Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Creating a Framework for Supply Chain Trust in Hardware and Software

A Report of the Lawfare Institute’s Trusted Hardware and Software Working Group May 2022: “In a world of growing dependence on technology, consumers of information and communications technology (ICT) goods face increasingly important questions: How, and to what extent (if any), can they be confident that the systems on which they rely are worthy of trust? One need only think of the controversies surrounding hardware and software systems manufactured in China but used in Western commerce to understand the political and practical salience of the problem. To answer that question, the Lawfare Institute convened a working group of experts to articulate and justify a set of trustworthiness principles—concepts that, ex ante, would justify accepting a digital artifact as worthy of being trusted. Although we concluded that a dispositive assessment of trustworthiness would never be feasible, the report develops a comparative checklist of steps an organization can take that significant stakeholders might agree demonstrates its products to be trustworthy—what one might call a functional definition of trustworthiness. Even without the prospect of precisely assessable levels of trustworthiness, the report concludes that a framework for assessments can be made with a relatively high degree of confidence. The value of a framework based on agreed-upon principles should be evident. Using these principles—as well as acceptable evidence—as a guideline, ICT manufacturers and users, including organizations and consumers, can analyze comparative risks and make reasoned risk-benefit and resource-allocation decisions. The framework identifies multiple principles of trustworthiness organized around four core values: maximize transparency, ensure accountability, allow for independence of evaluation and prefer provable analytic means of trust verification over axiomatic, unverifiable means of assessment..”

Sorry, comments are closed for this post.