Deep Fakes

Photoshop

Photo editing began to takeoff back in the late 80's using a product called Photoshop, a name most people recognize, even today. Just like Google, Photoshop became so popular that its very name became a verb. To photoshop an image meant to edit it in some way. Usually that was to crop the image or correct for color hue errors due to bad lighting.

But as Photoshop grew in capabilities, new uses emerged that were heretofore impossible or, at least, very difficult to achieve using practical methods.

You could crop objects or people out of an image. You could remove zits, change eye color, hair color, or the shape of the nose. You could also "clone in" items or people that weren't originally present. There are many other editing manipulations you can do.

In short, you could apparently alter reality.

This was usually pretty benign. Back when I shot weddings professionally, I would use Photoshop to fix imperfections in an otherwise good photo. I might remove some zits on the bride's face, clean up the black eye the groom may or may not have earned the night before, etc. This all made for preserving an otherwise notable memory without the incidental cruft of the moment. There's nothing wrong with that.

But bad actors quickly seized on the opportunity to create highly doctored pictures. If you were sufficiently skilled, your end results could be quite convincing. Enough to sway a court of law, perhaps.

Multimedia enters the fray

The earlier days of physically imitating other people or altering reality were mainly in fixed, photographic form. That's because photos are easy. Photos are a snapshot of an instant in time. It's a single frame of a person's appearance or an unfolding event that has no time duration. Whatever edits you wanted to make only had to be made once.

But as time went on, imitating other people became more than just doctoring individual photos.

Computers and software became more powerful, allowing masters of the craft to create manipulated videos. And what is a video if not a sequence of numerous individual photographs shot at a high speed, audio notwithstanding?

Of course, manually editing each individual photograph that comprises a video is incredibly difficult and error prone. That's a job that only software could really handle. Make your manual edits to a "master frame" and let the software automatically apply those edits to subsequent frames, taking into account natural movements of the subject.

And if there's video, then there's probably audio to match. Software made it possible to edit and manipulate that as well.

Creating a convincing doctored video with audio became possible and these techniques were being explored and used by filmmakers. It required expensive computers, complex software, and considerable skill and talent so it wasn't something that any old scammer or rabble-rouser could easily leverage for their own malignant purposes.

Rising awareness

As more and more people became aware that "photoshopping" was possible, the bad actors who would use photo manipulation as a means to further a fraud, scam, or misrepresent someone, like an opposing politician, needed to improve their tools and capabilities.

As we discussed just above, these tools were costly and required considerable skill to use. This is more or less how things went for some years.

But things were about to dramatically change.

A.I. comes to town

The water against the dam had been rising for a few years now. Then, in Nov 2022, the dam burst wide open with the release of ChatGPT, the first time that AI became available to the masses.

While ChatGPT itself is basically a text-based interactive response engine, the underlying tech that made it possible has been undergoing massive development ever since. Big tech companies have invested hundreds of billions of dollars developing A.I. algorithms in just the last couple of years.

And this is where we find ourselves today. This is when the tools to create convincing deep fakes became available to pretty much anyone, thus ushering in an entirely new world of continually improving frauds and scams.

The rest of this article will focus on that.

A Brave New World

Perhaps Huxley, back in 1932, was more prophet than sci-fi author.

What makes it a "deep fake" vs. a regular fake?

A "regular fake" would be all the examples above involving photoshop and early automation tools. They all required significant skill to master and the output generally comprised significant elements of the input. These were largely manual efforts even if some automation was available to speed-up the process. They were well beyond the reach of most people.

"Deep fakes", on the other hand, are completly synthetic, created and edited using A.I. tools.

These A.I. tools require only minimal samples (perhaps one or two still images, or a few seconds of video or audio) and, from that, generate whatever you want in terms of actions, wording, expressions, tone, etc.

Earlier deep fakes had more rendering errors, such as additional fingers on a hand, an extra leg, three nostrils, and other body horror, so spotting them was pretty easy.

A lot of that has been fixed. Some of today's deep fakes are so convincing that even experts in the field, people who know the telltale signs to look for, are fooled. So what hope do the rest of us have?

e.g. OpenAI's SORA (now at v.2) can create utterly realistic videos including recognizable people saying and doing completely fabricated things. We're way past the time when even a highly trained eye can reliably spot the fakes.

Scams

As you can imagine, with such cheap or free sophisticated tools for impersonating specific people, we are ripe for a new wave of scary scams and impersonating people, such as political opponent, in unflattering ways.

Kid in trouble

One particular super scary scam is to receive a phone call from someone sounding, for all the world, exactly like your kid, telling you they've been arrested and need help now. The scam sometimes involves you receiving a second phone call from a (fake) lawyer or officer of the court with instructions on how to make bail.

The tone of these phone calls are usually one of panic, urgency, and need to act quickly. All this pressure is designed to reduce your ability to think and process information clearly.

The demands from the "lawyer" or "kid" is to make a bail payment using methods that are irreversible. That could be a casual payment platform like Venmo or Zelle. It could be via gift cards. It could be via cash deposit at a Bitcoin ATM. Stop right there.

No legit lawyer, office of the court, law enforcement officer, etc. will ever demand any payment over a phone call, especially via these irreversible methods. Just hang up!

It's all the more convincing because you can actually talk to your (fake) kid in real time on the phone. They know your name, where you live, and other readily public information.

How does that work? The scammer is listening to the call. When you ask your kid what happened, the scammer types in their reply into a generative A.I. program that immediately spits out audio, perfectly impersonating your kid. The A.I. tools might even generate convincing dialog automatically.

Corporate compromise

Using similar techniques, a bad actor may use A.I. tools to impersonate an executive, in order to trick a company employee, such as an executive assistant, into divulging sensitive information. The fake-boss calls might not be urgent in nature or any emergency. They could be just simply trying to trick you into giving up sensitive info.

Fraudulent Promotion or Endorsement

Famous and instantly recognizable voices have been used in advertising for years. Morgan Freeman and James Earl Jones, with their unmistakably recognizable voices*, comes to mind. Before A.I. tools existed, most of the fraudulent endorsements were created by voice actors who were skilled at mimicking famous voices.

* Fun facts: James Earl Jones was the voice of Darth Vader and Mufasa (Lion King) and many of Morgan Freeman's credits are for narration.

A while back, I heard radio ads for a local business in Columbia that I'd swear was the voice of Morgan Freeman. I'd bet good money it wasn't really Morgan Freeman.

Today, that practice is comically simple, no voice actor necessary. A.I. voice creation tools have got you covered.

As an authentication aid

I've been reading on some of the tech blogs I frequent that some (legit) companies, such as banks, are asking their customers for a voice sample so that their customer service reps can confirm they're talking to the real person if they should call in at some later date.

That sounds (heh) like a good idea but I'm skeptical. As A.I. generated voice impersonation improves, it's quite likely to fool any voice print authentication tools that might be used. It could make you less secure, not more. I'll stick to using customer service PINs, thank you.

--

The familiar voice (created by A.I. impersonation) alone may be enough to convince the mark to do as they're instructed. But the bad actor often reinforces the ploy by knowing certain information. We've all had our private, sensitive information breached numerous times by now, so a targeted "spear phishing" attack can be well-armed. In the moment, the mark is too stressed to think about this logically.

The savvy citizen

How to tell you're being phished by a scammer using A.I. impersonation? In short, you can't. At least not by detecting a flaw in the deep fake. Experts in this field, people who study impersonation fraud, all agree that most of today's deep fakes are just simply too good to detect.

Wow, then what can I do?

Here's where real life multi-factor authentication comes in.

Have a "code word" that everyone in your family knows. Then if you get that panicky call from your relative, simply ask them for the code word. Keep it simple but arcane. A silly but memorable word that no one else would guess. Practice that word once a month with your family so no one forgets.

If needed, you can establish a different code word for your boss and work colleagues.

Don't blindly trust the caller ID even if it matches a legit number for the person who's supposedly calling. Caller ID spoofing , though a bit more difficult today, is still very possible for determined fraudsters.

If you get one of these panicky calls but don't already have a code word in place then all is still not lost.

Kid calling (even an adult one)?

Ask them a question about an arcane fact from their childhood that s/he would certainly know but that no one else would know the answer to. Perhaps their favorite cartoon or name of their best friend when s/he was little.

Or ask them a question with no true answer. In the case of the auto accident scam, ask if s/he dropped off his sister Sally (or other fake relative) before the accident. Or ask if Sally is ok.

If using real verification questions with real answers, they must be arcane. Something your relative would know but from many years ago. The idea is that the scammer must not be able suss out the question or its answer from any data breach or social media searching.

You get the idea.

Your boss calling?

Ask them a question with no true answer relating to the thing they are asking you about. Ask leading, easy-to-answer yes/no questions about people and things that don't exist.

Take a beat...

Problem is, during such a phone call, you may be in a panic yourself. That is deliberate. Thinking up effective, ad-hoc, authenticating questions takes a clear, calm, deliberate mind. It's much better to have a code word figured out beforehand.

Even if the call were legitimate, nothing bad is going to happen in the next five minutes that would not happen this minute! So hang up, mute them, or put them on hold, and call/text them back on a number you already have. If they answer then you can confirm all is ok. If they don't answer, that doesn't mean the call to you is real. It just means they didn't answer. Maybe they're in the bathroom?

Media awareness

Because deep fake videos are so easy to make today, you've got to adopt a suspicious, incredulous stance on any video you see posted to social media especially if that video is inflammatory or outrageous in some manner. If it's just some random cat video you saw on social media then vetting it is likely impossible (at least for now, more on that below) so don't put too much stock in it.

But if the person(s) in the video are notable, like politicians, celebrities, sports figures, or other well-known people that are frequently or even just occasionally in the news, then there's likely some avenue for vetting it.

Vetting can include numerous approaches:

• Did the video originate on social media? If so, it may or may not be true. That's the contextual definition of unreliable.
• Did it originate on a legit news outlet? Check the news outlet on MediaBiasFactCheck.com
• Are the statements made in the video out of character for the person being portrayed?
• Is there corroborating evidence of those statements reported by other legitimate news outlets?

Media literacy is sorely lacking which helps make these viral deep fakes believable. And even media savvy people would find it tedious having to check the veracity of every video they see. No one wants to do that.

Regardless of one's politics, which naturally could bias which videos one is more likely to believe, no one wants to be a tool -- that is, someone easily manipulated by someone else into having certain feelings and opinions. We all want agency in our thoughts and feelings. So don't believe everything you see, even if it supports your position, without proper and objective vetting. There are many lies, but only one truth.

Most deep fakes that feature controversial content are designed to elicit an emotional response. Alas, the emotional response often wins out over the intellectual response, which is exactly what the deep fake producer wants.

I tend to read my news rather than watch my news. Reading, which is self-paced, tends to engage slower, more analytical thinking. To be sure, the written word may contain lies as well. But overall it's a less effective way to spread emotionally charged disinformation due to the natural human response mechanisms involved in reading vs watching. Watching is visceral in a way that reading is not.

Some hope over the horizon

"Provenance" is the word that refers to the documented history and chain of custody of an item from its creation to the present.

It's frequently used in the art world to help determine the authenticity of a (usually very expensive or priceless) work of art. e.g. If you were contemplating the purchase of a famous and expensive painting, you'd want assurance that the seller was offering the genuine article and not a forgery. This is what provenance does.

Back in the days of film photography, negatives (especially) were generally regarded as authentic. It was simply too difficult to create convincingly fake negatives. Prints from those negatives could be faked to some minor degree by skilled operators in the darkroom by using dodging, masking, and multiple exposure techniques, but that, too, was very difficult and labor intensive. It didn't scale well at all.

But with the advent and uptake of digital photography, there really isn't a digital negative in the same sense as with an analog film camera. This was a huge problem in courts of law and other situations where image authentication and verification was crucial.

It was obvious, even then, that digital photography was the future so this problem of authenticity needed solving. Specialized versions of certain pro-level digital cameras, designed specifically for occupations* where evidentiary integrity was important, became available.

* Occupations include forensic photography, e.g. crime scenes, photojournalists, and probably others.

Immediately after taking a picture, these specialized cameras would calculate a special code (an encrypted hash) and embed that code into the image's metadata. That code could then be used to conclusively prove later on that the image was not modified in any way. Changing so much as one single pixel would render the code invalid. That code serves as the digital provenance, proving authenticity.

Fast forward to today.

There's an organization known as Coalition for Content Provenance and Authenticity (or C2PA), a cross-industry consortium of camera manufacturers, big tech, news outlets, and others, that want to implement this technology into every part of the content production chain.

This provides a way to prove the attached content and it's metadata is genuine and has not been altered after its creation.

That means...

• Smartphone and standalone cameras should have the ability to include authenticating codes into the image file.
• Editing software, like Photoshop, should have the ability to embed an indelible list of modifications. This would catalog what kind of modifications were made. Was it a simple cropping? Adjusting color balance? Or something that altered what the image means, like adding or subtracting a person or object.
• Platforms on which people view these images, like news outlets, social media, etc., should display a status icon with a link to more details signifying how that image came to be.

And before someone cries "big brother" or the loss of anonymity, these provenance authentication codes need not contain any identifiable information. All the code needs to do is attest the veracity of the image's provenance, not the party that created it.

Even when it becomes available, including any provenance authentication codes would be voluntary. No one's forcing anyone to do this. But hopefully we'll come to a time when media lacking verifiable provenance will be viewed with suspicion. Just like visiting a website lacking the lock icon may be suspect.

This is especially important for content that contains controversial subject matter where proving authenticity is critical.

We're already in a time when detecting deep fakes by trying to examine them is impossible, muddying the waters of truth. And they're only getting better, so that approach is a dead end.

Instead, the world needs a way to verify the provenance of what we're being shown. To know, for certain, that imagery being characterized as a real event is, in fact, a real event.

The C2PA is working on all this now. We're probably a few years from it all coming to fruition. But, if anything, the prevalence of deep fakes today and the crisis of trust its causing, will speed that up.