NYLJ “Right Number, Wrong Phone: Court Examines Carrier Liability for ‘SIM-Swapping’”
By Steve Kramarsky
In July 2023, high-tech, silver spheres began appearing in cities around the world, offering users the chance to have their retinas scanned in return for a few dollars’ worth of a new cryptocurrency token from a company called Worldcoin.
The company has faced substantial skepticism, and its technology and business model have sparked debate across a host of different areas, including privacy, accessibility, security, business ethics, centralization and governmental oversight.
But the fundamental problem Worldcoin is trying to solve is an extremely important one. Worldcoin does not consider itself simply a cryptocurrency platform: it wants to create a unique, verifiable digital identity for all individuals based on “proof of personhood.” Proof of personhood is tech-speak for the idea of verifying that there is an actual human being at the other end of a computer-mediated transaction. Worldcoin and its competitors are attempting to answer an increasingly serious challenge: how can we be sure that the person we are communicating with is the person we think they are—or (in a world of convincing generative AI) even a person at all?
Currently, the burden of determining identity falls disproportionately on the consumer. Impersonation scams are common, and victims often find themselves with little recourse. If I wire money (or send gift cards) to a scammer under the mistaken impression they are a friend, relative, or co-worker in distress, chances are I will never see that money again.
This does not have to be the case; it’s simply how U.S. law is currently structured and where it places the risks of these transactions. Credit card companies routinely refund fraudulent charges, and the payment network Zelle (which is owned by seven major banks) announced this week, after years of pressure from Congress and consumer groups, that it would begin reversing transactions for customers duped by kinds of imposters. Such protections are thus possible and even commercially viable, but in general U.S. law has been slow to require them—they tend to arise out of market pressures, rather than government interventions.
But if a private entity, like Worldcoin, wants to take on the very lucrative role of “authenticator” for the entire digital financial system, should it take on the liability as well? If we agree to hand over the job of policing digital identity to a private actor, should that actor also compensate us when the system fails?
This article first appeared in the New York Law Journal on November 20, 2023. Stephen M. Kramarsky is a member of Dewey Pegno & Kramarsky, focusing on complex commercial and intellectual property litigation. Edward Lee, an associate at the firm, provided substantial assistance in the preparation of this article.