Deep Fake Videos

VASA-1 Will Fix That!

Deep fake videos have been around for years, attempting to put words into the mouths of innocent victims or otherwise misrepresent them. Fortunately the results haven’t been too convincing, which is why journalists, legislators, policy people and others have had mixed results in raising public alarm.

VASA-1 will change that.

On 16 April 2024, Microsoft Research Asia released a paper entitled “VASA-1: Lifelike Audio-Driven Talking Faces Generated in Real Time” (https://arxiv.org/pdf/2404.10667.pdf ) by Sicheng Xu, Guojun Chen, Yu-Xiao Guo, Jiaolong Yang, Chong Li, Zhenyu Zang, Yizhong Zhang, Xin Tong and Baining Guo.

VASA-1 is an AI program that produces an absolutely convincing video record of a real person saying things that they never actually said.

To see for yourself scroll down to the video at https://arstechnica.com/information-technology/2024/04/microsofts-vasa-1-can-deepfake-a-person-with-one-photo-and-one-audio-track/ .

Now imagine the mischief that VASA-1 will enable.

Got a political adversary that you want to put on the defensive? Simply have them say something that you know will turn their constituency against them.

Want to start a war? Have the president of a nation-state announce an invasion.

The possibilities, as they say, are endless.

VASA-1 will simply let you mold testimonial reality into whatever you want it to be. Imagine the field day that the trolls and echo chamber disinformation perpetrators are going to have with this!

There is just too much potential trouble that this can cause. It’s a problem that must be addressed.

There is a solution.

Fortunately there is a solution. And like so many real solutions to real problems, this one a) is about bringing authenticity to bear on inauthenticity, and b) the solution isn’t simple.

Perhaps a better description than “not simple” would be “not from a place that people tend to look for solutions to current problems in the digital world.” In fact it’s found in the rather distant past.

The solution to this and other problems with digital inauthenticity has been hiding in plain sight for years. The solution consists of five  components:

• True digital signatures
• PKI digital identity certificates
• Measurable reliability of identity claims
• Professional licensing
• Web representations of digitally signed content

Let’s look at each of those.

1. True Digital Signatures

True digital signatures us AC technology, which has been hiding in plain sight for decades. If you have digitally signed a file of any kind, and so much as a bit is changed after the signing, the signature will fail. The file will reveal itself to have been altered. (Note that true digital signatures are not the same as “electronic signatures.” An “electronic signature” may use AC technology but there is no requirement to connect the signature to the signer. A signature of a fraudster will check out just fine with an “electronic signature.”) Using that very old AC technology, any file can be digitally signed.

2. PKI digital identity certificates

That true digital signature, like any digital signature, is by a large number called a “private key” which is mathematically related to another large number called a “public key.” As one might guess, the former is kept secret and never leaves the user’s device, while the latter is like a username and may be disclosed to anyone.

Now, in order for the identity claimed in that public big number to be trusted, an authority that is trusted by all concerned parties must digitally sign it. That turns the public big number into a certificate, because that’s what a certificate is – authority attesting to a claim. That’s true whether the certificate exists on paper or on bits.

3. Measurable reliability of identity claims

This is newer than the others, having been invented by the U.S. National Institute of Standards and Technology – NIST – some eight years ago. The measure of the reliability of an identity claim is established in a labor intensive process of vetting of evidence of identity – EOI. EOI consists of things like showing an Attestation Officer that you can authenticate to an online bank account, plus other online accounts, employee IDs etc., in a process of convincing that Attestation Officer that you are really who you claim to be.

4. Professional licensing

As a generally superior alternative to government regulation, professional licensing works so well that it does its job largely unnoticed. Example: the building you’re sitting in as you read this is habitable because some architect, structural engineer, contractor and building inspector put their livelihoods on the line by individually attesting that the building is habitable. That’s the reason why buildings rarely fall down, and why they tend not to have secret passageways that don’t show up on their drawings.

It’s all about individual accountability – a concept that the world seems to have forgot about. If videos were digitally signed by licensed professionals, or at least by a well-identified individual who attests that the video does not contain specified fake elements, then a lot of the problem would be eliminated.

5. Web representations of digitally signed content

Through the use of web badging technology such as Open Badges any web content, including videos, can show that it is digitally signed by an accountable human being.

So the technology and methodologies for defeating the efforts of those who would distort perceptions by means of deep fakes have been around for years. However, applying these solutions will take a coordinated effort.

An attempt to coordinate that effort has begun. To learn more and to get on their email list, visit https://authentiverse.net/deepfakes/ .

By Wes Kussmaul