When it comes to online, in seals we trust

How do you know who to trust? In the real world, it's tough. For example, we humans evolved a number of built-in mechanisms that were useful back when we were running around the veldt trying to avoid wolves (or, if you're a creationist, dinosaurs). But these mechanisms also addressed the important problem of which humans we could trust.

Managing trust in this digital world

It was generally a good bet (or, at least, a better bet) that our family members wouldn't kill us, so one mechanism we used was to trust those who look like we do.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

How do you know who to trust? In the real world, it's tough. For example, we humans evolved a number of built-in mechanisms that were useful back when we were running around the veldt trying to avoid wolves (or, if you're a creationist, dinosaurs). But these mechanisms also addressed the important problem of which humans we could trust.

Managing trust in this digital world

It was generally a good bet (or, at least, a better bet) that our family members wouldn't kill us, so one mechanism we used was to trust those who look like we do.

Unfortunately, when it comes to the modern world, these kinds of ancient mechanisms and, in fact, pretty much all of the other wired-in survival stuff, is far less useful than it was in 50,000 BC, or whenever it was that it got locked into our genome.

Not surprisingly, when it comes to the online world, our wired-in stuff is, at best, useless; at worst, it is a source of cognitive noise that clouds our judgment. In reality, when we are online, the only things we can rely on are our own understanding of who or what is on the other end, and our faith in the other party being who they claim and appear to be.

Both of these concerns boil down to having some reasonable knowledge of the other party. On the level of one individual to another, this is pretty easy to achieve, but when it comes to commercial entities that aren't major brands such as Bank of America or Sears, how can you know whether they are trustworthy?

For example, say you've just discovered VacuumsRUs.com has replacement vacuum bags at the best price you can find anywhere. That's when it gets tricky. They want you to give them your name, street and e-mail addresses, credit card data, and perhaps the e-mail addresses of your friends so they can send your recommendation to them. But can you trust them? And even if you can trust them not to sell your data, can you trust them to keep it safe?

One thing that might persuade you to trust them is a certification mark such as those conferred on Web sites by ControlScan. ControlScan issues, for a fee, seals for "Business Background Reviewed", "Registered Member", "Privacy Protected" and "Privacy Reviewed", all of which sound great. A consumer seeing these marks will, most likely, assume they mean something.

It turns out this would be a mistake. At the end of last month, the Federal Trade Commission (FTC) announced that ControlScan was guilty of not doing what it claimed to do, to wit, verify that client Web sites were adhering to safe data practices. Neither was it scanning the sites as frequently as it claimed. In short, what ControlScan was doing was completely bogus.

The result of the FTC taking legal action was a consent agreement with ControlScan (this means ControlScan promised to stop what it was doing) and the founder and former CEO had to forfeit $102,000 in "ill-gotten gains." There was also a judgment of $750,000 against ControlScan, but it was suspended because the company has no money.

It is definitely time for the Web site certification industry to be regulated. There are all sorts of companies offering these kinds of imprimaturs and most seals are no more than window dressing. If we don't bring this business under control those marks that actually do mean something and help consumers judge who to trust will be lost in a sea of scamming. Trust me on this one.