In recent years, there have been a few examples of the terrifying power AI generated images can have. Jordan Peele, for example, took centre stage with his collaboration with Buzzfeed to produce and dub a deepfake video of President Obama uttering words that were ever so slightly out of his character, such as Donald Trump is a “a total and complete dipshit.” But barring a few similar case studies, the world of AI deepfakes has remained largely underground, which is precisely why ThisPersonDoesNotExist.com is trying to bubble it to the surface.
The resemblance is uncanny. With every hit of the refresh button a new human face is generated. The spectrum is endless; all ethnicities, ages, hair, and makeup styles are represented. Even small personality traits are somehow captured through the facial expression the person chooses to put on while being captured by the camera. Wrinkles around the eyes suggest this person might be a smiley one—crevices between the brows hint to this person’s hardship life. There is only one thing that really threads these faces together, which is that they are absolutely fake.
The website’s founder, a software engineer at Uber named Philip Wang, relied on research done by Nvidia, an American tech company focused on the gaming industry, in order to to generate this infinite pool of fake faces. Nvidia has in fact been developing its AI production of fake faces over the past several years and in 2014 released a paper showing some of its first attempts (the image of the left hand side). Four years later, Nvidia’s algorithms can create an absolutely undetectable human face within milliseconds. These images are created using millions of real images that are processed through a neural network called generative adversarial networks (GAN), to then manufacture new examples. Hair movement is studied, nose shapes, eyebrows, lips and cheeks. All to fabricate faces that are realistic and accurately represent certain DNA traits.
The images forged on ThisPersonDoesNotExist.com are not being displayed from a pool of ready mades every time the page is refreshed. Instead, the person is quite literally being made on the spot every single time. In a recent Facebook post, Wang wrote, “Each time you refresh the site, the network will generate a new facial image from scratch”.
There are obvious positive and negative implications of this fast developing system. On the plus side, it can help advance virtual worlds in the ability to imitate and slightly fabricate real-life things, like humans or natural beings, plants and even objects, aiding creatives as they develop the next generation of virtual reality and anchor it in something relatable and realistic. And as reported by the Fast Company last week, GAN is already helping artists like Mario Klingemann generate portrait paintings using his algorithm ‘Memories of Passerby’, which are currently selling at Sotheby’s for $50,000.
On the more negative side, the ability to generate realistic images of people at an unprecedented rate poses a risk for both the development of deepfakes such as Jordan Peele’s Obama video and the creation of more undetectably realistic images of bots, tweeting, posting on Instagram and potentially being used as a tool for propaganda. Instead of imitating real people’s accounts, as bots often do today using profile pictures and changing the handle ever so slightly (a lower case instead of upper, an underscore instead of a dash), GAN images open possibilities for the creation of an infinite army of real fake people online.
Just like any other groundbreaking innovation, GAN’s latest achievement is here to remind us that how we chose to utilise technology is up to our discretion, and that our approach is key. For starters, education around deepfakes desperately needs to exit the underground and enter surface level. Tools that can be used to detect fake images must be created and awareness campaigns, such as Wang’s ThisPersonIsNotReal.com need to become part of the everyday.
“Alexa, do you protect my personal data?”. This is the question that is at the heart of the GDPR, the new EU regulations that come into force today, 25 May. It has been over 20 years since the last data protection laws were passed in the U.K. and since then, the information battlefield has changed considerably.
Web 2.0 created a way for users to collaborate, participate, and interact with the sharing of information, giving rise to a new breed of personalised services: Facebook for social networks, Twitter for news, Amazon for purchases. The tracking and sharing of information between platforms, using tools such as single-sign ons (e.g. Facebook Connect), seamlessly expanded our digital playgrounds, mapping data points on our love lives, music tastes and political leanings and then reflecting those choices in the shaping of future content that is in constant orbit around us.
The unquestionable value of insights into personal choices sparked a data gold-rush, causing industries to experiment with how personal data could be collected and analysed in order to improve their product. The rules of engagement for free services were simple: your data in return for targeted advertising. As a result, a culture of self-entitlement to our data emerged and then spread, encouraged by the sophistication of data mining tools that could be hidden from plain sight.
The purpose of the new data protection laws is to move away from this lack of transparency epitomised by the ‘tick box’ culture, by extending the obligations on businesses to secure the integrity of their data collection, chiefly by giving their customers the necessary information to understand and control the use of their personal data. A move that is an “evolution”, not a “revolution”, according to the Information Commissioner, the regulator charged with responsibility for enforcing the new laws.
Fundamentally, the laws clarify the scope of ‘personal data’; it is ultimately about the monitoring and tracking of your activities, and this can happen without storing your name or address by the use of clever technological quirks. With greater fines for those that fall afoul of these regulations and businesses being held liable for the mishandling of information by their partners, this should result in greater due diligence for the collection and sharing of our data. However, bad practices are likely to return if regulators are under-resourced or seen to be weak in enforcing the regulations. To determine the likely consequences of breaching these new laws, many businesses will be paying close attention to see how the regulators treat Facebook over its recent data protection breaches.
The responsibilities and burden of the GDPR do not rest solely with businesses and law-enforcement, the onus is on data subjects (you) to enforce their rights. The laws simply provides the armoury to do so. Individuals can request a copy of their data and require its deletion should they wish. A key argument raised by Zuckerberg in defence of Cambridge Analytica at the recent congress testimony has been that “users have complete control over their data.” Clearly this is not, and has not, always been the case. The flurry of updates to Facebook’s services since the breach was publicised speaks for itself. Users can now view in greater depth the plethora of information behind the profile that is being monetised by Facebook. Zuckerberg’s reference to “complete control” should therefore be understood within the context of the deal on the table for its users: free access to Facebook in return for targeted advertising. For those willing to put in the effort and constant upkeep, this intricate data-DNA behind our identities can be monitored, tweaked even—but its continual evolution cannot be stopped.
If there are broader learnings to be taken from Cambridge Analytica—beyond finger-pointing at Facebook for its complicity in not recognising the inherent risks with amassing a data vault and commodifying it on an open-marketplace—it is that we must acknowledge our own naivety of participating and trusting this technology, without further thought to the broader consequences. The safeguards in the physical world do not easily extend to the digital, and the burden is therefore on individuals to investigate the boundaries within which their personal identity is being constructed and exploited, so that they may protect themselves accordingly.
It is questionable whether these regulations will significantly alter the attitude of businesses and their users to the sharing of data. While there has clearly been investment from larger businesses in the improvement of the security and integrity of their data collection, a ‘spring clean’ of their data systems, the updates to privacy policies to make them clearer, and the reaching out to customers to obtain their consent to newsletters has resulted in yet more clicking and ticking. The unbridled response from the majority of users has not been to enquire as to whether updated legal terms are useful, but to complain about the clutter that this has brought to their inbox and seamless experience of these digital services.
Perhaps there is a psychological hurdle that remains, with too many degrees of separation between our physical and machine selves, such that we do not feel the same guardianship for our digital anatomy that we assume for our physical. Alternatively, it’s possible that we, rightly or wrongly, believe that we have the requisite control; that we can consume the features and fads to enhance our digital lives, and then always unsubscribe from these services if they no longer serve our interests.
Clearly businesses still desire our data, and we are still willing to share it with them. Neither side is inclined to slow down this fast moving train—it is the exchange of information that has been at the epicentre of human evolution. The question is where is the ultimate destination? Facial recognition software in the latest mobile devices can store over 83 data points on facial features alone. On the horizon, artificial intelligence and machine learning will be able to gather enough data points to produce digital replications indistinguishable from their masters. What happens when these digital replications are then violated, or when we become so dependent on our digital assistants, that we no longer have the agency to unsubscribe? “Alexa, do you want all my personal data?”, “I’m not sure about that” it responds, seeking an answer to add to its neural network of information. It’s up to us to decide, for now at least.