2020, China, Face Recognition, and DeepFakes
30:12 Share

Hello and welcome to Scan Today's Let's Talk AI podcast, where you can hear from AI researchers about what's actually going on with AI and what is just clickbait headlines. I am Andrey Krenkov, a third-year PhD student at the Stanford Vision and Learning Lab, and I focus mostly on learning algorithms for robotic manipulation in my research. And with me is my co-host. I'm Sharon, a third-year PhD student in the machine learning group working with Andrew Ng.

I do research on generative models, improving generalization of neural networks and applying machine learning to tackling the climate crisis. And as usual, we are going to chat about last week's major AI news stories in this episode. And this week we have quite a few stories with a few different themes to get into. So we're just going to dive straight in. Our first theme is discussing AI in the context of 2020, this very unusual

and unenjoyable year with our first article being titled AI is struggling to adjust to 2020 from TechCrunch. And this article basically is making a point that as things shifted so radically this year, so we all started wearing masks. A lot of us started working from home with kids in the background and things like that.

In general, a lot of things changed. And it turns out that the way we do AI now has trouble keeping up. So while we as people can sort of understand all this stuff really easily, in a few ways, current AI fails to keep up. In particular, let's say with facial recognition, there are difficulties adjusting to having masks. Or with classification of scenes, some AI can say that

you know, there's a play going on if I show in the background, even if it's actually an image of someone working at home. So a good kind of overview article pointing out that AI is a little bit fickle and not as adjustable maybe as we are. Sharon, do you have any thoughts on this? Do you have any other examples of how AI maybe is having trouble keeping up?

Yeah, one interesting thing from the article is that faces are often detected as two faces. One is just the top half of the face and the other is the whole face with the mask on. And I find that kind of interesting. And also kind of there's also...

also a bit of a concern based on this, and that's to create robust data sets that are not biased. And I think now that we know that our existing data sets are maybe a little bit biased, at least a little bit biased, maybe our new data sets can be less biased and that we can upgrade a little bit more. However, I think it's a really challenging time to upgrade these data sets since the article notes that

photographers or people in general may have limited access to communities other than their own and are unable to actually diversify their subjects. So it will be kind of more difficult. Of course, we're not depending necessarily on photographers for these data sets. Sometimes they're

Sometimes they're scraped from Flickr, for example. But yeah, I think this raises a whole host of issues as well as introduces kind of a new paradigm and a new societal and cultural shift that hopefully will enable us to upgrade our data sets, like giving that...

giving this, making this into that kind of opportunity. But there are definitely challenges. Yeah, exactly. You've seen some examples actually of more companies starting to adopt facial recognition to sort of gain entry into buildings instead of having a key card or something where you have to use your hands.

So just as AI technologies are being adopted more, we are finding that we actually need to adjust them and retrain them to handle masks and other things. And so, as you say, it's it seems like a very good idea to be careful and do so in a way that works equally well for all sorts of people and is not biased or, you know,

especially good for white people, as has been the case with prior AI techniques. Also related to this year is our next article titled AI is not going to magically deliver a coronavirus vaccine. And this article is about how a Harvard MIT group

We used AI to identify the chemical compound halicin with antibiotic properties versus drug resistant bacteria strains. And this is the first chemical compound that's been discovered this way and hopefully can be useful for coronavirus in some way. But this is just the first step to actually creating a drug.

So there's also an issue of machine learning generally being pretty expensive and machine learning cannot shorten any of the subsequent steps, such as clinical trials or the guarantee safety of the drug. Any thoughts on this, Andre? Yeah, yeah. So good sort of article, I think, highlighting some of the ways AI can help and also ways in which it's limited.

I don't know how many of you believe that AI is going to magically deliver a vaccine, but it's interesting in this article, there's a lot more detail on how it can help and has helped already, but all the ways in which it's not going to give the answer and it's going to require experimentation and testing and all the usual process where AI really can't provide an answer magically.

So good thing to keep in mind in general with regards to AI. It helps with all these processes, but it's not going to take away all the human work in this case as well. Moving on, another somewhat 2020 related topic and a whole host of articles on this one on the theme of facial recognition.

And the first one here is titled "The Panopticon is Already Here from the Atlantic". On a high level, it's about how facial recognition is being used in China and all the systems and technology we have developed there and the way it's being applied. It's quite a deep dive into the systems and overall landscape surveillance and in particular how facial recognition is being used there.

So very interesting read. We're not going to go into all of it because there's a ton of detail, but we're going to discuss just a few things here. So one of the big messages in this article is how much surveillance and AI power surveillance China already has, how

In particular, because a lot of people constantly use phones, a lot of sensors, that data goes directly to algorithms that are processing it. So the country is home to more than 1 billion phones now that have a lot of data that are being processed. But even for remote sites in rural communities, it turns out that there's initiatives to scan people's faces in return for data

cookware. So there's actually an active effort to make data collection for just about anyone and to have a government ID that links up to all the surveillance. So pretty, pretty hot spinning, really. It's it's interesting, a little bit scary and dystopian to get this entire description and definitely worth kind of being aware of just to know where I can go if you don't push it in the other direction.

Do you have any thoughts on this, Sharon? Yeah, I think some of the biggest components that drives what China's doing are the fact that everyone's phones are very much attached to

to their identities. And not just phones, just a lot of this data is very much attached to identities. So there's not much aggregation or noisiness that they have to do there. So they very much know what you're doing all the time. And that's very much not the case in the US. I think it's much more siloed. Data is much more messy due to privacy laws largely. And I think in China also,

The big companies are working very collaboratively with the government or even like as part of the government in some in some cases, whereas in the US, that's that's definitely not the case where we see these companies being somewhat separate from from the government and may not may not hand over data or may not.

maintain privacy of the data for the sake of their users or something like that. I think Apple touts that. Yeah, yeah, exactly. The details regarding the government ID and the way that phone data links up to it is quite interesting in this article. I also found it interesting that it touched on the topic of brain power. So people who study AI and who do research in AI and develop it

It's noted that historically China has struggled to retain some of these researchers and talents who went to departments in the U.S. actually to do their PhDs, sort of like we are, and to work here. And it notes that now that might be changing with the Trump administration making it more difficult for Chinese students to study in the U.S.,

and kind of adding to an overall feeling that they're not welcome. And it also quotes a leading machine learning researcher at Google that said that visa restrictions are one of the largest bottlenecks to our collective research productivity. So in a way, you could even say that this hostility to foreign students, to Chinese talent is encouraging, you know,

work going on in China and development of more surveillance as opposed to things that we might encourage more here in the US, which is non surveillance applications of AI, hopefully more positive applications, things like that. So interesting thing to note there. And I think something we both kind of have seen close up even within Stanford that people are being affected by this, these actions of the administration.

Absolutely. And following the theme of facial recognition, our next article from The Verge is titled Cloak Your Photos with this AI Privacy Tool to Fool Facial Recognition. So an application called Fox, F-A-W-K-E-S,

Created by UChicago's Sound Lab actually makes small alterations to your pictures to fool facial recognition systems, what they call cloaking. So basically it makes really, really small minuscule changes to the pixels in your images. And all of a sudden this can fool your facial recognition, your out of the box facial recognition algorithms. And UChicago claims 100% successful rate against the state of the art facial recognition systems.

And this has been released as free software for both Windows and Mac. And there have been over 100,000 downloads now. But the low adoption and but many different applications have actually already collected photos of you is kind of a criticism that the article puts out. And and I guess this could largely just help with cloaking future images you do put out online.

Yeah, I think the criticism here is that, you know, right now there's already so many labeled images and even 100,000 downloads is not that much considering how many people are using smartphones and taking selfies, etc.,

But on the other hand, this is a good first step. And maybe I can imagine in the future, we might even have apps on our phones that automatically for every photo you take, do this. So any new photos, if you want them to be not usable for facial recognition, can just run this process in the background. And hopefully we can do

you know, to a larger extent have anonymity and not be easy to find through all the data we generate. It's definitely a cat and mouse game. So as a system like this improves, the facial recognition systems will also improve, maybe offensively you could think of it as, and this will then improve defensively over time.

And I think one other piece of concern that the article does bring up, that's a really good point, is the 100% successful rate. I think that's a little bit overstating what this AI could do. And it does worry me when people do that because it then puts a burden on the user to realize, you know, there might be something wrong with this. And that really could hurt the users of something, some kind of product like this. And I see this very similar to Tesla saying,

our autopilot works. Yeah. And in addition to that, that is an issue. And another issue is that once again, that, you know, people have to be aware of this technology in the first place.

And it's a very cumbersome thing to load it onto your, you know, desktop or laptop and then process all your photos all the time. And the article does say that the Fox team admits that for it to make a real difference, it has to be released more widely and be more easily usable. They don't have any plans to do it, but it does say that they are hopeful that companies like Facebook might integrate similar technology.

So hopefully maybe one day we'll have a little like setting box that says anonymize my photos automatically instead of having it be done. Certainly, I think a larger group than just a research team needs to take it on for some point used to be viable.

On a similar note of fooling facial recognition, we have our next article from the Technology Review titled The Hack That Could Make Facial Recognition Think Someone Else Is You. And it's, yeah, kind of similar in flavor here. The idea is you can change an image that doesn't change too much, changes just a little bit, but is enough to make facial

facial recognition system think that it's not you in the language, but someone else, as the title says. And this is about a team from the company McAfee that released this method. So very similar here. It's kind of a little bit different in the sense of it's not just failing to recognize you. It's actually recognizing someone else.

I don't know what the application there is, but it's kind of fun to see another take on it. Any thoughts on that, Sharon? Yeah, definitely. This makes me think of one of the first principles I learned in my privacy class, which is that the best way to be private is actually not to try to take your information down, but actually to falsify it.

So to have information about you, but to have it contradict itself, have it be false. And so this is kind of getting at that, which is,

safest way for your data to exist is not to not exist actually, or to be, or to try to keep it offline because that's not going to work is what the thesis is, but instead to mask it with something else. So that does remind me of that. And I also find it really interesting that McAfee or McAfee,

This company that typically makes firewall software, I believe, is going after this space and looking into this space. So I find that really interesting as well.

Yeah, I agree. The article notes that the McAfee researchers say their goal is ultimately to demonstrate the inherent vulnerabilities in these AI systems and make clear that human beings must stay in the loop. So in a sense, I suppose it's related to security, right? In a sense of saying these AI systems aren't secure. You can, in a sense, hack them with these kinds of tricks.

And yeah, I think this is a good example of something we should all be aware of, especially people trying to use these technologies, that these kinds of attacks will be developed more and more, presumably.

So from facial recognition, our next article is about tackling it. And it's titled, Meet the Computer Scientist and Activist Who Got Big Tech to Stand Down. Joy Bualamwini published studies on gender and race disparities in facial recognition. And this has laid the groundwork for the recent moratoriums or in the stop of selling facial recognition by Amazon, Microsoft, IBM, etc.,

And Joy has founded the Algorithmic Justice League, which is a nonprofit organization building on all of this work that she had started. And now there's a much larger team behind this force.

Indeed, yeah. We've mentioned the algorithmic justice leak here and there in discussing facial recognition. And that's because this work on gender shades and other projects have really made clear the limitations and problems with facial recognition. And this, in some sense, is pretty similar work to make clear that even products that are live and usable can

from Amazon and IBM and Microsoft to really deeply flawed in ways that were, you know, pretty shocking almost. So very impactful work. And, um,

It's very cool to see it getting more recognition in these kinds of press pieces. And the article also notes that the organization is now launching its most ambitious, maybe initiative yet, the Algorithmic Vulnerability Bounty Project, which is a set of tools that will help people report biases and harms caused by AI, similar to sort of bug bounty programs used to find security flaws in software.

First time for me hearing about this Algebraic Vulnerability Bounty Project and the idea of having these sort of bug bounties and allowing people to report harms and biases from various people

seems pretty intuitive and like something that's needed right now as I get to deploy, deploy more and more. What do you think about this new initiative, Sharon? I think this is fantastic. I've heard of bug bounties for just regular bugs.

various websites and this happens pretty often. But for biases in particular, I think this is fantastic and I think it's needed. I wonder if scraping certain Twitter pages will get there too. But I think it definitely should be incentivized to find these and to crowdsource it essentially. Exactly. Yeah. They note that

They want the work of finding these biases and issues to be led by individuals and community based organizations that represent people who have historically been harmed by such systems. And these are maybe lower income people, maybe people outside of the traditional community. So it seems to make a lot of sense to have a project

Kind of reaching out and making it easier for them to point out issues of AI for them, which, you know, companies like Google or Amazon maybe aren't reaching out as much and aren't noticing these issues in these communities and for these people.

But enough on facial recognition. That was quite a bunch of stories this last week. We have another popular theme of AI next, which is deepfakes. And the first article here from Wired is titled Cheap, Easy Deepfakes Are Getting Closer to the Real Thing.

So it's basically pointing out progress in the field. And as the title says, that it's becoming easier and cheaper all the time. As a specific example, it says that Philip Tully from the company FireEye generated hoax images of Tom Hanks at a security conference to show how easily open source software could be adapted to specific misinformation campaigns.

And it was easy in a sense of it required only a bunch of photos of Hanks, which is, of course, easy. And it costs less than a thousand or less than a hundred dollars to get the software to work. It wasn't amazing, but it was good enough to misinform and generate really misleading kind of things.

The article also notes that Tim Huang at Georgetown says that even still right now, there's not an immediate threat of trickster using deepfakes. There's a lot of other avenues for misinformation. But as it gets cheaper and easier, we should prepare and be ready for this to really become super easy, super cheap and the implications of that.

So touching on deepfakes, a popular topic. Do you have any reactions to this particular article, this example, or deepfakes in general right now, Sharon?

I'm not surprised is basically what it is, except for maybe the hundred bucks. I didn't realize cloud compute was that cheap right now, but I can imagine what they're using for, uh, for the technology there. Um, it's, I mean, this is concerning and I guess we're all eyeing the election where this is probably where it's most concerning for the U S uh, right now. Um, yeah. Yeah.

I guess it's just a developing situation. We've been aware of this stuff for a while and so far it seems like there hasn't been really a catastrophic case of misinformation. But there have been some examples and, you know, there's a sort of feeling of like, is it going to happen at some point that someone is going to really use it for something major? I guess we'll see.

Interestingly, this article does note that Tim Huang offered a report published last month that looked at the problem and says that it doesn't present an acute and imminent threat, but that we do need to be prepared for it.

And it noted that we could get prepared by having corporate and academic labs create deepfake zoos that collect examples and basically collect all the possible ways of making deepfakes on the cheap so that we can detect them and be ready. Absolutely. And related to deepfake images, our next article is about deepfake text.

Another article from Wired, it's titled AI generated text is the scariest deepfake of all. So GPT-3, the recent model that's come out for AI generated text has been able to produce shockingly human sounding text. Deepfakes are bad, but can sort of be detected.

Basically, we're trying to get better at it. And especially from that repository that FireEye wants to put together, it can be maybe detected from these artifacts that are present in these images. But there's nothing to really compare with or fact-checked against when it's text. It's much, much harder. It's much, much harder to find these little oddities, little artifacts in the images, in the pixels themselves.

So, increasing people's awareness of various oddities or various aspects of text, of AI generated text, will make it possible to identify not only fake images and video, but hopefully also synthetic text.

The article notes that synthetic text is especially concerning because you can generate a very high volume of it. And this kind of floods the gates with the ability to subtly warp the information landscape. Right. Yeah. So I guess the point of the article is basically that

Deepfakes are scary. Maybe you've heard of video deepfakes and seen audio deepfakes, which kind of are impressive. But if you think about it, text deepfakes, really human-seeming text generated by things like GPT-3 might be the scariest of them all, which is a little bit

maybe alarmist, but the article does seem to make some good points, I think. I definitely read somewhere that what 2PT3 outputs, it's kind of just 95% of what you say is probably similar to what it outputs. So...

Yeah. So it might be pretty difficult to detect the text if the text is using very common words and phrasing, which is what GPT-3 would be doing. Yeah. On the other hand, actually, we just put out a new brief on Sky News Today. So I helped write a little article discussing GPT-3 and

with some other researchers that we titled GPT-3, an AI breakthrough but not coming for your job, basically making a point that GPT-3 still has a bunch of limitations. Although it can make sort of things that seem plausible at a high level, like you can read the text and if you're not looking for it, it can seem like a human might have written it.

But for anything sort of complex, anything really substantial, you will start to realize that, you know, there's no real thought behind kind of a bigger message. There's no consistency. Things start breaking down in a way that you can kind of learn to be aware of.

So yeah, hard to see how dangerous or scary this deepfake really is, but just another kind of instance of something to think about and prepare for and perhaps understand how we should react to it.

Definitely. And I would say that actually OpenAI's CEO actually agrees with this, which brings us to our last article on Medium. As its GPT-3 model wows the world, OpenAI's CEO suggests, quote, the hype is way too much.

So people are doing lots of different things with GPT-3, but many other folks are not very impressed. So GPT-3 can write a lot of code, respond to essays, maybe not as substantively as a human code.

And but the warning is to not overhype this. And even Sam Altman, who's the OpenAI CEO, warns against this overhyping. And I think this is very much in line with the Skynet Today article. Exactly. Yeah, this was a little article to sort of

the tweet from Sam Altman and I think it reads AI is going to change the world but GPT-3 is just a very early glimpse. We have a lot to figure out still. So, yeah,

Again, good reminder that there were very impressive demonstrations with GPT-3, and it's often the case that you get pretty impressive demos with AI, but then you really have to dig in and realize that

Not to extrapolate from this demo to something more human-like. There are a lot of limits and a lot of ways in which the system is not capable of things that we are. And that's going to be the case for a while until many of the challenges that are remaining will be sorted out.

And with that, thank you so much for listening to this week's episode of Skynet Today's Let's Talk AI podcast. You can find the articles we discussed here today and subscribe to our weekly newsletter with similar ones at skynetoday.com. Subscribe to us wherever you get your podcasts and don't forget to leave us a rating if you like the show. Be sure to tune in next week.