Experts predict that deepfake videos will be the
newest way false information is spread. Some researchers even have a wager
going on whether they will impact the midterm elections.
Deepfakes are a new breed of fake
videos that use artificial intelligence (AI) to make a falsified video
virtually undetectable by swapping out someone's face and voice with an
imposter's. The consensus among researchers is that deepfakes will eventually
be used to impact a political election, whether this year or in the near future.
This
is much more than a Photoshopped meme or a fake news story. With deepfake
videos, algorithms are used to recognize actual audio or visual aspects of a
person and then, just as with a fake photo, an actual video of that person is
doctored to replace what they really said or did with a false video clip that
perfectly mimics them. It's nearly impossible to know that the video isn't
real.
Social media platforms such as
Facebook, Twitter, YouTube, and Reddit are prime candidates for deepfake
creators to target.
It's
such a concern that the September congressional hearings with
Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey included questions
about deepfake videos, how they manipulate the public, and what the companies
are doing about it.
The
threat even led the Defense Advanced Research Projects Agency (DARPA) at the
Pentagon to embark upon a Media Forensics project to identify
deepfakes and other deceptive images.
Deepfakes gained attention earlier this year when
BuzzFeed created a video that supposedly showed Obama mocking Trump.
The truth was that deepfakes technology was used to superimpose Obama's face
onto footage of Hollywood filmmaker Jordan Peele.
While deepfakes began as a way to clumsily
misrepresent celebrities in spoofs and sexually explicit videos, it is actually
very complicated to create an undetectable deepfake video.
"Sophisticated multimedia
editing used to require significant human expertise and time, even with the
best commercial tools. Today, we are seeing tools come directly from the
research community that allow for photorealistic manipulation and special
effects that used to cost millions of dollars to create. While these tools are
an asset to content creators such as those in Hollywood, they are lowering the
bar for those that want to use them for adversarial purposes, said Matt Turek,
DARPA program manager.
Not
ready for primetime
Despite
this, some researchers have a friendly wager on whether deepfakes will be an
impact by the end of this year, with a political candidate being the subject of
a deepfake video that receives more than 2 million views before it's determined
that it's not real.
Tim Hwang,
director of the Ethics and Governance of AI Initiative at the Harvard
Berkman-Klein Center and the MIT Media Lab, started the wager to begin a debate
to see if his colleagues believed deepfakes would become a threat before the
end of 2018, and possibly impact the midterm elections. Hwang said he is in the
camp that doesn't believe deepfakes will cause a huge impact before the end of
the year.
"It's
not ready for primetime yet," Hwang said of deepfakes. "I think
people who want to spread disinformation are pragmatic in what's the easiest
way to have the biggest effect. And right now, machine learning isn't like
that."
Rebecca Crootof, executive
director of the Information Society Project and a research scholar and lecturer
in law at Yale Law School, said she wagered "yes" that deepfakes
could have a serious impact by the end of 2018.
"It's
not a matter of if, it's a matter of when—and when we learn that it happened.
Chances are, we will only learn that a deepfake affected an election after the
election takes place," Crootof said.
It's
all in the blinks
Some
researchers are working to find ways to combat deepfakes. Siwei Lyu, director of
Computer Vision and Machine Learning Lab at University at Albany SUNY, has
researched digital media forensics for 15 years, and he co-wrote a paper in June that outlines how to
know if someone is lying. His discovery: t's all in the blinks. If someone
doesn't blink much in a video, it's suspicious.
His
team is seeking other ways to detect fakes, but he is keeping those methods
confidential so that it doesn't help the people creating deepfakes find ways to
dodge detection.
"We
just got interested in this deepfake phenomenon earlier this year. The first
thing we did is actually got a piece of the deepfake software and we actually
played with the software, we actually improved it a little bit. Because we
always believed to understand, to detect any faulty media we need to have a
better understanding of the generation process," Lyu said.
"We
have an improved version of the software, the algorithm, and we synthesized
about 50 different sequences of those videos. We try a bunch of ways to detect
that video, you know to tell the difference between the fake video and the real
video," he continued.
Lyu said by spending so many
hours watching deepfake videos, and studying the videos, his team began to pick
out small differences. For example, he felt uncomfortable and a bit uneasy
watching the videos.
Never
underestimate the importance of intuition. "I couldn't pin it down until
one day, after probably viewing them for [a long time], I got really
tired," Lyu said. Then suddenly I realized, the faces in those fake videos
seem to be never blinking. That's the uneasy feeling that I related to an early
experience of when I was a kid, playing with other kids, doing staring
contests. We would just stare at each other, without blinking, to see who is
going to blink first. Each time I did that I felt very uncomfortable when I was
a kid.
"At
the very beginning I thought this may be just a particular artifact of one
video we synthesized, so I went back and watched all the videos we synthesized,
and it seems that to be very consistent with videos longer than 10 seconds,
sometimes 20 seconds or 30 seconds, and the figures in those videos, they don't
blink," he said.
Adversarial
training to avoid detection
The
creators of deepfakes use adversarial training to learn how to beat the fake
detector techniques, said Paul Resnick, founder and acting director of the
Center for Social Media Responsibility at the University of Michigan.
"The
idea is, suppose we have some automated detection that's developed and it looks
at all the characteristics at people, like, it looks at if the skin tone's
correct, and are people breathing at the right rate, and if the pulse in the
forehead is the same as the pulse in the neck, and whatever things that you can
imagine that you might put into a detector. But the attacker will be able to
use that detector and train against it. So they'll be able to build their
faking techniques that automatically check to make sure that the detector is
not able to detect that they're fake," Resnick said.
"So
they can sort of train their generator of fakes by having it automatically try
to run the detectors. So that's part of what makes me pessimistic about being
able to have effective detectors that are based solely of the contents of the
video, because the attackers are eventually gonna get sophisticated enough to
use the detectors as part of their training process for making their attack, or
making their fakes," he said.
Since
there are ways to get around software that detects fakes, using digital
signatures on videos, and knowing where a video came from and who created it
will be key toward avoiding the spread of deepfakes, Resnick said.
The GAN approach
"Danielle
and I are trying to focus on true deep fakes, particularly GANs, and we take
the view that we have not yet reached the day when true deep fakes are
circulating with intent to deceive, though that day is looming," Chesney
said.
GANs
refers to "generative adversarial networks." The GAN approach brings
two neural networks to bear at the same time. One network learns to identify
the patterns in a digital media clip, such as of a politician's face, and the
second network serves as a viewer to figure out if an image or video clip is
real or not. The second network gives feedback, and the first network uses it
to improve the believability of the deepfake video. This is all done using
machine learning and AI, so the speed and scale cannot be mimicked by humans,
Chesney explained.
DARPA's
Turek added that, "GANs enable a computer to automatically generate
manipulations. Now, with the right training, we can have a computer
automatically generate what used to take a graphic artist several hours, if not
days, to create by hand."
A
new kind of blackmail
The
problem is that while currently high-quality deepfakes are difficult to make,
they will soon become easier to create. Once that happens, people with
malicious intent could create deepfakes to destroy reputations of political
candidates and others, because high-profile individuals are particularly at
risk. And once a video goes viral, it's nearly impossible to stop.
"Right
now there are labs out there that can do some really amazing fakery,"
Chesney said, "Access to that is not yet widespread. What is primarily
available is not-so-sophisticated stuff that won't as readily pass the eyes and
ears test."
Crootof
said that the danger in deepfakes lies in that "they allow for new kinds
of blackmail, electoral manipulation, and inflaming extant social tensions.
Also, as Bobby Chesney and Danielle Citron have noted, they increase the
possibility of a 'liar's dividend.' Once the public is aware of the possibility
of deepfakes, it allows liars to claim that an accurate video is just a
deepfake.
"Most
critically, they risk further eroding trust in sources of information, thereby
contributing to the continued fragmentation of our public discourse," she
said.
Search remains for
silver bullet solution
Currently,
no sure-fire way to detect a deep fake exists. "At present, there doesn't
seem to be a silver bullet. All of the suggested solutions - more critical
analysis in education, technological watermarking, legal bans, and ongoing
surveillance by a trusted independent third-party entity - to combat deepfakes
are either insufficient to prevent most problems or raise their own set of
(possibly worse) issues," Crootof said.
Instead,
Crootof expects this will play out much like altered photographs - where people
will become increasingly aware of the possibility of deepfakes, and lose faith
in what they see.
With
the rate of advancement in image and video editing tools, Turek believes that
in the next few years manipulations may no longer be limited to a single image
or video. "We could face the threat of entire events being fabricated with
images, videos, and audio content coming from multiple views and locations,
providing overwhelming amounts of false evidence," he said."One could
imagine with widespread dissemination that this could provoke riots, cause
political unrest, or even prompt militaries to act, all on bad information.
The
ramifications from this are unprecedented. "This is, of course, a serious
concern, not only for the Department of Defense and military but to our nation
in general," Turek said. "We rely heavily on visual media in
everything from news reporting to law enforcement to open source content used
to help understand trends happening around the world. If our trust is
undermined and we can no longer have confidence in the provenance of our media,
we will have difficulty believing all forms of communications."
It
will lead to the public not trusting videos in general. Resnick said, "In
the longer term, I don't think it's likely that the public will be fooled a lot
of time, because once it becomes well known that you can't trust video, then
they'll be an adjustment that people make. They won't assume that anything that
they've seen is a real video. Just because you've seen it with your eyes in a
video isn't enough on its own to conclude that it really happened."
The truth is that AI is still relatively rare in the banking world, with
only 5.5 percent of banks in our survey equipped with genuine AI systems.
Meanwhile, the rest are relying on automation and machine learning (ML)
technologies. In other words, financial institutions (FIs) that use AI are few
and far between, but that’s not to say FIs from aren’t investing in it — or
rather in what they think it is.
their operational pain points, and how they plan to invest in these
systems going forward.
their ML and AI systems. Furthermore, 82 percent plan to increase their
investments in supervised and unsupervised learning technologies in the coming
years. Smaller banks are not far behind, with 53 percent planning to invest
more in the near future.
