Over the past decade, computer scientists have made generational breakthroughs in machine learning and machine perception. This has enabled the development of technologies previously beyond the wildest dreams of consumers and engineers alike. It has, however, come at a cost. Just as the rise of big data brought with it a serious encroachment on privacy, the rise of machine learning and neural networks brings with it a cluster of major risks.
One of the most serious is deepfakes.
What are deepfakes? Put in the simplest terms possible, they are forged videos whose forgery is basically undetectable even to trained eyes. The potential threats arising from deepfakes are manifold, especially in a world where the pace of media consumption is dizzying and faith in expertise has been seriously eroded.
To get a clearer sense of this threat, we spoke to UC Berkeley’s Hany Farid, a computer scientist considered by many to be the father of digital forensics.
Farid outlined the problems as follows: “Everybody is reasonably aware that you can manipulate images and video and audio. We've been wrestling with those issues for many, many years. Historically the way you would do that in the digital age is to have a talented graphic designer go into Photoshop and combine two people together or remove something from an image. Or think of Forrest Gump, where Gump is meeting President Kennedy. It was a very tedious, manual, labor-intensive process. What deepfakes have done is to use AI-powered technology to create the fake content for you. For the most part, that eliminates many of the time and skill barriers to creating compelling fakes. That, in many ways, is where the real threat is. The threat is not necessarily that we can create fake videos and fake images and fake audio. The new threat is that we have democratized access to very powerful technology that allows the average person with a little bit of technical skill to create what used to require, for example, a Hollywood studio.”
Anonymous internet culture can generate enormous malice, and Farid shared some sobering thoughts about the potential dangers there. “We’ve now opened that gate to who can create a video of a President saying anything or a candidate saying anything. Obviously on the political side you can see how this can really wreak havoc on democratic elections. Or imagine somebody releasing a video purportedly of a private meeting of Jeff Bezos saying, ‘Amazon's profits are down 20 percent.’ Stock market response is continuous, and you're off to the races.”
So how did we get to this point? Where do deepfakes come from? “The core technology driving them,” said Farid, “is data-driven machine learning technologies called deep neural networks. The big innovation is two-fold, maybe three-fold. We have a lot more data today than we did five and 10 years ago, so these neural networks can learn really sophisticated representations. Then there is the innovation of deep learning: the neural networks have a much, much deeper architecture, allowing them to learn more sophisticated patterns. In addition to the data, the architectures, and the algorithms, there is phenomenal computing power (in the form of graphical processing units) that is driving the ability to do these very, very difficult computations very, very quickly. A lot of this is coming from the academy. Some of it is coming from industry. Google has made their Tensor Flow deep neural network available. There are now softwares that you can download from GitHub with tutorials on how to create deepfakes.”
Despite the phenomenal complexity of the underlying mathematics and engineering, the tech itself keeps getting more and more user-friendly for non-experts. “It's relatively easy to do,” Farid said. “You need a little bit of skill. You don't need to be a hardcore programmer, but you need a little bit of time and dedication and desire to do this. It's largely being automated right now: you feed it the images of the person you want to splice into the video, you feed it the carrier video, tweak some parameters, and it’s off and running.”
Telling the products of this tech from the real thing can be difficult to impossible. As Farid put it, “there's two mistakes that you can make. You can classify a real image as a deepfake and you can classify a deepfake as real content. Obviously there's a trade-off between those two things. If I say everything is a deepfake, then I will have 100 percent accuracy for detecting deepfakes but my signal detection is pretty bad: I'm saying everything is fake. The tricky business with having the average person look at video and try to assess whether it's real or not is in many cases real video just looks weird. When you start analyzing it for traces of manipulation, you will often mistake completely natural and expected artifacts in video that typically arise from compression for artifacts of a deepfake. I think what I'm more worried about is not where we are today but where we are going. I think the trend is that the average person will not be able to distinguish. That's the trend that we're seeing.”
The first mistake is bad enough. Farid points out that it might be used to trigger major instability. “One of the things that we are particularly concerned about here in my lab,” he told us, “is how this technology would be weaponized in the realm of geopolitical landscape. Is somebody going to create a video of President Trump saying, ‘I've launched nuclear weapons against North Korea’? Is somebody going to create a video of Senator Warren saying something inappropriate and try to derail her candidacy?”
But in his view the second mistake — classifying real content as fake — might represent the bigger threat. If enough deepfakes enter the media ecosystem, consumers might well start believing that all video is fake. This would upend video’s supremacy as an arbiter of truth in our society, and that carries some worrying implications with it. Farid cited the presidential campaign of Donald Trump as a way of thinking about this danger. “Two and a half years ago the Access Hollywood audio recording came out of President Trump saying what he does to women. At the time, he and the campaign apologized. They came up with an explanation as to why this wasn't as bad as it sounded and they apologized. Fast forward to today. If that audio recording had come out today, does anybody think the campaign wouldn't have said it was fake? Not only would they have said that, they would have had plausible deniability. So what happens when we live in a landscape where we know that fake content can be created compellingly and we have riding on top of that a fairly polarized society? We have people consuming way too much news on social media, which is an echo chamber. It's going to be very hard to convince people of anything that they see or hear online.”