Online media and social networks expand the attack surface usable by the malicious actors, and deepfakes are the ultimate weapon. Well-known as a disinformation tool for the society, they bring about other risks to be considered by businesses.
The recent events linked to the COVID-19 outbreak have proven the necessity of acceding to reliable and true news for all the society. More than the epidemic, we have witnessed an « infodemic », rapid spread of false or misleading information on the social networks, raising the question of the trust given to the platforms relaying the news and of the authenticity of the information they pass on.
The use of deepfakes is a topical phenomenon affecting firstly the general public. It is inherently linked to the importance gained by the social and online media in our daily life.
In September 2019, we counted near 15,000 deepfake videos online, twice more than in December 2018. If 96% of these videos were pornographic deepfakes posted on specialised websites, the extent of the affected topics has however increased to reach all the famous social networks (YouTube, Vimeo, Dailymotion). Amongst the deepfakes posted on YouTube, 20% already represented politicians, business owners and journalists[1]. Their disinformation power on the general public allows them to influence major political and societal events from the moment they star famous personalities.
Deepfakes keep getting better, while the tools to generate them become more accessible (such as Lyrebird, for the audio deepfakes, Zao, for face-swapping, and the most recent one, Avatarify, integrated to Zoom and Skype, for the video). Their harmful power weighs more and more not only on public actors and organisations, but also on private ones, and must be taken into account in every business sector.
A RISK WORTH CONSIDERING FOR BUSINESSES
Deepfakes can also be used against businesses. They offer a new playground for malicious actors, particularly through two means of action:
- The improvement of Fake president frauds, whose impacts and probability are increased by deepfakes. The fraud becomes more credible thanks to photos, videos and audios copying the person who is impersonated. The targeted collaborators therefore consider these contents as an authentication in itself of the interlocutor, and the chances of successful attacks are increased – which is an incentive to ask for larger sums. Besides, the tools to generate deepfakes being accessible to the large public, the use of these frauds by malicious people increases.
- The undermining of the business through relayed false information can strongly damage its image, leading to a certain number of consequences, notably financial and legal. We can wonder what would be the impacts of an ExCom member’s video speech sharing fake results or strategic orientations on the price of his firm’s share or on the trust of its prospects; or those of the disclosure of a product anomaly on the direct order intake. Moreover, denying the rumours is harder when deepfakes are used. Today, many businesses still feel afar from the subject: How many have already wondered what would the impacts of a deepfake be on their activities?
A legal framework IN PROGRESS
The states start putting together an answer to the deepfake concern and legislating to regulate their diffusion. Some countries such as China criminalise the diffusion of deepfakes without notifying the audience about it (since the 1st of January 2020). In the United States, the treatment of the deepfakes’ question is speeding up as the presidential election of November 2020 approaches, and it is dealt with both at the federal level (bills prohibiting the diffusion of deepfakes in California, Virginia and Texas) and at the national one (the DEEPFAKE Accountability Act[2] is being discussed by the Congress to “combat the spread of disinformation through restrictions on deep-fake video alteration technology”). In France, the question of deepfakes is included in the law of the 22nd of December 2019, related to the fight against the manipulation of information – and is therefore not dealt with specifically.
These legal frameworks remain dawning and heterogeneous, and only represent one part of the answer to provide to this technology. More than condemning their malicious use, the issue is mostly to be able to detect and avoid them.
In this first part, we have given an overview of the risks presented by deepfakes for the businesses. In the second part of the article, we will focus on the technical and organisational means available today to safeguard oneself.
[1] Study published by Deeptrace in September 2019.
[2] Defending Each and Every Person from False Appearances by Keeping Exploitation Subject to Accountability Act.