Why watermarking deepfakes is useless, and what we should do instead
The debate over deepfakes is misguided. We need ways of knowing the source of content, not what tools were used to create it.
There is a lot of debate about deepfakes and AI-generated content – and rightly so. AI makes it much easier to manage puppet accounts, generate deepfaked phone calls, orchestrate entire fake news sites that corroborate fake stories, perform spear phishing at scale, and have counterfeit humans nudging people towards certain opinions.
In brief: artificial intelligence makes it easier and cheaper to manipulate people.
The response, however, is misguided. In a vast majority of the cases, the response is to demand that AI-generated content is labeled as such. This has even become law in some parts of the world.
This is a bad idea for two reasons:
It won’t affect bad actors with more than minimal resources.
It aims for the wrong target.
Read on to see what I mean.
“All fake money should have the work ‘fake’ printed on them”
If the statement in this header were to be proposed as law, it would be laughed at. Still, this is basically what some legislation demands when it comes to AI-generated content.
It works great for images taken straight off the biggest AI services, and on media posted by established news companies. But it is possible to use one Google service to create an AI image, and then another Google service to remove the included (hidden) watermark.
Any actor that wants to hide that media is AI-generated, and with more than minimal resources, can remove both visible and hidden watermarks from any type of media.
I’m not against stating when content is AI-generated, and I think it’s a good idea to be clear when you’re talking to a bot instead of a human. But this is “avoid misunderstandings” – not “stop the bad guys”.
Trust does not depend on method of creation
The second objection to labeling AI-generated content is more fundamental: knowing that a piece of content isn’t AI-generated is by no means the same as knowing that it’s trustworthy.
There are fully legitimate deepfakes of Imran Khan being used in election campaigns in India (while he himself was imprisoned), and highly biased but authentic photos taken from the war in Gaza.
Digital tools have for a long time been used to create “authentic” content, and there is no sharp line between AI-generated and authentic. Rather, we should expect that AI-generated texts, images, sounds and videos will become a natural way of extending our current methods of expressing ourselves.
While exposing something as deepfake can be useful for knowing that you shouldn’t trust it, not being able to expose it is a useless proxy for trusting it.
How, you might ask, should we then ever be able to trust digital media again?
Knowing the source is essential for trust
A large piece of the answer is knowing the source. There are methods available for signing digital content, making it possible to know for certain who the sender is.1
If you see videos from a war zone, don’t ask whether it is deepfake, but who the sender is.
If you could know for certain that it was posted by (say) The Economist, it is more trustworthy than if it is posted by an unknown dude who only has been present online for twelve days.
If you get a phone call from a friend in need of money, knowing that it is actually that friend calling is essential – not whether their voice sounds natural or synthetic.
Digital signatures work fundamentally differently than watermarks. Instead of marking content as “AI-generated” (which bad actors can strip away), digital signatures cryptographically verify who published it. It doesn’t require fake money to be labeled ‘fake’, since all the authentic money has the unfakeable seal.
This technology could be used not only by large organisations, but also by individuals – including people who need (or want) to use pseudonyms to avoid repercussions. While a pseudonym with a single post online hardly is trustworthy, a pseudonym with a proven record has much more credibility.
The technology exists. What’s missing is widespread adoption and the infrastructure to support it.
Digital signatures should be adopted, now
It has become too easy to manipulate both individual people and entire societies. Taking action on reducing harmful manipulation is urgent, and it needs to be done in a way that preserves the possibility to speak freely. Digital signatures are an important step towards that.
Public service, established media and governmental agencies should start using this as soon as possible, to help making the available standards known and used. The big social platforms should be required to support digital signatures for media. Not to throw out manipulative content – deciding what is manipulative is too difficult – but to make it easier for people to judge the sender, and make it more difficult for dodgy actors to spread content with bot armies.
Do you agree? Disagree? Have things to add? Please let me know in a comment!
One such standard is C2PA (Coalition for Content Provenance and Authenticity), adopted by Adobe, Microsoft, Google, the BBC, and many others.