In October 2019, Idaho proposed changing its Medicaid program. The state needed approval from the federal government, which solicited public feedback via Medicaid.gov.
Roughly 1,000 comments arrived. But half came not from concerned citizens or even Internet trolls. They were generated by artificial intelligence. And a study found that people could not distinguish the real comments from the fake ones.
The project was the work of Max Weiss, a tech-savvy medical student at Harvard, but it received little attention at the time. Now, with AI language systems advancing rapidly, some say the government and Internet companies need to rethink how they solicit and screen feedback to guard against deepfake text manipulation and other AI-powered interference.
“The ease with which a bot can generate and submit relevant text that impersonates human speech on government websites is surprising and really important to know,” says Latanya Sweeney, a professor at Harvard’s Kennedy School who advised Weiss on how to run the experiment ethically.
Sweeney says the problems extend well beyond government services, but it is imperative that public agencies find a solution. “AI can drown speech from real humans,” she says. “Government websites have to change.”
The Centers for Medicare and Medicaid Services says it has added new safeguards to the public comment system in response to Weiss’ study, though it declines to discuss specifics. Weiss says he was contacted by the US General Services Administration, which is developing a new version of the federal government website for publishing regulations and comments, about ways to better protect it from fake comments.
Government systems have been the target of automated influence campaigns before. In 2017, researchers discovered that over a million comments submitted to the Federal Communications Commission regarding plans to roll back net neutrality rules had been auto-generated, with certain phrases copied and pasted into different messages.
“I was a bit shocked when I saw nothing more than a submit button standing in the way of your comment becoming a part of the public record.”
Weiss’ project highlights a more serious threat. There has been remarkable progress in applying AI to language over the past few years. When powerful machine-learning algorithms are fed huge amounts of training data—in the form of books and text scraped from the Web—they can produce programs capable of generating convincing text. Besides myriad useful applications, this raises the prospect that all sorts of Internet messages, comments, and posts could be faked easily and less detectably.
“As technology gets better,” Sweeney says, “human speech venues become subject to manipulation without human knowledge that it has happened.” Weiss was working at a health care consumer-advocacy organization in the summer of 2019 when he learned about the public feedback process required to make Medicaid changes. Knowing that these public comments had swayed previous efforts to change state Medicaid programs, Weiss looked for tools that could auto-generate comments.
“I was a bit shocked when I saw nothing more than a submit button standing in the way of your comment becoming a part of the public record,” he says.
Weiss discovered GPT-2, a program released earlier that year by OpenAI, an AI company in San Francisco, and realized he could generate fake comments to simulate a groundswell of public opinion. “I was also shocked at how easy it was to fine tune GPT-2 to actually spit out the comments,” Weiss says. “It’s relatively concerning on a number of fronts.”
Besides the comment-generating tool, Weiss built software for automatically submitting comments. He also conducted an experiment in which volunteers were asked to distinguish between the AI-generated comments and ones written by humans. The volunteers did no better than random guessing.
After submitting the comments, Weiss notified the Centers for Medicare and Medicaid Services. He had added a few characters to make it easy to identify each fake comment. Even so, he says, the AI feedback remained posted online for several months.
OpenAI released a more capable version of its text-generation program, called GPT-3, last June. So far, it has only been made available to a few AI researchers and companies, with some people building useful applications such as programs that generate email messages from bullet points. When GPT-3 was released, OpenAI said in a research paper that it had not seen signs of GPT-2 being used maliciously, even though it had been aware of Weiss’ research.
OpenAI and other researchers have released a few tools capable of identifying AI-generated text. These use similar AI algorithms to spot telltale signs in the text. It’s not clear if anyone is using these to protect online commenting platforms. Facebook declined to say if it is using such tools; Google and Twitter did not respond to requests for comment.
It also isn’t clear if sophisticated AI tools are yet being used to create fake content. In August, researchers at Google posted details of an experiment that used deepfake-text-detection tools to analyze over 500 million webpages. They found that the tools could identify pages hosting auto-generated text and spam. But it wasn’t clear if any of the content was made using an AI tool such as GPT-2.
Renée DiResta, research manager at the Stanford Internet Observatory, which tracks online abuse, says she expects more government sites to be targeted by fake text. “Any time you have new technology, it’s a tool in the hands of some and a weapon in the hands of others,” she says.
Politically driven misinformation has become a critical issue in American politics. Joan Donovan, research director of the Shorenstein Center on Media, Politics and Public Policy at the Harvard Kennedy School, warns that sophisticated AI may not be needed to erode people’s sense of what’s true. “People’s emotions are frayed, and that makes them very vulnerable to convenient explanations rather than difficult truths,” Donovan says.
This story originally appeared on wired.com.