The Deepfake Arms Race is Heating Up
But it’s not yet open warfare.
During the four years between the 2016 and 2020 presidential elections, many cyber experts and pundits were concerned that Russia or other nation-states would evolve their ability to manipulate U.S. voter perceptions by migrating from social media memes to deepfakes. That emerging technology can be used by employing computer-altered images and video footage to denigrate candidates in some way, hurting their chances at the polls.
The RAND Corporation has released a new report, “Artificial Intelligence, Deepfakes, and Disinformation: A Primer,” that concludes “the potential for havoc is yet to be realized. For example, some commentators expressed confidence that the 2020 election would be targeted and potentially upended by a deepfake video. Although the deepfakes did not come, that does not eliminate the risk for future elections.”
The report identifies several reasons why deepfakes have not yet lived up to their threatening reputation, in particular that “well-crafted deepfakes require high-end computing resources, time, money and skill.”
Matthew Stamm, Ph.D., associate professor of electrical and computer engineering at Drexel University, has been working in the field of detecting fake media for about 15 years, and has contributed to the Defense Advanced Research Projects Agency’s programs on detection algorithms. He agrees that making outstanding deepfakes is not easy or cheap, but isn’t sure how much that matters in regard to their effectiveness.
“Over time [they] will improve,” he says. “But we also have to contend with another factor—we are predisposed to believe something that confirms our prior beliefs.”
Stamm cites as an example the doctored Nancy Pelosi video that ran rampant over social media during the summer of 2020, which made it appear that her speech was slurred—Speaker Pelosi is a teetotaler. It was not a sophisticated deepfake, he says—and he helped debunk it. The sound was just slowed down a little bit to make it seem as if she was impaired. But no matter how often it’s disproved by fact checkers or flagged by social media, plenty of people accept it as “fact.”
“You can often get the same result by using ‘cheapfakes,’ Stamm said. “You have to think about what’s your goal? You can spend a lot of time and money to create a very good deepfake that will last a long time, but is that your goal?”
While videos have, to date, garnered the most attention, the RAND report identifies other types of deepfakes that are easier to execute and have already shown their potential to cause harm. Voice cloning is one technique.
“In one example, the CEO of a UK-based energy firm reported receiving a phone call from someone who sounded like his boss at a parent company. At the instruction of the voice on the phone, which was allegedly the output of voice-cloning software, the CEO executed a wire transfer of €220,000—approximately $243,000—to the bank account of a Hungarian supplier.”
Another technique is creating deepfake images—the headshots that people use everywhere on social media. The report outlines the case of such an image placed on LinkedIn, “one that was part of a state-run espionage operation.” The deepfake was discovered in 2019, where it “was connected to a small but influential network of accounts, which included an official in the Trump administration who was in office at the time of the incident.”
The value of creating such deepfake images is that they aren’t detected by a reverse image search that looks for matches to original, verified images, the report observes.
The fourth form of deepfake identified in the report is generative text—using natural language computer models and AI to generate fake, but human-like, text. This would be valuable for operating social media bot networks that would not need human operators to create content. It also could be used to mass-produce fake news stories that would flood social media networks.
The report lists four key ways that deepfakes can be weaponized by adversaries or bad actors—manipulating elections; exacerbating social divisions; weakening trust in government institutions and authorities; and undermining journalism and other trustworthy information sources.
“These are large-scale social threats, but others are economic,” Stamm notes. “There have already been [cases] of audio deepfakes. There are a lot of highly criminal opportunities,” any of these deepfake methods could be used for.
The report identifies several approaches to mitigate the threat that deepfakes of all kinds pose to information integrity: detection, provenance, regulatory initiatives, open-source intelligence techniques, journalistic approaches and citizen media literacy.
Detection often gets the most attention, because most detection efforts are aimed at automated tools. DARPA has invested heavily in this area, first with its Media Forensics program that ended in 2021, and currently with its Semantic Forensics program.
But this is where the parallels to other kinds of escalation most apply. Think of the battle in cybersecurity to try to ever get ahead of hostile actors.
“Although detection capabilities have significantly improved over the past several years, so has the development of deepfake videos. The result is an arms race, which is decidedly in favor of those creating the deepfake content,” the report states. “One challenge is that as AI programs learn the critical cues associated with deepfake video content, those lessons are quickly absorbed into the creation of new deepfake content.”
Provenance is already being used in some ways. If you have ever noticed a small “i” enclosed in a circle on an image, it means the photographer used a secure mode on their smartphone to take the picture, which embeds critical information into the digital image’s metadata. “Although this technology is not a panacea for deepfakes, it does provide a way for the viewers of a photograph (or a video or recording) to gain confidence that an image has not been synthetically altered,” the report observes, but “the technology only works if it is enabled at the time the photo is taken, so promoting effective adoption of the technology will be critical.”
Stamm suggests that the Department of Defense and the Intelligence Community should consider wargaming different scenarios that could be brought about by successful deepfakes. The report suggests the same thing, recommending that government “conduct wargames and identify deterrence strategies that could influence the decision-making of foreign adversaries.”
“Dealing with fake information is one of the big challenges of the 21st century,” Stamm says. “In the 20th century it was cryptography, but now we live in a world where information sources are decentralized … We may not trust, but we still need to consume.”