Reputations, Belief, Identity, and Networks

[Tim May]

This issue has come up, with a few list readers talking about how 
uncertain or fuzzy reputations are. Some have said they see this as a 
fatal flaw for commerce and dealings in cyberspace (and in 
cypherspace, the strongly-untraceable variant).

If we were all in the same room and had access to blackboards, maybe 
these doubters could be convinced. Lord knows, this is what a lot of 
the early Cypherpunks physical meetings were all about, with hours 
spent drawing pictures, refuting arguments, considering gotchas. 
Regrettably, we are not in the same room and text articles don't work 
in the same way (especially when people often don't even read the 
full article or any of the cited references!).

Yes, I know about HTML and GIFs, but there's no way I'm going to 
prepare a series of diagrams and pictures, for obvious reasons: time, 
lack of feedback, limited audience, etc.

Some general comments:

* Yes, reputations are not objective things like the charge on a 
particle. Rather, they are more like the velocity of a particle: 
different observers will observe different velocities. Or, continuing 
the physics analogy (which is limited!), there's a complicated 
tensor, or matrix of values, attached to what we call "reputation": 
Alice's reputation as a cook to Fred, Alice's reputation as a writer 
to Dorenda, Alice's reputation for being on time to Digital 
Datawhack, and on and on. Not only is this matrix large, the values 
are themselves dependent on other beliefs and assumptions, and the 
values vary even on a daily or hourly basis.

* this should not be surprising to anyone. The notion that "Alice" 
has some "measurable reputation" is ludicrous. To whom, for what, 
under what circumstances, etc.?

* What we call "reputations" are really "beliefs." Assertions in a 
personal data base. Reputations have a different flavor from some 
other kinds of belief. "I believe Alice was born in 1965" is a 
different flavor of belief from "I believe Alice will repay money 
lent to her" or "I believe Alice speaks the truth." In ordinary 
language, we classify the latter two beliefs as statements indicating 
has a good reputation for repaying debts or speaking the truth.

* Beliefs come from a lot of places. If a lot of people tell me that 
Alice has repaid money they lent her, I believe (for Bayesian 
reasons, though Alice may still screw _me_) that Alice has a good 
reputation for repaying debts, i.e., a good credit history. This 
belief I have is my assessment of her reputation. It is _not_ 
something Alice owns or carries around with her.

(There are obvious and important implications for free speech here, 
too. The notion that Alice "owns" her "good name" and can take action 
against others who "impugn" or "besmirch" her "good reputation" is a 
pernicious idea. One reason so many of us understand and embrace the 
notion of unfettered free speech, even speech impossible to trace to 
a speaker, is because of a deep understanding of how probabalistic 
belief networks operate, warts and all. If L. Detweiler "besmirches" 
my name, he has besmirched his own repuation, in my view. I could go 
on, but I just wanted to make the links between reputations in 
_commerce_ applications and similar reputations in areas where some 
folks think we need laws against slander and libel, regulation of 
"bad" speech, etc.)

*Back to the relativity and fuzziness of "reputation."

* I mentioned earlier that several other interesting concepts have 
the same kind of "relativity" and fuzziness: entropy, randomness, 
even encryption. These things depend on context, on environment. A 
complicated bit string may look like noise, utterly random. But it 
may be an encrypted message, or even the genome of an oak tree. Cf. 
the work of Chaitin and others, treated popularly in recent books by 
John Casti, John Barrow, Rudy Rucker, Ivars Peterson, and others. 
Everyone on this list should think deeply about issues of randomness, 
entropy, and algorithmic complexity. These are core issues, not just 
to cryptography, but also to PBNs and complex systems in general.

* Greg Broiles mentioned "bets" in this context. Bets are a good 
thing to think about: they represent an agent's most self-interested 
assessment of a bunch of factors: how likely a loan is to be repaid, 
how likely it is that Alice will be at the restaurant when she says 
she will be, who will win the Super Bowl, etc. Not surprisingly, 
dozens or even hundreds of scraps of information may be fed into the 
process of making a bet, setting odds, etc.

* Is there some master formula for establishing odds? What do _you_ think?

* Is it all hopeless, then? No. Reasoning with incomplete knowledge 
is something evolution has prepared organisms for quite well. Many 
tools exist to estimate odds, from standard probability theory to 
more exotic recent methods ("maximum entropy methods," for example). 
Bayesian reasoning has gotten a lot of press lately.

* Because of these perceived difficulties, it is often tempting for 
strongmen or thugs to establish top-down rules and use the threat of 
physical coercion to ensure compliance. Names and identities often 
fit this, with every citizen-unit being required to carry papers, 
proofs of identity, etc. This tendency toward having a "master 
signer" (root) who then delegates siging to lower levels, etc., is 
also tempting for top-down use: the President of VeriSign, for 
example, tells the next level down that they are who they say they 
are, and they tell a lower level, and so on.

* PGP, to the credit of PRZ, adopted a "web of trust" model. Instead 
of a top-down signature authority, so to speak, the web of trust is a 
closer match to the probabalistic belief networks found in personal 
interactions: Alice believes something about Bob (who he is, where he 
lives, whether he has repaid loans to others, etc.). Bob believes 
something about Alice. Dave believes something about Charles, and so 
on.

* a "digital signature" is nothing mystical or special, just another 
"belief." If I meet someone named Alice and she signs something with 
her private key, then if I see this same signature someplace else 
(e-mail, for example) I will have a degree of belief that the person 
I met in person is the same person (or has possession of the key, 
which is similar in most cases to "being" the same person) I am 
dealing with via e-mail.

* does a digital signature really mean that this person "is" Alice? 
No. And it is unclear what it means to say a body or agent "is" 
Alice. Unless and until there are naming systems at birth, trackable 
biometrically, names are just handles. They change. The focus on 
"is-a-person" is overdone. ("Is-a-person" is a topic of interest to 
cryptographers, and is something newcomers should read up on.)

* webs of trust are special cases of the probabalistic belief 
networks I've already mentioned. Seen as a graph with various nodes 
and arcs representing degree of belief in something.

* the top-down naming system being pushed by VeriSign (and perhaps 
likely to gain Official Government Recognition, meaning, get a 
certificate from VS or don't bother trying to communicate with the 
IRS, DOJ, etc.) is a graph looking like a pyramid.

* and so on. Much can be written about these graphs, these networks, 
and their properties. And about tools for propagating belief. 
Dempster-Shafer methods, for example. Judea Pearl's recent book, 
"Causality," has a bunch of interesting insights.

* are there "scalability" and "consistency" issues with non-pyramidal 
PBNs? Sure. As to be expected. (Issues of unwieldiness of large webs 
of trust, for example.)

* Are these "show-stoppers"? Not that I can see. I'm quite happy 
receiving signed keys from folks I know. If the entity known as 
"Lucky Green" gives me his signed key, and I add him to my keyring, 
then I have confidence the e-mail he signs comes from the person I 
know. I don't care whether "Lucky Green" is his True Name, or his 
Immigration Name, or his Stage Name. And I don't care whether some 
data base at MIT is choking on all of the names and keys they have 
_centralized_. (Hint: the word "centralized" should be a clue.)

* Fact is, we make most of our decisions based on probabalistic 
belief networks. For restaurants, movies, t.v., books. Lots of 
sparseness in the network, lots of fuzziness. But when someone asks 
for a list of recommended reading, and folks like me give such a 
list, this is PBNs and reputations at work--regardless of how "fuzzy" 
the recommendations may be, regardless of "authority" issues.

(For example, taking the objections of some here to reputation 
systems, one might expect them to ask such questions as: "But who 
established the reputation of Tim May? How do we know he is 
qualified, or authorized, to give such recommendations? He recommends 
Vinge, but do we know if Vinge has given his approval for Tim to 
recommend his books? This "reputation" thing is just too informal to 
be workable.")

I encourage readers to check out the books and articles on the topics 
mentioned here. Don't expect them to directly refer to the topics at 
hand with Cypherpunks, for obvious reasons. We are in many ways at 
the cutting edge, in terms of realizing the implications of 
untraceability, nyms, and reputations for commerce, so traditional 
analyses have not covered these things.

A recent book, a very recent book, is "Peer to Peer." (Cf. Amazon.) 
It has at least a couple of articles sketching out reputation issues. 
Not in the PBN sense I describe above, but, then, they didn't ask me 
to write a chapter, so I didn't.


--Tim May

-- 
Timothy C. May         tcmay at got.net        Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns