Saeed Ahmad, Managing Director Middle East and North Africa at Callsign, outlines what the metaverse means for our digital identities and how we can secure them.
It’s 2023, and the concept of an immersive and highly interactive world feels closer than ever. We are entering an era in which the extended reality of the metaverse is poised to change how we interact with each other, both in the physical and virtual worlds.
The UAE has been rapidly developing its metaverse ecosystem. Launched in the second half of 2022, the Dubai Metaverse Strategy seeks to make Dubai one of the world’s top ten metaverse economies and a hub for the metaverse community. Earlier this year, the city held the Dubai Metaverse Assembly, which brought together more than 300 global experts, policymakers, thought leaders, and decision-makers to determine the most effective strategies for capitalizing on opportunities in the metaverse across government and sectors. The overall objective of the strategy is to promote Dubai’s aspirations to expand its blockchain presence and support over 40,000 virtual jobs by 2030.
However, just as the metaverse presents opportunities for good by providing a neutral space for social interaction or new marketing avenues for business owners, it also opens the door for malicious actors to engage in acts of cybercrime and virtual bullying, not to mention the privacy and security concerns that come with a lack of current regulation.
Regulation in the metaverse
Metaverse has a dark side and requires regulation, legislation, and execution procedures, such as how to arrest a person in virtual reality in the event of a conflict when it is difficult to confirm a person’s identity. In Dubai, the Dubai Virtual Asset Regulatory Authority (VARA) was established last year to protect investors and design international standards to govern the virtual asset (VA) industry in order to promote responsible business growth under prudent regulations.
In theory, regulations, and real-world controls, such as the Dubai Virtual Assets Regulation Law and the UK Online Safety Bill, the Digital Services Act from the EU, and GDPR, will apply in the metaverse to protect users from online harm including abuse and fraud. But in the same way as other online spaces, it is still rapidly evolving, incorporating various technologies, which makes regulation difficult to implement.
If the internet, an initially unregulated online arena, has taught us anything, it is that protections must be included from the start and not as an afterthought. But who is in charge of ensuring this happens?
According to Callsign research, 54% of MEA consumers have a strong expectation that governments and the public sector will be held accountable for enforcing laws and establishing a secure digital environment, just as they are in the real world.
Therefore, the onus is on governments and regulators to work with the tech sector and hold companies accountable when it comes to protecting users and fighting identity fraud online.
Understanding the metaverse
Furthermore, as the concept of our digital identity takes on a new meaning in the metaverse, people need to be educated on the risks as much as the benefits – and this starts with developing an understanding of what the metaverse is.
Although the number of worldwide consumers who have heard of the metaverse has increased from 32% in July 2021 to 74% in March 2022, just 15% believe they can explain the concept to others. If the metaverse is a difficult concept for individuals to grasp, the complexity of privacy and security issues that it introduces will be incomprehensible to most.
Bad actors, for example, could obtain personal information through phishing emails, hacked devices, or data theft in order to adopt a user’s identity, including their avatar, and use it to conduct fraud in the metaverse. Users must be informed on the metaverse’s privacy and identity theft risks so that they can take the same measures they would in the physical world.
This can be accomplished through educating users about the existing security, interaction, data governance, and regulatory compliance norms, as well as emphasizing the constraints of a new, less centralized digital environment.
At the same time, those developing the technologies that will comprise the metaverse must incorporate modern identity verification technologies, such as behavioral biometrics, to offer ongoing authentication of users.
Behavioral biometrics refers to behaviors that can uniquely identify and authenticate people in a robust and failsafe manner, such as how someone swipes their phone, types in their password, or uses a mouse to browse their computer. This method’s frictionless privacy-preserving and non-intrusive nature, in particular, makes it suitable for governments, regulators, and enterprises struggling to balance security and user experience in the metaverse.
Building digital trust
By communicating the processes in place to protect an individual’s digital identity, users can be reassured that they are safe online, allowing them to roam freely in the metaverse and driving trust in the digital world.
Globally, consumers display a higher level of trust in society than they do in the online world, it’s vital to put the necessary measures in place to close this gap if the metaverse is to have any chance of widespread adoption. People need certainty around who they interact with online, especially as identities are easily concealed behind customised avatars in virtual reality.
The current iteration of the internet (Web 2.0) is riddled with issues such as scams, fraud, and other online harms. If this situation has taught us anything, it is that identity is at the heart of our modern digital world, and governments and corporations must construct interactions with a trust-first approach if we are to reap the benefits of our online economies.
Criminals will have greater opportunities to exploit people’s identities in 2023, but we should see this as an opportunity to develop strong rules and regulations to protect people online. As discussions around the metaverse continue to evolve, organizations must now take the time to understand the importance of identity as a fundamental principle and a basis on which to establish and drive digital trust.