From Threat Models to Trust Models for Technology We Can Trust

One of the key consequences of COVID-19 has been the rapid acceleration of the adoption of digital technologies and digital systems. The crisis has jolted us from the industrial economy into the digital economy. The digital economy is here to stay. In grappling with how best to navigate this deeper digital trajectory, we have done very little planning to create resilient digital infrastructures that maintain trust and serve society in the ways we want. At present, we are reliant on precarious digital infrastructures are neither intentional or understood, leaving us exposed and vulnerable to digital exploitation.

Resilience is a fundamental concept in disaster management about how to best prepare, address, and recover from crisis. Trust is key in this process. In current conditions, digital trust. So, how do we transition to digital infrastructure we can trust?

Digital Trust

If trust is a device for coping with the freedom of others, then how do we design systems so that we can trust people when it comes to the nebulous digital world of 0’s and 1’s?

Cybersecurity, although important, only offers a narrow approach to resilience predicated on threat modelling. While cybersecurity protects computers, trust modelling protects people.

The aim of resilient digital infrastructures is to create trusted interactions among communities of people. The way to pursue this goal is through a concept we call ‘trust modelling’.

Trust Models

Trust models adopt a socio-technical design approach. This means acknowledging that the meanings and implications of technology emerge from the interplay between communities and tools in practice (Leigh Star 1999; Orlikowski, 2007; Leonardi, 2012). Applying a socio-technical lens means viewing social systems and technological systems as interdependent and co-constituted. Digital infrastructure is a lived experience.

Thus, while threat modelling = a technology + a user +a context; trust modelling = people + context + network.

As such, in any given context, a network of people and a network of technologies creates either a trusted or untrusted network.

Trust modelling offers a framework for modelling trust appetite with communities, or in the case of COVID-19 recovery, societies. We must design and advocate for digital infrastructures based on a reasonable, and scalable, trust model.

Trust Frameworks

Several human-first design principles exist that can be applied in trust modelling for the digital infrastructures we need to recover economically, socially and technologically from COVID-19.

Privacy-by-design is a technology design principle that considers throughout the entire engineering process. The initial principles of privacy-by-design are; proactive not reactive, privacy as a default setting, privacy embedded into design, full functionality, end-to-end security, visibility and transparency, and user-centric respect for privacy. This is crucial, as information privacy only exists only insofar as it is upheld in the social context and norms of a network in which consent was given, as argued by Helen Nissembaum in her book ‘Privacy in Context’.

The ‘S4 Principles’ of Simple, Secure, and Survivable Systems offers a framework for technology that serves the interests of end-users and maintains human dignity, especially in crisis situations. With an emphasis on pre-emption, the S4 Principles are the four properties that are vital for the long-term sustainability of critical capabilities, and therefore the strengthening of societies against existing and emergent shocks and threats.

Trustless technologies, by way of decentralised, fault-tolerant peer-to-peer networks such as blockchains offer another trust framework for resilient digital infrastructure. ‘Trustless’ technologies remove reliance on central parties that access or own a network by aligning incentives amongst all participants, to enable trustless interactions, where you can collaborate with someone you don’t know or trust. Incentives can be economic or social. Practically, this means designing digital infrastructure so it can’t be exploited. Distrust, rather than trust, is therefore the starting point for understanding the relationship between people and digital infrastructure. A crucial part of the culture of development and implementation of trustless technology includes technical mechanisms, such as cryptographic security, as well as transparency through open-sourcing all code for public infrastructures.

Integrating Trust Technologies

We are in a Frankenstein moment between legacy systems and emergent ones as we grapple with the newfound realities of our interdependence with technology in the digital economy. A reactive, “business as usual” approach to critical infrastructure in the digital economy will not suffice.

One of the key risks of digital transformation is perpetuating and reinforcing existing asymmetries with digitally powered infrastructures. This is often seen in the deployment of ‘blockchains’ that are centrally issued and private, and thus, not decentralised and ‘owned’ by participants in the network. The idea is not to overthrow the system, but to preserve both cooperation and individuality.

Conclusion

In striving towards trust technologies, our goal needs to be focussed on locating humanity in digital transformation before we re-freeze new systems. The new application of trust models, in a socio-technical approach towards digital infrastructures, offers a conceptual framework as well as practical design approaches to build resilient digital infrastructures that create and maintain trustful interactions.

With thanks to Eileen at Simply Secure for letting me run with the concept of ‘trust models’ from our work on the DOTS Report, and my colleague Professor Sinclair Davidson at the RMIT Blockchain Innovation Hub for feedback.