Trust in an Open Web: The European Perspective

Athens.
The post-lunch (mmmh, baklava) session on this first day here at WebSci '09 returns us to the question of trust; the keynote speaker is Jacques Bus, head of the European Commission unit "Trust and Security" within the directorate for the Information Society and Media. He begins by noting that we have moved from a walled fortress to an open metropolis model for digital information; this is a move from securitisation, isolation, walls, and the protection of everything, to trust, agreement, communication, and the protection of goods. In this digital world, there is as yet no adequate identity management for persons and artificial entities; the protection of data is the key.

Trust is a relation, not a property, Jacques points out: it is time-, place-, and context-specific, and a pre-requisite for any effective human and enterprise transaction. It facilitates economic activity, creativity, and innovation. User empowerment is crucial in this context - users can only trust if they are provided with sufficient transparency for the people and things they are asked to trust; trustworthiness is a moving target, therefore.

There is an explosion in digital data, and data collection can be a positive as well as a negative - it is necessary to collect large datasets to provide effective commercial and government services, but such datasets may also be used for less desirable purposes (commercial exploitation or an infringement of privacy and civil rights). An appropriate balance must be found here. Additionally, technology development does not take place in isolation, but is interlinked with social uses as well as governmental policy and regulation. This constitutes a complex field of influences.

A further complication is dichotomy between the global reach of digital technology and the local nature of culture, regulation, and jurisdiction; many uses of the Net are unrelated to time and location, and take place in an anonymous environment without any authentication; Internet use maps very poorly onto national jurisdiction, making it unclear which legal frameworks apply in any one case. This makes it difficult for governments to protect their citizens, or for specific cultures to maintain their own cultural identity online.

For a European trust approach, then, important issues are identity management and authentication, privacy and freedom, responsibility, and the maintenance of openness and a free press. Trust is based on the constitution, the rule of law, on freedom, contracts, and general conventions between citizens; but it must also be enforced by audits, consumer protections, and (where necessary) legal action.

Online trust depends on context (time, location, partners, subject, transaction circumstances), and must include adherence to the "seven laws of identity and privacy", accountability, transparency, a fair distribution of responsibilities in the chain of actors (rather than blaming the end users for their lack of understanding of privacy issues), a support of trust by the tools and means of access which must allow easy and dynamic assessment of trust implications, and the protection of the personal sphere (defined as the user and their technological extensions).

An ICT agenda in this field involves the development of a globally interoperable e-ID platform with built-in privacy elements (aiming for minimal data disclosure), identification management of digital entities, trust architectues, accountability, transparency,and the introduction of time and location features. Additional societal elements include consumer protection laws, international agreements on jurisdiction, law enforcement, and the exchange of personal data, and new social and economic paradigms.

Technorati : WebSci '09, identity, policy, privacy, security, trust
Del.icio.us : WebSci '09, identity, policy, privacy, security, trust