Apple patents deepfakes as researchers try to stay a step ahead of bad actors

Apple has been awarded a patent for making deepfakes, and the best the world can hope for out of this is Apple using it only as a way to bankrupt criminal synthetic media rings.

Two reasons: There is no more reason to trust Apple with deepfakes than any other company. And the world’s proposed defenses to malicious algorithms are either extremely short-term fixes or hopes.

Compare what Apple is likely to do with its patent (spotted by Patently Apple) to what bright minds are toying with to detect deepfake videos, particularly those used to defraud. The patent covers changing the expression and pose of a facial image.

Apple produces live-action and animated video content and owns display space on millions of palms and on a lot of wrists. It soon will own the space belted to people’s foreheads. Without doubt, Apple will be digitizing faces for the metaverse, games, movies and app avatars.

In other words, it will normalize the biggest threat to a collective reality since Facebook. Look how that is playing out. Again and again, information technologies deliver new dangers with each advance.

Then there is Gotcha, a system and practices proposed by well-meaning New York University researchers (working down stream from similar research at Ben-Gurion University) hoping to tame the deepfake threat.

Gotcha attacks real-time deepfake streaming algorithms by forcing the code to reveal itself.

There are many examples for how this might be done, and they can be found in an excellent look at the development by AI industry publisher Unite.AI. But arguably the best one is this: Two people get on a video call. Each pushes a finger into his or her cheek or makes an unusual face.

Because the training of a deepfake algorithm today is unlikely to include mimicking all gestures and expressions, it is going to display something screwy.

If this sounds like video Captcha, the best most-hated reality check on the internet, that is because it is.

In fairness to the NYU scientists, they admit that no one from a branch manager or village mayor on up would ever submit to making faces in front of a camera – even doing something benign like craning to look up or cover some of their face with a hand.

Passive methods of pushing models beyond their training include superimposing text, hiding portions of faces behind digital cutouts and overloading frames being processed.

The researchers say their method has shown it can push malicious software to the point that anyone looking at even a single frame would know they were looking at code and not a person.

The problem here is that comprehensive training of models – implanting most or all of the unexpected things a person could do in front of camera – is probably coming sooner than anyone imagines.

Article Topics

Apple  |  biometrics  |  face biometrics  |  patents  |  research and development  |  synthetic data