Image Source: BBC
Shortly after rumors of former President Donald Trump’s impending indictment, images purporting to show his arrest appeared online. These images were created by a generative artificial intelligence system, which combined clever machine-learning algorithms with billions of pieces of human-generated content. Even in these early days, generative AI is capable of creating highly realistic content, and the average person is unable to reliably distinguish an image of a real person from an AI-generated person. This technology is becoming increasingly available, and detractors will be able to easily dismiss as fake actual video evidence of everything from police violence and human rights violations to a world leader burning top-secret documents. There are reasonable and technologically feasible interventions that can be used to help mitigate these abuses, such as watermarking.
Watermarks are a long history of marking documents and other items to prove their authenticity, indicate ownership, and counter counterfeiting. Getty Images, a massive image archive, adds a visible watermark to all digital images in their catalog. Imperceptible digital watermarks are also used for digital rights management. Watermarks can be added to a digital image by tweaking every 10th image pixel so that its color (typically a number in the range 0 to 255) is even-valued. Additionally, additional information can be embedded into the watermark, including a unique identifier that encodes the generating software and a unique user ID.
The ideal watermark is one that is imperceptible and also resilient to simple manipulations like cropping, resizing, color adjustment, and converting digital formats. Watermarking and free AI image generators can be baked into the generative AI systems by watermarking all the training data, after which the generated content will contain the same watermark. OpenAI is experimenting with a strategy to watermark ChatGPT’s creations. Characters in a paragraph cannot, of course, Text-based generative AI is based on producing the next most-reasonable word in a sentence. ChatGPT learned these probabilities from the large body of text it was trained on.
Generated text can be watermarked by secretly tagging a subset of words and biasing the selection of a word to be a synonymous tagged word. This approach won’t work for short tweets but is generally effective with text of 800 or more words depending on the specific watermark details. If the industry won’t do this voluntarily, lawmakers could pass regulation to enforce this rule. Unscrupulous people will, of course, not comply with these standards. The Coalition for Content Provenance and Authentication (C2PA) is a collaborative effort to create a standard for authenticating media.