China announces plan to label all AI-generated content with watermarks and metadata.
China announces plan to label all AI-generated content with watermarks and metadata.
China has released a set of guidelines on labeling internet content that is generated or composed by artificial intelligence (AI) technology, which are set to take effect on Sept. 1.
National gpu registry!
As an exception to most regulations that we hear about from China, this approach actually seems well considered - something that might benefit people and work.
Similar regulations should be considered by other countries. Labeling generated content at the source, hopefully without the metadata being too extensive (this is where China might go off the handle) would help avoid at least two things:
- casual deception
- training AI with material generated by another AI, leading to degradation of ability to generate realistic content
This is a smart and ethical way to include AI into everyday use, though I hope the watermarks are not easily removed.
Think a layer deeper how can it misused to control naratives.
You read some wild allegation, no AI marks (they required to be visible), so must written by someone? Right? What if someone, even the government jumps out as said someone use an illiegal AI to generate the text? The questioning of the matter will suddently from verifying if the allegation decribed happened, to if it itself is real. The public sentiment will likely overwhelmed by "Is this fakenews?" or "Is the allegation true?" Compound that with trusted entities, discrediting anything become easier.
Give you a real example. Before Covid spread globally there was a Chinese whistleblower, worked in the hospital and get infected. He posted a video online about how bad it was, and quickly got taken down by the government. What if it happened today with the regulation in full force? Government can claim it is AI generated. The whistleblower doesn't exist. Nor the content is real. 3 days later, they arrested a guy, claiming he spread fakenews using AI. They already have a very efficient way to control naratives, and this piece of garbage just give them an express way.
You though that only a China thing? No, every entities including governments are watching, especially the self-claimed friend of Putin and Xi, and the absolute free speech lover. Don't think it is too far to reach you yet.
I'm going to develop a new AI designed to remove watermarks from AI generated content. I'm still looking for investors if you're interested! You could get in on the ground floor!
I've got a system that removes the watermark and adds two or three bonus fingers, free of charge! Silicon Valley VC is gonna be all over this.
It will be relatively easy to strip that stuff off. It might help a little bit with internet searches or whatever, but anyone spreading deepfakes will probably not be stopped by that. Still better than nothing, I guess.
You can use things like steganography to embed data into the AI output.
Imagine a text has certain letters in certain places which can give you a probability rating that it's AI generated, or errant pixels of certain colors.
Printers already do something like this, printing imperceptible dots on pages.
Having an unreliable verification method is worse than nothing.
it will be relatively easy to strip off
How so? If it's anything like llm text based "water marks" the watermark is an integral part of the output. For an llm it's about downrating certain words in the output, I'm guessing for photos you could do the same with certain colors, so if this variation of teal shows up more than this variation then it's made by ai.
I guess the difference with images is that since you're not doing the "guess the next word" aspect and feeding the output from the previous step into the next one, you can't generate the red green list from the previous output.
Will be interesting to see how they actually plan on controlling this. It seems unenforceable to me as long as people can generate images locally.
That's what they want. When people doing it locally, they can discredit anything as AI generated. The point isn't about enforability, but can it be a tool to control narative.
Edit: it doesn't matter if people actually generating locally, but if people can possibly doing it. As long as it is plausible, the argument stands and the loop completes.
I think there was a similar idea in the USA with the COPIED Act, but I haven't heard about it since.
Stable Diffusion has the option to include an invisible watermark. I saw this in the settings when I was running it locally. It does something like adds a pattern that is easy to detect with machines but impossible to see. The idea was that you could check an image for it before putting it into training sets. Because I never needed to lie about things I generated I left it on.
USA announces plan to ban the buds of the cannabis plant
They plan to ban hating on the supreme leader.
China is long ahead with that so maybe there is hope.
That's something that was really needed.
Having some AIs that do this and some not will only muddy the waters of what’s believable. We’ll get gullible people seeing the ridiculous and thinking “Well there’s no watermark so it MUST be true.”
Sorry but the problem right now is much simpler. Gullibility doesn't require some logical premise. "It sounds right so it MUST be true" is where the thought process ends.
And the lack of label just reinforced the confirmation bias.
Something that we've needed for too long. Good on China :)
Lol. So everything and anything can just be AI generated fakenews.
It makes more sense to mark authentic content but sure.
China, oh you Remembering something about go green and bla bla, but continue to create coal plants.
The Chinese government has been caught using AI for propaganda and claiming to be real. So I don't see it happening within the Chinese government etc.
What do you expect? This is just another tactic to claim fake bullshit as real. If they have a bunch of water marked stuff, then release something without it, it makes it seem less likely to have been faked.
About as enforceable as banning bitcoin.
Me: "hé <AI name> remove the small text which is at the bottom right in this picture"
AI: "Done, here is the picture cleaned of the text"
Would it be more effective to have something where cameras digitally sign the photos? Then, it also makes photos more attributable, which sounds like China's thing.
No, I don't want my photos digitally signed and tracked, and I'm sure no whistleblower wants that either.
Of course not. Why would they? I don’t want that either. But we are considering the actions of an authoritarian system.
Individual privacy isn’t relevant in such a country. However, it’s an interesting choice that they implement it this way.
Apart from the privacy issues, I guess the challenge would be how you preserve the signature through ordinary editing. You could embed the unedited, signed photo into the edited one, but you'd need new formats and it would make the files huge. Or maybe you could deposit the original to some public and unalterable storage using something like a blockchain, but it would bring large storage and processing requirements. Or you could have the editing software apply a digital signature to track the provenance of an edit, but then anyone could make a signed edit and it wouldn't prove anything about the veracity of the photo's content.
Hm, that’s true there’s no way to distinguish between editing software and photos that have been completely generated. It only helps if you want to preserve and modified photos. And of course, I’m making assumptions here that China doesn’t care very much about privacy.
Sort of. A camera with internet connectivity could automatically "notarize" photos. The signing authority would vouch that the photo (or other file) hasn't been altered since the moment of signing. It wouldn't be evidence that the photo was not manipulated before that moment.
That could make, EG, photos of a traffic accident good evidence in court. If there wasn't time to for manipulation, then the photos must be real. It wouldn't work for photos that could have been taken at any time.
You could upload a hash to the blockchain of a cryptocurrency for the same purpose. The integrity of the cryptocurrency would then vouch that the photo was unaltered since the upload. But that's not cost-effective. You could even upload the hash to Reddit, since it's not believable that they would manipulate timestamps to help some random guy somewhere in the world commit fraud.
That's actually already a thing: https://www.theregister.com/2022/08/15/sony_launches_forgeryproof_incamera_digital/
That's a different thing. C2PA is proving a photo is came from a real camera, with all the editing trails. All in a cryptographic manner. This in the topic is trying to prove what not real is not real, by self claiming. You can add the watermark, remove it, add another watermark of another AI, or whatever you want. You can just forge it outright because I didn't see cryptographic proof like a digital sign is required.
Btw, the C2PA data can be stripped if you know how, just like any watermarks and digital signatures.
This is the one area where blockchain could have been useful instead of greater-fool money schemes. A system where people can verify provenance of images or videos pertaining to matters of importance such as news stories. All reputable journalism already attributes their photos anyways. Cryptographic signing is just taking it to a logical conclusion. But of course the scary word 'china' is involved here therefore we must only contrarian post.