Experts interpret the abuse of AI face changing technology as invasion of privacy

Recently, a special effect named "ant Hey" on social media platform has been popular all over the network. Many netizens have introduced their photos into avatarrify, which can be driven by algorithms, and generate a short video of face changing with exaggerated expression and shaking with rhythm.

Just a few days later, just like Zao, the popular face changing software, avatarify was put off the shelf. Many people speculated that AI face change may involve privacy issues. What is the principle of AI face changing technology? Does face change cause personal privacy disclosure? With the questions from netizens, the reporter of science and technology weekly interviewed songyubo, an associate professor of Cyberspace Security College of Southeast University, to reveal the secret of AI face changing technology for us.

Experts interpret the abuse of AI face changing technology as invasion of privacy

Q: what is the principle behind AI face changing technology?

Experts interpret the abuse of AI face changing technology as invasion of privacy

Songyubo: the first way to realize face change is realized by Photoshop, which not only takes time and effort, but also has poor effect. However, the most popular face changing software is actually using the technology of generative counter network (GAN), which is one of the deep learning models. In short, the machine can acquire facial expression features in big data in advance, and then combine some feature information of face changing person, and evolve continuously through “confrontation game” mode, and finally generate the face changing video we hope to get. This method can not only realize automatic face changing quickly, but also produce more realistic images.

Q: what is a generative anti network?

Songyubo: Although the generative counter network contains the word “network”, it is not the same as what we usually call “Internet”, it is essentially a mathematical algorithm. Because the generated network adopts the neural network learning algorithm in deep learning, the word “network” is reserved.

The framework of generative counter network is learned by making two neural networks game each other, one is generator and the other is discriminator.

It is worth noting that the general expression information collected in the early stage of the machine mainly comes from the big data library, not the personal expression information of the face changer. This means that face changing using the technology of confrontation generation network only requires a few personal face photos. The face changing technology was born initially, which requires about 300-500 pictures of face changing people. With the continuous improvement of recent technologies, only 3-5 related photos are needed to generate the required face changing photos or videos.

Q: is there a risk of personal privacy disclosure in AI face change? Can fake video and pseudo images break through face recognition system?

Songyubo: there are two sides to any technology. If it is just to make face changing video for fun and entertainment, it does not have too much harm in itself. However, if the technology is used by illegal elements, it will cause great harm. The risk of information abuse and personal biometric characteristics being leaked is an important reason for the frequent questioning of such software.

For political figures or stars, transplanting their faces into some scenes they should not have appeared is likely to have a negative impact; for individuals, many financial places rely on video online identification to conduct identity verification. If illegal elements use the expression manipulation method in deep synthesis to generate false video, it is likely to cause personal money damage Loss.

At the end of November 2019, the regulations on the management of network audio and video information service jointly issued by three departments, namely, the state network information office, the Ministry of culture and tourism and the State Administration of radio and television, pointed out that those who make, publish and disseminate non real audio and video information by using new technologies such as deep learning and virtual reality should be marked in a significant way; the relevant audio and video technology “shall not be used to infringe on other people” “The right to reputation, the right to portrait, the right to privacy, intellectual property and other legitimate rights and interests”.

At present, the face changing pictures or videos downloaded through app have poor image quality due to the limited calculation amount. After careful observation, there are still some problems such as facial unnatural. Those images with high quality can deceive people’s eyes, and the face changing pictures and videos will be “original” under the discrimination of relevant detection algorithms. Therefore, ordinary users don’t have to worry about the face recognition system being broken. But with the continuous improvement of technology, such software is likely to pose a great threat to our personal privacy in the future, so we also call for relevant laws and regulations to be promulgated as soon as possible.