ASSESSING THE DEEPFAKE MENACE AS A LIMITATION TO META’S ‘HASH’ FEATURE

By: Vedant Saxena, LL.M. graduate from National Law University, Delhi (2024-25), with the stream ‘Public Laws’.

Introduction

The marvels of AI and technological innovation are not unknown today. The Internet has reduced boundaries, brought people closer, and has grown to be an indispensable tool within education and the workplace. Social media platforms allow people to share their pictures and videos with others and also engage in private conversations. However, such platforms have also grown to become fertile grounds for illicit activities, such as the ‘Non-Consensual Sharing of Intimate Images (NCII)’ and the dissemination of Child Sexual Abuse Material (CSAM). The act of NCII usually involves an unauthorized publication of a person’s intimate media. Studies show that NCII may mean deleterious implications for the victim, including psychological trauma, reputational loss and physical harassment. Moreover, and more significantly, with the growing popularity and autonomy of AI across a catena of sectors, the frequency of digital abuse being carried out has increased manifold. Reports published by the Internet Watch Foundation suggest that AI-generated content involving children is increasingly being created and disseminated online.

With the advent of deepfake technology, which uses AI to generate hyper-realistic content, creating a sexualized image of a person is almost a walk in the park. With traditional NCII requiring the perpetrator to have access to intimate media involving the victim, such activity could, to a certain extent, be alleviated by increasing awareness regarding the sharing of sensitive media and coming up with AI-based initiatives to proactively remove sensitive content if shared. With deepfake technology, on the other hand, the only thing that the perpetrator requires is access to the victim’s pictures, which, in today’s digital era, can easily be obtained via the Internet or social media. With easy access to such images, the perpetrator can then use deepfake technology to strip the victim of her attire or falsely depict her engaging in a sexual act.

Examining the scale of the problem

A deepfake is basically an image or video, which is created by using AI to superimpose a catena of images and videos. Celebrities, such as Barack Obama, Margot Robbie, Tom Cruise, and Scarlett Johansson have routinely been subjected to deepfake technology. However, such technology is now increasingly being used to target private individuals and not merely celebrities. The Internet Watch Foundation, through a recent report, showed that a shocking 20,000 AI-generated images of children were shared on a single dark-web forum. Other than examining the dark web, the organization also brought to light how the dissemination of AI-generated content comprising children is rapidly growing on the surface web. The NCMEC, in a recent study, showed that the number of reports involving the dissemination of images and videos involving CSAM produced via generative AI exceeded 4,700. Moreover, the advancement of AI has led to a number of nudification tools that can generate synthetic media by taking a ‘clothed person’s photo’ and predicting the appearance beneath the clothing. Recently, Disney child-actress Kaylin Hayman fell prey to such technology, when an older man used deepfake technology to stitch her face on another person’s body. The actress, in an interview, admitted that this was something she never thought could even be a possibility. This is proof that, with deepfake technology still being at an early stage, people are mostly unaware of its implications. Such reports, despite the existence of policies aimed at curing online harassment, are substantial evidence suggesting that such policies are ineffective in dealing with deepfake technology.

Assessing Meta’s ‘StopNCII.org’ and its competence in countering deepfake technology

In order to counteract the growing menace of image-based sexual abuse, Meta has routinely updated its community standards and come up with innovative policies. The ‘StopNCII.org’ platform, in pursuance of a collaboration of the UK Revenge Porn helpline and Meta, was established in recognition of the fact that image-based sexual abuse requires an instantaneous removal of the published media. The platform is grounded upon hash technology, a technique that imbues a picture with a unique footprint, thereby allowing the platform to instantaneously trace and delete it upon being uploaded. However, with the advent of deepfake technology, a string of complexities appears to have arisen. AI-generated image-based sexual abuse involves the dissemination of self-created content, unlike in the case of traditional image-based sexual abuse, which requires access to the victim’s intimate media. With hash matching requiring an existing picture for the generation of a hash, its detection mechanism is grounded in previously known content. Deepfake technology, on the other hand, deals with the creation of new content on every occasion. Even the slightest of changes made to a picture would lead to the generation of a new hash. While perceptual hashing may bring about some respite, modern, generative tools alter minuscule details like texture and lighting while maintaining the overall look, which is often enough to evade the former. With the vast number of tools present across the Internet, coupled with the ease with which a particular person’s picture may be accessed, any person with published data is a potential target. What truly renders hash technology meaningless in this scenario is the uncertainty of who might be next, or which particular picture may be morphed and published.

Analyzing ‘Watermarking’ as a potential solution to the deepfake-hash tension

With technology advancing at the rate of knots and amendments to the law unable to keep up with the pace, it is pertinent to come up with technological solutions to counteract malicious uses. The privilege that perpetrators, who employ deepfake technology to produce AI-generated images of people, enjoy may be counteracted by watermarking uploads on social media platforms. The process would mean that in the event of an image being uploaded, the image would be imbued with a unique marker, and such a marker may be utilized by the platform to check for manipulated media uploads. However, this may appear to be an effective solution only for media that have undergone minor modifications. Deepfake imagery is often created using a plethora of images, and it is often almost impossible to detect the exact media used to generate the deepfake. Within such a scenario, however, watermarking may appear as a solution, since the technique deals with detecting authenticity; a deepfake that comprises a conglomerate of images uploaded would still not contain the watermark embedded within the uploads unless the perpetrator manages to perfectly replicate it. Quereshi calls for a more advanced version of watermarking that links video and audio features to a blockchain record. In the event of such a video or audio being manipulated, the watermark would not match, and the falsity of the deepfake would be detected.

Watermarking is, however, not without limitations. According to a report by the Internet Watch Foundation, an alarming 86% of the images studied did not contain any useful metadata, indicating metadata stripping. Metadata stripping is common within social media platforms. Metadata is automatically removed upon an image upload on Meta’s platforms, including Instagram and Facebook. Further, there are various applications, such as ‘ExifTool’, which allow users to strip metadata from media before uploading it. A test conducted to compare the attributes of a photo with the attributes of the same photo in the aftermath of being shared on the social media platform, showed that while EXIF details such as brightness and aperture settings and GPS coordinates were removed in totality, the file size and the file name underwent significant alterations. Moreover, upon the metadata being stripped, there is no indication suggesting that WhatsApp can recover such information, and therefore, despite the fact that there are modes of preserving such attributes, it may be concluded that stripped metadata is permanently deleted. Such stripping may, therefore, be detrimental to the detection of illicit content, since timestamps and file paths are vital in helping identify suspicious behavior. Thus, watermarking may be a part of the solution to the deepfake menace, but can certainly not be considered the only mechanism to tackle the aforementioned threat.

Conclusion

Despite being at an early stage, deepfake technology is already being extensively employed for malicious purposes. Today, a sexualized picture of a person can be created within the blink of an eye, and to the unwary eye, such content often appears to be portraying a real-life scenario. With the dissemination of such a picture capable of causing immense psychological, reputational, and physical harm to the victim, it is pertinent that policies like StopNCII.org are revamped to include the threat of deepfake technology. With the ever-increasing dominance of AI across the globe, such technology is here to stay and will only be imbued with more significant advancements. While watermarking may be considered a welcome first step, it is essential to routinely update such policies since, in the race between technology and legislative change, it is almost always the former that is ahead.