The political economy of trust

Cambridge University has a new ‘strategic research initiative’ on Trust and Technology, on whose Steering Group I sit.

We’re having a big launch event on September 20, and so I’ve been brooding about the issues surrounding it. Much (most?) of the discussion of trustworthy technology is understandably focussed on the technology itself. But this ignores the fact that the kit doesn’t exist in a vacuum. Digital technology is now part of the everyday lives of [4 billion people] and our dependence on it has raised many questions of trust, reliability, integrity, dependability, equity and control.

Some of these issues undoubtedly stem from technical characteristics of the equipment (think of all the crummy IoT devices coming from China); others stem from the fallibility or ignorance of users (accepting default passwords); but a significant proportion come from the fact that network technology is deployed by global corporations with distinctive business models and strategic interests which are not necessarily aligned with either the public interest or the wellbeing of users.

An interesting current example is provided by VPN (Virtual Private Network) technology. This enables users to create a private network that runs on a public network, thereby enabling them to send and receive data across the public network as if their computing devices were directly connected to the private one. The benefits of VPNs include enhanced functionality, security, and privacy protection and they are a boon for Internet users who need to use ‘free’ public WiFi services in hotels, cafes and public transport. In that sense VPN is a technology that enhances the trustworthiness of open WiFi networks. I use an encrypted VPN all the time on all my devices, and never use an open WiFi network unless I have the VPN switched on.

Earlier this year, Facebook generously offered some of its users Onavo Protect, a VPN developed by an Israeli company that Facebook bought in 2013. A link to the product appeared in the feeds of some US Facebook IOS users under the banner “Protect”. Clicking through on this led to the download link for “Onavo Protect — VPN Security” on the Apple App Store.

The blurb for the App included a promise to “keep you and your data safe when you browse and share information on the web” but omitted to point out that its functionality involved tracking user activity across multiple different applications to learn insights about how Facebook customers use third-party services. Whenever a user of Onavo opened up an app or website, traffic was redirected to Facebook’s servers, which logged the action in a database to allow the company to draw conclusions about internet usage from aggregated data.

Needless to say, close inspection of the Terms and Conditions associated with the app revealed that “Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data”. Whether non-technical users — who presumably imagined that a VPN would provide security and privacy for their browsing (rather than enabling Facebook to track their online activities outside of its ‘walled garden’) understood what this meant is an interesting question. In August 2018, Apple settled the issue — ruling that Onavo Protect violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, and the app was removed (by Facebook, after discussions with Apple) from the Apple Store. (It is still available for Android users on the Google Play store.)

And the moral? In assessing trustworthiness the technical affordances of the technology are obviously important. But they may be only part of the story. The other part — the political economy of the technology — may actually turn out to be the more important one.