Security never becomes an issue until it is violated. Our boundaries begin open and undefended, sufficient for integrity, if not defense. But nature thrives on conflict, so every boundary becomes a battlefront in the war for continuing integrity – a war which we all eventually lose. People die. Cities fall. Civilizations collapse. Yet, in each of these failures lies the seed of renewal, and eventual victory. The pressure of natural selection forces an evolution of technique; overrun borders are reborn as more resilient walls, and the eternal battle moves up a notch in intensity.
Network culture is something less than 30 years old. With the birth of USENET in 1979, the individuals networked together by the then-fledgling Internet began to engage in a collective and as-yet-uninterrupted conversation about every conceivable topic, from the mundane (a bicycle needing repair) to the sublime (does God exist). This conversation shattered into a million pieces after the emergence of the World Wide Web in the early 1990s; the singular threaded conversation of USENET became more conversations on more websites than anyone could hope to count.
The websites thus constellated each represent one or perhaps a few of the conversations previously embraced by USENET (which still survives, though as a shadow of its former self). Although the unity of conversation has been irretrievably lost, it’s been more than made up for by a laser-like focus: these websites are very specific, concentrating on one topic, and serving those interested in that topic very well. Furthermore, an ecology of conversations now exists; websites grow and fade based on how well they serve their base of users. If you upset your user base enough, you lay the seeds of your own destruction, for your users can and will compete with you – and perhaps put you out of business.
Furthermore, networked media do not function in a vacuum. Although in its earliest days mainstream print and electronic media regarded networked media as a useful adjunct to their franchises, most neglected to note how the inherent qualities of networked media – and in particular, hyperdistribution – have changed the basic economies of media. Nowhere is this more clear than in the United States, with the curious case of Craigslist.
Founded in 1995 as a list to keep San Franciscans up-to-date with events and parties, Craigslist quickly grew to a one-size-fits-all website which exists to connect people. These connections are, for the most part, bounded by proximity; Craigslist keeps separate websites for all major American cities, as well as a growing number of “international” cities, such as London, Sydney, and Tokyo. A functional cross-pollination of a bulletin board and a website, with an interface that hasn’t changed significantly since 1996, Craigslist serves as the “market maker” between people who have things to offer, and people who want those things. The definition of “things” is very broad on Craigslist. It could be something absolutely material (a bicycle), or far more subtle (a boyfriend). With few exceptions it costs nothing to post to Craigslist; a marketplace with no barrier to entry has produced a powerfully self-reinforcing path dependence which has resulted in Craigslist becoming the 30th most-visited site on the Web. People love Craigslist because it’s helped them out with something they need, or need to be rid of.
Although Craigslist has clearly created markets where none existed previously, it has also effectively removed one source of revenue from print media, which have, for many years, garnered substantial revenues from classified advertising – the sort of “thing trading” that Craigslist excels at. Most major American newspapers have seen at least a 30% drop in classified advertising revenues as Craigslist has grown in significance, and there seems to be no end in sight. Or rather, the future seemed boundless until just a few weeks ago, when a highly publicized incident pointed up the inherent flaw of all open systems, including Craigslist – a fundamental lack of security, predicated on the assumption that all human beings are basically honest.
Craigslist is not the first nor the most significant case of this peculiar form of naïveté. SMTP, the protocol which moves electronic mail across the Internet, was also designed as an open system, predicated by the assumption that people would only send mail to people who wanted to receive it. We now know that is not true, and – unless we actually abandon SMTP (very unlikely) – we will live for quite some time with an arms race of spammers and spam filters. In a networked world, one bad apple does spoil the whole barrel.
While Craigslist has had consistent low-level problems with fraud, no one was quite prepared for “The Craigslist Experiment.” (WARNING: SEXUALLY EXPLICT CONTENT) In September 2006, Seattle web developer Jason Fortuny posted a personal ad on Craigslist, masquerading as a woman in search of sexual gratification. As responses from interested men piled up in his email, he took these personal statistics (often including graphic photos) and made a website from the replies, publicly revealing the identities of the responders. While one can question the wisdom of the men who replied to an anonymous posting, one could also argue that they assumed a good-faith relationship with the poster. This assumption – again, drawn from the provably false assumption that all human beings are basically honest – points toward the missing element on Craigslist: trust.
Trust is generated iteratively, emerging from the continuous interactions between communicating entities, whether human beings or computers, or some combination of the two. While trust can never be taken to be absolute, the history of interactions can be used to develop a trust model: if someone has been trustworthy so far, it is likely that they will continue to be trustworthy. Furthermore, trust is to some degree communicative across social networks: if my friend trusts you, it becomes that much easier for me to trust you.
eBay – which dealt with trust issues from its earliest days – implements the first of these models. Each buyer and each seller rates the quality of the trust relationship after the transaction, and both the buyer’s and the seller’s trust level is visible to trading parties before they enter into a transaction. Friendster – which began life as a dating service – implements the second of these models: if you are a friend of my friend, it’s probably safe for me to go out on a date with you. (You’re less likely to be a serial killer if you’re in my social network.) Neither of these models, on their own, are entirely foolproof. eBay sellers have been known to spoof the trust model by building layers of circular references, where each partner in a dishonest enterprise fully endorses the other members. The tenuous nature of connections on a digital social network means that a friend-of-a-friend on Friendster may not actually be a friend at all, or even an acquaintance.
Since neither model is entirely perfect, why not combine the two? The eBay trust model serves as a generic thermometer of trust – although someone may be putting a match under the thermometer’s bulb. In that case, you’d need to ask, “Whom do I know who knows this seller?” If there is no connection whatsoever to the other party in the transaction, that must be noted, and presented to both parties as a serious roadblock to establishing trust. This combination of techniques – eBay plus Friendster – adds to the security of both parties, but these relationships can not be wholly anonymous – and Craigslist is famed for its anonymity.
You need present no credentials to post to Craigslist, other than a valid email address. Since these are notoriously easy to acquire – and easy to spoof, or make opaque and anonymous – an email address provides no trust information whatsoever. Yet Craigslist does have a login capability, so it can potentially record each of the interactions users have through the system. It could collect data about the quality of the trust interactions users experience on Craigslist, and use this information to annotate all of the postings on the system. In short, every posting on Craigslist could be accompanied by metadata which allows users to have some basic sense of the trustworthiness of the other participant in a given transaction. With each successive transaction, Craigslist could begin to model an emergent digital social network, developed from observation, and supplemented by a user’s list of first-degree contacts. With over 10 million visitors a month – many of them repeat users – it should be relatively easy to develop a strong trust model, combining elements of both the eBay and Friendster systems, to produce an effective and anonymous solution (anonymous, that is, from the user’s perspective, as this information can be maintained opaquely within Craigslist, though this brings up a further question of whether Craigslist itself can be trusted, which can only be learned via a user’s long-term interactions with Craigslist itself).
It is possible that such a proposal would be anathema to Craigslist, whose creators value the noble but antique qualities which make it so susceptible to violations of trust. Craigslist does carry the warning Caveat Emptor. Yet, in the unceasing war to garner attention, how long will it be before someone else – perhaps eBay, or Friendster, or MySpace, or Google – puts the pieces together, and produces a free marketplace based on trust? Craigslist must adapt, or it will be entirely overrun by barbarian hordes, its walls breached, its gates burned. Out of that collapse will come a more trustworthy system – but perhaps Craig Newmark and his crew are smart enough to know that more is required. Perhaps the lessons of the past will motivate them to a more secure future.