AI-Generated Voice Evidence Poses Dangers in Court

I agree. The article didn't touch on this aspect, but we're now at the point where even authentic recordings could be plausibly denied and claimed to be fake. So the entire usage of recordings as evidence will suffer a hit. We may essentially be knocked back to an 18th century level of reliance on eyewitness testimony. One wonders what the consequences for justice will be.

Have you ever heard some of the wiretap or hidden microphone recordings used to convict mafia bosses back in the 1980s? It was so bad I can't believe it was accepted. It could easily have been faked. The only thing that made it work was the sworn statements of authenticity from the people who did the recording, and the chain of custody thereafter.

>But ultimately: Humanity has coped without photo, audio or video evidence for most of its existence.

which allowed to burn witches based on testimony of citizens in good standing.

And that leads us to using Neuralink and similar tech and the next gen lie detectors (like say the defendant's fMRI (most probably interpreted by AI too:)) to look into the brain and extract confession. No need for evidence, deposition and all that expensive time consuming stuff standing in the way of truth especially given that it can't be trusted anymore in the face of AI capabilities.

I kind of want to have an LLM which takes absolutely any criticism of AI or news of it doing something bad and then generates a plausible HN comment that basically goes "I don't think it's a new problem, X has always been possible, there's nothing really new"... because that comment always appears like clockwork beneath it :)

That's a great point. The ability to undermine real evidence by claiming it's AI-generated could be just as (if not more) damaging than fake evidence itself

> I don't think it's _that_ widespread. Just like it's possible to lie on the stand, but people usually think twice before they do it, because _if_ they are found to have lied, they're in trouble.

I don't have data, but I suspect a LOT of people lie on the stand. This is mostly based on what I see on reality court shows and true crime type shows, so admittedly not a great sample, but I figure once something gets to trial things are going to be contentious.

At this stage it's more a risk for people who have their likeness out in the public domain where it can be copied. But that's just about everyone these days.

> But ultimately: Humanity has coped without photo, audio or video evidence for most of its existence. I suppose it will cope again.

Same argument for electricity, the internet, sanitation, democracy... doesn't seem like a great test for stuff that we just didn't have it before and survived.

You mean like expert witness polygraphers that were treated as fact by the courts for years and still used to re-incarcerate people on parole/probation?

Or gun matching (ballistics) that are no longer considered conclusive but subjective? https://www.mdcourts.gov/data/opinions/coa/2023/10a22.pdf

Hair and Fiber expert analysis that was wrong? https://innocenceproject.org/fbi-agents-gave-erroneous-testi...

Or do you mean bite mark analysis that was again wrong?

Many of these forensic methods were used for decades and presented/treated as conclusive evidence before being challenged leading to wrongful convictions. But yes, let's have 'certified' voice experts whose living is based on being hired by the government and giving testimony to convict people. Surely this time it will be altruistic and scientific.

I don't know what the latest is, but often judges are supposed to not allow "expert testimony" without checking that the person is an expert. However this is a really complex area. Judges don't want to be the one deciding a case, but not allowing some "expert" is in a way deciding the case.

But I think the argument here is less about judges making definitive calls on authenticity and more about ensuring that clearly questionable evidence isn't automatically admitted just because a witness vouches for it.

Gell-Mann Amnesia effect comes to mind.

Excluding fake evidence is very much a responsibility of the judge. In the age of Fox News, letting the jury decide for themselves whether or not made-up bullshit is actual evidence seems like a recipe for disaster, and not necessarily one that errs on the side of caution.

Presuming good faith here, faking recordings has been harder to do, easier to detect, and less equivocal in the past than it is now.

If it takes an FX house to generate a plausible recording of me saying something I didn't say, that's a risky enterprise with a lot of witnesses.

If my enemy can do it in their basement with an hour of research, the exposure risk goes way down, and consequently the expectation you'll see it in real life goes way up.

Nuclear weapons require nation-state levels of resources. Now imagine you can build one in your basement for $10k. Does that change things at all?

"We've had projectile murder for centuries with arrows, how are these machine guns and missiles any different?"

It could easily go the other way, where the public doesn't care what people think they did or didn't do and just does whatever they want, because they don't respect the state and believe the social contract has been broken. "Fuck justice, talk to my AR-15."

There's ample evidence that this is already happening, eg. recent headlines about kids being radicalized at increasingly younger ages, groups like No Lives Matter that embrace violent nihilism, increased domestic terrorism, record high gun ownership across both sides of the political spectrum, authority figures that just do whatever they want and ignore any form of law or accountability, etc.

There are actually (at least) 3 different places where cryptography is needed here:

* Proof that this starts after a given time. Traditionally this has used methods like "this is the headline of a major newspaper today", which is limited to 1-day granularity and has problems if you can just generate a large number of expected headlines and use them in parallel. But with crypto, we can just query any random-number-timestamp-signing server, and a network of such servers can mutually sign each other's previous packets so it's very reliable both against downtime and against attacks.

* Proof of sequencing. This is trivial with a chain of hashes, though it does prevent recompression.

* Proof that this ends before a given time. This requires actively submitting your signature data to a timestamp server for additional signing, which is a much more complicated task than the initial half. It is still possible to eliminate the single source of vulnerability, but much more work.

"Camera looks at monitor" is going to be a much cheaper way to make this air-gapped than adding a projector. And this doesn't strictly need to be continuous; most things are tolerant of one-day granularity and almost everything of 15-minute granularity.

pretty clever, kind of like cipher block chaining

Thieves are planning an inside job. They forge the surveillance video ahead of time, do the theft and submit the forgery to be timestamped while it's happening.

Also, a lot of surveillance systems are purposely kept offline to prevent them from being compromised, but your system doesn't allow that because they would need external connectivity to get signatures.

You can do this already by yourself or use a service which you need not even trust.

Every x seconds, collect all the pieces of data that need to be notarized as existing in the world prior to some time t. It can be an arbitrary amount of data.

Construct a Merkle Tree[1] of all the hashes (or HMACs) of all the data to be notarized. Compute the Merkle Root. Make sure that everyone gets their Merkle Proof (path from leaf to root) or publish the Merkle Tree publicly.

Embed the Merkle Root into a one or more cryptocurrency blockchains to exploit their immutability guarantees. By either including it as "additional data" to some transaction or just straight up as a fictional cryptocurrency address.

Every piece of data processed in this way will have a Merkle Proof (cryptographic path from hash of the data to the Merkle Root) that proves it existed prior to the creation of the Merkle Root. The Merkle Root will have its creation time bounded by the proof of work conducted on the cryptocurrency blockchain.

[1] <https://en.wikipedia.org/wiki/Merkle_tree>

Isn't this basically achieved by standard cloud storage on phones? Photos and videos get uploaded automatically (with authentication for the user account) and presumably that action is logged somewhere the user can't edit. Just need to prove those logs are secure, and there you go.

It actually is too late for that. For anyone unaware, the open source models are already more than sufficient enough for imitations and deepfakes. For better or worse there's no going back.

Personally, I'd rather we all know this tech is out there and develop defense mechanisms rather than thinking hiding it away will prevent harm.

The cyber security industry exists because of all the privacy and security issues posed by all the tech we already have had for the past several decades.

I'm confident the same will happen for AI simply because it is a business opportunity and other businesses and institutions are already talking about these issues.

You cannot create something and pretend its use has nothing to do with you.

has always worked with guns so it'll always work with anything else :) and guns will kill more people that AI-generated shit for foreseeable future

I do want a computer which talks to me like a person, with that agility. I am used to listening to voice.

I am tired of reading so much stuff which could well be spoken to me. Like this comment here, which you now need to read.

It's only very recently that living beings on this world have learned to read and write, it's not normal. It's normal to communicate through sound.

> Nothing of value is lost when these models are made private again

To list a few uses I see for voice-generation/cloning tools:

* Real-time translation of a user's voice, maintaining emotion and intonation

* Professional-quality audio from cheap microphone setups (for video tutorials, indie games, etc.)

* Allowing those with speech impairments to communicate using their natural voice again, or:

* Allowing those uncomfortable with their natural voice to communicate closer to how they wish to be perceived

* Customization of voice assistants, such as to use a native accent/dialect

* Movies, podcasts, audiobooks, news broadcasts, etc. made available in a huge range of languages

* And of course: memes, satire, and parody

If it exists but isn't widely accessible, it's likely in the hands of Musk/Zuck and and various state actors. To me that seems possibly the worst alternative - to have the public generally unaware that it's possible and receiving few of the benefits listed, yet still having it available as a tool for competent disinformation.

Fatalities due to automobile accidents are a major drag. We should've stuck with horses

There is some use to bringing deepfakes to mass adoption. The thing is that since the tech exists, powerful actors with lots of resources will develop these tools for their own use either way. The question is whether they'll be able to fool the masses who are unaware that such realistic deepfakes can exist, or whether they will have no effect as everyone and their mom have already seen similar AI slop on their Facebook feed

>The tools aren't perfect yet, so it's not too late to stop

This is some serious level of cope for HN.

Simply put, it's not going to happen.

When was the last time you encountered this? I remember getting nags up until around the end of last year, but not lately. I like to think they dropped the program because I expressed concerns about it to so many reps, but more likely I've just been dialing in on a different number.

Schwab used to have an 8 character maximum on passwords (although at least they changed that). They have never been a paragon of good security practices.

Or perhaps camera manufactures will start putting traces in. Anyone who makes surveillance systems (like stores use) should put some end to end things in so they can say "this camera took that recording and we can see that it wasn't tampered with by...". (if anyone works for a surveillance company please run with this!) With encryption we can verify a lot of things, but it sets the bar higher than someone took a picture.

Of course in a darkroom someone skilled could always make a fake photo - but the bar is a lot lower with AI.

If it goes that direction, one silver lining could be that they also realize video conference tools used for court proceedings should also go away.

I wonder if film photography (slide film in particular) will become viable again and that photojournalists will once again become necessary for society.

Rather than cryptography which could be difficult to grok for a non-technical jury, a physical slide of film would be the source of truth.

It can still be faked by photographing a manufactured/generated scene though.

The smart encryption people will fix it. At some point it had to be fixed anyway since LLMs have only made it less effort.

Not necessarily. Recent advancements suggest that just a few soundbites of a typical person's voice already allow modern AI to synthesize it fairly accurately.