Advances in artificial intelligence (AI) are making it easier than ever to create hyper-realistic fake audio and video, known as “deepfakes.” While deepfakes can enable creative new forms of expression, they also pose serious professional liability risks that could lead to ethical or malpractice claims, and other sanctions, if attorneys fail to exercise reasonable care.
May 09, 2024 Feature
Deepfakes and Malpractice Risk: Lawyers Beware
Bruce de’Medici
What Are Deepfakes and Why Do They Matter?
Deepfakes leverage powerful machine learning (ML) techniques to swap one person’s face or voice onto video or audio of someone else or create other inauthentic results. The resulting fabricated media can appear strikingly authentic and can be used to present false portrayals that threaten business loss or personal setbacks.
Lawyers may encounter deepfakes/potential deepfakes in various settings, including:
- evidence in administrative and judicial forums;
- defamation attacks;
- support for insurance claims; or
- support for commercial ransom demands (threats to circulate imagery that impacts commercial enterprise value—e.g., imagery representing a C-suite member in a meeting with competitors or prohibited foreign actors).
In September 2023, the NSA, FBI, and CISA issued a Cybersecurity Information Sheet in which they listed deepfakes as making the listof top risks for 2023. In its The Global Risks Report 2024, the World Economic Forum ranked “misinformation and disinformation” as presentingthe highest “likely global impact(severity)” over a two-year period and the second-highest risk “likely topresent a material crisis on aglobal scale in 2024.” Estimates of deepfakes in circulation onlinevary. The foregoing represent evidence of an increasing frequency of deepfakes in existence and an increasing probability of them intersecting a lawyer’s practice.
Why We Can’t Rely on Our Eyes to Detect Deepfakes
The human eye is increasingly unable to spot deepfake manipulations. Developers leverage the same AI that enables doctored media to systematically defeat human detection. They train deep learning models called “generative adversarial networks,” where two neural networks face off—one generates fabricated images or audio while the other tries to identify them as fake. This adversarial back-and-forth progressively improves the generator’s ability to create realistic fakes and teaches it to avoid telltale signs that humans can detect. The results are persuasively realistic deepfakes that fool most people. In tests, humans spotted deepfake videos just over half the time—barely better than a coin flip. Detection rates can be even worse for doctored audio. Our eyes and ears cannot keep pace with AI’s rapid advances.
It is tempting to expect that lawyers can reliably detect doctored evidence just as they can catch a witness in a lie during cross-examination. But deepfakes are increasing in sophistication and becoming increasingly difficult to detect. Unless lawyers stay informed on the state of the art in deepfake generation, they risk allowing manipulated materials to improperly influence their advice and advocacy.
Deepfake Detection—A Technology Arms Race
Fortunately, the same ML techniques used to create deepfakes can also detect them. AI-powered forensic analysis can spot subtle manipulation clues imperceptible to humans. But deepfake generation models continually evolve to sidestep detection by AI watchdogs.
This technical arms race means AI detection requires constant upgrading to analyze the latest manipulation methods. Static analysis tools will inevitably fall behind state-of-the-art deepfake creation technologies. Only dynamic detection models that continually learn to find new manipulation fingerprints can keep pace as deepfake creators invent new tricks.
Humans must partner with evolving AI detectors to reliably confirm evidence integrity. We can no longer trust our naked eyes as definitive arbiters of reality in the face of AI-doctored content. Only vigilant human–machine teamwork has a chance of piecing digital truth from well-disguised lies.
AI Techniques for Creating Hyper-Realistic Deepfakes
Machine learning is a subset of AI—the learning occurs by fitting mathematical models to observed data. It involves the development and evaluation of algorithms that enable a computer to learn patterns from one or more sets of data. It enables data-driven decisions through identifying and extracting patterns from sets of data that, in turn, map from sets of complex inputs into good decision outcomes.
An algorithm is a mathematical formula that a computer can understand and that instructs a computer to analyze set(s) of data and identify recurring patterns or relationships within the data. An ML algorithm is a search process with the (user’s) purpose being to choose the function (from a set of possible functions) that explains relationships between features in data in a fashion that meets the user’s needs. A function specifies a class of problems that can be modeled and solved (or not solved)—a deterministic mapping of input values (applied to the data) and resulting output values. Computers perform this process within sets of data that people cannot practically process themselves.
Algorithms can be both “rules-based” (written to search for particular patterns) or agnostic (written to allow the data to reveal patterns that are not specified or queried in the algorithm). At a sophisticated level, an agnostic algorithm allows data to “speak” on their own and identifies patterns in data that are not known prior to applying the algorithm. In mathematical terms, these patterns of relationships are functions. An example could be a pattern relating income and debt level to credit rating.
The patterns that deep learning algorithms extract from data are functions that are represented as neural networks. In simplified terms, a neuron accepts certain values as inputs and maps them to an output value. In a network, the output value of a neuron is passed on as input to the next neuron. Each neuron learns a simple function—the more complex function is created by combining the neurons (and the learning process) in the network. The structure of the network defines the more complex function. A deep neural network is a type of model used in ML that is loosely inspired by the structure of the brain and capable of making accurate data-driven decisions.
Deep learning focuses on deep neural network models and fits them to data. Again, deepfakes can be constructed from utilizing deep learning.
Generative Adversarial Networks
The most common approach to generating deepfakes is using a class of AI models called generative adversarial networks (GANs). GANs leverage two neural networks—a generator and a discriminator. The generator creates fake images or videos that seem real, while the discriminator tries to identify fakes. Playing this minimax game drives the generator to create more and more realistic fakes that can get past the discriminator.
The training process of GANs can be framed as a supervised learning problem, where the generator and discriminator are trained together. The goal is to train the generator to produce plausible examples that can fool the discriminator, while the discriminator aims to become better at distinguishing between real and fake examples.
GANs are often used with image data and employ convolutional neural networks (CNNs) as the generator and discriminator models. They have been successfully applied in various computer vision tasks, such as generating realistic-looking images, deepfakes, and image-to-image translation.
Convolutional Neural Networks
A CNN is a type of a neural network that takes additional contextual or conditional input to guide its productions of outputs.
A CNN has three types of layers:
- The convolutional layer is the core building block of a CNN and is where the majority of the computation occurs. It applies filters to the input image to extract features, such as edges and shapes.
- The pooling layer down-samples the image to reduce computation and extract the most important features.
- The fully connected layer makes the final prediction by taking the output of the previous layers and mapping it to a class label.
CNNs are particularly useful for finding patterns in images to recognize objects, classes, and categories. They can also be quite effective for classifying audio, time series, and signal data. CNNs can have tens or hundreds of layers, with each learning to detect different features of an image. The filters can start as very simple features, such as brightness and edges, and increase in complexity to features that uniquely define the object. With each layer, the CNN increases in its complexity, identifying greater portions of the image.
Applications of GANs
- Generate Photographs of Human Faces: GANs generate realistic photographs of human faces, which can be useful in various applications, including advertising, gaming, and virtual reality.
- Image-to-Image Translation: GANs translate images from one domain to another, such as converting a sketch into a realistic image or transforming a daytime image into a nighttime scene.
- Text-to-Image Translation: GANs generate images based on textual descriptions, allowing users to create visual content by simply describing it in words.
- Face Frontal View Generation: GANs generate frontal views of faces based on side or angled images, which can be useful in entertainment, security, and surveillance applications.
- Video Prediction: GANs predict future frames in a video sequence, which has applications in autonomous driving, surveillance, and video compression.
- 3D Object Generation: GANs generate 3D objects based on 2D images or sketches, which can be useful in architecture, product design, and virtual reality.
Autoencoders
Autoencoders are another popular technique for creating deepfakes. These are neural networks that encode input data into a compact representation and then reconstruct the output from this representation. Trained on many images of a person’s face, autoencoders can decode new images showing that face from any input image. This enables face-swapping onto target videos. Unlike GANs, autoencoders are not adversarial and consist of two main components, an encoder and a decoder. The encoder compresses the input data into a lower-dimensional representation, while the decoder reconstructs the original input from the compressed representation.
Autoencoders can be trained in an unsupervised manner, where the goal is to minimize the reconstruction error between the input and the output. They are often used for tasks such as anomaly detection, denoising, and dimensionality reduction.
In the context of generative modeling, autoencoders can be used to generate new examples by sampling from the learned latent space. However, they are generally not as effective as GANs in generating high-quality and realistic examples.
Applications of Autoencoders:
- Anomaly Detection: Autoencoders can detect anomalies in data by reconstructing input samples and comparing them to the original data. This has applications in fraud detection, network security, and predictive maintenance.
- Data Compression: Autoencoders can compress and decompress data, which can be used for tasks such as image and video compression, improvement of transmission efficiency, and reduction of storage requirements.
- Feature Extraction: Autoencoders can learn compact representations of input data, useful for tasks such as image recognition, text classification, and recommendation systems.
- Image Denoising: Autoencoders can remove noise from images by learning to reconstruct clean versions of the input data. This has applications in medical imaging, photography, and satellite imaging.
- Dimensionality Reduction: Autoencoders can reduce the dimensionality of input data while preserving important features, making them useful for classification tasks, clustering, and visualization.
Other Techniques
- StyleGANs: Nvidia researchers developed StyleGANs that generate highly realistic synthetic faces by separately controlling attributes like expression, facial structure, hairstyle, and pose. Manipulating these stylistic attributes enables forming a detailed fake face.
- Face Parsing & Blending: Other techniques analyze facial geometry in source and target videos to parse angles, face structure, lighting, and skin tones. Advanced blending algorithms then integrate parsed face elements from the source onto the target seamlessly.
- Voice Cloning: By manipulating audio, including speech, and leveraging varieties of autoencoders, GANs, and style transfer techniques, the resulting voice cloning can mimic target vocal mannerisms and statements.
AI and Quantum Computers
As a general description, quantum computing is predicated upon the laws of quantum mechanics (that physics works differently at an atomic scale and a subatomic scale). Efforts to operationalize quantum computing are ongoing and operationalization at either full or limited capacity will plausibly occur within less than 10 years. NIST has announced that it is “critical” to begin planning now for the decryption threat of quantum computing. In the mean, experts predict that market impact of quantum computing will be over $4 billion by 2029, and McKinsey predicts $106 billion market impact by 2040.
AI will empower quantum computing and be hugely augmented by quantum computing. “Quantum AI” is presently moving at a pace and in a direction for results that many experts suggest “natural” intelligence may not be capable of controlling, predicting, or understanding.
Quantum AI will empower creation of ever sophisticated deepfakes in minutes or even seconds. A quantum AI–driven computer could generate orders of magnitude more sophisticated deepfakes than are presently achievable. In short, sophisticated deepfakes threaten to become commonplace in business and personal lives; effectively addressing them will become an indispensable requirement for the competent practice of law and competing in the marketplace.
Proactive Efforts to Tame Deepfakes
Any future legislation concerning deepfakes would be directed toward reducing uncertainty and risk in this landscape and would need to address the ongoing and fast-paced advancements in AI and related technology. The landscape on deepfake detection is presently similar to the adversarial chase in cybersecurity, whereby advances in cyber hygiene and detection offer varying levels of risk management or reduction, but continuing evolution in cyberattack techniques imposes a temporality to any remedial technique.
For example, detection techniques usually rely on deep learning classifiers to determine if a visual media image is fake or real. Adversarial techniques work against this detection methodology—deepfake creators with knowledge of detection technology can insert slight “perturbations” and noise to the deepfake images to modify the deepfake generation pipeline and exploit blind spots in the detection models. This can cause the deepfake classifier to inaccurately characterize a deepfake as authentic. Examples of these perturbations and noises are pixel-level attacks (direct modification in the images through Gaussian noise, changes to pixel intensities, or flipping low-bit pixel images) and spatial transformations (manipulation of the geometry of images by, e.g., shifting them in position, rotating the images, or enlarging/shrinking dimensions in the images, mixing with out-of-distribution images, or adding near-invisible pixels from other images). These perturbations and noise are sufficient to fool detection models and are invisible to the human eye.
Pending a breakthrough in detection architecture, best practice is to assume that any remedial deepfake detection technique has limits on effectiveness, in both scope and temporal longevity. Maintaining a sharp eye on these limits will be key to effective deepfake detection hygiene.
Duties and Risks
Attorneys Have an Ethical Duty to Understand Deepfakes
A number of the ABA Model Rules could be potentially invoked in connection with a lawyer encountering deepfakes in a law practice. Examples include the following:
Rule 1.1: Competence—sufficient knowledge, preparation, skill, and thoroughness that is reasonably necessary for the representation.
Rule 3.1: Meritorious Claims and Contentions—diligence that a claim or defense has a basis in fact.
Rule 3.3: Candor toward the Tribunal—not offering evidence that the lawyer knows to be false.
Rule 3.4: Fairness to Opposing Party and Counsel—not alluding to any matter that the lawyer does not reasonably believe is relevant or that will not be supported by admissible evidence.
Rule 4.1: Truthfulness in Statements to Others—not making a false statement of material fact or law to a third person.
Rule 8.3: Reporting Professional Misconduct—potential reporting if a lawyer engages in unprofessional conduct regarding a deepfake.
Potential Ethical Challenges
Lawyers who ignore how deepfakes enable new forms of deception may lack the requisite technological knowledge to represent clients diligently, as required by Model Rule 1.1. Similarly, allowing deepfakes to mislead you or your clients could also run afoul of ethics rules on truthfulness. Under Model Rule 4.1, lawyers cannot knowingly make a false statement of material fact to a third person. An attorney fooled by a deepfake risks unwittingly passing along false information supplied by a client or contained in evidence. Raising a lack of knowledge in the face of an ethical inquiry may invite scrutiny of the lawyer’s due diligence in connection with media that turned out to be a deepfake.
Parties could also assert “fraud on the court” if an attorney introduces fabricated materials as real evidence or relies on deepfakes without appropriate scrutiny. Such fraud enables sanctions like dismissing cases and assessing attorney fees.
Potential Evidentiary Admission Challenges
Courts may commence conducting pretrial evidentiary hearings on admissibility of audio and visual media. Sensibly, these hearings should occur in coordination with completion of discovery. Best practices may militate in favor of presenting expert witnesses for both proffers to admit media into evidence and rebuttals to contest opponent’s proffers. Depending upon the array and technology underlying the media, counsel may engage more than one expert (who would testify respectively as to media structured upon different technology).
Selection of experts for these purposes will require care: Diverse methods are employed to create deepfakes and, as noted above, technology for uncovering skillful deepfakes will vary according to the technology utilized in creating them. As creation technology continues to evolve, best practice calls for counsel attending to whether experts (and their technology focus) are qualified to address the media at stake in the matter at hand. In a word, the expert who carried the day in a recent matter may not be qualified to address the technology at play in the matter at hand.
Counsel would be well-advised to review and tailor their engagement letters or disclosures to clients to address the need to conduct due diligence on media presented by clients for admission. Clients may seek to obtain advantages in legal matters by utilizing deepfakes or obtain media from third parties and be reluctant to test its veracity, especially if the media promise to be persuasive to a trier of fact.
Similarly, counsel may decide to press for costs incurred to rebut an opponent’s proffer of a deepfake. As the creation technology progresses, expert costs for uncovering them may correspondingly increase. Thus, the risk of cost sanctions threatens to advance, both in the complexity required in due diligence and the increasing costs required to rebut them.
Potential Malpractice Claims
Beyond disciplinary actions for ethics violations, attorneys’ failure to understand deepfakes poses significant malpractice liability. A lawyer could face negligence claims for letting deepfakes distort their legal advice or diligence in reviewing evidence. Further, by advancing arguments based on deepfakes they should have known were likely manipulated, lawyers risk making factual misrepresentations that support malpractice suits.
The Bottom Line: Lawyers Must Stay Vigilant Against Deepfakes
Deepfakes raise novel challenges at the intersection of ethics, law, and technology. Attorneys have professional and ethical duties to understand deepfakes and guard against being misled or allowing deepfakes to mislead others. In light of the new credibility questions introduced by this technology, lawyers who ignore or downplay the risks posed by synthetic media ignore this obligation at their peril. Best practice is to stay informed on deepfake detection best practices and treat digital evidence with caution.
Remaining informed presents an informational challenge. As deepfake technology evolves, so to will the requisite level of knowledge to address them. This knowledge requirement will advance in terms of both quantity (expanding quantity of creation techniques will engender an expanding body of information to absorb) and sophistication (advancing skill in respective creation techniques will engender increasing complexity in understanding them). Maintaining competence in this expanding knowledge will require a corresponding commitment of time.
Counsel would be well-advised to decide whether to rely upon their own knowledge to address the foregoing or engage outside consultants. Counsel should also structure client disclosure and consent on this decision. Deepfakes are an existing component of the present and future risk landscape that lawyers are retained to address. Proactive measures to address the risk are ethically and professionally required.