August 10, 2017

The Fate of Online Trust in the Next Decade

Theme 6: Trust will diminish because the internet is not secure and powerful forces threaten individuals’ rights

The internet was not built with trust-building in mind, and about a quarter of these experts predicted that there are a number of threats that will be hard to defeat. Some spoke of the role of criminals and trolls. Others referred to corporate behavior and governments’ motives leading to the privacy invasions, surveillance and data breaches that make the public uneasy about online transactions.

The next billions connected will be potentially the more exposed to new generations of digital crooks that have on them dozen of years of experience.Giacomo Mazzone

An anonymous professor at a public university noted, “Two major forces are working against trust: 1) Corporations. They care about trust and security to some extent, but their interests are not aligned with those of consumers. 2) Those [bad actors] who attack individuals and systems and will always be a step ahead of any possible security measures. As people hear more and more about data breaches, etc., they will become more distrustful. Already, many people who are not technically sophisticated take a blanket approach in which they wish to reveal nothing to anyone. And others do just the opposite, believing that no one wants their data, trusting the big corporations will protect them, or deciding they can’t function without online interaction and giving in to risks.”

Some pointed out that as internet usage continues to rise – with hundreds of millions more people, maybe more than a billion, likely to join those already online by 2026 – interactions will increase, hiking the likely chance of more criminal exploits and more potential for institutional incursions impacting more people, thus less trust. An anonymous senior researcher who works for Microsoft observed, “As more and more people come online, that’s more and more targets for scammers. Since reaching people online is so easy, the scammers’ negative actions are magnified.”

An anonymous principal engineer for an IT and network vendor and service provider predicted, “Trust will be diminished, but I am not saying that fewer people will use the internet for shopping, work, etc. More people will be driven to use the internet and thus will have more reasons not to trust it. Until software developers stop coding vulnerabilities (e.g., buffer overflows) into the software that runs all these systems, trust won’t improve. At this time, I see very little improvement or interest in improvement in industry as a whole. As more ‘things’ are connected to the internet and permeate society, it will only get worse. Yes, I’m very pessimistic. At some point, society might even have to hold software developers responsible (gasp).”

Giacomo Mazzone, head of institutional relations at the European Broadcasting Union, wrote, “If you look at the number of phishing examples around us and at the number of victims, you can understand why and how a digital world without a digital literacy could become potentially a world more dangerous than the one we have today. The next billions connected will be potentially the more exposed to new generations of digital crooks that have on them dozen of years of experience.”

Paul Dourish, chancellor’s professor of informatics at the University of California, Irvine, wrote, “The primarily thing that banks, governments and corporations need to do in order to be trusted is to act in a trustworthy manner. Where people don’t trust online action, it is not least because corporate actors have not been good custodians of user data, etc. The use of online services will increase because it will become increasingly difficult to opt out, but that doesn’t mean that those services will be trusted unless entirely new attitudes toward governance and responsibility emerge.”

Christopher Owens, a community college professor, observed, “This is a paradox. Trust will be diminished, but the use of online banking and shopping will continue to increase. As online shopping and banking becomes more and more commonplace, just about everyone who uses these services will at one point or another … have to deal with some act of fraud or identity theft.”

An anonymous senior lecturer in computing based in Australia said, “I can see trust continuing to diminish as more people get bitten by scams. While one of my students – who may have invented bitcoin – built safeguards into its blockchains, it is easy for those who have little faith in science and mathematics to come to distrust them. Politics is influenced by the trust placed in commentators who admit privately that they don’t tell the truth because it doesn’t sell.”

David Banks, co-editor of Cyborgology, said, “Trust in institutions is at an all-time low, and it does not seem clear to me at all that digital technologies will improve this situation. Trust is a social problem and overall degrees of trust in institutions will only change to the degree that technologies present a kind of stability or some other version of trustworthiness.”

Christopher Wilkinson, a retired senior European Union official, commented, “Trust is already challenged. The technologies of creating and maintaining trust are still too complicated for the average use – e.g., I do not know how to encrypt my email.”

Shawn Otto, organizational executive, speaker and writer with ScienceDebate.org, commented, “We are still at the early stages in understanding the vulnerabilities created by bringing the world online. As they become more clear via painful experience, trust will likely diminish somewhat.”

Matt Bates, programmer and concept artist at Jambeeno Ltd., commented, “It will remain mostly the same but if it trends either direction it will probably be diminished simply because of two effects: 1) People always discount positive effects on their lives and overestimate negative effects; and 2) Online activity can have large effects on one’s life, both positive and negative. Shopping (economic activity) will probably precipitate the most drastic shift in many peoples’ online lives as inevitable security breaches continue to negatively affect millions (eventually billions) of lives. People will dramatically discount the untold hundreds or thousands of remarkably easy transactions they’ve made in the past and will focus heavily on the one time their credit information was swiped by unsavory criminals.”

Many respondents addressed identity issues when predicting a diminishment of trust.

Dan Lynch, internet pioneer developer and founder of CyberCash, noted, “There are far too many ways to cloak true identity, thus trust will be a big problem online.”

Erik Anderson, a respondent who did not provide any other identifying details, wrote, “With identity comes trust. You can’t solve online trust issues without identity. However, with more online identity come privacy issues. The technology exists to solve these problems but it has been relatively unused and undeployed.”

Maria Pranzo, director of development at the Alpha Workshops, said, “Until an infallible [personal identity] marker is created … the hackers and thieves will always be one step ahead. That said, we’re suckers for convenience, and I don’t see us going back to in-store banking. And give me Netflix or give me death.”

An anonymous respondent commented, “Until we have identities that cannot be ‘stolen’ online we will only have more problems leading to less trust. Maybe blockchain could do it, but the resistance from the large existing financial institutions will be too large for a new normal to develop until we have fundamental change in our economic structure.”

Another anonymous respondent observed, “Flawless identity verification is the holy grail of online services. Until that exists, there will be ‘mattress stuffers’ who do not trust online services for banking, health care, etc.”

“Healthy distrust” was a quality held in high regard by several respondents. Among comments along these lines mentioned earlier in this report were those by Jonathan Grudin, principal researcher at Microsoft, and David Karger, professor of computer science at MIT.

Mark Richmond, systems engineer for a major branch of the U.S. government, wrote, “As stories of exploits and losses continue to add up, the general sense of trust in technology enjoyed by the mostly young will gradually diminish. The eventual state of healthy distrust will probably be a positive in the long run.”

And Chris Zwemke, a web developer, said, “Trust will smartly decline. Distrust in systems is healthy. Activity might increase, but trust will not, and more double-checking will occur.”

Arthur Kover, a respondent who shared no identifying background, said, “Overall, trust will diminish. But people will cluster into ‘safe’ arenas, rarely venturing into the open, unsafe ones.”

Dave Robertson, a professor of political science, commented, “Trust is not too good as it is. If there are terrorist or criminal efforts that more seriously disrupt the internet – as I’d guess is likely – trust will diminish.”

Janet Salmons, independent scholar, writer and educator at Vision2Lead, wrote, “Those of us who care about the internet – who feel the social, cultural and intellectual values are immense – need to step up and advocate for practices that will increase public trust. At this time, as someone who works and manages most areas of life with some computer-mediated process, I am looking for ways to limit online transactions. My trust was reduced by identity theft and hacking incidents, so I think twice before I do anything involving personal information. Alas, digital literacy has not progressed (users aren’t necessary broadly literate) and many people lack basic knowledge about online safety.”

Subtheme: Corporate and government interests are not motivated to improve trust or protect the public

A number of participants in this canvassing noted that corporate motivations fall generally under the category of earning profits in order to fulfill fiduciary responsibilities to investors and keep stock prices soaring, causing them to fall far short of serving the public’s best interests when it comes to keeping personal information private and anticipating and preventing criminal acts and other exploitation of their technologies. Some say regulation will be required to remedy the situation, but will government provide it if it also benefits from exploitable weaknesses itself? Most of the people expressing opinions in this category preferred to remain anonymous in answering this survey.

One anonymous respondent commented, “The Snowden revelations unveiled the ways in which data collection online leaves people susceptible to government surveillance. But trust in commercial systems is not only open to government snooping but also vulnerable, as it is unregulated data in the hands of private corporations. A few data leaks from now, no one will want to buy anything on their phones.”

Another anonymous respondent said, “The internet is a security s*** show. Everyone knows that. The NSA is logging this right now. I’m sure three Russian mobs already have all my passwords.”

An anonymous respondent said, “There is no legal incentive at all to get this right. Absent the return of strict liability for anyone who holds data beyond the session, there will never be adequate incentives to protect data. And while some portion of the population is always too clueless to care, it will not be enough to support the current laissez-faire system. Absent strong regulation, the opportunity to make the internet more useful will be lost.”

As people get more experiences of online hacks, identity thefts and awareness of massive state surveillance, their trust in online interactions will wane. The only way I can see institutions countering this is if they provide guarantees against dangers.Anonymous respondent

An anonymous respondent warned, “We are **** slaves. Open your **** eyes.”

Amanda Licastro, an assistant professor of digital rhetoric, wrote, “Educators and activists are calling for an increased awareness of how our data is collected, monitored and monetized. As awareness spreads I predict a backlash against wearable devices, third-party data-sharing and camera surveillance.”

An anonymous respondent commented, “Security breaches will primarily impact economic activity, but potentially could have catastrophic effects on health care. Political and civic as well as cultural life will be primarily impacted by a better awareness that all online interactions are being monitored by one entity or another, and the promises of anonymization of that data are disingenuous.”

An anonymous scientific editor replied, “I used to do these things online. I no longer do it if I can possibly avoid it. (And mostly, luckily, I can.) The internet has never been secure, but the scope of its insecurities has become truly daunting. More bad actors, more state-level bad actors, and a massive chilling effect overall. And even if it was possible to address the problem, there’s no incentive to do so. ‘We take our customers’ security very seriously’ – sure they do, also, the check’s in the mail. I doubt that blockchains will have any meaningful impact on any of it. Any more than RSA or Tor has made much difference to anyone, or DRM [Digital Rights Management] has had any impact on ‘piracy.’ (Mind you, biometric-based security is way worse. When the wheels come off that bus, it’s really going to be a mess.)”

An anonymous faculty member at a public research university said, “Whether people do trust those institutions depends on how the institutions behave. As people get more experiences of online hacks, identity thefts and awareness of massive state surveillance, their trust in online interactions will wane. The only way I can see institutions countering this is if they provide guarantees against dangers.”

An anonymous respondent noted, “The increasing probability of unsuccessful outcomes (e.g., due to overtly malicious/criminal activity) will probably have less impact on the decline in trust than the increasing non-consensual but unavoidable e-commerce-related ‘transactional overhead’ (e.g., mandatory ‘opt-in’ adver-surveillance, etc.).”

An anonymous principal architect said, “Smartphones today do not provide adequate protections to rein in surveillance capitalism or totalitarian government. These limitations will become more apparent with time.”

An anonymous respondent said, “Two ways that trust will be diminished: 1) the security/privacy of the technology (hacking, NSA surveillance, data-mining policies of companies); 2) the realization (by a number of people) that the lack of human interaction leaves them felling lonely and disconnected from community and society.”

Another anonymous respondent wrote, “As knowledge that the internet is run by profiteers, and the system is gamed, and that it truly is – as the Pentagon has designated – a ‘combat zone’ in need of high-end security tactics that are beyond the capability of most people to comprehend, more and more people will distrust everything about it.”

An anonymous respondent wrote, “There will be a backlash. We’ve seen an increasing threat to our digital information. This includes financial and health care. Lord knows where other data resides behind the cloak of government monitoring. Freedoms are becoming restricted. Look, for example, at any effort to remove your name from the government’s no-fly list or the assertion that you can be forced to use your fingerprint by law enforcement to access the data on your phone.”

An anonymous respondent noted, “Trust in these services will diminish dramatically until either a large segment of the world population stops using certain services or a catastrophic hack adversely impacts a large swath of the population. After that, a series of lawsuits will decimate those service providers and lead to an overhaul in how online services provide security services for the data being shared. As more and more services appear online, there is an ever-growing loss of control of personal information. The companies offering or moving services online appear to be less willing to clearly articulate how they use or protect personal information. Additionally, current history has shown that services that house personal information are ripe targets for hackers and thieves.”

An anonymous principal research programmer said, “The threats associated with the massive amounts of data collected and used by commercial aspects of the internet are becoming more obvious with each new privacy breach. As more people are forced to confront the hidden costs of these breaches, the conveniences afforded by online systems may become less palatable.”

An anonymous respondent commented, “I personally find myself being drawn out of the digital realm, not further into it. I don’t trust corporate America’s values, especially those whose products are digitally based (Apple, Google, Facebook, and the huge list goes on). I don’t trust government as it gobbles up every bit of our data it possibly can. If I can incorrectly be detained as a suspected terrorist upon returning home to the U.S., and I was, I simply don’t trust these systems. They fail to work properly. They can too easily be manipulated for nefarious intent or to enrich the über-wealthy. I mean, are we really going to trust democratic elections to digital machines? Really? I’ve had to replace my credit cards four times over the past six years because of data breaches. I have loved and depended on my digital tools for just about everything. But I find myself exploring ways to stop using them because of a lack of trust and privacy. And I don’t have anything really to hide! Damn, I even pay my taxes. Online.”

An anonymous director of research at a European futures organization said, “Security and privacy concerns aren’t being addressed.”

An anonymous respondent wrote, “Our government is actively sabotaging the security of these systems and very few companies are powerful or wealthy enough to stand up against that pressure. We’re going to see less security, not more, as states feel pressured by the terrorism boogeyman to gather as much info as possible, leaving back doors open for hackers. It also seems like there’s very little being done to protect people from identity theft and online scams targeting older people. As people hear more and more about these events happening, they’ll lose trust in online shopping and online social interaction out of fear.”

Revolution? Some respondents predict the public’s dismay and distrust will lead to it.

An anonymous data center technician warned, “The banking system has failed us. The oligarchs have failed. The number of people outraged will increase. The number of people who will not stand for governments recording records of every transaction [that] every human makes will increase.”

An anonymous political science professor replied, “Trust in major institutions (e.g., firms, governments) is declining across the globe. Trust in ‘imagined communities’ seems to be on the rise. The internet seems to be becoming more a vehicle of established, monied extractive interests. I believe that anti-globalization is our (near) future, and the internet will come to be seen as globalization’s chief vehicle.”

Anonymous respondents also commented:

  • “Greed and the quest for more market share will drive ever-more-intrusive strategies.”
  • “Unless business and government find effective ways to halt the growth of hacking, using the internet for financial transactions will become riskier and eventually reduce use of this method of communication and transacting business.”
  • “My transactions should not be anyone’s data.”
  • “If organizations like the NSA and the FBI in the U.S. are more concerned with hacking foreigners than they are with defending America’s infrastructure, and other organizations overseas follow their approach as an example of ‘best practice,’ then the number and severity of data breaches will only increase.”
  • “It seems likely that we will experience more data-related scandals that might lead to diminishing trust.”
  • “The internet has become more and more centralized and commercialized. People already mistrust it much more than they did 10 years ago, and that will continue.”
  • “More people are likely to be skeptical of commercial services and their ownership of user data. This will particularly affect economic transactions, including banking.”
  • “I hope trust in these systems will be reduced – it’s about intent in the implementation of these systems.”

Subtheme: Criminal exploits will diminish trust

A number of respondents observed that more crime and other uninvited and unwanted manipulations of networked systems will emerge as more people get online and more important transactions are conducted there. Many said they expect such attacks to impact trust. An anonymous respondent warned, “Expect more-spectacular crimes.” Another wrote, “The potential for fraud, misinformation and deception online are tremendous.” And another wrote, “Inevitably, there will be increased hacking and identify theft.”

The opportunities for mischief are enormous.Joel Barker

Ed Dodds, a digital strategist, predicted, “Ransomware will diminish trust. Blockchain may be used for open-data-driven public policy if the Data Transparency Coalition efforts are successful. iXBRL and smart contracts may reside in both public and private chains.”

Joel Barker, futurist and author at Infinity Limited, wrote, “The opportunities for mischief are enormous. Certain activities will have to stay very local and even face-to-face because of the more-sophisticated spoofing that will be developed.”

Don Philip, a retired lecturer, observed, “There will be problems. Systems will be hacked and sensitive information will be leaked. This will affect any area in which there is sensitive information: education, health, finances and many more. Despite the negative impacts, the majority of people will want to use such online interactions because of the convenience and ease of use.”

James McCarthy, a manager, wrote, “Trust will be diminished. Information … is vulnerable to theft and exploitation. Unless they manage to find a holy grail that effectively precludes unauthorized decryption – which is unlikely – personal and consumer data will always be at risk, and the lines between what is personal and public information will keep blurring.”

An anonymous respondent predicted, “Financial areas will cause the most concern. With data leaks increasing, it’s only a matter of time for financial data to be leaked more than it was in the Panama Papers. Thinking of the Anthem [medical data] breach, millions were affected. The breach of a major banking system like Wells Fargo or Citibank would be catastrophic, and it’s only a matter of time until it happens.”

Another anonymous respondent commented, “Unless and until a secure format for data transmission exists (all the time), trust will be diminished as the services that seemed safe will be hacked and people’s information will be at risk. This exposure crosses over all uses – shopping, banking, social media ‘private’ settings, etc. Think of all the institutions that have your credit card on file – the phone company, Starbucks, Parkmobile, etc. It’s scary.”

An anonymous respondent said, “This issue might see a significant change in the next 10 years – there are enough vulnerabilities throughout systems that it seems unlikely that we won’t see several high-profile instances of theft, fraud and criminal damage arising from them, and even more unlikely that the various news media will not respond with increasingly apocalyptic coverage of the subject. Net result: less trust.”

Anonymous respondents also wrote:

  • “We learn more from pain and fear. As bad things happen people learn to be wary.”
  • “There will be security issues, and more-spectacular hacks.”
  • “Measured trust has been declining for 30 years and I see no signs of change.”
  • “Trust requires a belief that both parties are transparent and concerned with mutual outcomes. I see nothing in the tea leaves that says disempowered citizens will become more trusting.”
  • “Big Brother will look at innocent people instead of the abusers, just like the TSA [Transportation Security Agency] in regard to air travel. There’s no trust in that.”
  • “Trust is an emotional response and, as such, strongly affected by the latest incident or two and rarely by facts, proofs or logic. Since it is a belief system, trust will decline as incidents will increase over the coming years.”
  • “There have simply been too many data breaches and revelations about surveillance for people to have an increased trust. That being said, the systems in question are simply too useful and ubiquitous at this point for people to stop using them because of a lack of trust, so I am concerned that there will be insufficient pressures for reform.”
  • “It seems to me that trust just doesn’t scale. Dunbar’s Number is a good reason for that. I don’t see any clear way to address this going forward.”
  • “Trust will be diminished but we will fail to notice.”
  • “Privacy will disappear. There will be an acceleration of crimes based on identity theft. People will feel increasingly violated and distrustful of technology.”
  • “It’s hard to establish that a place is safe when it has already been proven to not be.”
  • “Trust ultimately boils down to trust in people. And as the number of people who join online activities grows, it will become more and more difficult to determine who to trust, and how to build that trust into architectures.”
  • “If the federal government can’t keep our nation’s spies’ SF-86 [security clearance questionnaire] secure, it’s hard to believe anything can ever be secure online. It’s like storing a pile of gold in your front lawn and blaming the thieves for hopping your three-foot fence.”
  • “Expect some disastrous cyberwar or hacking attacks on the horizon. Firms and persons without truly robust backup systems could be burnt badly.”
  • “I am filling this survey out over a VPN. I am not the usual internet user; I am also running a Tor exit node. I think many people are unaware of the surveillance they are undergoing.”
  • “Trust is heavily dependent on proper security solutions going forward. Currently, the market as a whole does not focus on these issues, but instead approaches this on a ‘fix it if you see it’ basis. This leads to late discovery, massive data leaks and consequently distrust.”
  • “The current trend is negative, although an increased awareness of its importance is showing. A combination of empowered users and new business practices, technology and regulation will be needed and will require multi-stakeholder collaboration.”