Nick Blake looks at how the music world is now making a statement about the rise of fake news and threat actors.
“Most imitated, Grammy nominated”, despite being a Kanye West lyric feels oddly accurate for the introduction of this article on what exactly Kendrick Lamar, Data Protection and Cyber Security have to do with each other.
Earlier this month, 14-time Grammy award winner Kendrick Lamar dropped his video for “The Heart Part 5”, a video which utilises Deep Fake technology to morph his face into the likes of O.J. Simpson, Will Smith, Jussie Smollett, Kobe Bryant, Kanye West, and Nipsey Hussle. Deepfakes are artificial images and sounds put together with machine-learning algorithms, essentially creating a moving image or voice, with the result being a very good replica of the person.
This is far from the first time we have seen the technology utilised, but it does mark a significant shift into mainstream music, with the video having over 31M views at time of publication.
Ultimately, the current biggest concern is the potential for Deep Fakes to be used to spread misinformation. Recently we saw hackers with links to Russia utilising a rather obvious Deep Fake to imitate the Ukrainian President Zelensky. Yet the cyber security and data protection implications have the ability to go much wider.
Since the pandemic, we have become increasingly dependent on digital communication platforms, like Microsoft Teams and Zoom, as these replaced face to face interactions. Clearly there is a risk for fraud and impersonation, the better and more accessible deep fakes become. Phishing to date has been largely email based, but deep fakes could change that landscape. Until enterprise security develops further to automatically detect these fictitious environments and images, organisations will have to ensure their users are trained and educated appropriately.
Moreover, from a data protection perspective, the information and images contained within a deepfake may use an individual’s likeness or image, and therefore fall under the GDPR as personal data. Furthermore, by creating a deepfake, the creator is likely using the individual’s image in a manner that they haven’t consented to. If a deepfake does come under the scope of GDPR, a data subject will have full availability to the rights and protections afforded to them (including for removal of the image) and the creator will be required to give effect to the requests, unless exceptions apply.
The “Deep Fake space” is an emerging and growing one, in the coming years it will be imperative for individuals and organisations to attempt to stay one step ahead of threat actors and how they begin to utilise Deep Fake technology. As highlighted in this article they have the potential to impact not only our pop-culture, but can also affect our organisational and personal data through compromise.
Our first episode of The Cyber Hacks Podcast looked closely into how utilising deep fakes have been used to erode public confidence in our government, democratic institutions and public figures. A recommended listen featuring leading expert in Deep Fakes Nina Schick.
Kendrick Lamar’s video aimed to provoke thought and ask some uncomfortable questions. It demonstrates that Deep Fake technology is definitely on the rise, and may be utilised across a variety of different avenues (art, movies, social engineering etc.). It also raises a more critical and urgent question of how we discern and govern this technology. Hopefully, it lands a clear message and generates awareness amongst the general public, who can be vigilant and play their part in protecting our likenesses and data.