According to The Economist, disinformation campaigns (often state-sponsored) use “AI to rewrite real news stories”:
In early March a network of websites, dubbed CopyCop, began publishing stories in English and French on a range of contentious issues. They accused Israel of war crimes, amplified divisive political debates in America over slavery reparations and immigration and spread nonsensical stories about Polish mercenaries in Ukraine… the stories had been taken from legitimate news outlets and modified using large language models.
Deep fakes of still images and now video clips are similarly based on legitimate original photos and video. Detecting such fakery can be challenging.
An obvious partial solution (that I haven’t seen discussed) is for legitimate news sources to digitally sign original photos, video, and news stories.
Web browsers (or extensions) can automatically confirm or flag fakery of the original source (news publisher, journalist, photographer). All that’s needed is a consensus standard on how to encode such digital signatures—the sort of thing that W3C and similar organizations produce routinely.
Such signatures could be conveyed in a custom HTML wrapper that needn’t be visible to readers with web browsers unable to parse them—there’s no need to sprinkle “BEGIN PGP SIGNED MESSAGE” at the start of every article; these can be invisible to users.
Signatures could be layered—a photo could be signed by the camera capturing the original (manufacturer, serial number), the photographer (name, nym, unique email address), and publisher, all at the same time, similarly for text news articles.
Video could be signed on a per-frame basis as well as a whole-clip or partial-clip basis. Per frame signatures could include consecutive frame numbers (or timestamps), enabling trivial detection of selective editing to produce out-of-context false impressions.
Writers and photographers who wish to remain anonymous could sign with a nym (pseudonym; a unique identifier under control of an author—for example an email address or unique domain name not publicly connected with an individual); this would still enable anonymous sources to maintain reputations.
Signatures that reliably and uniquely identify original news sources (“nytimes.com″, ”thefp.com″, ”aljazeera.com″, etc.) could be used by third party services to produce reliability/trust/bias ratings for individual publishers. Again, a simple consensus standard would allow any web browser (or extension) to retrieve such ratings from such third parties (people with differing views will likely trust different rating organizations).
If there’s a desire for immutability or verifiable timestamps, articles (or signed article hashes) could be stored on a public blockchain.
Countering AI disinformation and deep fakes with digital signatures
According to The Economist, disinformation campaigns (often state-sponsored) use “AI to rewrite real news stories”:
Deep fakes of still images and now video clips are similarly based on legitimate original photos and video. Detecting such fakery can be challenging.
An obvious partial solution (that I haven’t seen discussed) is for legitimate news sources to digitally sign original photos, video, and news stories.
Web browsers (or extensions) can automatically confirm or flag fakery of the original source (news publisher, journalist, photographer). All that’s needed is a consensus standard on how to encode such digital signatures—the sort of thing that W3C and similar organizations produce routinely.
Such signatures could be conveyed in a custom HTML wrapper that needn’t be visible to readers with web browsers unable to parse them—there’s no need to sprinkle “BEGIN PGP SIGNED MESSAGE” at the start of every article; these can be invisible to users.
Signatures could be layered—a photo could be signed by the camera capturing the original (manufacturer, serial number), the photographer (name, nym, unique email address), and publisher, all at the same time, similarly for text news articles.
Video could be signed on a per-frame basis as well as a whole-clip or partial-clip basis. Per frame signatures could include consecutive frame numbers (or timestamps), enabling trivial detection of selective editing to produce out-of-context false impressions.
Writers and photographers who wish to remain anonymous could sign with a nym (pseudonym; a unique identifier under control of an author—for example an email address or unique domain name not publicly connected with an individual); this would still enable anonymous sources to maintain reputations.
Signatures that reliably and uniquely identify original news sources (“nytimes.com″, ”thefp.com″, ”aljazeera.com″, etc.) could be used by third party services to produce reliability/trust/bias ratings for individual publishers. Again, a simple consensus standard would allow any web browser (or extension) to retrieve such ratings from such third parties (people with differing views will likely trust different rating organizations).
If there’s a desire for immutability or verifiable timestamps, articles (or signed article hashes) could be stored on a public blockchain.
Somebody...please pursue this?