Fighting Election Deepfakes with Digital Identity
One of the biggest pieces of news of the 2024 U.S. Presidential election has been the July 20th announcement by President Joe Biden, made via a letter that many saw first on social media, that he was withdrawing from the race. The immediate reaction was skepticism and disbelief – an understandable reaction in an era when it seems like more and more of what we see on the internet is fake, false, or misleading.
The fallout of this skepticism was luckily limited. However, misinformation can have major impacts on people’s behavior, and the broader mistrust it sows can be deeply toxic for an entire society. Current attempts to deal with the problem, such as by fact-checking organizations, can’t keep up, especially as generative AI makes fakes much easier to produce.
It’s time for a different way to authenticate content online, and luckily, there’s one not too far over the horizon: digital signatures based on privacy-preserving cryptography can be used to prove the real source of online content. States, including California, are testing out a state-issued digital ID, known as the mobile driver’s license (mDL), based on these digital signatures.
Particularly for important announcements from trusted sources, trustworthy digital signatures could have a huge positive impact on the information environment, and ultimately could help rebuild the trust that has been eroded by the online free-for-all of the past decade.
Let’s explore how that could work.
The Death of Drawn Signatures
President Biden’s withdrawal announcement was made, not in a network-televised speech, but via a letter on Biden’s letterhead. The letter was distributed to news outlets but also posted to social networks, including X (formerly known as Twitter), where many commentators saw it first. This cut out key sources of trust and vetting: the authenticity of a direct spoken statement and the third-party confirmation of a news organization.
It’s little surprise, then, when some speculated that Biden’s letter might not be real. After all, Twitter accounts can be hacked, and anyone might have created the letter. Notably, skeptics cast doubt specifically on Biden’s signature – the very tool humans have used to prove the authenticity of communications for centuries, even millennia.
Those doubts left a gap for a fake video of Biden purportedly making the announcement. That’s just one example of the fake videos, audio, and photos we’re likely to see in the coming weeks and months, as partisans engage in boundary-breaking informational warfare.
Disinformation has always been one of the dark arts of politics, but new generative AI tools make such fakery so easy that fact-checkers can never hope to keep up. In fact, AI and automation are also empowering “bots” on social media and across the internet, which can simulate real humans’ reactions to content, misleading some victims even more severely with false “social proof.” In one worrying recent example, Russian operatives have used AI to impersonate Americans supposedly opposed to military support for Ukraine.
With the internet increasingly the center of political discussion in America and around the world, and with the most powerful politicians in the world making major announcements via social media, we need a better way to separate the fake from the real.
The Unfakeable Proof of Digital Signatures
To understand how content could be reliably associated with a real-world identity, we have to touch on a somewhat difficult topic: cryptography.
The problem with verifying content online up to now is that the infrastructure of the internet has no built-in identity system, and any digital file can be copied. That’s why digital information systems “break” traditional forms of attestation – anyone can post any file, from any location, and claim to be anyone. Not only can you copy-paste a written signature onto any document, you can now fairly effectively fake video of someone making a statement. While dedicated digital sleuths can spot impostors in various ways, it’s very difficult for amateurs.
Reliably “signing” a digital message instead relies on encryption techniques that aren’t exactly new but are still unfamiliar—digital signatures and public-key cryptography.
In very broad terms, online public information could be reliably signed using a digital certificate issued and affirmed by a known source – possibly a driver’s license issuer, but not exclusively, as we’ll see. That certificate would then be mathematically mixed with the digitized message content, or “hashed,” to produce a string of characters that can only be matched back to that specific content-signature pair.
That hash file would be attached to a public post, and anyone who wanted to affirm its authenticity could check that this specific content was signed by a specific person’s certification. To draw a rather abstract metaphor, it’s like signing a document with ink that contains all the letters in the document itself – a signature unique to one piece of data.
This leaves out a lot of technical detail, but what matters is that this system can’t be spoofed or broken, except by extraordinary measures, such as physically stealing certificate-signing hardware from the DMV. In the case of our election example, the President could certify, using his mobile driver’s license or other verifiable digital ID, the content in his social media statement using a digital signature and the public would be able to trust it’s authenticity.
This type of digital signature has another advantage – you don’t actually have to reveal your identity to sign content. Digital ID systems, such as mobile driver’s licenses, have what are known as ‘selective disclosure’ features, meaning you can attest only to the specific information you want. That can include simply affirming that “a human produced this content,” without disclosing your name. Or you can show that it was made by “a human from Dallas,” without disclosing your address.
This is important to emphasize because the idea of a digital identity can initially sound oppressive or authoritarian – and it certainly can be, if implemented using authoritarian ideals. But under the right regulatory and technology framework, they can be far more privacy-preserving than current models.
Most importantly, and in sharp contrast with the most dystopian fears, you won’t even have to depend on a government agency to attest to your identity.
This is a widely-shared vision of the digital identity future, one that aligns with the values of privacy, individual freedom, and democratic choice. At the same time, it offers a vast improvement in online trust over the current status quo.
Over the next few weeks, Americans and many others will see yet again just how flawed our online discourse is. Being able to prove who’s talking, whether President or pauper, is an obvious starting point for fixing it.
About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.