[Question] What prevents SB-1047 from triggering on deep fake porn/voice cloning fraud?

ChristianKl26 Sep 2024 9:17 UTC

27 points

Recently, there was a post on SB-1047 and how it’s quite mild regulation. I’m not expert on it and don’t know how it works.

In the comment section I was asking:

Why wouldn’t deep fake porn or voice cloning technology to engage in fraud be powerful enough to materially contribute to critical harm?
There are cases of fraud that could do $500,000,000 in damages.
Given how juries decide about damages, a model that’s used to create child porn for thousands of children could be argued to cause $500,000,000 in damages as well. Especially when coupled with something like trying to extort the children.

I’m surprised that my comment didn’t get any engagement where people explained how they think the law will handle those cases while at the same time my post got no karma votes.

I’d love to believe that the law is well thought out, and simply a good step for AI safety. At the same time, I also like having accurate beliefs about the effects of the law, so let me repeat my question here.

How does the law handle damage caused by deep fake porn or fraud with voice cloning?

ChristianKl26 Sep 2024 9:17 UTC

27 points

14 comments1 min readLW link

AI Governance AI

RobertM 27 Sep 2024 3:20 UTC
2 points
0
Notwithstanding the tendentious assumption in the other comment thread that courts are maximally adversarial processes bent on on misreading legislation to achieve their perverted ends, I would bet that the relevant courts would not in fact rule that a bunch of deepfaked child porn counted as “Other grave harms to public safety and security that are of comparable severity to the harms described in subparagraphs (A) to (C), inclusive”, where those other things are “CBRN > mass casualties”, “cyberattack on critical infra”, and “autonomous action > mass casualties”. Happy to take such a bet at 2:1 odds.
But there are some simpler reason that particular hypothetical fails:
- Image models are just not nearly as expensive to train, so it’s unlikely that they’d fall under the definition of a covered model to begin with.
- Even if someone used a covered multimodal model, existing models can already do this.
See:
(2) “Critical harm” does not include any of the following:
(A) Harms caused or materially enabled by information that a covered model or covered model derivative outputs if the information is otherwise reasonably publicly accessible by an ordinary person from sources other than a covered model or covered model derivative.
- cfoster0 27 Sep 2024 3:59 UTC
  2 points
  0
  Parent
  I’m not sure if you intended the allusion to “the tendentious assumption in the other comment thread that courts are maximally adversarial processes bent on on misreading legislation to achieve their perverted ends”, but if it was aimed at the thread I commented on… what? IMO it is fair game to call out as false the claim that
  It only counts if the $500m comes from “cyber attacks on critical infrastructure” or “with limited human oversight, intervention, or supervision....results in death, great bodily injury, property damage, or property loss.”
  even if deepfake harms wouldn’t fall under this condition. Local validity matters.
  
  I agree with you that deepfake harms are unlikely to be direct triggers for the bill’s provisions, for similar reasons as you mentioned.
RamblinDash 26 Sep 2024 11:02 UTC
2 points
−2
It only counts if the $500m comes from “cyber attacks on critical infrastructure” or “with limited human oversight, intervention, or supervision....results in death, great bodily injury, property damage, or property loss.”

So emotional damages, even if severe and pervasive, can’t get you there.
- cfoster0 26 Sep 2024 15:04 UTC
  11 points
  4
  Parent
  If you read the definition of critical harms, you’ll see the $500m doesn’t have to come in one of those two forms. It can also be “Other grave harms to public safety and security that are of comparable severity”.
  - RamblinDash 26 Sep 2024 16:54 UTC
    1 point
    −7
    Parent
    I have a hard time imagining a Court ruling that “Other grave harms to public safety and security that are of comparable severity” could embrace something so different-in-kind than the listed items.
    - Shankar Sivarajan 26 Sep 2024 17:56 UTC
      5 points
      2
      Parent
      From the Fish and Game code:
      “Fish” means a wild fish, mollusk, crustacean, invertebrate, amphibian, or part, spawn, or ovum of any of those animals.
      This was read to include bees for the purposes of the Endangered Species Act which lists
      “bird, mammal, fish, amphibian, reptile, or plant”
      (Emphases mine).
      - RamblinDash 26 Sep 2024 18:33 UTC
        2 points
        −1
        Parent
        Well, “fish” is a statutorily defined term that clearly includes all invertebrates. What did you want the court to do, ignore the statutory text? Arguably, that outcome supports the notion that the courts are less likely to just ignore text limiting the kinds of harm that are cognizable, not more likely, as you seem to be arguing.
        ChristianKl 26 Sep 2024 19:30 UTC
        4 points
        2
        Parent
        (4) uses three terms “public safety”, “public security” and comparable severity.
        I would expect that severity means $500,000,000 worth of damage.
        Public safety does not seem to be a clearly defined term but fairly broad.
- ChristianKl 26 Sep 2024 18:46 UTC
  3 points
  1
  Parent
  If someone creates an automated system that makes deep fake porn and then emails with that porn to blackmail people and publishes the deep fake porn when people don’t pay up, that could very well be a system with limited human oversight, intervention, or supervision.
  Those people who pay the blackmail would also suffer from property loss.
  If you have someone committing suicide because of deep fake porn images of themselves, it might also result in death.
  If you have one suicide + $500,000,000 worth in emotional damage wouldn’t it count?

Yair Halberstadt 26 Sep 2024 15:30 UTC
5 points
1
I’m not sure why those shouldn’t be included? If someone uses my AI to perform 500 million dollars of fraud, then I should probably have been more careful releasing the product.
- ChristianKl 26 Sep 2024 16:06 UTC
  2 points
  −10
  Parent
  leogao spoke of SB-1047 being quite mild.
  If you include those things, I expect that you effectively outlaw Open Source AI models for video/audio generation.
  I think it’s a reasonable decision to outlaw Open Source AI models, but it doesn’t sound “mild”.
  - [ ]
    [deleted]
Shankar Sivarajan 26 Sep 2024 15:37 UTC
−8 points
−10
[Comment removed to try to avoid getting rate-limited.]
- Seth Herd 26 Sep 2024 18:02 UTC
  4 points
  −1
  Parent
  “Anyone who says otherwise is lying” is pretty judgmental and hostile. And wrong.
  
  We really try to maintain a culture of assuming good intent on LW. The claim that nobody might legitimately misunderstand how the law would be enforced is quite a strong assumption about people’s intelligence and the time they spend to understand things before commenting.
  
  I think this phrasing is better suited to the broader internet where people start arguments instead of working together to understand the truth.
  - Shankar Sivarajan 26 Sep 2024 18:17 UTC
    −1 points
    0
    Parent
    It is convention in fields outside of, say, math, for statements to be considered substantially true despite the possibility of exceedingly rare/implausible exceptions. And I accuse you of knowing this and making this isolated demand for my claim to be true without any conceivable exception (which I freely admit it isn’t) because you don’t like it.
    working together to understand the truth.
    Do you believe this to be a reasonable characterization of the discussion on LW about SB-1047?
    - Seth Herd 26 Sep 2024 18:28 UTC
      2 points
      −1
      Parent
      I absolutely do think LW at large is trying to understand the truth about that bill, yes. I’m sure there are some exceptions, but I’d be surprised if there were many LWers willing to actively deceive people about its consequences—LWers typically really hate lying.
      
      Your statement is not just technically incorrect, but mostly incorrect. Incompetence explains many more wrong statement than malice. I’m not going to change your mind on that right now, but it’s something I think about an awful lot, and I think the evidence strongly supports it.
      
      More importantly, your statement sounds mean, which is enough to not want it on LW. People being rude and not extending the benefit of the doubt leads to a community that argues instead of collaboratively seeking the truth. Arguing has huge but subtle downsides for reaching the truth—motivated reasoning from the combative relationships in arguments leads people to solidify their beliefs instead of changing them as the evidence suggests.
      
      I believe the “about LW” page requests that we extend benefit of the doubt and be not just civil, but polite. If not, the community at large still does this, and it seems to work.
      
      This has nothing to do with my support or lack of SBb-1047; I don’t even know if I do support it, because I find such legislation’s first-order effects to be pointless. My comment is merely about truth and how to obtain it. Being mean is not how you get at the truth.

[Question] What prevents SB-1047 from triggering on deep fake porn/​voice cloning fraud?

[Question] What prevents SB-1047 from triggering on deep fake porn/voice cloning fraud?