Not remotely true. We can test the self-consistency of Bob’s statements. We can check them against the evidence. We can examine whether Bob’s voice, body language, etc. is that of a liar. And so on. We have numerous tools at our disposal, as one might expect given that humans are social animals and have had to develop social countermeasures.
In other words, we need to develop countermeasures for deepfakes because they represent a real threat to consensus truth.
Flat disagree. The difference is that AI is cheap and easy. Convincingly faking video manually is difficult and expensive. Movies cost hundreds of millions of dollars and often fail at their fakery.
Deepfakes, etc. are not there yet, and it’s possible they never will be. But their rate of advancement is so high that it is a very real risk.
Perhaps the better analogy is something like homebrew biological weapons. Part of why nukes were not quite the risk they could have been is because they required nation-states to develop. So, like faking video, it’s difficult to pull off unless you have lots of money at your disposal (which then invites question of how you could pull off the fakery without anyone noticing).
But deepfakes can be done from the convenience of your own home, and will get better year by year. Therefore we should be taking steps now to develop countermeasures and perhaps avoid distributing these weapons to everyone (or at least put it off as long as possible).
The xkcd argument is much like those people that said we were stupid to get all excited about the ozone hole, because it’s not that big a deal these days. It’s not a problem because we did something about it. You can’t conclude from that that it was never a problem.
Will deepfakes and AI eradicate online truth? They will if we do nothing about them. If we take them seriously, we have a chance. Though perhaps only a small chance, since social media (in its very simplest forms) has already done incredible, probably irreversible damage to consensus truth.
I’ll just put it this way: sure, lying has been around forever, and other technologies have been compromised. But that doesn’t mean having yet another technology no longer be as effective as it used to be is not a problem.
Even the change of everyone having photo editing changed things for photographs. Now people are more skeptical of photographs. We learned better skills for spotting fakes, and even invented new tools for doing so. That’s why things haven’t run amok.
The same will be true of deepfakes, and that’s why we need to do it. Not just be blase and assume it’ll all be fine. Sure, the apocalyptic responses are likely wrong, but only because we’ll get better at telling the difference.
I agree with @Dr.Strangelove that it’s an arms race, and that we can’t afford to sit idly by. Where I disagree is only in trying to prevent people from having access to the technology: that ship has sailed. And having access means we can get better at detecting it.
We don’t in fact need to regress as far as @Chronos indicates, back to before we had these technologies at all. There’s no reason to go back to the far less accurate methods of trying to determine in someone is a liar by eye witness accounts and poking holes in their lies. We can do better.
What I’d like to see are cameras with encrypted keys that can sign the data files and prove that it came from that particular camera–along with time stamps and GPS location to make it harder to fake it by, say, filming a screen* It’s not perfect, but it could go a long way in establishing something is real.
*Though this would also be difficult due to screen resolutions being so much lower than camera resolutions, and the use of depth sensors. Probably the bigger fear would be injecting a feed directly into the camera. Still, not something most could do.
I don’t disagree that the eventual release of the technologies is inevitable (and in progress). But slowing down the rate of release is, I think, beneficial. It’s basically the way things are done already: the most sophisticated media generators (GPT-3, DALL-E 2, etc.) are still in private beta, with only stripped-down versions being public. Furthermore, at least for the moment, the training aspect of these is limited to nation-states or megacorps. The inference part is cheap enough to do at home, but not the training. That will continue to be true for a little while, at least.
The same basic approach is taken toward security. When a researcher finds an exploit, they typically give a deadline to the responsible party before releasing the exploit to the public. That at least gives the party time to fix the bug.
Agreed; I’ve thought for a while that this would be useful. One possible implementation would be to sign the image with a private key unknown to anyone just as the data comes off the sensor. This is possible now with image sensors that are stacked right on top of the processing electronics. It doesn’t help if the image later goes through some processing, but at least confirms that a given photo was taken by a given camera.
GPS is too easy to fake, I think. But I wonder if one could play tricks with the light spectrum to prevent the possibility of filming a screen. If the sensor could take a full spectrograph, it becomes trivial to distinguish a screen from a sunlit scene. That would be overkill, but perhaps one could achieve a similar effect if some subset of pixels had notch filters in part of the spectrum, allowing one to at least partially derive the full light spectrum.
I didn’t say it wasn’t as big a step as fake video. I said it wasn’t as big a step as video. As in, real video. The absolute worst case scenario that could conceivably come out of deepfake video would be that everyone always completely ignores videos as evidence for anything. In that case, the lying arms race is reset to the same place it was before video was invented. And I don’t think that that’s very likely, because there will still be at least some cases where at least some weight can be put on a video.
When video was invented, the honesty side of the arms race made a huge step forward. Now, with deepfakes, that huge step is being diminished. But it’s not being erased entirely.
Which is very much arguing that the bottleneck for fake stuff is technical.
If we extended the x-axis and added the line “% of US population with access to user-friendly deepfake technology” how settled will the existence of bigfoot, flying saucers etc. be then?
You left off an option: What if we don’t know Bob at all? Here is someone saying “Jim robbed the convenience store, and here’s the video to prove it!” We don’t have any reason to necessarily believe Bob, but we certainly don’t have reason not to believe him, and we have a video that seems to show Jim robbing the store. I can’t tell if that video is faked; I have no way of knowing (or forcing an investigation into) if Bob bought deepfake technology. I’m going to be pretty sure that Jim is an armed robber. I can’t arrest Jim, but I’m not going to go to his business / vote for him / have anything to do with him in the future. Welcome to Qanon.
Aside from everything else, that’s a pretty big loss, is it not? Video evidence is a significant boon to civilization. And deepfakes aren’t limited to video; they apply to still images and text as well.
Going back to relying on human memory would be terrible. Especially since, being in an era where concrete evidence is possible, we now have a much better idea of how bad human memory actually is. The fallibility of our memories has caused an immense amount of human suffering.
Yes. But like I said, I don’t think that the worst case is a very realistic one. Because some folks, we do trust to not (deliberately) lie, and because we can use technology to make deepfaking harder.
For instance: The maker of a surveillance camera gives each device a unique private-public key pair. Every minute, the camera takes a hash of the preceding minute of the video stream, appends a timestamp, and encrypts the hash-plus-timestamp using its private key, and saves that in the file. If the camera is connected to the Internet, it can further upload that to the camera-maker’s server, and can include a downloaded token from the server in the hash-plus-timestamp.
Now, this still isn’t perfect. I can think of ways to defeat it. But it’s going to be very difficult to defeat, probably requiring advance planning and access to the internals of the camera. Put in two such cameras that can see each other, and it gets much harder yet, because whichever one you tamper with first, the other one will see the tampering.
You’ve proposed a technical solution to preserving the utility of video, but the premise of the comic is that the bottleneck to fakery isn’t technical.
I agree that there are probably some technical means of avoiding the worst-case scenarios for deepfakes, but that’s not automatic. We have to work on them.
I went into more detail on the technical solution, because it needed more explanation. I also proposed a non-technical solution: To decide whether you trust the honesty of the person presenting the video. Like we’ve done since the dawn of time.
It would only help so much. Solar panels have a different infrared profile under load vs. not. If a secured, solar-powered computer was compromised but otherwise air-gapped, it could still transmit information very slowly by modulating its power usage.
Nikolai Tesla had ideas about all power being transmitted over-the-air and as practical as that may have been, Westinghouse & Edison ended it.
I’m just not figuring how - if I had a solar array in my yard and it was storing that in a battery - and using something along the lines of Near Field induction and capacitive coupling to my UPS - how this would not be the same as air-gapped?
It is an air gap, but that’s a context where an air gap isn’t at all useful.
And Tesla’s ideas of wireless power transmission were completely, utterly impractical. Yes, he was very smart and instrumental in developing a lot of electrical technology, but he was also insane. It’s important not to forget that part.
And then there’s “We want to draw conclusions about this variable, which is easy to study, but it’s not giving us the conclusions we want, so we’re studying this proxy variable instead”.