There was a great discussion today at the New America Foundation on the technical measures of trust on the Internet and browser certificates. It was a geek-fest where nearly everyone laughed at Andrew McLaughlin’s Star-Trek analogies.
But most policymakers are not so geeky, and associate Klingons with those things that stick to your clothing. And their concerns over trust extends broader than web-based certificates to all sorts of online information collection.
Web certificates operate according to a chain of trust that involves browsers, certificate authorities, websites, and end users. Implicit in this arrangement is that there’s a relationship up and down the chain—or at least through a middleman (certificate authorities) – to certify a certificate. At the event, panelists expressed worry that there could be a growing externality problem whereby the incomplete practices of some certificate authorities improperly validate certain sites that impose security risks on all of us.
This got me thinking about the areas of the Internet where there is no chain of trust, no man in the middle. What about information collection that occurs outside of existing customer relationships or user control? How can we develop trust mechanisms to address externality costs here?
For instance, the Canadian government recently found that Google Street View violated some existing privacy laws by collecting credit card numbers, emails, and passwords off of some wireless networks. This is one example of data collection that happens without any relationship between the data collector and the subject of collection. Perhaps data brokers that collect personal information is another example. These are the issues that seem to concern policymakers and users, because it’s an area in which people have little control.
Web certificates are one example of a technology system that steps in the middle to try to correct this externality, and to establish user trust with 3rd party websites. Are there social or policy approaches that might be needed to complement technology solutions for trusting information flows online? This is on the mind of policymakers. Those that don’t speak Klingon.