ITU Defining Metaverse Trustworthiness

How safe are we in the metaverse?

Metaverse Surgery

In the future, UN WHO doctor-trainers wearing ordinary-looking glasses will telepresence into any hospital in the world to train and certify local doctors

BEVERLY HILLS, CA ( 2023/3/31 – Once we decide what the metaverse is, we may want to know, how trustworthy is the metaverse?

The International Telecommunication Union (ITU) Focus Group Metaverse (FG-MV), formed Working Group 6 to address that and other metaverse security issues. During the ITU Forum on Embracing the Metaverse in March, it was decided to form three task groups under Working Group 6 (WG6) Security, Data and PII Protection:

ITU Metaverse Security Task Groups

  • ITU FG-MV WG6-TG1: Cyber Security
  • ITU FG-MV WG6-TG2: Building confidence and security in the metaverse
  • ITU FG-MV WG6-TG4: Issues on trustworthiness related to the metaverse

What is the difference between Metaverse Security, Confidence and Trustworthiness?

Since the metaverse operates over existing networks, some see security in the metaverse as being much the same as for security in networks generally. Very 5G and TCP/IP. Others anticipate a host of new issues that need to apply existing best practices adapted to new metaverse scenarios. While it’s up to each TG to decide its mandate and mission, let’s consider expectations.

TG1 Cyber Security

It wouldn’t be surprising if this group takes a similar approach to what we did in my subcommittee defining cyber security for banking, but instead with a focus on the metaverse.

When I chaired The CFO Alliance Cyber Risks Subcommittee, we defined cyber security best practices for banks, manufacturers, M&A and national critical infrastructure. We selected recommendations from current best practices of IT and network security, made specific to CFO concerns. For example, how to detect and prevent a SWIFT bank code being tampered with to redirect wiring bank funds to a hacker.

If TG1 takes a similar approach, that would be selecting best practices from general IT and network cyber security practices, then getting specific how those safeguards are applied to Metaverse cyber security scenarios.

TG2 Metaverse Confidence-building

ITU PL 1.4 C20/18-E, Strengthening the role of ITU in building confidence and security in the use of information and communication technologies. This document summarizes many confidence and security practices, such as international cooperation in enforcement and uniformity of laws and standards.

We may suppose TG2 could look at issues such if someone gets ripped off in the metaverse, where is legal jurisdiction? And, what if two metaverses would connect to each other? Is there a standard protocol for interoperability?

TG4, Metaverse Trustworthiness

Trustworthiness is different from confidence and security. A thought example, when handing our credit card to our spouse, we trust our spouse, have confidence in our bank, and accept using VISA offers security.

For TG4, consider for guidance ISO/IEC TS 5723:2022 Trustworthiness Vocabulary.

Are there different levels of trust? ISO/IEC TR 24028 says, “The specification of levels of trustworthiness for AI systems is out of the scope of this document.” ITU-T Y.TRUST-TLA: Framework of trust-level assessment for trustworthy networking specifies ten levels or trust, from low to high. However, how to apply different trust levels to the metaverse seems as abstract as doing so in the Web.

When I led the Augmented Reality Group at the World Health Organization Academy, how to login doctors and nurses securely into AR headsets was an issue. HoloLens and Magic Leap glasses have neither keyboards nor mice. A doctor logged into MCARE, the future hospital metaverse, could potentially have access to patient Personally Identifiable Information (PII), to data regulated by HIPAA. As typing in a password makes no sense without having a keyboard to type upon, is scanning a QR code printed on the back of the doctor’s badge enough? How trustworthy is that?

Trust goes beyond confidence and security. For example, How Do You Know if You Can Really Trust Someone? One may even ask, does trust require love?

Coming back down to Earth, basic issues in metaverse trustworthiness include… Are you who you say you are? Will you honor contracts made? Can we trace provenance to determine legitimacy of things found in the metaverse?

AI, blockchain and biometrics may help address such issues.

An ongoing metaverse research question is, how well can pupillometry measure depression or confusion in real time? As thesis advisor, I helped one of my grad students last year get her Masters degree and complete her research project in pupillometry. That is, using eye-tracking cameras, available in some AR glasses, to detect changes in pupil dilation in response to stimuli.

Pupillometry is less intrusive and more comfortable than EEG brainwave monitoring. If our AR glasses measure our moods and thoughts, what trustworthiness does that involve?

Future metaverse R&D, in the lab are being developed AR headsets that cause “hallucinations”, that is, full body metaverse immersion like in the film Avatar. That’s a lot of trust.

About Robin Rowe

Robin Rowe

Robin Rowe is co-chairman of ITU FG-MV WG6-TG4. Has developed metaverse and robotics technology, is a Hollywood creative technologist, engineering director, product designer, AI research lab director, and C++ software architect. Led the AR Group at the UN WHO. Was design strategist for Lenovo ThinkReality AR glasses. As a navy research scientist, developed VR war games to train NATO Special Forces, and designed and programmed a night vision flight simulator to test naval aviators. As a professor, taught computer science at the Naval Postgraduate School and the University of Washington.