Deep Fakes and National Security

Google CEO Sundar Pichai says Google is intentionally limiting Bard AI’s capabilities as he warns about the imminent ease of using AI to create deceptive “deepfake” videos of public figures.

Details:

• Current AI models can already generate highly realistic images of public figures, blurring the line between fiction and reality
• Video and audio fabrications are becoming more sophisticated by the day
• Pichai said that Google does not always understand the answers Bard AI currently provides

AI misinformation and scams are already very real and will only worsen as AI continuously advances. (2a)

Deep Fakes and National Security (Congressional Research Service)

“Deep fakes”—a term that first emerged in 2017 to describe realistic photo, audio, video, and other forgeries generated with artificial intelligence (AI) technologies—could present a variety of national security challenges in the years to come. As these technologies continue to mature, they could hold significant implications for congressional oversight, U.S. defense authorizations and appropriations, and the regulation of social media platforms.

How Are Deep Fakes Created?

Though definitions vary, deep fakes are most commonly described as forgeries created using techniques in machine learning (ML)—a subfield of AI—especially generative adversarial networks (GANs). In the GAN process, two ML systems called neural networks are trained in competition with each other. The first network, or the generator, is tasked with creating counterfeit data—such as photos, audio recordings, or video footage—that replicate the properties of the original data set. The second network, or the discriminator, is tasked with identifying the counterfeit data. Based on the results of each iteration, the generator network adjusts to create increasingly realistic data. The networks continue to compete—often for thousands or millions of iterations—until the generator improves its performance such that the discriminator can no longer distinguish between real and counterfeit data.

Though media manipulation is not a new phenomenon, the use of AI to generate deep fakes is causing concern because the results are increasingly realistic, rapidly created, and cheaply made with freely available software and the ability to rent processing power through cloud computing. Thus, even unskilled operators could download the requisite software tools and, using publically available data, create increasingly convincing counterfeit content.

How Could Deep Fakes Be Used?

Deep fake technology has been popularized for entertainment purposes—for example, social media users inserting the actor Nicholas Cage into movies in which he did not originally appear and a museum generating an interactive exhibit with artist Salvador Dalí. Deep fake technologies have also been used for beneficial purposes. For example, medical researchers have reported using GANs to synthesize fake medical images to train disease detection algorithms for rare diseases and to minimize patient privacy concerns.

Deep fakes could, however, be used for nefarious purposes. State adversaries or politically motivated individuals could release falsified videos of elected officials or other public figures making incendiary comments or behaving inappropriately. Doing so could, in turn, erode public trust, negatively affect public discourse, or even sway an election. Indeed, the U.S. intelligence community concluded that Russia engaged in extensive influence operations during the 2016 presidential election to “undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.” Likewise, in March 2022, Ukrainian President Volodymyr Zelensky announced that a video posted to social media—in which he appeared to direct Ukrainian soldiers to surrender to Russian forces—was a deep fake. While experts noted that this deep fake was not particularly sophisticated, in the future, convincing audio or video forgeries could potentially strengthen malicious influence operations.

How Can Deep Fakes Be Detected?

Today, deep fakes can often be detected without specialized detection tools. However, the sophistication of the

technology is rapidly progressing to a point at which unaided human detection will be very difficult or impossible. While commercial industry has been investing in automated deep fake detection tools, this section describes U.S. government investments and activities.

The Identifying Outputs of Generative Adversarial Networks Act (P.L. 116-258) directed NSF and NIST to support research on GANs. Specifically, NSF is directed to support research on manipulated or synthesized content and information authenticity, and NIST is directed to support research for the development of measurements and standards necessary to develop tools to examine the function and outputs of GANs or other technologies that synthesize or manipulate content.

In addition, DARPA has had two programs devoted to the detection of deep fakes: Media Forensics (MediFor) and Semantic Forensics (SemaFor). MediFor, which concluded in FY2021, was to develop algorithms to automatically assess the integrity of photos and videos and to provide analysts with information about how counterfeit content was generated. The program reportedly explored techniques for identifying the audio-visual inconsistencies present in deep fakes, including inconsistencies in pixels (digital integrity), inconsistencies with the laws of physics (physical integrity), and inconsistencies with other information sources (semantic integrity). MediFor technologies are expected to transition to operational commands and the intelligence community.

Figure 1. Example of Semantic Inconsistency in a GAN-Generated Image
Source:  Uncovering the Who, Why, and How Behind Manipulated Media (darpa.mil)

SemaFor seeks to build upon MediFor technologies and to develop algorithms that will automatically detect, attribute, and characterize (i.e., identify as either benign or malicious) various types of deep fakes. This program is to catalog semantic inconsistencies—such as the mismatched earrings seen in the GAN-generated image in Figure 1, or unusual facial features or backgrounds—and prioritize suspected deep fakes for human review. DARPA requested $18 million for SemaFor in FY2024, $4 million under the FY2023 appropriation. Technologies developed by both SemaFor and MediFor are intended to improve defenses against adversary information operations. (2b)

Democracy isn’t ready for its AI test (Axios)

AI-generated content is emerging as a disruptive political force just as nations around the world are gearing up for a rare convergence of election cycles in 2024.

Why it matters: Around one billion voters will head to polls in 2024 across the U.S., India, the European Union, the U.K. and Indonesia, plus Russia — but neither AI companies nor governments have put matching election protections in place.

State of play: Election authorities, which are often woefully underfunded, must lean on existing rules to cope with the AI deluge.

• AI startups tend to have few or no election policies.
• After initially banning political uses of ChatGPT, OpenAI is now focused on banning “high volumes of campaign materials” and “materials personalized to or targeted at specific demographics.”

How it works: AI could upend 2024 elections via…

• Fundraising scams written and coded more easily via generative AI.
• A microtargeting tsunami, since AI lowers the costs of creating content for specific audiences — including delivering undecided or unmotivated voters “the exact message that will help them reach their final decisions,” according to Darrell West, senior fellow at Brooking Institution’s Center for Technology Innovation.
• Incendiary emotional fuel. Generative AI can create realist-looking images designed to inflame, such as false representations of a candidate or communities that are targets of a party’s ire.

Social media platforms, meanwhile, are cutting back on their election integrity efforts.

• Meta’s election teams face an uncertain future, with another round of company layoffs expected this month. Meta policy communications director Andy Stone declined to comment on how the company is adjusting its election efforts for AI. The company spent more than $13 billion since 2016 on safety and security measures after Russian disinformation flooded Facebook during the 2016 campaign.
• Twitter’s slashed staff struggled with misinformation in the 2022 midterms, and owner Elon Musk is fueling mistrust, tweeting Tuesday: “Trust nothing.”

Between the lines: Newer platforms have little experience of big elections, let alone six in one year, and fewer local offices than more established rivals.

• TikTok has moved aggressively to hire laid off Meta staff with election experience, according to current and former Meta employees Axios spoke to.

Of note: Secretary of State Antony Blinken announced in a speech Tuesday that the State Department has developed an AI-enabled content aggregator “to collect verifiable Russian disinformation and then to share that with partners around the world.”

What they’re saying: Katie Harbath, who led Facebook’s election efforts from 2013 to 2019, and is now a consultant, told Axios “the 2024 election is going to be exponentially more challenging than it was in 2020 and 2016.”

• “We have to get past finger-pointing” about past problems, Harbath said, and work instead on AI impacts. “Election plans cannot be spun up in days or weeks. Work should start 18 months to 24 months ahead of election day,” she added, noting that U.S. primary season begins in just seven months.
• Allie Funk, tech research director at Freedom House, told Axios that generative AI is kicking off an era of “automated disinformation” and “will lower the barrier of entry for shady companies” selling election services.

On the government side, efforts to grapple with AI are just beginning.

• In Congress, Rep. Yvette Clarke (D-N.Y.) introduced a bill requiring disclosure when AI is used for political ads
• Federal Election Commission vice chairman Sean Cooksey, a Republican, thinks AI ads can be regulated via existing rules.
• The National Association of Secretaries of State has added AI developments into its “threat landscape,” spokesperson Maria Benson told Axios.
• U.K. science and technology minister Chloe Smith told parliament last week that the U.K. government is establishing a “central coordinating function to seek out risks” ahead of the country’s 2024 election, but will apply existing laws to punish abuses. (3)

Status:  Died in a previous Congress