The Internet Is Going To End Up Like Greece

“Hiya,” the email began. It then gave a new set of bank details for Clark Builders and signed off in the name of James Ellis, the firm’s financial controller. An attached document certified the new account and was signed by Clark’s CFO. The accounting technician to whom the email was addressed changed the information on file.

And that was how MacEwan University, in Edmonton, Canada, came to send its first payment, of 1.8 million Canadian dollars, to unknown fraudsters. There was no such person as James Ellis; the actual name of the financial controller for Clark Builders, the firm that really was building MacEwan’s new performance hall, was Serge L’Abbe. And by the time he called up to find out why their payments were two months overdue, the university had paid out another C$10 million to a counterparty for whom their only real source of information was the “hiya” email.

It’s hard to escape the sense that this scandal actually says something admirable about Canada as a society. Nobody wants to lose 12 million bucks in such a humiliating way. But would you rather live in the kind of society where people make huge payments on the basis of “hiya,” or the kind of society where getting bank details changed requires six months and the services of an army of notaries? Call it the “Canadian paradox”—not only it is possible for an equilibrium to be sustained in which a prosperous economy has a surprisingly high level of fraud, but there is no straightforward relationship between a society’s level of trust in its institutions and the frequency with which that trust is exploited. That has profound implications for the management of institutions that depend on trust—and especially for an internet where the abuse of trust by those on the inside has become increasingly common.

The other side of the Canadian paradox is visible in places like Greece. Ship owners at the Piraeus Marine Club, at the country’s biggest port, will also do a multimillion-dollar deal on the back of a handshake. But they only deal with people they know, preferably with family connections going back generations. The incidence of fraud (against parties other than the government) is surprisingly low, because commerce has shrunk to a size where it can be encompassed by small and personal networks. The cost of a low-trust society isn’t measured in the amount of money that gets stolen, but by the number of transactions that never get attempted at all.

Right now, the online economy looks much more like Canada than like Greece. Users share personal data with almost anyone who asks for it and trust websites with the barest of due diligence. They click “I Agree” as a default reaction and grumble about the fraction of a second of inconvenience. As a result of this, they regularly get taken advantage of. Even when websites are not accidentally losing names and credit card numbers to hackers, they are selling browsing histories for fractions of a cent to anyone from advertisers to fraudsters.

This isn’t a problem that can be blamed on users being blasé about their privacy, though. Even for those who confine themselves to trusting the absolute blue chips of the tech industry—the services that can be considered essential utilities for all practical purposes—are exposed to the risk that their data will have adventures they never planned for it. Amazon has had to contend with rogue employees selling user data for bribes. Facebook had the Cambridge Analytica scandal. And perhaps most shockingly of all, Google appears to have decided to integrate its Deepmind subsidiary’s joint venture with the British National Health Service into Google Health, taking with it (apparently legally) the medical records of more than a million patients.

That’s a disconcerting reality to confront. But it’s also better than the alternative. If networks of trust online narrowed, the internet—and everything that depends on it—might grind to a halt. This is something that can happen either suddenly, in the way that the global interbank lending market shut down in 2009 as everyone decided they could no longer trust another bank’s balance sheet, or it can happen gradually, as with the long and painful process from the Ottoman Empire to the German occupation that brought Greek society to where it is today. Even in Canada, after a decade of reveling in the nickname “Scam Capital Of The World,” the notorious Vancouver Stock Exchange was no longer a viable place to raise capital for mining ventures and had to be closed down.

It’s not clear how to stay more like Canada than Greece, but there are some clues. The first is that low trust in the economy is associated with low levels of tax compliance. Places such as Greece that have gone rapidly backward compared to their peers—or Argentina, the only country to have fallen out of the developed world—saw the tax system lose its perceived legitimacy. A weakening of the psychological and cultural barriers against dishonesty is difficult to quarantine to a particular space; it has a tendency to leak out into the wider economy. A map of Italy shaded by the rate of tax compliance would fit onto one shaded by the influence of organized crime with scarcely any overlap.

That’s related to another clue, hinted at in the very term “white-collar crime.” Very few crimes besides this one are defined by the social status of the perpetrator. Yet fraud is different. Unlike most other crimes, it’s carried out by those on the inside, not the outside. In order to break trust, you first have to have it.

That suggests that low-trust societies begin to evolve when people are able to commit crimes of dishonesty but preserve their status as regular members of society. As long as dishonest behavior is recognized and punished as such—as it is, by and large, in Canada, where it is the responsibility of the famed Mounties—the general convention of trusting anyone with a smart suit or the semblance of a corporate email account can persist. It’s not so much the fact that crooks can get away with it as that the distinction breaks down between the concept of a crook and an honest person. Once it starts to be established that otherwise good people can cheat, generalized trust is not viable, and the inferior technology of small-network reciprocation—“raccomandazione,” in the Italian sense—takes over.

This should worry the tech giants and enthusiasts. The purpose of fines and court cases brought against white-collar criminals is not so much to punish, or even to deter, as to maintain the popular myth of a clear distinction between deviant and nondeviant members of society. Bad apples are tolerable; if the public believes the rot has spread to the whole barrel, the whole apple market falls apart. If, for example, Google can break faith with the British public and integrate their health data for its own profit, or Facebook allows user data to be scraped in order to serve misleading political advertisements, the myth is weakened. It ought to be a core competency of any tech CEO to be able to handle “apology tours” like Mark Zuckerberg of Facebook’s four-hour appearance in front of the U.S. House of Representatives. Zuckerberg apparently enjoyed that experience so little that he has refused to make even a token showing in the British Houses of Parliament, but this appearance of believing himself to be literally above the law could be highly damaging in the long term.

There is unfortunately a conflict between local and global objectives; in any given case, it is better to be found innocent than guilty, but over the long run, it is better to lose the occasional case in order to make sure nobody gets confused that there is a difference between innocence and guilt. By their abuses of a collective trust, Google and Facebook are becoming complicit in their own destruction—and in making the internet worse for everyone.