Defeating Deep Fakes

Deep Fakes will get us in Deep Sh!t

If you are not worried about the impact of deep fakes (or deepfakes) on politics, business and human society, then I'd suggest you don't really understand what they are. So, let's start with a definition from Wikipedia:

Deepfakes are synthetic media in which a person in an existing image or video is replaced with someone else's likeness. [They] leverage powerful techniques from machine learning and artificial intelligence to manipulate or generate visual and audio content with a high potential to deceive.

To understand the social and political impact, a good place to start is a recent (May 2020) analysis on the Forbes website by Rob Toews titled "Deepfakes Are Going To Wreak Havoc On Society. We Are Not Prepared". In short:

• Experts predict that deepfakes will be indistinguishable from real images before long.
• Deepfakes have begun to spread to the political sphere, because they will make it "increasingly difficult for the public to distinguish between what is real and what is fake, a situation that political actors will inevitably exploit—with potentially devastating consequences".

The Forbes article also quotes a Jan 2020 report from the The Brookings Institution which identifies some of the political and social dangers from deepfakes as follows: "distorting democratic discourse; manipulating elections; eroding trust in institutions; weakening journalism; exacerbating social divisions; undermining public safety; and inflicting hard-to-repair damage on the reputation of prominent individuals, including elected officials and candidates for office."

The Nov 2019 "Fighting deepfakes when detection fails" article by Alex Engler, also from the Brookings Institute, describes the three effects of deepfakes within politics and the social sphere:

1. Disinformation: People are more likely to have a visceral reaction to disinformation in the form of fake image, audio, and video content, which enables the altered media to spread more quickly than purely textual fake information.
2. Exhaustion of critical thinking: It will take more effort for individuals to ascertain whether information is true, especially when it does not come from trusted actors. Uncertainty around content veracity might also dissuade an individual from sharing accurate content, reducing the distribution of accurate information.
3. The liar’s dividend: The existence of fully synthetic content offers an avenue for actors to deflect accusations of impropriety based on recordings and video, by claiming the source material has been faked.

The end result will be an increase in truth decay, as coined by Jennifer Kavanagh and Michael D. Rich in a RAND Corporation paper from 2018 titled “Truth Decay: A Threat to Policymaking and Democracy”

Things are no better in the world of finance & business. ComputerWeekly reports that 77% of cyber security decision makers "are worried about the potential for deepfake technology to be used fraudulently – with online payments and personal banking services thought to be most at risk – but barely a quarter (28%) have taken any action against them".

Indeed, in March 2019, fraudsters used an audio deepfake to steal €220,000 from the CEO of a U.K.-based energy firm. The thieves used AI to impersonate the voice of the firm's parent company's chief executive, asking the CEO to send the funds to a Hungarian supplier within an hour. While this was the first known cybercrime in which criminals clearly drew on AI, it won't be the last.

Detecting Deepfakes

Currently, there is a lot of work being done by Google, Facebook and others on how to identify and stop deepfakes. Most of these approaches are focussed on training other AI / Machine Learning systems to detect deepfakes, since humans are so easy to fool.

Unfortunately, this approach seems doomed to failure.

Firstly, as noted by Drew Harwell in a June 2019 article in The Washington Post, the capacity to generate deepfakes is proceeding much faster than the ability to detect them.

Worse, the latest development in detecting deepfakes are quickly used to train the models used to create better deepfakes, as pointed out in the Nov 2019 article by the Brookings Institute. So, the various ways to detect deepfakes - like distortion in facial features, inconsistencies across images within a video (especially concerning lighting), incongruities between the speech and mouth movements of the subject, and even learning to note the absence of biometric patterns specific to world leaders - will all fail sooner or later.

For example, the Washington Post article by Harwell tells the story of Siwei Lyu, the director of a computer-vision lab at the State University of New York at Albany, who helped pioneer research in 2019 that found many deepfakes had a telltale clue: a lack of blinking. Unfortunately, two weeks later, "Lyu received an email from a deepfake creator who said they had solved the problem in their latest fakes".

Finally, even if reliable modes of detecting deepfakes exist, they will almost invariable trail behind the generation of new fakes, allowing false representations to dominate the conversation.

I'm Looking at You, Lou

It was Lou Reed who said, or rather sang, in Last Great American Whale:

Don't believe half of what you see and none of what you hear

The first thing we need to do is change this, so that the default position becomes:

Don't believe any of what you see and none of what you hear (on a screen)

Then, once we have the right level of critical thinking and incredulity established - where we assume everything is fake until proven otherwise - we need a way to objectively and absolutely prove that a video or audio file is a genuine record of what happened in reality.

There are numerous suggestions on how to do this, such as reverse video search or blockchain-based verification / authentication system that would fingerprint footage right as it’s captured. As the Washington Post article notes, "this could help make fakes easier to spot, but would require agreement from makers of smartphones, cameras and websites — a far-off proposal that could take years". In addition, while blockchain-based verification can prove that a video hasn't been altered, it doesn't prove that the video was real in the first place. So, while that might be part of the solution, its not enough.

Instead, I want to make a suggestion based on the work of my favourite sci-fi author, Iain M. Banks ...

A lesson from the Culture

Science fiction can not only predict future problems, but it can also give clues on what a solution might look like. In this case, the problem of deepfakes reminded me of a situation in "The Player of Games" a book written in 1988 by the sadly departed, Iain M. Banks.

This book involves characters from the Culture, a utopian, post-scarcity space society of humanoids, aliens, and advanced artificial intelligences (drones and Minds). Early in the novel, the main character, Jernau Gurgeh, took advantage of an offer by a former Special Circumstances (SC) drone named Mawhrin-Skel to get an an unfair advantage over another game player named Olz Hap. The drone then uses this to blackmail Jernau. I've reproduced the relevant section below, with key parts marked in bold:

Mawhrin-Skel floated into his field of view.  'Listen to me, Jernau Gurgeh.'  Some cold drops of rain started to patter into the grass and on to his face.  'Listen to me….  You shall help me. I have our entire conversation, your every word and gesture from this morning, recorded.  If you don't help me, I'll release that recording.  Everyone will know you cheated in the game against Olz Hap.' The machine paused.  'Do you understand, Jernau Gurgeh?  Have I made myself clear?  Do you realise what I am saying?  There is a name - an old name - for what I am doing, in case you haven't already guessed.  It is called blackmail.'

The machine was mad.  Anybody could make up anything they wanted; sound, moving pictures, smell, touch… there were machines that did just that.  You could order them from a store and effectively paint whatever pictures - still or moving - you wanted, and with sufficient time and patience you could make it look as realistic as the real thing, recorded with an ordinary camera.  You could simply make up any film sequence you wanted.

Some people used such machines just for fun or revenge, making up stories where appalling or just funny things happened to their enemies or their friends.  Where nothing could be authenticated, blackmail became both pointless and impossible; in a society like the Culture, where next to nothing was forbidden, and both money and individual power had virtually ceased to exist, it was doubly irrelevant.

The machine really must be mad.  Gurgeh wondered if it intended to kill him.  He turned the idea over in his mind, trying to believe it could happen.

'I know what's going through your mind, Gurgeh,' the drone went on.  'You're thinking that I can't prove it; I could have made it up; nobody will believe me.  Well, wrong. I had a real-time link with a friend of mine; an SC Mind sympathetic to my cause, who's always known I would have made a perfectly good operative and has worked on my appeal.  What passed between us this morning is recorded in perfect detail in a Mind of unimpeachable moral credentials, and at a level of perceived fidelity unapproachable with the sort of facilities generally available.

'What I have on you could not have been falsified, Gurgeh.  If you don't believe me, ask your friend Amalk-ney.  It'll confirm all I say.  It may be stupid, and ignorant too, but it ought to know where to find out the truth.'

So, within the Culture, where anything can be faked, the only way to prove something real is that it has been simultaneously witnessed by one or more entities who are trustworthy.

How can this help solve the problem of deepfakes in our society?

Real Time Validation by Trusted People

Just like in the Culture, the only way to ensure that something is 100% real is for multiple witnesses to simultaneously record the event, from multiple viewpoints. As more and more people record or stream their daily lives - on smart phones, dashboard cams, drones and more - this is not an impossible idea.

These recordings should ideally be encoded using block chain technology to validate the recording and ensure it can't be later changed.

Then using computer vision systems, AI tools can compare videos of the same event - even if they are taken from different angles - and reconstruct the scene with absolute certainty.

None of this is impossible. Indeed, this would use the sort of computer vision technology that the talented ANZ presales team at TIBCO have already started to experiment with. Plus, the TIBCO Labs team have recently released Project Dovetail, which provides a very useful blockchain framework that can be used for digital contracts and more.

Media organisations should do this first, and so establish the "unimpeachable moral credentials" that are so important for society to again agree on objective truth.

Finally, when these sorts of tools are available to anyone - not just reputable media organisations who invest in fact-checking - of then we perhaps we can leave behind the "post-truth" work stop the 'truth decay' that is starting to rot our society.