A research paper released today by Mozilla, the free software developer best known for Firefox, reveals that the artificial intelligence industry struggles to label AI-generated content effectively as it continues to proliferate across the internet.

We are coming into an era when AI-generated content is becoming more prevalent. People have produced deepfakes, images that look exactly like pop stars, political figures and others, to pass them off as real. Worse, the voice of President Joe Biden was mimicked to mislead New Hampshire voters in January.

The potential harm caused by content generated by content is myriad, not just affecting elections. It could lead to fraud, erode consumer trust in markets, enable identity theft and manipulate popular perceptions.

It’s not hard to see how AI-generated fake images and videos could be used to create outrage on the local and global stage. Visual and audio deepfakes can be extremely visually compelling and difficult to distinguish from the real thing, so by the time they have been debunked, many people can be fooled.

The report entitled In Transparency We Trust? Evaluating the Effectiveness of Watermarking and Labeling AI-Generated Content, co-authored by researchers Ramak Molavi Vasse’I and Gabriel Udoh, examined two broad approaches to identifying and labeling AI-generated content: human-facing disclosure and machine-readable methods. In the findings, the researchers said neither method garnered a “good” appraisal in a fitness check.

“The most worrying use [of AI] is the spread of advanced disinformation, which is enhanced by new GenAI developments,” Molavi Vasse’I told SiliconANGLE. “Artificial realities can be created in seconds without any skills and used as ‘evidence’ to manipulate people’s opinions. We have been facing this problem for years, but this is a new dynamic that is particularly concerning in a year with more than 70 elections around the world.”

Human-facing disclosure methods are useful for AI-content warnings because they allow people to know immediately that they’re looking at media or consuming content that was generated by an AI algorithm. Much like a sticker or a label on a package, this would be a mark on an image or an audio warning before they were introduced to it.

This type of labeling can be convenient because it’s particularly straightforward and easily standardized. It also doesn’t put much of a burden on the producer of the synthetic content and generally warning labels can be understood by the average user without additional explanation (“This content is AI-generated”).

However, the researchers warned that also like a sticker or an audio warning, the warning could be stripped along the way by any content producer or completely ignored by people. “Visual/audio labels are also very easy to remove or alter,” the report said. “Sometimes, the process of tampering can be so intense that it also affects the original value of the content. Aesthetically speaking, human-facing labels — visual/audio — can be intrusive.”

As a result, human-facing disclosure of AI-generated content received the worst rating of “poor.”

Watermarking, a machine-readable method for labeling AI-generated content, received a better grade from the researchers because of its higher effectiveness at labeling the content, since most methods are somewhat tamper-resistant. Many people have already run into watermarks in their everyday lives. For example, on currency, all U.S. bills $5 and higher have watermarks. The $5 bill watermark looks like the faint image of a “5” in the blank space to the right of the portrait and three numeral 5s to the left.

Digital watermarks are similar but remain invisible to the human eye and can only be detected by computers. Several different methods have been proposed and implemented, including adding metadata and cryptographic data to images and audio. The Coalition for Content Provenance and Authenticity developed C2PA, a standard designed to address misleading content that allows users to trace the origin of different types of media online, including AI-generated content.

Google DeepMind, Alphabet Inc.’s AI research lab, created SynthID, a technology that embeds a cryptographic watermark into AI-generated content, including images, audio and video. Major AI model hub Hugging Face Inc. introduced AudioSeal in January, a watermarking technology for synthetically generated audio clips.

Cryptographic watermarking methods are somewhat difficult to tamper with, although sophisticated methods using AI can alter them its resource intensive. Metadata labeling can be defeated by simply removing it from the file or sometimes when a file is transferred, but it’s still useful in most circumstances. The biggest issue with watermarks is that they require specialized tools to disclose that the content was generated by AI.

The researchers rated machine-readable watermarking approaches as “fair” in fitness given these findings.

“None of the methods alone are a silver bullet. Machine-facing methods, like cryptographic watermarks are more robust towards alterations,” Molavi Vasse’I said. “Together with accurate detection mechanisms, they can be part of a toolbox of an effective governance of unintended harms.”

With the rising threats that synthetically produced content may represent, the researchers recommended that machine-readable methods should be prioritized, although they could be used in combination with human-facing disclosure, depending on the context, for best results. Importantly, policymakers and industry leaders need to ensure that unbiased detection mechanisms are widely available and standardized and this means open-source watermarking capabilities.

“There are still more open questions than answers: What happens when a deepfake is discovered? Will it be flagged (bringing the drawbacks of labels)?” Molavi Vasse’I added. “Will it be blocked? And who decides what content to block or not?”

The researchers also emphasized that this needs to be coupled with increased regulation and the need for user education about synthetic AI-generated content. Many users don’t understand how to identify faked content, even when it’s properly labeled or watermarked. Proper education along with disclosure can go a long way to providing robust understanding, the researchers said.

“We note that there may be a misconception that transparency is more than a prerequisite for effective regulation,” Molavi Vasse’I said. “Disclosure methods such as labeling or watermarking of AI-generated content are being proposed in a growing number of regulations. While very important, transparency alone is not enough to reduce the harms of AI-generated content.”

Image: Pixabay