the form of the Federal Intrusion Detection Network (FIDNet) system proposed by the National Security Council and endorsed by the Clinton administration to protect government computers. See Marc Lacey, Clinton Outlines Plan and Money to Tighten Computer Security, N.Y. TIMES, Jan. 8, 2000, at A14 (identifying FIDNet as part of the Clinton Administration's larger computer security plan); see also White House Fact Sheet: Cyber Security Budget Initiatives, U.S. NEWSWIRE, Feb. 15, 2000, available in 2000 WL 4141378 (outlining the Clinton Administration's budget initiatives related to cyber security for fiscal year 2001); THE WHITE HOUSE, DEFENDING AMERICA'S CYBERSPACE: NATIONAL PLAN FOR INFORMATION SYSTEMS PROTECTION, VERSION 1.0: AN INVITATION TO DIALOGUE, EXECUTIVE SUMMARY 15 (2000) (discussing various government intrusion detection systems). The FIDNet proposal has met with significant opposition from various civil liberties groups. See, e.g., John Markoff, The Strength of the Internet Proves to Be Its Weakness, N.Y. TIMES, Feb. 10, 2000, at C1 (noting that FIDNet caused alarm among civil libertarians who said it would be used to curtail privacy on the internet); see also Patrick Thibodeau, Senate Hears Objections to Cyberalarm, COMPUTERWORLD, Feb. 7, 2000, at 25, available in LEXIS, News Library, U.S. News, Combined File (reporting on privacy group's testimony before the U.S. Senate Judiciary Subcommittee on Technology, Terrorism and Government Information).
68. See Schneier, supra note 46, at ¶ 9 ("One problem is the permissive nature of the Internet.") 53 This seems to be the form of the Federal Intrusion Detection Network (FIDNet) system proposed by the National Security Council and endorsed by the Clinton administration to protect government computers. See Marc Lacey, Clinton Outlines Plan and Money to Tighten Computer Security, N.Y. TIMES, Jan. 8, 2000, at A14 (identifying FIDNet as part of the Clinton Administration's larger computer security plan); see also White House Fact Sheet: Cyber Security Budget Initiatives, U.S. NEWSWIRE, Feb. 15, 2000, available in 2000 WL 4141378 (outlining the Clinton Administration's budget initiatives related to cyber security for fiscal year 2001); THE WHITE HOUSE, DEFENDING AMERICA'S CYBERSPACE: NATIONAL PLAN FOR INFORMATION SYSTEMS PROTECTION, VERSION 1.0: AN INVITATION TO DIALOGUE, EXECUTIVE SUMMARY 15 (2000) (discussing various government intrusion detection systems). The FIDNet proposal has met with significant opposition from various civil liberties groups. See, e.g., John Markoff, The Strength of the Internet Proves to Be Its Weakness, N.Y. TIMES, Feb. 10, 2000, at C1 (noting that FIDNet caused alarm among civil libertarians who said it would be used to curtail privacy on the internet); see also Patrick Thibodeau, Senate Hears Objections to Cyberalarm, COMPUTERWORLD, Feb. 7, 2000, at 25, available in LEXIS, News Library, U.S. News, Combined File (reporting on privacy group's testimony before the U.S. Senate Judiciary Subcommittee on Technology, Terrorism and Government Information).
69. See Schneier, supra note 46, at ¶ 9 ("One problem is the permissive nature of the Internet.") 53 This seems to be the form of the Federal Intrusion Detection Network (FIDNet) system proposed by the National Security Council and endorsed by the Clinton administration to protect government computers. See Marc Lacey, Clinton Outlines Plan and Money to Tighten Computer Security, N.Y. TIMES, Jan. 8, 2000, at A14 (identifying FIDNet as part of the Clinton Administration's larger computer security plan); see also White House Fact Sheet: Cyber Security Budget Initiatives, U.S. NEWSWIRE, Feb. 15, 2000, available in 2000 WL 4141378 (outlining the Clinton Administration's budget initiatives related to cyber security for fiscal year 2001); THE WHITE HOUSE, DEFENDING AMERICA'S CYBERSPACE: NATIONAL PLAN FOR INFORMATION SYSTEMS PROTECTION, VERSION 1.0: AN INVITATION TO DIALOGUE, EXECUTIVE SUMMARY 15 (2000) (discussing various government intrusion detection systems). The FIDNet proposal has met with significant opposition from various civil liberties groups. See, e.g., John Markoff, The Strength of the Internet Proves to Be Its Weakness, N.Y. TIMES, Feb. 10, 2000, at C1 (noting that FIDNet caused alarm among civil libertarians who said it would be used to curtail privacy on the internet); see also Patrick Thibodeau, Senate Hears Objections to Cyberalarm, COMPUTERWORLD, Feb. 7, 2000, at 25, available in LEXIS, News Library, U.S. News, Combined File (reporting on privacy group's testimony before the U.S. Senate Judiciary Subcommittee on Technology, Terrorism and Government Information).
70. See Schneier, supra note 46, at ¶ 9 ("One problem is the permissive nature of the Internet.") 53 This seems to be the form of the Federal Intrusion Detection Network (FIDNet) system proposed by the National Security Council and endorsed by the Clinton administration to protect government computers. See Marc Lacey, Clinton Outlines Plan and Money to Tighten Computer Security, N.Y. TIMES, Jan. 8, 2000, at A14 (identifying FIDNet as part of the Clinton Administration's larger computer security plan); see also White House Fact Sheet: Cyber Security Budget Initiatives, U.S. NEWSWIRE, Feb. 15, 2000, available in 2000 WL 4141378 (outlining the Clinton Administration's budget initiatives related to cyber security for fiscal year 2001); THE WHITE HOUSE, DEFENDING AMERICA'S CYBERSPACE: NATIONAL PLAN FOR INFORMATION SYSTEMS PROTECTION, VERSION 1.0: AN INVITATION TO DIALOGUE, EXECUTIVE SUMMARY 15 (2000) (discussing various government intrusion detection systems). The FIDNet proposal has met with significant opposition from various civil liberties groups. See, e.g., John Markoff, The Strength of the Internet Proves to Be Its Weakness, N.Y. TIMES, Feb. 10, 2000, at C1 (noting that FIDNet caused alarm among civil libertarians who said it would be used to curtail privacy on the internet); see also Patrick Thibodeau, Senate Hears Objections to Cyberalarm, COMPUTERWORLD, Feb. 7, 2000, at 25, available in LEXIS, News Library, U.S. News, Combined File (reporting on privacy group's testimony before the U.S. Senate Judiciary Subcommittee on Technology, Terrorism and Government Information).
71. See Schneier, supra note 46, at ¶ 9 ("One problem is the permissive nature of the Internet.") 53 This seems to be the form of the Federal Intrusion Detection Network (FIDNet) system proposed by the National Security Council and endorsed by the Clinton administration to protect government computers. See Marc Lacey, Clinton Outlines Plan and Money to Tighten Computer Security, N.Y. TIMES, Jan. 8, 2000, at A14 (identifying FIDNet as part of the Clinton Administration's larger computer security plan); see also White House Fact Sheet: Cyber Security Budget Initiatives, U.S. NEWSWIRE, Feb. 15, 2000, available in 2000 WL 4141378 (outlining the Clinton Administration's budget initiatives related to cyber security for fiscal year 2001); THE WHITE HOUSE, DEFENDING AMERICA'S CYBERSPACE: NATIONAL PLAN FOR INFORMATION SYSTEMS PROTECTION, VERSION 1.0: AN INVITATION TO DIALOGUE, EXECUTIVE SUMMARY 15 (2000) (discussing various government intrusion detection systems). The FIDNet proposal has met with significant opposition from various civil liberties groups. See, e.g., John Markoff, The Strength of the Internet Proves to Be Its Weakness, N.Y. TIMES, Feb. 10, 2000, at C1 (noting that FIDNet caused alarm among civil libertarians who said it would be used to curtail privacy on the internet); see also Patrick Thibodeau, Senate Hears Objections to Cyberalarm, COMPUTERWORLD, Feb. 7, 2000, at 25, available in LEXIS, News Library, U.S. News, Combined File (reporting on privacy group's testimony before the U.S. Senate Judiciary Subcommittee on Technology, Terrorism and Government Information).
72. See John Leyden, Melissa's Creator Faces 'Hard Time', NETWORK NEWS, Apr. 14, 1999, at 7, available in LEXIS, News Library, U.S. News, Computing & Technology file (reporting that America Online assisted federal and state law enforcement agents in identifying David Smith as the creator of the Melissa virus); Lee Copeland, Virus Creator Fesses Up - Admits to Originating and Disseminating Melissa, COMPUTER RESELLER NEWS, Sep. 6, 1999, available in LEXIS, News Library, Newspaper Stories, Combined Papers (noting that America Online tracked Smith down by tracing the virus to a list server in New Jersey); Hiawatha Bray, N.J. man charged in computer virus case, THE BOSTON GLOBE, Apr. 3, 1999, at A1, available in LEXIS, News Library, Newspaper Stories, Combined Papers (noting that America Online assisted the government agents in identifying Smith).
73. See John Leyden, Melissa's Creator Faces 'Hard Time', NETWORK NEWS, Apr. 14, 1999, at 7, available in LEXIS, News Library, U.S. News, Computing & Technology file (reporting that America Online assisted federal and state law enforcement agents in identifying David Smith as the creator of the Melissa virus); Lee Copeland, Virus Creator Fesses Up - Admits to Originating and Disseminating Melissa, COMPUTER RESELLER NEWS, Sep. 6, 1999, available in LEXIS, News Library, Newspaper Stories, Combined Papers (noting that America Online tracked Smith down by tracing the virus to a list server in New Jersey); Hiawatha Bray, N.J. man charged in computer virus case, THE BOSTON GLOBE, Apr. 3, 1999, at A1, available in LEXIS, News Library, Newspaper Stories, Combined Papers (noting that America Online assisted the government agents in identifying Smith).
74. See John Leyden, Melissa's Creator Faces 'Hard Time', NETWORK NEWS, Apr. 14, 1999, at 7, available in LEXIS, News Library, U.S. News, Computing & Technology file (reporting that America Online assisted federal and state law enforcement agents in identifying David Smith as the creator of the Melissa virus); Lee Copeland, Virus Creator Fesses Up - Admits to Originating and Disseminating Melissa, COMPUTER RESELLER NEWS, Sep. 6, 1999, available in LEXIS, News Library, Newspaper Stories, Combined Papers (noting that America Online tracked Smith down by tracing the virus to a list server in New Jersey); Hiawatha Bray, N.J. man charged in computer virus case, THE BOSTON GLOBE, Apr. 3, 1999, at A1, available in LEXIS, News Library, Newspaper Stories, Combined Papers (noting that America Online assisted the government agents in identifying Smith).
75. Baier, supra note 9, at 235.
76. Id. at 259.
77. Hardin, supra note 37, at 507.
78. SELIGMAN, supra note 8, at 43.
79. FUKUYAMA, supra note 14, at 26.
80. See Baier, supra note 9, at 236 (analyzing trust as a relationship in which "A trusts B with valued thing C," and in which B is given discretionary powers with respect to C); Hardin, supra note 36, at 506 ("To say 'I trust you' seems almost always to be elliptical, as though we can assume some such phrase as 'to do X' or 'in matters Y.'"); Weinstock, supra note 19, at 263-83.
81. Baier, supra note 9, at 245 ("We take it for granted that people will perform their role-related duties and trust any individual worker to look after whatever her job requires her to. The very existence of that job, as a standard occupation, creates a climate of some trust in those with that job.")
82. See Goldberg et al., Trust Ethics and Privacy, 81 B. U. L. REV. 407 (2001) (discussing changes to Amazon.com's privacy agreement, protecting customer information, that resulted in reduced protections).
83. Hardin, supra note 37, at 507.
84. See LUHMANN, supra note 10, at 20 (noting that trust is based in part on familiarity, history, and past experiences); id. at 24 (arguing that trust always involves the risk that the harm resulting from a breach of trust may be greater than the benefit to be gained by trusting); Pettit, supra note 14, at 208 (arguing that irrespective of how one defines risk-taking, trust always involves putting oneself in a position of vulnerability whereby it is possible for the other person to do harm to the truster); Weinstock, supra note 19, at 263-83.
85. Richard Posner, The Right of Privacy, 12 GA. L. REV. 393, 408 (1978).
86. There has been discussion in the media about the Clinton administration's proposals to monitor both governmental and private networks for signs of terrorist and criminal activity. See, e.g., Robert O'Harrow, Computer Security Proposal Is Revised: Critics Had Raised Online Privacy Fears, WASH. POST, September 22, 1999, at A31, available in LEXIS, News Library, Newspaper Stories, Combined Papers (reporting that civil liberties groups welcomed changes to the Clinton Administration's original proposals, in particular limitations on automatic data collection); see also supra note 53 (discussing the Clinton Administration's proposal for, and reaction to, enhanced computer network security programs).
87. See LUHMANN, supra note 10, at 15 (noting that "trust increases the 'tolerance of uncertainty,'" and explaining that "mastery of events" (i.e. knowledge) can replace trust).
88. Id. at 42.
89. Roderick M. Kramer, Trust and Distrust in Organizations: Emerging Perspectives, Enduring Questions, 50 ANN. REV. PSYCHOL. 569, 591 (1999).
90. Pettit, supra note 14, at 225.
91. See Dibbell, supra note 42, at 239-42 (describing a fictional virtual rape in an online multi-user domain).
92. See U.S. DEP'T OF JUST., BUREAU OF JUSTICE STATISTICS: SELECTED FINDINGS, VIOLENT CRIME 3 (1994) (reporting that "in murders where the relationship between the victim and the offender was known, 44% of the victims were killed by an acquaintance, 22% by a stranger, and 20% by a family member").
93. See Becker, supra note 12, at 50 (noting that "ordinary life" provides substantial anecdotal evidence that most people have personal relationships in which they remain "trustful despite the known untrustworthiness of others"); cf. Paul Slovic, Perceived Risk, Trust and Democracy, 13 RISK ANALYSIS 675, 677 (1993) (describing trust as fragile and identifying "the asymmetry principle," by which trust is usually created slowly, but destroyed in an instant, often by a single event) .
94. See Becker, supra note 12, at 50 (noting that "ordinary life" provides substantial anecdotal evidence that most people have personal relationships in which they remain "trustful despite the known untrustworthiness of others"); cf. Paul Slovic, Perceived Risk, Trust and Democracy, 13 RISK ANALYSIS 675, 677 (1993) (describing trust as fragile and identifying "the asymmetry principle," by which trust is usually created slowly, but destroyed in an instant, often by a single event) .
95. See Hoffman et al., supra note 3, at 82 (concluding that the primary barriers to consumers providing demographic data to Web sites are related to trust and noting that over 72% of Web users indicated they would provide demographic data if the Web sites would provide information regarding how the collected data would be used).
96. See Becker, supra note 12, at 59 (arguing that a person's loss of confidence in another person's motivations does more harm to the relationship than when the other person proves to be "merely unreliable or not credible"). 76 Id. at 51.
97. Id. at 59.
98. See Slovic, supra note 73, at 680 (contrasting French and American citizens' reaction to risks associated with nuclear power and noting that the French public's acceptance of the risks is partly related to the public trust in the state-run nuclear program, which has a reputation for emphasizing public service over profits).
99. See Tom Tyler, Trust and Law Abidingness: A Proactive Model of Social Regulation, 81 B. U. L. REV. 361 (2001) (advocating a "proactive model of social regulation that is based upon encouraging and maintaining public trust in the character and motives of legal authorities").
100. See id. at 366 ("Motive based trust is central to situations in which people rely upon fiduciary authorities."); see also id. at 376 (summarizing results of an empirical study and concluding that trust is an important factor in shaping people's reactions to their experience with legal authorities because one, "people who trust the motives of the authority with whom they are dealing are more willing to defer to that authority;" and two, "trust leads to more positive feelings about the legal authority involved").
101. Id.
102. See id. at 396 ("In the context of a specific personal experience with a legal authority, people are willing to voluntarily defer based upon their belief that the authorities are acting in a trustworthy manner. They infer trustworthiness from the justice of the actions of the authorities."); see also id. at 398 (discussing the opportunities police officers and judges have to developing public good will by justifying outcomes by reference to the public's moral values, in the outcome context, and treating people fairly in the procedural context) .
103. See supra note 65 and accompanying text.
104. I am grateful to Beth Kolko for suggesting this metaphor. When I presented a version of this paper in September 1999 at The Netherlands Royal Academy of Arts and Sciences a thoughtful audience argued that Amsterdam served better as a contrast.