Trust: Opening up the opportunities of e-business

Published January 23, 2002 in Excutive Tek Report, IBM Global Services (also available at http://www-1.ibm.com/services/au/index.wss/multipage/igs/executivetech/a1006410/3?cntxt=a1005069 and at http://trustenablement.com/local/etr_trust.pdf)

Trust: Opening up the opportunities of e-business  

Executive Summary - The value of e-business is fundamentally tied to achieving the trust that allows us to rely on electronic information transmitted over the Internet. While in the face-to-face world, trust was often built on personal relationships, trust in the electronic world depends on creating generic, structured approaches to help ensure that data is accurate, relevant, complete and current.  This means specific services must be put in place to establish and help ensure trust before the full potential for e-commerce, collaboration, electronic markets and dynamic partnering can be realized.

In this Executive Tek Report, Peter Andrews interviews Alex Todd, who is a Senior IT Security Consultant with IBM Global Services Canada,  Security and Privacy Services practice.  Alex specializes in Public Key Infrastructure (PKI), electronic signature and authentication mechanisms.

 
Edge  Tell me about trust and what it means in terms of information technology (IT).

Alex Todd  IT and e-business are all about relying on electronic information to make business decisions.  Historically, this information was delivered by trusted advisors/experts.  Today, business managers are increasingly relying on complex computer systems to provide them with accurate, relevant, complete and current information to make decisions. 

However, information (based on information theory) is inherently not trusted.  You have to do something to it to make it trustworthy.  In the past, you had your trusted advisors/experts who acted as a source of trust for the information they provided.  Today [working electronically], relying parties have only information systems to trust.  The question that trust answers is "How do you know this information is accurate, relevant, complete and current?"  We have been finding ways to answer this question for a long time.  However, with increasing amounts of information becoming electronic, we can no longer rely on our customary and instinctive sources of trust.  We must take a fresh and explicit look at the basis for trusting electronic information that is being used to make consequential business decisions.

Edge  What are some ways electronic information can be made more trustworthy?

Alex Todd  Electronic information can be made more trustworthy by enabling relying parties to:

Ÿ establish a desired level of trust in the information by leveraging extrinsic and intrinsic sources of trust, such as user authentication, audit logs, systems management and Web rating services; and

Ÿ maintain a given level of trust by leveraging trust ensuring mechanisms, such as governance, risk sharing, IT and security controls. 

Edge  Could you walk me through an example (for example, eBay) and illustrate how this creates opportunities and value?

Alex Todd  eBay provides a suite of trust-enabling services ¹ that are designed to both establish and ensure a level of trust for customers (see Figure 1). They provide three types of trust-establishing services: 

  1.         Witness-related - customer feedback forums (for which they are famous), escrow and product authentication

  2.         Expert/Authority - ID verify, product opinions and grading, product appraisal, published privacy policy and TRUSTe seal (which exemplifies the trusted sender concept).

They also provide three types of trust-ensuring services: 

1.         Governance - comprehensive use policies, investigations, disallowed products, dispute resolution, notices of intellectual property (IP) infringement

2.         Risk Sharing - user agreements, fraud protection insurance

This trust-enabling service infrastructure has allowed eBay users to make purchasing decisions more quickly by knowing that they will get what they expect from the products and vendors they choose, and that they have recourse if something goes wrong.

  Figure 1. Components of the eBay trust infrastructure.

Edge  What is the role of human relationships in trust?

Alex Todd  Human relationships remain an important source of trust for information.  However, when relying on electronic information, humans may not have as big a role to play.  For example, I may trust information I receive from a person with whom I am corresponding electronically (via e-mail or newsgroup or chat), provided I know it is [a] person whom I already trust that is providing me with the information.  This is where authentication comes in.  However, the role [of] personal relationships diminishes in a scenario where we need to rely on system information to make systems management decisions, for example.  In these cases, we need to rely on what some have called "system trust," which is essentially an impersonal infrastructure of trust-enabling services.

Edge  Would it be fair to say that trust based on relationships is more important as information becomes more tacit and trust based on information becomes more important when the information is more explicit? 

Alex Todd  Well, I would agree that a relationship that allows you to rely on multiple tacit indicators, such as body language, speech patterns and presence of witnesses to the conversation, can help to establish a level of trust.  You rarely get that richness of indicators - or tacit sources of trust - when relying on electronic information.  However, you still get some, based on, for example, the confidence inspiring functionality of the system you are using.

Information, whether you get it face-to-face or electronically, is still information.  It is always the information that we rely on to make decisions.  The significant differences are the sources of trust we use and the trust ensuring mechanisms that are in place.  For example, knowing the owner of the community hardware store, I know the means by which I can have recourse if I have a dispute.  Online, it is not as clear.  Also, if I ask his opinion about a hardware solution, I can tell by the tone of his voice and his body language how certain he is about his response.  I can't do that online.

Edge  What is the relationship of security to trust as we move forward toward emerging electronic opportunities?

Alex Todd  Security cannot establish trust.  It can only protect from a loss of a given level of trust.  In some ways, trust and security are opposites (see Figure 2).  With absolute trust, you do not need security.  With absolute security, you don't need trust.  However, in the real world, there is no such thing as absolute trust, so we often need some level of security to mitigate some of the residual risk of not trusting.  I would say that trust is always the preferred objective, but that security is, unfortunately, often necessary.

Figure 2. Comparison of the features associated with security versus trust.

Edge  How important will this become for businesses?  Are there particular industries that will lead the way and have the biggest opportunities?

Alex Todd  I believe it is very important.  You will see trust addressed first in the transportation industry with the advent of the "trusted traveler" program ² and its "fast lane" equivalent for goods. ³  These trust programs will help to dramatically improve the business volumes currently being hindered by increased security.

By not addressing trust issues explicitly, and relying instead solely on security and contracts for protection, I believe that businesses are leaving huge opportunity gaps.  Security and contractual mechanisms inhibit the free flow of business information required to achieve the full potential of business benefits promised by e-business investments.

References

¹ Wingfield, Nick. "Are You Satisfied? EBay's battle against fraud rests primarily on a simple concept: customer feedback." September 16, 2002. The Wall Street Journal. December 17, 2002.

² Berger, Matt. "'Trusted Traveler' aims to streamline flight security." March 18, 2002. Computerworld. Accessed November 21, 2002. 

http://www.computerworld.com/securitytopics/security/story/0,10801,69206,00.html. Lisagor, Megan. "Traveler smart card poses security concerns." December 2, 2002. Federal Computer Week. Accessed December 17, 2002.

http://www.fcw.com/fcw/articles/2002/1202/web-tsa1-12-02-02.asp.

³ White House press release. "Progress Report - Security and Opportunity at the U.S.-Canada Border", June 28, 2002. Accessed November 21, 2002.

http://www.whitehouse.gov/news/releases/2002/06/20020628.html

Other sites of interest

http://www.auctionwatch.com/awdaily/tipsandtactics/sel-salespolicy.html

http://www.equifax.com

http://www.escrow.com

http://www.truste.org

http://www.squaretrade.com/cnt/jsp/index.jsp

http://pages.ebay.com/help/community/vero-program.html

About this publication

Executive Tek Report is a monthly publication intended as a heads-up on emerging technologies and business ideas.  All the technological initiatives covered in Executive Tek Report have been extensively analyzed using a proprietary IBM methodology.  This involves not only rating the technologies based on their functions and maturity, but also doing quantitative analysis of the social, user and business factors that are just as important to its ultimate adoption. From these data, the timing and importance of emerging technologies are determined.  Barriers to adoption and hidden value are often revealed, and what is learned is viewed within the context of five technical themes that are driving change:

Knowledge Management: Capturing a company's collective expertise wherever it resides - databases, on paper, in people's minds -- and distributing it to where it can yield big payoffs

Pervasive Computing: Combining communications technologies and an array of computing devices (including PDAs, laptops, pagers and servers) to allow users continual access to the data, communications and information services

Realtime: "A sense of ultracompressed time and foreshortened horizons, [a result of technology] compressing to zero the time it takes to get and use information, to learn, to make decisions, to initiate action, to deploy resources, to innovate" (Regis McKenna, Real Time, Harvard Business School Publishing, 1997.)

Ease-of-Use: Using user-centric design to make the experience with IT intuitive, less painful and possibly fun

Deep Computing: Using unprecedented processing power, advanced software and sop-histicated algorithms to solve problems and derive knowledge from vast amounts of data

This analysis is used to form the explanations, projections and discussions in each Executive Tek Report issue so that you not only find out what technologies are emerging, but how and why they'll make a difference to your business. If you would like to explore how IBM can help you take advantage of these new concepts and ideas, please contact us at insights@us.ibm.com.  To browse through other resources for business executives,   please visit

ibm.com/services/insights

Executive Tek Report is written by Peter Andrews, Consulting Faculty, IBM Advanced Business Institute, and is published as a service of IBM Corporation.  Visit

ibm.com/abi

Copyright ©1999-2003 IBM Corporation. All rights reserved.

IBM and the e-business logo are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both.

Other company, product and service names may be trademarks or service marks of others.

References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates.

G510-xxxx-00