Watermarks aren’t the silver bullet for AI misinformation

Watermarks aren’t the silver bullet for AI misinformation

/

President Joe Biden’s executive order plans for standardized digital watermarking rules.

Photo by Demetrius Freeman / The Washington Post via Getty Images

President Joe Biden’s executive order on artificial intelligence is a first-of-its-kind action from the government to tackle some of the technology’s greatest challenges — like how to identify if an image is real or fake. 

Among a myriad of other demands, the order, signed Monday, calls for a new set of government-led standards on watermarking AI-generated content. Like watermarks on photographs or paper money, digital watermarks help users distinguish between a real object and a fake one and determine who owns it. 

It’s a seemingly simple solution that has support from the White House and the tech industry. Watermarking technology has promise. But it’s not infallible, and experts fear that it won’t be enough on its own. 

Many of the leading AI companies are already incorporating watermarking tech into their products. Some are simple and easily cropped, like OpenAI’s marking on DALL-E images, but others are more persistent. In August, for instance, Google announced the beta version of SynthID, an imperceptible watermark inserted directly into the pixels of an image. The method avoids degrading or prominently marking the image while allowing AI detection software to authenticate it even after it’s cropped or resized. 

These “high perturbation” methods of embedding digital watermarks into the pixels and metadata of AI-generated content have proven to be some of the most promising answers to harmfully deceptive content. Still, products like SynthID can’t be the only solution. Google itself has said the tech “isn’t foolproof against extreme image manipulations.”

There’s mounting research to back that claim. Earlier this month, researchers at the University of Maryland released a preprint paper explaining the many ways they were able to break all of the watermarking methods available through current technology. Not only was the team able to destroy these watermarks but they were also able to insert fake ones into images as well, creating false positives.

Services like DALL-E and Midjourney have made image generation more accessible than ever before, and the internet has been littered with AI-generated fakes because of it. Some images are mostly harmless, like a viral post of the pope in a Balenciaga puffer jacket. But the war in Israel has shown just how insidious some fakes can be

“I don’t believe watermarking the output of the generative models will be a practical solution” to AI disinformation, Soheil Feizi, associate professor of computer science at the University of Maryland, told The Verge on Monday. “This problem is theoretically impossible to be solved reliably.” 

Biden’s executive order also asks the Commerce Department to develop standards for detecting and tracking synthetic content across the web. Adobe announced this month that it had established “an icon of transparency,” or a visual marker to help identify an image’s provenance. The icon can be added to images and videos created in Photoshop, Premiere, and eventually Microsoft’s Bing to show who owns or created the data. In practical terms, when someone hovers their mouse over the tag, it will display information on how an image was produced, like if it’s AI-generated. 

Experts like Sam Gregory, executive director at Witness, a human rights organization, say authenticating AI-generated content at scale will require a “suite of approaches” like these.

“I don’t expect these to work 100 percent. And I do think they’ll be broken, both by malicious actors, but also by accident,” Gregory said. “But we should view them probably in the context of a kind of harm reduction.”

Still, authenticating and tracking AI-generated content presents its own risks. Embedding personally identifiable information into the metadata of images can help content creators take ownership of their products, but it raises new concerns over user privacy. For satirists living under authoritative rule, humorous content challenging their leadership could put them in danger, Gregory said. 

Creating a system of interoperable and reliable image authentication will take time. It’s not yet clear how the order will impact AI companies or what rules the government might impose.

Ahead of the 2024 election, lawmakers and government agencies could play a more central role in mitigating any potentially harmful effects of fakes like the Republican National Committee’s dystopian Biden ad. The Federal Election Commission has been asked to establish a new rule requiring political campaigns and groups to disclose when their ads include AI-generated content. Rep. Yvette Clarke (D-NY) has introduced a bill forcing these groups to do the same.

“It’s always a part of human nature when we deal with a big problem to try to come up with some easy solutions,” Feizi said. “But unfortunately, I don’t believe there is a one-size-fits-all solution here.”

https://www.theverge.com/rss/index.xml

Makena Kelly

Leave a Reply