Microsoft, OpenAI Propose Governmentally Controlled Cryptographic Authentication Against AI Deception 

researchers from Microsoft and OpenAI proposed implementing ‘personhood credentials’ (PHCs), to combat AI deception.

On Tuesday, researchers from Microsoft and OpenAI, and other organizations proposed implementing ‘personhood credentials’ (PHCs), a cryptographic authentication method, to combat AI deception and verifying online users’ authenticity while maintaining their privacy.  

Personhood Credentials differ from traditional digital IDs by providing privacy through pseudonymity, guaranteeing the protection of users’ real identity without compromising it during verification.  

“Malicious actors have been exploiting anonymity as a way to deceive others online,” Shey Jain, product manager at Microsoft, addressed the issue of online deception. Jain further explained that the introduction of PHCs which guarantees personhood verification, may aid in the fight against these bad actors.  

How Personhood Credentials Work? 

Microsoft and OpenAI’s cryptographic authentication method functions in a similar way to Certificate Authorities for website ownership.  

Personhood credentials, on the other hand, focus on identity verification while protecting personal information. This concept is part of a broader framework, explained in the research paper, “Personhood credentials: Artificial intelligence and the value of privacy-preserving tools to distinguish who is real online” written by over 30 authors, including experts from Oxford and MIT. 

These verifiable credentials could be issued by governments or other trusted organizations, paving the way for the establishment of “roots of trust,” a term used to ensure that cryptographic processes are trustworthy and legal. 

Privacy Vs Digital Identity Verification 

Researchers have also raised the alarm bells that personhood credentials, while intended to provide pseudonymous verification of online users, do not fully eliminate online surveillance threats. 

“While PHCs preserve user privacy via unlinkable pseudonymity, they are not a remedy for pervasive surveillance practices like tracking and profiling used throughout the internet today,” said one researcher. 

This implies that even if cryptographic authentication prevents credentials from being shared between services, users’ privacy may be still at risk through other types of tracking. 

One of the most important advantages of PHCs is their capacity to link AI-powered agents to real individuals for online interactions’ authenticity. Online services could stop fraudulent AI-driven activities by making sure AI bots are associated with a real person with a valid PHC. 

Jacob Hoffman-Andrews of the Electronic Frontier Foundation told The Register that governments, who may become the issuers of credentials, could exploit the system to control who has the right to speak online, leading to repression and inequality. 

“It provides for governments – or potential hand-wavy other issuers, but in reality, probably governments – to grant people their personhood, which is actually something that governments are historically very bad at.” “Many governments have people who they’re responsible for, in one way or another, or who are under their control, that they consider ‘lesser people’ and they would prefer not to speak online.” 

Hoffman linked the idea to “choke point” where governments could limit online access, fragmenting the already divided internet. 

EU’s Cryptographic Authentication 

PHCs are part of a much bigger effort to handle digital identity verification issues, alongside initiative like the European Union Digital Identity (EUDI) digital wallets, the World Wide Web Consortium’s (W3C) Verifiable Credentials and W3C Credentials, designed to secure users’ online privacy all while pushing for cross-platform authentication. 

Researchers, however, highlight many threats linked to the implementation of PHCs, including guaranteeing fairness, protecting freedom of speech, and avoiding centralizing too much control with any single authority.  

These concerns, which have not been addressed by either Microsoft, nor OpenAI, when proposing personhood credentials, will only present a much broader debate on how digital identities and privacy can be weaponized by governments against its people. 


Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Intelligent Tech sections to stay informed and up-to-date with our daily articles.