I guess maybe. A system like that isn’t easy to set up, and it’s not like there aren’t plenty of scams out there already to provide whatever incentives.
To have helped with the publicized incident, the verification would have had to be both mandatory and very strong, because the scammer was claiming to be calling from the kidnapper’s phone, and could easily have made a totally credible claim that the victim’s phone was unavailable. That means no anonymous phone calls, anywhere, ever. A system where it’s impossible to communicate anonymously is very far from an unalloyed good, so it may or may not be a “positive consequence” at all on the whole.
Also, for the niche that voices were filling, anything that demands that you carry a device around with you is just plain not as good.
It’s pretty rare to get so banged up that your face and voice are unrecognizable, especially if you can still communicate at all. Devices, on the other hand, get lost or broken quite a bit, including in cases where you might be trying to ask somebody you knew for money.
In the common “I got arrested” scam, the mark expects that the impersonated person’s phone won’t be available to them. The victim could of course notice that the person isn’t calling from a police station, assuming the extra constraint that the identification system delivers an identifier that’s unambiguously not a police station… but that just means the scammer switches to the equally common “I got mugged” or “car accident” scams. There are so many degrees of freedom that you can work around almost any technical measure.
Voices (used to) bind the content of a message directly to a person’s vocal tract, and faces on video came pretty close to binding the message to the face. Device-based authentication relies on a much longer chain of steps, probably person to ID card/database photo to phone company records to crypto certificate to key to device. And, off on the side, the ID card database has to bind that face to information that can actually physically locate a scammer. Any of those steps can be subverted, and it’s a LOT of work to secure all of them, especially because...
With no coordination at all, everybody on the planet automatically gets a face and a voice that’s “compatible with the system”, and directly available to important relying parties (namely the people who actually know you and who are likely to be scam victims).
Your device, on the other hand, may be certified by any number of different carriers, manufacturers, or governments, who have to cooperate in really complicated ways to get any kind of real verification. It takes forever and costs a lot to set up anything like that at the scale of a worldwide phone system.
It would be easier to set up intra-family “web of trust” device-based authentication… but of course that fails on the “mandatory” and “automatic” parts.
Device-based authentication can be stronger in many ways than vocal or visual authentication could ever be, and in some cases it’s obviously superior, but I don’t think it’s a satisfying substitute. And most of its advantages tend to show up in much smaller communities/namespaces than the total worldwide phone system.
I guess maybe. A system like that isn’t easy to set up, and it’s not like there aren’t plenty of scams out there already to provide whatever incentives.
To have helped with the publicized incident, the verification would have had to be both mandatory and very strong, because the scammer was claiming to be calling from the kidnapper’s phone, and could easily have made a totally credible claim that the victim’s phone was unavailable. That means no anonymous phone calls, anywhere, ever. A system where it’s impossible to communicate anonymously is very far from an unalloyed good, so it may or may not be a “positive consequence” at all on the whole.
Also, for the niche that voices were filling, anything that demands that you carry a device around with you is just plain not as good.
It’s pretty rare to get so banged up that your face and voice are unrecognizable, especially if you can still communicate at all. Devices, on the other hand, get lost or broken quite a bit, including in cases where you might be trying to ask somebody you knew for money.
In the common “I got arrested” scam, the mark expects that the impersonated person’s phone won’t be available to them. The victim could of course notice that the person isn’t calling from a police station, assuming the extra constraint that the identification system delivers an identifier that’s unambiguously not a police station… but that just means the scammer switches to the equally common “I got mugged” or “car accident” scams. There are so many degrees of freedom that you can work around almost any technical measure.
Voices (used to) bind the content of a message directly to a person’s vocal tract, and faces on video came pretty close to binding the message to the face. Device-based authentication relies on a much longer chain of steps, probably person to ID card/database photo to phone company records to crypto certificate to key to device. And, off on the side, the ID card database has to bind that face to information that can actually physically locate a scammer. Any of those steps can be subverted, and it’s a LOT of work to secure all of them, especially because...
With no coordination at all, everybody on the planet automatically gets a face and a voice that’s “compatible with the system”, and directly available to important relying parties (namely the people who actually know you and who are likely to be scam victims).
Your device, on the other hand, may be certified by any number of different carriers, manufacturers, or governments, who have to cooperate in really complicated ways to get any kind of real verification. It takes forever and costs a lot to set up anything like that at the scale of a worldwide phone system.
It would be easier to set up intra-family “web of trust” device-based authentication… but of course that fails on the “mandatory” and “automatic” parts.
Device-based authentication can be stronger in many ways than vocal or visual authentication could ever be, and in some cases it’s obviously superior, but I don’t think it’s a satisfying substitute. And most of its advantages tend to show up in much smaller communities/namespaces than the total worldwide phone system.