Third Parties: Toward a Restoration of Trust in Cyberspace?

Paul B. de Laat


The ‘information technology field’ (Friedman) is entering its fourth phase: organizations cross their boundaries and ‘connect’ with other organizations, clients, suppliers, etc. In a similar fashion, individuals connect with one another in Cyberspace. Such relations open up new problems. A central one is that of trust: how can I be sure my partner in transacting keeps to the terms of the agreement? How can I even be sure of his supposed identity? If partners intend to communicate, or to do business with each other, they need enough trust in each other; otherwise the transaction will not get started. Next to this problem, transacting is of course liable to outside intrusion and disturbance. Hackers and criminals pose the problem of security.

Both problems have been fought with technological means. The whole area of cryptography has developed from these concerns. Progress surely has been made: tight security can be obtained, though at a price. However, the basic problem of trust between transacting partners has remained the same. It is true, I can be surer than before, that my partner is the one (s)he pretends to be (e.g. by using digital signatures). But as to his/her intentions, I am in the dark as ever before. Ironically, the issue of trust has also become more complicated by the development of cryptographic instruments. If partners communicating in Cyberspace, or in business networks, take to cryptographic means to protect their dealings against outside intrusion, they may obtain almost complete protection against the outside world. Now, in the US particularly, this has provoked a vivid reaction from security agencies, that want to maintain the prerogative of surveillance of their citizens. So another type of trust problem has emerged: the state wants to continue to be able to check upon dealings that take place between their citizens. Next to what may be called the problem of bilateral trust, now a trilateral trust type of problem has emerged.

How to tackle the issue of trust, either bi-lateral or tri-lateral, in transaction networks? It is principally by interposing third parties that solutions are being sought. Accountants step in, and certify that a web-site is bonafide in terms of business practices, transac-tion integrity, and information protection. A clearing house offers consumers anonymity, and enables them to surf on the Internet with their privacy protected. An `electronic shopping mall’ may even take care of both certification and anonymity concerns. Urged by the government to do so, organizations hand over the key to their cryptosystem to a Trusted Third Party. Note the resemblance with the earlier invented key escrow system, where a software producer deposits the source code of his program with a third party, in order to pacify his client.

To elucidate these third party solutions, and explore their implications, a comparison will be made with inter-firm alliances, as these have developed the last two decades. Firms temporarily ally together to pursue common goals. Also here, the problem of trust looms large. And also here, to fight a lack of trust, third party mechanisms have been invented, especially for strategic alliances involving mutual R&D co-operation (cf. De Laat, Noo-teb-oo-m). Examples include the following: a network broker who is to generate mutual trust between future partners; a third party that mediates or arbitrates in case of conflict (cf. `neo–classical contracting’, and ACR); a third party that confidentially assesses the mutual stock of knowledge in order to establish mutual rapport; a third party that functions as a trustee of knowledge while the alliance is running (erecting a `Chinese wall’). These last two constructions effectively use the third party as a screen against unwanted spillover of knowledge and information.

In the article third party solutions for interfirm alliances on the one hand, and in Cyberspace on the other will be compared. They will be shown to have a lot of similarities. Both kinds of mechanisms will also be integrated into a theoretical framework, along the following lines. Third parties are always interposing formal procedure between parties. However, the amount of `substance’ that is entrusted to them may vary. Mediators and arbitrators, on the one hand, remain empty handed (`pure procedure’). A trusted third party, on the other hand, receives a cryptokey or vital knowledge in his hands (`substance embedded in procedure’). In the latter case, the third party acts as a keeper or filter of transaction sensitive information. In a quite literal sense he has become the arbiter in information space.