About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Joe Bloggs | Main | Let's make crime illegal »

Who to trust?

By Dave Birch posted Aug 5 2010 at 10:18 AM

[Dave Birch] I've been involved in some involved discussions about an involved topic: trust (again). It happens that a number of the projects that Consult Hyperion is currently working on include implementing trust infrastructures in both private and public sectors. Now, we're not alone in thinking that this is a big deal.

Newmark called some form of distributed trust system “the killingest of killer apps” for the web over the next decade (he said he wasn’t sure that was the best way to describe it, but was trying out to see how it sounded). He talked about “reputation and trust ruling the web, just the way it does in real life,”

[From Craig Newmark on the Web’s Next Big Problem – GigaOM]

Do they rule real life? Consider the transactions that I've made so far today. I took a bus -- no trust required, I paid with cash -- and then bought a train ticket -- chip and PIN, so no trust in me required -- and went to a couple of meetings -- we'll come back to this in a minute -- took the train home -- no trust in me required since I had a ticket -- and then took the bus home -- no trust in me required since I had a ticket.

Clearly, though, there are situations where trust is important, and we have no cost-effective, functioning market solution to this at the moment. As noted elsewhere on this blog, there ought to be some form of two-sided market in place where multiple trust providers supply interoperable credentials to the "relying parties" (in the jargon).

Hey, this sounds like a service being worth paying for, just like the same relying parties pay for other services such as banking, telecommunications and energy. If there is value, a market can come and the growth will come by itself when the trust is organized properly. It’s just a matter of getting the industry act together. Let’s start looking for the business problems we are trying to solve with e-identity.

[From Innopay - Payment Consultants - home]

Good point. In the meetings I went to today, one was with someone I've known for years but one was with a potential new customer. He'd been given my name by a colleague and dropped me and e-mail. When I turned up and gave him my business card, he took it on trust that I was who my card said I was.

There are situations, however, where that implicit trust can cause problems. Here's one, so when presented with a proposal for identity infrastructure, ask yourself how the proposed scheme might help to solve a real-world problem such as this one.

As he entered the hotel suite, an elegant, slightly thick-set man handed him his card, ‘Paul Ogwuma, Director - Central Bank of Nigeria.’ Although Sakaguchi had never met Nigeria’s most senior banker, Ogwuma’s reputation in the world of international finance was solid. And he was there with his deputy, his deputy’s wife and a senior representative of Nigeria’s Aviation Ministry. The atmosphere at the meeting was both cordial and businesslike.

[From The Banker and the Chief - NZZ Folio 02/09 - Thema: Parallelwelten]

A business card isn't any more use than, say, a United Kingdom National Identity Card, since the person sitting across the table from you in a business meeting has no way of telling whether it is real or not.

As he awaited trial on charges of criminal conspiracy in his modest, neat home in Coita, just outside Sao Paolo, Nelson Sakaguchi denied that he had noticed anything fishy about the Nigerian deal. To this day, he swears he had no idea that his main business partner in the Abuja airport scheme was in fact Chief Emmanuel Nwude. Although uneducated and described by one lawyer as ‘a thug,’ Nwude demonstrated confidence and ability in wriggling around the sewers of Nigeria’s corruptocracy. He was a successful businessman but he was not, as he claimed at that London meeting, Paul Ogwuma, the Director of the Central Bank of Nigeria.

[From The Banker and the Chief - NZZ Folio 02/09 - Thema: Parallelwelten]

The story is, of course, about a Nigerian 419 fraud. This one was on a particularly large scale because the victim was a leading international bankers and therefore unable to distinguish between real and fictional investment opportunities. Every time the banker, Nelson Sakaguchi sent the Nigerians another $3 or $4 million of the banks' money, he expected the profits to come back. Instead, Chief Nwude and his accomplices requested a further payment in order to pay for fabricated legal fees or bribes. And as the banker's losses mounted, so did the compulsion to pay out more millions in the hope of retrieving the ever greater sum invested, just like a gambler coming back to the table again.

Incidentally, and unrelated to the point of this post, the unfortunate Mr. Sakaguchi was

Sakaguchi... has spent almost two years in a Swiss jail for money-laundering (he was sentenced to 30 months). Ironically, he was found guilty of laundering the very money which the Nigerians were stealing from him.

[From The Banker and the Chief - NZZ Folio 02/09 - Thema: Parallelwelten]

How different this story might have been if Mr. Sakaguchi's e-mail client had simply flagged the initial e-mail as not coming from the Central Bank of Nigeria (because the digital signature on the message did not resolve in the Central Bank of Nigeria's certificate chain or it Mr. Sakaguchi's phone had displayed a red cross rather than the Chief's photo after reading his business card. We have the technology.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef0133f2dc30aa970b

Listed below are links to weblogs that reference Who to trust?:

Comments

Sadly, I don't think there are technological solutions to human stupidity and greed.

The comments to this entry are closed.