A New Way to​ Tell Deepfakes From Real Photos: Can It Work?

Earlier this year, an image of the Pope in a chic white puffer coat went viral, in a striking example of how an AI-generated image can fool the internet. With a flood of this content predicted, we’ll need new ways to tell what’s real and what’s not.

“Can we build an AI deepfake detector?” was the initial idea when work started four years ago on one such effort to create a standard for online images, says Dana Rao, general counsel and chief trust officer at Adobe, maker of Photoshop. Adobe is one of the companies spearheading the Content Authenticity Initiative, a global coalition of 2,000 members from tech, policy and media (including The Wall Street Journal).

The group’s strategy has changed as work has progressed, he says. Here, he talks with the Journal’s The Future of Everything podcast about using data to underpin trust on the internet.

Adobe was thinking about creating something to detect if an image was made by AI. But now you’re going a different way?

Right, it was sort of the obvious solution, which is, “I just want someone to tell me if this is fake or not.” The problem is, you need to be very, very, very accurate on that deepfake detection because if you’re wrong a lot, no one’s going to trust it. So it has to be like 99% accurate. And what we saw was more like 60% accurate.

So we felt detection is not the answer. We flipped the problem on the head, and that’s when we started the Content Authenticity Initiative. We said, “Instead of trying to catch the lies, how do we help people prove what’s true?” That’s important [because] once you’re in a world where you’re being deceived by deepfakes, the next time you see something, you’re going to say, “I don’t know if it’s true or not.” We’re going to get desensitized to audio and video information because we have no way to know.

So, you wanted to start from the other end. How does that work?

We’ve created this technology called “content credentials.” It’s like a nutrition label for an image or video or audio. It will tell you who made the image, when it was made, where it was made, and what edits were made along the way.

If you’re in Photoshop, for example, you click on content credentials, because you want to capture this information—because you want people to believe you—and then you can edit. If you change the lighting or you remove a blemish, all that gets captured. Then when you export it, that metadata goes with it. The viewer will see a little symbol on the image that says CR. You click on it and you can look at [the metadata] for yourself.

You still have to decide whether you trust that, right? For an average user, how helpful will those content credentials be?

First, you don’t need to believe everything, right? If you’re on Facebook and you took a picture of a cat with a hat on it, you don’t need to prove that is true or not.

But people will expect, on important events, that [those posting the images] will have taken the time to prove it. So I’ll see that symbol, I’ll be able to click on it, and be able to decide for myself whether or not to believe it or not. It’s a chain of trust built from from the very first place the image is captured to where it gets published.

Are there risks for content creators? Say you’re in a place where there’s a dictatorship and you’ve taken this photograph of a damning piece of evidence, and now your name is attached to it?

It is an option to turn on content credentials or not. You could say, “I’m going to take this image of whatever the incident is, I’m just not going to sign it.” Or, “I’m not going to turn on my identity, but I’m going to capture other things, like where it was taken, when it was taken, and the edits that were made.”

It’s definitely up to the person who’s choosing to use the content credential. They get to decide whether they want to reveal their identity or not. That was important to us as a design principle because we wanted to allow people to use this in places where there could be reprisal.

When I see the image, maybe I don’t believe it as much because this person has decided to remain anonymous. But I have other information that I can use to trust it and that’s a tradeoff, right?

So the user who sees the image gets to decide whether to trust it.

We want to empower the public to decide what to trust. It’s always going to be you, the user, who decides whether or not you want to trust things.

It makes me think that you need media literacy for this to work.

When we talk to governments about the importance of combating deepfakes, they ask us, “What can we do?” We say they have two roles: One is, educate people that they can’t always believe what they see. It’s very natural for us to believe images. The human brain is trained to believe visual information.

Second, once we have content credentials out, they need to educate the public: There’s a tool that you can use when you see something important. It should have a content credential with it.

Whose responsibility is image authentication? Is it the maker? The user? A publisher?

We are all responsible. If we don’t all get on board with trying to make sure there are standards by which we can trust digital information, we’re going to be in a lot of trouble in two, three years, maybe even by 2024 elections, because we’re not going to believe anything we see or hear.

These AI tools are doing amazing things. You type in “cat in a convertible riding through the desert.” An amazing image just shows up. You don’t have to have any skills, but now you’re an artist, right? I encourage everyone to use these things. They’re going to revolutionize how we all interact and create together.

But they can be misused. And if you misuse them for the purpose of deceiving people, you should be held liable for that.

Companies are making AI image detectors. What do you say to them?

It’s great to continue to research this area. The problem with a lot of deepfake detection is that it happens after the fact. So by the time you attach a label to a lie, millions of people have already seen it and believed it incorrectly, and then you come back and tell them it’s a deepfake. It’s too late. You can’t unring that bell.

What is it going to take to get these content credentials everywhere that internet users might see images?

I feel great about where we are, in terms of, we have an open standard. There’s a group of companies building this. We actually have a usable version of this in Photoshop. It’s out there. You can use it.

What we need to get it everywhere is for all the companies who have a role in this ecosystem to agree. A few have not. A lot of them are still kicking the tires on the technology, trying to understand it. How do I build it into a smartphone?

We’re not everywhere yet. We’re hoping that everyone’s seeing the momentum since the spring with all the generative AI and chatGPT. We’re seeing a lot more people come into the fold saying, “Oh, we now see the problem.”

What does our consumption of images look like in 10 years?

It’ll all be digital and we’re going to see more content than ever. Everyone’s got a story to tell, and we’re going to see a lot of those stories out there. The importance of having authenticity is going to be just as important.

Interview has been edited and condensed.

Write to Charlotte Gartenberg at charlotte.gartenberg@wsj.com and Alex Ossola at alex.ossola@wsj.com