Finding facts among fakes: how current approaches to detecting deepfakes are flawed
Written by Lauren Chunn, edited by Mark Kiel
Seeing is believing.
At least, it used to be.
Visual information has been the cornerstone of how we discern fact from fiction, especially within our image driven culture. Of course, there are exceptions to this rule. After all, the world is rife with altered images, whether we’re speaking about photoshopped models in advertisements or an animated dragon in the latest blockbuster. However, in most such scenarios we are generally not only capable of spotting what is false, but we expect it.
In contrast, when we see a news clip of a political figure or a YouTube clip of a celebrity, we don’t expect to be faced with the challenge of differentiating the true from the faked. We simply, and perhaps naively, believe that the person we are seeing was in fact in that location and was in fact saying those words. What will happen to our everyday intuitions when seeing is no longer believing? How will we know who and what to trust?
The developing field in AI known as “deepfake” is frighteningly close to fully realizing this scenario. Deepfake videos are created by using a set of photos of a target individual which the AI utilizes to embed their face, complete with near-flawlessly integrated shadows and facial expressions, onto any existing video file. What results is a disturbingly realistic video of a person doing and saying things that they had never done. When these videos are well constructed, it can be nearly impossible to detect the manipulation. In addition, it is only getting easier for amateurs to access and effectively utilize the required technology. When these videos become more frequently produced and distributed, long gone will be the days when seeing was believing.
While a large portion of the current use of this technology revolves around humor or innocent recreations of beloved movies, the potential for malicious application of this technology is staggering. While only in its infancy, it has already been used to create a faked video of Barack Obama (admittedly to bring attention to the technology’s potential) as well as to impose the faces of unsuspecting female celebrities onto pornographic videos. This will not be the last we will see of this technology, and the more we explore the possibilities, the more daunting it becomes.
The three areas where this technology will have the most worrying effects are politics, international security, and criminal justice.
Just recently, a video of Nancy Pelosi surfaced where her speech was purposefully slowed in an effort to make her appear as if she were drunkenly slurring her words. The video was viewed over 2 million times and shared nearly 50,000 times, including by Donald Trump’s personal attorney Rudolph Giuliani. Later, Trump shared via Twitter a similar video of Pelosi that had been edited to emphasize areas in her speech where she paused or slightly stumbled to make her appear as if she were stammering through the entire speech. Neither of these videos made use of deepfake technology, but rather decades old, easily identifiable editing techniques. Nevertheless, these brazen forms of misinformation within the context of the recently devised war against “fake news” (sometimes incredulously referred to as “alternative facts”) are paving the way for true deepfakes to take hold. Logic and reason are already frayed within the political arena; facts are called “fake news” and real fake news is becoming more prevalent and more difficult to discern from fact.
The age of disinformation has already begun, and deepfakes will be its champion.
Altering our perception of political figures or celebrities, however, may be the least of our concerns. After all, videos don’t just serve as evidence for committing some social “wrong”, but also in a legal context. Video of a crime being committed, assuming the perpetrator is visible and easily identifiable, is generally considered incontrovertible evidence in the legal world. The reliability and value of video evidence is comparable to DNA being found at the scene. However, with the advent of deepfake technology, it is entirely plausible that the person in the video, whom we can “clearly” see committing a crime, was not actually there, let alone doing and/or saying those things. The question then emerges — how can we ensure that video evidence is not utilized to frame individuals for crimes they didn’t commit?
The question becomes even more fraught in the context of statements or crimes that require an immediate response. A convincing deepfake portraying a classified conversation between world leaders, especially if any threat to our country’s safety was alluded to or explicitly discussed, would bring turmoil to the world stage. We would be forced to not only answer the question of “is it real” but “can we prove whether or not it’s real quickly enough.” Of course, this is the extreme end of the spectrum on potential scenarios. However, similar scenarios within a domestic context have already arisen.
An example is the recent phenomenon known as “swatting”, where individuals phone in a false tip concerning an urgent and/or violent crime prompting an immediate and forceful response. One such incident has already resulted in an innocent man’s death. With the addition of video “evidence”, harassment tactics such as this will undoubtedly become that much more dangerous.
The concern only becomes more pressing when considered in the context of social media use, where vigilante justice by “social justice warriors” or SJWs is on the rise. Many of us are probably familiar with the incident in 2015 where a video was released of Ariana Grande licking a donut, putting it back, and declaring “I hate America.” Within a matter of hours, Grande was flooded with responses shaming her for her actions, and later apologized. Without entering the debate of whether or not this shaming was justified, we need only imagine — what if she had never done or said those things? Further, what if the matter at hand wasn’t so trivial? With the use of deepfake technology, this almost instantaneous vilification of innocent individuals could become commonplace.
Equally as concerning as these direct consequences of deepfake videos, however, is one indirect consequence: even genuine video evidence can be plausibly denied. When video evidence of any crime or wrongdoing is released, the suspected individual can immediately deflect blame due to the idea that the video was faked. Even without deepfake technology, such tactics have already been utilized. Trump has suggested throughout his presidency that the Access Hollywood tape released during his campaign — which implicated him in sexual harassment at the very least — may have been tampered with, while calling its network NBC “fake news.”
The danger is real and the potential for catastrophe looms. Nevertheless, it remains unclear how best to counter these dangers. DARPA, the U.S. military’s research division, has made the first step in this direction with a $68 million investment on AI technology to spot these deepfakes. Unfortunately, these videos are being generated by another AI and this cat and mouse-style machine-versus-machine challenge universally favors the bad actor. Anyone familiar with the evolution of CAPTCHAs will recognize the problem.
CAPTCHAs began as a simple test to identify somewhat distorted letters. Among the most common now is the simple and maddening task of repeatedly identifying street signs or cars. Despite not being robots, we’ve definitely all experienced the frustration of repeatedly failing these obscure tests. Why though, have they become so difficult? The simple answer is that “robots” have far surpassed us in their ability to solve these tests. Every time we humans solved a CAPTCHA, this success served as a new data point for the counter-CAPTCHA AI to learn from. In response, we would make the CAPTCHAs increasingly more difficult as the AI caught up to us. However, we can only make them so difficult before it’s nearly impossible for humans to solve. Effectively, the AI is always one step behind us, until it’s not.
Once we began to understand this, we were forced to look for new avenues. The solution (at least for now) rested upon a simple observation of human behavior: we are often erratic and highly flawed. When we search the web, we don’t act in entirely predictable ways; we may click around in a seemingly random pattern, move the cursor in slightly different manners, or get distracted. All of these features help distinguish us from bots, which often do behave in predictable ways. Effectively, the question engineers were asking when developing CAPTCHAs had shifted from “what puzzles can only humans solve” to “what makes us human.” Of course, this solution isn’t perfect, as it’s only a matter of time before the bots learn to better mimic the “randomness” of human behavior. However, it is a move in the right direction.
The DARPA team’s approach on the other hand, is only contributing to an existing arms race. Every time the DARPA team’s AI successfully identifies a faked video based upon some telling feature, the original AI that created the video can learn from its mistakes. As long as it can identify the feature or pattern of features that led to the video’s detection and classification as “fake,” it will only become better and better at creating realistic deepfakes.
In fact, deepfakes have become so realistic, so fast as a result of this very same type of arms race. In the AI industry, this technique is known as generative adversarial networks or GANs. Essentially, a “generator” AI produces images, while the “discriminator” AI classifies the images (e.g. as “real” or “fake”), which allows that generator AI to improve upon its earlier mistakes. This loop continues until the discriminator AI can no longer detect any mistakes. Just as we have reached the limits of human ability with CAPTCHAs, there exists a limit to where detection of faked videos is no longer possible.
Ultimately, creators of deepfakes don’t need us to tell them which faked videos are detectable. They are already doing it themselves, and faster.
The AI is always one step behind us, until it’s not.
The solution to quick and accurate recognition of deepfakes is not obvious or easy, and it may take us years before we have a grasp on how best to proceed. However, developing an AI to detect the actions of another AI is surely to result in eventual failure. The creators of these videos are well on their way to reaching the limit of detection. Even before that limit however, any success rate under 100% is enough to induce crippling doubt over any video’s authenticity.
It may be time for us to return to something more concrete. What this will consist of in terms of deepfake videos isn’t yet clear, but considering the potential for abuse of the technology, it is worth aggressively exploring.
When CAPTCHA engineers began to ask “what makes us human” rather than “what puzzles can only humans solve,” a simple observation of human behavior put a much larger gap between us and the machines. At least temporarily.
