Insight Image

Guardians of the Metaverse: Navigating Security, Safety, Privacy in the Digital Realm

13 Dec 2023

Guardians of the Metaverse: Navigating Security, Safety, Privacy in the Digital Realm

13 Dec 2023

The metaverse, a rapidly developing virtual world, promises transformative impacts on our lives and is expected to contribute over US$5 trillion to the global economy by 2030, including US$80 billion to the Middle East and North Africa (MENA) region’s GDP by 2035.[1] The Middle East is already embracing metaverse technology with the UAE Ministry of Health launching the world’s first metaverse customer happiness service center, Dubai Metaverse Strategy, aiming to make Dubai a global hub for the metaverse community, and Saudi Arabia’s Neom city using a metaverse to inform construction, collaboration, and immersive user experiences. Yet, as this technology evolves, we must address the security, safety, and privacy concerns that could threaten its success. If these concerns are not dealt with, the metaverse could become a breeding ground for crime, fraud, and abuse. To that end, this article aims to support the crucial policy dialogue with the aim of fostering a balanced metaverse that harmonizes technological advancement with ethical imperatives, providing a framework to overcome these potential challenges. 

Preserving our Digital Identities 

Digital identity emerges as a critical concern within this expansive metaverse. Individuals must retain control over their digital representations and guard against rising threats like Deepfakes, ensuring that they have the autonomy to govern their virtual selves. For the uninitiated, Deepfakes are a type of “realistic” media that use deep learning techniques to create or manipulate audio, images and video content in a way that appears realistic and often convincing. In March 2022, a Deepfake video of Ukrainian President Volodymyr Zelensky surfaced online on a Ukrainian news website, showing him calling on his troops to surrender to Russian forces.[2] The video was quickly discredited by experts, but it had already been widely circulated on social media, and some people believed it to be genuine. This is just but one example of an increasing trend, and according to a study by Deepfake Detection Challenge (DFDC), the number of Deepfakes created in 2022 increased by 900% from 2019 and 80% of deepfakes created in 2022 were classified as “high-quality” or “undetectable” by human experts.[3] 

Given the threats to our self-identities, this may necessitate a decentralized approach, empowering users to manage their data and digital assets without undue interference from third-party entities. Self-Sovereign Identity (SSI) is a decentralized approach to manage digital identities. In contrast to traditional identity systems, where individuals rely on third-party organizations to store and manage their personal data, SSI can empower individuals to own and control their own identities, meaning they can decide who has access to their data, how it is used, and where it is stored. SSI is still a maturing technological framework given there is no global common consensus on how this needs to operate requiring standardized protocols and frameworks for a seamless experience. 

The Colossal Threat from Quantum Computing 

The advent of quantum computing raises concerns with its colossal processing capabilities that potentially upsets the delicate equilibrium between legitimate users and deception within the metaverse. This poses a multifaceted threat that encompasses security vulnerabilities, encryption challenges, and the potential impact on various technological pillars of the metaverse. 

The metaverse relies heavily on cryptographic protocols to ensure secure transactions, protect digital assets, and maintain the integrity of virtual identities. With the unprecedented speed of quantum computing, traditional cryptographic methods, such as RSA, which form the backbone of the metaverse’s security infrastructure, become vulnerable to swift decryption. To provide some context for this colossal power, a conventional computer would need 300 trillion years to break RSA-2048-bit encryption, which is the gold standard for Public Key Encryption (PKE), while a quantum computer could do it in 10 seconds.[4] This imminent threat extends to compromised privacy and legitimacy, as quantum algorithms can swiftly unravel encrypted communications, exposing sensitive user data, transaction details, and virtual property ownership within seconds. This not only undermines the trust and credibility of the metaverse but also opens the door to malicious actors (both state and non-state) to exploit these vulnerabilities for fraudulent activities, potentially eroding the foundation of a secure and reliable virtual space. 

The integration of quantum computing in the metaverse introduces an array of real-world threats, transcending theoretical concerns. Beyond the hypothetical scenario presented, recent developments in quantum technology underscore the urgency of addressing tangible risks. While the threat of quantum computing is imminent, researchers and cybersecurity experts are actively working on quantum-safe cryptographic solutions. Initiatives are underway to develop encryption methods resilient against quantum attacks, ensuring the metaverse can adapt to emerging threats and maintain a robust security posture. 

To safeguard users from the Quantum computing threat, a proposed framework to mitigate against this threat could typically look at (1) robust regulation, (2) advanced quantum security methods such as Post-Quantum Cryptography, Quantum Key Distribution, and Quantum Random Number Generation and (3) enhancing public awareness and education on quantum computing threats. These are but some framework responses that users can navigate the quantum landscape with heightened awareness and resilience. 

Legal quandaries in the use of smart contracts 

Smart contracts, whilst holding the potential to revolutionize various sectors, including the metaverse, raise legal quandaries, particularly in cases of hacking, subsequent liability, and a muddied understanding of which jurisdictional laws should be applied. Smart contracts are basically a term popularized by Ethereum that are self-executing contracts with the terms of the agreement directly written into code.[5] They operate on blockchain technology, executing predefined actions automatically when specific conditions are met without requiring manual intervention or approval.[6] Smart contracts play a pivotal role in the dynamic landscape of the metaverse, functioning as its backbone, regulating the ecosystem, automating processes, and enhancing decentralized application (dApp) connectivity.[7] 

The key advantage of smart contracts lies in their ability to enact trust in executing transactions in a transparent, tamper-proof, and decentralized way. The code that underpins “smart code” is stored on the blockchain, ensuring immutability and reliability. From a metaverse perspective, smart contracts facilitate a wide array of functionalities that enable secure and transparent transactions, ensuring that agreements are executed as instructed. For example, in a decentralized virtual marketplace within the Metaverse, a smart contract can automatically facilitate the exchange of virtual assets, eliminating the need for intermediaries and enhancing the efficiency of transactions. This capability not only fosters a trust-less environment, but also diminishes the potential for fraud and disputes. 

The integration of smart contracts into the metaverse is not without its challenges in terms of its innate coding vulnerabilities and its jurisdictional challenges.[8] Coding errors or vulnerabilities in the smart contract’s logic may be exploited by malicious actors, leading to security breaches. Real-world examples highlight the importance of addressing these vulnerabilities. Instances of re-entrance attacks, a type of security vulnerability targeting smart contracts, have been observed. Indeed, in June of 2016, USD$50 million of cryptocurrency was stolen from a crowdfunding venture’s account using such an attack method.[9] These attacks exploit the properties of re-entrant functions within the contract, emphasizing the need for robust security measures. 

Smart contracts also introduce jurisdictional challenges due to the decentralized and borderless nature of the metaverse. The lack of mature legal frameworks poses significant challenges in trying to understand which applicable jurisdictional laws should be applied and how smart contracts should be enforced. These key areas need urgent attention. Resolving these challenges requires collaboration between governments, legal experts, and technology developers to establish clear legal frameworks, adapt existing laws, and develop international cooperation mechanisms for effective governance of smart contracts in a global context. 

In sum, smart contracts serve as the cornerstone of the metaverse, powering its decentralized infrastructure and fostering trust among participants. Their utility extends beyond simple transactions, enabling complex interactions within the virtual environment. However, addressing security vulnerabilities and jurisdictional challenges is essential to ensuring the robustness and sustainability of the metaverse. 

Social engineering attacks 

Social engineering attacks in the metaverse take on a menacing form as cybercriminals are exploiting the convergence of the digital realms and human interaction. Indeed, the estimated cost of social engineering attacks in 2023 is US$4.45 million per incident, an increase of 15% over the last three years, according to IBM’s 2023 Cost of a Data Breach Report.[10] A notable form of a social engineering attack involves the infiltrating of virtual metaverse communities with avatars misrepresenting their real identities.[11] These avatars progressively will try to build trust targeting individuals with the ultimate aim of extracting sensitive information like user login credentials and personal data. This sophisticated manipulation within the immersive digital space demonstrates the potency of social engineering threats in the metaverse, emphasizing the need for effective mitigation strategies. 

The financial impact of social engineering attacks is not limited to the direct costs of data breaches. These attacks can also lead to indirect costs, such as reputational damage, lost productivity, and litigation expenses. In addition to financial costs, social engineering attacks can also have a significant impact on individuals and organizations. For instance, these attacks can lead to identity theft, financial fraud, and emotional distress, and in some cases, social engineering attacks can even result in physical harm, such as stalking or assault. 

To mitigate these threats effectively, a comprehensive framework is necessary. Integrating advanced visualization technologies and AI-driven algorithms into metaverse platforms is crucial for real-time detection and prevention of suspicious activities. Additionally, user education initiatives must be implemented to empower individuals to recognize and resist social engineering tactics. Strengthening security protocols, implementing multi-factor authentication, and fostering collaboration between metaverse platform developers and cybersecurity experts are pivotal steps in fortifying the metaverse against social engineering assaults. 

Public health concerns 

The metaverse presents both opportunities and uncertainties for public health. In terms of opportunities, it holds the potential to revolutionize healthcare by providing a more immersive, interactive, and personalized experience for patients and providers. For instance, the metaverse could be used to provide virtual reality (VR) therapy for patients with anxiety or post-traumatic stress disorder (PTSD) and allow medical practitioners to perform virtual surgeries. 

Despite the huge potential for virtual public healthcare, there are major concerns regarding user safety, security, and the broader implications for public health. For instance, there is a growing body of evidence that users are being exposed to harmful content or behavior in the metaverse. Indeed, the integration of virtual and real-life consumption experiences in the metaverse can facilitate targeted advertising and consumer participation.[12] There is also evidence that the metaverse can enhance the use of “addiction by design” techniques, exploiting psychological-based reward systems to manipulate users.[13] Indeed, it is unclear what the long-term effects of spending time in the metaverse will be on people’s mental and physical health. With respect to users’ health data, there is also unease about medical confidentiality and privacy breaches where personal health and related biometric data could be misused, as well as fears of discriminatory practices where the data could result in denial of services.[14] 

A comprehensive framework is needed that establishes clear guidelines and regulations to successfully safeguard users from these public health concerns. Amongst a multitude of tools, this needs to include (1) employing robust moderation practices, (2) empowering users with safety tools that include obtaining explicit user consent for health data collection, (3) adopting appropriate and proportionate cybersecurity measures, which include regular software updates and security protocols, (4) educating users about cybersecurity best practices that encourages responsible use of the metaverse (5) implementing data minimization practices where only the necessary amount of health data is stored for a specified purpose, and (6) designing metaverse experiences to minimize addiction risks that also support those struggling with addiction. 

The digital divide is widening within the metaverse 

The metaverse, which promises to revolutionize human interaction, is at risk of becoming a haven for the privileged, which could leave behind billions of people who lack access to the required technology and infrastructure. This digital divide, if left unaddressed, could exacerbate existing inequalities and create new forms of discrimination, particularly as the technology requires reliably high-speed networks. Indeed, according to the International Telecommunication Union (ITU),[15] only 63% of the world’s population has access to the internet.[16] That is 37% of the population, which equates to 2.9 billion people that lack opportunities to go online or engage purposefully.[17] If not addressed, the digital divide might cost the global economy up to trillions of dollars in lost productivity. 

To dramatically shrink this digital divide, several policy decisions need to happen, which include, but are not limited to: 

1) Governments and telecommunications companies should collaborate to expand broadband Internet access to underserved areas, particularly rural and remote regions. Indeed, by 2025, mobile technologies and broadband services can potentially grow to US$5 trillion globally as countries increasingly benefit from the improvements in productivity and efficiency brought about by the increased take-up.[18] 

2) Develop affordable metaverse devices such as virtual reality headsets and augmented reality glasses, that are more affordable to ensure wider accessibility. 

3) Promote digital literacy and skills initiatives that equip individuals with the necessary digital skills to navigate and thrive in the metaverse. 

4) Invest in metaverse platforms that are designed with inclusivity in mind, considering the needs and experiences of diverse user groups that incorporate accessibility features and support multiple languages and cultural nuances, thus fostering inclusive communities. 

5) These are just some of the potential responses that can bridge the colossal digital divide that can cultivate a future where equitable access is underpinned by affordability, digital literacy, and inclusivity, unlocking the boundless opportunities the metaverse has to offer. 

Conclusion 

In navigating the multifaceted landscape of the metaverse, the world stands at the crossroads of unprecedented possibilities and pressing challenges. Tremendous strides have already been made, providing crucial benchmarks for adaptation. Most notably, the European Union appears to lead in crafting robust regulatory frameworks, showcasing a proactive stance in addressing the potential concerns discussed. Among these tools in development are the Digital Services Act (DSA), the Artificial Intelligence Act (AIA), the Data Governance Act (DGA), and the Online Platform Oversight regime, exemplifying this proactive stance. Every public or private user will, however, need to define their own specific measures, but in charting the course through the metaverse’s intricate terrain, countries ought to strive for a future where it not only thrives on innovation but is also safeguarded by vigilant regulatory measures. This should be epitomized by a proactive commitment to addressing emerging concerns ensuring a secure and inclusive metaverse experience.

 


[2] “Debunking a deepfake video of Zelensky telling Ukrainians to surrender,” France24, 2022, https://www.france24.com/en/tv-shows/truth-or-fake/20220317-deepfake-video-of-zelensky-telling-ukrainians-to-surrender-debunked 

[3] Brian Dolhansky, Russ Howes, Ben Pflaum & Christian Canton Ferrer, “The Deepfake Detection Challenge (DFDC) Preview Dataset,” arxiv, https://arxiv.org/abs/1910.08854. 

[4] Kyu-Seok Shim et al., Design and Validation of Quantum Key Management System for Construction of KREONET Quantum Cryptography Communication,” Journal of Web Engineering 21, no. 5, (2022) https://journals.riverpublishers.com/index.php/JWE/article/view/11187 

[5] Ken Huang & Winston Ma, Blockchain and Web3 : Building the Cryptocurrency, Privacy and Security Foundations of the Metaverse, 2022, https://catalogue.nlb.gov.sg/search/card?id=671c181a-6564-561e-89a9-70186fcd7615&entityType=FormatGroup. 

[6] Chiradeep BasuMallick, “What Are Smart Contracts? Types, Benefits, and Tools,” spiceworks, November 20, 2023, https://www.spiceworks.com/tech/innovation/articles/what-are-smart-contracts/ 

[7] Jonas Oppenlaender, “The Perception of Smart Contracts for Governance of the Metaverse,” Association of Computing Machinery, November 16, 2022, https://dl.acm.org/doi/fullHtml/10.1145/3569219.3569300 

[8] “What are Metaverse smart contracts, examples, and use cases?” Accubits Blog, 2023,- https://blog.accubits.com/what-are-metaverse-smart-contracts-examples-and-use-cases/ 

[9] “A Hacking of More than $50 Million Dashes Hopes in the World of Virtual Currency,” The New York Times, June 17, 2016, https://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-more-than-50-million-from-experimental-cybercurrency-project.html 

[10] “IBM Report: Half of  Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs,” IBM, July 24, 2023, https://newsroom.ibm.com/2023-07-24-IBM-Report-Half-of-Breached-Organizations-Unwilling-to-Increase-Security-Spend-Despite-Soaring-Breach-Costs 

[11] An avatar in the metaverse is a digital representation of a person that can be used to interact with other users and explore virtual worlds. Avatars can be customized to look like the user, or they can be created to be completely different. 

[12] Caitlin Curtis & Claire E Brolan, Health care in the metaverse, The Medical Journal of Australia, November 27, 2022, https://onlinelibrary.wiley.com/doi/10.5694/mja2.51793 

[13] Mohammed Javad Kooshari, Gavin R McCormack et al., “The Metaverse, the Built Environment, and Public Health: Opportunities and Uncertainties,” Journal of Medical Internet Research 25 (2023), https://www.jmir.org/2023/1/e43549 

[14] Gunther Meinlschmidt et al., “Mental Health and the Metaverse: Ample Opportunities or Alarming Threats for Mental Health in Immersive Worlds?” Association for Computing Machinery, April 19, 2023, https://doi.org/10.1145/3544549.3583750 

[15] The International Telecommunication Union (ITU) is a specialized agency of the United Nations responsible for coordinating telecommunications at the international level. Founded in 1865, the ITU is headquartered in Geneva, Switzerland, and has 193 member states. 

[17] “This is how to counter the global digital divide,” World Economic Forum, May 19, 2022, https://www.weforum.org/agenda/2022/05/how-to-counter-the-global-digital-divide/ 

Related Topics