I recently spoke on a fintech panel, and one panelist talked constantly about the need to build trust. He was talking especially about crypto and blockchain, so he was referring to trustless solutions. In another discussion, people talked about ‘zero-trust’ solutions, but what they actually meant was trustless solutions.
Some people see trustless models as the future of the Internet, but others say the future is building services where people can trust each other. At the end of the day, ‘trust’ is not just a technical solution – people should trust the system and each other.
Does this sound complex? Let’s try to analyze this a little bit more.
Trust is a fundamental component of all daily activities and business. Studies show it is harder to build longer-term business in countries where parties cannot trust each other and most focus on short-term wins. But long-term trust between two parties is only one category of trust. We also need solutions to trust individual transactions such as payments. And even here, trust is complex. When we pay with cash, parties don’t need to trust each other, but they do need to have trust in the money itself and the bank that issued it. With digital cash, both parties in the transaction need to trust each other as well as the currency, the payment system (Visa, Alipay, etc) and the cloud provider hosting it – essentially everyone in that ecosystem.
Trustless vs zero trust
‘Trustless’ has become a hot topic with blockchain. Trustlessness in the blockchain industry means you don’t need to place your sole trust in any one stranger, institution, or other third party for a network or payment system to function. It is quite similar to cash. With cash you need to trust that the notes are authentic and the currency will keeps its value. With blockchain you need to trust the blockchain you use and its coins. But you can mainly ignore who the other party is and whether you trust them – unless the other party is a criminal and their coins were gained illegally, then it might matter.
Sometimes people confuse trustless with ‘zero trust’ – but they are very different things. Zero trust is a security framework requiring all users, whether inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted access to applications and data and being allowed to keep that access. So, the zero trust concept is really something that is linked to IT systems, cybersecurity and authentication – it’s not really linked to trust between different parties. That said, zero trust can help two parties to trust each other.
I have written before about digital trust. First, how digital trust solutions are still in a very early phase, and how it is also a balance between trust and usability. Also, it is not only about technology – we must also better understand how people naturally learn to trust to each other. The truth is that the trust discussion is fragmented and often focuses on individual components and services. It is hard to see the forest for the trees.
Fundamental questions and dimensions
Here are some questions to consider when we start to think about different dimensions of trust:
- Do the parties know each other and trust each other?
- Is a transaction guaranteed by intermediaries (e.g. authorities or a bank) or a decentralized system (blockchain)?
- Does a digital service guarantee authenticity of its users, transactions or both?
- Is the trust based on the technology, the relationship between the parties or both?
- Is the trust value a Boolean (trust or no trust) or continuous distribution between trust and no trust?
- Can you lose trust based on your behavior, or does a system give you trusted status when you pass some gates, after which your behavior has no impact on your status?
- Is that trust legally meaningful? Does it guarantee the ability of authorities or courts to enforce things based on that trust, e.g. party agreements, whether a user is responsible for their account.
- Whose gets to make the final decision: the system or the users?
As we can see, there are many different dimensions to evaluate trust. It is not surprising that this discussion is sometimes confusing – we often talk about digital solutions, activities between people and legal aspects at the same time.
Another very fundamental question is: who or which parties are intermediaries? Intermediaries are parties that can transfer trust, as well as authenticate parties and transactions. Traditionally they have been regulatory authorities, banks, notaries or some other commonly respected parties. Now there are more and more technology-based intermediaries.
Data is a key component of trust
Trust is not only for people, companies and transactions, but also for data. What data can you trust, and to whom would you entrust your data?
We are now having concrete discussions about this in the context of privacy and personal data regulation. Can companies ‘outsource’ data management and processing to a third party? Who can guarantee your personal data is correct, and cannot be fooled by someone manipulating your personal data to create fake data? Should we have trusted third parties to manage data? Or should each individual keep their own data? And how can they guarantee it has not been not manipulated?
It is clear that decentralized solutions are becoming more important in trust and data management. In the future, people will have a need for trust solutions in both the physical and digital world, yet digital trust solutions are becoming more important all the time.
But those solutions cannot only be built based on technology features – they must take into account that people really have different needs for trust in different situations. They must also have trust in the whole system – for example, will people really trust the intermediaries when it looks like at least some people are losing their trust in governments, the banking system and larger tech companies? This is one more reason why decentralized solutions that give more control to people are gaining ground.
It is easy to talk about individual trust components and services. But to really build trust for the digital era, we must look at trust holistically – what does it mean to different parties in different situations, and what kind of trust is needed in each situation? Trust is not an objective thing you can measure – it’s very personal, and people need enough personal control of it. The real successful trust solutions for the future must be user-centric, and people must be able to make their own decisions.