Reading the article, I had to go back to check the credentials of the authors. This is the wrong article to seed a meaningful and important discussion that society should he having.
First, the very term digital trust will lead folks to address only the technology, and fail to adequately address the human factors involved with respect to managers, analysis, corporate boards, and users. I hate the very term because trying to use it will skew the discussion away from essential topics.
Next, their simple framework of mechanical trust and relational trust is inadequate. Their definition of mechanical trust tells me they have not absorbed what many in our field, especially in the BSIMM movement, have understood for years. Here is their definition:
"Mechanical trust, especially as it relates to cybersecurity, is the heart of digital trust. It is the means and mechanisms that deliver predefined outputs reliably and predictably."
NO! NO! NO! That is only half of the essential standard for trustworthy software. Trustworthy software must also NOT do unexpected or unplanned things. Hidden functions under teh hood or back at the homestead are the core of how and why FB, Twitter, Google, and so many other internet-based systems have proven their state as NOT TRUSTWORTHY.
Their second part of their trust framework is,
"relational trust—the social norms and agreements that address life’s complex realities."
That idea may eventually help us develop a meaningful framework for this very essential discussion, but as far as the article goes, is too fuzzy to work with.
The underlying issue seems to be what would genuinely motivate and even turn around global companies who's business models are predicated on non transparency, abusing trust and denying accountability? Employee activism? Consumer complaints? Regulatory action? Shareholder activism?
In truth we read stories in which those employees that speak out against victimisation, are themselves victimised in turn; stories in which companies hide behind the self employment of staff representing them; PR spin is layered over each latest scandal, PR companies are contracted to dig up dirt of figure that speak out and in which institutional investors and venture capital just look for the best short term return.
----------------------------------------------------------- Steve Wilme CISSP-ISSAP, ISSMP M.Inst.ISP