I had the opportunity to participate in a panel at Suits and Spooks, Washington DC 2015 last month. The panelists shared their perspectives on the perceived post-Snowden "breakdown of trust, and shared how they work on restoring trust from the ground up, one handshake at a time."
I struggled when preparing for this panel. While I agree that we've had communications breakdowns (bows to Led Zeppelin), I'm not certain that Snowden's leaks constituted a breakdown of trust among US allies or their citizenry. Rather, I think the disclosures revealed erosion of trust over time, misplaced trust, or even naiveté (i.e., confusing trust with trusting). Whichever of these cases applies, each demonstrates a misconception of the nature of a trust relationship, the commitments individuals or organizations make when entering into trust relationships, and the need for reinforcement to sustain trust.
Bases for Trust Among Individuals
Vetting criteria for cybercrime investigations collaboration communities may serve as criteria or bases for formal trust relationships among private and public sector actors. In these trust circles, the individuals must be known by other community members to exhibit these personal characteristics:
- behaves ethically, does not lie.
- respects confidences, keeps secrets.
- distinguishes fact from opinion.
- is prepare to share data to corroborate what is claimed to be fact.
- is willing to admit error or fault and be held accountable.
- is willing to course correct.
By exhibiting these characteristics to other community members, individuals earn membership. By reinforcing these, individuals sustain membership. Most importantly, mutual trust by insisting these are characteristic of the community.
I have the good fortune to work in several trust-based collaborative communities where criteria such as these are formulated into a vetting process. They work, and work well.
Bases for Public-Private Trust Partnerships
At Suits and Spooks, I attempted to identify analogous criteria for public or private sector actors that might serve as the bases for public-private trust partnerships.
Many of these are serious challenges for actors who seek public-private partnerships. But absent trust frameworks that exhibit trust characteristics that are successful among ad hoc collaborative communities, governments and private organizations will continue to struggle to combat cybercrime, subdue terrorism, or contend with espionage.