The Center for Long-Term Cybersecurity has produced a series of animated explainer videos that we call “What? So What? Now What?” Each video in the series covers a specific cybersecurity-related topic through this three-part lens:
- What: What is the definition of the topic, at a high level?
- So What: Why does it matter?
- Now What: What can or should be done about it?
Please view our “What? So What? Now What?” videos below.
The third installment in CLTC’s “What? So What? Now What?” series focuses on deepfakes and misinformation, featuring perspectives from Dr. Hany Farid, Associate Dean of the UC Berkeley School of Information and a Senior Faculty Advisor for the Center for Long-Term Cybersecurity.
Produced as part of the “What? Now What? So What?” explainer video series, this short video provides an overview of what deepfakes are, why they matter, and what can be done to mitigate potential risks associated with fake content.
“Deepfake is a general term that encompasses synthesized content,” Professor Farid explains. “That content can be text, it can be images, it can be audio, or it could be video. And it is synthesized by an AI or machine learning algorithm to, for example, create an article by a computer, just given a headline. Create an image of a person who doesn’t exist. Synthesize audio of another person’s speech. Or make somebody say and do something in a video that they never said.”
As Farid notes, deepfakes are potentially dangerous in part because they they make way for the so-called “liar’s dividend.” In a world in which everything can be faked, nothing has to be accepted as real anymore, giving plausible deniability to anything caught on video.
“What happens when we enter a world where we can’t believe anything?” Farid says. “Anything can be faked. The news story, the image, the audio, the video. In that world, nothing has to be real. Everybody has plausible deniability. This is a new type of security problem, which is sort of information security. How do we trust the information that we are seeing, reading, and listening to on a daily basis?”
The Center for Long-Term Cybersecurity has produced an animated “explainer” video about differential privacy, a promising new approach to privacy-preserving data analysis that allows researchers to unearth the patterns within a data set — and derive observations about a population as a whole — while obscuring the information about each individual’s records.
As explained in more detail in a post on the CLTC Bulletin — and on Brookings TechStream — differential privacy works by adding a pre-determined amount of randomness, or “noise,” into a computation performed on a data set. The amount of privacy loss associated with the release of data from a data set is defined mathematically by a Greek symbol ε, or epsilon: The lower the value of epsilon, the more each individual’s privacy is protected. The higher the epsilon, the more accurate the data analysis — but the less privacy is preserved.
Differential privacy has already gained widespread adoption by governments, firms, and researchers. It is already being used for “disclosure avoidance” by the U.S. census, for example, and Apple uses differential privacy to analyze user data ranging from emoji suggestions to Safari crashes. Google has even released an open-source version of a differential privacy library used in many of the company’s core products.
Adversarial Machine Learning
CLTC has launched a new series of “explainer videos” to break down complex cybersecurity-related topics for a lay audience. The first of these videos focuses on “adversarial machine learning,” when AI systems can be deceived (by attackers or “adversaries”) into making incorrect assessments. An adversarial attack might entail presenting a machine-learning model with inaccurate or misrepresentative data as it is training, or introducing maliciously designed data to deceive an already trained model into making errors.
“Machine learning has great power and promise to make our lives better in a lot of ways, but it introduces a new risk that wasn’t previously present, and we don’t have a handle on that,” says David Wagner, Professor of Computer Science at the University of California, Berkeley.
CLTC has written a brief overview of adversarial machine learning for policymakers, business leaders, and other stakeholders who may be involved in the development of machine learning systems, but who may not be aware of the potential for these systems to be manipulated or corrupted. The article also includes a list of additional resources.