Towards a theory of trust in networks of humans and computers (transcript of discussion)

Quantified Score

Visualization

Abstract

When I first noticed this year's SPW theme I realized that not only Alice isn't living here anymore, but that we do not really know who Alice is, after all these years. Is she a fictitious character of Oscar Wilde's Importance of being Earnest (1895) who tries to avoid the obligations of Victorian-era social protocols? Or maybe the fickle character of the Duke of Mantua's aria in Verdi's Rigoletto (1851)? Or, perhaps the fictitious and equally fickle character of our past Security Protocols Workshops who changes her goals and behavior from year to year? Whichever the case may be, one thing is clear: Alice may not always be trustworthy--as she sometimes seems to be involved in shady activities--but she must always be accountable in our protocols. Hence, we must look into what makes Alice accountable in networks that do not provide accountability for protocol participants by default; e.g., in the Internet. In particular, I argue that we could locate Alice in a multi-dimensional accountability space similar in spirit to that used in online behavioral advertising (OBA). Since in security protocols we often deal with networks of computers and humans, it seems useful to look at OBA, which also captures the behaviour of humans and computers well enough to become a source of (possibly anonymous) identity.