On Sept. 4, 2015, 9:42 a.m. by Hussain Almohri
Many technology startups face the problem of getting excited about a small community of early adapters that are willing to try virtually any cool idea without thinking much about the promised economic value. This is a problem because once the dusts are settled, a technology startup needs to go viral and make fund itself through its sales, but this does not happen easily. I have observed through years that there is tendency not to trust computing in real and sometimes critical processes. For example, if we think of the percentage of votes being cast electronically throughout the world in any real and critical election, we would be surprised that it is still a very low percentage compared to the votes cast on paper. While, pen and paper are themselves an outdated technology, the end-users take them as granted but prefer not to trust the code that would write down their votes on magnetic disks instead of paper made from wood.
Startups suffer from the same and the very old problem of trust in computing. Ordinary end-users prefer sticking to what they have and accept the slow and tiresome processes instead of using previously untested technologies that promise to speed up the processes and ideally bring in economic value as well. For example, in the middle east, most transactions are still being made in cash, using strictly PIN-based debit cards, and much less using credit card let alone transactions carried online without a representative from the company accepting the money in person
. Lack of knowledge for the ordinary end-user in the middle east creates the delusion that if a PIN-based debit card is handed to a company representative to deduct the money from the user's bank account, the user's money is safer compared to using the same debit card in an online application. End-users do not pay attention to the fact that both transactions are equally carried electronically, perhaps the latter in a better software security setting!
The problem of trust is a multidimensional problem that needs to be addressed both with public campaigns as well as more assurance from the security research community. In fact, the research community must be more open to the end-users to fill the gap and explain the very fancy security solutions that are being deployed in a form understandable by the ordinary end-users.