Although Artificial Intelligence has been a growing field for decades, its possibilities for both good and evil have become more apparent in the last few years, culminating with the launch of ChatGPT-3 in November of 2022. It was this event that truly brought AI to the mainstream and made it a must-have topic of conversation at every dinner table and social gathering. AI applications can converse with us (e.g. ChatGPT), allow us to generate incredible images from text (e.g. Midjourney and DALL-E 2), and even easily allow us to create deep-fakes (e.g. DeepSwap) in a matter of minutes (in “A quick and sobering guide to cloning yourself” Ethan Mollick, an Associate Professor at The Wharton School, demonstrates this). This is the case even with the mitigations and processes that GPT-4 has put in place, as detailed in the document titled “GPT-4 System Card”, that make it more ineffective at tasks such as phishing attacks or identifying key vulnerabilities.
With so many ways to quickly create high-quality content that could seem to come from any given person (e.g. ChatGPT allows you to create any content in the style of Matthew McConnaughey or Seinfeld), it has become more important than ever to protect yourself across all your online interactions.
There is no silver bullet to solve this issue, but in the next few paragraphs we talk about the multi-pronged approach that can move us in the right direction, and the key role that we believe IDPartner will play in it.
Viable Solutions needs to address the following three key areas.
#1 Make sure that I only interact with reputable businesses and people, the ones that I intend to interact with, so that I can avoid:
According to a survey conducted by Statista in December of 2020, 80% of US adults have consumed fake news, with about 38% of them having accidentally shared them. As AI gets better and more capable of aiding in the generation of fake news, these numbers are only likely to increase, unless we take a multi-pronged approach to help people better discern truth from lies. These prongs could include:
Human critical thinking is the last step before believing or sharing a piece of information, and we need to aid that person as she makes the decision. There is no silver bullet, with AI being both part of the problem and part of the solution, but this is something we can combat with better (and friendlier) tools and more awareness.
#2 Help me to always stay in control of my data - What I call the “last-inch problem”
#3 Protect my privacy
There are many situations where I need to share my information or authenticate myself, the most common ones are to sign-up for a service or open an account, and to sign-in to a service.
The most common ways to do this are:
There are several better ways to share information that allow it to be verified by a trusted entity, and to be shared in a privacy preserving way, such as verifiable credentials, zero knowledge proofs, or OpenID Connect for Identity Assurance. For example, I could just share that I am a resident of California, and over 18 years of age, instead of my full address and DOB.
IDPartner has developed an User-Controlled Identity Marketplace that can address several of these areas
#1 Interacting with reputable businesses
IDPartner makes sure that every business joining the marketplace is fully vetted, and end-users can check that the websites they are interacting with belong to reputable businesses that are who they say they are.
One of the elements that goes into this process leverages the work done by the Bank for International Settlements and the Global Legal Entity Identifier Foundation around LEIs and vLEIS (Legal Entity Identifiers and the corresponding verifiable LEIs). There will be a strong preference for businesses to have requested their own LEI (and vLEI as they become more ubiquitous) as a prerequisite to participate in IDPartner’s Marketplace. An LEI enables a clear and unique identification of legal entities participating in financial transactions, and only businesses that go through a thorough KYB process via a Qualified LEI / vLEI Issuer (think of the likes of Bloomberg) can be part of the IDPartner Marketplace.
But the checks put in place to verify businesses by IDPartner go further, including DNS checks and other security measures during onboarding, along with the generation of real-time security signals at transaction time designed to detect any unusual and unexpected behavior that could result from a compromised entity.
This gives users the peace of mind that when they interact with IDPartner and its network of businesses, they are interacting with reputable and trusted entities.
#2 Interacting with reputable people
Having an open and easy to access Identity Marketplace allows us all to decide who we will interact with across our online experiences. We may choose to only interact with those that have identified themselves as Humans on Twitter, and this may be enough for that environment. But we may choose to only interact with a fully verified identity when we are about to sign a high-value legal contract via DocuSign or Adobe. Or maybe somewhere in between when we are setting up an in-person meeting to sell something on Craig’s List.
Going from clunky and cumbersome traditional methods to verify your identity, such as uploading your ID and taking your selfie, which can result is considerable drop-off, to IDPartner’s solution that allows the process to be completed with a couple of clicks, has the potential to be a game-changer.
#3 Last inch problem
Because we are prioritizing our work with financial institutions, users’ identities, their most precious assets, are stored and protected by the same regulated providers that protect many of their most valuable assets. Whether in the physical or digital world, they make sure it is you, and only you, that has access to your assets.
#4 Protect my privacy
IDPartner protects end-user privacy by ensuring that their verified information is only shared with reputable businesses in a privacy preserving way - whether it is via verifiable credentials, zero knowledge proofs, OpenIDConnect for Identity Assurance, or SD-JWS standards -, working to limit the information shared based on the need of each specific use case, and giving the person the final say with regards to the data that is actually exchanged. in many ways, for example, Verifiable Credentials and Zero-Knowledge Proofs, therefore allowing users to share the minimal required information to achieve their end goal. There are several better ways to share information that allow it to be verified by a trusted entity, and to be shared in a privacy preserving way, such as verifiable credentials, zero knowledge proofs, or OpenID Connect for Identity Assurance.
Identity is the foundation for all other activities, and IDPartner provides an extensible Identity Platform
There are many services that could be built on top of the Custodial Wallets that we enable, and more generally, on top of the IDPartner Marketplace. A couple (of the many) that we are particularly excited about are:
As the saying goes “If you solve identity, everything else is just accounting.” This often-used quote suggests that once identity is effectively managed, the remaining aspects of online transactions, such as payments, become (comparatively) simple matters of accounting. And we could not agree more.
Per Visa’s “2023 Global Ecommerce Payments and Fraud Report”, globally, merchants continue to spend about one-tenth of their annual ecommerce revenue to manage payment fraud, and even after all the spend, they lose 3% of digital revenue to fraud. A 13% tax on revenue is a very heavy burden.
With the proliferation of peer-to-peer (P2P) payment methods, and the rampant fraud associated with them, this number may very well increase. Visa+ - Visa’s new solution that wants to become the connecting infrastructure layer in the world of digital wallets and P2P apps - has the potential to exponentially increase the utility of these wallets by enabling the interoperability between them. It also has the potential to exponentially increase the fraud, unless it adds some layer of protection, or even better, privacy-protecting identity enabled directly at the infrastructure level.
#2 AI-Powered Agents
Identity and Payment experts such as David Birch have been talking about Economic Agents for a very long time. It is great for Government Agencies, Businesses and Merchants to have AI-powered bots to interact with their customers, but the true revolution will be when the customers also have their own AI-powered bots to interact with them.
These days are not just fast approaching, they seem to have already arrived, at least as experimental models… AutoGPTis an open-source application that uses OpenAI’s API to automate the execution of multi-step projects. Its GitHub repo page describes it by saying that it “chains together LLM ‘thoughts’, to autonomously achieve whatever goal you set”.
In a world where humans will be represented by AI - I honestly cannot wait to try Trish.SocialMediaPro, Trish.TrafficTicketNegotiator and Trish.TaxExpert, alongside the good-old Trish.Human - having a way to legitimize my bots as my representatives and different from random non-human-related bots, becomes a pressing matter. Would embedding my Human identity into them be the right path?