All this crazy talk around Obama's scanned birth certificate document is bringing the issue of digital authenticity to the top of the news.
For example, how do you know it's really me writing this sentence? You don't, but the consequences of being wrong are not great. On the other hand, there are an increasing number of digital transactions where the consequences of being wrong are very great.
The authenticity problem has been negligible so far because institutions who have reputations on the line can't afford to publish fraudulent information. But when anyone can publish and we still trust almost everything we read, things are going to get very ugly.
We have lots of technology that lowers the cost of checking authenticity in our social lives, but even with that cost near zero, we still have to decide to put in the effort to check. When should you take the extra step to make sure something or someone is authentic and/or feasible? Do you even know how to do this?
Take this document for example: in its physical form, there are many things that protect it from being counterfeit. However, once the document is scanned, you can 'prove' almost anything about it.
There are YouTube videos about Obama's birth certificate that claim to show it's not authentic. Actually, we don't even know if the people who created the videos or the scanned documents contained in the videos are authentic. There is no 'chain of custody' equivalent from an authentic document in the physical world to its equivalent digital version. There are no digital signatures. What do we really know about any of the claims and counter claims around the digital documents presented as the President's birth certificate? Nothing.
I estimate that 95% of the content communicated over the Internet is taken at face value and assumed to be authentic. I'm not talking about obviously sketchy content but content that has been 'manufactured' with the objective of bypassing your good judgment. As human beings, we find people we trust, and then trust their communication; effectively we establish a network of trust. So many people fall victim to 'click-to-infect' scams when the message appears to come from your best friend. Yes, social networks are cyber criminal's playgrounds because all of they can take advantage of established trust networks.
I think consumers are already beginning to demand that digital medium assertions are cryptographically signed for authenticity. I'm not talking about overt cryptography. I'm talking about some kind of technology infrastructure that allows for a digital seal or red/green button on certain digital documents that makes it possible to verify where they came from and have more confidence in the assertions they make.
Without this we will all remain in the equivalent of digital darkness - or worse, we keep getting conned by people who make a living preying on the trust of humanity.
