My friend, and brilliant CEO, Patrick Dennis posted an article on the brittleness of trust, back in June 2023. I’ve been thinking a lot about it, and I’m dedicating a podcast to it on Monday, January 6th (link here). The more I think about this topic, the deeper down the rabbithole (pardon the pun) of despair I go.
The Premise
Trust has been a war on at least two fronts. First there’s the digital — you can call this the Cyber Security perspective. The second is societal — where misinformation, disinformation, and propaganda live. These two fronts have been rapidly flanking the trust that people and governments have spent decades (maybe longer) building…and the stress cracks are starting to become highly visible.
What I mean to paint for you is a mental picture of trust as both a concrete and abstract thing. Let me explain.
The concrete part comes in, for example, when computers interact, or autonomous systems exchange data. A second example from the real world is where someone calls you on the phone and tells you that you owe some company money and the person on the phone is offering you a chance to settle the debt or else there will be dire and urgent consequences. In both examples, these interactions need to make rapid and often only slightly informed trust decisions. Some of us will tell you that you should always default to “no” when the question “Can I trust this?” is asked — but as I’ll explain later, that becomes a practical impossibility faster than many of us are comfortable admitting.
The abstract is a little more difficult to grasp. The concept of trust, in the abstract, is a philosophy question. Each one of us and all of our computer systems make millions of trust decisions a day. Right, millions. You teach your children never to trust strangers — but at some point trust may be a life and death decision that they have to make…and potentially trust a total stranger. Don’t trust strangers — except teachers, mechanics, your bus driver, the person on the radio reading you the weather …you get it. Trust in the abstract is the default for humans. In spite of everything you’re told fron the time you’re born, you default to trusting someone unless they give you a reason not to.
Current State of Trust
I think I can make a reasonable argument that trust as both an abstract concept and a concrete thing is being eroded faster than ever before in human history. Two things are driving this, and as someone who works in Cyber Security — I’m genuinely anxious about the future.
The first front comes in the form of digital, or technology. Cyber Security professionals have been screaming from the mountain tops for over a decade that you can’t trust technology… “don’t click that link”, “don’t trust that message”, “don’t open that email” and the like. Assume everyone is trying to hack you, and don’t trust anything external to the company. And thus the arms race between threat actors and your internal security teams was born. Attackers will exploit your trust and appear as though they are trustworthy to get you to give them access. Here’s the thing — phishing lures have become so good that even some of the best cyber security professionals fall for them! Furthermore, it’s impractical not to open external links, emails, and documents — unless you don’t conduct remote business or ever get a photo from a friend, or a PDF from Human Resources. At some point you have to get your job done, and the difference between legitimate email and attacker is so difficult to distinguish that even the most skeptical are still caught.
The second front comes on the societal, or social, side. Whether it’s that call from the “Social Security Office”, or a text telling you that a package is stuck in processing with insufficient postage and you just need to pay the difference to get your package, or social media postings breaking news that your favorite Congresswoman is actually a lizard creature — it’s pretty difficult to distinguish between real and fake. Let’s not forget that AI can now create really, really life-like “deepfakes” — Joe Biden dancing the salsa, or Taylor Swift exposing the lizard people. It’s so difficult to tell the difference between real and fake that most people can’t, especially when it’s not an obvious one like the examples I’ve picked. The world isn’t as simple as when I was a kid — never to get into a stranger’s van no matter how many free puppies he has in there for you, duh.
Erosion on Both Fronts
Where we stand today is that the digital and the social have been blended to a point where I can’t tell easily if a news story I see on social media is real…or fake. If you’re laughing to yourself because you’re sure that you could spot the difference, think again.
I’ve carefully avoided politics in this post, but I’ll give you one very clear examples of the converged erosion of trust. The calls that voting machines were hacked and swung the election in favor of one candidate or the other are the perfect example. In every case I’ve seen people took theoretical vulnerabilities, or even real ones but out of context, and created an entire narrative of what they claim happened based on a combination of peudo-tech, conspiracy theory, and misinformation. If you don’t know enough to dispute individual facts, and most people wouldn’t, then it’s reasonable that you would fall for these claims. The reality is that the point wasn’t to win the argument over a specific political race, or voting machine vendor — it was to sow distrust in the system as a whole. If Americans don’t trust the voting process, our Democracy is dead in the water… A combination of outright fake news, with trolling on all social media platforms, influence peddling to those “influencers” some of us get our “news” from (God help us all), and inherent distrust of technology that well-meaning Cyber Security campaigns and policies have sewn …and voila!
Where I believe we are right now, as a society, is at the intersection of being overwhelmed with trying to stay hyper-vigilant for trust decisions, and being exhausted from that process day in and day out. We have been scared into not trusting anything, but that’s impractical in daily life so we do our best to make the best decisions we can with the limited knowledge we all carry. And we’re exhausted.
Burnout is Inevitable
Many people whom I’ve spoken with — family, friends, co-workers, and colleagues — are starting to feel burned out on trust. Technology has largely failed to bring us the answers to implement broadly in society, and in fact, things like AI have only made it much, much worse to try and make trust decisions. The Chinese, Russians, and others are doing their best to make sure you don’t trust the media, and let’s face it the mainstream media has torched any trust we had in them anyway. Technology companies and cyber security professionals are telling you that you can’t trust that piece of hardware or software because it’s potentially vulnerable, while typing away on their Chinese-made mobile devices. In a world increatingly going all-digital, the only things you can trust is what you can physically touch and see. These are incompatible, and I believe that the next decade or more will be a very rough time for trust, partly because cyber security has failed to provide answers to what, who, and how to trust.
I’m burned out, and you probably are too. The big question is where do we go from here? I am doing a lot of thinking on this, and I’ll write more as I think of, or find, some decent answers.
