Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
||||||
HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
What's New |
Waltzing Matilda | Advanced Site-Search |
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 1 October 2001
An editedversion of this article was published in the Internet Law Bulletin 4, 5 (February 2002) 56-59
© Xamax Consultancy Pty Ltd, 2000-2001
This document is at http://www.rogerclarke.com/EC/Trust.html
Trust is generally acknowledged to be a pre-condition for consumer Internet commerce (often misleadingly dubbed 'B2C'). It also plays a critical role in government-to-citizen e-business (G2C), and in e-commerce among business enterprises (B2B).
Despite its obvious importance, trust has been subjected to far too little consideration. This paper proposes a working definition, outlines the bases upon which it can arise, and considers how it can be engendered in each of the main segments of e-business.
Trust is generally acknowledged to be a pre-condition for consumer Internet commerce (often misleadingly dubbed 'B2C'). It also plays a critical role in government-to-citizen e-business (G2C), and in e-commerce among business enterprises (B2B).
Despite its obvious importance, trust has been subjected to far too little consideration. This paper proposes a working definition, outlines the bases upon which it can arise, and considers how it can be engendered in each of the main segments of e-business.
The basis of trust is frequently sought in the branch of philosophy called ethics, and the topic is frequently discussed in the context of social and democratic processes. But it is also a fundamental requirement of economic activity. Dictionary definitions of trust involve many elements, which are identified in the Appendix. The purpose of this paper is to consider its meaning and dimensions in the particular context of marketspaces.
The behaviour of people and organisations takes place in conditions of uncertainty. It is never clear what the future will bring; and there are often factors that are in principle knowable, but in practice unknown because the costs or time involved in gathering and assimilating the information is too great.
When one party is dependent on the behaviour of another party, the uncertainties give rise to risks. These risks may be managed in various ways, such as through warranties and insurance; but it is unusual for the risks to be entirely covered. Each party has little option but to tolerate the residual risk inherent in the transaction. The notion of trust involves having confidence in the other parties, and hence having an expectation that the risks will not result in loss.
The following is adopted as a working definition that captures the key aspects and enables a constructive approach to be adopted to the inculcation of trust in e-business:
Trust is confident reliance by one party about the behaviour of other parties
It is important to recognise that the origins of the concept are in family and social settings. In its fundamental form, trust is associated with cultural affinities and inter-dependencies.
In organisational settings, on the other hand, cultural affinity is limited. In governmental contexts, the individual is generally forced into a relationship with an agency. In commercial contexts, the individual is dealing with a business enterprise that has advantages over them, in the forms of scale, resources, information and expertise. Sole traders have an evident economic incentive to maximise their profit at the expense of the other party, and in the case of corporations this has been institutionalised, through the legal requirement that Directors and employees make decisions in the best interests of the organisation, not of the parties it deals with.
As a result, trust in the context of business is not grounded in culture, but is merely what a party has to depend on when no other form of risk amelioration strategy is available.
Situations arise in which a party is effectively compelled to enter into a transaction, and rely on the other party. In such circumstances, trust is of no great import. In other situations, either or both parties may have a real choice as to whether or not to conduct the transaction. It is in these circumstances that trust is a vital factor in determining whether e-business will take place.
There is a variety of bases on which trust can be founded. They are examined below, commencing with the most direct and effective, and moving down the scale to the least direct and credible.
As indicated above, the origins of trust are in social rather than economic or administrative settings. The most effective forms of trust are based on the relationships of kinship, membership of the same cultural group, and mateship.
Some kinds of formalised relationships can, however, engender trust by one party in another party, even where the context if not social. A key example is a principal-agent relationship, such as that entered into with a broker, or an accountant or solicitor, or some other outsourced procurer of goods or services. The agent is bound in law to act on the principal's behalf.
Another such relationship is a contract, whereby the terms of the relationship are defined, and contingencies addressed. The parties consciously provide undertakings to one another to perform specific acts, and thereby gain legally recognised rights and responsibilities.
A less formal approach, but a potentially very effective means of generating trust, is a relationship based on multiple prior transactions that have been conducted in an appropriate manner, resulting in a mutual perception of loyalty between the parties.
An intermediate step along the way to having a relationship is the state of having conducted a prior transaction, or having prior exposure in the form of vicarious experience (e.g. having watched someone else conduct transactions). A proxy for a prior transaction is a trial transaction or a demonstration.
Trust may arise as a result of a reference being provided by someone else. This involves a question of 'transitivity' of trust, i.e. if I trust a party, do I therefore trust a further party that they recommend, endorse, or introduce me to? The basic form of referred trust is 'word-of-mouth'.
The idea of reputation is a generalised form of 'word-of-mouth referred trust'. The individuals' whose combined evaluation is depended upon may extend beyond a party's own, direct contacts, because reputation can arise within a social network. Innovation diffusion theory explains adoption processes in large measure on the basis of communications through particular channels, over time, among the members of a social network (e.g. Clarke 1991).
In some cases, the referred trust arises under delegated contractual arrangements. Examples include a transport company hired by a seller to deliver goods free into a buyer's store, an insurer of goods in transit, and a provider of commercial information such as a credit reference agency. The relying party may or may not be aware of the identity of the party, or even that a relationship exists with the class of entity involved.
An institutionalised form of reputation is accreditation, whereby a party relies on some trusted organisation (such as a licensing or registration board) to permit registration by, or only grant licences to, parties that satisfy a set of conditions, and that are affirmed by audit to continue to satisfy them.
The weakest form of reputation is that sought through brands. A brand is an image or word that an organisation projects as a signifier for reputation. Although founded on quality, relevance and consistency of product, branding focusses very heavily on image-manufacture, manipulation and maintenance. If no relationship is developed and slippage occurs in the quality, relevance or consistency, trust based on branding alone is accordingly brittle.
During recent decades, branding has been applied to accreditation as well. The result has been meta-brands. Examples include ISO9001 seals of approval, and in the e-commerce arena, TrustE. These provide a veneer of registration and audit, but are in practice based heavily on the building and maintenance of an image (Clarke 2001f).
Trust can be relatively unimportant in many contexts. Examples include:
At the other extreme, trust is crucial to enable some kinds of transaction to take place. Such contexts often exhibit a combination of the following characteristics:
E-business is generally considered to evidence many, if not all, of the characteristics that render trust very important. The parties commonly have little or no knowledge of one another. They are also usually in different locations. They therefore cannot depend on physical proximity, hand-shakes, body-signals, a common legal jurisdiction, or even necessarily a defineable jurisdiction.
Trust involves presumptions about the other party's future behaviour. The expectation might be at various levels, in particular:
Trust is generally limited in its scope. For example, a person might entrust another party with responsibility for some of their financial assets (e.g. a bank, a unit trust, a superannuation fund), but might not entrust the same entity with decisions about use of their vital organs in the event of their accidental death.
Trust relates to a particular purpose; and changes in the purpose may be sufficient for the trust to be withdrawn. For example, a power of attorney granted while a relying party is overseas is likely to be revoked when the person returns to the country.
Trust comes into existence in a particular context; and changes in the context may be result in the trust being withdrawn. For example, a relying party would be likely to adjust its position if a trusted party had its accreditation withdrawn by a regulatory authority.
The quality of the act of trusting in a party may appear to an observer to be reasonable or not. In particular, trust may be:
Trust is conditional and fragile. Depending on the behaviour of the trusted party, and of perceptions of their behaviour by the first party, trust may be sustained, may be harmed, or may be entirely destroyed. The fragility arises because the relying party exercises only limited supervision of the trusted party (and in many cases has limited ability to know what that party is doing, or even what that party has done). A single act by the second party that breaches the trust, or even appears to breach the trust, may cause the relationship to be undermined.
The specific application of this concept of trust in the B2B sector is addressed in Clarke (1999a) and Clarke (2001f). Key factors that inculcate trust in B2B e-commerce are identified as being:
A later section of the same paper addresses the contribution to trust made by the regulatory regime. A particularly important factor in understanding B2B adoption, and barriers to adoption, is the power relationship among the parties.
Trust by consumers of marketers is not easily gained, and very easily lost. For most of the twentieth century, consumer marketing used broadcast media such as newspapers, radio, television and billboards. This resulted in a culture of one-way mass marketing, and assault on consumers' psyche. The alternative of 'direct' marketing involved acquisition by the marketer of data about the consumer, frequently on a non-consensual basis, and use of the data to selectively communicate to the consumer, and thereby manipulate the consumer's behaviour.
In the case of B2C e-commerce, marketers have continued this 'consumer as prey' attitude. Clarke (1996) considers issues that arise in consumer transactions. Clarke (1997a) examines cookies, and Clarke (1997b) analyses spam. Clarke (1999c) describes the trail of inappropriate marketing manoeuvres of the second half of the 1990s, and outlines various forms of counter-attack against corporate abuse of consumers.
Guidelines are offered in Clarke (1999a) and Clarke (1999c) on how to overcome the disastrous start to the e-commerce era, by inculcating trust, and applying consumer-friendly principles and technologies. (Clarke 1998a) examines the privacy impacts of direct marketing, and recommends approaches that balance the desires of the marketers and the privacy expectations of consumers. (Clarke 2001b) focusses on the lack of constructive contributions by lawyers.
Privacy aspects of trust in the B2C context are examined in (Clarke 2001h), (Clarke 2001g) identifies the inadequacies and threats in conventional approaches to digital signatures and public key infrastructure, and (Clarke 2001c) examines the scope for consumer backlash through the use of privacy-enhancing technologies (PETs).
The following are some dictionary definitions of the term 'trust', with recurring concepts underlined:
Macquarie:
"reliance on some quality or attribute of a thing"
"confident expectation of something"
"the obligation or responsibility imposed on one in whom confidence or authority is placed" (as in 'to be in a position of trust')
Oxford:
"firm belief in [list of positive virtues] of an entity"
"confident expectation"
"reliance on truth of statement, without examination"
"accept without evidence" (as in 'take on trust')
"responsibility arising from confidence reposed in one" (as in 'a position of trust')
Webster's:
assured reliance on some aspect of something
"dependence on something future or contingent"
"a charge or duty imposed in faith or confidence or as a condition of a relationship"
Macquarie:
"to have or place reliance or confidence in an entity"
"to have confidence"
"to depend or rely on"
"to believe"
"to expect confidently"
Oxford:
"believe in"
"rely on the character or behaviour of an entity"
"allow an entity to use a thing because one is confident that he will not mis-use it"
"entertain an earnest or confident hope"
"place reliance on"
Webster's:
"to place confidence in"
"to be confident about"
"to do something without fear or misgiving"
"to rely on the truthfulness or accuracy of"
"to place confidence in
"to hope or expect confidently"
Clarke R. (1988) 'Information Technology and Dataveillance' Comm. ACM 31,5 (May 1988) Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991, at http://www.rogerclarke.com/DV/CACM88.html
Clarke R. (1991) 'A Primer in Diffusion of Innovations Theory' May 1991, at http://www.rogerclarke.com/SOS/InnDiff.html
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues', Information Technology & People 7,4 (December 1994) 6-37, at http://www.rogerclarke.com/DV/HumanID.html
Clarke R. (1996) 'Issues in Technology Based Consumer Transactions' Proc. Conf. Society of Consumer Affairs Professionals (SOCAP), Melbourne, 26 September 1996, at http://www.rogerclarke.com/SOS/SOCAP96.html
Clarke R. (1997a) 'Cookies' February 1997, at http://www.rogerclarke.com/II/Cookies.html
Clarke R. (1997b) 'Spam' February 1997, at http://www.rogerclarke.com/II/Spam.html
Clarke R. (1997c) 'Regulating Financial Services in the Marketspace: The Public's Interests, Conference of the Australian Securities Commission Conference on 'Electronic Commerce: Regulating Financial Services in the Marketspace', Sydney, 4-5 February 1997, at http://www.rogerclarke.com/EC/ASC97.html
Clarke R. (1998a) 'Direct Marketing and Privacy', Proc. AIC Conf. on the Direct Distribution of Financial Services, Sydney, 24 February 1998, at http://www.rogerclarke.com/DV/DirectMkting.html
Clarke R. (1998b) 'Platform for Privacy Preferences: An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39, at http://www.rogerclarke.com/DV/P3POview.html
Clarke R. (1998c) 'Platform for Privacy Preferences: A Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) 46-48, at http://www.rogerclarke.com/DV/P3PCrit.html
Clarke R. (1998d) 'Public Key Infrastructure: Position Statement', May 1998, at http://www.rogerclarke.com/DV/PKIPosn.html
Clarke R. (1998e) 'Ad Code Must Respect Web Culture', The Australian, 15 December 1998, at http://www.rogerclarke.com/EC/ACS981215.html
Clarke R. (1999a) 'Key Issues in Electronic Commerce and Electronic Publishing' Proc. Conf. Information Online and On Disc 99, Sydney, 19 - 21 January 1999, at http://www.rogerclarke.com/EC/Issues98.html
Clarke R. (1999b) 'Internet Privacy Concerns Confirm the Case for Intervention', Communications of the ACM 42, 2 (February 1999), at http://www.rogerclarke.com/DV/CACM99.html
Clarke R. (1999c) 'The Willingness of Net-Consumers to Pay: A Lack-of-Progress Report' Proc. 12th International Bled Electronic Commerce Conf., Bled, Slovenia, June 7 - 9, 1999, at http://www.rogerclarke.com/EC/WillPay.html
Clarke R. (1999d) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conference, Stockholm, 14-15 June 1999, at http://www.rogerclarke.com/DV/UIPP99.html
Clarke R. (1999e) '"Information Wants to be Free"' August 1999, at http://www.rogerclarke.com/II/IWtbF.html
Clarke R. (1999f) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Proc. 21st International Conference on Privacy and Personal Data Protection, Hong Kong, September 1999. Revised version forthcoming in Information Technology & People, at http://www.rogerclarke.com/DV/PLT.html
Clarke R. (1999g) 'Freedom of Information? The Internet as Harbinger of the New Dark Ages' First Monday 4, 11 (November 1999), at http://firstmonday.org/issues/issue4_11/clarke/ and http://www.rogerclarke.com/II/DarkAges.html
Clarke R. (2000a) 'Privacy Requirements of Public Key Infrastructure' Internet Law Bulletin 3, 1 (April 2000) 2-6. Republished in 'Global Electronic Commerce', published by the World Markets Research Centre in collaboration with the UN/ECE's e-Commerce Forum on 'Electronic Commerce for Transition Economies in the Digital Age', 19-20 June 2000, at http://www.rogerclarke.com/DV/PKI2000.html
Clarke R. (2000b) 'Conventional Public Key Infrastructure: An Artefact Ill-Fitted to the Needs of the Information Society' November 2000, at http://www.rogerclarke.com/II/PKIMisFit.html
Clarke R. (2001a) 'DRM Will Beget DCRM' Position Paper for the W3C DRM Workshop, Sophia Antipolis, France, 22-23 January 2001, at http://www.rogerclarke.com/II/DCRM.html
Clarke R. (2001b) 'Of Trustworthiness and Pets: What Lawyers Haven't Done for e-Business' Proc. Pacific Rim Computer Law Conf., Sydney, February 2001, at http://www.rogerclarke.com/EC/PacRimCL01.html
Clarke R. (2001c) 'Introducing PITs and PETs: Technologies Affecting Privacy' Privacy Law & Policy Reporter 7, 9 (March 2001) 181-183, 188, at http://www.rogerclarke.com/DV/PITsPETs.html
Clarke R. (2001d) 'Trust in Cyberspace: What eCommerce Doesn't Get' Proc. U.N.S.W. Continuing Legal Education Seminar on 'Cyberspace Regulation: eCommerce and Content', Sydney, May 2001, at http://www.rogerclarke.com/EC/TrustCLE01.html
Clarke R. (2001e) 'Meta-Brands' Privacy Law & Policy Reporter 7, 11 (May 2001) , at http://www.rogerclarke.com/DV/MetaBrands.html
Clarke R. (2001e) 'Towards a Taxonomy of B2B e-Commerce Schemes' Proc. 14th International EC Conf., Bled, Slovenia, 25-26 June 2001, at http://www.rogerclarke.com/EC/Bled01.html
Clarke R. (2001f) 'The Fundamental Inadequacies of Conventional Public Key Infrastructure', Proc. ECIS Conf., June 2001, Bled, Slovenia, at http://www.rogerclarke.com/II/ECIS2001.html
Clarke R. (2001g) 'Privacy as a Means of Engendering Trust in Cyberspace' UNSW L. J., June 2001, at http://www.rogerclarke.com/DV/eTrust.html
Clarke R. & Dempsey G. (1999) 'Electronic Trading in Copyright Objects and Its Implications for Universities' Proc. Conf. Australian EDUCAUSE'99 Conference, Sydney, 18-21 April 1999, at http://www.rogerclarke.com/EC/ETCU.html
Clarke R., Higgs P.L. & Dempsey G. (2000) 'Key Design Issues in Marketspaces for Intellectual Property Rights' Proc. 13th International EC Conference, Bled, Slovenia, 19-21 June 2000, at http://www.rogerclarke.com/EC/Bled2K.html
Greenleaf G.W. & Clarke R. (1997) `Privacy Implications of Digital Signatures', IBC Conference on Digital Signatures, Sydney (March 1997), at http://www.rogerclarke.com/DV/DigSig.html
Personalia |
Photographs Presentations Videos |
Access Statistics |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 75 million in late 2024. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 15 July 2000 - Last Amended: 1 October 2001 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/Trust.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2024 - Privacy Policy