Loading...
Identity
Am I a human? Or am I a bot?
December 15th, 2024

Am I a human? Or am I a bot?

I recently watched Terminator 2 – what a great film! 😊 

The scene where the T-800 makes the phone call impersonating the voice of John Connor really did predict the future. Who thought we’d be living this threat IRL today? In addition to many, many spam emails, today I received a phishing phone call from my ‘HR Department’ asking me to share sensitive information. 

The threat from AI Deep Fakes is REAL and growing exponentially. Conversely, the attack vector has increased, we are able to work 100% remotely and expected to be able to complete operational processes, including those handling sensitive information 100% digitally. 

How can we verify that a person (that sounds exactly like a person we know) is indeed a person? 

Eve Maler's research in: ‘Personhood: The Killer Credential’, finds the personhood credential to be a strong contender, acknowledging the limitations of how we identify ourselves today: 

"Traditional “I-am-me” identity credentials are pretty demanding to use in terms of both technology and experience, and AI-generated content, deepfakes, and automated systems are making it extra-difficult to prove who's real online." (https://lnkd.in/eBdiBBHd)

The Personhood credential does not necessarily reveal your entire identity but could confirm ‘is a person’ or ‘is a bot’. The best way to create, issue and validate Proof of Personhood credentials are not yet clear. Human activities such as smartphone interactions and use of passkeys are potential ways to validate ongoing Human versus Bot status.

For now, one way to test a Bot is to ask a knowledge-based question that only the human you are talking to would know. This technique is called dynamic knowledge-based authentication. 

Interestingly, there is an example of this in Terminator: The Sarah Connor Chronicles. A security measure is used to confirm if someone is a human or a Terminator during phone calls. This system involves a code phrase being exhanged during the call, the idea is that the code is understood and responded to by humans but would be difficult for a Terminator, which lacks full human nuances, to reproduce correctly.

About The Author
Lynsey Dunn is an IAM Consultant and Certified Okta Consultant at Distology Studios, bringing extensive Risk Analyst experience from previous positions at Deutsche Bank and Morgan Stanley.