The real power of a document standard lies in the tools it enables
I’m sure you’ve attached a document to an email, downloaded a spreadsheet to your drive, or sent a photo in a text message. In each case, there’s a file format describing the information: .doc for Word documents, .xls for Excel files, .jpg for images. These formats describe things we encounter everywhere—not just photos and spreadsheets, but movies, disk images, and webpages.
Without these definitions, only people on the exact same system could collaborate. Each application would have its own private copy of data, never to be shared or used outside the system that created it. Different designers and systems would have their own ways of representing spreadsheets, documents, and photos. But because we have common agreements on how these documents work, applications and systems can be independently designed and still share data with each other. Thank goodness they do.
The Magic of vCons
The vCon is a new document standard that describes a conversation—who was in it, what they said, any important context, and a running list of how those conversations have been analyzed. They’re typically created after conversations end by the systems that hosted them: phone systems, mobile phones, email servers, and messaging systems. Just like any other document, a vCon can be saved to disk, attached to an email, and sent across networks.
Some systems only create them, like a “Smart Trunk” that sends you vCons when conversations complete. Others analyze, store, and protect them. Just like other formats, having a standard enables independent development of tools and applications, plus service providers that specialize in processing and analysis.
And thus, the magic of vCons.
By agreeing to a definition, you can express opinions about conversations. Does this conversation include more than one speaker? Do they speak English? Who recorded it? Does it include personally identifiable information? Do I have permission to possess this conversation? What permissions do I have to analyze it?
You can also express independent opinions about the same conversation. Is this conversation real, or is it a deep fake? One system might tell me it’s authentic, yet when I check the vCon’s signature with my system, it was clearly tampered with.
Why Dan and I Brought vCon to the IETF
That question particularly motivated Dan and me to bring vCon to the IETF, especially as we saw AI enter the scene. There’s no fundamental difference between malware injection into an open source repository and a deep fake recording injected into an AI pipeline. When you can create clones of video and voice trivially, how do you know what’s real and what’s not?
Fortunately, the internet offers a proven solution. When you enter https://amazon.com into your browser, public key infrastructure (PKI) and HTTPS ensure you’re connecting to the legitimate server and enable encryption of all traffic. Similarly, when a vCon is signed using PKI, recipients can cryptographically verify the sender’s identity and encrypt the vCon for secure transmission over insecure channels.
The Stakes: Preventing Reality Collapse
The results are more than fraud reduction and increased compliance—it’s fundamentally about preventing reality collapse. In AI discussions, reality collapse describes the point where people can no longer reliably separate truth from fabrication. Advanced generative models now create text, video, and audio so convincing that the line between authentic and synthetic blurs completely.
The drivers include deepfakes, mass-produced misinformation, and feedback loops where AI-generated material becomes source data for other systems. The sheer volume and realism make falsehoods easier to spread and truth harder to maintain. Bad actors exploit this uncertainty, dismissing real evidence as fake or promoting convincing fabrications as genuine.
The consequences are serious: courts, elections, markets, and communities all depend on stable definitions of fact. If that foundation breaks down, society risks an “epistemic crisis” where competing realities fragment public life. Philosophers like Baudrillard called this hyperreality—when simulations matter more than underlying truth. AI pushes us closer to this condition, raising the prospect that reality itself could collapse as a shared reference point.
SCITT: Your Global Digital Notary
This is where SCITT (Supply Chain Integrity, Transparency, and Trust) enters as vCon’s companion technology. Think of SCITT as a global digital notary service creating unbreakable records of what happens to every conversation. Just as a notary public verifies your identity, witnesses your signature, and records events in an official journal, SCITT does the same digitally—but with cryptographic precision surpassing any physical notary.
When a vCon is created, shared, analyzed, or deleted, SCITT records these events in an append-only ledger that cannot be altered or erased. Unlike traditional databases where records can be quietly modified, or blockchain solutions forcing everyone to use the same technology, SCITT provides cryptographic proof while remaining technology-agnostic. Any organization can verify authenticity and trace complete histories without trusting whoever presents the data.
Where Consumer Protection Meets Business Efficiency
This combination creates something remarkable: the first privacy framework where consumer protection and business efficiency point in the same direction rather than pulling against each other.
For consumers, vCons with SCITT mean they can finally express digital rights with precision and prove those rights were respected. They can grant consent for customer service improvement but not marketing. They can allow transcription but not voice analysis. They can set expiration dates on permissions and cryptographically verify that expired consent was actually honored. Most importantly, they can prove whether their conversation is authentic or AI-manipulated.
For businesses, this same framework provides the regulatory certainty you’ve been seeking. Instead of guessing whether you have proper consent, you can cryptographically verify it. Instead of struggling to prove compliance across dozens of jurisdictions, you have immutable records of every action taken with personal data. Instead of treating privacy as a cost center, you can treat it as competitive advantage—demonstrating to customers and regulators that your data handling practices are transparent and verifiable.
Turning the Tables on Bad Actors
Here’s what makes this approach particularly powerful: this system enables those with proper permissions to do the right thing, prove they’re doing it, and guarantee the data rights of the subjects involved. Meanwhile, bad actors reveal themselves through their inability to provide these same cryptographic proofs.
Think about it. If I’m operating legitimately, I can show you cryptographically verified consent, immutable audit trails, and authenticated conversations. I can prove my data handling practices are transparent and compliant. If someone else claims to be doing the same but can’t produce these proofs, that tells you everything you need to know about their operation.
This fundamentally shifts the burden. Instead of regulators and consumers having to trust promises and policies, legitimate operators can provide mathematical proof of their practices. Bad actors, by contrast, will be identified by their lack of these abilities—they’ll be the ones asking you to “just trust us” while offering no verifiable evidence.
The Path Forward
The reality collapse we face isn’t inevitable. It’s the result of systems designed without consideration for truth, authenticity, or accountability. But vCons and SCITT represent a different path forward—one where economic incentives align with preserving truth rather than undermining it.
When conversations can be cryptographically verified, when consent can be mathematically proven, and when every action involving personal data leaves an immutable trace, we create the trust infrastructure our digital society desperately needs. This isn’t just about better privacy compliance or more efficient business processes. It’s about building the foundation for a digital world where truth and trust can coexist with innovation and efficiency.
Thomas Howe
Thomas is the Chief Technology Officer at Strolid, a company that engages car buyers on behalf of dealers, making it easier to take care of the customers in the store. He is the co-author of vCon, a key component in data-centric artificial intelligence and machine learning, and a leader of teams that design and develop cutting-edge communication solutions. In both roles, Thomas thinks you should listen to customers. For real.
With over 30 years of experience in the real time communications space, Thomas has been a noteworthy leader and a founder of several companies that have gone public or have been acquired. He has received multiple awards and 15 patents for his innovative work in VoIP, SIP, ADSL, and voice architecture. He is passionate about creating products that enhance customer experience, agent satisfaction, and productivity. He holds a degree from the University of Massachusetts and currently resides on Cape Cod.
Comments are closed