D2.2: Set of use cases and scenarios

Title: REPUTATION IN DIGITAL COMMUNITIES

Reputation in Digital Communities

With the growth of the Internet more and more people spend a lot of their spare time in so-called Internet Communities – a manifestation of digital social environments on the Internet  − instead with friends or relatives at their domicile. Most of these virtual friends they have neither met in the past nor will meet them in the future. Certainly as for every rule there exist exceptions: More and more non-virtual friend- and relationships have been started in such Internet Communities.

The spectrum of Internet Communities from various providers reaches from mailing lists, newsgroups and discussion forums to role-playing and electronic marketplaces. 

Members of the communities naturally have the typical security requirements (confidentiality, integrity and availability) on the technical systems implementing these communities. But even more than in the systems they have certain requirements on the other (initially unknown) members they are interacting with. And even more than in interactions with well-known opponents they have the same requirements on the unknown opponents. Beneath the system guaranteeing secrecy and integrity of information also the other users should do so if specified by the user:  

1. Someone seeking advice might get technical integrity of other user’s answers, but if they give him false advice, technical integrity is meaningless for his problem.  

2. Someone who wants his requests within the community to be kept secret from others than legitimated readers of the question might get this guaranteed by the system, but what about if other users distribute this information manually? 

In the real world formal agreements between unknown people are ensured by handwritten signatures. This guarantees the legal enforceability of statements. The same might be reached for digital information and actions by adding digital signatures (and if necessary time stamps) that guarantee integrity and authenticity of the information resp. actions. This needs appropriate public-key infrastructures. But as in the real-world the members only get evidences for others’ misbehaviour. Every dispute between them has to be solved outside the Internet community in a legal process. The legal enforceability of digital information and actions depends on how legally binding the corresponding security measures are considered to be in national and international law.  

When becoming a member of an Internet community an individuum develops a new partial digital (or virtual) partial identity within this community. Often for becoming a member of a community a user has to register at the provider by choosing the pseudonym he wants to use and eventually declaring some additional personal information (e.g. his age, postal and e-mail address) that may be verified by the provider but more often is not. So the individuum starts with a new pseudonym and has to gain a reputation for this pseudonym within the community. His reputation will depend on his (mis)behaviour and other member’s valuation of this. 

Reputation systems can collect the experiences members made with interactors in past interactions in a technically efficient way. These experiences may help other members to estimate the future behaviour of unknown interactors. This assumes that past behaviour indicates future behaviour. 

But it does not prevent any member from making bad experiences with new interactors because reputation usually is context-depending and beneath that members may lie about others’ behaviour (Dellacoras, 2000) or suddenly change their behaviour. Technical security measures cannot prevent the latter ‘social’ attacks but a usually large number of reputations and an honest majority of members will hopefully reach that dissatisfied members are the exception. For the case that two members are dissatisfied with an interaction, technical measures should still give them the possibility to reach legal enforceability of each other. So reputation systems do not make other technical security measures obsolete, but hopefully reduce the expensive legal process of enforcing them.