FYI: Sounds to good to be completely true. https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud youtu.be
What is their experience in Identity Management is always my first question? Then, do they actually understand what an Identity is? How do they link the Human Being to the SSI and can they prove there is ZERO Synthetic Identities on their system? Lots of individuals and institutions have started in the IDV market believing you are just a combination of digital data that can be collected from anywhere and taking a picture with a device of yourself and some kind of Identity document. You are firstly a Human Being before you are something digital and SSI is of no value on any platform that does not prevent Deep Fake Synthetic Identities to be onboarded onto their system. Kindest regards Dawid Jacobs <file:///C:/Users/Dawid%20Jacobs/AppData/Roaming/Microsoft/Signatures/dal-id entity.com> From: jim pasquale <jimpasquale@gmail.com> Sent: Tuesday, November 21, 2023 4:26 PM To: dg-deepfakesidv@kantarainitiative.org Subject: [DG-DeepfakesIDV] Dee[fake and SSI FYI: Sounds to good to be completely true. <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be
Jim, It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn. I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality. -Heather On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com> wrote:
FYI: Sounds to good to be completely true.
[image: maxresdefault.jpg]
Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>
This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation. On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com> wrote:
Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com> wrote:
FYI: Sounds to good to be completely true.
[image: maxresdefault.jpg]
Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold; - is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled? On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com> wrote:
This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation.
On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com> wrote:
Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com> wrote:
FYI: Sounds to good to be completely true.
[image: maxresdefault.jpg]
Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar...
Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
Hi All, I got in touch with the people who did this. It is called Member Pass <https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works <https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.> . Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too). Say what you will about decentralized identity, but this is working and has been in production for years. Cheers, -Heather On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com> wrote:
Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold;
- is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled?
On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com> wrote:
This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation.
On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com> wrote:
Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com> wrote:
FYI: Sounds to good to be completely true.
[image: maxresdefault.jpg]
Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar...
Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>
Yes. I was on the team at Evernym that provided the infrastructure. Happy to answer any questions. James. On 22 Nov 2023, at 17:23, heather vescent <puissant@heathervescent.com> wrote: Hi All, I got in touch with the people who did this. It is called Member Pass<https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works<https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.>. Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too). Say what you will about decentralized identity, but this is working and has been in production for years. Cheers, -Heather On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com<mailto:seanlanzner@gmail.com>> wrote: Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold; - is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled? On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com<mailto:pieterwvaniperen@gmail.com>> wrote: This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation. On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com<mailto:puissant@heathervescent.com>> wrote: Jim, It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn. I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality. -Heather On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com<mailto:jimpasquale@gmail.com>> wrote: FYI: Sounds to good to be completely true. <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <maxresdefault.jpg> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession.
I know sometimes I sound like disagree with Jay, but I’m fully on the same page with this one 😊 (with the exception that the distributed ledger model for storage is a risk officers nightmare 😉 This type of model does work and your right has been around a while. I know lots of FI’s that have looked at this and even more spaces in manufacturing or energy, but most of them from what I’ve seen don’t really have that level of trust defined. Back to the statements that someone said: bad in, bad out in my opinion. I had a buddy that worked at Memberpass and their stuff is super cool and easy to integrate to. Denny From: Jay Meier <jay@facetec.com> Sent: Wednesday, November 22, 2023 12:45 PM To: heather vescent <puissant@heathervescent.com> Cc: dg-deepfakesidv@kantarainitiative.org Subject: [DG-DeepfakesIDV] Re: Dee[fake and SSI [External]/[Externe]<https://connect.fg.rbc.com/community/techhub/external-email-indicator> There are many examples of an SSI model that is working in the field. The issue isn’t about whether it functions. Nor is the issue about distributed ledger data storage. The issue is the appropriate level of trust that the claimant is, in fact, the actual living human that was granted privileges by the issuing authority (the credit union in this case). [cid:image001.png@01DA1D43.CC1FA050] This screenshot from that system highlights the point. “Bad data in is bad data out”…if you don’t know who you’re enrolling, you can’t know who controls the SSI credential or the device the credential is bound to. Moreover, the system says it uses face and/or finger biometrics. I promise you they refer to “device-native” biometrics supplied by the device manufacturer. But these are “Anonymous Biometrics”, which are biometric data that’s not bound to verified identity data anywhere AND can be replaced with anyone’s biometric data, who has the device PIN. In this system, the very best applicant identity verification is weak at best and provisioning can only be done in the credit unions office. It can’t be done remotely, because you have absolutely no idea of who is supplying the verifiable identity data and who is in control of the device the credentials will be provisioned to. This exact vector is being used to commit identity frauds and breaches today. Under these circumstances, the system effectively enables fraud, by allowing for the enrollment of a fraudster in the system, as a legitimate customer. And then it will authenticate that fraudster as a legitimate customer every single time, because the claimants credentials are irrefutable. Make sense? Jay On Nov 22, 2023, at 11:22 AM, heather vescent <puissant@heathervescent.com<mailto:puissant@heathervescent.com>> wrote: Hi All, I got in touch with the people who did this. It is called Member Pass<https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works<https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.>. Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too). Say what you will about decentralized identity, but this is working and has been in production for years. Cheers, -Heather On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com<mailto:seanlanzner@gmail.com>> wrote: Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold; - is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled? On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com<mailto:pieterwvaniperen@gmail.com>> wrote: This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation. On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com<mailto:puissant@heathervescent.com>> wrote: Jim, It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn. I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality. -Heather On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com<mailto:jimpasquale@gmail.com>> wrote: FYI: Sounds to good to be completely true. <maxresdefault.jpg> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV _______________________________________________________________________ If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference. Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.
Lets bring this back to the context of our AI-DeepFake group….. Here is a YouTube link for Heathers presentations and public appearances…. https://www.youtube.com/results?search_query=Heather+Vescent Remember that effectively ALL our PII is available for sale on the DarkWeb. That along with these videos provide all the training information that a novice AI-deepfake hacker needs to build a deepfake of Heather. (Im not picking on Heather. I have a similar youtube listing of speeches/interviews, etc.) The point here is that todays AI can easily build a virtual 3D video and vocal representation (DeepFake) of almost anybody. That same AI system can be designed so that the deepfake answers questions and follows commands, that might be presented in a remote identity verification, before a SSI/VC/mDL credential is provisioned. This is exactly what happened here….. https://securityaffairs.com/150981/hacking/retool-smishing-attack.html There are many other examples. Jay Meier Senior Vice President - North American Operations jay@facetec.com | 612-978-3687 www.FaceTec.com <http://www.facetec.com/> | www.Liveness.com <http://www.liveness.com/> | www.SpoofBounty.com <http://www.spoofbounty.com/> Confidentiality Notice: This message is intended only for the use of the Addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. Please erase all copies of the message and its attachments.
On Nov 22, 2023, at 12:03 PM, Prvu, Denny (He/Him/His) <denny.prvu@rbc.com> wrote:
I know sometimes I sound like disagree with Jay, but I’m fully on the same page with this one 😊 (with the exception that the distributed ledger model for storage is a risk officers nightmare 😉 This type of model does work and your right has been around a while. I know lots of FI’s that have looked at this and even more spaces in manufacturing or energy, but most of them from what I’ve seen don’t really have that level of trust defined. Back to the statements that someone said: bad in, bad out in my opinion. I had a buddy that worked at Memberpass and their stuff is super cool and easy to integrate to.
Denny
From: Jay Meier <jay@facetec.com <mailto:jay@facetec.com>> Sent: Wednesday, November 22, 2023 12:45 PM To: heather vescent <puissant@heathervescent.com <mailto:puissant@heathervescent.com>> Cc: dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> Subject: [DG-DeepfakesIDV] Re: Dee[fake and SSI
[External]/[Externe] <https://connect.fg.rbc.com/community/techhub/external-email-indicator> There are many examples of an SSI model that is working in the field. The issue isn’t about whether it functions. Nor is the issue about distributed ledger data storage. The issue is the appropriate level of trust that the claimant is, in fact, the actual living human that was granted privileges by the issuing authority (the credit union in this case).
<image001.png>
This screenshot from that system highlights the point. “Bad data in is bad data out”…if you don’t know who you’re enrolling, you can’t know who controls the SSI credential or the device the credential is bound to. Moreover, the system says it uses face and/or finger biometrics. I promise you they refer to “device-native” biometrics supplied by the device manufacturer. But these are “Anonymous Biometrics”, which are biometric data that’s not bound to verified identity data anywhere AND can be replaced with anyone’s biometric data, who has the device PIN.
In this system, the very best applicant identity verification is weak at best and provisioning can only be done in the credit unions office. It can’t be done remotely, because you have absolutely no idea of who is supplying the verifiable identity data and who is in control of the device the credentials will be provisioned to. This exact vector is being used to commit identity frauds and breaches today.
Under these circumstances, the system effectively enables fraud, by allowing for the enrollment of a fraudster in the system, as a legitimate customer. And then it will authenticate that fraudster as a legitimate customer every single time, because the claimants credentials are irrefutable.
Make sense?
Jay
On Nov 22, 2023, at 11:22 AM, heather vescent <puissant@heathervescent.com <mailto:puissant@heathervescent.com>> wrote:
Hi All,
I got in touch with the people who did this. It is called Member Pass <https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works <https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.>.
Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too).
Say what you will about decentralized identity, but this is working and has been in production for years.
Cheers,
-Heather
On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com <mailto:seanlanzner@gmail.com>> wrote: Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold;
- is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled?
On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com <mailto:pieterwvaniperen@gmail.com>> wrote: This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation.
On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com <mailto:puissant@heathervescent.com>> wrote: Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com <mailto:jimpasquale@gmail.com>> wrote: FYI: Sounds to good to be completely true.
<maxresdefault.jpg> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.
Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.
Yeah, I just created a ChatGPT bot of David Birch and put him through my interview protocol and had him write an article on Deep Fakes. Good? Bad? If you use my likeness to create porn, and not give me the money from it without my consent, then I might be upset. (By far the main reason deep fakes are used on women.) But if you use my work to create a version of me in your pocket, to answer questions about the future, to help assuage your fears about what tech might be or hear provocative ideas about the future of money, payments, technology, security or digital identity is that so bad? (If you don't give me or my bot credit, yes.) Or what if I want to license a verified version of myself? What if I've attached a verifiable credential to it? Is that a deep fake? What you're fearing is already happening for romance scams and other not so nefarious purposes. The criminals are way ahead of us here. And yes Jay, you are picking on me. It's a low blow and not a good look. You are trying to put me back in a box and not talk about decentralized identity by intimidating me. -H On Wed, Nov 22, 2023 at 11:17 AM Jay Meier <jay@facetec.com> wrote:
Lets bring this back to the context of our AI-DeepFake group…..
Here is a YouTube link for Heathers presentations and public appearances….
https://www.youtube.com/results?search_query=Heather+Vescent
Remember that effectively ALL our PII is available for sale on the DarkWeb. That along with these videos provide all the training information that a novice AI-deepfake hacker needs to build a deepfake of Heather. (Im not picking on Heather. I have a similar youtube listing of speeches/interviews, etc.)
The point here is that todays AI can easily build a virtual 3D video and vocal representation (DeepFake) of almost anybody. That same AI system can be designed so that the deepfake answers questions and follows commands, that might be presented in a remote identity verification, before a SSI/VC/mDL credential is provisioned.
This is exactly what happened here….. https://securityaffairs.com/150981/hacking/retool-smishing-attack.html There are many other examples.
Jay Meier Senior Vice President - North American Operations jay@facetec.com | 612-978-3687
www.FaceTec.com | www.Liveness.com | www.SpoofBounty.com
Confidentiality Notice: This message is intended only for the use of the Addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. Please erase all copies of the message and its attachments.
On Nov 22, 2023, at 12:03 PM, Prvu, Denny (He/Him/His) <denny.prvu@rbc.com> wrote:
I know sometimes I sound like disagree with Jay, but I’m fully on the same page with this one 😊 (with the exception that the distributed ledger model for storage is a risk officers nightmare 😉 This type of model does work and your right has been around a while. I know lots of FI’s that have looked at this and even more spaces in manufacturing or energy, but most of them from what I’ve seen don’t really have that level of trust defined. Back to the statements that someone said: bad in, bad out in my opinion. I had a buddy that worked at Memberpass and their stuff is super cool and easy to integrate to.
Denny
*From:* Jay Meier <jay@facetec.com> *Sent:* Wednesday, November 22, 2023 12:45 PM *To:* heather vescent <puissant@heathervescent.com> *Cc:* dg-deepfakesidv@kantarainitiative.org *Subject:* [DG-DeepfakesIDV] Re: Dee[fake and SSI
[External]/[Externe] <https://connect.fg.rbc.com/community/techhub/external-email-indicator> There are many examples of an SSI model that is working in the field. The issue isn’t about whether it functions. Nor is the issue about distributed ledger data storage. The issue is the appropriate level of trust that the claimant is, in fact, the actual living human that was granted privileges by the issuing authority (the credit union in this case).
<image001.png>
This screenshot from that system highlights the point. “Bad data in is bad data out”…if you don’t know who you’re enrolling, you can’t know who controls the SSI credential or the device the credential is bound to. Moreover, the system says it uses face and/or finger biometrics. I promise you they refer to “device-native” biometrics supplied by the device manufacturer. But these are “Anonymous Biometrics”, which are biometric data that’s not bound to verified identity data anywhere AND can be replaced with anyone’s biometric data, who has the device PIN.
In this system, the very best applicant identity verification is weak at best and provisioning can only be done in the credit unions office. It can’t be done remotely, because you have absolutely no idea of who is supplying the verifiable identity data and who is in control of the device the credentials will be provisioned to. This exact vector is being used to commit identity frauds and breaches today.
Under these circumstances, the system effectively enables fraud, by allowing for the enrollment of a fraudster in the system, as a legitimate customer. And then it will authenticate that fraudster as a legitimate customer every single time, because the claimants credentials are irrefutable.
Make sense?
Jay
On Nov 22, 2023, at 11:22 AM, heather vescent <puissant@heathervescent.com> wrote:
Hi All,
I got in touch with the people who did this. It is called Member Pass <https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works <https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.> .
Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too).
Say what you will about decentralized identity, but this is working and has been in production for years.
Cheers,
-Heather
On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com> wrote:
Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold;
- is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled?
On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com> wrote:
This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation.
On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com> wrote:
Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com> wrote:
FYI: Sounds to good to be completely true.
<maxresdefault.jpg> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.
Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>
Wholeheartedly agree with Jay's analysis here. These are the exact issues I have faced when attempting to build this before. The sync of trust between device and vendor driven bios and witnessed bios(which have their own reliability issues) make the trust path vulnerable On Wed, Nov 22, 2023, 12:45 Jay Meier <jay@facetec.com> wrote:
There are many examples of an SSI model that is working in the field. The issue isn’t about whether it functions. Nor is the issue about distributed ledger data storage. The issue is the appropriate level of trust that the claimant is, in fact, the actual living human that was granted privileges by the issuing authority (the credit union in this case).
[image: image0.png]
This screenshot from that system highlights the point. “Bad data in is bad data out”…if you don’t know who you’re enrolling, you can’t know who controls the SSI credential or the device the credential is bound to. Moreover, the system says it uses face and/or finger biometrics. I promise you they refer to “device-native” biometrics supplied by the device manufacturer. But these are “Anonymous Biometrics”, which are biometric data that’s not bound to verified identity data anywhere AND can be replaced with anyone’s biometric data, who has the device PIN.
In this system, the very best applicant identity verification is weak at best and provisioning can only be done in the credit unions office. It can’t be done remotely, because you have absolutely no idea of who is supplying the verifiable identity data and who is in control of the device the credentials will be provisioned to. This exact vector is being used to commit identity frauds and breaches today.
Under these circumstances, the system effectively enables fraud, by allowing for the enrollment of a fraudster in the system, as a legitimate customer. And then it will authenticate that fraudster as a legitimate customer every single time, because the claimants credentials are irrefutable.
Make sense?
Jay
On Nov 22, 2023, at 11:22 AM, heather vescent <puissant@heathervescent.com> wrote:
Hi All,
I got in touch with the people who did this. It is called Member Pass <https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works <https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.> .
Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too).
Say what you will about decentralized identity, but this is working and has been in production for years.
Cheers,
-Heather
On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com> wrote:
Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold;
- is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled?
On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen < pieterwvaniperen@gmail.com> wrote:
This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation.
On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com> wrote:
Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com> wrote:
FYI: Sounds to good to be completely true.
<maxresdefault.jpg> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar...
Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
Heather (and everybody)….please accept my apology, if I’ve offended you or anyone with my example. The truth is that I only used your youtube feed as an example, because you brought the MemberPass example and because I know you’ve done a lot of speaking. I promise you that I meant no offense, nor manipulation. I humbly apologize for insulting you. Jay Meier Senior Vice President - North American Operations jay@facetec.com | 612-978-3687 www.FaceTec.com <http://www.facetec.com/> | www.Liveness.com <http://www.liveness.com/> | www.SpoofBounty.com <http://www.spoofbounty.com/> Confidentiality Notice: This message is intended only for the use of the Addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. Please erase all copies of the message and its attachments.
On Nov 22, 2023, at 12:25 PM, Pieter VanIperen <pieterwvaniperen@gmail.com> wrote:
Wholeheartedly agree with Jay's analysis here. These are the exact issues I have faced when attempting to build this before. The sync of trust between device and vendor driven bios and witnessed bios(which have their own reliability issues) make the trust path vulnerable
On Wed, Nov 22, 2023, 12:45 Jay Meier <jay@facetec.com <mailto:jay@facetec.com>> wrote:
There are many examples of an SSI model that is working in the field. The issue isn’t about whether it functions. Nor is the issue about distributed ledger data storage. The issue is the appropriate level of trust that the claimant is, in fact, the actual living human that was granted privileges by the issuing authority (the credit union in this case).
This screenshot from that system highlights the point. “Bad data in is bad data out”…if you don’t know who you’re enrolling, you can’t know who controls the SSI credential or the device the credential is bound to. Moreover, the system says it uses face and/or finger biometrics. I promise you they refer to “device-native” biometrics supplied by the device manufacturer. But these are “Anonymous Biometrics”, which are biometric data that’s not bound to verified identity data anywhere AND can be replaced with anyone’s biometric data, who has the device PIN.
In this system, the very best applicant identity verification is weak at best and provisioning can only be done in the credit unions office. It can’t be done remotely, because you have absolutely no idea of who is supplying the verifiable identity data and who is in control of the device the credentials will be provisioned to. This exact vector is being used to commit identity frauds and breaches today.
Under these circumstances, the system effectively enables fraud, by allowing for the enrollment of a fraudster in the system, as a legitimate customer. And then it will authenticate that fraudster as a legitimate customer every single time, because the claimants credentials are irrefutable.
Make sense?
Jay
On Nov 22, 2023, at 11:22 AM, heather vescent <puissant@heathervescent.com <mailto:puissant@heathervescent.com>> wrote:
Hi All,
I got in touch with the people who did this. It is called Member Pass <https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works <https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.>.
Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too).
Say what you will about decentralized identity, but this is working and has been in production for years.
Cheers,
-Heather
On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com <mailto:seanlanzner@gmail.com>> wrote:
Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold;
- is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled?
On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com <mailto:pieterwvaniperen@gmail.com>> wrote:
This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation.
On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com <mailto:puissant@heathervescent.com>> wrote:
Jim,
It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn.
I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality.
-Heather
On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com <mailto:jimpasquale@gmail.com>> wrote: > FYI: Sounds to good to be completely true. > > <maxresdefault.jpg> > Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud > youtu.be > <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK>Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> > youtu.be <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> > > _______________________________________________ > A Community Group mailing list of KantaraInitiative.org > DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> > To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> > List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... > ______ > Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV >
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
-- Heather Vescent <http://www.heathervescent.com/> President, The Purple Tornado, Inc <https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update <https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies <https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity <https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/>
@heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
_______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org <mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
<image0.png><image0.png>
Yup. There are many working examples of SSI that have weak leveld of identity insurance. C. Maxine Most Principal, Acuity Market Intelligence www.acuitymi.com +1 720 530 5836 On Nov 22, 2023, at 11:31 AM, Pieter VanIperen <pieterwvaniperen@gmail.com> wrote: Wholeheartedly agree with Jay's analysis here. These are the exact issues I have faced when attempting to build this before. The sync of trust between device and vendor driven bios and witnessed bios(which have their own reliability issues) make the trust path vulnerable On Wed, Nov 22, 2023, 12:45 Jay Meier <jay@facetec.com<mailto:jay@facetec.com>> wrote: There are many examples of an SSI model that is working in the field. The issue isn’t about whether it functions. Nor is the issue about distributed ledger data storage. The issue is the appropriate level of trust that the claimant is, in fact, the actual living human that was granted privileges by the issuing authority (the credit union in this case). [image0.png] This screenshot from that system highlights the point. “Bad data in is bad data out”…if you don’t know who you’re enrolling, you can’t know who controls the SSI credential or the device the credential is bound to. Moreover, the system says it uses face and/or finger biometrics. I promise you they refer to “device-native” biometrics supplied by the device manufacturer. But these are “Anonymous Biometrics”, which are biometric data that’s not bound to verified identity data anywhere AND can be replaced with anyone’s biometric data, who has the device PIN. In this system, the very best applicant identity verification is weak at best and provisioning can only be done in the credit unions office. It can’t be done remotely, because you have absolutely no idea of who is supplying the verifiable identity data and who is in control of the device the credentials will be provisioned to. This exact vector is being used to commit identity frauds and breaches today. Under these circumstances, the system effectively enables fraud, by allowing for the enrollment of a fraudster in the system, as a legitimate customer. And then it will authenticate that fraudster as a legitimate customer every single time, because the claimants credentials are irrefutable. Make sense? Jay On Nov 22, 2023, at 11:22 AM, heather vescent <puissant@heathervescent.com<mailto:puissant@heathervescent.com>> wrote: Hi All, I got in touch with the people who did this. It is called Member Pass<https://www.memberpass.com/>. Moderately successful with 20 credit unions and many millions of members. More details on how it works<https://www.memberpass.com/about-memberpass/#:~:text=Recent%20advancements%20in%20blockchain%20technology,public%20key%20for%20the%20DID.>. Reading the info, looks like they may set up the account in a member branch, using a specific app based wallet to hold the credential, which can then be used in person or online (and I might think in the metaverse scenario too). Say what you will about decentralized identity, but this is working and has been in production for years. Cheers, -Heather On Tue, Nov 21, 2023 at 9:22 AM Sean Lanzner <seanlanzner@gmail.com<mailto:seanlanzner@gmail.com>> wrote: Bad in, bad out is certainly a useful way to frame it. As Pieter says, the challenge with the VCs is multifold; - is the ID legitimate? Tons of good fakes, especially in the US - is the person in the selfie being compared to the ID a real live individual? - how to continuously authenticate the owner of the VC held within a device or wallet is the same one who enrolled? On Tue, Nov 21, 2023 at 10:09 Pieter VanIperen <pieterwvaniperen@gmail.com<mailto:pieterwvaniperen@gmail.com>> wrote: This is not unlike other methods that have been designed. The problem here is at the initiation of linking the crypto assurance with the Identity. It's a garbage in garbage out problem. If the wallet is setup with a deep fake and a faked doc which matches each other, the assurance is now attached to the deep fake. So what assures the identity is authentic at initiation. On Tue, Nov 21, 2023, 10:01 heather vescent <puissant@heathervescent.com<mailto:puissant@heathervescent.com>> wrote: Jim, It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn. I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality. -Heather On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com<mailto:jimpasquale@gmail.com>> wrote: FYI: Sounds to good to be completely true. <https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> <maxresdefault.jpg> Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV <image0.png> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV
I think your example is makes it more complicated from what I’ve seen. Before we use to do voice auth for call centres and things, but as the financial space is changing, people are now conducting transactions as avatars and digital twins. Not saying an avatar is an deep fake, but think of that meta-verse that SouthWest bank has built. Huge issue with tying my avatar in my Oculus headset to Denny so I can buy a gift card in the meta verse. I think back to Jim’s point, “what is an identity” may have to be redefined. Denny From: heather vescent <puissant@heathervescent.com> Sent: Tuesday, November 21, 2023 10:01 AM To: jim pasquale <jimpasquale@gmail.com> Cc: dg-deepfakesidv@kantarainitiative.org Subject: [DG-DeepfakesIDV] Re: Dee[fake and SSI [External]/[Externe]<https://connect.fg.rbc.com/community/techhub/external-email-indicator> Jim, It's not so complicated. I know Darrell O'Donnell and some Canadian banks were doing something like this for call centers in the early SSI days (like 4+ years ago). Seems doable with a wallet that holds VCs and interfaces with existing communications methods. Imagine if Signal App added a VC wallet. It's not unlike verifying your identity on LinkedIn. I'd have to dig in more than the 5 minutes I spent this morning to vet the level of reality. -Heather On Tue, Nov 21, 2023 at 7:48 AM jim pasquale <jimpasquale@gmail.com<mailto:jimpasquale@gmail.com>> wrote: FYI: Sounds to good to be completely true. [cid:image001.jpg@01DA1C65.4599C170] Using Self-Sovereign Identity to Mitigate AI Deepfake Fraud<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> youtu.be<https://youtu.be/Z5YkVll6P-8?si=Grp7TKos1qTgEXlK> _______________________________________________ A Community Group mailing list of KantaraInitiative.org DG-DeepfakesIDV mailing list -- dg-deepfakesidv@kantarainitiative.org<mailto:dg-deepfakesidv@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org<mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/dg-deepfakesidv@kantar... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/DG-DeepfakesIDV -- Heather Vescent<http://www.heathervescent.com/> President, The Purple Tornado, Inc<https://thepurpletornado.com/> ~ The Future in Present Tense ~ Columnist, Biometric Update<https://www.biometricupdate.com/?posttype=all&s=heather%20vescent> Author, The Secret of Spies<https://amzn.to/2GfJpXH> | The Cyber Attack Survival Manual<https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> | A Comprehensive Guide to Self Sovereign Identity<https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP/> @heathervescent<https://twitter.com/heathervescent> | Film Futures<https://vimeo.com/heathervescent> | Medium<https://medium.com/@heathervescent/> | LinkedIn<https://www.linkedin.com/in/heathervescent/> | Future of Security Updates<https://app.convertkit.com/landing_pages/325779/> _______________________________________________________________________ If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference. Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.
participants (9)
-
dawid@dal-identity.com
-
heather vescent
-
James Monaghan
-
Jay Meier
-
jim pasquale
-
maxine most
-
Pieter VanIperen
-
Prvu, Denny (He/Him/His)
-
Sean Lanzner