Abstract
Trust is a necessary but unfortunately misunderstood concept. Confidence in electronic commerce will not arise until there is established "TRUST". Within the electronic commerce environment "Trust" consists of 3 major components: behavioural trust; business trust; technology trust. The paper explains the importance of each these components and their inter-relationship, drawing upon the US Dept of commerce report on electronic commerce and the US Federal Trade Commissions Report on "Privacy issues in Electronic Commerce".
Introduction
Trust is a very difficult concept to understand. Why do people trust other people or groups or the functions of machinery? For example why does the driver of a vehicle when traveling along a road with another vehicle approaching trust the other driver to not collide with him or her? Why do both drivers trust their respective vehicles to stop when the brake is engaged? Why do people trust a bank with their life savings? In many respects these questions involve what is sometimes called "blind trust".
The concept of trust is an important issue because it transgresses all aspects of life. Hence, it is necessary to understand what the term "trust" actually mean. What are the general rules (if any) that assist in framing the concept of trust?
The trust concept takes on new importance in relation to global electronic commerce, particularly where it is performed on the Internet. This new global electronic commerce environment has the potential to greatly affect all aspects of society but in order to do so the concept of trust in this environment needs to be fully researched and understood.
In the electronic commerce environment the concept of trust involves the interaction of four disparate components. These components are:
Reliance on each component may greatly vary, depending on the circumstances applying at the time of such reliance. That is, there are generally 3 circumstances, which greatly affect the assessment of trust, namely normal circumstances, abnormal circumstances, and extreme circumstances. An example of extreme circumstances is where a person’s life absolutely depended on the operations of a computer mouse on an ordinary personal computer. It is doubtful that anyone would, in extreme circumstances, have sufficient trust in the operations of the computer mouse without further information to help the person assess the trustworthiness of the computer mouse. Most people regard their lives as valuable and would not risk their lives on an untested piece of machinery.
Another example would be the trust reposed in a safety critical system. Usually, people will trust the operations of a safety critical system, but will this be the case at the start of the new millennium. The Year 2000 problem has substantially undermined the trust usually reposed in all systems but this is especially so for safety critical systems.
This paper will briefly describe each of the above components and their interaction. It will become clear from this paper that there is no general panacea for the establishment of trust in any environment. A fundamental basis for trust has usually been market forces with the assistance of legislative mechanisms. These legislative mechanisms as will be discussed have centered upon the deterrent factor. It is proposed that electronic commerce will be no different.
WHY IS TRUST IMPORTANT IN E-COMMERCE
The US Department of Commerce in its April 15 1998 Report noted that some products and services have become critical to the general framework of society. That is, society has in effect become dependent upon such products and services. For example, western society has become entirely dependent upon the telephone and electricity.
In order to reach the dependence phase a product must achieve 4 phases, namely:
Confidence in a product will not be achieved until such as the market has trust in the product. A market will not have confidence in a product if it does not trust the product. Trust is the first phase in the market penetration of a product.
Once confidence is achieved then society may become reliant on the product. Obviously not all products reach this level. There are many highly successful products that society is not dependent upon; eg. Coca-cola and Vegemite. One could not say that society is reliant upon softdrink no matter how pleasurable the product may be.
An example of a product that society has become reliant upon is television. Most people have become reliant upon the television for entertainment and news. There exist many people in society who do not own a television, but that could not be said of the vast majority of the people. Hence, it is possible to identify that the television is a reliant product but has not reached the dependence phase. Some products do reach the dependence phase. This occurs when society has become dependent upon the product. Such products include the telecommunications, the motor vehicle, electricity and banking services.
Figure 1. shows the general pattern of market penetration for products and services. The real importance from the electronic commerce viewpoint is that E-commerce will not reach its full potential unless the aspect of establishing trust in the e-commerce environment is achieved
SOME BASICS OF TRUST
Some of the basic properties of trust are:
If mutual trust does exist then it is represented as two separate trust relationships. The Abdul-Rahman model provides for conditional transitivity where the relationship is as follows:
In general terms transitivity is:
If A = B and B= C then A =C.
This does not occur for trust. Trust can not generally be transferred along a chain. If Alice trusts Bob and Bob trusts Kathy then it does not necessarily follow that Alice trusts Kathy.
The variant to this is if Bob is classified as a recommender. If Alice trusts Bob as a recommender and Bob recommend Kathy then it does follow that Alice will initially trust Kathy.
This structural analysis is important because the development of electronic commerce involves the establishment of a hierarchy of Certification Authorities/Trusted Third Parties. These organisations will be one of the key elements in establishing trust in the electronic commerce environment.
Trust usually involves an assessment of external information. That is, the concept of absolute trust will only occur when an entity totally relies upon an outcome after the entity has total control over the input and the process involved in producing the output. It is the aspect of total control that causes some concern. Even when a person has access to a personal computer that is not connected to a network, it is not possible to say that the person has total control over the personal computer. To have total control the person would have to have designed and built the personal computer and the software operating on the personal computer. This is obviously not feasible and as such it is necessary to have belief trust.
Josang has proposed that trust can be categorised as either control trust and belief trust. Belief trust requires there to be an assessment of external information. If the information is accurate, truthful, reliable and complete then it can be trusted. According to Josang, trust usually involves as assessment of the external information and as such results in probabilities. The assessment of external information can be difficult, as the relying party or entity may not be in a position to make a proper assessment. It may involve a best-fit analysis.
However, from a technology perspective Jøsang has identified that it is possible to develop a model for trust and that this model is a model for beliefs. In developing this model Jøsang has formulated a framework which he calls "subjective logic" which is an extension of standard logic and in part probability theory. It is the assessment mechanism that must be used to evaluate the probability associated to the information and the assessment will then be used to assist in the establishment of the requisite trust. Since the concept of trust is subjective, it creates a number of unique problems that obviates any clear mathematical result. Though fuzzy logic is currently being investigated as a possible best fit approach.
TRUST
Technology trust involves the classification of certain technology and Information Structures. As stated above Josang has proposed an extensive model in dealing with technology trust. But, Josang does not give any analysis concerning the security classification of trusted technology. The establishment of a security classification assists in the assessment of the trust that can be reposed in an electronic commerce system.
Trusted Technology
Trusted technology involves an analysis of the computer system from the perspective of trusting the outcome that has been created by a particular process. Traditionally, trust in a computer system has revolved around the security mechanisms incorporated into the system. There are 3 basic classification schemes in existence, namely:
The Common Criteria is a relatively new classification and has been designed supplant TCSEC and ITSEC. It is based on both TCSEC and ITSEC and combines the various elements of both schemes so as to have a standard approach to the development of secure systems.
All of these schemes rely upon rating criteria to concisely express the security of the system. Both TCSEC and ITSEC basically achieve the same function but through a different classification mechanism.
TCSEC was first published in 1983 and was revised in 1985. The publication is popularly known as the "orange book". According to the authors of the orange book, the purpose of TCSEC was to provide a standard to manufacturers concerning what security features to build into their new and planned commercial products. That is, TCSEC was to specify the necessary trust requirements (with particular emphasis on preventing the disclosure of data) for sensitive applications. The sensitive applications in the electronic commerce environment are the signing mechanism and the key generation mechanism.
That is, from a commercial sense within the e-commerce environment, the generation of the key pair for digital signatures and the signing mechanisms are of most importance within the security framework. Therefore, the generation of the key pair should only occur in an adequately secure system. Ordinance 19 of the German Digital Signature Ordinances provides that the generation of key pair must occur within a technical component that is classified at a minimum of ITSEC E4. Further, the signing mechanism must be effected using a component with a minimum classification of ITSEC E2
Within TCSEC there are 6 fundamental requirements:
With these fundamental requirements in mind, ITSEC consists of seven evaluation levels of trust hierarchy. These are as follows:
E0 Inadequate assurance
E1 Security target/informal description of architectural design of product/system.
Functional testing used to confirm target is met.
E2 E1 plus:
Informal description of detailed design
Evidence of functional testing to be evaluated
Configuration control system exists
Approved distribution process
E3 E2 plus:
Source code and/or schematics for hardware to be evaluated
Evidence of testing of these must be evaluated
E4 E3 plus:
Underlying formal model of security policy supporting security target
Security enforcing functions, architectural design, detailed design specified in semi-formal style
E5 E4 plus:
Close correspondence between detailed design and software source code/engineering hardware design drawings.
E6 E5 plus:
Security enforcing functions and architectural design must be specified formally – consistent with formal model of security policy.
Caelli has proposed that mandatory security functionality should be made a requirement for all legal regimes in order to facilitate safe electronic commerce. One of the reasons for this mandatory position is that for "Trust" to be established the user must be in a position to assess the output based upon the classification of the system and the input. That is, by incorporating a trusted mechanism, namely TCSEC or ITSEC to an appropriate classification, the user will be in a better position to accept the functionality of the system that the user is utilising and thus accept the output.
In reality most users will not care or worry about such classification. In the same vein as the motor vehicle, the consumer will assume that the car manufacturer and the relevant government authority have taken the appropriate steps to ensure that the vehicle is safe.
It is the author’s contention that it will be the financial institutions that will dictate the level of security and thus the security classification level. The reason for this is that the financial institutions are in a better position to evaluate and accept the risk involved in the technology used in effecting electronic commerce. Further, because they will be involved in most transaction then they have the most to lose if appropriate steps as regards to security are not taken.
There will, from the financial institution’s position, be some form of cost/benefit analysis as regards to the security mechanism implemented. It is really a waste of expense if the security implemented is so difficult to use that the consumer decides not to use the service. Consequently, the security used will most likely meet the commercial goal of the financial institution and no more. Whether this is sufficient is for the legislators to decide. If a large number of consumers are disadvantaged because there is insufficient security in the electronic commerce environment which is causing a evidential problem or some other disadvantage then the Government may be required to take appropriate steps to rectify the situation.
To bring this into perspective when a person signs a contract the signer has absolute control over the signing mechanism. This is one of the few examples of absolute trust. When a digital document is being digitally signed the signer is not in the same position as when he/she signs using the traditional method. In the digital age the digital document is represented as a series of bits/electronic impulses within memory. There should be a legible representation of what resides in memory displayed on the screen. This is assuming that the representation on the screen corresponds with what is in memory. Hence there exists a perception of trust in the system. But if the system has an insufficient trust classification then the user may possess an unrealistic level of trust in the system. One could call this trust by ignorance. Once of the elements within ITSEC is the establishment of a trusted path between the key-board and memory and a further trusted path between memory and the screen. In this way the use can trust the information on the screen does correspond with the contents of memory.
Most users will not have the capability to properly assess the trust classification of a computer system and nor should they be required to undertake such a task. Such classification should be part of the role of government if commerce does not impose a sufficient self-regulatory position. It is doubtful that the computer industry will impose a sufficient self-regulatory trust system, as there is a substantial cost involved in developing trusted systems. But if E-commerce is to reach its full potential and there exists a mechanism in the e-commerce environment that is no less trustworthy than in the traditional commercial environment then commerce should embrace the trusted system so as to take advantage of this relatively new commercial environment know as e-commerce.
The above is only one aspect of technical trust that will be created in the e-commerce environment. The second main technological mechanism is the establishment of digital signature technology which will involve not only the technology used to digitally sign a digital document but also the distribution of the public key that is used to verify the signer.
Digital Signature Technology
Everyone who has used a computer knows how easy it is to change the contents of a file without leaving any trace that a change had been made. This was especially so with the advent of word processors. In 1978, the idea of being able to prove that a document had been changed from its original format was established. Three US scientists Rivest, Shamir and Adelman developed, patented and published the first public key cryptosystem that could be used to digitally sign an electronic document.
Digital Signatures schemes have appeared in open literature for over 20 years. In recent times these schemes have matured into commercially available and viable products. Digital signatures are being widely accepted as being a viable alternative to traditional signatures and the RSA algorithm has developed from a commercial perspective into the most widely implemented digital signature technology.
More recently, there have been developed a number of electronic signature schemes in contrast to digital signature schemes. These electronic signature schemes have also in recent times developed into mature products that are now being taken seriously by commerce and government as a viable alternative to the traditional signature processes.
One of the main advantages of digital signature technology is that it is possible to detect any changes that have occurred subsequent to the signing of the electronic document. Due to the integrity of the document, the receiver can posses the necessary trust in knowing that the document received has not changed without his knowledge. For example in contract negotiations both parties will want to be satisfied that the message dealing with the essential terms such as price, quantity and delivery date have not been changed during transmission. Also both parties with need to adequately authenticate each other. This can be achieved through digital signature technology. In dealing with authentication both parties will need a proper procedure established so as to obtain each other’s public key that is used for the signing of electronic documents.
Trusted Hierarchical Structure
MP75 proposed:
Legend: PARRA – policy and root registration authority.
ICA – intermediate certification authority.
RA – registration authority.
OCA – organization certification authority
The above structure is a hierarchical structure that attempts to engender trust within the commercial environment. The recent discussion paper published by the National Office of the Information Economy(NOIE) has proposed to vary this structure by removing the registration aspects. That is, instead of having a root registration authority for all ICA’s it is now proposed that each ICA will be an independent root registration authority and that the policy aspects of the hierarchical structure be brought under a separate authority known as the National Authentication Authority (NAA).
It has been further proposed by NOIE that the NAA be a company limited by guarantee whose directors will be selected from industry. This proposal has three major flaws:
In not being a statutory body, the NAA will lack the necessary authorization to negotiate on a national basis cross certification arrangements. This will require each ICA to enter into separate cross certification agreement with other CA.s. The form of such agreements could vary greatly depending on the experience, knowledge and financial status of the ICA. This possible variance can greatly undermine the trust required in the entire electronic commerce environment.
If the NAA is given the right to negotiate international cross certification arrangements on a national basis then as far as the author has been able to determine this will be a first anywhere in the world. The role of negotiating international agreements on behalf of a country has traditionally involved the Government or a statutory body. That is, for cross-jurisdictional arrangements the Government either retains that power itself or establishes a statutory body. An example of this is the reserve bank, which has the authority to negotiate international financial arrangements on behalf of Australia. It is doubtful, that the National Root Registration Authorities of other jurisdictions will enter into a cross certification arrangement with the NAA if it does not have the necessary authority to do so on a national basis. This lack of authority may cause an undermining of the necessary trust that is required within the electronic commerce environment.
A company limited by guarantee does not afford the necessary protection for its boards members. In utilizing a statutory body the board members under the relevant legislation can be afforded special limitation of liability so that they can exercise their duties without fear of possible liability flowing from such exercise. This lack of protection could prevent a number of well-qualified people from accepting a board position on the NAA. The current NAA proposal provides that the NAA will only have a policy setting role. But if the policies set by the NAA disadvantage a particular CA or a sector of the community then the Board members of the NAA may be caught in litigation and thus be personally exposed. It is the author’s contention that the better structure would be to have a statutory body that properly protects its board members, who can set policy without fear of liability.
Also in not establishing the NAA as a statutory body there is no enforcement capabilities established. If the NAA sets a particular mandatory policy then how does the NAA enforce that policy upon a recalcitrant CA. The CA could simply decide, that it will not comply with the policy. This could then force the Government to enact special legislation, but this takes time and requires either a statutory body or government department to oversee the legislation. The better view is that the Government should not shirk its responsibility. The Government must take the lead in establishing the NAA as a statutory body. This would correspond with what is happening in other jurisdictions like the USA.
In not committing the NAA to a registration function the whole structure could lack the necessary commercial trust from a business perspective. The lack of registration functionality also has with it a lack of jurisdictional power to enforce the policies that the NAA may develop.
The structure proposed by NOIE in the author’s undermines the necessary trust required by commerce within Australia.
BEHAVIOURAL TRUST
Fukuyama in "Trust – the Social Virtues in the Creation of Prosperity" identified that within the global community there are differing cultural societies that have developed substantially differing views on trust. For example on the whole the Chinese society is classified as a low trust society. The general effect of this is that the Chinese community do not generally trust people outside of their family. Therefore, if you are not within the family then you will not progress within the organisation. This is not a criticism of this society as it has been and remains one of the most influential commercial societies. The Chinese are not the only society that falls within this classification. The Italian and French can also be classified as the low trust societies. They basically operate on a familistic relationship.
One of the distinctive aspects of low trust societies is that there is rarely a proper separation between the ownership of the corporation and the management of the corporation. In these societies, the large corporations are usually owned by the State.
In contrast to low trust cultures are the high trust cultures. Such cultures include the Japanese society, the USA and the UK. The benefit of such cultures is the development of multinational organisations where the ownership and the management of corporations have effectively been separated. That is, the shareholders of publicly listed corporation have placed their trust in third parties (the directors of the corporation) whom they do not personally know. Shareholders base their trust upon some information that has been given to them about the performance of the corporation and about the directors. This establishes belief trust based upon the information provided. In support of this trust there is usually some statutory body that has enforcement functions to make sure that the information is accurate, true, and complete.
In dealing with the establishment of appropriate legislation to facilitate the necessary trust for the advancement of electronic commerce it is the author’s contention that research needs to be undertaken so as to better understand the requirements of low trust societies and high trust societies as regards to the ambit and type of legislative mechanism necessary to advance electronic commerce.
PRODUCT TRUST
The role of the brand can not be underestimated. Trust in a product will mainly be achieved through marketing. Branding is only a relatively recent phenomenon. It was not until the 1980 that the value of branding became a financial necessity. Successful brands establish goodwill that is dependent upon the trust that consumers have in the products.
According to Interbrand, an estimate of the financial value of Brands was as follows:
|
Rank |
Brand |
Value (Billions) |
|
1 |
Coca-cola |
39.0 |
|
2 |
Marlboro |
38.7 |
|
3 |
IBM |
17.1 |
|
4 |
Motorola |
15.3 |
|
5 |
Hewlett-Packard |
13.1 |
|
6 |
Microsoft |
11.7 |
|
7 |
Kodak |
11.6 |
|
8 |
Budweiser |
11.3 |
|
9 |
Kellogg’s |
11.0 |
|
10 |
Nescafe |
10.3 |
source : Interbrand, Financial World, 1995
The brand is really the trust mechanism. It is the centre of both positive and negative impressions of buyers. These impressions will be established over time. That is, as time passes so will there is established either positive or negative trust. Negative trust is generally known as distrust.
An important issue with product trust is that it can be quickly lost through negative publicity. This was clearly the case when Perrier mineral water was publicised as having unhealthy amounts of certain minerals. Perrier had marketed their product as being exceedingly healthy because it came from the pure water of the Alpines of Europe. As a result of this bad publicity the market demand for Perrier mineral water substantially decreased. The trust in the product had been substantially undermined by the bad publicity.
Product trust should not be underestimated. Most developed jurisdictions have labelling laws that all manufacturers must adhere to. This creates a level playing field, yet some products succeed and others do not even though the products may be essentially the same.
In dealing with product trust the fair trading rules governing consumer protection are relevant. One particular legislative rule that assists consumers in having trust in a product is that in Australia a corporation must not in trade and commerce engage in conduct that is misleading or deceptive or likely to mislead or deceive. This legislative support assists in engendering consumer trust.
LEGAL TRUST
The most obvious characteristic of the Law is that it is coercive. According to Hobbes the law was brought into the world for nothing else, but to limit the natural liberty of men, in such manner, as they might not hurt, but assist one another, and join together against a common enemy. Whether this universally holds true is debatable. There have been many papers written as to the deterrent effect of the law.
In dealing with the concept of trust and the electronic commerce environment, it is the author’s contention that without an adequate legal framework there will not be sufficient trust established. This is particularly so when one takes into account that when on the internet it is not possible to reach absolute trust and therefore each party will have to rely on beliefs which may be misdirected in the circumstances. A number of authors have contended that the cornerstone from a legislative perspective for the advancement of electronic is the enactment of digital signature legislation.
The ABA report first proposed digital signature legislation to take account of a growing move by the US government and a number of major US corporations to Digital Signature Technology. As a result of the ABA report the State of UTAH enacted Digital Signature Legislation. The ABA legislative model is generally referred to as full infrastructure legislation and has been criticised by Biddle, Winn.
Winn argues that it is far too early to enact full infrastructure legislation when no one knows what the market will look like. In furtherance of her argument Winn compares the current electronic commerce environment to the motor industry at the turn of the century. The internal combustion engine had only recently been invented as had asphalt. Was that the appropriate time to enact laws governing the development of motor ways when at that time there was no certainty that there was a market for that technology or what the ultimate market structure would look like.
Despite this criticism there are a number of jurisdictions throughout the world that have enacted digital signature legislation based on the ABA report or are contemplating such legislation.
In contrast to the Utah styled legislation governing digital signatures, a number of other jurisdictions have approached the issue of digital signature legislation in substantially different ways. For example, the State of California has limited the scope of its legislation to transactions where one of the parties is a public entity. Furthermore, this legislation is drafted using technology neutral language. Instead of specifying asymmetric technology as the only acceptable method of affixing an electronic mark to a document, the legislation identifies the attributes that an electronic mark must possess before it will be accepted on the same footing as a traditional signature.
The attributes of an electronic signature under S 16.5 are:
There is nothing in the Californian Code or in any other US legislation that deals comprehensively with the concept of "TRUST". The Utah Legislation does define a "Trustworthy" system but the term has limited application because it only applies to the computer systems operated by Certification Authorities. It appears that the concept of "TRUST" in the electronic commerce environment has been taken for granted and has not been properly investigated. There is nothing in any of the US based legislation that directly concerns itself with the concept of trust from the signatory’s perspective.
The first paper dealing with the concept of trust from a legislative approach was Winn. But Winn believes that because the TCSEC was originally developed for military objectives, it is unlikely that such objects will correspond to the objectives of a business conducting electronic commerce; the cost of implementing systems conforming to military standards might be prohibitive in any event.
The only legislation to date that specifically deals with the signing mechanism and the concept of trust is the German legislation. Ordinance 19 of the German digital signature ordinances specifies that for the generation of the private key pair the component used must at least be classified E4 under ITSEC and for the affixing of an digital signature the component used must at least be E2. The use of the term component implies that the whole system need not be so classified only the component use must be so classified. At least one commentator has questioned the commercial value of ordinance 19 because there appears to be only one corporation that can supply the necessary components that will satisfy this high security criteria and that corporation is a German corporation that markets certain smartcard technology.
In contrast to the position overseas, the Victorian Government has released for comment its proposed digital signature legislation. This proposed legislation has a number of shortcomings:
"Electronic Signature" is defined to mean a PROCESS applied by the person to a document in electronic form:
(a) by which the document is authenticated by that person; and
(b) which contains an acknowledgment that the document is being signed.
A traditional signature is not a process but is a mark affixed to a document. The mark is the resultant of a process whether that process be pen to paper or a stamp or some other mechanical process that is used to affix the mark to a document. Hence it is not correct to state that an electronic signature means a process.
(b) The concept of engendering trust within the electronic commerce environment is totally neglected. The position detailed in the proposed Victorian Electronic Commerce Framework Bill is structurally similar to the Massachusetts legislative framework.
Whether it is necessary to enact legislation that provides for E2 and E4 levels of assurance is questionable. In order to approach the trust factor in a commercial manner it is necessary to ascertain what benefits will arise from the selected classification level and also determine what cost will also arise. Commerce must not be prevented from entering the E-Commerce environment due to some draconian legislative mechanism. Commerce will require a balance that will establish trust yet not prevent it from taking the full advantage of electronic commerce domestically and globally.
Conclusion
Fukuyama in dealing with the trust of cultures identified that:
"Communities depend on mutual trust and will not arise spontaneously without it. Hierarchies are necessary because not all people within a community can be relied upon to live by tacit ethical rules alone. A small number may be actively asocial, seeking to undermine or exploit the group through fraud or simple mischievousness. A much larger number will tend to be free riders willing to benefit from membership in the group while contributing as little as possible to the common cause. Hierarchies are necessary because all people cannot be trusted at all times to live by internalised ethical rules or do their fair share. They must ultimately be coerced by explicit rules and sanctions in the event they do not live up to them. "
It is clear that, trust involves a number of disparate components and can not be reduced to a mathematical formula. The influence of these components varies depending on the underlying circumstances and also on the culture and industry involved. The cultural influence can not be underestimated. Biddle has criticised the Utah Digital Signature Legislation because he believes that the form of the legislation is not warranted. But his criticism does not take into consideration the cultural values that exist in the State of Utah.
It is arguable that the state of Utah is a low trust society due to its cultural background based upon the Mormon religion. In contrast to the state of Utah, the state of California and the state of Massassuchetts have enacted minimalist technology neutral legislation. Both California and Massassuchetts could be classified as high trust societies and therefore it may fit within their cultural environment to have minimal legislation instead of extensive legislation that low trust societies may require in order to enhance the concept of trust within the E-Commerce environment. The difficult issue is whether people in low trust societies will engage in electronic commerce with people or organisations situate in high trust societies. The jurisdiction of law governing the contract will then come into play.
Further research should be undertaken in this area as little has been done to date to analyse the extent that low trust societies and high trust societies have upon the legislative mechanism.
Endnotes