Shot on iPhone: How Apple Can Address Deepfakes and Other Media Manipulation

By now, you have most likely heard of deepfakes and how “AI could send us back 100 years when it comes to how we consume news” (MIT Technology Review) or “we’ll shortly live in a world where our eyes routinely deceive us … we’re not so far from the collapse of reality” (The Atlantic).

You may have seen this video of an Obama deepfake created by Jordan Peele:

Or this one of Bill Hader morphing into Tom Cruise and Seth Rogen (if not, I highly recommend it):

Deepfakes have been causing quite the controversy. Responses to them have ranged from Congress proposing the Malicious Deep Fake Prohibition Act and the DEEPFAKES Accountability Act, Facebook banning deepfakes, and Twitter creating a “Manipulated Media” label. Facebook recently launched a deepfake detection challenge in which the winning algorithm could only detect deepfakes with an average accuracy of 65.18% (not super reassuring).

While I agree that the propagation of deepfakes has concerning implications, the public and private response to deepfakes is ignoring two critical points:

1) Deep fakes aren’t the only game in town

Media manipulation to deceive or discredit has been around as long as there has been media. During the 2004 election, a forged image was released showing John Kerry speaking with Jane Fonda at an anti-Vietnam War protest in an effort to discredit him — it was even run in The New York Times. 

During the Rodney King trials in 1991, the video evidence of King being beaten by four police officers was purposely slowed down before being shown to the jury so that King’s involuntary physical movements appeared as if he was trying to get up. The jurors who delivered a “not guilty” verdict were quoted saying the slowed down video evidence “made all the difference” (LA Times).

Even recently, two of the most discussed manipulated videos were not deepfakes, but “cheapfakes” — videos that are slowed down or selectively edited using traditional video editing techniques:

1. House Speaker Nancy Pelosi appearing to slur her words — widely shared across Facebook and retweeted by Trump.
2. CNN Reporter Jim Acosta appearing to strike a White House intern while reaching for the mic — tweeted by White House Press Secretary Sarah Sanders

Because those two videos were not actual deepfakes, they would not be detected by deepfake algorithms or covered under Facebook and Twitter’s content policies.

2) The true danger of deepfakes is the doubt they cast on legitimate media

“It’s not just that you might make people believe that something that’s fake is real, but that you might make them believe that something that’s real is fake.” 

— Lillian Edwards Professor of Law, Innovation, and Society at Newcastle University.

While it is possible to prove that a video is fake, it is much more difficult to conclusively prove that a video is real. This uncertainty caused by deepfakes has already destabilized national politics and led to a failed military coup in the African country of Gabon.

Deepfake doubt is not only a weapon against those in power. It can be effectively wielded by those in power to discredit their opposition. According to Sam Gregory, Program Director at Witness, a nonprofit that helps people document human rights abuses, activists and citizens in Brazil worry that video evidence of an officer killing a civilian will be dismissed as a deepfake and will no longer be sufficient grounds for an investigation (MIT Technology Review).

While it is possible to prove that a video is fake, it is much more difficult to conclusively prove that a video is real.

What can be done?

Detecting or banning deepfakes is not enough. Cheapfakes or other traditionally edited media can avoid detection and cause just as much harm. Inability to verify authenticity of media can be used to fuel or suppress political dissent.

We cannot rely on media platforms to solve this problem for us:

1. They can’t — again, the winning deepfake detection algorithm only works 62% of the time
2. They don’t want to — edited media and the resulting buzz drive traffic to Facebook and Twitter
3. They shouldn’t — relying solely on social media platforms to verify the veracity of media will only further power their control over the media we consume

If we cannot rely on detecting deepfakes, we need a way to verify media at the point of capture, prevent it from being edited, and maintain that verification even after it has been shared. 

This is where Apple comes in.

Shot on iPhone

The iPhone camera has long been a major selling point for Apple. This campaign, and others like it, highlight what the iPhone camera stands for: quality. Now Apple has the opportunity for the iPhone camera to stand for something new: truth.

Now Apple has the opportunity for the iPhone camera to stand for something new: truth.

There are currently 900M active iPhones in use, around 1 iPhone for every 8 people in the world. Photos and videos taken on an iPhone are automatically sent to iCloud and are encrypted both during transit (going from your phone to Apple’s servers) and at rest (being stored by Apple). iPhone users are able to create shared albums to give other iPhone users access to their photos stored in iCloud.

With this system already in place, my question is: how difficult would it be for Apple to verify that a photo or video was shot on an iPhone, encrypted, and sent to iCloud without being edited in any way? Additionally, how difficult would it be for an iPhone user to then be able to share that media with other Apple users while maintaining the encryption/authentication?

How difficult would it be for Apple to verify that a photo or video was shot on an iPhone, encrypted, and sent to iCloud without being edited in any way?

In full transparency, I am not privy to the specific details of how iCloud uploads work, so I can’t give a definitive answer. That being said, I do have experience building apps featuring media capture and upload for two different companies (elovee, my current company, and BigSpring, a past client), so I know enough to make an educated guess. I also have some smart and generous software engineer friends that I bugged for answers. Our professional opinion: not that difficult.

The mechanisms are already in place to encrypt media at the point-of-capture, automatically transmit the encrypted media to iCloud, and share that media with others while maintaining the at-rest encryption. Apple already offers end-to-end encryption for some iCloud date (iMessage, health data, etc). If they were to extend E2E encryption to photos/videos, then even Apple would not be able to edit them.

Again, this an educated guess. (If any current or former Apple engineers are reading this and want to tell me how wrong I am, please email me at [email protected]. I’m dying to know).

Apple Verified

Once Apple has created the foundation to verify captured media and distribute it while maintaining that verification, there are many fun ways they can capitalize on it.

Likely:

1. Only allow “Apple Verified” media to be shared between iPhone/iPad/Mac users via iMessage, Airdrop, or iCloud
2. Create a “TrustKit” framework that allows developers to incorporate “Apple Verified” media into their iPhone applications
3. Promote Apple News+ as the most trusted source for “Apple Verified” news

Less Likely:

1. Create a sandboxed photo/video editing tool (Mac only) that allows limited adjustments to media while maintaining verification
2. Create an iPhone Pro for journalists/etc who need a camera that can capture high quality “Apple Verified” media

Why would we trust Apple?

Now I know what you’re thinking: I just said we can’t trust Facebook/Twitter to address manipulated media and then immediately afterwards said we should trust Apple. I know how this looks, trust me. 

But this isn’t because I own all Apple products (I do), have read the Steve Jobs biography multiple times (I have), or think Tim Cook is more trustworthy than Zuckerberg (I mean, come on). The reason I trust Apple to do this more than any other tech company or even the government (especially the government) is because doing so aligns with their motivations.

The reason I trust Apple to do this more than any other tech company or even the government (especially the government) is because doing so aligns with their motivations.

I have spent my career focused on using technology to improve lives, but I am actually a very pessimistic person when it comes to companies or people doing the right thing (including me). I believe you can’t rely on goodwill or companies/people doing the right thing just because it’s the right thing to do. 

To drive sustainable change, you need to understand their motivations and either create new incentives or align with existing incentives to drive the desired positive behavior. In this specific case, Apple’s incentives to do the right thing align with their business strategy.

Apple’s Business Strategy

Apple makes money by selling us beautiful hunks of metal and glass and then charging a fee for the money we spend to have different sets of 1s and 0s light up pixels on the screen. This is the main difference between Apple and Google/Facebook. The latter relies on accumulating as much data and eyeballs as possible so they can use that data to more efficiently sell stuff to those eyeballs. 

“We at Apple believe that privacy is a fundamental human right” 

— Tim Cook

Apple has publicly supported data privacy and protection for years (2013; 2015), but as Ben Thompson has repeatedly pointed out on his blog Stratechery (2013; 2015) this has mainly been a Strategy Credit — “an uncomplicated decision that makes a company look good relative to other companies who face much more significant trade-offs”.

Standing up for data privacy makes Apple look good compared to Google, and so Apple has gone all in, even going as far as refusing the FBI’s requests to build backdoors into iPhones.

And to their credit, their actions match their words. Let’s do a quick comparison:

Sources: Apple health data, Apple Wi-Fi, Apple Cards, Apple security video, Google health data, Google Wi-Fi, Google-Mastercard, Ring employee access, Ring law enforcement

Bringing it all together

Again, it is much easier for Apple to make these decisions because their business model is based on selling hardware and apps vs selling advertisements. Apple is using this difference as a competitive advantage to earn consumer trust and position themselves as the privacy provider.

At its core, Apple’s privacy strategy is about trust.

• “Trust us with your contacts.”
• “Trust us with your messages.”
• “Trust us with your photos/videos”

And that trust already partially extends into verification.

• “Trust us that the person on the other line is who you think it is.”
• “Trust us that your friend actually sent you that text.”

Apple is uniquely positioned to double down on that trust and position itself as as the source for trusted media. We already trust Apple enough to give all of our personal data, why not also trust them to verify the authenticity of the media we consume?

Conclusion

Before I wrap up, I want to caveat everything above by stating that this isn’t the be-all, end-all solution. There are still things Apple can’t solve, such as creating fake media using lookalikes, trimming videos to remove necessary context, sharing real media under false pretenses, or the emotional trauma of having deepfake porn (SFW) made using your face.

Media manipulation is a systemic issue that requires a systems solution. We still need to pressure social media platforms to prevent the spread of misinformation and we still need to educate people to think critically and not blindly believe everything they are told. 

“Apple Verified” won’t solve everything, and could cause even bigger problems in the future that I haven’t considered (tell me all about it in the comments), but it is a fairly easy, tangible step in what I hope is the right direction and at the very least can help people record and verify oppression by those in power.