Blog

Identity Security in the Age of AI 

Abstract 

Here we will discuss how to preserve the identity of yourself and any persons in your organization, as well as the basics of voice-cloning technologies, sometimes referred to as deep-fakes, and how to deal with a phone call with someone whose vocal identity may have been appropriated. 

Introduction 

In the modern age, most people are familiar with the various forms of online scams and robo-calls that plague our present communication networks. Those who are security-conscious will be naturally weary of unknown numbers and be able to quickly discern a fraudulent call with little doubt. But a phone call from a loved one, family member, or old friend, even from an unknown number, could take anyone off guard, especially in a perceived emergency. In the worst case, you will not even know you have been the victim of this type of fraud until you discover changes to your banking information which you did not make. With the rise in publicly available artificial intelligence tools, a new, imitative form of online and telephone fraud has also become more of a risk.  

Maintaining Voice-Print Security 

Most of these new forms of telephone fraud start with a first phone call to someone close to a potential target of the scam. It is practically impossible to ignore unknown callers while still maintaining full business operations, but there are precautions that can be taken to prevent your voice from being captured, processed, and repurposed for whatever means an identity predator deems desirable.  

  • Firstly, when receiving an unknown call, take the usual precautions in anticipating potential fraud; do not reveal unnecessary information, attempt to ascertain a caller’s identity, etc. 
  • Secondly, maintain brevity: Voice cloning relies on recordings of prolonged speech, thus a simple and uniform telephone greeting can minimize risk of voice samples. 
  • Thirdly, do not speak openly on a phone call without first receiving confirmation that there is someone else on the line. These “silent calls” are sometimes used to gather voice recordings from the target. 
  • Lastly, if you notice suspicious activity regarding sensitive or personal information, take reactive measures immediately, and do not allow a call agent to disregard the possibility of a previous phone call having emulated your voice. 

Note that these precautions are not foolproof, nor are they all necessarily required to maintain your security; only you know what is best for your situation and what methodology to consider in combating this new form of identity appropriation. 

How Voices are Imitated 

While it is not essential to your personal and organizational identity security, it can be valuable to understand the technology behind these forms of fraud, in order to better protect yourself against becoming a victim of these schemes. We put great effort into staying aware of threats in all forms, including developing technologies, and as such have thoroughly explored the tools that can be used to appropriate a potential target’s voice. 

The main issue with the rise of artificial intelligence powered resources, such as those that allow for malicious parties to clone the voice of a potential fraud victim, is that they are largely unregulated and easily accessed by the general public. One such tool, which we have extensive knowledge of, is a website by the name of ElevenLabs. While the site requires a potential user to have an account and is a paid service for any significant voice cloning, there are few safeguards for the security of a recorded voice. While the terms of service of the platform clearly state that you must have legally recorded the subject and have legal rights to their voice, there is functionally nothing stopping a user inputting anybody’s voice as desired. Various other, open-source voice mimicry projects can also be downloaded from the developer platform GitHub, which are able to be downloaded anonymously and executed on anybody’s personal computer with no monetary trace, provided the user has the skills and means to use them. 

Despite the availability of these voice-cloning platforms, it is by no means an easy feat. It requires considerable time and effort in familiarizing oneself with the tool being used, as each tool uses slightly different means to mimic a subject’s voice, each with vastly different interfaces and controls. Additionally, when gathering voice samples, the audio must be clear, continuous, and with ample variance in pronunciations. As such, the process requires thoughtful handling when dealing with a subject, especially over the phone, as they need to continue talking long enough to gather voice recordings, with enough variation in word choice and pronunciation for the program to extrapolate their unique tone and speech patterns. Someone with a certain degree of proficiency in audio production and processing will be able to stitch together fragments of audio in order to gather enough material to clone, before feeding it to a program that can clone a subject’s voice. Lastly, a string of text must be input into the program or tool for it to process into an audio file that sounds like a recording of the subject’s voice; but note that certain tools can be used as an audio filter, effectively converting anybody’s voice into the voice of a recorded and cloned subject. 

In summary, with the rise of publicly available AI driven programs that can be used to emulate someone’s identity, there has never been a period of time at which people have been at greater risk of becoming victims of fraud. While these tools have a considerable learning curve, somebody with experience in digital audio production and adequate technology skills can copy somebody’s vocal identity in a manner of hours, provided they devote the effort and are able to manipulate or coerce a victim into talking long enough to acquire enough recording for the purpose of cloning. 

Detecting a Cloned Voice 

While it can appear to be challenging to discern when a phone-call from someone is not who they seem to be, there are a few telltale signs that somebody you think you know is in fact an AI driven algorithm mimicking their voice. There are also important measures that should be taken to prevent the people around you from falling victim to these schemes as well. 

  • Awareness: Ensure that you, and the people who are close to you are familiar with this form of fraud, how to prevent it, and how to detect it. The most common form of this scheme usually emulates a family member to target the victim and manipulate them for money. A passphrase can be used if you feel especially cautious of these schemes. 
  • Caution: If you receive a phone call from a number you do not recognize, try to maintain a level head if you hear the voice of someone you know. If they claim to be in an emergency, especially in need of money, be extra careful and verify their identity with information only they would know. Note that a fraudulent caller could still be recording your voice with the intent of cloning during this stage. 
  • ‘Artifacting’: While the technology used to clone a person’s voice has been refined to the point of being an effective disguise, there are still flaws in the audio output with such a method. Sometimes the program will have flaws, such as odd breaks in pronunciation, longer vowels, and consonants that sound like static.
  • Timing: The most apparent fault the time it takes to generate phrases, so asking questions can prove difficult for an AI to fake, unless a voice filter is being actively used, in which case you must rely on knowing how the actual person (you know) talks, and compare word choice and cadence to the unknown number.