Biometrics theft in multiverse a distant thought for big thinkers
An unrelated pair of articles published days apart illustrate what the world is up against when it comes to safeguarding digital identities.
One report, published this month in the United Kingdom trade publication Tech Monitor, claims 5 million bot-collected authentic digital IDs are for sale on the dark web right now.
The second comes from the World Economic Forum, an international industry-government think tank that spends no small amount of time considering the promise and challenge posed by technology.
It is a disappointing beginning to a disappointing article because it begs the question: Who needs to hear that message? Libertarians, contrarians and anarchists will disagree, but most everyone else who knows what is at stake also knows an effective vault system of some sort is needed now.
Certainly, few who even skimmed the Tech Monitor story would disagree.
According to reporting by the publication, bot markets exist to sell digital identities that include face and fingerprint biometrics. Indian citizens make up the biggest population, apparently. There are 600,000 Indian IDs just waiting for a new home.
Other nations being victimized more than others are the United States, France, Brazil, Italy and Spain. The research reportedly looked at what are considered the top three bot markets in the world: the Russian and Genesis markets and 2Easy.
The figures are from marketing research compiled by NordVPN, which has a dog in this fight, of course. Its executives want everyone huddled on a virtual private network. And there is at least one basic mistake in the Tech Monitor. (There are not 719 nations on Earth.)
But there can be no doubt that some insane number of stolen IDs from around the world is for sale and that that number is growing.
So, what does the forum say needs to be done? One of the virtues of the World Economic Forum is that problem-solvers can rub elbows without having to necessarily look at a situation from a particular national viewpoint.
And ideas can be washed through all the conversations, through the staff, academics and scientists and out to the world in reports. Most of those reports stand up well because of all the relatively non-political, non-aligned conversations that start so many balls rolling.
That is not this report, and it shows how far the world is from more-effective protection.
The authors say the metaverse will require unique solutions to identity fraud if its proponents want to see it become the next internet (for whatever that is worth). In fact, they are so focused on the need to manage, police and protect the metaverse for the metaverse’s sake that they miss the most fundamental concern about the metaverse.
Whatever someone feels about the prospect of a metaverse, it cannot be argued that the world does not need another insecurity vector in the form of another chaotic notional world.
Security gaps in a metaverse will only fill more bot markets, this time probably overstuffed with irreplaceable biometric identifiers.
Anyone in 2022 trying to convince that digital identity has to be regulated in the metaverse – or any ‘verse – does not recognize the scale of the fraud threat that the world already faces.