In the course of his ongoing mentorship of Ukrainian leaders as they fight to repel Russia’s invasion, Hoover senior fellow Michael McFaul regularly participated in teleconferencing calls with senior political officials in Kyiv.
Minutes before one such call was to begin, in September 2022, Ukrainian Presidential Office head Andriy Yermak saw who he thought was “Michael” appear on screen early.
Except after a few minutes of conversation with “Michael,” something felt off to Yermak.
“It was only when I began asking questions about divisions within the Biden administration that [Yermak] got suspicious,” McFaul said. “Why is Mike asking me these kinds of questions?”
He called McFaul to ask if it was him on the other end of the video call.
He was not.
Instead, it was a Russian, using live “deepfake” AI technology to superimpose McFaul’s facial features onto the screen and mimic the sound of his speech, essentially impersonating him to disrupt the relationship and gather intelligence from the other participants in the call.
“It was especially weird to hear my voice, because it sounds exactly like me.” McFaul said.
This Russian individual tried four or five other calls, once getting through to Ukrainian foreign affairs minister Dmytro Kuleba.
In that call, Kuleba confirmed to the fake McFaul that Ukraine had successfully bombed the Kerch Strait Bridge, linking Crimea to the Russian Federation, something most observers believed was the case already.
Sometime later, the audio of Kuleba confirming the bombing was broadcast by Russian media.
It was possibly the first known instance of using AI to impersonate someone in an intelligence-gathering operation, a sort of weaponization of AI technology.
Half-joking, McFaul said his peers in the Ukrainian government now check first whether it’s actually him on the other end of calls.
According to Nate Persily, Stanford professor of law, the capability to deceive in such a way is now widespread. He warned about these modes of deception during a gathering of European Union diplomats at Stanford University on April 23, 2024, for a roundtable discussion on tech policy. The discussion was copresented by the Hoover Institution and the Cyber Policy Center at Stanford’s Freeman Spogli Institute.
Diplomats present represented the European Commission and member countries including Greece, Romania, Germany, France, Ireland, Czechia, Austria, Estonia, Lithuania, Italy, Sweden, Denmark, Norway, Finland, Belgium, Luxembourg, and the Netherlands.
As the EU readies to employ its AI Act regulations, there is a tension among countries around whether heavy or light regulation of AI development is the best way forward.
Florence G’Sell, visiting professor at the Stanford Cyber Policy Center, said it’s hard to strike a balance between strictly regulating AI to prevent risks while not slowing technological advancement.
“It’s hard, complicated, difficult to enforce, penalties may be insufficient, and it can stifle innovation. But at the same time, industry cannot regulate itself. A competent independent authority is useful.”
But Gerard de Graaf, head of the EU’s office in San Francisco, said the lack of AI regulation for AI firms today in the US and elsewhere is troubling.
“The average food truck in SF is under more regulation than Open AI or Anthropic, and that’s absurd,” he said. “We need to have a more mature discussion about regulation. It’s not about whether to regulate but how to regulate.”
In addition to AI, Hoover senior fellow Amy Zegart and her team that copublishes the Stanford Emerging Technology Review are following nine other emerging technological spaces, including space, biotechnology, nuclear energy, and robotics, and some may require intense government scrutiny both in North America and Europe over the coming years.
“The speed of technological development is hard for even the experts in each given field to anticipate,” she said.
Zegart said that there was a need for the US government as well as the EU to develop a “strategic computing reserve” of GPUs with major processing power to keep up with the massive accumulation of computing power occurring within major Silicon Valley companies.
Zegart also said part of the reason for the US government’s moving slowly on regulating AI development is due to the deadlock in Congress. “Expecting the feds to do anything today is challenging—it’s really our inability to get anything done,” she said.
If what AI and other emerging technologies need is more regulation and moderation, a pair of Stanford researchers have been working to employ AI itself into a regulator of sorts.
For the last nine months, Samidh Chakrabarti and Dave Willner of Stanford’s Cyber Policy Center have been attempting to build an AI to tackle a familiar problem in the world of social media.
For years, social media firms have struggled to enforce content-moderation policies rapidly and accurately. Social media companies employ hundreds, sometimes thousands of content moderators.
“Social media creates an industrial scale of content production and distribution,” Willner said. “But no one can be truly excellent at content moderation at scale.”
The work is monotonous and often low paying, and disturbing content can be traumatizing for the moderator handling its removal. And even with so much human resources and technology aimed at moderating content, it’s far from perfect.
So Willner and Chakrabarti developed “CoPE,” the Content Policy Evaluator, an AI tool small enough to fit on a computer CPU that is able to adopt a content policy, such as those used by social media companies, and then in seconds assess whether any statement violates that policy.
In a demonstration, WIllner put in a comment, “Immigrants are a plague on society,” and a content moderation policy was entered in a field below. Chakrabarti pointed out that the policy they entered had been written to include moderation of hate speech targeting immigrant status.
In less than 13 seconds, the AI tool came up with a response of “1,” which meant Willner’s comment violated the hate speech policy.
Chakrabarti then removed immigration status from the hate speech policy entered in the moderation policy field.
In 12 seconds it came back with a response of “0,” meaning the statement did not violate the hate speech policy.
“Essentially we’re just training a model that does very good rule following,” Chakrabarti said.
They estimate that CoPE is about 85 percent accurate and could radically cut costs for emerging social media applications that struggle to afford building their own content moderation teams.
The roundtable also included a conversation with Stanford law professor Evelyn Douek and Daphne Keller, platform regulation program director at Stanford’s Cyber Policy Center, about legal cases reaching the Supreme Court concerning social media firms and the First Amendment.
One such case involves Texas and Florida prohibiting social media companies from having content moderation policies, such as the one used by CoPE.
Persily quipped in his introductory remarks to this discussion, “There’s a possibility by summer that there will be content that is mandatory in Florida, illegal in Europe, and optional everywhere else.”