should we be afraid of this digital certificate of humanity?

should we be afraid of this digital certificate of humanity

The founder of OpenAI launches Worldcoin, a whole new type of service mixing biometrics and cryptocurrency in order to provide digital proof of humanity via an iris scan. A futuristic project, as daring as it is disturbing.

After three long years of development, Sam Altman, CEO of OpenAI – the company that created the famous ChatGPT – launched a brand new service called Worldcoin on Monday July 24. An ambitious and even a little crazy project, worthy of the famous anticipation series black-mirror combining a digital ID system and a cryptocurrency wallet. Its great originality? It is based on authentication using a scan of the iris of the eye: an “anatomical identifier” to generate a digital passport (World ID) that its users would use to prove their identity online without having to share their personal data. A kind of “certificate of humanity” intended to prove, faced with the rise of artificial intelligence and chatbots, that one is not a robot. As a bonus, this system makes it possible to acquire a new cryptocurrency, called WLD.

But if the idea arouses enthusiasm and curiosity in some, it generates quite legitimate concerns in others. Less than a week after its launch, Worldcoin is already in the crosshairs of several regulators, who are concerned about its verification system based on recognition of the human iris, which is sensitive biometric data, and consider the approach dangerous. .

Worldcoin: a digital passport and free cryptocurrencies

The iris is a membrane of the eye which, like fingerprints, has the particularity of being unique for each human being and of being stable over time. As a result, it can be used to establish biometric data, specific to each individual, and therefore a digital certification, which certifies that it is indeed him. As the company says on his site, the scan is carried out using a device called The Orb, a kind of metal sphere equipped with sensors. The user then obtains his digital certificate, responsible for proving that he is indeed a “real and unique person” all in “preserving his privacy”. The digital passport is then accessible from the World App application, which allows payments and biometric authentication. There are currently Orbs in thirty-five cities around the world, including Paris. The process is completely free: all you have to do is create an account in the application and go to the Level Coworking Cafe, at 11 Rue de l’École Polytechnique, 75005 Paris. The company already claims more than two million subscribers worldwide.

The Orb © Worldcoin

Even better, Worldcoin is giving away 25 tokens of the new cryptocurrency WLD to anyone who gets their iris scanned. A way to attract the public thanks to the lure of profit and to put them a foot in the sector. The cryptocurrency wallet is then also accessible via the World App application, which will be used to make payments. With the WLDs, the company seeks to set up a currency that could lead to the creation of a universal income, in order to help those who will have lost their jobs because of AI to continue to live with dignity – we count 143 million WLD in circulation in July 2023. Wordcoin is aiming for one billion by the end of the year, but without taking into account the various obstacles and difficulties.

The WLDs arrive as the reputation of the cryptocurrency industry suffers from the spectacular collapse of FTX and other major platform bankruptcies, and as the various European regulators focus more than ever on the problem of the management of personal data. . Also, on July 28, the National Commission for Computing and Liberties (CNIL) declared to Reuters having become aware of Worldcoin and judged that the legality of the collection of biometric data was “questionable”, as were the conditions for the retention of biometric data. Because if these come out of the company’s system and there is a combination of biometric data and personal data, this could be a problem…

Worldcoin: an opaque project that raises many problems

On his siteWorldcoin wants to be reassuring and ensures that “biometric data never leaves the Orb. And once you register, it is permanently deleted”. “Your biometric data is first processed locally on the Orb, then permanently erased”explains the company. “The only data that remains is your IrisCode. This IrisCode is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. Therefore, it does not tell us anything about you, neither to us nor to anyone else”. But if it removes the iris scan well, it still keeps the IrisCode. However, if a third party accesses the code, they could certainly usurp it or even modify it. Not only would the victim have their cryptocurrency wallet emptied, but their identity could be used for a whole host of illicit activities. Not to mention that Worldcoin could seek to capitalize on this data and resell it to other entities.

39484813
World App © CCM

Biometric information, in particular the iris, being considered very sensitive data with regard to article 9 of the GDPR, the European authorities were quick to look into the matter. The CNIL will therefore conduct an investigation, in collaboration with the German authorities in Bavaria. The Information Commissioner Office (ICO) in England will do the same. Note also that, if the cryptocurrency of Worldcoin is available in twenty countries in the world, it is not in the United States, where the authorities monitor crypto-assets very closely.

In any case, the authorities will obviously have plenty to do, between the nebulous organization of the company, the opaque functioning of cryptocurrency and the management of personal data! Since the iris scan is biometric data, its collection is subject to very strict rules. This must be subject to consent. “enlightened” And “free”, which means that users must have access to several pieces of information, including the identity of the data controller and the purposes pursued – which is not very clear at the moment, as evidenced by the survey carried out by BuzzFeed last april –, and that they can refuse the collection of this data without losing access to the service – which seems to be difficult for Worldcoin.

In addition, while the device has already been tested in several countries, such as Sudan and Indonesia, it seems that seven computers from The Orb have already been hacked, as revealed TechCrunch last May. Several Worldcoin operators have also reportedly had their personal devices compromised by password-stealing malware. Cybercriminals would have had full access to the operator’s dashboard without requiring multi-factor authentication. Information collected by operators includes email addresses, phone numbers and scans of national ID cards in some regions, but the company said no personal or sensitive data was stolen. That promises!

ccn1