- Статьи
- Internet and technology
- Voice in a bundle: in Russia it was proposed to create a biometrics database of phone scammers
Voice in a bundle: in Russia it was proposed to create a biometrics database of phone scammers
Russia is discussing new measures to counteract telephone fraudsters - including the formation of a database of their biometric samples. This was revealed by the head of the Ministry of Digitization, Maksut Shadaev. Details about what biometric samples of phone scammers may be included in the new database and whether it will help Russian law enforcement, read in the material "Izvestia".
New measure
About the fact that in Russia are discussing new measures to combat telephone scammers, the head of the Ministry of digitization Maksut Shadaev said at the inter-industry conference "Customer safety comes first".
"Among these measures, for example, it is discussed that we should in any case form a database of biometric samples of fraudsters," the minister said. - And the second - we want to give telecom operators the opportunity to use AI to identify attempts to influence subscribers. This will be a norm of the law.
Such a base will help in the development of new protection functions in software products, said Maxim Buzinov, head of the R&D laboratory of the Cyber Security Technologies Center of Solar Group. For example, in mass digital services - messengers, email clients, as well as in specialized software for protection against attacks and fraud threats.
- The initiative is designed to increase the level of protection of citizens, as well as to establish a link to the fraudster, rather than to the operator, phone number or type of call, - adds the head of Fraud Protection Department of F.A.C.C.T. company Dmitry Ermakov. Dmitry Ermakov.
Swindlers' samples
According to Maxim Buzinov, in the case of creating a biometric database of telephone scammers, it can include a wide range of data. For example, if we consider the physical nature of fraud, such data can be "classic" fingerprints and DNA.
- To identify fraudsters in the digital space, photos of faces, examples of recorded speech, retinal prints, examples of video recording of movements (gait, facial expressions) and even digital traces of mouse and keyboard use to determine digital handwriting will be useful," says the Izvestia interlocutor. - For example, a fraudster can be detected by the nature of his gait on a video camera recording in the ATM room.
However, Dmitry Ovchinnikov, head of the Laboratory of Strategic Development of Cyber Security Products of the Analytical Center for Cyber Security "Gazinformservice", notes that many phone scammers operate in Russia from the territory of other countries. Therefore, the only biometric parameter that can be collected from them is a voice sample.
Anyway, according to Maxim Buzinov, if a biometric base is created, messengers could distinguish the voice or appearance of a fraudster based on digital impressions of his appearance or pieces of speech and instantly notify a person about who is on the other end of the communication. Banks would be able to respond automatically to communication with such a person by blocking inquiry transactions, credit applications or large transfers.
- Public services could warn users that they are interacting with an unscrupulous person," says the expert. - And corporate means of protection - in time to signal to the security officer about the appearance of potential threats in communications.
At the same time, says Dmitry Ovchinnikov, there are no similar bases in other countries at the moment. Most likely, this is due to the fact that it is difficult to achieve high efficiency in voice recognition. However, computing power is growing year by year, and new algorithms and technologies in the field of AI allow us to expect that it will be possible to identify the voices of fraudsters with a high degree of probability and block such calls. In addition to biometrics, it is always possible to include analysis of typical phrases or technical information about the country of origin of the call, frequency and duration of calls, and other parameters that will make it possible to determine with 100 percent probability that the voice belongs to the attacker.
Identification difficulties
According to a specialist of a major Russian IT-company in the field of cyber security, who wished to remain anonymous, the existing models today determine the identity of the voice with a probability of about 80%, and there are many techniques to bypass them.
- Nowadays a number of operators form their own separate records when analyzing phone calls, and the call is analyzed only if the client has given his consent," says the expert. - Operators cannot force all users to agree to call analysis, as this measure affects the constitutional rights to the secrecy of correspondence, telephone conversations, postal, telegraphic and other messages.
Therefore, according to the expert, the effectiveness of such measures today is not very high and it is formed on the basis of data on a small percentage of identified, confirmed fraudulent calls, as well as the frequency of such calls from specific numbers. However, assessment by the number of outgoing calls is also sometimes ineffective due to the registration of subscriber numbers on legal entities.
Collecting information from different sources into a single database may improve the effectiveness of fraud prevention in the short term. However, given the development of artificial intelligence technologies and the high availability of such tools, it can be assumed that fraudsters will quickly bypass such protection through voice modification, use of other people's voice casts or diphake technologies, the expert emphasizes.
Legal aspect
Dmitry Ovchinnikov calls the weakest point of the hypothetical base of biometrics of telephone fraudsters the absence of by-laws, lack of understanding of explicit legal mechanisms for appealing against the decision to add to this base, as well as the very procedure of adding without trial.
- From the point of view of the law, inclusion in such a database should be carried out after an investigation into an episode of fraud has been carried out and the identity of the fraudster has been established," explains the Izvestia interlocutor. - But this rarely happens.
As Dmitry Ovchinnikov notes, in fact, not a database of fraudsters, but a database of fraudsters' votes may be created. And if a law-abiding citizen accidentally gets there, he will never know about it, since there is no court decision and no one will inform him about it. And if from the technical side the creation of such a base does not raise any questions, then from the legal side it will inevitably involve a large number of gray areas.
- It is important to implement this initiative in a balanced manner, taking into account the interests and protection of private life and personality of citizens," agrees Maxim Buzinov.
According to the expert, it is obvious that the creation of the base will use machine learning mechanisms for voice and face recognition. Therefore, it is important to provide measures to ensure the security of both the database of ML-model datasets and the accuracy of recognition by algorithms. It is necessary to ensure regular actualization and updating of such a database, to provide work on the correction of false positives. And, of course, it is worth taking into account the risks of attacks that use digital doppelgangers completely generated by AI, concludes the expert.
