The Deep Trouble of Deepfake: What Can or Should We Do?

Introduction

0:00Hello, and welcome to the Harvard Data Science Review podcast. I'm Liberty Vitter Capito, feature editor of the Harvard Data Science Review, and along with my co-host and editor-in-chief, Shali Meng, we will be talking about things once only seen in science fiction movies, popularized by the mask-pull scenes in Mission Impossible films, deep fake technology. It has become one of the most powerful and consequential applications of generative AI, blurring the line between reality and illusion, and reshaping the way we trust what we see and hear online.

0:35This month, we're exploring that phenomenon with Professor Suwe Liu, whose lab develops cutting-edge deep fake detection methods, and Professor Hani Farid, a pioneer of digital forensics. Together, they'll guide us through the entire data journey, from the massive raw data sets that feed synthetic media to the pixel-level signatures that betray it. Whether you're a computer scientist, a policymaker, or simply curious about how synthetic content

1:06is altering the information landscape, join us for an in-depth conversation on turning data into both convincing illusions and resilient safeguards, and on how we can preserve trust and truth in a rapidly evolving digital world.

Misinformation Evolution

1:23Hannah, four years ago, almost to the day, we had you on talking about misinformation and disinformation. And we were just talking before we started recording about how much the world has changed, or if that's just a comment that we make because it feels fast, and it would always feel fast. Or have these last four years actually been different than, let's say, the last 50? And in that sense, what's changed? Yeah. Well, first of all, I'm old enough to have lived through the personal computer revolution,

1:56the internet revolution, the mobile revolution, and the social media revolution. And this one is different. And it's different on several levels. One is that it is much, much faster. We used to measure these changes in these 12 to 18-month cycle. Now I measure in 12 to 18 days. Things are accelerating at a pace that I have not seen before in my 30-year-odd career. That's number one. Number two is, I mean, no kidding, from four years ago, it's almost an unrecognizable world when it comes to generative AI and AI broadly. And certainly on what we had talked about then,

2:29which is missing disinformation, which has only gotten worse because social media continues its downward spiral into the absolute lowest common denominator. Now it's being fueled by generative AI, fake images, fake audio, fake video. And here's the thing, going forward, we don't have to wait four years, by the way. We can talk a little bit sooner than that, but it's not slowing down. I think we are still very much on the steep side of this curve, and there is absolutely more to come.

Deep Fake Examples

2:59Everyone at this point, or most people, I think have heard the word a deep fake or have heard the word disinformation or misinformation. In the past year, could you give me some examples of when people have been fooled by this, or when you've been asked, is this real or not, that people might be able to understand a little bit more what they're seeing or think they're seen? Yeah, let me give you a few examples. I think this is the one that probably got the most attention and was a bit of an inflection point for generative AI slash deep fakes, which let me just define that

3:31is broadly speaking, the creation of images, audio and video, largely by machine learning or artificial intelligence. That's the simple definition, where you simply type, give me an image of, and it will hand you a photorealistic image. I think one of the inflection points was the Pope in the white puffer coat. This was an image that was really, I think, shook people, not because it was funny, it was, not because it was cool, it was, but because a lot of people thought it was real. It was this moment, I think, when people realized our eyes are not trustworthy.

4:02Now, don't get me wrong, our eyes were never trustworthy, but that was a moment where people realized it. Now, we have seen phenomenal large-scale fraud. We have seen companies lose 25, 35, 50 million dollars because they are on a call with what they think is their CFO or their CEO, and they are not. And I will tell you, for every one of those that you read in the newspaper, there are 10 that you don't read about. We have continued to see small-scale fraud, where parents are getting phone calls from what they think are their loved ones, and it is not. They are not in trouble, and they are losing thousands of dollars. We continue to see horrific, terrible, gut-wrenching, non-consensual,

4:37intimate imagery where women's likenesses are being inserted into explicit material and then being weaponized against them. We are now seeing that against children. We are also seeing disinformation campaigns around elections, around global conflicts. And here's the one that has always sort of kept me up at night, is that when we live in this world where deepfakes, generative AI can create an image, an audio or video of anybody doing, saying anything, nothing has to be real. And then when you see a video out of Gaza with human rights catastrophes, well, it's fake. When you see human rights violations

5:08in Ukraine, it's fake. When you see a video of Donald Trump saying something ridiculous, it's fake. And so suddenly you get to deny reality. And what I've seen over the last four years, and really more than that, is this alternate reality that we all now occupy, because nobody knows what to believe anymore. And so you sort of throw your hands up in the air. And this is particularly true when the majority of Americans, and in fact, the majority of the world's population, gets their news, if you can generously call it that, on social media, which makes everything worse, because your world is being

5:39filtered by these algorithms that are simply designed to keep you pointing and clicking. And that's what you and I talked about four years ago. And so there have been lots and lots of examples on an individual level, on an enterprise level, on a society level, on a democracy level. And it's honestly, just about every day you see something like this.

Deep Trouble

5:57Let me follow up on that, because what you said is really gave me a sense, right? We have been using this word deep, right? The deep learning, not deep fake, but it sounds like we're really getting ourselves into deep, I'm not going to use four letters word, but deep trouble. And so in a way, as a data scientist, we feel kind of a mixed feeling, right? You know, we create this incredibly powerful tool, but like everything else in life, when it's something powerful, it can be used by all sides, right? So, Shiwei, we are the ones who understand all the deep trouble we're in. We're also kind of

Data Scientist Responsibility

6:32partially responsible for creating this thing. As a data scientist or computer scientist, what is our responsibility here? How do we even process the kind of a situation we're in, both as someone on technology side, but also as a consumer? Yeah, that's a very good question. I think if I put on my computer scientist hat, I'll say, you know, there are two levels of problems we're dealing with the powerful AI systems right now. One is at the technical level, the other is at the user's level,

7:03whoever using those tools. The first level, technically speaking, the AI tools are not safety certified. So we design AI systems like the ChatGPT system, the ChatGP like a chatbot systems or image generation, video generation, audio generation systems. They do not carry a built-in safety certificate. That's a technical problem we have to solve. For instance, somebody can tweak the prompts to make the system generating something that is inappropriate. That's built into the system.

7:35Whoever uses this, know the trick, we'll be able to trigger that. So that requires a tactical level solution. That's why we pay a lot of attention these days about understanding the safety issues of generative AI models. How do we improve their overall fairness and security built into that design of the system? I think, you know, from this perspective, the safety issue of generative AI models are not so different from everything we have seen before, like the internet and the social

8:08media. We have this mindset of build it and then fix it, right? We're still in the growing phase of generative AI models. So it's right now, the moment, the time, almost like the last part of the window for us to build that design into the system so that we'll have something that's safer at least. So I think that's the technical side of the problem. The social side is that even though the system is perfectly safe, we cannot guarantee that it will not be used for bad purposes. People with bad intentions

8:41will use them, abuse them. There is a tactical solution for that too. So that's one of my major research topic is how do we make sure something is generated by AI or come from, you know, a real camera, a real device. Or we will build in some technical solutions so that we can trace those data or at least make it harder for somebody to misuse the tool to create something that's harmful. But there's a lot of social aspects of this. I think number one most important thing is user education. You know, a lot of

9:13people do not know about this because they thought this is like super technical, complicated topics. There's no way you can understand them. Turns out that the fundamental core ideas and potential impacts can be easily explained to, you know, everyone, including older adults and teenagers. Actually, I gave talks to older adults and teenagers at the Buffalo area. They tend to be the group that's mostly engaged in this topic because they're curious. They want to know. And they also understand the potential

9:47impact because many times they're on the receiving end of this kind of attacks. The second part, of course, is the government needs to step in because making the AI model safe is the same way as saying making internet safe, making social media safe is fundamentally against the profit generation model of all the enterprise, the companies behind them. This is where government coming in say, how can we regulate and put some safe guarding rails against the misuses of these kind of issues.

10:19As a computer scientist, I feel like we're part of the reason of this problem, but we can also play a very active role as a solution. What are the things in terms of the data and the process involved in creating these defects? Oh, these days, probably just so easy. You just say, hey, here's what I want. Here's a problem. Part of the danger probably is anyone with a bad intention can utilize these powerful tools to do what they want without much of the technical background. Is that the case? In terms of using the tools, that's probably the case now. I see. Again, Honey has longer history

10:55working in this area, but I've been working with generally AI models because we work on the detection of AI-generated contents. We get ourselves familiar with the generated tools too. For the past three, four years, I've been seeing a clear generation change of the easiness, accessibility, and the quality of those models. Starting from you have to know some coding at least. You have to have some

11:26basic idea of machine learning AI and being able to have a computer with a GPU. Now to the fact that you only need to know what you want to do and the web browser have access to the web page, put your idea into words, give it to the software, it will generate it for you in a matter of seconds. So I think the accessibility part hugely improved. But in terms of getting the model is actually, I will say this is the bliss for data science because the models were trained on tens of billions, hundreds of

11:56everything, if not trillions of amount of data to reach this level of quality. And the training of those data becomes more and more like a model applied. These days, I mean, used to be, I can train, I can do a homebrew model myself. Now I think nobody can, any individual has the power, the competition, power, resources, or time to be able to create, recreate model like a stable diffusion or chat GPT. I mean, we can refine it, but not train it from the ground. So in some sense, data science is being pushed to

12:31the limit, scale up and use up all the algorithm potentials to, you know, reach the current level

Detection Techniques

12:40of sophistication of general AI tools. So, Hany, I want to go a little bit deeper into detection. So, you know, I teach an intro data science class. And so we always do one day where we talk about deep fakes. And I always put up, you know, images, you know, left and right, which one's real, which one's not. And frankly, up until about a year and a half ago, the students were pretty good at telling. Interestingly, they were better at telling when it wasn't a famous person, because I think the deep fakes of the famous people are just so good. But, you know, you put

13:12up Obama there and they have no idea which one's real and which one's not. And as you said, with the puffer and the pope, we just, we can't believe our eyes anymore. We, there's no way to tell as a human what's happening. So what are the techniques that you use to detect if something is real or not? And can you always detect it? Are there always signatures? So a couple of things. One is you're right up until, you know, maybe a year ago, six months ago, you know, the images where you could always, there was a little tell. I would say that's largely gone.

13:44Now we actually do perceptual studies. We show the images to people and they're better than chance. They're not flipping a coin, but not much better. Also with voices, we just wrapped up a perceptual study slightly better than chance, not much better, certainly not consistently. So I would say video is a little bit further behind. I think with video, you can still tell, but have me back in a year and I'll probably say it's over. We're through the so-called uncanny valley. So we've, we've got to give up on the perceptual, either it's over or it will soon be over.

14:15So what are your options here? And there's, there's sort of two main pillars for detection, what we call active forensics and passive forensics. So active forensics goes something like this. You are an open AI, a majority, a stable diffusion, a company that is in the business of generating AI generated content. And you are a responsible player in the space, like open AI is in this regard. And what they say is when we create a piece of content, we are going to insert some metadata that is cryptographically signed. So you can tell it's from us. Maybe we're going to insert a watermark and

14:46maybe we're going to extract a digital signature that allows us to keep track of this content. There is an open standard for this called the C2PA, the Coalition for Content Provenance and Authentication. And for full disclosure, I'm affiliated with this. It's a not-for-profit Linux foundation. And it has created a standard that says, if you, and we would like you to sign your content so that downstream, we can detect it. Think about it is you're a biologist, you catch an animal, you tag it, and you let it into the wild. Once you see the tag, you know what it is. So same

15:18idea. So this stuff is great. We love watermarks. We love metadata. We love signatures that are not perfect. There's lots of conversations we can have around it in terms of robustness and resilience and so on and so forth. But for the companies that participate and, importantly, for the companies at the other end on the display side that then will show the credentials, it's great. It helps the user. And today, if you go to OpenAI and you generate an image, it will insert some metadata that tells you it was generated by them. And if you upload it to LinkedIn, LinkedIn will respect that credential and

15:50put a little CR in the top left corner saying this is a content credential that was generated by AI. It doesn't solve all the problems, but it's part of a solution that will help consumers flag this, particularly when they use technologies from the companies that partake. But as C. Wade just said, you know, not everybody's a good guy out there, right? There's bad guys out there, there's cyber criminals, there's state-sponsored actors, there's people using open source models that will simply rip out this technology. So there, the passive techniques come in. And this is our bread and butter now. So here, what we do is, again, two things. One is we look for artifacts in the images

16:27that are consistent with AI-generated content, or we look for artifacts that are inconsistent with what you expect in the physical world. I'll give you a couple of examples in a minute, but let me just cut to the chase. It's not perfect. It's a really hard problem. It will not catch everything. It will catch a lot. And if you give us a little bit of time and you ask maybe somebody like C. Wade and somebody like me, and maybe two other world leaders in this space, and you do some good investigation online, we're going to figure it out eventually. But that doesn't scale to a

16:59billion uploads every day to the internet. So it sort of depends on what the scale is you're asking about. Super hard problem. Let me give you a couple of examples of things we can do. So here again, there's two. We're sensing a theme here in the stratification. There's two basic approaches, what we call a data-driven approach and a hypothesis-driven approach. And the data-driven approach is exactly what you think it is as a bunch of data scientists, right? Which is you say, okay, I'm going to get a bunch of AI-generated images. I'm going to get a bunch of natural recorded images, and I'm going to train a network to tell the difference. So that has lots of advantages.

17:33The advantage is it can find patterns that we may not have known about. The disadvantage is that it's not really particularly explainable. It tends not to work when you give it things that it hasn't seen before, the so-called out-of-domain problem. It's vulnerable to counterattack, but it is absolutely part of an arsenal in forensics. The more hypothesis-driven goes something like this. It says, well, we know that AI-generated content ups and down samples images during the denoising process in diffusion. We know that that leaves behind a very specific statistical artifact because

18:05of the way they up and down sample the image, and we're going to go hunting for that artifact. Or we know that because generative AI today is fundamentally a statistical inference engine, doesn't know about the physics of the world. It doesn't know about the geometry about the world. It doesn't know about the three-dimensional properties of the world. It tends to get things like shadows and perspective geometry and reflections and lighting physically inconsistent. Not so much so that the user of human visual system can tell the difference, but we can measure and tell the difference. Those are the hypothesis-driven.

18:37Anybody's forensics toolkit will have all of these different techniques in them. And again, you start stacking these things up and you can do some damage. Sometimes it can be very fast. It can be done at scale. And sometimes it takes time. There are days where I will get a request from the media and it takes seconds. And there are days where it takes hours and days, depending on how complicated it is. The curse for us is if you give us a really high-resolution, high-quality image, we're pretty good at it. You start degrading the image by adding compression,

19:10adversarial noise, reducing the resolution, it gets harder and harder and harder. And one of the biggest challenges is that when social media gets their grubby little pause on content, they tend to rip out the metadata. They downsize the resolution. They reduce the quality. And by the time we get it, it's gone through God knows what nonsense. And our job is a lot harder. So, you know, I think this is the proverbial arms race. We know this. We're in a cybersecurity world, right? We get better. The adversary gets better. We get better. The adversary gets better. And that's okay. It's okay that it's adversary. And here's why. I'll give you an analogy. When I leave the house

19:45every morning, I lock my door. And I lock my door despite knowing that somebody can pick the lock, despite knowing that somebody can break a window and get into my house. Why? Because I deter the common criminal, right? The crime of opportunity. I don't, my house is not a hundred percent secure. And everything in cybersecurity is like this, right? We knock off the bottom layers. And now we are dealing with a relatively small, hopefully very sophisticated, very well-funded and very technically competent adversary. And that's a more manageable problem than a 14 year old in their basement,

20:19disrupting a national election in the United States. And so that's what we have to do. We just simply raise the bar to make it harder, more time consuming, and more risky. And then we declare success.

Philosophical Questions

20:29Two points here. I want to reflect a little bit on it as a statistician. First is when you say the data-driven and the hypothesis-driven, you pretty much summarize the whole statistical field, right? Yeah. I always tell my students, like, there's only two ways you get the information, data and the hypothesis. Yes. Right. But now you're saying back there, that's the two ways to think about how to do those things. The other thing you mentioned about locking your door, I think it's a great analogy. Life itself is statistical. There's always risk, right? And you try to prevent the most, and you can't prevent everything, but if anything can prevent everything,

21:01you probably destroy everything. So you leave some risk that you manage. A hundred percent. A hundred percent. Mitigation. Mitigation. Mitigation. So my plug line here is for all the people listening, take some statistical courses, okay? Understand the statistical reasoning, the risk, the bias, the trade-off, all the stuff. But most serious question, I guess, is a more philosophical question. Exactly on the point you mentioned, you're saying, well, yes, we can deal with the vast majority. We can deter them, right? Then we deal with this small group of people, right? Now let's think about this small group of people. Well, this small group of people

21:34couldn't be any of us, right? Because any of us couldn't work for things on the other side, sometimes unwillingly, unknowingly. Whenever we discover, people use it, right? So I'm a strong believer that any system in the end kind of survives is because you have these balancing force to create an equilibrium, right? You're going to pull each other's. The question then is, what you worry about is, can sometimes, you know, a system, one force become too strong, there's not enough balancing force, the thing gets haywire, then, you know, break.

22:08Do you see a danger of that in this race? I know we're obviously going to stay on one side, but you mentioned all these, you know, states sponsored, right? They can bring a ton of money, and we know how bad states can do terrible things. How do we make sure that we don't, even we understand, in theory, things can be balanced, but at some point, maybe just one stale, one gigantic evil company did something that we just didn't have enough time to catch, and then we all kind of fall, right? I do worry about this, and here's why I worry about it. It's not hypothetical. So if the types of

22:42workshops, and I don't even call them conferences, by the way, the types of workshops that CUA and I publish our works at, you can measure the participants in, I don't know what, CUA, like a hundred or so people, right? We typically attach those to a conference that's, for example, computer vision or AI that hosts 10,000 people. That gives you a sense of the counterbalance here. We have a hundred people attending our workshop, and those are the world's leading experts in this, compared to two orders of magnitude at the other side of the aisle, computer vision, computer graphics, AI, ML. So it is in balance in terms of where the graduate students are,

23:17where the faculty are in this space. And that's part of that historic, because our field is relatively young compared to ML has been around for a long time. Statistics has been around for a long time. Computer vision has been around for a long time. But here's the big one. That's nothing compared to this. Go over to the South Bay and go down where all the venture capitalists are and ask them where they are investing their dollars. People don't want to invest in defense. They want to invest in the other side of the aisle. So the investments in the open AIs of the world and the anthropics of the

23:50world is in the billions of dollars and the investment in defense. Look, defense doesn't make you money. In fact, it loses you money because you're playing defense. So the VC, the dollars are not there. And so we are outgunned. There is no question about it. And it is imbalanced. We are one psychopathic trillionaire CEO away from catastrophe if they decide to really unleash the power. Now, I do take a little comfort in the following. So if you look at the last 20 years, and you look at

24:21the disaster that has been social media, I mean, really, I would argue disastrous in terms of privacy, toxicity, horrific mental health issues to young people. I think we've learned a little bit of a lesson, not entirely a lesson. And you are seeing a little bit more responsibility coming out of the big AI company. You are. Look at Google and OpenAI and say they are making exactly the same mistakes. Some of them are the same. That's number one. Number two, and I take comfort in this also, is that the business model of AI is very different than the business model of social media. This is not

24:53an attention economy. I pay for ChatGPT. I pay for access to Vio and Gemini. And that's good. We don't want to be the product. We want to be the customer. And so I take some comfort in the business model is one of a service. You are providing a service. And I think there's a different sense of responsibility when you are creating a product, and I'm your customer. So I'm taking some comfort in that. I am, however, seeing we are making some of the same mistakes of move fast and break things. And our regulators are mostly falling asleep at the wheel here in the US. I think in the EU,

25:26in the UK, in Australia, and a few other parts of the world, some of the regulatory landscape is a little bit more promising. I do think at least here in the US, we are not necessarily entirely burying our head in the sand. I think there is an awareness that we have to do something. There's just a disagreement on what we should do. I see. So if we have an Elon Musk decide that he wants to unleash, as you said, can you paint that picture for us? What would happen? What's the action? I mean, let's talk about the worst case scenario. Good. I'll give you a couple of examples,

25:58because we're getting glimpses up. So first of all, you asked the question of Seaway earlier, which is what can we do to put in some guardrails? And there are a few things we can do. We can put in semantic guardrails on the prompt that says, you can't ask for nudity. You can't ask for violence. You can't ask for children and sexual explicit material. You can put guardrails on the output, which says, if you generate an image that we think is harmful, we will block it. You can also put guardrails on the data that is being ingested so that you don't ingest the most horrific, vitriolic, nasty, ugly things of the internet. Elon Musk can say, nope, I'm not going to do that

26:33anymore. I'm going to allow you to create child abuse material. I'm going to allow you to create non-consensual intimate injury. I'm going to spew climate denialism. I'm going to spew Holocaust denialism. I'm going to allow this thing to do anything I want. In fact, I'm going to encourage it to do it. And here's the thing, is I can tell you, because Seaway and I spend a lot of time on campuses, students are now, they don't care about Google. Nobody's Googling anymore, right? It's over. They're getting their information from these bots. And if that becomes your

27:03sole interaction with the world, in some ways it's worse than social media, it's worse than Google, because it's literally one human being controlling one bot that people now are starting to get all their information from. And that can get very ugly, very fast.

Protecting Individuals

27:18You're right at the beginning of this. You talked about the fraud. You talked about the really bad things that can happen to individuals. How do individuals protect themselves from the fraud, from the parents that get the phone call from the kid, or the CEO, you know, the CFO that transfers $50 million because he thinks his CEO just told them to? Yeah. Yeah. There's three things at the top of my list, and they are education, education, education. You got to be aware of what's going on. You got to know, for example, I have ingrained this in my parents' skull. Don't click on a link in an

27:51email, right? How many times have we said that to our parents? How many times do we have conversations with our kids about how to remain safe? This is about being aware that when you get a call at three in the morning and somebody's screaming at you to take a breath. My wife and I have a code word, right? One of us gets a phone call. We have a code word. And by the way, we have the code word because somebody spoofed my voice and tried to call a lawyer on a very sensitive case we are working on and extract information from him. So there are some things you can do to protect yourself. But honestly, the biggest one is just be aware of the threat. And again, it's just like locking your door.

28:26There are little things you can do, call them back, code word. But at the end of the day, the more you are aware of the threat and your surroundings, the safer you will be. There's nothing you can do but, well, listen for breathing or do this or pay attention to this. It's not going to help you because no matter what I tell you today, in two weeks, the problem will have gone away and you have a false sense of security. So honestly, it's just, it's like everything in cyber securities. How do you protect yourself from malware, ransomware, viruses? It's awareness, awareness, awareness,

28:56education, education, education, and then mitigation. This is all about mitigating threats. I can add a comment on this. So my daughter, I have two daughters, both of them are teenagers. They've been, you know, seeing me doing this a lot of times because I give talks and sometimes, you know, they saw my slides and they asked me questions like what are deepfakes, right? And I showed them the pictures and all this stuff. From time to time, they saw a picture, an image on social media. They will ask themselves, is this real? And I think that's the whole value

29:26of education is that split second before you make any decision on anything. You ask yourself, is this real? Because AI can create something very realistic, right? And a lot of times we talk about this situation. There's always a doomsday scenario where AI will make something that nobody can tell the differences. I think there's a cognitive reason for that. And there is also, I'm hopeful. I'm more on the optimistic side of the situation based on my interaction with users, you know,

29:58teenagers and older adults. One thing is we're always too much carried away by the message. So we did some psychophysics study, asks the undergrad students to tell what is AI generated, what is not. But if we tell them, you know, you are looking at some images potentially be AI, some images potentially be real photos. Their accuracy is actually, as Hani reported in his paper, was not fantastic, but not very bad either. But when I take them to a different task, I ask them to

30:30recognize faces. Have you seen these faces before? Have you, you know, noticed any features of that face? And I sneak in AI generated faces. And then I ask them the question, have you noticed any AI generated faces? Their performance is terrible. And I think this is what happened in real life. Because we're browsing social media, we saw an image, you know, our mind didn't have this kind of say, hey, pause for a second, check if this is AI generated. We're so much taken away by the message and we start to being taken in. That's where we fall for this. So I think education will be a very effective

31:04means against this kind of a cognitive shortfall for this. The other point I want to make is when we talk about this doomsday scenario, we kind of like think human brains are static. We do not grow. But I make the analogy with the virus, the COVID-19, right? So the first round of virus coming in, people get sick, you know, people even get killed from the, infected by the disease. But we developed measures. Like we have vaccines, we have medications. These are like the technical

31:35tools, like detection tools, tagging tools, watermarks and whatnot. But more importantly, people develop better hygiene habits. We wash our hands, we put on the masks. This is the same kind of mechanism. I think human brains are flexible. We survive, you know, hundreds of millions of evolution because we adapt to the scenario. This is something new. But when people ask me about this, that relate me to the scenario. 20 years ago, when email is a new thing, we got spam email,

32:06I got an email from some friends in our coast to say you have, I have this big bank account. The first few emails, I do fall for it. But afterwards, I learned this is bogus. And I do not talking to emails anymore. I think similar things would, we're just seeing the early phase of people falling for AI-generated scams. I would not say we're completely safe, but we'll say the bar will be raised on one side because technical advances in detection, in watermarking, and the other

32:38technologies. The other part is human learn to cope with this, to coexist with AI-generated contents. So simple stuff will not fool us anymore. Somebody wants to do a better job, they better spend more time and resources into this. So I agree with Professor Meng, at a certain point in time, we'll reach that equilibrium. And I'm 100% sure that the equilibrium will be reached one day. What we're trying to do now is accelerate that time, you know, make it sooner.

Future Concerns

33:06Speaking of that, how do we speed things up? How can we take advantage of the general AI self for education purpose? All right, I'll go first. In the past few years, I've done a lot of public education efforts in this area. Because after I go through all my technical works, I realized we developed all these detecting tools for AI-generated contents. But if nobody wants to use them, they're useless eventually. It has to be in the user's end. And they have to have a need to use them,

33:37right? So that's why I got into this user education side of the research work. Now, I think foolishly, I picked the two most difficult group of people to start with, namely the teenagers and older adults. I'm taking this example as my parents and my kids. These are the two group of people who seem to know us all, who doesn't want to be taught. Okay. So I, you know, I gave them a lecture and like give my students a

34:09lecture. It doesn't take any effect, actually, probably generate some resistance and, you know, doubts. Interesting. But they are curious, they are actually open to new ideas. So I think, you know, education depends on delivery. How do we package the information, make them accessible to this specific user groups? I give a lot of talks at local senior homes, libraries. I take advantage of the fact that, you know, Buffalo Bills, our favorite city football game, has never won a Super Bowl and was

34:44so close to Super Bowl every year. Everybody is hopeful starting the season, then, you know, become super disappointed at the end. So I made the defake Buffalo Bills, make Josh Allen say, we won the Super Bowl. We did really well, you know, and make it as realistic as possible. I like that example because I pick an innocuous example. You know, football is, I mean, it hurts a few fans' feelings, but every time I say, I wish this is reality, so people actually get a lot from this. But they also see the dangerous

35:16side of things. I say, if I can make Josh Allen say this, how about I make somebody else saying similar things? And this time is not that lighthearted, right? There's a fine line here. You know, on one side, you want them to be aware. On the other side, I don't want to be a fear monger. When I started doing this, I had a situation where one gentleman came to me, he's in his late 70s, I believe. He came to me say, I will not believe anything I see from now on, on TV, on internet,

35:47whatsoever. Right? That's not the right attitude either. So I realized that, you know, we need to pick that center line to make the message effective. Another approach I use is gamification. So like the older adults like to do puzzles. How about instead of do a Wordle or Candy Crash, let's see if you can pick up the AI fakes here, right? And we make a small game and test it on the

36:18older adults users. It turns out to be very effective. Now, the purpose here is not to train them to detect AI defakes, but to plan that idea in their mind that there are AI generated images. You see something, this will come up and protect you. So I think the delivery is the part that matters most. I'll add two things to this. First of all, conversations like this. I mean, the reason Sue and I agree to these conversations is this is important. And I think academics should

36:49continue to do engage with the public on these conversations. The other thing I've done, and everybody here knows this as an academic is, you know, when we write our technical papers, we write them for our friends, for technical audiences, and they are often sort of impenetrable to the average person. And recently, what I've started doing is using generative AI. You asked this explicitly about generative AI to summarize my technical papers in podcast like conversations. And if you have not seen this, it is breathtaking. And it's well, sorry, I realized I'm on a podcast

37:20with two people who do this for a living. I'm not saying you're going to be out of business. We are. You're very good at what you do. But no kidding. These things are weirdly good. First of all, they're incredibly engaging. They sound like a podcast, but the summarization of very technical things is mind boggling really good. And so now what I've started to do is all my technical papers, I push them through one of these generative AI podcast summaries, and I link to that so that people don't have to go download a PDF and read through all the equations. They can just listen to a podcast and make the work more accessible. And then the last thing I would add on that is, in addition

37:55to these types of conversations, is talking with and getting our regulators in Capitol Hill, in Brussels, in UK, smarter about this stuff as fast as possible, is engaging with the people who want to engage with this and get smart about it, because they're the ones who are eventually going to have to pass the laws to protect us. You know, we talked, honey, four years ago, and you're saying that things are now being measured in days instead of years. Instead of looking back, let's look forward. What are what should we be afraid of that's going to happen in the next five years that we're not

38:27talking about right now? I'm afraid of everything these days. So that's not the right person to ask about this. First of all, I mean, predicting the future is unbelievably hard and the best of times. And I don't I don't know. But here's a few things that I don't think we're talking enough about because we're already starting to see it. So we've been talking about deep fakes and fraud and disinformation, but something else is brewing. So I teach at UC Berkeley, which is, I don't know, a top five computer science department in the world. Two years ago, our graduating students,

38:59undergraduate, master's, PhD, were graduating with five, ten offers, $250,000 salaries, tens of thousand signing bonuses, and they had the run of the place. Now, not so much. Something is brewing. Unemployment is up for computer scientists, and I think we are the tip of the spear. Something is coming, and it's very disruptive, and it's going to disrupt a lot of industries. This is not ATM machines disrupting cashiers at a bank. This is something very different. What we don't know

39:30is will the disruption be counterbalanced? We were speaking earlier about counterbalancing with the creation of new jobs, and what will those look like, and how will we train people? Or do we have to start talking about universal basic income? Has the entire social contract is up in the air now? Now, there's very different people who say different things. Some people say, yes, right? Unemployment is going to be 25%, 30%. There will be no more jobs because AI will do everything. And other people say, this is complete and utter nonsense. I don't know, but I think we should start thinking about it because it seems, you know, we were talking earlier about statistics,

40:01right? The expected value of something very low probability with a very high cost is very high. Yes, exactly. And so we should multiply those two numbers together and be a little concerned about that. So that's number one. Number two, and CUA said this earlier, and I think this is worth repeating, the word monopoly, is that the winners in today's AI are the winners from 10 years ago in social media, because they have all the data. And we have to start talking about not U.S. monopolies, but global

40:328 billion people monopolies. And how do we have a fair marketplace for AI when five companies in the world control everything? I think that's a conversation we have to start having. And the last thing is that we haven't touched on is content creators, because the reality is, is that the vast, vast majority of content that Sway described nicely earlier, that all of these models have been trained on, has been just taken, right? Indiscriminately. And that, you know, I'm not a legal scholar, and I don't want to apply on whether this is fair use or not, but it doesn't seem right. And I think we

41:05have to start having a conversation of what does that look like going forward and make no question about it. There's something exciting here for content creators, but it's coming on the back of content creators. And I think we should be having a conversation about whether that's fair and how to make it more fair. And I think that's not a conversation five years from now. I think we're going to be having this conversation in the coming years, because you can already see it. I'm sure Sway is seeing the same thing in Buffalo is students are nervous, right? They don't know what's going on. And it's a combination of many things, right? There's political disruption, there's two global

41:38wars, there's riots in Los Angeles right now, there's a lot happening. But I will tell you, there is real anxiety about what the workforce is going to look like. And I think we have to start thinking carefully about that. And most importantly, at the university levels, how do we train the next generation to be prepared for this? And what are the skills that they are going to need to be able to be productive? And I don't have great answers for all this, but I'm starting to think about it. Sway. Sway. I agree with Tanya on all the accounts. But additionally, I'm concerned about the integrity of

42:10information in our information ecosystem. We are seeing the signal to noise ratio continuously decrease. And that comes with a cost. So truth now is a rarity. And all the existence of all this falsified information yet with help with deepfakes is actually increasing the cost of fact checking. Just, you know, like Hani mentioned this early on, you know, some of the cases, even though you look at the images or the videos or the audios, there are some clear artifacts, but you have to come up with

42:45something expendable concrete to be able to prove it is not real. So every truth now comes with a tag, and every deepfake is adding that cost of fact checking. And that slows down the process. Maybe this is their goal. Their goal is not to confuse us, but the goal is to slow it down, right? And that's really concerning. Well, on the one side, I bank my hope into users' increased capacity to tell real from fake. On the other hand, I think this is where collectively the government and also private

43:20enterprise in the market need to come in some agreement that to at least maintain a minimum standard of information integrity in our social media and information ecosystem so that we don't see 99.9% of the content coming to us are fake. Then we lose faith into the information system. And we are 100% away from the reason we build the internet, we build social media because we share information. Now,

43:50if we have all the information, but we do not trust them, what's the use of them, right? So I think that's my worst fear of nightmares. Can I tell you what the paradox of the internet is? Sway said it exactly right, is that it was meant to democratize access to information, which it did, but it didn't discriminate between good information and bad information. And arguably, because of the business model of social media, it favors bad information over good information. And that's the thing I don't, if you would ask any of us 20 years ago, 25 years ago, I don't think we saw this coming. But here we are. I think that the idea of slowing down is fascinating because once it's

44:26been up for a couple of days, it's done all the damage that it's going to do. It's not days, Liberty. It's half-life of a social media post is 90 seconds. 90 seconds is the half-life of a social media post when half the views. It's insane how fast it is. It takes nothing. And so by the time Sway and I get the call from the fact-checkers and we clean it up, it's a post-mortem, right? The bodies are littered on the street by now. We're cleaning it up. It's good, but there's still dead bodies on the road. Before I ask our final question,

Information Integrity

44:55there's a magical one question I want to add to all the concern you have. I think for me, there's one more thing that really worries me, is that with all these content, you know, good or bad, uglies out there, and they are all contributed to the data for the future training. And they're also contributing to think about how in the future, the historians, their job, I'm not even sure what the historians do. They look at things, they can create all kinds, you know, fake histories they did not know. And how do we humans just collectively deal with all the issues?

45:26I guess, again, it's a gigantic question for, you know, for the educators, right? For us to think together. So with that, I want to ask you that if you could wave a magical wand and instantly

Magical Detection Capability

45:38creates one perfect detection capability, what deep fake related issues would you target first? I think this is pretty easy for me. I'm going to give you, I'm going to give you two answers, but in this order, child sexual abuse and non consensual intimate imagery. People are creating horrific abuse images of children with real children's faces, sending it to them and then extorting them. And those kids are panicking in some cases, taking their lives. And it is horrific, horrific, horrific, horrific, really brutal. The non consensual intimate imagery is largely

46:12targeting women from high profile women like the Taylor Swifts to people who just attract unwanted attention. And again, just really gut wrenching images that are, I've talked to the victims of these horrific crimes. I probably would start there and then work my way down. I agree with Hany. I think images of those nature have the least controversies about, you know, whether we should control them or not. I think starting from there is definitely the good start.

46:42I really want to thank both of you, not only for your knowledge of how do we deal with these issues, but really for your passion. And I think we all share the same passions that we have now created this incredible tool. The tool is going to be even more powerful. And we also have this really responsibility to make sure that tools, at least, you know, we can partially control, if we cannot fully control its damage, like everything else, we should not be panicking, but we should be very vigilant. For all the people listening, this is a real podcast.

47:14There's nothing fake in here. So he said. So he said. So he said. My voice has something detectable. You guys can tell, okay? I've delivered the signature, one mark of my voice. But thank you again. This has been both fun and very educational. Thank you guys so much. Wonderful. Thank you. Thank you. I'm Liberty Vittert Capito. And on behalf of Shali Meng and our guests, Professor Su Wei Lu and Hany Farid,

47:46thank you for joining us. And a special thanks to our producers, Rebecca McLeod and Tina Tobey-Mack, and assistant producers, Arianwen Frank, Gavin Yang, and Belle Riley. Stay curious and meet us next month when we dig into the data behind dieting and the rise of food bans.

48:04This was the Harvard Data Science Review. Everything data science and data science for everyone.