One common proposal is that big companies should incorporate watermarks into the outputs of their AIs.
One kind of watermark is already common for digital images.
There are more sophisticated watermarking proposals that are robust to a wider variety of common edits.
Proposals for AI watermarking must pass a tougher challenge.
The person who wants to remove a watermark isn't limited to common edits, but can directly manipulate the image file.
If a watermark is encoded in the least important bits of an image, someone could remove it by simply setting all the least important bits to 0, or to a random value, or to a value automatically predicted based on neighboring pixels.
Just like adding a watermark, removing a watermark this way gives an image that looks basically identical to the original, at least to a human eye.
This approach is more workable than watermarking AI generated images, since there's no incentive to remove the mark.
Comparing watermarking vs content authenticity, watermarking aims to identify or mark fake images; content authenticity aims to identify or mark real images.
Neither approach is comprehensive, since most of the images on the Internet will have neither a watermark nor content authenticity metadata.
The watermarking problem is even harder for text-based generative AI. Similar techniques can be devised.
Creating an indelible textual watermark is a much harder task than telling Hamilton from Madison, since the watermark must be robust to someone modifying the text trying to remove it.
Making detection tools publicly available gives an advantage to those who want to remove watermarking, because they can repeatedly edit their text or image until the detection tool gives an all clear.
Keeping them a secret makes them dramatically less useful, because every detection request must be sent to whatever company produced the watermarking.
Since text output from current AIs isn't watermarked, services like GPTZero and TurnItIn have popped up, claiming to be able to detect AI-generated content anyhow.
Lastly, if AI watermarking is to prevent disinformation campaigns sponsored by states, it's important to keep in mind that those states can readily develop modern generative AI, and probably will in the near future.
A state-sponsored disinformation campaign is unlikely to be so polite as to watermark its output.
Watermarking of AI generated content is an easy-sounding fix for the thorny problem of disinformation.
Watermarks may be useful in understanding reshared content where there is no deceptive intent.
Research into adversarial watermarking for AI is just beginning, and while there's no strong reason to believe it will succeed, there are some good reasons to believe it will ultimately fail.
This Cyber News was published on www.eff.org. Publication date: Fri, 05 Jan 2024 19:43:05 +0000