People are bad at trust.
If you could take a pill which would make you trust everyone and everything much more, would you?
Almost all people asked if they would take a pill to be more trusting clearly stated they would NOT want to take such a pill for fear of being used or abused. Well, one person said he would gladly take it if everyone else had to take it too.
Genetically we are hard-wired to trust. Brain scans indicate that we respond both positively and negatively to trusting certain people based on facial features as well as certain facial expressions.
Brain scans also indicate we are chemically encouraged by our own bodies to trust through a hormone called Oxytocin. Oxytocin disrupts the fear-processing of our amygdala and brain stem making us more trusting.
Furthermore, we can succumb to a trust sickness like Toxoplasma gondii which affects over 3 billion people worldwide hitting under-developed nations the hardest. However rates for developed nations are still between 20% and 30% of the population.
It is a parasite that appears to manipulate human personality by using the same adaptations that normally helps it complete its life cycle between cats and rats. Studies along with brain scans indicate that the infected person's behavior alters so that they become more active and less cautious thereby seriously affecting their trust decisions. Infected men are more jealous and suspicious. Infected women are more amorous and outgoing.
How we trust is even affected by childhood. Environments where children are punished for showing sadness or pain attributes to a lack of trust in oneself and an increase in such emotional reliance on others ("clinginess").
Abuse, deep sadness from tragedy, constant fighting between parents, domestic violence, war, poverty, and parental unemployment will also affect the child's ability to make good trust decisions later in life.
For fair balance (and a little irony), I should mention a fairly recent study at Yale University called "The Seductive Allure of Neuroscience Explanations" indicated that using neuroscience jargon made unlikely scientific claims more believable. By adding the claim that “Brain scans indicate...” even field professionals were more likely to believe strange claims that defy their field of study.
The paper is built on previous studies which showed:
- People will believe explanations because they find them intuitively satisfying, not because they are accurate (Trout, 2002)
- People have difficulty reasoning over explanations (Keil, 2006; Lombrozo, 2006)
- People generally believed purpose or design in natural phenomenon explanations when these were not warranted (Lombrozo & Carey, 2006; Kelemen, 1999)
- People tend to find longer explanations to be expert explanations (Kikas, 2003)
- People often fail to recognize circular arguments (Rips, 2002),
- People are very unaware of their own limits and abilities to explain many types of phenomena (Rozenblit & Keil, 2002)
We can probably say that trust impacts nearly every decision we make. Trust affects our relationships. Trust is a key component in our security and well being. But for all its importance, most everyone still approaches trust from “the gut”. We mostly let our bio-chemistry call the shots. And we can prove that WE ARE BAD AT DOING IT!
In operational trust analysis, you learn to use logic and reason instead to make a trust decision. It is a new practice developed by ISECOM to explore operational trust in Trusted Computing as part of the EU's Open Trusted Computing (OpenTC) project.
The factual parameters of trust discovered there were further developed into an analysis framework for the OSSTMM 3 and later by demand, into a learnable skill for critical decision making. Then we can gain the advantages which that brings such as improved penetration of deception and avoiding bad risks altogether.
This is where Trust Analysis comes in. It's the ability to analyze trust immediately based on information present and reasons to trust. That's why the Certified Trust Analyst is the fastest growing certification course at ISECOM because it's useful to EVERYONE.
In business trust is considered a good thing to establish because it reduces the cost or resources required to maintain security and controls. So when a trust is established in operations, defenses are lowered as the interacting agent is expected to be mostly harmless.
What this means is that the trusted agent is considered secure as long as it continues to behave as expected. However, the trusted agent can fall to an attack, make mistakes, or unknowingly assist an attacker all without maliciousness and in no way behaving unexpected.
Combine this with the fact that we are bad at making trust decisions and you understand why trust is most often just a hole in operational security rather than an advantage.
Under ISECOM's trust analysis, ten trust properties are quickly applied to a subject, action, or operation to determine how much you know to trust. So you will know if you have reason to trust and if not, what needs to change.
This means that if you were screening passengers to board an airplane, your screening technique does not need to rely on reading micro-expressions to see if they are evil (some studies place that practice at 55% accurate, just slightly more than chance) but rather reading the people's actions against the 10 trust properties to determine if you have reason to trust how they will act on the plane.
This is a step back from analyzing faces in line to a process which occurs sometimes before the person even gets to the airport. Additionally, since it is based only on facts which means there is nearly no human error and wrongly accused passengers due to a lack of information have more time to prove themselves.
Of course trust isn't a one-size-fits-all thing and so trust rules from the properties need to be created for wholly unique operations like passenger boarding. But then those same rules may also apply to nearly any entry-type access situation. As an example, the OSSTMM 3 uses the hiring process and provides multiple trust rules for each property specifically for this purpose.
This would allow an organization to determine not only if the person is trustworthy but exactly how trustworthy and how much access to the organization's resources they should have. Employees can then go through the trust analysis process again annually or even on demand to determine when they have proven themselves and given you more reason to trust them thereby gaining more privileges for themselves.
Now using reason to control trust will not change your feelings. You may still feel a certain way about something so it is an internal fight between mind and heart. However if you can let yourself analyze the trust then you can choose to accept a risk rather than jumping into the unknown.
While sometimes that may bring adventure, it will often just as likely bring pain. Luckily, humans have evolved the psychological ability to forget most of the misses and remember only the hits. Unfortunately, that's also something fraudsters, advertisers, and even political campaign managers depend on.
The number one question we field at ISECOM is if trust analysis can also be used introspectively to get people to trust you more. Many organizations would benefit from knowing how to mask themselves in some trust properties to appear more trustworthy to those who can't analyze what's wrong or missing.
Since most people only focus on one or two properties as to whether or not to trust, this can be used to cloak other intentions. For example, used in couples therapy, the trust properties can be used to examine all the reasons why a person in a relationship should trust their partner instead of the one or two things that makes them suspicious. Without that analysis technique, those one or two things may be enough to make someone lose trust.
This is especially hard because people don't all focus on the same things to require trust so where one partner may think they are behaving trustworthy, the other may not see it because they are looking at different actions. This is the same as when companies want to gain your trust. They need only figure out what their key market requires of trust and cloak themselves in it. That would then be enough for most people to accept them even after the trust has been repeatedly broken in other ways.
An interesting caveat happened at a recent conference on neurobiology where I had the honor to present trust analysis. One young lady asked if this can be used for self-help. Could she apply the trust properties to herself to see why she has low self-confidence?
So I asked her questions about herself from each of the appropriate trust properties and she was surprised at how quickly it showed her how much she ignored her own reality. By answering the questions truthfully to herself she was able to see through her own defense mechanisms.
Then again seeing it and doing something about it are very different things. But she had her start. I'm no therapist so I could only wish her luck from there.
Trust is a powerful thing. It affects so much of our lives and what we do. So we can either let the trust we feel ride us or else we learn to ride it. Visit the Certified Trust Analyst page or the OSSTMM 3 for more information.