[Cryptography] Trustworthiness

Dennis E. Hamilton dennis.hamilton at acm.org
Thu Jun 22 11:39:22 EDT 2017 


> -----Original Message-----
> From: cryptography [mailto:cryptography-
> bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of iang
> Sent: Tuesday, June 20, 2017 05:29
> To: cryptography at metzdowd.com
> Subject: Re: [Cryptography] Trustworthiness
> 
> On 18/06/2017 11:26, mok-kong shen wrote:
> 
> > P. G. Neumann wrote in his article: Trustworthiness and Trustfulness
> > are Essential,
> > CACM, vol.60, p.28:
> >
> > "The concept of trustworthiness seems to becoming supplanted with
> > people falsely
> > placing their trust in systems and people that are simply not
> > trustworthy  -- without
> > any  strong cases being made for safety, security, or indeed assurance
> > that might
> > otherwise be found in regulated critical industries such as aviation.
> > However, the
> > risks of would-be "facts" may be the untimate danger."
> >
> > Are there any practical remedies in sight?
> 
> There are better paradigms.  Whether you call them 'remedies' would
> depend on how broken you think the system is.
> 
> In practice, anything labelled with trust was a bit of a bait&switch.
> The notion that people could "trust" systems was a misuse of the word.
> In practice people rely on systems, not trust them.  You don't trust
> your car to get you to work, except euphemistically instead you rely on
> it.
> 
[ ... ]
[orcmid] 

I think we are missing a key factor in trust and trustworthiness, although this thread does touch against it somewhat.

It is useful to preserve the notion of a trusted system as being one that could in fact deviate from the behavior being relied upon but is trusted not to.  How and whether such trust is merited is not a binary thing.

Note that if deviation is in fact not possible, then trust is not a factor at all.  In some discussions, I fear that this is taken to be a case of trustworthiness.  It seems to me however, that trust is not required in that case, although one might be trusting in the assertion that there is no material deviation possible.  (It is turtles all the way up.)

A decade ago I spent some time looking into the trustworthiness of artifacts and it comes down to trustworthiness of the producers of those artifacts.  And the measure of trustworthiness is behavior of the producer in the event of a breakdown, by whatever misadventure.  If my car breaks down on the road, the issue will be how that is remedied and who I find to be reliable for that.  Contingent reality applies, not some abstract perfect certainty. 

It matters to look at context and also the degree to which the cycle of learning and improvement in which producers engage demonstrate care for the adopters of their products or systems.  That demonstration may be evident in proper operation and it will be particularly evident in the face of a breakdown.  The whole lifecycle and update process around software, as well as how security/privacy matters are addressed figures in this picture.  The measures by which providers of services safeguard the privacy of their clients is another case.

More at <http://orcmid.com/blog/2008/05/trust-but-demonstrate.asp>.

 - Dennis

More information about the cryptography mailing list