Analysis
Demystifying Generative AI Disclosures
November 27, 2024 |
Generative AI is frequently used to obscure, mischaracterize, and fabricate information online. EPIC has written two major reports cataloging the harms wrought by generative AI. Large Language Models (“LLMs”), text-to-image models, and text-to-video models, among other types of generative AI, are probability models that spit out results with the same biases and errors that have been built into the training data sets. For example, a recent study by UNESCO found pervasive racist, sexist, and homophobic correlations in major LLM models like Llama 2 and GPT 2 (both open source—aka free and available at scale to the public). Furthermore, these AIs are prone to AI confabulation, or making entirely novel outputs with no basis in reality. This includes an LLM that made up court cases when asked to engage in legal research as well as a hospital transcription service that filled the seconds of silence during a patient appointment with sentences that were not found in the underlying audio recording. It is also glaringly easy to infringe on intellectual property rights when using generative AI. Most of the internet has been scraped to train LLMs and text-to-image models, and artists and journalists, in particular, allege that their works have been stolen for the profits of AI companies. Bias, AI confabulation, and infringing on intellectual property rights all boil down to the same thing: the use of generative AI is blurring the lines between authentic content and synthetic content.
To address some of these harms, various policymakers have begun to implement requirements to disclose when any content is either fully synthetic or has been manipulated in some way by AI. These disclosures can either be direct or indirect—i.e. directed towards the viewers of the content or covertly embedded in the content. However, disclosures are a limited tool that reactively tries to address symptoms of major issues endemic to AI, rather than proactively addressing the root causes. This analysis sets out to clarify terms, address the uses and limitations of synthetic content disclosures, and provide steps forward for policymakers attempting to stem the flow of mis and disinformation online.
Importantly, this blogpost is limited to the discussion of disclosures on synthetic content like static text, images, and videos. This blogpost does not discuss disclosures for when an individual is engaging with an AI system like a chatbot or when an individual is subject to automated decision-making systems such as tenant screening algorithms.
Initial Level Setting
There are several confusing, overlapping, and/or technical terms thrown around when discussing disclosures of synthetic content, so here is a quick glossary for the purpose of this analysis.
- Synthetic Content: Information, such as images, videos, audio clips, and text, that has been significantly altered or generated by algorithms, including by AI.[1]
- Disclosure: A broad umbrella term that includes information attached to images, videos, audio clips, and texts that denotes whether (and how) that piece of content is authentic or synthetic. This could be something as simple as a self-certification shown through a line of text on an advertisement stating “this ad is AI-generated” or it could be as complex and technical as a very specific audio filter layered onto an audio clip that indicates to software designed to identify synthetic content that the audio clip is synthetic.
- Watermark: A broad umbrella term used interchangeably with disclosure, although typically used to refer to a more technical manner of identifying content as synthetic or authentic. For example, instead of relying on self-certification, watermarks typically denote a connection to a generative AI algorithm, similar to how TikTok’s logo appears embedded on its videos or by using metadata specifically indicating that an image is synthetic.
- Provenance: A way to track the history of a piece of content. Provenance information may include information about the creator, the distributor(s), a watermark denoting that the content is in some way synthetic, and/or a mark of authenticity (i.e. a certification denoting that the content is not synthetic). The provenance can be used as a ledger to verify the authenticity of a piece of content, similar to authenticating a piece of expensive artwork in the art world.
- Metadata: Data embedded in the file of a piece of content that “describes the characteristics of data, including structural metadata that describes data structures (i.e., data format, syntax, semantics) and descriptive metadata that describes data contents (i.e., security labels).” [2]
Disclosures achieve two limited goals: viewer autonomy and the creation of evidence.
First, a clear and conspicuous direct disclosure, such as a logo on an image or a voice at the beginning of an audio message disclosing that a voice is AI-generated, puts the audience on notice that the proffered information may be false or misleading. This false information may be due to AI confabulation, inaccurate information in the training data, or it may even be due to the creator/distributor of the content intentionally trying to mislead the audience. In the case of a deepfake, the audience would know that the person being imitated did not actually say or do the actions depicted in the deepfake. By putting the audience on notice of the source of the information they are receiving, whether that be an advertisement about a product or an attack ad against a candidate in a contested election, the audience is in a better position to verify the ground truth of the information they have received from the content.
Some have criticized disclosures, arguing that mandated disclosures on political ads led to a reduction in trust of the candidates putting out ads generated or manipulated by AI. While disclosures may be accompanied by a reduction in trust of the piece of content, that reduction in trust is due to the manipulation of content being misleading, not the fact that the misleading action was disclosed. Content like political advertisements are inherently untrustworthy mediums, as they are attempting to influence an individual’s opinion in a highly sensitive and controversial arena. If a political advertisement discloses that generative AI was used in some way, the reduction in trust is not because of the mere fact of the disclosure, but more likely based on the inherent biases and error rates of generative AI as well as the weaponization of yet another technology to sway an individual’s opinion by manipulating reality. Trust reduction in these cases means the disclosure is working as intended to give individuals more information to accurately assess the information they have been given.
Second, disclosing whether or not content is synthetic (or certifying that content is authentic) creates an evidentiary trail for the individuals hoping to enforce their rights against the creator and/or distributor of the content. A copyright holder can follow the provenance back to the original creator of the infringing content; a defamed person can prove to a judge that a video was generated or manipulated by AI; or teachers can prove that a student engaged in plagiarism or used AI in an assignment.
Disclosures are severely limited and technically weak.
While disclosures may sometimes help move us closer to the goals listed above, they are not a panacea. Disclosures are often inconsistently applied, do not work in all contexts, and leave several other AI problems unaddressed. First and foremost, disclosures do not affect bias or correct inaccurate information. Merely stating that a piece of content was created using generative AI or manipulated in some way with AI does not counteract the racist, sexist, or otherwise harmful outputs. The disclosure does not necessarily indicate to the viewer that a piece of content may be biased or infringing on copyright either. Unless stated in the disclosure, the individual would have to be previously aware that these biases, errors, or IP infringements exist, and then must meaningfully engage with and investigate the information gleaned from a piece of content to assess veracity. However, the average viewer scrolling on social media will not investigate every picture or news article they see. For that reason, other measures need to be taken to properly reduce the spread of mis and dis information.
The Liar’s Dividend
The harms from using generative AI to manipulate authentic content or create synthetic content wholesale stem not only from content creator’s ability to convincingly present AI-generated content as real, but also from their ability to convincingly present real content as AI-generated—a concept that legal scholars Robert Chesney and Danielle Citron coin the “Liar’s Dividend.” The Liar’s Dividend raises two issues: First, as Chesney and Citron note, a “person accused of having said or done something might create doubt about the accusation by using altered video or audio evidence that appears to contradict the claim.” Second, the risks of the Liar’s Dividend grow more likely as the public grows more aware of AI-generated content. As Chesney and Citron argue, a “skeptical public will be primed to doubt the authenticity of real audio and video evidence” as convincing AI-generated content becomes more common. This risk is doubled in the interim when disclosure requirements are inconsistently applied and inconsistently required. The public will be left unsure about what aspect(s) of the content they see are AI-generated, if any—and what aspects to believe.
Requiring content provenance can combat an individual’s ability to lie about their innocence, but only if there is trust in the infrastructure that provides the provenance data. Under current technological standards, this is incredibly difficult.
Specificity of Disclosures
If disclosures are not specific as to what aspect of the content is synthetic/manipulated, both the autonomy and the evidence goals are hampered. The value of disclosures depends entirely on a viewer’s ability to effectively leverage that information to evaluate the content’s authenticity. For example, a disclosure should distinguish whether a commercial for a grocery store merely includes an AI-generated jingle, or whether the people appearing on screen are full deepfakes. Merely disclosing that something about a piece of content is AI-generated could imply that the entire image is AI-generated, or that a voice in an audio recording is AI-generated instead of just the background music.
Actual Notice to Viewer
To achieve actual viewer autonomy, disclosures must be direct, clear, and conspicuous, such as a logo on an image or video or an audio message at the beginning of a recording stating that a voice is AI-generated. The average person will not check every image’s metadata to assess whether or not it is synthetic. Indirect disclosures should be limited to situations where the goal is creating an evidentiary trail.
Persistence and Robustness
Disclosures must be hard to remove to ensure trust in the disclosures remains strong. One of the major obstacles of disclosure requirements is that most forms of disclosures are easily removed from content when it is re-shared. This is typically due to the methods of resharing content. For example, to remove the metadata from an image, all you have to do is take a screenshot and share the screenshot. Both images and videos can be cropped to cut out visual watermarks. Text, in particular, is nearly technically impossible to watermark. Most text is shared by copy-pasting, which removes metadata. Google has recently implemented an AI detection system by testing the probability of choosing certain words to go together, but it is unclear how accurate this is for distinguishing authentic from synthetic text. Text based AI detection is notoriously inaccurate and, by relying merely on probability of word choice, students could face dire consequences by being falsely accused of cheating on assignments with generative AI. Audio, surprisingly, is one of the mediums best suited to maintaining disclosures, as people typically reshare audio by downloading and resharing the original audio file to preserve the quality of the audio. Since the original file is being reshared, metadata in the file would remain present. The technical feasibility of persistent watermarks in all mediums is still being heavily researched, including by NIST.
How should disclosures be implemented to achieve viewer autonomy and create an evidentiary trail?
- Belt and suspenders: Regulators should require both direct and indirect disclosures to ensure persistence and to meaningfully notify viewers that the content is synthetic. Furthermore, disclosures cannot be the only tool used to address the harms that stem from generative AI.
- Specificity: Disclosures should be specific about what components of the content are actually synthetic.
- Directness: Direct disclosures must be clear and conspicuous, such that a reasonable person would not mistake a piece of content as being authentic.
- Robustness: Disclosures must be technically shielded from attempts to remove or otherwise tamper with them.
- Persistence: Disclosures must stay attached to a piece of content even when re-shared.
- Format neutral: The disclosure must stay attached to the content even if it is transformed, such as from a .jpeg to a .png or a .txt to a .docx file.
For more best practices on disclosure regulations, see NIST’s 2024 Report on Reducing Risk Posed By Synthetic Content. For more best practices on AI regulation more generally, see EPIC’s AI Legislation Scorecard.
Conclusion
Disclosures are a widespread, but complex and confusing regulatory tool that fails to adequately address the root issues perpetuated by the use of generative AI. In the limited goals disclosures serve, regulators have the opportunity to meaningfully erect guardrails in an ever-expanding AI industry. Creating an evidentiary trail allows victims of IP infringement, defamation, and other rights violations to place the liability in the correct place when vindicating their rights in court. Putting the audience on notice of the use of generative AI is the first step in providing individuals the knowledge, tools, and autonomy to combat mis and disinformation campaigns online. Various states have begun to pass niche rules including disclosure requirements, largely targeting highly sensitive use cases such as the use of deepfakes in election related advertising. Colorado has even passed a broad AI bill covering various topics, including some disclosure requirements. AI legislation is moving forward at a rapid pace, and, while disclosures cannot be the only tool used in the regulatory battle against the use of generative AI, it is a step in the right direction.
[1] NIST, Reducing Risks Posed by Synthetic Content, NIST AI 100-4, at 1 (2024), https://airc.nist.gov/docs/NIST.AI.100-4.SyntheticContent.ipd.pdf (draft provided for public comment).
[2] Id. at 15.
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate