We are facing a deluge of AI-generated misinformation.
The reason is simple: generative AI has empowered the creation of synthetic media with unparalleled realism, such that we can hardly differentiate between genuine and fabricated content.
Deepfakes, for instance, can manipulate audio and video to portray individuals saying or doing things that never happened in reality. In a recent report, Techopedia highlighted the potential consequences of such deception, noting that about 95% of consumers in the U.S. will have fallen victim to a deepfake by the end of 2024.
In response to this growing threat, major tech companies have floated watermarks as a potential solution. According to a recent NBC report, Meta and other leading tech companies have implemented Adobe’s C2PA watermarking standard to put watermarks on AI-generated content.
However, despite being touted as one of the most promising methods to combat the escalating AI misinformation problem online, AI experts doubt its feasibility — citing vulnerability to removal and the evolving nature of AI models as just two hindrances.
In this article, we speak with experts to understand watermarks as a potential solution to AI-generated misinformation, its limitations, and possible alternatives.
Key Takeaways
- Tech companies proposing watermarks to identify AI-generated content, with visible and invisible markers.
- Experts doubt the feasibility of watermarking due to vulnerabilities, evolving AI models, and enforcement challenges.
- Alternatives explored include authenticated provenance, stylometric detection, and human oversight.
- Broad adoption and enforcement of watermarking standards across AI developers and platforms will be challenging.
- Multi-pronged approach is needed involving tech companies, developers, platforms, and users to combat AI misinformation.
A Closer Look at the AI Watermark Approach
Watermarking AI-generated content will come as visible and invisible digital prints on AI-generated content. The visible side will look like most watermarks we’ve seen on Shutterstock and Canva, while the invisible part would be unique to the AI model that generated the content, allowing for future identification.
Meta in February announced their plans to use watermark technology to distinguish AI-generated content across its platforms such as Facebook, Threads, and Instagram. This initiative involves the integration of invisible watermark labels to mark AI-generated content, supplemented by clear labels for user awareness.
Meta’s watermarking approach involves embedding metadata within content, an invisible layer accessible only through specialized extraction technology. However, the Facebook parent acknowledged the limitations of this approach, noting that watermarks can be manipulated or removed entirely by bad actors.
Apart from Meta, proponents of AI watermarks envision a future where platforms can automatically detect and flag content with these embedded identifiers. While speaking with Techopedia on the matter, Tony Fernandez, CEO and CAIO of UserExperience.AI at UEGroup, highlighted the importance of AI-content identifier, stating:
“Watermarking, in some form, will be a necessary part of consuming content in the future. A source indication will be needed on audio, text, video and every type of media where authenticity is needed and expected.”
Erik Z. Severinghaus, CEO at Bloomfilter, told Techopedia via email:
“The good stuff about AI watermarking is that it could help us catch the bad guys spreading fake news.
“If every piece of content had its digital stamp, it’d be easier to figure out who’s behind the lies. That means more accountability and less room for people to mess with our heads.”
Experts Weigh in on the Limitations of AI Watermarking
While watermarks on machine-made content present an intriguing solution, experts warn that their effectiveness at curbing AI-generated misinformation online is flawed on several grounds.
Fernandez points out that relying on the AI process to add watermarks to AI-generated content is not sustainable as it can be falsified by bad actors.
“If watermarking relies on an AI process to self-report, there could be bad actors who will falsify the labeling. If the watermarking is determined by an AI process that detects an AI fingerprint, it will create a “measures/countermeasures” problem where both sides will try to fool the other.
“Ultimately, they may result in a stalemate that will make an automatic process impractical.”
Another challenge, according to Irina Raicu, Director, Internet Ethics at Markkula Center for Applied Ethics at Santa Clara University, is the potential for overreliance on AI watermarks as an indicator of AI-generated content.
“One challenge with watermarking is that people might come to rely on it too much, not realizing that watermarks can be removed — and believing, therefore, that content that’s not watermarked is not AI-generated.”
Adnan Masood, Chief AI Architect at UST, expressed his concerns, stating,
“I’m skeptical about the practical execution and effectiveness of AI watermarking as proposed. Embedding robust, tamper-proof watermarks into the complex outputs of ever-evolving AI models is a formidable technical challenge.”
Besides the technical challenge, Masood points out that: “Getting broad adoption and enforcement of watermarking standards across the fragmented landscape of AI developers and platforms will be an uphill battle.”
Additionally, “preserving watermarks in AI processes like style transfer and audio synthesis, while ensuring they remain invisible to humans but detectable by algorithms, requires sophisticated signal processing techniques. These watermarks must also endure editing, such as cropping and format conversion,” Masood adds.
Another critical aspect of AI watermarking is the choice between private and public watermark detection methods.
As Masood notes, “The choice between private and public watermark detection impacts security and vulnerability to attacks. Private watermark detection offers increased security but limits the ability to verify watermarks externally, while public detection methods may be more susceptible to attacks and tampering.”
According to Ari Jacoby, CEO at Deduce, the proposed watermarking of AI-generated content may take a lot of work to enforce. Discussing his concerns with Techopedia, he said:
“I think enforcement will undoubtedly prove challenging – how do we know who originally created/distributed the image or video – and with the speed of technology, there will likely always be a new threat to chase in this sector.”
There Could be Possible Ways Around the Hiccups
Despite the challenges posed by enforcing watermarking requirements for AI-generated content, Surabhi Bhargava, Machine Learning Engineer at Adobe, offers a potential solution.
In an email to Techopedia, Bhargava suggests:
“Each model should be trained to produce a watermark in its generated content in a way that does not hinder the usability of the content but allows users (not just computer programs) to identify that the content was generated.”
This approach, according to Bhargava, could “address the challenges posed due to evolving AI models.”
Regarding enforcement, Bhargava believes “it falls upon the developers of such models to enforce the watermarking as part of model inference and not an additional step.”
Furthermore, she calls for platforms like Git and Huggingface to play a role by “enforcing the presence of watermark generation before allowing models to be available open-source.”
This multi-pronged approach, involving both model developers and platform providers, could help address the enforcement challenges associated with watermarking AI-generated content.
Alternative Solutions to the Watermark Approach
Discussing alternatives to traditional watermarking techniques, Masood highlighted several approaches:
“One such technique is authenticated provenance – it is a promising complementary solution, involving the cryptographic verification of the source of genuine photos and videos from trusted capture devices to their final publishing. The Content Authenticity Initiative is a notable effort spearheading this approach.”
Masood also mentioned stylometric detection as an area of active research. “Another avenue is stylometric detection, which uses the unique artifacts and regularities in the distribution of synthetic data to identify machine-generated content. This is an active area of research with potential to develop robust detection methods.”
For high-stakes scenarios, Masood suggested an additional layer of human oversight: “For high-stakes scenarios, such as official communications, human validation could be employed, requiring synthetic media to be reviewed and digitally signed off by a human in the loop.”
The Bottom Line
The rise of AI-generated content presents a new and complex challenge in the fight against misinformation. While AI watermarks offer a potential tool, it’s fraught with several challenges, necessitating the need for a multi-pronged approach to AI-generated misinformation.
Moreover, the responsibility lies not just with tech companies or fact-checkers, but with all of us. We all need to start approaching information with a critical eye, demand transparency, and support credible sources to create a digital space where truth thrives more than misinformation.
References
- Big Tech says AI watermarks could curb misinformation, but they’re easy to sidestep (NBC News)
- Labeling AI-Generated Images on Facebook, Instagram and Threads (Meta)
- UE Group Official Website (UE Group)
- Bloomfilter Official Website (The Bloomfilter)
- Santa Clara University Official Website (SCU)
- UST Official Website (UST)
- Adobe Official Website (Adobe)