Deepfake Phishing: Let’s not Forget the Importance of Training
Singer Taylor Swift, in a widely shared social media video, gives away three thousand Le Creuset cookware sets to her fans. Actor Tom Hanks promotes dental insurance in a viral video. President Joe Biden invites voters not to participate in the primaries, while Ukrainian President Volodymyr Zelensky encourages Ukrainians to lay down their arms.
These are real statements and not jokes; they have circulated widely on the internet and been shared with remarkable speed, reflecting the rapid pace of social media today.
The phenomenon is also rampant in Italy.
Consider the figure of the Governor of the Bank of Italy, Fabio Panetta, who promotes safe and profitable financial investments, alongside numerous other political and entertainment personalities who have been cloned: Elly Schlein, Giuseppe Conte, Giorgia Meloni, Mara Venier, who found herself alongside Elon Musk to promote a fraudulent investment, or Fabio Fazio, who advertises a financial platform promising significant earnings in a few months. A very alarming phenomenon is Deepfake Phishing, a technology used to create fake images and videos or replicate the tone and voice of a person, with its most disturbing application being the perfect imitation of CEOs and company executives issuing orders to their subordinates.
These attacks can have devastating consequences.
For instance, in 2021, cybercriminals used voice cloning to mimic a CEO and tricked the organisation’s bank director into transferring £35 million to another account to execute an “acquisition”.
A similar incident occurred in 2019, when a scammer imitated the CEO of a British company, claiming to be the CEO of its German parent firm, and urgently requested a transfer of £243,000 to a Hungarian supplier.
The cloning of images and voices to disseminate false messages is an increasingly sophisticated trend.
It poses serious concerns for privacy, security, and information accuracy, as well as for individual reputation and dignity.
The non-consensual distribution of deepfakes has reached troubling levels, affecting not only public figures but also ordinary citizens, with particular emphasis on the deepfake pornography phenomenon that primarily impacts women.
Consequently, some nations are acting swiftly. Among them, Denmark is leading the way, preparing to become the first European country to systematically tackle the deepfake issue through a comprehensive reform of copyright laws.
The Danish Proposal
The reform stipulates that everyone’s body, facial features, and voice are now covered by copyright.
This approach treats a person’s physical and vocal identity as a form of art, establishing legal protections that previously did not exist.
The legislation being considered in Copenhagen could become the first law in Europe to safeguard individuals against digital imitations of their identity. The proposal has already gained significant political support, reflecting the widespread recognition of the issue and the urgent need for legislative action.
Details of the Reform
The legislative process is already outlined: the Ministry of Culture intends to propose an amendment to the current law before the summer break and plans to submit this amendment to Parliament for a vote in the fall. Danish Culture Minister Jakob Engel-Schmidt has emphasised that the bill should communicate a clear message: everyone has the right to their appearance and voice, and this right must be protected from generative AI.
The changes to Danish copyright law will theoretically grant Danish citizens the right to request that online platforms remove content that has been shared without their consent. The protection will also extend to the entertainment industry, covering “digitally generated realistic imitations” of an artist’s performance without their consent.
The new law is not limited to recognizing theoretical rights, but also provides effective enforcement mechanisms. In case of violation of the rules, those concerned could also seek compensation. A fundamental aspect because it transforms the protection of digital identity from a mere matter of principle to an actionable right with concrete economic consequences for violators.
Regarding technology platforms, the Danish government has announced a decisive approach: If technology platforms do not comply with the new law, they could be subject to severe fines. This threat of significant economic sanctions should incentivize platforms to develop more effective deepfake detection and removal systems.
Balance between Protection and Freedom of Expression
One of the main challenges in regulating deepfakes is finding the right balance between protecting individual rights and freedom of expression. The Danish proposal addresses this issue by providing specific exceptions: the law excludes satire and parodies from its application, recognizing the importance of artistic freedom and public debate.
A crucial distinction because it avoids turning the law into a censorship tool, instead maintaining focus on protection against malicious abuse. In general, the success of this initiative will depend on the ability to effectively balance the protection of individual rights with the need not to hinder either technological innovation or freedom of expression.
Denmark thus positions itself among the first European countries to comprehensively and systematically address the phenomenon, going beyond the approach so far focused mainly on deepfake pornography. A new regulatory paradigm that represents a step forward that will hopefully significantly influence the development of European and international legislation on deepfakes and redefine standards for digital identity protection in the 21st century.
The new legislative trend is good but let’s not forget the role of training
The new legislative trend launched by Denmark is certainly good news that gives hope for a future where digital identity, privacy, and security against deepfakes will be better protected.
But this must not make us forget the importance of the role of proper training, especially its integration into company and organizational programs.
Users will increasingly need to be able to identify common warning signs, such as lack of synchronization between lip movement and audio, or discover indicators like distortions, deformations or inconsistencies in images and videos.
But Having this Theoretical Knowledge is not Sufficient.
You also need to continuously train to recognize suspicious signals. This implies constant training work. The concept is that to stay safe you need to be one step ahead of the cybercriminal and to do that you need to run very fast. We are in fact talking about marathon runners of cybercrime. It’s not an impossible goal as it may seem, quite the opposite. The important thing is to study, learn, train and always stay on top of things.
