The internet was built on trust. But what does it run on?
One of the most noble narratives about the internet is that it is built on trust. This article sets out to check if that saying still holds true.
One of the most noble narratives about the internet is that it is built on trust. This refers to the understanding that trust mitigates the basic uncertainties, which the internet architecture has imposed upon its operators since its inception. To this day, network engineers cannot generally be certain about the validity of the routing announcements that they receive from interconnected networks, and they have little insight into the legitimacy of the traffic that they are mandated to transmit. Historically, network operators knew and trusted each other, and, as a result, the internet worked in spite of uncertainties.
The assumption that trust serves as a kind of social glue is generally in line with academic research. Several disciplines have stressed positive associations with trust as a means of overcoming uncertainties. Economic sociology in particular has linked trust to cooperation. But what actually is the state of trust in today’s internet? If it was built on trust, is it still maintained on trust? 50 networkers from around the globe shared with me their views about this very topic. The most important finding may come as a surprise – but perhaps not: networkers both trust and distrust each other. However, as I will argue later, that is not necessarily a bad thing.
Trust and distrust are not opposites
First, let me clarify what I mean by trust and by distrust. Along with Lewicki & Bunker, we can think of trust as positive expectations and distrust as negative expectations towards another’s conduct. Further, trust and distrust are to be treated as separate dimensions, not as opposites on the same scale. A low level of trust does not imply distrust, and conversely, the absence of distrust does not imply trust. One may simply feel indifferent towards another. To complicate things further, we can differentiate between two ways in which both trust and distrust can be anchored: in identity or in calculation. Trust based on identity is signified by common values, goals or emotional attachment; calculated trust, however, refers to positive “outcomes resulting from creating and sustaining a relationship relative to the costs of maintaining or severing it” (Lewicki & Bunker as cited in Lewicki, Tomlinson, & Gillespie, 2006).
The important take-aways here are that trust may be anchored in different ways and that it is possible to both trust and distrust the same person, depending on the situation. For instance, we may trust the cashier at a bank to forward our payment (calculated), but we may not trust her to separate the trash for the good of the environment (identity). Or, we may trust someone‘s good intentions (identity), but distrust his competence (calculated).
So how do these general thoughts translate to trust among networkers? In what follows, I stylise the values, goals or emotional themes that enable trust or provoke distrust among networkers. I also highlight the rationales that networkers typically rely on when they come to trust or distrust other networkers in a calculative way. This list is not necessarily complete. Comments are welcome.
Firefighters of the internet
Identification-based trust among networkers revolves around the idea that the internet is “a people thing.” The computer network is, at the same time, a social network. Statements such as, “The internet is a bunch of people who all trust each other” indicate this. Interconnected counterparts are regarded as partners. Interconnecting networks is equated with a personal relationship. Furthermore, trust is created through a common understanding that networkers form a community of practice. They unite behind the idea of a “technical legacy”, which is an engineering ideal of a tightly meshed internet. But it also refers back to the early times when cooperation was necessary in order to create the internet – the time when the narrative of this article originated.
Another basis for trust is expertise. Demonstrating expertise is highly valued and fosters trust among networkers. However, traditional seals of quality, such as university degrees, do not necessarily apply in this professional sphere. Many networkers, including many of the most prominent ones, have abandoned higher education to enter the industry on a learning-by-doing-basis (and they are shy to admit this). Venues that allow networkers to show off their expertise are important not only for sharing knowledge, but also for trust to emerge. These can be events, such as Regional internet Registry meetings, in addition to remote venues, such as email lists or instant messaging channels for ad-hoc coordination.
There is also a common commitment to a 24/7 availability for each other. Several networkers emphasise how they make sure that they will respond immediately when fellow networkers reach out. Demand for swift responsiveness may arise not only when someone’s network causes trouble for others, such as in the infamous “Pakistan-Youtube” case, but also when someone needs help in battling irregularities in her own network. Comparing networkers to firefighters or emergency room personnel fits this picture:
“Trusting the routing guys on the other side and them having an idea that you know what you’re doing as well (…) Because when troubles occur, and they always do, you will want both sides to be able to not waste time and firefight the bug.” (O-24)”
This statement implicitly highlights another expectation: networkers must not abuse the knowledge about other networks that they gain through collaborative maintenance and repair. They must honour this implicit agreement – what happens at the core of the internet stays at the core of the internet – to be met with trust. Note that trust runs across company boundaries.
Not to be underestimated as a source of identification-based trust is the symbolic dimension, comprised of cultural codes such as humoristic clues or even clothing. The following anecdote from an IX representative reveals how powerful such codes can be:
“I used to sell to enterprises. I dressed up looking a bit like a banker [laughs]. So I’d wear the pinstripe suit and I said: ‘This is easy. It is a free product.’ And I was in [employer’s name, ed.] for about four months and I am thinking: ‘No one is signing up for me. It’s a free product. No one is connecting. I mean, how bad can I be? It’s free! Why is nobody doing this?’ And the smallest thing is: I changed my outfits to jeans and a casual top and yes, a smart jacket. But just by changing interestingly enough to a pair of jeans, suddenly I started to see more people wanting to engage with me, talk to me. Because now they felt that it’s not something, that I meant to sell them something. Let’s have a conversation around your strategy and network. Very, very small thing. But to this day, it still blows my mind. And ever since I did that, then I realised: ‘Okay, there is a little bit more to it than just connect and get free capacity basically, or free peering.’” (IX-45, emphasis added)
That a business outfit can apparently create suspicion also underlines the fact that broadcasting one’s commercial intent is at odds with the identity-oriented type of trust.
Social connection as a currency
Calculation-based trust, on the other hand, is less binding and much more transactional. In internet operations, it rests predominantly on one reasoning: the internet is a shared resource. Every network has a basic incentive to act in favour of connectivity because of the interconnected nature of the internet. As one networker put it, “The internet is 40,000 competitors. But if they don’t work together, then none of them have a product” (I-61). Networkers assume that damaging connectivity is against every operator’s self-interest; therefore, no operator has an incentive to engage in such behaviour. This reasoning evokes a very basic level of confidence in each other. It may not be high, but it is widely shared. Some networkers also see trust in a very strategic way. Here, the rationale is to aim for repeated interaction with colleagues, because personal relationships count as substitutes for the exchange of money:
“Once you cooperate (…) and there is no contractual relationship, then the best way of keeping that relationship is by having some kind of a social connection which acts as a currency almost, you could say.”(O-29)
Fostering relationships with others merges into a commercial trajectory. Trust may mean harmony, but more so, it is valuable.
“You can trust your wife, not the peering partner”
Now let’s look at distrust. Not all networkers cherish the above mentioned values. Some reject outright the idea that common goals or beliefs among networkers could be meaningful at all:
“There is nothing about trust. You can trust your wife, not the peering partner.” (I-02)
However, from those who do acknowledge personal relationships as underpinnings of the internet, there are more specific reasons to distrust. One potential reason could be networker’s absence from face-to-face meetings. This holds especially true for large companies that impact many others. Not providing a “personal interface” to the community creates distrust. Apparently, there is one Tier 1 network that is notoriously known for avoiding encounters on a personal level. When individual networkers become known for behaving self-centered and egotistical, they present strong indicators for incompatible values. Even worse is if they appear to break the technical legacy. Here, distrust may even become actionable, as this drastic quote shows:
“If the trust is broken that is one of the very, very few things that will unite 99% of the internet. If you are a bad actor and betray the trust, if you lie and say: ‘Well, I am Youtube,’ then the rest of the internet is going to come down on you like a ton of bricks.” (IX-78)
It is yet unclear how common the use of such vigilante-justice sanctioning mechanisms is, but this quote shows how easily identification-based trust can turn into distrust. Distrust also sets in where networkers discover that their counterpart veils de facto business decisions in architectural uncertainty. Several interviewees reported experiences where interconnected partners pretended that irregularities existed in their networks, when in fact, they had been de-peered. These networkers made it very clear that they will not forget who deluded them. Distrust can also relate to internet exchanges. This is an interesting case because internet exchanges often times explicitly emphasise their neutrality. Neutrality is treated as one indicator of quality; however, by doing so, IXPs can feed both trust and distrust. For some, neutrality facilitates trust because networkers like the idea that all members will be treated equally. For others, the very fact that exchanges do not check their members’ intentions causes distrust. This can even lead to a general refusal to peer at an internet exchange, as this networker, who represented an incumbent ISP at the time, recalls:
“We’d never push traffic across them. (…) You never know who your neighbours are in an exchange. Because when you go into an exchange, they’re busy selling more neighbour slots. You have no idea who’s on the same fabric and what their motives are!” (O-35)
It is likely that any network intermediary probably has to deal with this ambiguity.
In a calculative way, networkers meet those colleagues who appear incompetent with distrust. This judgement, as well as the distrust, becomes strengthened through repeated interaction. Beyond that, networkers who openly articulate a competitive strategy or are perceived to be seeking undue advantages will cause others to distrust them as well. This is the impersonal, objective form of distrust that is probably omnipresent in all market environments.
Coping with distrust
Once there is distrust, does this prevent networkers from interacting with each other? Not necessarily. Networkers use at least two strategies to cope with distrust. The first strategy is that they engage heavily in monitoring their networks to detect irregularities. It is a way of trying to be on top of things. Strategy number two is initiating contracts and service level agreements, at least for meaningful interconnections.
“Where we need a contract is where it’s A, very important that we have this connection for our business and B, we do not trust 100 percent that the other party will not change their decision in a way that will hurt our business. And then that’s the cases where you need a contract. A contract is basically where you say: We know that for as long as this contract runs, you are not going to change anything beyond what we agree in this contract is going to happen.” (C-66)
Contracts allow networkers to create bounded transactions despite distrust. They contribute towards stabilising a relationship, albeit at higher transaction costs. In practice, however, the power of peering contracts is unclear. Because no one is paying the other in free peering, there is probably no way to uphold what is in the contract in a court of law. Contracts certainly have the effect of solidifying a relationship. What is notable is that both coping strategies tend to eliminate informal, personal aspects from internet interconnection. Distrust here seems to foster a formalisation of the sector. In itself, this is neither good nor bad – it just means change. However, it allows us to point out more generally how both trust and distrust serve as resources for ordering processes. They are at a generative interplay. Looking at it this way, even distrust can become a productive force for the good of the internet. To achieve that, distrust needs to be transformed into improvements for all. BGPsec or RPKI seem to be good examples. In my view, these ongoing routing security innovations are actually materialised expressions of distrust that ultimately are able to generate trust. It is safe to say that today’s internet not only runs on trust, but also on distrust. The more we acknowledge this, the better can we let distrust point us to aspects of internet operations that need our attention.
|This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact firstname.lastname@example.org.|
This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact email@example.com.