When Denise Caruso asked me to become a regular contributor to the Hybrid Vigor blog, I jumped at the opportunity. Since late 2006, I’d been developing ideas for building social trust and reducing fraud on the Internet by way of a blog I started at Burton Group.

That blog holds a lot of sway with Burton Group’s readership—IT professionals and software vendors—but after Denise brought some of our ideas to a wider audience with her article in the New York Times, it drew the attention of important new communities, such as (for example, this interview with Emergent Chaos, this post from Jim Harper, and this one from Michael David Cobb Bowen).

I realized that any successful approach to building social trust online would require the attention of a broad-based, interdisciplinary community — a blending of ideas from social science, evolutionary biology, human factors, economics, mathematics and engineering. The technical design requires tempering by our best understanding of political science, psychology, philosophy and the law.

Hybrid Vigor is chartered to stimulate this kind of intellectual fusion, and with my recent move from Burton Group to Mycroft, it was a natural time for me to spin up a new effort. So on this blog, I’m hoping to further invigorate the discussion on social trust on the Internet.

Unraveling the mysteries of social trust online is more than an academic exercise; the ability to trust is something that deeply affects our day-to-day personal and professional lives.

Netizens face a constant battle against identity theft, phishing, spyware, and spam. Sometimes people find their personal relationships exploited. Our credit histories can be co-opted—without our consent or knowledge—to prop up stranger’s credit score. Governments and businesses spend billions in fraud detection (merchants alone will spend $3.6 billion this year), age verification, and security systems.

Yet even with constant vigilance, anyone can be pulled into the maw of some remote data catastrophe. The much publicized data breach at TJX (the parent company of T.J. Maxx and Marshalls) showed how the mere act of shopping can drawn customers into an identity disaster of someone else’s making, even years after a transaction occurred.

Once TJX reported the breach, critics and regulators beat on the company’s poor security infrastructure like a piñata. “If only TJX had followed the 12-step program to Payment Card Industry compliance!” “If only they’d protected their wireless network!” “If only they hadn’t collected and stored all that personal information! Then …”

Well, then the fraudsters might have driven down the street and hacked into Home Depot instead.

So, what can be done about a problem of this magnitude?

Culturally and psychologically, we’re conditioned to lay blame entirely on participants involved; scapegoating is a time-honored cathartic activity. Some people will take comfort in the belief that the TJX catastrophe was an outlying case—a freak accident that happened at a particularly badly protected place—and that such things are unlikely to occur closer to home. Others may hope that making a public example of TJX will inspire corporate boards to get busy about upgrading their security systems.

Regrettably, the scapegoating approach doesn’t exorcise the security demons that plague the Internet. With increasingly sophisticated attacks on ever more valuable data, even the vigilant eventually succumb to the fraudsters’ arts.

But what other options do we have?

Government regulators are bullish on the “war on fraud” approach—a crackdown on critical systems. The Bush administration has already budgeted $6 billion for hardening online systems against terrorist attacks. And a war on fraud might actually be effective, if we could identify the fraudsters.

But unfortunately, fraudsters by definition use false identities, so to engage that battle, we’d need to beef up the security infrastructure of the Internet by orders of magnitude. We’d have to do background checks on users, issue “surfer licenses” to all the Internet users, lock down points of access, and hire a bunch of cyber-cops. We’d need to hire another set of people to regulate the cyber-cops, and another set of people to govern the regulators.

That’s why ultimately, the “war on fraud” approach is untenable, because it require levels of sophistication and precision well beyond our abilities — and it demands that well-doers willingly capitulate to a painfully asocial system.

Technology, security, and control aren’t the primary ingredients of social trust. So as long as online trust mechanisms remain mired in the mathematics of encryption, key pairs, and digital signatures, the problems we see today will only intensify.

Creating workable solutions for online trust requires new ideas that take into account more than the technology dimension. I’m glad to be part of the team at Hybrid Vigor that will make it happen.