Re: Deep Fakes, Phishing & Epistemological War - how we can help combat these. from Henry Story on 2019-06-04 (semantic-web@w3.org from June 2019)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 4 Jun 2019 22:50:31 +0200
To: David Booth <david@dbooth.org>
Cc: semantic-web <semantic-web@w3.org>
Message-Id: <0CF74046-B551-419E-8CF1-6F38A315DB58@bblfish.net>
> On 4 Jun 2019, at 20:51, David Booth <david@dbooth.org> wrote:
> 
> On 6/4/19 4:37 AM, Henry Story wrote:
>> Deep fakes are produced by new technological breakthroughs that allows one to
>> realistically create live videos of real people, to make them say whatever one
>> wants them to say with the right tone of voice too. There is no turning back
>> this technology, and this will bring us back to a pre-photographic world,
>> where trust in the coherence and authorship of a story is all we have to go
>> by for believability.
> 
> Good topic!   I wonder if blockchain could help somehow, to make a recording undeniable.  Blockchain should be able to anchor a recording to a particular time range, and also to a particular person (or key owner).  I wonder if it could also be used to anchor a recording to a particular location somehow.
> 
> I'm just musing here.  Others might have clearer ideas about how to do this.

Yes, I agree one could use ideas from the blockchain to make the Institutional
Web of Trust have a historical record that could be used later in court.

If the local nation based registrars such as companieshouse.gov.uk [1]
were to put their  data up in JSON-LD, then there could be a regular (daily?
hourly?) dump of updates to the server, that could be signed automatically
by the relevant players, perhaps cross signed across nations even, to keep
a record for potential court cases later.

Some clients may even download these dumps and updates in order to speed
up verification.  At the level of records about the Web of diplomatic ties
of a nation, I guess browsers would keep such caches locally in order to
reduce traffic to those servers.

With RDF based signatures for which we have a few proposals [2], this could
make something very much like a blockchain, but much more extensible and
without the risk of ambiguity attacks [3]. As opposed to the bitcoin
blockchain though we may not need a global consensus algorithm: one could
accept that nations differ even in basics such as what other nations exist!
This flexibility is what would indeed make it possible for a few leading
nations to get going experimenting on this idea without waiting for full
global consensus.

So blockchain ideas based on RDF signed blocks are a key part of a full
story.

We don’t need to be mesmerized by blockchain though. All the way through
Martin Abadi’s work starting from the 1991 paper "A calculus for access
control in distributed systems.” the point is made that the ”A says  P”
relation holds just as well for signed documents as for speech acts of
saying, which on the web maps to HTTP GET/POST/PUT/… actions.  So if the
server from companieshouse.gov.uk makes a statement it can be used in the
same logic as a signed statement, which means that both live linked data
as well as caches can be used interchangeably. In some circumstances one
method will be more practical than another.

Also blockchain by itself cannot solve the problem we are grappling with.
This requires us to tie records into legal systems and the web of nations. 

There are other issues with fact based blockchains that I wrote up in the
post ”Identity on the Web and the Blockchain”.

https://medium.com/cybersoton/identity-as-a-graph-or-a-chain-f15940beec81

A summary of the argument could be that on the bitcoin blockchain all 
operations are mathematical transfers and so can be verified algebraically. 
In a fact based blockchain on the other hand, references to the
world have to be made and these cannot be verified by analyzing the chain
alone, because of … semantics!

We have pretty much all of the technologies to make this works, and
we also have the semantic know how relating to ontologies and linked
data to make the case to the various nations that are keen on digital
sovereignty, and are starting to articulate the relations between local
and global, and how these can be interwoven.


Henry Story
http://co-operating.systems/

[1] I describe an example JSON description of a company in
https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9

[2]https://w3c-dvcg.github.io/ld-signatures/

[3]  I am thinking that an ambiguity attack would use try to find or
engineer situations in which the same JSON content were understood by two
different apps completely differently, and this used to confuse an app
about the meaning for the same JSON content were understood by two different
apps completely differently, and this used to confuse an app about the
meaning for the gain of the attacker.

[4] Abadi, Martín, et al. "A calculus for access control in distributed
systems." Annual International Cryptology Conference.  Springer, Berlin,
Heidelberg, 1991.
   (Note Mike Burrows was the author of the AltaVista search engine)
   https://link.springer.com/content/pdf/10.1007/3-540-46766-1_1.pdf
> David Booth
Received on Tuesday, 4 June 2019 20:50:58 UTC