One of our main goals is to have individual member presentations on what problems/challenges they see in AI & Metaverse related to trust.
Starting in the new year (2023), we plan to start drafting white papers or other types of deliverables of the task force.
Agenda Items and Notes (including all relevant links)
Time
Agenda Item
Lead
Notes
2 min
Start recording
Welcome & antitrust notice
Introduction of new members
Agenda review
Chairs
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws.
ToIP Policy: Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
IIW presentation Wenjing Chu and attendee responses
Following up from last meeting's discussion -dive into the scenario of DeepFake attacks armed with a GAI agent and how we may protect against them.
We went through the recap email Mathieu wrote (to be published as a blog soon)
We then discussed two types of 'content' based attacks to authentication: Presentation and Injection. Presentation is easier to detect because it's hard to produce 3D synthetic models (and harder to scale). Injection attacks combined with an AI-enabled agent behind it may be the hardest challenge today.
Protection of injection attacks can be strengthened with an strong identity - EUDI, mDoc, KERI - common methods like biometrics or liveness tests can be emulated with sufficient publicly disclosed data, but these methods combined with a signature by a key in the wallet can be much harder. Dan mentioned sealing the camera inside a strong package. Wenjing mentioned C2PA allows camera's to sign photo at inception. Neal stated that not disclosing the private information is the the flip side of the same coin - confidentiality (or a form of 'zero knowledge' proof) would enable us to use more PII for authentication. Dan mentioned the current EU methods's PID and photo (or other content) be signed by an authority (like an issued credential). We also discussed the alternative way of issuing through mDoc e.g. different credentials for selective disclosure - i.e. another credential that stating a person is older than 21, rather than relying on new cryptographic algorithms/protocols.
10 mins
Vivik Nair paper on unique identification of users by motion data in metaverses
Sandy Aggarwal reported the status of the gaming white paper and work in the LF mentorship program.
Question on game engines, e.g. unreal, on emulating characters (non-playable character) - which is commonly programmed today. Wenjing mentioned this can be then enhanced to use GPT-like models for more intelligent behavior. The result can be a human-emulator which is the injection attack scenario we discussed in the agenda item above (DeepFake attacks).
Review decisions/action items
Planning for next meeting
AOB
Chairs
We ran out of time and will push the Vivik Nair paper and Daniel Kang paper to next time.