The term metaverse was first coined in Neal Stephenson’s 1992 science fiction novel Snow Crash. It’s an interconnected virtual world, focused on social connectivity. The metaverse, as we know it today, is being fuelled by advancing virtual reality (VR) technology, and it’s influenced by the principles of Web3, touted as the next evolutionary step in the internet.
By 2026, a quarter of the global population will use the metaverse for at least an hour each day, research suggests. Barriers to adoption remain stark, and businesses are struggling to justify metaverse investment. Indeed, generative AI has stolen the metaverse’s thunder somewhat by demonstrating solid business use cases.
Metaverse technology could yet become useful, albeit sparingly deployed. There are potential use cases in training or networking, while it could also power the next generation of digital twins, to be deployed in medical diagnostics or in crime scene examinations.
The metaverse isn’t without its dangers, though. Just as crime has increasingly moved online, Interpol anticipates the metaverse will become a fresh vector for cyber crime. Cyber attacks are, indeed, an international problem, with infrastructure, perpetrators and victims often on different continents. With businesses hoping to use the metaverse safely and securely, Interpol is making a rare gambit to get ahead of the cyber criminals.
The metaverse’s cyber security challenges
Concerns remain about whether adequate mechanisms exist – or are in development – to protect metaverse users. One major challenge will be authenticating the digital identity of all users, to ensure malicious actors can be properly identified. The anonymising nature of the internet, and the metaverse, means the issue persists. There have been repeated proposals for mandating digital identities, but these have been controversial.
Cyber resilient infrastructure for a Zero Trust world
Combat threats with an in-depth security stance
Legislation and enforcement typically lag behind technology. Not all acts criminalised in the physical world, either, are considered crimes when committed online. One example is how the avatar of a 21-year-old researcher was sexually assaulted while using Meta’s VR platform. Interpol has already highlighted significant concerns regarding social engineering scams, as well as the prevalence of extremism and misinformation. As the metaverse becomes part of our work culture, it’ll lead to new ways in which crimes, including sexual assault, fraud, phishing, data theft and money laundering, can be committed.
The metaverse has also created a new avenue for data collection and processing. While regulatory frameworks already exist, such as the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018, the data collected and stored by firms operating metaverse platforms will create further challenges, especially regarding data protection, privacy and human rights. This, in turn, has implications for cross-border data exchange. Platforms will need measures to guarantee user safety and privacy, ranging from mutually-agreed technical standards to data proteciton by design principles.
How Interpol is planning for the future
The World Economic Forum (WEF) has recently partnered with Interpol, Meta, Microsoft and others to define and govern the development of the metaverse. But the elephant in the room is its fragmented development. Unlike in Snow Crash, there isn’t one metaverse, but potentially thousands.
Each company is building its own siloed digital space, and there’s no mutually agreed definition of what the metaverse actually is. There’s also been little attempt so far to establish shared points of commonality so the various metaverses can integrate with each other – not even in terms of the language used. Indeed, different terminology is in circulation, such as a user’s ‘avatar’ in one metaverse being called a ‘user profile’ in another, sewing the seeds for confusion cyber gangs can seek to exploit in future.
To overcome some of the potential law enforcement challenges, Interpol has created its own metaverse. Users are able to immerse themselves in a virtual representation of Interpol’s General Secretariat headquarters in Lyon. It allows legislators and law enforcement organisations to directly understand how the metaverse operates: by experiencing it for themselves. Interpol has also established an expert group, which will highlight law enforcement concerns and promote secure by design philosophies.
“By identifying these risks from the outset, we can work with stakeholders to shape the necessary governance frameworks and cut off future criminal markets before they are formed,” says Madan Oberoi, Interpol’s executive director of technology and innovation, in a statement released by Interpol. “Only by having these conversations now can we build an effective response.”
The future is here – but isn’t evenly distributed
The UK government has chosen to take a general approach to regulating the metaverse by incorporating this into the Online Safety Bill, which Ofcom will alone enforce. “The landmark Online Safety Bill captures all services where users can interact online, from websites and apps to the metaverse,” a government spokesperson tells ITPro. “We’re committed to making the internet a safe place and this bill ensures we can keep pace with technology’s rapid changes both now and in the future.”
With the metaverse developed in silos, it’s unlikely there’ll be further coordination, but a degree of collaboration would help ensure interoperability and security by design. This would enable the metaverse to become a safer place to work and conduct business, thereby ensuring user confidence and a swift uptake.
With the metaverse being an embryonic technology, there are significant issues that need to be addressed. Interpol’s focus on policing the metaverse is a step in the right direction, but it’s likely to be a rapidly evolving area for law enforcement, which will change as the technology does. Legislators need to collaborate with technologists and platforms to develop a feasible regulatory legislative framework for tackling crime within the metaverse.
