Re: Deep Fakes, Phishing & Epistemological War - how we can help combat these.

On 4 Jul 2019, at 10:33, Paola Di Maio <paola.dimaio@gmail.com> wrote: >
> Reality is so manipulated (at all levels) that humans have lost  (maybe
> never had) the ability to understand of what is real beyond doubt,

That is actually the subject of Epistemology. This comes in two parts.  1)
The problm of definition: What is knowledge?  2) The sceptical problem:
how can we know anything given that we can always find reason to doubt?

Knowledge was defined by Socrates according to the reports by Plato as
Justified True Belief. More than 2 thousand years later, after the development
of modern quantified logic with Frege and Russell/Whitehead, the questions
came to be to find logical necessary and sufficient definition of knowledge.
These lead to well known problems defined by American Philosopher Edmund
Gettier https://en.wikipedia.org/wiki/Gettier_problem

Around the same time Modal Logic came to have a mathematical formalisation
and Hintikka used this to defined
 S knows that P iff
   in all the worlds compatible with the information S has, P is true.

Robert Nozick in the award Winning book "Philosophical Explanations" showed
that there was a problem with this definitiion. By updating Descartes'
Meditations to the Science Fiction realm, and arguing that we could always
imagine that aliens from Alpha Centauri had come at night, kidnapped S,
attached his brain to a super-alien-computer and induce in him fake by realistic
sense impressions. Since this doubt can always be brought up in that form or
the more ancient one of dreaming, the question becomes how we can know at 
all, since that possibility cannot be excluded.

The answer come by way of using the David Lewis' later logic of counterfactuals
that organises possible worlds by a distance relation. Redefining knowledge
using counterfactuals as Nozick does, it turns out that one does not need 
to consider more distant and outrageous possible worlds to know some everyday
fact about how much money one has in one’s pocket.

I give an overview of that in "Epistemology in the Cloud - on Fake News
and Digital Sovereignty" (And if you don't want to read the paper you will
find two presentations with slides, one of which I gave at the Chaos
Computer Club Vienna's Privacy Week)
https://medium.com/@bblfish/epistemology-in-the-cloud-472fad4c8282 There
I add a Cloud computing related twist to it, leading us to take seriously
the locality of information.

> The vastness of widespread deceit (about news, history, and even science!)
> and limited resources to verify everything that we hear, we need to limit
> our fact checking to the strictly necessary facts that support our
> decision making/ So when I read or hear some fact, I do my best to verify
> its true.  

Yes, so if you are going to verify the truth of a statement quickly you
may need to use the internet to do so.

In the pre-internet world, you would do so by finding someone knowledgeable
on the subject, which in many case would be someone educated in the area,
or working for a company that is known to be able to make knowledgeable
statements on a topic. So you may go to a dentist to get a prescription
for your tooth pain, or to get a tooth pulled, not to someone you just met
in the bar, even if they can speak very convincingly on the subject. Or
you could read a book published by an expert in the area, and that expertise
would be verifiable by knowing which institution they were speaking from.
Of course if you are a mathematician reading a mathematical proof you would
just need to verify the proof for yourself, but you may yet want to filter
the things you read by knowing where the person writing things came from.

This thinking gets one to understand the role of institutions and legal
systems in our claims to knowledge. To make statements in a factual context
is to be make oneself responsible for what one says, and requires one to
not follow up by saying something contradictory to that. To make a promise
requires one to be able to follow up on it, and then to try to follow up,
and so limits one's future possible lives to those compatible with one's
promises. Entering an institution is to make a certain promise to uphold
its values.

But the web currently has not useful information about what institutions
is behind a web site. A little typo, or clicking on a phishing link can
make you end up on a web site that looks very much like what you are
expecting but be a fake site. This was very unlikely to happen when buildings
in a town gave you a way to recognise the institution you were talking to.
That building would in any case mean the presence of people on legally
delimted soil.

So before the large public can even get around to fact checking we need
to build an institutional Web of Trust (WoT), which can play the role of
buildings in local life, by letting people know the legal framework a web
site is tied to.  I describe how to do that in the blog post "Stopping
(https) Phishing"
https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9

This can be done with Linked Data because we do not require global consensus,
and so we can allow different nations to have differnet points of views
on each other and even how to map ontologies, when disagreements arise.

> Deepfakes adds another layer to that manipulation and falsification of 
> reality, by leveraging new technology.  
> I see two areas of concern
>  a) technology ethics - a fun  technology developed 
> to animate fictional output is used to falsify reality  (making people say 
> what they have not) with potentially devastanting consequences is  not 
> entirely new-manipulation has always occurred by twisting, falsifying 
> or taking out of context what people may say.  Misinformation and 
> misrepresentation are  a less technologically sophisticated, but with 
> similar consequences (to manipulate public opinion and behaviours) This 
> already happened with emails.  Deepfakes is a progression of  spoofing 
> tech where someone fakes another person email address.

Deep fakes are not a problem if they are annotated as fictional.  Terminator
1, 2 and 3 did not cause global mayhem, because they appeared in cinemas
and were clearly labled as science-fiction.  The mayhem appears when things
are published as true by sites that look like official ones.

> b) the increased value of authenticity, and authentication tech

That will be important especially for allowing private citizens to also
make clear which legal space they are speaking from, when say they publish
a photo or film about something happening.

> From a systems view point, another layer of risk, can be addressed
> with  another layer of architecture (strenghten authentication layer?)

Yes, we need a new layer, but not the authentication one. We have that
already. The domain name to DNS authentiation layer technology does 
its job well enough if one uses X509 certificates and DANE on DNS-SEC.

What is missing is the institutional web of trust that can then be used by the
browser to display rich information on a secured screen such as the Apple
Touch Bar, in a seamless but helpful way. The information contained
in X509 Certificates is much much too poor to be of interest and hence
of use.

For an example of how this institutional web of trust could be tied to
hardware see the blog post "Phishing in Context - Epistemology of the
Screen" https://medium.com/cybersoton/phishing-in-context-9c84ca451314

As for authentication of citizens using Verifiable Claims so that they too can
make claims (such as location claims if they were a witness to something)
needs the institutional web of trust to work for networks that go beyond
a few degrees of seperation, since if you go a few more jumps you have the
whole world in your network.

Henry Story

Received on Thursday, 4 July 2019 14:09:49 UTC