Generative AI, Trust and Digital Signatures
Whether we can trust a piece of information like a news article, an image or a video, largely depends on the origin of the information. But in the digital age, tracing the origin of an information is like searching for a needle in a haystack. Generative AI dramatically accelerates the creation of new content. Where previously a skilled artist was needed to produce an image, generative AI models now enable anyone to achieve similar results in seconds. The recently presented model Sora by OpenAI even generates high quality videos, so imagine what AI can generate two more papers down the line!
On the one hand, generative AI can be extremely helpful and accelerates creative processes across all domains. On the other hand, it can be used for evil things: Bots which spread misinformation, deepfakes of influential figures or phishing attacks that exploit video calls with seemingly familiar faces: These scenarios show the importance of mechanisms which ensure that our online interactions are genuine and truthful.
So how can we still trust the content we see online? And how can we trace the origin of an information? In the following sections, we list some of the approaches:
Digital Watermarks
Digital watermarking is a collection of techniques used mostly for images, audio or video. A watermark can be added to an image by inducing certain patterns into the pixels of an image, e.g. by using discrete wavelet transform. These patterns are usually invisible for the human eye, but they can be detected using an algorithm. These watermarks are even robust to some minor alterations of the image, like cropping, scaling and compression. Watermarks mostly serve the purpose of protecting copyrights, since they cannot easily be removed from the content.
There are also watermarking approaches for Large Language Models, but enforcing a certain pattern on a text, where every single token carries information, is much harder than inducing a pattern into pixels of an image where information is much more redundant. Even though research suggests that watermarks on text can remain detectable after a person paraphrased the text, I think watermarks on text will not become as important as they are on images or videos.
Also related to watermarks is the method of introducing tiny but visible errors in the original content. For example, Google Maps shows some non-existing roads to identify copies of their maps.
Digital Signatures
Digital signatures use asymmetric cryptography to allow the creator of any piece of content to sign their work using their unique private key. Then, everyone in the world can confirm the authenticity of this content using the corresponding public key. Altering, adding, or removing only a single bit of the content completely invalidates the digital signature, and the cryptographic methods make it virtually impossible to forge a digital signature without access to the private key. Digital signatures already provide transparency and security in digital communication, for example when we browse a website using the https protocol.
Imagine a world where digital signatures were consistently applied across all media types. If I shared a news article with my friend, they could check that (1) it was indeed me who sent them the article, (2) the article was actually published by the specified news station, and (3) the photo in the news article was really taken by the stated photographer, including verifying the exact date, time, and location of the photograph. In fact, there is the Coalition for Content Provenance and Authenticity (C2PA), an initiative by several tech giants and news stations to create technical standards for using digital signatures to track the source and history of media content.
Unlike watermarks, which integrate into the actual content, digital signatures are separate pieces of information attached to the content. This means that when sharing content, one is not obligated to keep the original digital signature; it can be removed or replaced with a new one without altering the original material. But in a world where every piece of information is signed by its creator, removing signatures automatically makes the content less trustable.
GenAI Detectors
AI models are just algorithms, and the outputs of these algorithms carry certain patterns. For Large Language Models, these patterns can be biases towards certain words, phrases, or sentence structures. For every generative AI model X, it is possible to train another AI model Y on the task of deciding whether a piece of content was produced by X. There already exist numerous tools like GPTZero which can distinguish text generated by ChatGPT, Gemini or other Large Language Models from human-written text with high accuracy. While not foolproof, these detectors can be helpful to obtain a general idea whether the content was generated by AI or not.
Conclusion
Among these measures, I think digital signatures are the most important approach, since they can be universally applied to any piece of content, and they offer cryptographical guarantees. I am excited to see where efforts made by the C2PA will lead us. But of course, the different measures also serve different purposes, so I assume all of the above measures will be important, and none of them can solve the problems regarding trust and security completely.
Finally, besides all the technological methods, critical thinking remains a powerful tool. In a world full of ever-growing information, it is important to educate people to question and check the information they receive, and make them aware of what generative AI models can do.
