Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Nov 04 2024
Security

How Personhood Credentials Could Impact Higher Education

This new type of identity verification aims to separate humans from artificial intelligence.

Remember the days when clicking on all the squares that contained a bicycle used to be proof enough that you were human online and not a bot? Well, the era of CAPTCHA is coming to an end as AI is learning to bypass what once used to be a reliable security check.

As cyberattacks and data breaches continue to rise each year, and as artificial intelligence becomes ubiquitous and better at common tasks, it’s growing increasingly difficult to use established security measures to verify personhood online.

In a new paper published by OpenAI, Harvard University and Microsoft, researchers suggest that a new type of human identification for using the internet could be on the horizon: personhood credentials.

Tom Zick, who worked on this study and is a project fellow at the Berkman Klein Center for Internet and Society at Harvard, cites two major reasons for the urgent creation of personhood credentials.

Click the banner to learn how to control access to higher ed IT environments.

 

“There are a lot of things that this generation of AI can't do that the next generation of AI will be able to do, and that's changing quite rapidly. And a lot of the ways to check for humanness are also incredibly privacy-invading,” she says.

In the academic realm, students are using AI more frequently when working on assignments, and while there are plenty of tools to identify whether the student's work is an AI creation or not, those “are really not foolproof,” Zick adds.

The idea behind personhood credentials is to solve these problems by creating something to prove that the online user is a unique human, not AI, and not on multiple accounts in the same platform. Ideally, the user would be able to control how much what is being shared with the digital provider of the credentials.

Personhood Credentials Come with Privacy Concerns

Creating a personhood credential requires the use of a “ground truth: things we know for sure that you're a person if you have these things,” Zick says. “You don't need to necessarily know anything about a person besides that they are a person and not a bot.”

IAM TOC

 

One of the challenges is to have something that verifies the user is a person, but to also have it be privacy preserving, because people don't want to or need to give up their information.

When it comes to biometric data like an iris scan, palm print or face recognition, all of which are considered “ground truths,” Zick acknowledges that these factors can be used, but “making them privacy-preserving takes other technical steps, takes trusting the intermediary that's processing those things that's like a potential adopter of that digital credential.”

When Will Personhood Credentials Become a Reality?

A personhood credential could come from different sources. The most obvious way, Zick says, is a government-issued digital personhood credential, something unique to you,  

While countries such as India and Estonia are working on government-issued personhood credentials, it’s not an easy path forward.

DISCOVER: Universities are using identity and access management solutions to bolster security.

“The government has a handful of ground truths that they can use to match the person to all this other stuff that they have on a person,” Zick says. “They can definitely tell if you're human or not, based off things you’d expect in a credit report, ID, Social Security, passport. They have a lot of resources for that, but the problem is that in terms of practically rolling something like that out, it’s very, very challenging to do any sort of innovation and IDs, especially digital IDs.”

Of course, going the government route means that the user is giving up privacy, so another possible solution is to use third-party verifiers.

“The ideal personhood credential is kind of like if you've used single sign-on systems. For example, you’re using one credential and your work portal to log in to a bunch of different applications. It’s that principle of, ‘You're you here in this one place that we trust, and so you’re you in all of these other places that you say you’re you.’ We connect it to your phone, we connect it to your email, so we know that it’s you,” Zick says.

How Could Personhood Credentials Impact Higher Education?

While this method is also not exactly privacy-preserving, it’s a way to establish ground truth with no government involvement.

In a university setting, this could mean that students receive a digital equivalent of their student IDs that can be used to navigate certain things within the university’s Wi-Fi when they’re connected to it.

However, in a university system, if there was “some credential that you really trust, and students use that for all of their interactions, all of their AI platforms, that could be a way to track whether a human is working on something versus an AI.”

LEARN MORE: How to avoid zero-trust tool fatigue.

While Zick believes the best version of a personhood credential is one that works across the board and can be used worldwide, she can also see them being implemented on a smaller scale, such as within a university.

“You just have to think about what you’re getting by having something that only verifies personhood, whether you want that privacy-preserving element or you want to be able to track if someone is using a bunch of different AI agents. If this is something you foresee people doing a lot, if you can imagine that being something that students do when we have AI as part of education, and people have to program different agents to do various things, this is a way to keep track of them: having a personal credential that’s localized to a university in a situation like that. But it is very context-specific whether something like that is useful.”

However, personhood credentials are likely at least five years out, Zick says. This is due to the complexity of implementing such security measures, and because it might require “some fairly tangible issues for people to actually want to mobilize about doing something like this that’s really systematic,” she says.

Szepy/Getty Images