Last week, Bill Request 26 was unveiled by Kentucky lawmakers — Reps. John Hodgson, John Blanton and Daniel Grossberg — during an Interim Joint Judiciary Committee meeting in Frankfort.
This omnibus bill outlines new regulations for various technologies, including automated license plate readers, drones, artificial intelligence and microchip technology. The bill also includes measures to counteract the rise of deepfakes, in which bad actors replicate an individual's voice or appearance through generative techniques.
“Nobody really wants the government or their neighbor spying on them, and that’s the genesis of this bill,” Hodgson said in a recent press release.
The first section of BR 26 pertains to automated license plate readers, outlining that “entities” are only permitted to retain data for 90 days, except in cases where the data serves as evidence in a felony investigation, pertains to a subpoena or is employed for toll collection purposes. The sale of license plate data would also be prohibited.
The second portion of the bill addresses unmanned aircraft, or drones, prohibiting the use of drones with an imaging device on private property without the owner’s written consent. There are exceptions to this portion of the bill for law enforcement officials with search warrants. Civil monetary penalties may be sought against violators.
Other portions of the bill reference criminal penalties for deepfaking.
Grossberg believes the swift evolution of the technology without regulatory action could be detrimental.
“Since the term ‘deepfake’ was coined in 2017, the emerging technology has greatly advanced,” Grossberg said in the release. “Anyone with a cheap program can create a deepfake visually indistinguishable from reality with less than a minute of audio and a handful of pictures.”
There have been numerous occurrences of deepfaking throughout the country over the past few years — some of which involved kidnapping hoaxes where scammers imitated someone’s voice using AI to say they had been taken to receive ransom money from family members.
This technology also poses an escalated cybersecurity threat to companies, as malicious actors have exploited deepfake voice technology to perpetrate fraud by mimicking the voices of company leaders to convince unsuspecting employees to transfer substantial sums of money.
The state of Kentucky isn’t the first to tackle legislation related to this ongoing threat. In 2019, Texas and Virginia passed bills criminalizing the distribution of nonconsensual deepfake pornography and the use of such technology to manipulate election outcomes. Meanwhile, California law allows victims of election-related deepfake crimes to seek legal recourse for damages.
Earlier this year, Minnesota took a similar approach to address the use of deepfake technology by targeting the creation of explicit content and the manipulation of electoral processes. The bill, SF 1394, passed the Senate but eventually failed, leading to its indefinite postponement.
Although there have been several pieces of deepfake technology legislation to cross the desks of lawmakers, Kentucky's BR 26 bill appears to adopt a more comprehensive strategy to counter deepfakes, steering away from a narrow focus on specific types of deepfake offenses such as disseminating explicit content or influencing elections. Instead, the bill addresses any fabricated video or audio clip made with AI or machine learning that replicates the likeness and voice of real individuals.
Regardless of the potential success or dismissal of one specific bill, it seems the push for privacy in the digital world will inevitably continue.