Debunking Deepfakes Unmasking Digital Deceptions

Show video

[MUSIC] Welcome to TecHype. A series that debunks misunderstandings around emerging technologies, provides nuanced insight into the real benefits and risks, and cuts through the hype to identify effective technical and policy strategies. I'm your host, Brandie Nonnecke. Each episode in the series focuses on a hype technology. In this episode, we're debunking deepfakes. You've likely seen a few deepfakes when scrolling through social media or in a major film.

One of my personal favorites is Dwayne ''The Rock'' Johnson's face, superimposed onto Dora the Explorer. Seriously Google it. You will laugh for days. Now while deepfakes can be a creative and often hilarious outlet, they can also be extremely dangerous.

I'm going to share a clip with you right now if Senator Ted Cruz, Elon Musk, and President Biden discussing the risks of deepfakes. A deepfake impersonating a politician can undermine a democratic election. Impersonating a CEO can cost stock price to plummet.

Impersonating a head of state in war could break out. You just heard Senator Ted Cruz, Elon Musk, and President Biden. Or did you. You might have been able to tell in their voice or the way their lips moved that something just wasn't quite right, that there was a tell there that you knew it was faked. But deepfake technology is becoming increasingly accessible and much more advanced.

I created these audio deepfakes in about a minute using an app I found online. What can be done to better ensure we realize the benefits of this transformative technology while mitigating its risks? Today, I'm joined by Professor Hany Farid for read professor at the University of California, Berkeley with a joint appointment in Electrical Engineering and Computer Sciences in the School of Information. Hany specializes in the analysis and digital images and the detection of digitally manipulated images such as deepfakes. Hany, thank you so much for joining me today for this episode of TecHype. It's great to be here, Brandie. Thank you so much. I think it's

really important that we start with a definition. What are deepfakes? Good. Deepfakes is a very broad term. It's an umbrella term that refers to content, text, audio, image, or video that has been synthesized by a machine learning algorithm. That's the umbrella group. Now within that is lots of different things that can happen.

Yours was a particular type of audio and video deepfake. But the core idea is that we have taken what used to be in the hands of manual operations, somebody sitting in Photoshop or video After Effects or a Hollywood studio, manipulating images and videos and audio, and we've automated that. We have handed that over to a machine-learning algorithm so that it can automatically do that.

With that comes something really interesting, which is the democratization of access to a technology that used to be in the hands of the few, are now in the hands of the many. When we talk about this, it's not so much, we can manipulate images and video. We've always been able to do that. But now, it's not just one or two people, but millions of people like you. You went and download an app in a minute and created an audio. That really is what is new here; is that democratization.

Quickly a follow up on that, the democratization, I've often heard what I created be referred to as a cheapfake. Yeah. There are two terms going around; cheapfake and deepfake. Cheapfake has historically meant things that are done by, for example, here's my favorite example of a cheapfake. Somebody created a video of Nancy Pelosi and it made it sound like she was drunk.

All they did was just slow down the audio. You could do that to this recording too. Slow this down when you play it back and we will sound like we've been having a couple of drinks before our interview. That was a cheapfake. The deepfake is typically is referring to the use of machine learning or artificial intelligence to generate it.

There's nothing fundamentally profound about that. I mean, you don't care how the fake has made. You care that lots of people can do it and what can they do. Yeah. It sounds like there's a lot of misunderstandings around how deepfakes are made and how widely available they are. One of the main goals of TecHype is to debunk misunderstandings around emerging tech so that we can fully understand the real benefits and risks.

What do you think are the three most common misunderstandings about deepfakes? I think one of the biggest misunderstanding is that anything can be deep faked. A person running through the streets screaming, a person being brutalized by a police officer. That because we have technology that can create the types of deepfakes that you generated, absolutely anything.

And that is simply untrue. There are limits to what are possible today. For the most part, where deepfakes excel is chest and up.

A talking head like this right here. That is actually pretty good. The voice is getting better. I'm getting my mouth and my body to move.

But mean running down the street, full body animation, we're not there yet. We will, we will get there, but we're not there yet. I think that there are still some limits to what is possible with current state-of-the-art deepfake technology.

How close our way though to that future scenario of full body deepfakes? That's the right question. I don't know, but here's what I can tell you is that if you look at the trend, so I've been in this business for a long time, usually we measure advances in the technology in years. Now we are measuring it in weeks and months.

The deepfakes splashed on this screen about five years ago and we have seen a phenomenal evolution and the technology. Really, every few months you see advances. We're just getting our heads around one technology and ChatGPT shows up and blows up the world.

At the rate at which it is going, I think you can measure full-blown animation of bodies, animals, objects, complex scenes in years, not decades. Also, are there any other misunderstandings? We've discussed this first one about how anyone, whether or not they can create a convincing deepfake. One or two other misunderstandings.

Here's another one and I know where this one comes from in the early days of deepfakes, the consensus was this was a risk only to famous people. The politicians, actors, actresses, people hosting television shows. That used to be true. The reason it was true was that in order to create deepfakes four or five years ago, you needed a lot of content. You needed hours and hours of audio.

Joe Rogan, for example, was easy to deepfake. Relatively easy. President Obama was relatively easy to fake because there are hours and hours of video. The sense was, well, me, you, the average person, we're not really at risk.

That has changed. For example, if you look in the space of non-consensual sexual imagery, which is probably one of the most disturbing trends in the use of deepfake technology where people take the likeness of primarily women and insert them into sexually explicit material and then carpet bomb the Internet with that. That is affecting not just politicians and actors, but it is affecting journalists and human rights activists and lawyers and people who attract unwanted attention.

Because even now with a relatively minimal digital footprint, I can go search your name online and I'll find a few dozen photos and that's enough now to start to create reasonably convincing deepfake. That's because the technology has gone from needing hours and thousands of images to less and less and less and now we all have some risk because we have an online digital profile. Wow, this is extremely troubling because we all have images online. What's another misunderstanding? Here's the one that I think is most interesting in some ways.

We tend to focus on the threats of deepfakes in terms of what we can create. We can create a video of the President of United States saying something, or a CEO saying, our profits are down 20% and then watch the market move to the tune of billions of dollars, or non-consensual sexual imagery. There's another threat here which often goes unnoticed, which is that when we enter this world where anything can be manipulated, well then everybody has plausible deniability to say that anything is fake. Now a video of police violence, human rights violation, a politician saying something inappropriate or illegal, it's fake. I applaud deniability. I don't have to own up to anything.

In fact, you saw that play out. Then candidate Trump in 2015 got caught on the access Hollywood tape saying some awful things about women and he apologized. He said, I'm sorry, that was not appropriate. Fast-forward two years he's now President of the United States, deepfakes have entered into the lexicon, he is asked about it, it's fake. Done. I washed my hands a bit.

Prove it's not. Here's the thing. I don't think that's a plausible argument because that tape was released well before the deepfake technologies emerged. But today, if there is an audio recording of President Biden saying something inappropriate, he has a reasonable argument that how do you know that that's real? This is the so-called liars dividend.

That when anything can be manipulated, images, audio, and video, well then nothing has to be real. I got to ask you, how do you reason about the world? How do we have a democracy in a society when we all can't believe anything we see or hear or read online, these are potentially existential threats to democracies and society. Yes, this is very problematic because essentially, if there's no definitive truth, then everything can be a lie. We can revert back to our own closely held beliefs.

We can just believe what we want to believe and the facts are not my problem anymore. We're already sold in that world with the mass that is the online information ecosystem and the hyperpolarization of social media. We're already there and the deepfakes have the potential to push us beyond that boundary even further. I created that various simple deepfakes in a matter of hours and was able to post it on YouTube, which could be extremely dangerous if somebody were to use that to leverage it for a political purpose. We've talked about three misunderstandings. Let's talk a little bit about the benefits.

We have talked about mis, I want you to also discuss risks because I think we should always be discussing benefits at the same time as risks so that we can better understand what we need to do to make sure we maximize benefits and mitigate the risks. What do you think are the three real benefits and risks? The question you want to ask given the conversation we've had up until now is, why are people developing this technology? This seems completely bonkers. If you look at where this technology is being developed as primarily coming from the academic community and it's primarily coming from people who are in the computer graphics and computer vision world. These academic communities have for years, for decades, developed technologies for special effects in the movie industry.

You said this, The Rock and Dora the Explorer. By the way, I agree with you, fantastic. You should go Google it. It's great. These technologies, the primary application and the primary driving motivation is to develop technology for special effects computer graphics in the movie industry. Arguably it is going to revolutionize the way movies are being made. That's number 1. Number 2 is artists were very quick to use this technology from very creative purposes.

There's lots of fun things you can do with these technologies. It's also great for political satire. We should be able to make fun of our politicians.

That's really important. There's another really interesting application, it is not without controversy, but I think it is interesting, which is people have used deepfake audio and video for campaigns to further political causes. For example, there was a young man who was killed in the Parkland shooting.

His parents, created a deepfake of him, bringing him virtually back from the dead. Asking, begging, pleading for movement on gun violence in this country. It was very powerful because you saw this young man who was gunned down coming back to plead his case. Some people thought it went too far.

I think that's a reasonable argument to have, but I think from the perspective of a mostly positive application, you can see why these could be very powerful. Let me add a fourth one if you don't mind. Sure, please.Yes. Because this is also, I think, going to bring some really interesting ethical questions. Some people are starting to use deepfakes to bring back their loved ones from the dead. I was going to ask you about that, the posthumous and what are the rights of [OVERLAPPING] those individuals to their likeness? I think what's going to be really interesting is imagine a world where somebody can take the body of writings, you've done interviews, you've done, conversations you've had and using AI to create an interactive chatbot, ChatGPT, and then animate them with deepfakes so that you can have day-to-day conversations with them in the morning, in the afternoon, in the evening whenever you want.

It's essentially a digital version of you that is interactive. Is that good? Is it bad? What are your rights as the person who's passed away? This is coming by the way, but I think we have to think very carefully about whether this is a good or a bad thing. Yeah, it's already happening in the motion picture industry where an actor, may have passed away and then bring them back in using [OVERLAPPING] in Star Wars. That's exactly right.

Exactly. Great. For special effects, for creativity, for speech, parody of our elected officials and for advocacy campaigns, let's go back to those risks though, because those are really important to focus on. We've enumerated a few. Let me go through them again and we'll add a few more. The non-consensual sexual imagery is a real problem, primarily for women and we need to figure out how to tackle this problem. Two, fraud.

We have already started to see deepfakes being used to commit small and large-scale fraud. There have been very high-profile cases in the UAE and the UK, here in the US, where people have defrauded financial institutions have tens of millions of dollars by impersonating another person's voice. That eventually is going to come down to individuals where we're going to start to see very sophisticated phishing scams. Or it's not going to be an email or a text, it's going to be a phone call and it's going to sound like your loved one or your boss or your friend say, Oh man, I'm in trouble.

Can you wire me some money, can you Venmo me some money? The fraud space is ripe to use deepfakes for every sophisticated phishing style. And horrifying. I want to ask a question on this because maybe a year or two ago I was on the phone with my bank and they said, we're going to take some audio recording of you and then we're going to use your voice to verify it's you. Was that good or bad? Is it going to help mitigate this threat of a deepfake impersonating me? No. Here's why it's a false sense of security because the idea that your face or your voice is your fingerprint isn't true anymore. Here's a really good example, here you are making recordings of your voice on the show and the next show and the next show, people are going to be able to stream that and clone your voice and call your bank with your voice.

Your voice is no longer your fingerprint. Good luck with that. [LAUGHTER] Great. I have to keep tabs on my account. One more now I'm really scared.

Let's see, non-consensual sexual imagery fraud. We absolutely are starting to see deepfakes being used in disinformation campaign. It's taken a little bit of time but it's already started where people are creating what looks to be like newscasters making official pronouncements.

We saw one in Venezuela just this week and in Western Africa last week. And we are going to start to see very sophisticated deepfakes being used to spread disinformation, fuel violence and fuel human rights violations. And propaganda. Today in China and a few weeks ago, creating deepfakes of news anchors who looked like they were from Western media outlets Wolf news? [OVERLAPPING] Exactly. It was fantastic. It just bashing Western democracy. That's right. Yes, it's going to be used for propaganda.

That's, I think something we have to be extremely concerned about. Then I want to emphasize again, there's liars dividend because I do think that this may be the larger threat here is that we are all going to grow incredibly skeptical of everything we read, see, and hear, and then we're going to revert back into our little turtle shell and say, well, it's a scary world out there. So I believe what I believe and facts can't come in and penetrate that and that is very worrisome to me.

Yeah, I totally agree with you. In fact, checking the role fact-checkers, the role of our media institutions and providing that sense of understanding what is true and false. Next, I'd like to talk about some concrete strategies, would outline some of those benefits, and discuss the risks. What do you think are some concrete technical or policy strategies that need to be implemented now? Good. First of all,

I think there is no silver bullet here. Do this and we've solved all of our problems. I think we do need a number of different things. Let me start enumerating them. One is, I think that the burden on solving this problem should fall primarily on those who are creating the problem.

Those are the people who are creating generative AI, synthetic media, and carpet bombing the internet with their technologies and the outputs of those technologies. I think the burden should be on them. Here's something that every single generative AI company can do today. They can watermark every single piece of content that their software produces, whether it's an image, an audio, a video, or a piece of text. By watermark, think a piece of currency, a bill.

I know we don't use paper bills anymore, but a currency has watermarks in it that make it difficult, not impossible, to counterfeit. There is a digital equivalent of a watermark where you slightly perturb the content in a way that is robust to an attack, somebody trying to remove it but allows for easy downstream detection. This technology has been used for many years to protect digital assets, copyright infringement and you can bake those watermarks into the synthesis pipeline so that when you create an audio of Ted Cruz, if that manage to go online and go viral, anybody including YouTube, by the way, can simply say that has a watermark, it's a deepfake, we can tag it. You don't have to ban it, but you can at least annotate that. Then if there was an intervention downstream, you can take the integral.

That we're more transparency. I'm going to push back on this a little bit because, I'm on board with you that if the companies that are creating deep fake met and they have the technology to do it and they implement this and end-user. Yeah. It won't be marked. Now what about an entity that is nefarious? Good, excellent. They're creating that.

As usual, you asked the right question. They won't do it? They won't. Then let's also talk about the Californians and even make laws. Good. Let's do that too, because both of us hate that law.

Yes, we do. Let's talk about the bad actors. Here's the thing with bad actors.

I can't stop the bad actors from saying, we don't care about your watermarks. Go to how we're going to do whatever we want. But here's the thing. For them to survive.

They need to be on the internet, so they are going to any Cloud services. Microsoft, Google, Amazon can say, look, if you're not going to comply with these basic standards, you don't get to use our Cloud services. You want your app on the App Store? Sorry, you're not complying by the standard. You want to have a domain name, sorry, you're a bad actor. We can restrict their access to core technologies that would allow them to make their technology accessible by telling a handful of companies, really a handful of companies. Look, these are bad actors doing bad things, phishing scams, malware, spam, we banned those services all the time.

Yeah. I think that's the way you deal with those bad actors as you marginalize their access to the internet where they sure, they'll be able to do this in the basement, but then that's a relatively. Yeah, then maybe they won't be able to get it out to the larger platforms. But I do worry though, that the large platforms might do this. But the real risks are smaller free platforms. Good, okay, now you go upstream, you go to the Cloudflare as the world that I could give you protection from DDoS attacks.

There's always infrastructure. There's always going to be, there's always somebody above you. There's a bigger shark in the pool. For example, if you can't get a domain name or your app into the store. Where are you on the internet? You're gone.

None of this will be perfect. There will always be people who find ways to abuse it. Our job here is not to eliminate the risk, but it's to mitigate the risk. Right now, any knucklehead, I'm not going to include you, can go on doing it, getting an app create a deepfake, and put it online and we need to create some barriers to that simple entry. Yeah.

I just called you a knucklehead. No, that's okay. I appreciate it in some way. But I do have a follow-up question on that and we need to discuss the California you're tied deepfake law.

In the state of California. We did have a lot at sunset and in January that would try to mitigate the spread of a malicious deepfake intended to influence an election. I think it's 90 days before an election or 60 days. Sixty days.

Sixty days, 61 days. You just go to town. Yeah, exactly. Send it out there. Now, in that y actually mandated those who are creating and disseminating these malicious deep fakes to put their identification on them. Obviously, nefarious actor is not going to do that.

By enlarge the law was very ineffective. But I'd like to know more about what do you think can be done through registration. Good. We have an existence proof

for a law that was probably, I don't think they meant to create an ineffective all, but I think they overreacted in the early days and thankfully it's sunset. I don't think it was going to get anywhere. I think that there are laws we can pass on non-consensual sexual imagery.

I think there are reasonable laws that we can say is look, you cannot put a woman's likeness into sexual explicit material without her permission. That's a relatively uncontroversial law. I think that's something that is, in fact, many states in the US, Australia, and other parts of the world have started to ban this content. The federal government is starting to take it up here in the US.

I think that's probably the first piece of legislation that will get real traction. On the missing disinformation front. It gets a lot dicier as you know, because now you start pushing up against First Amendment and freedom of speech.

The things that you and I tend to argue about quite a bit. Here's what I would like to see. I think the first step has to be, I think that this will resonate with you Brandie is transparency.

I think the first thing is look, just tell us what is what, and then downstream, I can deal with the policy and how to intervene. If I have to intervene. I think it's going to be very difficult to write a law that says you cannot create a deepfake that is deceptive.

Because of course we can. I want. The Nicholas Cage and The Sound of Music deep vague, and that clearly is deceptive.

I think we're going to have to tread very lightly here. I don't think anybody has the answer. My answer right now is in the early days of this technology, let's bake in a standard that says you must watermark this technology or sign this technology or trap this technology you, as the creator are responsible. Then downstream we'll start figuring out how to mitigate some of this gray area that is very complex.

Can I add one more meditation? Yes, please. Up until now, we've been talking about the sympathetic side. How do you mitigate harms from synthetic media? But there's another way to think about this problem is how do you authenticate Real Media? There's an effort I'm involved in called the C2 PA, which is the coalition for content provenance and authentication. It's a multi-stakeholder, Linux Foundation, open source effort, Adobe and Microsoft, Sony, Intel, BBC, hundreds of organizations that are building a specification that will allow your device, your camera, or your phone at the point of recording to log the date, time, location. All the pixels that were recorded cryptographically sign all of that into a compact signature and then put that signature onto an immutable ledger if you must have blockchain. Now what that means then is that when that piece of content leaves the device and goes to a social media and shows up on your computer, your computer or you can go back to the ledger and say, is this what I think it is? Was this video actually taken in Ukraine in February of 2023 showing human rights violations? Has anything changed from the point of recording? Then it says, no, this is exactly what was recording.

It is cryptographically signed by the device. You can now say, okay, I know that this was an actual recording from an actual person at a specific date and time and nothing has been modified. Tackling the problem from the real side, I think is also very important, not just from the fake side. Because then we can say, look, we know that it's possible to manipulate lots of things. But if something has been signed by a piece of hardware, at least we know that this is something that is a real.

Now my question for you is, I know that YouTube, when you upload videos, some of your metadata is taken off. Is YouTube currently agreeing to do this to make sure that the videos that we post can be tied back? Yes. First of all, you're absolutely right. When content is uploaded to social media, almost always metadata gets stripped. It doesn't actually get removed, but it gets stripped.

They hold onto the metadata, means it has, it's very rich in data. We do not. This is a bit of a sore point.

Have the YouTubes, the Instagram, the TikToks, the Facebooks of the world, and the Twitters the world agreeing to this. I think there's going to have to be some regulatory pressure to get them to say, we want you and we're not putting value judgments. We're not saying good, bad, favor, don't favor. We're simply saying respect the C2 PA signature. If you must strip out lots of metadata you don't want, but leave that one little piece of metadata in there that will allow downstream identification.

I think we'll eventually get these companies to come on board. Because the one thing you can say is that most people agree that social media and the Internet is a bit of a mess right now. I think we are growing weary and tired of the tech companies saying everything's fine, everything's fine, everything's fine, and profiting quietly from that. I do think that they are going to come on board, but they are not on board right now. Yeah, I do think that they're feeling increased pressure from congress and from state legislatures that they might actually get on board to implement these things voluntarily. Hopefully, that will put more pressure on them to do so.

I agree. By the way, I think there's global pressure to, as you know, there's pressure coming from the EU, from the UK, from Australia, from all over the world. I think the game is up. The last 20 years you had some fun, but it's a mess and we need to start raining in some of these problems. Thank you so much. Professor Honni Furry

thank you for joining me today. Deepfakes are only going to get better while they may be used as a new creative outlet. Setting up appropriate guardrails now, like requiring those digital watermarks will better ensure society benefits from its use. TecHype was brought to you by the Citrus Policy Lab and the Goldman School of Public Policy at UC Berkeley. Want to better differentiate fact from fiction about other emerging technologies? Check out our other tech-type episodes at TecHype.org.

2023-09-07

Show video