Technology-based verification tools
Technology can help people create more sophisticated forms of misinformation, but it can also aid us in our quest to detect said information. New verification technologies - designed to confirm everything from the validity of an image to an identity - appear every day. We’ve highlighted and explored a few examples below, in addition to providing a run-down of blockchain, which has the potential to cause a sea change in the way we think about verification.
Blockchain technology is a sophisticated network system that relies on a decentralized database with no intermediaries needed. It’s a trustworthy way to guarantee peer to peer transactions. Blockchain is a records system that contains all the transactions processed in the system. It’s a “chain of blocks” that represent all the gathered and registered transaction information and connects it to new or already existent blocks.
These blocks are public, meaning that all the parties in the network have access to them, but once a block is processed it cannot be altered or erased, and if any party wants to add new information, it needs to go through a validation process.
This system is distributed, meaning it is present in multiple computers. Once a new piece of information is verified and appended, all copies are synchronized in a matter of seconds. The advantage of this is that even if a couple of computers disappear from the network for any reason, the transaction is still secured, completed and recorded in all the other thousands of computers that have the same transaction record.
To certify information for a transaction to occur in a blockchain and avoid any type of fraud, blockchain relies on a “cryptographic protocol” which validates a transaction through a mathematical challenge. If anyone tries to alter a block that was already processed and recorded, the results from the challenge will be different than the ones that the network expects, stopping the processing of the information and, consequently, its addition to the record.
Blockchain allows trades to be made one on one, without intermediate parties (such as companies and banks). With blockchain, the transaction is made possible through a high amount of software codes that run on thousands of different computers, running the same software guaranteeing the transactions.
Once the transaction is initiated, it gets logged and is verified by other parties. If all the information matches and is verified, the transaction goes through without an intermediate and gets stored. If the initial parties want to make further transactions, the information of the previous one is already embedded in the ledger. Since it’s secured by cryptography, tracking isn’t possible, and the accounting system and ledger are owned by everybody instead of just one company.
Blockchain is a persistent, transparent, public and append-only ledger, that works through a mechanism for creating consensus between scattered parties, that only need to trust the mechanism and not each other. It randomizes the process and it ensures that no one can force the blockchain to accept a particular entry onto the ledger that others disagree with. This mechanism that blockchain technology relies on, the peer to peer network, allows that any updates are recorded on the ledger and they are verified, making it impossible to alter an update after it’s recorded and, again, impossible to de-fraud.
Blockchain’s applications are linked directly to its benefits, such as:
Blockchain technology by being persistent, transparent and public, gives the users that want to make a transaction a reliable database of previous and updated records. That secure and reliable database can be used to answer certain questions about the provenance, transparency, copyright ownership, valuation and authenticity of documents, products, properties and other information.
When it comes to works of art, blockchain technology has had a significant impact on the art market, since now parties that want to purchase a work of art want to have a guarantee database that will answer specific questions about the piece and about the verifiability of the seller. This has become part of the decision-making process and has resulted on a boost of online art sales. Blockchain records can be used as a proof of intellectual property, to help verify if the party that is claiming to be the owner/producer is the actual legitimate seller.
Buying and selling works of art online was not the only benefit brought by blockchain technology in Art and Academic Institutions. The trusted certification of information records with public and distributed basis, allows the expansion of both formal and informal learning. It is especially useful when it comes to libraries and archives since blockchain technology can be used to build a system for libraries and data centers that will all be connected, and will all have the same consistent and updated records.
This technology can allow the connection of the networks of libraries and universities, supporting a skill sharing program since all the records would be public and could be used as a study case across different institutions.
Since blockchain is a distributed database, it’s possible to use this technology to distribute documents, manuals, academic articles, digitized books. Basically, blockchain can be use to distribute practically all types of information. This uniformity of information can be a groundbreaking system since it would allow records from museums, libraries and archives to cross and allow every institution to have the same information. It would be an exchange of information that can be made worldwide, giving opportunities, for example, for researchers to have more information to create their work that can be beneficial for all institutions. -ARdA
For those keeping up with current trends and events in the technology sector, it is nearly impossible to not be confronted with articles and discussions on the use of blockchain in today’s society. Even those not plugged in to technology news have likely heard of Bitcoin, the most well-known exemplar of the use of blockchain technology. While many are lauding the possibilities of blockchain, others are not so sure or ready to jump on the bandwagon. Writing for the Harvard Business Review, Marco Iansiti and Karim R. Lakhani express their reservations: “Although we share the enthusiasm for its potential, we worry about the hype.” What are the criticisms of blockchain that constitute these skeptics’ concerns?
The technical chops required employ blockchain can be considered a barrier for entry by some. Writing for Forbes, Jason Bloomberg raises concerns that the complexity of blockchain may prevent it from getting “out of the gate” when attempted to be implemented in an already heavily regulated business environment. Nouriel Roubini also notes that blockchain “lacks the kind of basic common and universal protocols that made the Internet universally accessible (TCP-IP, HTML, and so forth)”. Bloomberg additionally raises questions about the “immutability” of blockchain technologies, citing that “tamper-proof” blockchain data prevents the corrections of mistakes and is not compatible with the EU’s ‘right to be forgotten’ initiative. Bloomberg authoritatively states that we believes blockchain to be a “solution looking for a problem.”
In an interview with Vox’s Sean Illing, UC Berkeley Computer Science researcher Nicholas Weaver throws rocks at the notion of “decentralization” as it relates to blockchain’s most notable expression, Bitcoin. Weaver states that “None of the cryptocurrencies are truly decentralized… These miners are the de facto central authority in cryptocurrency exchanges.” Echoing these concerns of authority and therefore security in relation to Bitcoin, Steve Wilson argues that “Veracity of each entry rests on who controls the private key of each account,” further throwing into relief that the vision of complete decentralization is not always carried over to real-world implementation of blockchain technologies.
One of the most apparent issues with blockchain technology noted by skeptics is its lack of speed. Bloomberg explains that “... blockchain-based transactions can only complete when all parties update their respective ledgers… As ledgers grow, furthermore, people question whether they will bog down.” Steve Wilson notes that, financially, “13% of transactions can take longer than 20 minutes” and that this delay in the finalization of information can be particularly troubling for “identity management applications when resolution needs to be immediate.” If blockchain is going to be implemented in large-scale scenarios, the issue of timeliness will need to be addressed.
Despite these criticisms, it does not appear that blockchain technology is going anywhere soon. Adam Helfgott welcomes the criticisms, explaining that “only by examining such concerns can the blockchain community innovate solutions”. Dismayed by blockhain’s “broken promises”, some skeptics like Nouriel Roubini would prefer to place energy and trust in companies with “actual business models” rather than those dabbling in the implementation of blockchain technologies, but the introduction of blockchain technology does not have to be “all or nothing”. Adam Helfgott explains that, for example, “distributed purists may take issue with the concept of private blockchains because they are centralized, but there may be some cases when private blockchains are more appropriate.”
Through studying the life cycle of adoption of new technologies, Iansiti and Lakhani argue that the growing pains currently experienced by blockchain technology are due to the fact that it is expected to merely be a disruptive technology, when in reality it is a foundational technology. A disruptive technology is one “which can attack a traditional business model with a lower-cost solution”, whereas a foundational technology seeks to fundamentally alter the infrastructure upon which the current business models are built. If Blockchain is ever going to be able to become what it purports to be, it will take time. Iansiti and Lakhani go on further to say “if there’s to be a blockchain revolution, many barriers—technological, governance, organizational, and even societal—will have to fall.” This large-scale blockchain revolution may or may not ever come to fruition, but In the meantime, blockchain will more likely than not continue to be implemented in localized or smaller-scale projects, or used in conjunction with traditional record-keeping methods.
There are legitimate concerns and criticisms about blockchain. Be skeptical about the hype that evangelizes blockchain as the solution to record-keeping information verification, but keep your eyes open to the occasions where blockchain technologies do have the capability to rise to the occasion and solve these challenges. More likely than not, blockchain technologies will only continue to mature and be implemented in more innovative ways to suit the needs of various user bases. -SA
A brief visual explanation of blockchains. -ARdA
Modern life all but requires individuals to use online services to access goods and services. To do so, it is likely that the individual will be required to make an online account, which allows a user to have a personalized experience. In order to maintain that personalization, it is necessary for the individual to security as well. As online networks become more complex, and as nefarious online players gain increasingly adept hacking skills, it is necessary for service providers to move beyond the simple username and password combo.
The most common way users can verify their identity online is to provide a username and password. Knowledge-Based Authentication [KBA] may be employed by a website as an intermediary step for the user to retrieve or reset a forgotten password, or KBA might be an integral part of the identity verification process itself, in addition to a password. There are two types of KBA.
While ostensibly a user should be able to remember the sorts of information entered for static KBA questions, “a 2015 study by Google engineers found that only 47% of people could remember what they put down as their favorite food a year earlier.” There are pitfalls to the use of dynamic KBA as well. A Tennessee student who was able to figure out Sarah Palin’s Yahoo address was then able to reset login credentials because the dynamic KBA questions were easily googleable. Although KBA provides more layers of security than a standard username and password combination, it does not fix all woes, and there is still room for digital identity verification improvement.
Another increasingly common method of digital identity verification is the two-step authentication. Two-step authentication usually still includes, at minimum, the process of supplying some sort of password or user-knowable information, but the secondary step is the addition of a physical component of identity confirmation. Most commonly, this comes in the form of a website sending an SMS to the phone of the registered user providing an additional code needed to complete the login process. A prime example of two-step authentication is an ATM - the user requires the knowledge of a secret pin, in addition to their physical bank card in order to access their account information. There are additional types of security keys that can act as the “physical embodiment” for the two-step factor authentication. These can include USBs, key fobs, smart cards, cell phones, bluetooth devices, and many other forms. One engineer even designed a pair of earrings that can hold a device that can be used as the physical component of two-factor identification.
Companies and organizations requiring digital identity verification of their users walk along the tightrope of needing to securely identify users, while still cultivating a pleasant and not-too-cumbersome user experience. A survey by the company Econsultancy found that “... a quarter (26%) of respondents in a recent Econsultancy survey stating that being forced to register would cause them to abandon a purchase.” What is an online site to do? Enter the process of social logins. “Would you like to create an account or would you like to sign in via facebook, twitter, or google?” Sometimes the option of operating within a site by way of an external social login is encouragement enough to keep users on a site without “burdening” them to create yet another unique online account to fully access the engage with the site’s content or functions.
Of course this solution has its own problems. The visiting users’ accounts could be compromised if there is a problem with the social network servers, if the social network changes its terms of service, or if the user cancels their social network account. Additionally, if more than one social login is provided, a user might not be able to remember which login they used. Most notably, however, the social login options offered increased convenience at the expense of security and privacy. If a user’s social network account is hacked, the hacker could easily gain access to all of the user’s other online accounts for which the social login tool was used to login by proxy. Additionally, as evidenced by this year’s Cambridge Analytica scandal, using facebook as a social login put users at risk of their social data being harvested in ways they were either unaware of or did not consent to.
Moving steadfastly closer to realizing the vision of sci-fi films and literature, the use of biometrics for the purpose of digital identity verification continues to be employed and is being pushed for use in new ways. In the mobile phone arena, the use of a user’s fingerprint to unlock a phone was the first iteration of fingerprint biometrics widely presented to the public. Next up on the biometric docket is the use of facial recognition to verify identities. Other experiments in biometric recognition have been payment by selfie and MasterCard’s proposal of heartbeat recognition as an alternative to merely facial recognition. As with the social login option, the ability to use a fingerprint or a facial scan to identify oneself to an online entity makes the process more convenient, but biometrics are not inherently more secure just because they are inherently unique to each individual. Alvaro Bedoya, Professor of Law at Georgetown University, argues that, though they have their faults, passwords are intentionally secret and therefore private, whereas biometrics are “inherently public”. For example, fingerprint unlock hack “how-to” released by Mashable revealed that “people leave copies of their fingerprints everywhere - and lifting a copy can be used to unlock devices.” While use of biometrics offers one solution to digital identity verification, it is necessary to be cognizant of the potential associated risks.
As various digital verification processes continue to be improved, other innovative options are just getting their walking legs - like blockchain for identity management or the new World Wide Web Consortium (W3C) login standard WebAuthn, for example. Regardless of the status of a digital identity verification or login method, successful digital identity management platforms must balance their users’ security with their users’ interaction experience in order to be viable. Being mindful of how various verification and login methods operate can help users understand the risks and benefits associated with each type of digital identity verification. -SA
Image forgeries have been around for a long time. In the 15th century, for example, Michelangelo doctored his Cupid sculpture to make it look like an antique that had just come out of the ground, and sold it as such to the Cardinal Riario. Fast-forward to the early 20th century, and a series of photos taken by two young girls famously convinced Sherlock Holmes creator Sir Arthur Conan Doyle that fairies were real.
Some hoaxes can be detected through simple skepticism: the fairies that fooled Doyle, for example, bear a striking resemblance to paper cutouts - which they turned out to be. Others require more advanced knowledge, such as x-ray analysis combined with knowledge of when certain paints or canvases were developed in the context of researching art forgeries. As image forgery and tampering techniques have grown more sophisticated, our means of detecting doctored images have followed suit. In the words of information forensics researchers Schetinger, et al, we’re in the middle of “an arms race between forgers and forensics analysts.”
You don’t have to get on Antiques Roadshow to see this in action. Some such forensic analyst “arms” are freely available tools that you don’t need to be an expert to use. If you suspect an image is a hoax, you can investigate it from the comfort of home. A few examples:
When you resave a digital image, the whole image should compress at the same rate. Error Level Analysis (ELA) re-saves an image and identifies if there are portions of said image with different levels of compression - indicating that the image has probably been digitally modified. After ELA, different levels of compression show up brighter than the rest of the image.
And that’s really as much as you need to know about digital image compression to get the gist of the results of an Error Level Analysis. You can try it out yourself at FotoForensics.com, an ELA tool created and provided by Hacker Factor, a computer forensics research organization.
The majority of digital cameras - including those on phones - collect data for every photo that you take and attach it to said photo as EXIF Data. This data varies, but typically includes the camera make and model, the GPS location, and the date and time of photo being taken, along with more technical details like shutter speed and lens type.
EXIF Data can be very useful if you want to determine if a photo was really taken where and when someone claims it was. You can only read EXIF Data in JPEG images, and there are ways for people to scrub the data before the post it (a good idea for privacy!). If you have a JPEG image and want to see if it has EXIF Data attached, you can use a free metadata-revealing services, like FindEXIF.com.
Using Query By Image Content (QBIC) - colloquially known as Reverse Image Search - you can upload an image itself and see where else it has appeared on the web. This is particularly useful if you want to find out if an image’s creator was correctly attributed, but could also be handy as a way to see who else is using the image and how legitimate they are. If an image only appears on a satirical site like The Onion, for example, it’s probably not indicative of real events.
There are many ways to detect forged or doctored images, and more new methods are appearing all the time. A few developers have created tools combine methods, so that you can see, for example, an Image Error Analysis and the EXIF Data for an image all at once. Examples of this include ImageForensic.org and Image Error Level Analyser (it sounds like it just does ELA, but it’s been modified to include much more). Now that you have some of the relevant terms in your vocabulary, you can also conduct some searches of your own, finding the methods and tools that work best for you. -MM