Back in February, deepfake technology was used to steal $25 million dollars:
A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.
The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom w
Open AI has tech to clone someone’s voice in instants. They haven’t released it and aren’t going to, but that will only slow the revolution.
I suspect this will mean a return to in-person meetings for any important decisions. Outside of corporations and businesses, this will include you having to physically go to your bank to move or withdraw significant amounts of money.
In court cases it may lead to a return to pre-photography evidentiary standards: do you have a witness and/or physical evidence plus a chain of custody? A picture or a video will mean nothing.
With respect to decision-making an attempt will be made to get around this by using codes and passwords, but that won’t work very well. As the modern world has proved, any password or code that’s on a computer system is not secure.
All of this means, ironically, a partial regression: electronic comms won’t be trustworthy and so will be used less.
Welcome the to the past in the future.
You get what you support. If you like my writing, please SUBSCRIBE OR DONATE
Troy
When it comes to news, we’ll probably also need to return to self-curated email lists and linkrolls to discern what’s genuine.
Flaser
In this instance, I must disagree to a degree:
Electronic signatures using public key encryption have long ago provided a means of identification that’s non-trivial to bypass and would be resistant to these forms of attacks.
The fundamental barrier to their widespread use is two-fold:
– They require either a national or corporate infrastructure (providing certificate authority servers) beyond the mere technology deployed to users
– Education, as how this works is *non*-trivial and users can easily fool themselves or misunderstand what the tech can or can not prove.
Unlike a lot of bullshit in tech, this area of computing always came with a lot of up-front caveats highlighting its limitations:
– Security can be only guaranteed if a number of prerequisites are fulfilled
– Security is quantifiably assured – with existing computation capabilities and techniques it shall persist for a given period of time
I could start enumerating these, but the specifics are irrelevant for my argument: this isn’t some “brand-new” (snake-oil) solution, but a mature area that has explored limitations.
This tech is already in use all over our world, however it typically protects infrastructure and devices and tends to break down at the last step: the user.
As the average layman has difficulty grasping even the basics of how it works, most tech is forced to adopt less secure, more ergonomic means of authentication. (Passwords, etc).
One potential, “easy” solution is using HW keys, like the various FIDO devices that are starting to be used more and more, exactly because organizations are realizing the limitations of password based solutions.
Ian Welsh
If a solution is too complicated for users, it’s too complicated. HW FIDO keys seem somewhat more likely.
GrimJim
I for one welcome the forthcoming Butlerian Jihad, and would like to remind the jihadis that I’ve always been a fellow Luddite at heart…
Purple Library Guy
I wonder if we’ll see some kind of tendency towards intranets that don’t face the wider internet, like, at all. With wireless and/or satellite technology I’m not sure these would have to be geographically local.
Purple Library Guy
Thinking a bit further . . . I’m not sure the impact will be as huge as you’d expect, certainly not initially. If people were as intolerant of insecurity as all that, Windows would never have spread to become a major operating system. And, fooling some flustered guy in real time is not the same as fooling a lawyer’s expert witness with analytical software. It may be that “deep fakes” are currently undetectable, but I’m not convinced of it, and that’s more an “arms race” kind of thing. If deep fakes are only sorta-maybe-sometimes undetectable, video will continue to be evidence, just not as conclusive.
Passwords have been not-all-that-reliable for decades now, and people still use ’em. Lately for work and banking they’ve been doing the multi-factor-authentication thing, I’ve got a little dealie on my keychain that makes a number-for-this-moment-of-time when I press the button. Even if that turns out not to be totally secure, I bet people will keep acting like it is for a few years yet.
As to certain well defined, robust security solutions reliant on solid encryption, whether it’s things that work kind of like passwords or it’s crypto-currency . . . aren’t those only reliable until quantum computing exists? And doesn’t quantum computing, like, already exist?
Carborundum
I suspect that what one will see is more widespread use of ongoing signing of imagery. It is already the norm in some contexts for imagery to be digitally signed as it is being collected. Essentially it is a guarantee that the imagery was collected with a specific instrument and that the file has not been modified since collection. They are obviously human built systems and there will doubtless prove to be means of attack, but I don’t think we’re exactly going to end up in a situation where video is forensically useless.
What will be useless is anything that Joe-blow sees on the Internet. The big change is that there will be a lot more better constructed imagery to prove anything one wants. That said, I’m not so sure that changes much. We’re already at the point where people only believe imagery when it validates what they want to believe, this is just that with better production values.
Flaser
@Purple Library Guy
Quantum computing exists only so far as fusion power does.
We can do it, but it’s nowhere near feasible to deploy it at scales for most useful purposes.
Neither would it be the end of all forms of encryption either, as quantum *based* encryption is another heavily studied area.
The downside though is the latter is nowhere near as cheap nor ubiquitously deployable as public-key encryption is.
Flaser
@Carborundum
Signing proves only one thing – whoever signed the piece of data was in possession of the private key necessary for doing so. No other information can be guaranteed based on the fact alone.
You’d need another unique piece of information that’s tied to the place and time of signing that cannot be falsified. Unfortunately we have no such information source.
(In Ian Bank’s sci-fi series, the “Culture” the hyper-advanced “Minds” – their top of the line AI – can produce such proof.)
By comparison, identity can be assured, as it is within the owner’s vested self-interest to keep the private-key (and the pair of primes used for generating it and the public key) secret.
In fact, a big reason for needing an infrastructure is to facilitate key/certificate revocation as only with this do users have a means of curtailing abuse of a potentially leaked private key.
(E.g. you need a public ledger of valid public keys/certificates).
Oakchair
I for one welcome the forthcoming Butlerian Jihad,
————-
The Prophet Herbert. He foretold that the real danger of thinking machines was they would cause humanity to forgo with thinking altogether. Enslavement would quickly follow. Our masters directly or indirectly would be those who built the thinking machines.
He was optimistic though because we don’t have sentient machines, and we’re already letting them do our thinking, and mindlessly bowing to their will.
——
In court cases it may lead to a return to pre-photography evidentiary standards:
——
For the oligarchs sure. For the rest of us go look at cell phone videos of police to see the standards you’ll be given.
joe
My cousin flew from Mexico to the states and bought a bag of chips at gas station. He immediately got a message on his phone that 10000 pesos has been taken from his account because a foreign transaction had occured. He got on the phone right away and called the bank. Twenty minutes on hold later the bank answered and told him he could have the difference back in a couple of weeks. They were keeping the cash as security till the transaction cleared. Meanwhile he was without any money. No doubt the bank loaned out his cash and collected the interest. Cover thy ass and to hell with the weak is the mantra of the corporates. They will make this identity insecurity work for them too.
Willy
While my virtual boss might miss my own A.I. self, I predict that Elon Musk’s X-criments will suddenly be coming across as intelligent, save the occasional ‘third arm’ equivalent or two.
As a kid I ran into Frank Herbert shopping at a Seattle supermarket. I blew my grand chance at gaining a bit of guru wisdom thanks to my own befuddled brain not being able to quickly connect his physical self with the one newspaper photo I’d seen. Today I would’ve used that Google photo recognition thingy, then gone right into discussing the scope and limits of Butlerian Jihads.
But yeah, A.I. will be used to leverage one’s own intelligence at every level. I worry that the PTB will start coming across as “plans within plans“ brilliant, instead of the greedy, corrupt and stupid folly they’ve usually been.
bruce wilder
Someone invited me to a professional horse racing meet once and I began fantasizing about beating the touts at betting the horses. Like roulette tables, it is remarkably complicated.
Fakes won’t end anything. People love fakes. And, they love magicians. And, the pointless complexity of gamification. Detecting fakery is an intriguing challenge as is trying “to figure out what is really going on”.