It's getting harder, isn't it, to spot real from fake, AI-generated from human-generated. With generative AI, along with other advances in deep fakery, it doesn't take many seconds of your voice, many images of your face, to fake you, and the realism keeps increasing.
要分別真假越來越難了,是吧? 很難分別是人工智慧 生成的還是人類生成的。 有了生成式人工智慧 以及在深偽方面的其他進步, 根本不用太多你的聲音資料 或面部影像就能偽造你, 具真實感還不斷在提升。 我在 2017 年開始投入深偽領域,
I first started working on deepfakes in 2017, when the threat to our trust in information was overhyped, and the big harm, in reality, was falsified sexual images. Now that problem keeps growing, harming women and girls worldwide. But also, with advances in generative AI, we're now also approaching a world where it's broadly easier to make fake reality, but also to dismiss reality as possibly faked.
那時,我們對資訊的信任 所受到的威脅被誇大了, 實際上嚴重的危害 來自偽造的色情影像。 現在,這個問題持續擴大, 傷害到世界各地的女人和女孩。 但,此外,隨著 生成式人工智慧的進步, 我們的世界漸漸變成 更容易製造虛假的現實, 也更容易指稱現實 可能是假造的而忽視它。
Now, deceptive and malicious audiovisual AI is not the root of our societal problems, but it's likely to contribute to them. Audio clones are proliferating in a range of electoral contexts. "Is it, isn't it" claims cloud human-rights evidence from war zones, sexual deepfakes target women in public and in private, and synthetic avatars impersonate news anchors.
欺騙性和惡意的視聽人工智慧 並非我們社會問題的根源, 但有可能會助長這些問題。 在許多不同的選舉情境中 都出現了大量的複製聲音。 「這是,這不是」的聲稱 混淆了來自戰區的人權證據, 性深偽技術被用來攻擊女性, 公開和私下都有。 合成的頭像還能模仿新聞主播。
I lead WITNESS. We're a human-rights group that helps people use video and technology to protect and defend their rights. And for the last five years, we've coordinated a global effort, "Prepare, Don't Panic," around these new ways to manipulate and synthesize reality, and on how to fortify the truth of critical frontline journalists and human-rights defenders.
我是 WITNESS 的領導人, 它是個人權組織, 旨在協助大家使用影片和技術 來保護和維護他們的權利。 在過去五年,我們協調促成了 全球計畫「做好準備,別慌」, 和這些操縱和合成現實的新方式有關, 也想辦法強化重要前線記者 以及人權捍衛者的真相。
Now, one element in that is a deepfakes rapid-response task force, made up of media-forensics experts and companies who donate their time and skills to debunk deepfakes and claims of deepfakes. The task force recently received three audio clips, from Sudan, West Africa and India. People were claiming that the clips were deepfaked, not real. In the Sudan case, experts used a machine-learning algorithm trained on over a million examples of synthetic speech to prove, almost without a shadow of a doubt, that it was authentic. In the West Africa case, they couldn't reach a definitive conclusion because of the challenges of analyzing audio from Twitter, and with background noise.
其中一個要素就是 深偽快速應變特別小組, 成員包括媒體取證專家, 還有些公司願意貢獻其時間和技能 來揭穿深偽以及聲稱是深偽的說法。 特別小組最近收到了三段聲音錄音, 來自蘇丹、西非和印度。 有人聲稱這些錄音 是深偽,不是真實的。 在蘇丹的例子中, 專家採用機器學習演算法, 訓練用的資料集中有數百萬個 合成語音的例子, 幾乎可以毫無疑問地證明 這段錄音是真實的。 在西非的例子裡, 無法得出肯定的結論,困難處 包括要分析來自推特的音檔, 背景還有噪音。 第三段是外流的錄音, 聲音來自一位印度政治人物。
The third clip was leaked audio of a politician from India. Nilesh Christopher of “Rest of World” brought the case to the task force. The experts used almost an hour of samples to develop a personalized model of the politician's authentic voice. Despite his loud and fast claims that it was all falsified with AI, experts concluded that it at least was partially real, not AI. As you can see, even experts cannot rapidly and conclusively separate true from false, and the ease of calling "that's deepfaked" on something real is increasing.
《世界其他地方》的尼萊許‧ 克里斯多夫把這案子交給特別小組。 專家用了近一小時的聲音樣本, 針對這位政治人物的真實聲音, 開發出一個個人化的模型。 儘管他快速地大聲喊冤說 這全是人工智慧假造的, 專家的結論是,至少 有部分是真實的, 非人工智慧假造。 各位可以知道, 就連專家也無法快速且肯定地 區別出真實與假造, 且對著真實內容卻喊冤說「那是深偽」 也變得越來越容易了。
The future is full of profound challenges, both in protecting the real and detecting the fake. We're already seeing the warning signs of this challenge of discerning fact from fiction. Audio and video deepfakes have targeted politicians, major political leaders in the EU, Turkey and Mexico, and US mayoral candidates. Political ads are incorporating footage of events that never happened, and people are sharing AI-generated imagery from crisis zones, claiming it to be real.
在保護真實和偵測假造方面, 未來滿是艱鉅的挑戰。 針對區別事實與虛構的挑戰, 我們已經看到了警示。 影音深偽的目標對象已經包括 歐盟、土耳其和墨西哥的 政治人物及主要政治領導人, 還有美國市長候選人。 政治廣告中放入了 從來沒有發生過的事件, 也有人分享人工智慧 生成的危機地區影像, 還聲稱是真實的。
Now, again, this problem is not entirely new. The human-rights defenders and journalists I work with are used to having their stories dismissed, and they're used to widespread, deceptive, shallow fakes, videos and images taken from one context or time or place and claimed as if they're in another, used to share confusion and spread disinformation. And of course, we live in a world that is full of partisanship and plentiful confirmation bias.
同樣的,這個問題也並非全新的。 和我合作的人權捍衛者及記者 非常習慣他們的報導被忽視, 也很習慣總會有騙人的 淺偽被廣為散播, 還有來自某個情境、時間點 或地方的影片和影像 被聲稱是出自別處, 也習慣了混淆視聽 和假消息的分享與散播。 當然,我們生活的世界中 充斥著黨派之爭 還有大量的確認偏誤。
Given all that, the last thing we need is a diminishing baseline of the shared, trustworthy information upon which democracies thrive, where the specter of AI is used to plausibly believe things you want to believe, and plausibly deny things you want to ignore.
有鑒於此, 我們最不需要的 就是把民主蓬勃發展所需的 可信任共享資訊標準給降低 人工智慧的幽靈被用來 相信你想要相信的事物, 否認你想要忽略的事物。
But I think there's a way we can prevent that future, if we act now; that if we "Prepare, Don't Panic," we'll kind of make our way through this somehow. Panic won't serve us well. [It] plays into the hands of governments and corporations who will abuse our fears, and into the hands of people who want a fog of confusion and will use AI as an excuse.
但我認為我們有辦法 預防那種未來出現, 那就是現在就要採取行動; 要能「做好準備,別慌」, 這樣我們就能以某種方式順利度過。 慌張對我們沒有好處。 它會讓政府及企業佔便宜, 濫用我們的恐懼, 也會讓想製造混亂的人佔便宜, 用人工智慧來當藉口。
How many people were taken in, just for a minute, by the Pope in his dripped-out puffer jacket? You can admit it.
在座有誰曾被穿著華麗羽絨外套的 教宗給唬到,即使只有一下下? 可以承認沒關係。 (笑聲)
(Laughter)
說正經的,
More seriously, how many of you know someone who's been scammed by an audio that sounds like their kid? And for those of you who are thinking "I wasn't taken in, I know how to spot a deepfake," any tip you know now is already outdated. Deepfakes didn't blink, they do now. Six-fingered hands were more common in deepfake land than real life -- not so much. Technical advances erase those visible and audible clues that we so desperately want to hang on to as proof we can discern real from fake.
在座的各位,是否有認識的人 被聽起來像是自己孩子的聲音給騙過? 如果你在想「我才沒有被唬到, 我看得出深偽」, 其實你知道的所有祕訣都過時了。 以前的深偽不會眨眼, 現在已經會了。 六隻手指的手在深偽世界 比在真實世界更常見—— 不見得。 技術進步,消除了那些 可看見和聽見的線索, 我們迫切想要依靠這些線索 來證明我們能分辨真實和假造。
But it also really shouldn’t be on us to make that guess without any help. Between real deepfakes and claimed deepfakes, we need big-picture, structural solutions. We need robust foundations that enable us to discern authentic from simulated, tools to fortify the credibility of critical voices and images, and powerful detection technology that doesn't raise more doubts than it fixes.
但,其實也不該靠我們在沒有 協助的情況下做這類猜測。 在真正的深偽和被指稱的深偽之間, 我們需要全面且結構式的解決方案。 我們需要穩固的基礎, 讓我們能區別真實的和模擬的, 需要工具來強化重要 聲音和影像的可信度, 還要有強大的偵測技術, 它要是可靠、穩定的。
There are three steps we need to take to get to that future. Step one is to ensure that the detection skills and tools are in the hands of the people who need them. I've talked to hundreds of journalists, community leaders and human-rights defenders, and they're in the same boat as you and me and us. They're listening to the audio, trying to think, "Can I spot a glitch?" Looking at the image, saying, "Oh, does that look right or not?" Or maybe they're going online to find a detector. And the detector they find, they don't know whether they're getting a false positive, a false negative, or a reliable result.
要達到那樣的未來, 有三個必要的步驟。 第一步: 確保偵測技能和工具都能 送到需要它們的人手上。 我和數百名記者、社區領袖, 以及人權捍衛者談過, 他們和你、我、 大家都在同一條船上。 他們邊聽語音,一邊想 「我能抓出小破綻嗎?」 邊看影像,邊說:「喔, 那看起來沒問題或有問題?」 也許他們會上網找偵測軟體。 找到了偵測軟體,卻不知道 他們得到的是把假當真、 把真誤以為假,或是可靠的辨識結果。 舉個例子。
Here's an example. I used a detector, which got the Pope in the puffer jacket right. But then, when I put in the Easter bunny image that I made for my kids, it said that it was human-generated. This is because of some big challenges in deepfake detection. Detection tools often only work on one single way to make a deepfake, so you need multiple tools, and they don't work well on low-quality social media content. Confidence score, 0.76-0.87, how do you know whether that's reliable, if you don't know if the underlying technology is reliable, or whether it works on the manipulation that is being used? And tools to spot an AI manipulation don't spot a manual edit.
我用了一個偵測軟體, 它對教宗的羽絨外套判斷正確。 但當我用它來檢查我為孩子 製做的復活節兔子影像, 判斷結果卻說是人類生成的。 因為在深偽偵測上有許多難題存在。 偵測工具通常只能測出 某一種製做深偽的方法, 所以你會需要多個工具, 且把它們用在低品質的 社群媒體內容上效果並不佳。 信心分數:0.76-0.87, 你怎麼知道那可不可靠,如果 你不知道背後的技術可不可靠, 或針對此深偽方式 它能夠有效地判別出來? 且用來找出人工智慧操縱的工具 無法看出人為的編輯。
These tools also won't be available to everyone. There's a trade-off between security and access, which means if we make them available to anyone, they become useless to everybody, because the people designing the new deception techniques will test them on the publicly available detectors and evade them. But we do need to make sure these are available to the journalists, the community leaders, the election officials, globally, who are our first line of defense, thought through with attention to real-world accessibility and use. Though at the best circumstances, detection tools will be 85 to 95 percent effective, they have to be in the hands of that first line of defense, and they're not, right now.
這些工具也不是人人都能取得的。 安全性和可得性之間是要權衡的, 也就是說,如果人人都能取得它們, 它們就變成對大家都無用了, 因為設計新欺騙技巧的人 會用公眾可取得的偵測軟體來做測試, 然後設計出躲過偵測工具的程式。 但我們得確保這些工具能提供給 記者、社區領袖、全球的民選官員, 他們是我們的第一道防線, 深思熟慮且關注真實世界的 可取得性和使用性。 雖然,在最佳情況下, 偵測工具的有效性可達 85%-95%, 但它們必須要由 第一道防線的人來掌控, 而目前並不是。
So for step one, I've been talking about detection after the fact. Step two -- AI is going to be everywhere in our communication, creating, changing, editing. It's not going to be a simple binary of "yes, it's AI" or "phew, it's not." AI is part of all of our communication, so we need to better understand the recipe of what we're consuming.
第一步,我談的是事後的偵測。 第二步: 在我們的溝通中, 人工智慧將無所不在, 創造、改變、編輯。 不會是黑白分明的 「是,是人工智慧」 或「呼,不是」。 人工智慧是我們所有溝通的一部分, 所以我們得要更進一步了解我們 消費的產品是如何製造出來的。
Some people call this content provenance and disclosure. Technologists have been building ways to add invisible watermarking to AI-generated media. They've also been designing ways -- and I've been part of these efforts -- within a standard called the C2PA, to add cryptographically signed metadata to files. This means data that provides details about the content, cryptographically signed in a way that reinforces our trust in that information. It's an updating record of how AI was used to create or edit it, where humans and other technologies were involved, and how it was distributed. It's basically a recipe and serving instructions for the mix of AI and human that's in what you're seeing and hearing. And it's a critical part of a new AI-infused media literacy.
有人稱之為內容出處和揭露。 科技專家一直在想辦法 把隱形的浮水印加在 人工智慧產生的媒體上。 他們也一直在設計 新方法——我也有參與—— 配合內容來源和真實性 聯盟(C2PA)標準, 在檔案上增加加密簽署的元資料。 這些元資料提供關於內容的細節資訊, 以加密方式簽署,強化 我們對該資訊的信任度。 它是種更新記錄,記載當有人 及其他技術涉入人工智慧時, 它是如何被創造或編輯的, 以及它如何被散佈出去。 基本上,它是種配方和指示說明, 告訴你所看和所聽到的內容中 人工智慧和人類智慧是如何混用的。 它是新的人工智慧 媒體素養中重要的一部分。
And this actually shouldn't sound that crazy. Our communication is moving in this direction already. If you're like me -- you can admit it -- you browse your TikTok “For You” page, and you're used to seeing videos that have an audio source, an AI filter, a green screen, a background, a stitch with another edit. This, in some sense, is the alpha version of this transparency in some of the major platforms we use today. It's just that it does not yet travel across the internet, it’s not reliable, updatable, and it’s not secure.
這其實聽起來不應該很瘋狂。 我們的溝通已經在朝這個方向發展。 若你和我一樣—— 可以承認沒關係——你會瀏覽 抖音的「為您推薦」區, 且你很習慣看到搭配聲音的影片、 人工智慧濾鏡、綠幕、背景、 和其他編輯內容拼接在一起。 就某種意義上來說, 這就類似現今我們看到 在一些主要透明公開平台上的預覽版。 只差在它還沒有在網際網路上傳播, 它不可靠、無法更新且不安全。
Now, there are also big challenges in this type of infrastructure for authenticity. As we create these durable signs of how AI and human were mixed, that carry across the trajectory of how media is made, we need to ensure they don't compromise privacy or backfire globally. We have to get this right.
這種真實性基礎設施 也面臨巨大的挑戰。 當我們針對人工和人類智慧如何 混合,創造出這些牢靠的標記, 標示出整個媒體製做的軌跡, 我們就必須要確保它們不會損及隱私 或造成全球性逆火。 我們必須要把它做對。
We can't oblige a citizen journalist filming in a repressive context or a satirical maker using novel gen-AI tools to parody the powerful ... to have to disclose their identity or personally identifiable information in order to use their camera or ChatGPT. Because it's important they be able to retain their ability to have anonymity, at the same time as the tool to create is transparent. This needs to be about the how of AI-human media making, not the who.
我們不能強迫在殘酷環境下 拍攝的公民記者, 或使用新穎生成式人工智慧工具 寫諷刺文來諷刺強權的創作者 必須要揭露他們的身分 或可識別的個人資訊 才能使用他們的相機或 ChatGPT。 因為,重要的是讓他們能夠保持匿名, 同時創造的工具還要是透明的。 重點必須放在人工與人類智慧 合作的媒體是「如何」做出來的, 而非「誰」。
This brings me to the final step. None of this works without a pipeline of responsibility that runs from the foundation models and the open-source projects through to the way that is deployed into systems, APIs and apps, to the platforms where we consume media and communicate.
這就要帶到最後一步。 這一切要行得通, 就一定要有個責任的流程, 從基礎模型和開放 原始碼專案計畫開始, 經過如何部署至系統、 API 以及應用程式的方式, 再到我們消費媒體和溝通的平台。
I've spent much of the last 15 years fighting, essentially, a rearguard action, like so many of my colleagues in the human rights world, against the failures of social media. We can't make those mistakes again in this next generation of technology. What this means is that governments need to ensure that within this pipeline of responsibility for AI, there is transparency, accountability and liability.
基本上,過去十五年, 我幾乎都是在打後衛戰, 和我許多在人權界的同事一樣, 在對抗社群媒體的失敗。 在下一代的技術中, 我們不能再犯那些錯誤了。 這就意味著政府需要確保 在這為人工智慧設計的責任流程中, 要有透明度、責任歸屬和法律責任。
Without these three steps -- detection for the people who need it most, provenance that is rights-respecting and that pipeline of responsibility, we're going to get stuck looking in vain for the six-fingered hand, or the eyes that don't blink. We need to take these steps. Otherwise, we risk a world where it gets easier and easier to both fake reality and dismiss reality as potentially faked.
沒有這三個步驟—— 讓最需要的人有辦法可以做偵測、 尊重各種權利的出處來源, 以及責任流程, 我們就會徒勞地 不斷尋找六隻手指的手 或不會眨的眼睛。 我們需要採取這些步驟。 否則我們要冒的風險 就是世界會變得越來越容易 去偽造現實 和將真誤判為假。
And that is a world that the political philosopher Hannah Arendt described in these terms: "A people that no longer can believe anything cannot make up its own mind. It is deprived not only of its capacity to act but also of its capacity to think and to judge. And with such a people you can then do what you please." That's a world I know none of us want, that I think we can prevent.
政治哲學家漢娜‧阿蘭 如此描述這樣的世界: 「不再相信任何事物的人民 無法形成自己的看法。 人民被剝奪的不只是行動的能力, 還有思考和判斷的能力。 若人民是這樣子的, 你就可以為所欲為。」 我知道我們沒有人想要這樣的 世界,我認為我們可以預防。 謝謝。
Thanks.
(歡呼及掌聲)
(Cheers and applause)