Trust is eroding, and that erosion is rapidly accelerating with the rise of generative AI.
This issue is global and impacts everyone on the internet.
People are waking up to the fact that the current ways in which we verify and validate data no longer work. Communities such as the Content Authenticity Initiative (CAI) and the Partnership on AI (PAI) are organizing like-minded businesses to address provenance, authenticity, and trust for digital content.
The White House recently issued an executive order on safe, secure, and trustworthy AI. And the Artificial Intelligence Act, which aims to create a legal framework for secure, trustworthy, and ethical AI, is advancing in the European Union.
Those pursuits require that we fix a foundational digital trust model issue with today’s internet as we have no easy, open, and interoperable way to prove and verify the long-term integrity of documents, files, images, and other digital content that are shared across the internet.
Have you ever wondered if the document you are looking at is the real one you should be using or if it is one that came from a trusted source? If we can’t make it easy for everyone to be able to answer those questions, the communities forming and the policies that will be created will fall short of fixing the erosion of trust issues that are increasing every day.
Solving this long-term data integrity issue is critical. If we don’t solve it, civilization will change in irreparable ways, as manual verification and validation can’t keep up with the increasing amount of data that is being created. That’s a prediction coming from industry leaders across the globe who know far better about what AI can and will do, very soon.
Here’s how your business can address this issue, decrease your risk, and build long-term digital data trust.
Understanding current trust models is insufficient
Current trust models, which are based on public key infrastructure (PKI), were never intended to provide long-term integrity. PKI was created to enable a person or organization to put data into a secure digital envelope, send that data to somebody else, and allow the individual on the receiving end to use a system of certificates and keys to remove the data from the envelope.
Basic drawings that illustrate the process of locking data in an envelope or box and providing a key to unlock it and take out the data go back decades. It works, but it doesn’t offer long-term data integrity because integrity information – the metadata about digital content – doesn’t travel with the content and isn’t maintained using immutable storage systems.
Verify and validate data coming from the outside
That’s why there is an erosion of trust. If you don’t know where data was made, where it came from, and whether AI contributed to it, it’s impossible to decide whether or not that data is safe to use.
If you use data without first verifying it, you’ve set yourself up for financial, reputational, and security risks. You may even risk life and limb. There are many historical examples of how simple mistakes using data that was assumed to be trustworthy have led to costly or even deadly results. And now that data and data-driven decisions are being generated and made at an unprecedented rate, the risk of using content that can’t be instantly verified and authenticated is far greater.
In today’s data-driven, highly connected world – in which gen AI makes it easier and faster than ever to create new digital assets, including fakes and frauds – you must verify and validate the integrity of all the data you receive from outside your company. You need long-term immutable instantly verifiable audit trails for all the files and documents you rely on.
Avoid enormous software, hardware, and service costs
Ensuring long-term data integrity with immutable audit trails is valuable for a wide range of business applications and use cases. It can help your accounting team identify real – and avoid paying fake – invoices; enable creators to prevent infringement, misattribution, and theft of their digital works; and ensure compliance and minimize risk as organizations work with financial documents, legal agreements, medical records, and other digital documents.
Having different audit trails that are specific to each vertical or discipline creates complexity.
Steer clear of that by embracing the approach created by the Internet Engineering Task Force’s Supply Chain Integrity, Transparent, and Trust (SCITT) working group. SCITT has established a standards-based, open, and interoperable way for people to share integrity information and build immutable audit trails.
With SCITT, everybody can use the same basic integrity metadata language and provide integrity information that is forever verifiable no matter which SCITT-based platform or supplier you choose to work with.
Don’t pay the price of cryptocurrency
Web3 is another way to build immutable audit trails, but adds new complications as you now have to think about paying for services and storage using cryptocurrency.
Most businesses don’t want to pay for storage and transactional costs with cryptocurrencies, which are too volatile and have too many security issues.
Move forward with confidence
If data and the automated information systems fueled by that data can’t be trusted, we’re all in deep trouble. That’s why industry and government are working to address the erosion of trust.
There is a lot of good work being done, but if we can’t solve the long-term data integrity issue, none of that is going to matter. That’s why the SCITT work at the IETF to solve the long-term data integrity issue is going to be fundamental to all of this work.
Long-term immutable audit trails that prove who did what and when to data will empower data consumers to make confident decisions that they can’t today.
