I write this post for you from 30,000 feet above France, on my way back to America from another wonderful Satoshi Roundtable event in Dubai. We are about to descend into London so I must keep my remarks short so I can put my laptop away in anticipation of the usual disembarkation scrum one encounters after a long flight.
This is the fifth post in a five-part series, the four previous ones being:
- AI Breaks the World, Crypto Fixes It;
- AI Breaks The World, Crypto Fixes it, Part II: the “AI Misinformation” problem can be completely solved by cryptocurrency-based “proof of human”;
- AI Breaks the World, Crypto Fixes It, Part III: How Crypto Can Solve the Joe Biden AI Deepfake Problem; and
- AI Breaks the World, Crypto Fixes It, Part IV: The Great Zoom Robbery.
We learn today of a website called OnlyFakes, which exists for the sole purpose of producing fake ID cards for accessing cryptocurrency exchanges or other businesses which verify ID remotely in order to confirm a user’s identity for regulatory compliance purposes.
The use-case this will likely, initially address is hacking the KYC function of offshore crypto exchanges. Crypto exchanges are not bricks-and-mortar businesses. As such, when performing KYC checks on their users they require users to present proof of their identity and locality, most often in the form of government-issued identification cards and less often in the form of proof of address like a bank statement or a utility bill.
See, e.g., this fake California ID generated by the app:
Looks a lot like the real thing, and is likely impossible for an exchange to verify.
The problem with conducting KYC verification in this way is not one which can be fixed by video calling, either. As we learned in the last entry in this series which I wrote *checks watch* two days ago, scammers can and will also deepfake live over platforms like Zoom.
As the previous posts in this series have made clear, the problem of faking one’s identity on the web is not one which is fixable with the web. No unsigned communication made over the Internet can be believed anymore. Over the Internet the AI is too good, more human than human, and cannot offer “proof of human” as such. It is not only reasonable to expect that this will soon leak out of the web-world into the real world, it is inevitable that this will happen. An AI which can convincingly fake a driver’s license can also convincingly fake a utility statement, or a bank check, or anything else, and since most utility statements are delivered by e-mail these days, a real statement and a false one will be printed on the same household printer and will likely be indistinguishable.
For now, there are only two things AI can’t fake: actual physical presence and a digital signature using a robust digital signature algorithm like ECDSA. We must combine these things and physical hardware to create a multi-factor, multi-signature proof-of-human.
Our governments must embrace cryptocurrency technology because cryptocurrency, for all its faults, is the best – and only – PKI which can even begin to serve the “proof-of-human” function our societies need in a world turned upside down by AI.