Inside the Deepfake ‘Arms Race’


Inside the Deepfake ‘Arms Race’

Can countermeasures neutralize the coming wave of high-tech disinformation?

David Axe Published 10.07.19 4:46AM ET 

 

By late 2018, Ali Bongo, the president of Gabon in West Africa, hadn’t appeared in public for many months after reportedly suffering a stroke. 

So it came as a surprise when a seemingly official video appeared online on New Year’s Day depicting Bongo, looking a bit disoriented, addressing the Gabonese people.

Bongo’s rivals declared the video to be a “deepfake”—a sophisticated digital forgery. Bongo was dead or incapacitated, the opposition declared. On Jan. 7, army officers launched an abortive coup.

Bongo wasn’t dead. And the video wasn’t a deepfake, just a weirdly-staged recording of an unwell man struggling to appear healthier than he apparently was. But the coup plotters were right about one thing. It’s entirely possible to fake a convincing video of a world leader... or anyone else, for that matter. 

Deepfakes are a fairly new feature of social media. And they’ve already contributed to violence and instability on a national scale. Experts say the problem could get worse before it gets better.

The first deepfakes appeared in late 2017 on Reddit. An anonymous user calling themselves “deepfakes”—a portmanteau of artificial-intelligence “deep learning” and “fakes”—imposed celebrities’ faces on pornography. 

Reddit eventually banned deepfakes, but the cat was out of the bag. “A wave of copycats replaced him on other platforms,” Tom Van de Weghe, a Stanford University researcher, wrote in a May essay.

A deepfake video, still image, or audio recording is the product of a clever bit of coding called a “generative adversarial network,” or GAN. A GAN has two components: a discriminator and a generator. The discriminator is trying to tell fake media from real media. The generator is trying to fool the discriminator with increasingly realistic-seeming fakes.

The two components go back and forth at the speed of computer code. “The generator goes first and generates an image,” Matt Guzdial, an assistant professor of computer science at the University of Alberta, told The Daily Beast. “This is tricky because initially the generator is going to produce random noise.”

Now it’s the discriminator’s turn. It’s sitting on a trove of authentic media plus the initial fakes from the generator. “It will guess which is which,” Guzdial explained. “After guessing, it will be told which ones are real ones.” Then the process starts all over again. 

The trick for the discriminator is getting over the hump of just coughing up random noise. If the generator can break through the noise barrier and grok what the discriminator is seeing or hearing in its catalogue of authentic media, then the generator can really start learning from the back-and-forth.

After potentially hundreds of thousands of iterations, one of two things happens. “Eventually the generator starts generating things that look like real images,” Guzdial said. “Or it doesn’t work.” The same process applies to video, stills and audio.

More and more, it does work. Type “deepfake” into the search bar on Facebook and you can watch Tom Cruise starring in a Marvel superhero movie or Barack Obama ranting about, well, a Marvel superhero movie. 

It’s not hard to imagine political parties, intelligence agencies, militant groups and online trolls deploying deepfakes to discredit, frame or embarrass their rivals. The risk is such that computer scientists already are scrambling to devise deepfake countermeasures. “There’s an arms race,” Mark Riedl, an associate professor of computer science at Georgia Tech, told The Daily Beast.

That said, deploying a GAN is easier said than done. The underlying code isn’t hard to find. But you need more than code. For starters, you need lots and lots of authentic media as grist for the generator. For faking a photo or video of a person, you need plenty of clear images of that person’s face. To fake that person’s voice, you’d need lots of clean recordings of them really speaking. 

Social media makes it easier to find good media as a starting point, Van de Weghe pointed out. But gathering all that raw material still takes time and effort.

Of course, in this hypothetical scenario you’re a hacker or a shady political operative or a committed troll, so you’re willing to put in the hours. You’ve gathered plenty of authentic media as a starting point, fired up your GAN and, after a few noisy failures, produced a convincing deepfake. 

Now you need to do it again. And again. “It is likely that a malevolent entity would need more than a single image, audio or video to effectively sway opinion at scale,” Polo Chau, who is also a Georgia Tech computer scientist, told The Daily Beast. After all, any one deepfake is likely to disappear in the churn of social media. 

So you’ve produced a bunch of decent deepfakes all targeting the same person in the same way. It’s enough to really make a dent in your subject’s reputation. Assuming, that is, no one flags your fakes for what they really are. 

Sure, GANs are getting better all the time. But for now it’s still easier to detect a fake than it is to produce a convincing one. Today’s GANs are good at faces, Riedl explained. But they get sloppy around complex, moving materials. Look close at the subject’s hair in deepfake video. You should be able to spot telltale distortions.

It’s possible to automate this scrutiny. Social-media companies and users could deploy discriminators to sift through media on a network, looking for the pixelation and other digital fingerprints of GAN-produced fake. In September Google released, like targets at a shooting range, a trove of 3,000 old deepfakes—all in order to boost efforts to identify newer fakes.

Plus, there are methods of countering deepfakes that don’t solely rely on code. Purveyors of deepfakes need social media accounts and unscrupulous media outlets to help spread the malicious content, Chau explained.

And that exposes the purveyor of the deepfake to social-media analysis, Riedl said. “You can analyze that and find out where these things originate from, look at the network around this person and find out if they’re an artificial entity or linked to known groups.”

“You can counter-program against that,” Reidl added. Methods could include blocking or reporting the account pushing the deepfake. “That’s a very promising way of not dealing with the tech directly.”

Ultimately, experts said, the best defense against GANs and the deepfakes they produce is an educated and skeptical public that can view media in an informed context, considering its source, its proponents and detractors and its potential for weaponization. 

Obama chattering away about some Marvel villain? Certainly useful to fringe media outlets eager to portray the former president as silly And thus probably fake. A smart social-media user should know that.

Skepticism is the key. But in a hyper-partisan media environment, where everyone is grasping for any confirmation of their existing biases, skepticism could be in short supply. 

That, more than the GANs and deepfakes themselves, worries some experts. “The reason deepfakes are such a threat is not that the tech is so good,” Riedl said, “it’s that people want to be fooled.” 
 
https://www.thedailybeast.com/inside-the-deepfake-arms-race?ref=scroll

Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more