Deepfake Phishing: Let’s not Forget the Importance of Training
Singer Taylor Swift who in a widely shared social media video gives away three thousand Le Creuset cookware sets to her fans; actor Tom Hanks who, in a viral video promotes dental insurance; Joe Biden who invites voters not to vote in the primaries; Zelensky who invites Ukrainians to lay down their arms.
These are not jokes but images and voices that have circulated widely on the web and have been picked up and shared with the speed at which social media is used today.
The phenomenon is also very widespread in Italy.
Just think of the Governor of the Bank of Italy Fabio Panetta who promotes safe and profitable financial investments and many other political and entertainment figures who have been cloned: Elly Schlein, Giuseppe Conte, Giorgia Meloni, Mara Venier, who found herself alongside Elon Musk to promote a fraudulent investment or Fabio Fazio who advertises a financial platform to obtain a lot of money in a few months.
A phenomenon that is very frightening is Deepfake Phishing, a technology used to create fake images and videos or to reproduce the same tone or voice timbre and whose most disturbing application is that used to perfectly imitate CEOs and company executives who give orders to their subordinates.
These are attacks that can have a devastating effect.
For example, in 2021, cybercriminals used voice cloning to imitate the CEO of a large company and tricked the organization’s bank director into transferring $35 million to another account to complete an “acquisition”.
A similar incident occurred in 2019. A scammer called the CEO of a British company imitating the CEO of the company’s German parent company and requesting an urgent transfer of $243,000 to a Hungarian supplier.
The cloning of images and voices to spread false messages is an increasingly used and refined trend and represents a significant concern for privacy, security and information truthfulness as well as for people’s reputation and dignity. The non-consensual distribution of deepfakes has reached alarming proportions, involving not only public figures but also ordinary citizens, with particular attention to the phenomenon of deepfake pornography that mainly affects women.
For this reason, some states are quickly taking action. Among these, in pole position we find Denmark, which is preparing to become the first European country to systematically address the deepfake problem through a radical reform of copyright legislation.
The Danish Proposal
The reform provides that everyone’s body, facial features and voice are covered by copyright. An approach that equates a person’s physical and vocal identity to a work of art, creating legal protection that did not exist until now. The one being studied in Copenhagen can thus become the first law in Europe to protect people against digital imitations of their identity. The proposal has already gathered broad political consensus, a sign of the cross-cutting nature of the problem and the need for urgent legislative intervention.
Details of the Reform
The legislative path is already mapped out: the Ministry of Culture plans to present a proposal to amend the current law before the summer break and to submit the amendment to Parliament for a vote in the fall. Danish Culture Minister Jakob Engel-Schmidt has clarified that the bill should convey the unequivocal message that everyone has the right to their own appearance and voice, protecting them from generative AI.
The changes to Danish copyright law will theoretically give Danish citizens the right to ask online platforms to remove such content if shared without consent. The protection will also extend to the entertainment world, covering “digitally generated realistic imitations” of an artist’s performance without their consent.
The new law is not limited to recognizing theoretical rights, but also provides effective enforcement mechanisms. In case of violation of the rules, those concerned could also seek compensation. A fundamental aspect because it transforms the protection of digital identity from a mere matter of principle to an actionable right with concrete economic consequences for violators.
Regarding technology platforms, the Danish government has announced a decisive approach: If technology platforms do not comply with the new law, they could be subject to severe fines. This threat of significant economic sanctions should incentivize platforms to develop more effective deepfake detection and removal systems.
Balance between Protection and Freedom of Expression
One of the main challenges in regulating deepfakes is finding the right balance between protecting individual rights and freedom of expression. The Danish proposal addresses this issue by providing specific exceptions: the law excludes satire and parodies from its application, recognizing the importance of artistic freedom and public debate.
A crucial distinction because it avoids turning the law into a censorship tool, instead maintaining focus on protection against malicious abuse. In general, the success of this initiative will depend on the ability to effectively balance the protection of individual rights with the need not to hinder either technological innovation or freedom of expression.
Denmark thus positions itself among the first European countries to comprehensively and systematically address the phenomenon, going beyond the approach so far focused mainly on deepfake pornography. A new regulatory paradigm that represents a step forward that will hopefully significantly influence the development of European and international legislation on deepfakes and redefine standards for digital identity protection in the 21st century.
The new legislative trend is good but let’s not forget the role of training
The new legislative trend launched by Denmark is certainly good news that gives hope for a future where digital identity, privacy, and security against deepfakes will be better protected.
But this must not make us forget the importance of the role of proper training, especially its integration into company and organizational programs.
Users will increasingly need to be able to identify common warning signs, such as lack of synchronization between lip movement and audio, or discover indicators like distortions, deformations or inconsistencies in images and videos.
But Having this Theoretical Knowledge is not Sufficient.
You also need to continuously train to recognize suspicious signals. This implies constant training work. The concept is that to stay safe you need to be one step ahead of the cybercriminal and to do that you need to run very fast. We are in fact talking about marathon runners of cybercrime. It’s not an impossible goal as it may seem, quite the opposite. The important thing is to study, learn, train and always stay on top of things.