I'm human. Are you? The quest for our online identity
KnowBe4 had posted a job ad for an AI software engineer, interviewed candidates by video, conducted background checks, verified references and made an offer. But soon after the company sent a Mac workstation to the remote employee's notional address, he went rogue. The company quickly discovered he was a fake North Korean IT worker, who had used a valid, but stolen, US-based identity to land the job. He then accessed the workstation remotely from Asia via an 'IT mule laptop farm'.
Thankfully, no data was compromised but the company said it was a 'learning moment'. 'If it can happen to us, it can happen to almost anyone. Don't let it happen to you,' Sjouwerman wrote.
This scary incident highlights the difficulties of authenticating someone's identity online – even by specialist security experts. But that challenge is about to become immeasurably harder as we outsource more responsibilities to AI chatbots and agents, getting them to perform many administrative functions online, and we generate lifelike video avatars.
Up to now, the internet has mostly involved machines communicating with machines and humans interacting with humans. But increasingly those lines are blurring. We're close to the point where chatbots and avatars are all but indistinguishable from humans online. How can you be sure that you're not interacting with a synthetic human?
As is the way with Silicon Valley, some tech executives have come up with a proposed solution to the problem they have created, profiting from both sides of the transaction. Prominent among them is Sam Altman, who triggered the generative AI investment frenzy after his company OpenAI released ChatGPT in 2022.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Sign Up
Sign Up
Altman has also co-founded Tools for Humanity, which has developed an iris-verification device, a white globe about the size of a football, called the Orb. 'We needed some way for identifying, authenticating humans in the age of AGI,' he told an event in San Francisco this year. 'We wanted a way to make sure that humans stayed special and central.'
Once a user's eye is scanned, the company sends them a World ID, a global digital passport, and US$42 in Worldcoin cryptocurrency as a reward for joining the network. As of April, some 13.5 million people in 23 countries had used the Orb to generate a World ID. The service was launched in the UK last month.
The Orb is undoubtedly trying to address a real user need. But, quite apart from the scary Black Mirror vibes, it is questionable how effective the iris-scanning service will be. The need for a special machine to identify and authenticate any user (there are currently more than 1,500 Orbs in operation) makes the system clunky and expensive. The insistence on one centralised digital identity deprives a user of the freedom to have multiple, disconnected identities, raising privacy concerns. The World ID passport also risks becoming a walled garden that may not interoperate with other ID networks, such as the EU Digital Identity Wallet, which will become operational across the bloc by 2026.
Nevertheless, some security experts suggest that we are rapidly entering a world where our default assumption must be that all online counterparties are synthetic unless they can prove otherwise. That creates a need to demonstrate genuine presence online, or 'liveness', as Andrew Bud, founder of the biometric authentication company iProov, calls it.
iProov's premium service has been used more than 100million times by customers, including governments and financial services companies, through a smartphone-based facial recognition system. This shoots multicoloured lights at a user's face and analyses the reflections, verifying their identity in about 2.5 seconds.
'Digital identity is a set of facts. But trust does not reside in facts. It resides in people,' Bud tells me. That means linking those facts to a human being who controls those facts. 'And for that you're going to have to use biometrics.'
The identification and authentication of users is one of the hardest challenges we face on the internet because technology is evolving so fast, but it is critical that we meet it. The likely next threat? Masses of synthetic hackers. FINANCIAL TIMES
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
an hour ago
- CNA
Companies plan stablecoins under new law, but experts say hurdles remain
(Refiles to fix typo in paragraph 22) Financial companies from Bank of America to Fiserv are preparing to launch their own dollar-backed crypto tokens now that a new U.S. law has established the first-ever rules for stablecoins, but experts warn the path forward could be anything but simple. U.S. President Donald Trump on July 18 signed the GENIUS Act into law, setting federal rules and guidelines for cryptocurrency tokens pegged to the U.S. dollar known as stablecoins. This U.S. law, the first designed to facilitate crypto usage, could pave the way for the digital assets to become an everyday way to make payments and move money, experts said. The use of stablecoins, designed to maintain a constant value, usually a 1:1 U.S. dollar peg, has exploded in recent years, notably among crypto traders moving funds to and from other tokens, such as bitcoin and ether. Now, a slate of companies are entertaining their own stablecoin strategies to capitalize on the promise of instant payments and settlement that stablecoins offer. Payments on traditional banking rails can take several days to arrive, or take even longer across international borders. Among the companies considering stablecoins are Walmart and Amazon, the Wall Street Journal reported in June. Walmart and Amazon did not immediately respond to requests for comment. However, the new law will not immediately open the floodgates, experts said. The newfound opportunity to dabble in stablecoins can lead to numerous tricky considerations for firms, both strategic and technical. Companies have to embark on a lengthy process to deploy their own stablecoins, or decide whether it makes more sense to integrate existing stablecoins, like issuer Circle's USDC, into their business. Companies first have to decide the purpose of their stablecoins. For example, a retail platform could make a stablecoin available to customers to buy goods, which could appeal to crypto-savvy users. Some companies could use them internally for cross-border payments, given that stablecoins can enable near-instant payments, often with lower fees. How a company plans to use a stablecoin could affect whether it creates a stablecoin or works with a partner. "The intended use is going to matter a lot," said Stephen Aschettino, a partner at Steptoe. "Is this something really designed to drive customers to engage with the issuer, or is the issuer's primary motivation to have a stablecoin that is more ubiquitous?" For nonbanks, stablecoins will bring new compliance costs and oversight requirements, given that the GENIUS Act requires issuers to comply with anti-money laundering and "know your customer" (KYC) requirements. "Those that already have robust KYC risk management and regulatory change management programs or working towards implementing these program elements may have a competitive advantage," said Jill DeWitt, senior director of compliance and third-party risk management solutions at Moody's. One group likely to enjoy that advantage is banks, which are no strangers to screening for sanctions-related risks and verifying the identities of their customers. Bank of America and Citigroup are actively considering issuing their own stablecoins, the CEOs of both banks said in earnings calls last month. Others like Morgan Stanley are closely monitoring stablecoin developments. JPMorgan Chase CEO Jamie Dimon said the bank will be involved in stablecoins, without giving details. Banks need to weigh several factors before going live with stablecoins, including how holding the tokens might affect liquidity requirements, said Julia Demidova, head of digital currencies product and strategy at FIS. Banks holding assets like stablecoins on their balance sheets might be required to hold more capital under current U.S. bank rules. "The GENIUS Act is great, but if the bank is treating their stablecoin on the balance sheet under prudential banking regulation, you still need to look at the risk weight of the asset," she said. Another crucial question is how to issue stablecoins. Like other cryptocurrencies, stablecoins are created on a blockchain, a digital ledger that records transactions. Hundreds of blockchain networks exist today, two of the most popular being ethereum and solana. Both are considered public or "permissionless" blockchains because all transactions on those networks are available for anyone to see. Still, it is unclear which attribute companies issuing stablecoins would prioritize. Banks, in particular, could opt for their own private, or "permissioned," blockchains instead, Demidova said. "The banks would desire and demand that very clear governance and structure," she said. "In that permissionless environment, you don't have the governance and controls in place." Others like Nassim Eddequiouaq, CEO of Bastion, a provider of infrastructure for companies to issue their own stablecoins, see merits to permissionless blockchains. "We've seen a tremendous amount of interest for existing blockchains that have seen user adoption, that have been battle tested at scale, including during activity spikes," he said. Although the GENIUS Act has been signed into law, its effective date is potentially several years off, with federal banking regulators expected to issue rules in the meantime to fill in certain gaps. The Office of the Comptroller of the Currency, for instance, is expected to issue rules to outline several risk management and compliance requirements. Under the new U.S. framework, the Treasury Department will have to issue a rule on foreign stablecoin regulatory regimes and their compatibility with the new U.S. framework.
CNA
3 hours ago
- CNA
Stablecoin issuer Circle's revenue jumps in first quarterly results since IPO
Circle posted higher revenue and reserve income on Tuesday in its maiden quarterly results since going public in June, driven by increased circulation of its USDC stablecoin and stronger subscription services. Shares rose 13 per cent, solidifying the rally that has pushed the company's stock to more than five times its initial public offering price. Stablecoins, which are digital tokens backed by low-risk assets such as the U.S. dollar or Treasuries, have drawn increasing investor attention, especially since the Genius Act was passed last month. The law has led some analysts to speculate that the tokens could be used for cross-border remittances and as a bridge between traditional banking and digital finance. The momentum has helped companies such as Circle, which issues USDC, the second-biggest stablecoin by market value after Tether. USDC in circulation grew 90 per cent as of June 30, compared to a year earlier. Circle expects it to grow at a compounded annual rate of 40 per cent through the years. After "our IPO and the Genius Act, we're seeing an acceleration of interest, with major institutions all leaning in," Chief Financial Officer Jeremy Fox-Geen said in an interview. The company's revenue and reserve income grew 53 per cent year-over-year to $658 million, thanks to a jump in the interest it earns from the cash and short-term investments backing its USDC stablecoins. Revenue from subscription and services also rose, Circle said. It reported a net loss of $482 million, primarily due to two non-cash charges related to its IPO, including costs for employee stock awards that vested when the company went public and a higher valuation of its convertible debt following a rise in its share price.
CNA
4 hours ago
- CNA
Anthropic offers AI chatbot Claude to US government for $1
Anthropic said on Tuesday it will offer its Claude AI model to the U.S. government for $1, joining a growing list of artificial intelligence startups proposing lucrative deals to win federal contracts. This comes days after OpenAI's ChatGPT, Google's Gemini and Anthropic's Claude were added to the government's list of approved AI vendors. ""America's AI leadership requires that our government institutions have access to the most capable, secure AI tools available," CEO Dario Amodei said. Rival OpenAI had announced a similar offer last week, wherein ChatGPT Enterprise was made available to participating U.S. federal agencies for $1 per agency for the next year.
