Digital Transactions Authoritative, insightful and timely information for payments professionals
There are hundreds of cybersecurity companies offering products designed to protect us from identity theft by requiring us to prove our identity through biometrics and unscripted behavior.
These products claim efficacy against today’s threats. Many of them even grow and prosper as they defeat a great deal of contemporary fraud. The problem, though, is that the cyber threat is about to leapfrog into new dimensions that will overwhelm today’s cyber defense. The lethal combination of artificial intelligence and “Deep Fake” will create phony remote identities so convincing that your mother would be fooled.
I’ll get to Deep Fake in a moment. Artificial intelligence, or AI, can study a person’s behavior, identify an underlying pattern, and use this pattern to mimic that person’s behavior with stunning accuracy. AI keeps improving. Soon enough, all the many products that identify intruders and fraudsters through their behavior will be outsmarted by AI engines that grow increasingly faithful to the behavior of their victims.
Deep Fake technology takes a still picture of a person and constructs a believable video of that person talking and moving. Put this technology together with AI, and you face a threat of unprecedented proportions. Each of us could be seen on a fake video speaking with our characteristic voice and reacting in ways that convince even those who know us intimately that what they see is authentic.
Some even theorize that criminals could dispose of some individuals and then build virtual replacements of the “evaporated” persons, each committing crimes. If the fraud is discovered, there is no one to hold accountable.
I’m drawing this to your attention, but I fear a column like this will not shake up our cyber defenses. I’ve come to realize that security measures are often either for show or for providing a plausible defense when breached. Or they’re a panic-driven counter measure that’s burdensome, expensive, and inefficient.
Still, let’s look at some effective counter measures.
The key principle for tomorrow’s cyber defense is “physical anchorage.” Let’s use an aviation analogy: planes fly high and fast for long hours and in all sorts of weather—but they all took off from a tarmac, and after doing their business in the air they all land on terra firma. Cyberspace is the plane. It must take off and land in a physical reality.
Take a look at networks where nodes can be freely formed and claimed to be distinct individual entities. You will find fraud, fake news, trolls, and so on. Blockchain technology will not cure this affliction. Networks where nodes need to prove their identity offline, and then reaffirm it when they leave the network, are much more secure.
The growing use of biometrics reflects this trend toward physical anchorage for cyberspace. The skin of your thumb expresses data non-digitally, and it is up to us how many bits to use to represent it. In other words, chemistry is an inexhaustible source of digital data. The big issue with biometrics, though, is that once your fingerprint is compromised, it is forever compromised.
New technologies promote artificial biometrics, where people will use a manufactured “finger,” which is activated by its owner’s biometric, but where the data sent to the cloud is from the replaceable “finger.” The biometric verification is done locally in the manufactured finger. It is not transacted over the Internet.
Networks will mushroom over a skeleton construction where communication is transacted between physical stations that are smart enough to destroy their content when tampered with.
In this way, the integrity of the future cyberspace will depend on mooring it to the physical space at multiple contact points.
