Six Lines

Sasse's Thoughts on Deepfakes

Posted by Aaron Massey on 22 Oct 2018.

Ben Sasse’s recent opinion piece in the Washington Post picks up on something that technologists have been worried about for months or years: Deepfakes. I wrote previously about it, and I’m thrilled to see that politicians are starting to care about this. One of his suggestions is something I completely agree with:

One of the most important ways to combat the gathering storm is to be aware that it’s coming — to become more mindful of the ways that confirmation bias and narrower networks distort our view of reality. Another step: Vow to give your perceived political antagonists the benefit of the doubt. Some of the United States’ enemies now assume, perhaps rightly, that we hate each other so much that we’d sooner collaborate with them than do the difficult work of listening to each other.

Awareness is critical for citizens, but we need more than just awareness from journalists and platforms. We need to develop proactive approaches to addressing deepfakes. What are those approaches? Some of them we know. Deepfakes are similar to other types of fraud that we’ve managed successfully in the past. But there are elements of deepfakes that remain wholly new and will require new solutions.

Sasse’s other suggestion is too lacking in specifics:

How to prevent the potentially catastrophic use of deepfakes? One part of the solution obviously is to ramp up our offensive and defensive cyber efforts. The U.S. military and intelligence communities are not yet where they need to be to fight the wicked hybrid and technologically enabled “gray space” war. The government itself must be modernized for the digital age in a host of ways.

Sasse is right to call deepfakes potentially catastrophic. He’s also right that we don’t currently have the tools needed to address this purely from a technological standpoint. However, Sasse seems to imply that the military should be the primary or even only organization tasked with addressing this. Clearly, there are scenarios where a country like Russia or China could use this as a weapon. But what if it’s just being used by a hedge fund manager to provoke a market reaction? Or perhaps just one campaign against another in an election? The technology is the same, and we would presumably want to prevent both military and non-military uses of it. Presumably the U.S. Cyber Command would be tasked with the military portion of this effort. What would the civilian enforcement agency look like? Maybe I’m reading too deeply into Sasse’s opinion piece. He could address this more in his book.

I am also worried about the call to ramp up both offensive and defensive cyber efforts. Information security is massively asymmetric. If you’re basing decisions on economic effectiveness, then you’re going to spend more of your money on offensive weapons. But if all way have are offensive weapons, then we have to rely on something like mutually assured destruction for defense, which seems less than ideal. Worse, employees of major tech firms, like Microsoft and Google, are petitioning their bosses to ensure their technology isn’t used to build “a more lethal” military force. I suspect bundling both offense and defense together will only become more difficult to sell as computing professionals wake up to their own role in the use and distribution of the technologies they create.