Trick or Treat
New AI tools are being invented to thwart deep fakes and other tech treachery
Can the technology used to create deepfakes also be used to prevent them from being made in the first place? Are we moving fast enough to find out?
NEW YORK—Some AI-generated deep fakes are now getting so good, it is becoming much harder to tell what’s real and what is maliciously not.
Many deepfakes, like face-swaps—are still mostly seen as being obvious and downright silly. [A recent exception involved a South Korean woman, who was persuaded to invest 70 million won after being on a deepfake video call with Elon Musk, who told her “I love you.”]
But new kinds of deepfakes—far more sophisticated and also the most difficult to detect—are beginning to flood the web, with the most popular fakery being used to disrupt trust in political campaigns and student safety in public schools.
According to Rebecca Portnoy, chief of data science at Thorn, a nonprofit working to defend children from digital sexual abuse, AI is being used to create alarming increases in the number of non-consensual sexual images of young women and men being found on the web. And it’s not just celebrities like Taylor Swift who are being targeted. It’s now mostly teen-aged girls. Portnoy says it’s not happening in just a handful of cases. She estimates that millions of kids nationwide have been affected by deepfakes that are sexually exploiting teens in some way. Girls— and boys— are either being directly victimized, or are being made aware of others they know, including classmates, who are being bullied in this way.
The Center for Democracy and Technology, a nonprofit which advocates for digital rights and privacy, released a recent survey conducted in August in which 15 percent of high schoolers reported that they have heard about a “deepfake”—an AI-generated image—which targeted someone associated with their school and-or depicted themselves, personally, as behaving in a sexually explicit or intimate manner. The CDT also said that “students, teachers and parents report a lack of support and awareness about deepfake non-consensual intimate imagery.” For instance, few students surveyed said their school has explained what deepfakes are (19 percent), how they affect those depicted (13 percent) and who to tell at the school if they see or hear about them (15 percent).
Political deepfakes also are eroding trust, especially in these final weeks before the November 5th election.
Donald Trump’s campaign staff, for example, is re-posting fake arrest images made to evoke sympathy for the former president’s recent felony conviction. Fake AI-generated images of Trump praying in church, and a more recent deepfake image of him hanging out with a group of Black people dressed in Christmas garb —are being used by supporters to blunt Trump’s latest criticisms of both religion and people of color. Elon Musk’s refusal to remove what he calls a “legal political parody” of Kamala Harris, which went viral on X (which he owns) has been shared more than 150 million times. It includes misleading synthetic audio of Harris’ voice and doctored video clips of her, edited to make it appear like she is criticizing her own capacity for the job, criticizing President Joe Biden as being “senile” and being clueless about the tough issues facing all Americans.
And that’s not all. In the wake of Hurricane Helene, more deepfake images and videos have been made by the Trump campaign about Harris, suggesting, falsely, that the federal government is intentionally withholding aid to Republican disaster victims because they live in Florida, a red state.
Climate of Distrust
Perhaps the most unsettling aspect of deepfakes today is that they’ve helped to create an environment in which politicians—or anyone else, for that matter—can more credibly dismiss legitimate evidence as being fake or forged. Donald Trump Jr., when celebrating the third anniversary of the January 6th Capitol riots this year, posted to X (formerly Twitter), a statement seeking to re-characterize the violent uprising. “Happy Fake Insurrection Day,” his post read, “the first-ever insurrection with armed tour guides (of the Capitol) and unarmed participants!”
American historian Ruth Ben-Ghiat says the public’s growing awareness of deepfakes is breeding skepticism of all authority and our institutions, and is creating a broader environment in which people of all stripes are starting to distrust pretty much everything—”even what is believed to be true by a favorite uncle.”
Pioneering AI scientist Fei-Fei Li is more hopeful. “2024 is an inflection moment, and not just for politics but also for AI,” she said in an interview. “This year in history is going to be remembered as a big wake-up call about deepfakes and their influence—how they reshaped our capacity to believe in things and persuaded us to build new tools to moderate their impact.”
New Tools
Here are just a few of the newest tools being developed—but not yet ready for wider use—to help people know which content is real, which content is fake and how society can prevent deepfakes from being made in the first place:
Blood Flow. Intel technologists are working on a new way to spot deepfakes after they have been created by developing tools that can look for signals about a person’s blood flow in the pixels of a video, and then use an algorithm to map that flow across a face, using deep learning to identify whether the person being depicted is real or is AI-generated. THE CHALLENGE: Intel reports a 96% accuracy rate for spotting fake videos this way but the system has not yet been independently analyzed, nor released.
Watermarks. These are like an invisible stamp that is embedded into an AI generated photo or video as it’s being created. Companies like META and Google do this so content can be flagged as being AI-generated. THE CHALLENGE: These watermarks are optional and are relatively easy to remove. They also don’t register all the ways in which content can be altered.
Meta-data provenance. The creators of this kind of tool liken it to “a nutrition label” for a piece of media, which embeds information about how a piece of content was created, how it was edited and how it has been distributed. This information provides more access to the ways content could be altered. THE CHALLENGE: These tools are not yet widely available, and there are plenty of ways users could deliberately strip out these protections.
Shields. These provide a protective layer to images in a way that makes it harder for AI tools to recognize and manipulate them. Nightshade is a new tool developed by a team at the University of Chicago to prevent AI from scraping images without their creators’ consent. Nightshade adds what developers call “poison for pixels”—tech that deliberately causes an AI model to misinterpret what an image is, so that a picture of a hat, for example, might be seen by AI as being a picture of a cake. THE CHALLENGE: Nightshade can only be added to new images uploaded to the Web—not to images which already exist online.
Expression Manipulation Detection, or EMD. It’s a new suite of tools still under production which can both detect and localize the specific regions within an image which have been altered. THE CHALLENGE: It’s still in development.
Each of these detection tools won’t get us off the hook, says Sam Gregory, the executive director of witness.org, and a leading expert on deepfakes worldwide. “We need to think of using many of these tools, together. We talk about good detection now as having to take an ensemble approach. To do good detection, we’re going to have to use a bunch of different tools and techniques to be able to detect and disarm the false AI-generated manipulations.”
What now?
So what do we do in the meantime? Catching deepfakes isn’t the only goal. We can keep developing tools and asking government to weigh in, but in the meantime, Sam Gregory suggests checking out SIFT—an acronym which he says describes four steps that everyone should follow to gain media literacy about today’s fake news climate and to get better at sorting truth from fiction— and from everything in between.
Finland is leading the world in educating its population about deepfakes, using SIFT as one of the tools it’s using to teach media literacy to students from a young age. Students are taught to question where stories come from and to respect the right to freedom of expression. Susanna Ahonen, an information literacy project manager at News Media Finland, told Channel News Asia: “We are neighbors of Russia, and we know how the information environment in Russia is. During the World War, people didn’t get any information. Nowadays, they are flooded with information. But the point is always the same, that if the people don’t know what’s really happening, you can do whatever you want. And to protect democracy, we have to fight that, always.”
Legislation is moving forward in a number of U.S. states to crack down on deepfakes but but more needs to be done—faster, says Thorn’s Rebecca Portnoy.
“It’s an arms race,” says Rumman Chowdhury, an American data scientist and CEO of Humane Intelligence. “Anyone who works in the field of adversarial AI or any kind of security knows that fighting disinformation is a game of cat and mouse. We can create ways to identify people, but bad actors just get better.”
But Portnoy says she’s optimistic. “I still see a window of opportunity” to stop the worst influence of deepfakes from happening more widely, she said in an interview, “but we all really need to move faster and in a stronger, nationally coordinated way, to grab this opportunity— now —to stop the worst of it, before we miss our chance entirely.”
What’s your take on deepfakes and their influence on society today? Share some examples you have found to be most unnerving, and your thoughts on some of the tools being developed. We love to hear your input!