Pages

22 October 2018

How Realistic Fake Video Threatens Democracies

BY ROBERT CHESNEY, DANIELLE K. CITRON

Disinformation and distrust online are set to take a turn for the worse. Rapid advances in deep-learning algorithms to synthesize video and audio content have made possible the production of “deep fakes”—highly realistic and difficult-to-detect depictions of real people doing or saying things they never said or did. As this technology spreads, the ability to produce bogus yet credible video and audio content will come within the reach of an ever-larger array of governments, nonstate actors, and individuals. As a result, the ability to advance lies using hyperrealistic, fake evidence is poised for a great leap forward. The array of potential harms that deep fakes could entail is stunning. A well-timed and thoughtfully scripted deep fake or series of deep fakes could tip an election, spark violence in a city primed for civil unrest, bolster insurgent narratives about an enemy’s supposed atrocities, or exacerbate political divisions in a society. The opportunities for the sabotage of rivals are legion—for example, sinking a trade deal by slipping to a foreign leader a deep fake purporting to reveal the insulting true beliefs or intentions of U.S. officials.


The prospect of a comprehensive technical solution is limited for the time being, as are the options for legal or regulatory responses to deep fakes. A combination of technical, legislative, and personal solutions could help stem the problem.

Background: What Makes Deep Fakes Different?

The creation of false video and audio content is not new. Those with resources—like Hollywood studios or government entities—have long been able to make reasonably convincing fakes. The “appearance” of 1970s-vintage Peter Cushing and Carrie Fisher in Rogue One: A Star Wars Story is a recent example.

The looming era of deep fakes will be different, however, because the capacity to create hyperrealistic, difficult-to-debunk fake video and audio content will spread far and wide. Advances in machine learning are driving this change. Most notably, academic researchers have developed “generative adversarial networks” (GANs) that pit algorithms against one another to create synthetic data (i.e., the fake) that is nearly identical to its training data (i.e., real audio or video). Similar work is likely taking place in various classified settings, but the technology is developing at least partially in full public view with the involvement of commercial providers. Some degree of credible fakery is already within the reach of leading intelligence agencies, but in the coming age of deep fakes, anyone will be able to play the game at a dangerously high level. In such an environment, it would take little sophistication and resources to produce havoc. Not long from now, robust tools of this kind and for-hire services to implement them will be cheaply available to anyone.

The information-sharing environment is well suited to the spread of falsehoods. In the United States and many other countries, society already grapples with surging misinformation resulting from the declining influence of quality-controlled mass media and the growing significance of social media as a comparatively unfiltered, many-to-many news source. (As of August 2017, two-thirds of Americans reported to Pew that they get their news at least in part from social media.) This is fertile ground for circulating deep fake content. Indeed, the more salacious, the better.

Foreign Policy Implications

The arrival of deep fakes has frightening implications for foreign affairs and national security. They could be potent instruments of covert action campaigns and other forms of disinformation used in international relations and military operations, with potential for serious damage. The information operation against Qatar in 2017, which attributed pro-Iranian views to Qatar’s emir, illustrates how significant fraudulent content can be even without credible audio and video.

For example, a credible deep fake audio file could emerge purporting to be a recording of President Donald J. Trump speaking privately with Russian President Vladimir Putin during their last meeting in Helsinki, with Trump promising Putin that the United States would not defend certain North Atlantic Treaty Organization (NATO) allies in the event of Russian subversion. Other examples could include deep fake videos depicting an Israeli soldier committing an atrocity against a Palestinian child, a European Commission official offering to end agricultural subsidies on the eve of an important trade negotiation, or a Rohingya leader advocating violence against security forces in Myanmar.

Democracy could suffer as well. The circulation of a plausible video clip depicting a candidate uttering despicable things twenty-four hours before an election could control the outcome. Short of that, deep fakes would allow for more effective disinformation operations similar to Russia’s efforts against the U.S. presidential election in 2016. As the technology diffuses, a widening circle of nonstate actors and individuals would be able to cause similar problems.

The Challenge of Limiting the Harms

There is no silver-bullet solution to this problem, and certainly no option of rolling back the technological progress that makes deep fakes possible. Worse, some of the most plausible responses carry significant costs of their own.

Ideally, this technology-driven problem could be addressed adequately through technological solutions. But though strong detection algorithms are emerging (including GAN-based methods), they are lagging behind the innovation found in the creation of deep fakes. Even if an effective detection method emerges, it will struggle to have broad impact unless the major content distribution platforms, including traditional and social media, adopt it as a screening or filtering mechanism. The same is true for potential solutions involving digital provenance: video or audio content can be watermarked at its creation, producing immutable metadata that marks location, time, and place and attests that the material was not tampered with. To have a broad effect, digital provenance solutions would need to be built into all the devices people use to create content, and traditional and social media would need to incorporate those solutions into their screening and filtering systems. However, there is little reason to expect convergence on a common standard for digital provenance, let alone to expect that such technology would be adopted in those ways.

Another option would be for Congress to intervene with regulatory legislation compelling the use of such technology, but that approach would entail a degree of market intervention unlike anything seen previously with respect to these platforms and devices. This option would also run the risk of stifling innovation due to the need to pick winners even while technologies and standards continue to evolve.

Legal and regulatory frameworks could play a role in mitigating the problem, but as with most technology-based solutions they will struggle to have broad effect, especially in the case of international relations. Existing laws already address some of the most malicious fakes; a number of criminal and tort statutes forbid the intentional distribution of false, harmful information. But these laws have limited reach. It is often challenging or impossible to identify the creator of a harmful deep fake, and they could be located outside the United States. Foreign actors creating deep fakes can be named and shamed, but the ongoing fallout from Russian election interference in 2016 illustrates the limits of that approach.

Another possibility is to pressure traditional and social media platforms to do more to identify and suppress deep fakes, a familiar proposition in today’s ongoing debate about disinformation and social media. Companies like Facebook are in a bottleneck position well-suited for preventing the broad distribution of harmful content. Facebook, and some other platforms, have responded to recent congressional pressure by showing serious interest in improving the quality of their filtering systems. Still, past performance suggests the need for a dose of skepticism in relation to such efforts.

Social media platforms have long been insulated from liability for distributing harmful content. Section 230 of the Communications Decency Act of 1996 broadly immunizes online service providers in relation to harms caused by user-generated content, with only a few exceptions. Congress could give platforms stronger incentives to self-police by limiting that immunity. It could, for example, make Section 230 immunity contingent on whether a company has made reasonable efforts to identify and remove falsified, harmful content either at the upload stage or upon receiving notification about it after it is posted. However, such a legislative effort would certainly be met with stiff resistance from companies, as well as those who question whether such screening can be performed without an imposition of political or ideological bias.

Deep fakes do not always require a mass audience to achieve a harmful effect. From a national security and international relations perspective, the most harmful deep fakes might not flow through social media channels. Instead, they could be delivered to target audiences as part of a strategy of reputational sabotage. This approach will be particularly appealing for foreign intelligence services hoping to influence decision-making by people without access to cutting-edge detection technology.

Recommendations

The challenges of mitigating the threat of deep fakes are real, but that does not mean the situation is hopeless.

Enhancing current efforts by the National Science Foundation, Defense Advanced Research Projects Agency (DARPA), and Intelligence Advanced Research Projects Agency (IARPA) could spur breakthroughs that lead to scalable and robust detection capacities and digital provenance solutions. In the meantime, the current wave of interest in improving the extent to which social media companies seek to prevent or remove fraudulent content has pushed companies to take advantage of available detection technologies—flagging suspect content for further scrutiny, providing clear warnings to users, removing known deep fakes, and sharing such content in an effort to help prevent it from being reposted elsewhere (following a model used to limit the spread of child pornography). While by no means a complete solution, all of this would be a useful step forward.

The United States should also improve its efforts to combat hostile information operations that target U.S. democracy and social cohesion, whether they feature deep fakes or not. One of the most potent tools available to the U.S. government is its ability to issue targeted economic sanctions. This capacity has been used to a limited extent in response to Russian election interference in 2016. The executive branch needs to make clear that it can and will take similar measures anytime a foreign power attempts to distort U.S. electoral processes, and that the reaction will be especially robust if the interference involves fraudulent materials along the lines of a deep fake. If the provocation is sufficiently serious, the U.S. government could use cyber means to disrupt a hostile foreign information operation of this kind. In addition to traditional covert action, a series of provisions in the newly enacted John S. McCain National Defense Authorization Act clarifies that U.S. Cyber Command has the authority to use offensive cyber operations in response to such scenarios.

For some organizations and individuals, the best defense against deep fakes would be to establish highly credible alibis regarding where they have been and what they have been doing or saying. In practical terms, politicians and others with reputations to protect could have an increased interest in life-logging services. Such services would help insulate individuals and organizations from sabotage by ensuring they can prove where they were and what they were saying or doing at any given time. Service providers could sell life-logging equipment (such as tiny cameras) and authenticated storage services, similar to body cameras for police officers, and integrate these services with the screening mechanisms employed by major social media platforms, enabling rapid alibi-checking. However, this would increase the amount of surveillance in society and further erode notions of privacy—forcing some to choose whether their reputation and security is worth the price of privacy.

Finally, there is the simple option of spreading public awareness of the idea of deep fakes and encouraging skepticism of video and audio “evidence.” Yet this approach entails its own risk—the more people doubt their eyes and ears when faced with apparent evidence, the easier it becomes for liars to dispute legitimate proof of their misdeeds, a phenomenon known as the liar’s dividend. Those who hope to avoid accountability for legitimate video and audio evidence can exploit that skepticism. The cry of “fake news” will become the shout of “deep-fake news.” Problems such as declining receptivity to the idea of objective truth—or truth decay—and a growing tendency toward rejecting unwelcome evidence already exist, and a campaign to raise awareness about the danger of deep fakes would only pour fuel on that fire. Notwithstanding these challenges, the public should be made aware that deep fakes exist.

Deep fakes are a profoundly serious problem for democratic governments and the world order. The United States should begin taking steps, starting with raising awareness of the problem in technical, governmental, and public circles so that policymakers, the tech industry, academics, and individuals become aware of the destruction, manipulation, and exploitation that deep fake creators could inflict.

No comments:

Post a Comment