Qualified Qualifications, Credible Credentials
Real people with fake qualifications and fake people with real qualifications.
Dateline: London, 7th February 2024.
I’m fascinated by stories about what is “real” and what is “fake” and because of my obsession with digital identity. Not only the digital identity of people, but the digital identity of everything. People, bots, animals, things and even countries. Countries? Yes, Arnaldo Chamorro, chief of staff for Paraguay’s agriculture ministry, was replaced after signing a memorandum of understanding with representatives of a non-existent country, the United States of Kailasa (a fictional state, described as the “revival of the ancient enlightened Hindu civilisational nation”, it is led by a self-styled guru, Nithyananda, wanted in India on several charges, including sexual assault).
What Are You Faking?
I’m especially fascinated by stories about fake credentials, such as academic and workplace qualifications. What’s more, being English, I have a particular obsession with stories about fake dentist credentials. For example, the story of Omid Amidi-Mazaheri, an asylum seeker who told British immigration officers that he had a dental practice in Iran and repeatedly left patients in agony after he drilled without a local anaesthetic and did expensive fillings that crumbled within days. But how were his patients supposed to know whether he was a real dentist with a false identity or a real identity with false credentials?
You would imagine that some training is necessary to be a dentist. Hence the need to check the credentials of dentists (although while writing this it occurs to me that I have never checked the credentials of mine) but there are other jobs — perhaps many other jobs — where the credentials are window dressing. I am reminded here of the case of a builder who faked a resume and went on to rise to a very senior level in the British National Health Service (NHS), leading one to inevitably question why that particular employer asked for the qualifications in the first place, since they were evidently irrelevant.
Some employers are beginning to rethink. Walmart plans to rewrite many job descriptions so that applicants can have either a college degree or show they have needed skills through prior experience or other types of learning. This approach, driven by a shortage of talent in high-demand areas, of “skills-based hiring” has gone up the corporate agenda, and it is not hard to see why.
On the other hand, there are many positions that demand chutzpah rather than credentials. An example of such a position is Chief Financial Technology Officer at the Office of the Comptroller of the Currency. Until recently this position was held by Prashant Kumar Bhardwaj, a chap with an impressive resume including top jobs in the worlds of management consulting and banking. He was the chief information officer at Fifth Third Bank (except that a spokesman says that they never employed him), he was IT director at Citi (which was impressive considering he was 13 years old at the time), he was CIO at Huntington Bank (except that the position was held by other people during the time of claimed employment and one of the actual officer holders had never heard of him) and he was MD Financial Services technology at Accenture (except Accenture only has a record of employing someone with his name in a senior manager role).
C-suite jobs at Federal agencies to one side, here’s another recent case where credentials and experience appear to be irrelevant. In Kenya, a lawyer named Brian Mwenda was arrested after winning all 26 of his cases because he had no legal training and had stolen the identity of an actual lawyer called Brian Mwenda Ntwiga. Fake Brian had allegedly accessed the Law Society of Kenya’s portal and tampered with the account details of real Brian by uploading his own picture. The credentials were true, if any client had taken the time to look them up, but the identity was false.
with kind permission of Helen Holmes (CC-BY-ND 4.0)
If it is difficult to know whether you are dealing with a real lawyer in the universe, imagine what it is going to be like in the Metaverse. There are already lawyers there, of course, just as there are lawyers everywhere else. Zannes Law, a Toronto-based law firm has a seven-level office in a metaverse and principal lawyer Madaline Zannes conducts private consultations with clients there as well as meeting people who turn up with legal questions. Interestingly, she says that there are “bad actors” who attempt to offer legal services in virtual spaces without any sort of certification. Some go as far as to keep their identity hidden from clients, as if you can imagine such malfeasance.
(To tackle the problem she has created the international Metaverse Bar Association, which aims to provide a registry of verified licensed lawyers.)
Double Deceptions
There are two different kinds of deception affecting the lawyers, dentists and managers noted above. Honest avatars going about their daily business need to be protected from both kinds: faking the identity of someone with credentials (identity fraud) and faking the credentials of someone with identity (reputation fraud). So how can we make this work? When you meet your lawyer in a metaverse, you want to know three things: you want to know that the credential (the licence or whatever) is valid, you want to know that it belongs to the mundane master of the avatar and you want to know that the mundane master is present. But how?
Here’s one suggestion. China’s state-owned telecoms operator China Mobile, has put forward proposals for a “Digital Identity System” for all users of the Metaverse at the second meeting of the International Telecommunications Union (ITU) Metaverse Focus Group in Shanghai in July 2023.
(The ITU is a United Nations agency and plays an influential role in defining the ground rules for global telecommunications).
The Chinese operator said that the digital ID should work with “natural characteristics" and "social characteristics" that include a range of personal data points like people's occupation, "identifiable signs" and other attributes. They also suggested this information be “permanently” stored and shared with law enforcement “to keep the order and safety of the virtual world.”
(The proposals even provides the example of a noxious user called Tom who “spreads rumours and makes chaos in the metaverse”; the digital identity system would allow the police to promptly identify and punish him.)
Whether you are in favour of chaos in the Metaverse or not, I am sure you will agree that the Chinese proposal may not be congruent with Western mores. We need a better universal solution to the general problem, one that separates the issues of identification, authentication and authorisation.
LinkedIn has evidently decided to do something about it. When I logged in recently I was given the opportunity to verify my identity. I wasn’t sure whether to do this or not, but I wanted to understand the process so I gave it a try. After scanning my passport and so on, I was confirmed as a David Birch.
Whether I am the David Birch who is the author of “Identity is the New Money” or not is another matter.
The Third Way
Neither a web2 registry or a web3 centralised control approach are the way forward. Maybe now it is time instead look to the world of web3 and digital identity to attack the problem in a new way. That is, when I meet my lawyer in the metaverse, I want to see her license to practice and proof of her employment history as Verifiable Credentials (VCs) not as PDFs or barcodes on the virtual wall of her virtual office.
(Under the hood, so to speak cryptography does the business. My machine will generate a challenge using the public key in the credential, and since that challenge can only be answered by someone with control over the corresponding private key, but as a consumer I will never see any of this.)
Given the ease with which these standard cryptographic techniques can be implemented, it seems to me that it should be safer to employ someone in the metaverse than in the universe so surely it is only a matter of time before HR moves into the metaverse. I dream of the day when this will extend to a visit to the dentist as well.
Are you looking for:
A speaker/moderator for your online or in person event?
Written content or contribution for your publication?
A trusted advisor for your company’s board?
Some comment on the latest digital financial services news/media?