You're correct: an oxymoron is a phrase that is seemingly self-contradictory. While "trust but verify" is an oxymoron, it is not a contradiction or paradox.
A simpler oxymoron is "to make haste slowly". In that phrase, the "make haste" part describes velocity, while "slowly" describes acceleration. Anyone who has taken Calculus knows that velocity and acceleration can be independent variables. Thus "to make haste slowly" is an oxymoron but not self-contradictory.
Similarly, "trust but verify" describes two possibly independent variables: your attitude about the future and your behavior regarding the past. You can choose to trust people to make good decisions for the future, while simultaneously verifying they made good decisions in the past. Alternatives to "trust but verify" include "always trust", which has obvious bad consequences; "never trust", which has different but also bad consequences; "trust sometimes", which is ambiguous; and "verify always", which is unrealistic. The phrase "trust but verify" describes a healthy attitude and behavior.
But the whole point of trusting is that you get to skip verifying. What's the difference between trusting and not trusting if you still have to put in the work of verification anyway?
The difference is in when you begin cooperating. You can work much faster by immediately acting on agreements and later making sure the other party is attempting to hold up their end than you can by waiting until you can prove something about the other party and only then starting whatever it is you were supposed to do.
Consider these different hiring schemes:
1. Hire whoever applies, and keep them forever, no matter what. ("Trust, don't verify.")
2. Hire whoever applies, and fire them later if they don't seem to be working out. ("Trust, but verify.")
3. Full background check and extensive additional vetting before an offer is made. ("Don't trust, do verify.")
4. Never hire anyone. ("Don't trust, don't verify.")
Aside from the obvious pacing differences, note that what's verified (or not) in options 1/2 is different from what is verified in option 3. That's not a coincidence -- before you start working with someone, you can't assess whether they're doing a good job. You have to rely on more general (and therefore less reliable) markers of trustworthiness.
(You may think option 4 sounds ridiculous. It isn't -- that is the historical norm for cooperation outside of very well-defined groups like your family or your tribe.)
How is verifying everything because you don't trust people not to make a mistake operationally different from verifying everything because you suspect bad faith? To the supposed trusted party, the result is the same: you not taking them at their word and instead checking whatever they do. Even if you're being honest about only verifying to avoid mistakes, you can never prove it.
This definition of "trust but verify" would be better reduced to "verify", since it essentially claims that trust is, if not impossible, not practically applicable in any situation.
@stupidcar we've reached the depth-limit, so I'm responding here.
> In the case of "trust but verify", how does this trust manifest in a provable way?
Good point. "provable" is the problem here since we don't know eachother, and frankly I can't prove you're trustworthy initially; that's why the question this addresses (namely "trust-or-misstrust?") arises in the first place. Assuming we don't have dossiers on everyone we're going to meet and work with, we have to decide on an initial point on the trust-scale you mentioned with which to begin interaction.
"Trust but verify" is about having faith that people are generally good, and treating strangers that way while protecting yourself. It indicates balance between treating strangers like data-points and getting walked all over is important, and it provides a suggestion about how to approach the situation.
Regardless, I suggest that it is better to reply to the comment you're replying to than to reply to some other comment, whether you see a reply link or not. You don't need the reply link to reply to a comment.
There are different kinds and levels of trust. "Trust but verify" doesn't mean you should give strangers your SSN.
I agree that this nuance is lost within the turn-of-phrase, but omitting the trust part doesn't seem to me like a good way to build a collaborative society. Companies are just people.
Yes, of course trust is a spectrum, and socially important, etc. But none of that answers my question: In the case of "trust but verify", how does this trust manifest in a provable way?
Consider it like this: For me, trust is feelings/thoughts. I might trust you a little, a lot, etc. But for you, my trust can only be demonstrated by my actions, because you can't peer inside my head and tell whether I'm genuinely trust you, or I'm only claiming to.
"Trust but verify" recommends adopting a mindset of trust but a pattern of behaviour externally indistinguishable from distrust. If I'm verifying everything you do, that does't signal trust, whatever the reasons I might give for it.
The trust part is me trusting you to want to do the right thing. The verify part is me checking that nothing went wrong - either through a mistake on your part, a misunderstanding on mine, or just the signal loss from the fact that human communication is imperfect.
You've just restated the original post and ignored my question. Again: how does this definition of supposed trust differ from distrust in any verifiable way?
Trust but verify: I will trust you will do X, and will do Y in return, but I will verify that you are actually doing X. Example: mutual disarmament treaties with Soviet Union, Iran nuclear deal.
Don't trust: I will not even engage with you and will not do Y. Example: the belief by some that US should not engage in high-level diplomatic talks with North Korea on disarmament because North Korea has no incentive to follow through on its promises.
It seems to me that the range of human error is rarely smaller than that of malice, so again I'm not sure there will be much apparent difference between an exhaustive verification of either sort.
If you suspect bad faith (i.e. don't trust someone) you don't even get in business. If you trust someone but verify their work, you get in business but still limit damage if they turn out to act in bad faith.
It is, but also carries a clear message; I think that dichotomy is why it's been such an enduring phrase.
The term became well known in the US during the cold war, in the context of arms treaties. The US and Russia were making agreements that relied on at least the appearance of, and some degree of actual, trust. Meanwhile they were undertaking extensive efforts to check if the other party was actually following their obligations.
No idea, was just messing around. If one really were to do this, the best way would probably be to trick them into employing you, and then verify from the inside (and even then, good luck!). I do believe it's going to be an issue in the future, if it isn't already one. Even as a government, how do you really make sure that company X erases the data?
