Deepfake technologies threaten the integrity of live video streams and recordings of Scottish Parliamentary proceedings, according to new research by the Scottish Centre for Crime and Justice Research (SCCJR) and the University of Edinburgh.
The researchers analyzed potential deepfake attacks on Scottish Parliament TV, a website providing livestreaming and archived recordings from the Debating Chamber and committee rooms in Holyrood, the Scotland’s devolved legislature, to the public.
The Scottish Parliament was one of the world’s first legislatures to introduce this level of access to proceedings.
The Parliament TV website contains no content restrictions, meaning users can download streaming video clips from the player in real time using a dedicated ‘clipping’ tool. The license to reuse this material is also broadly permissive.
Co-author of the report, Dr Ben Collier, who is based at the SCCJR and the University of Edinburgh, warned: “Scotland was one of the world’s first parliaments to experiment with live streaming. While the original aim was to produce a neutral record for the public and broadcasters on what goes on inside Holyrood, it paradoxically has introduced new security risks that could threaten public trust in democracy.”
Deepfakes were defined in the report as videos, images or audio files that have been altered or manipulated using Artificial Intelligence (AI) techniques to misrepresent someone’s words or actions.
Read now: UK Government Launches AI Safety Scheme to Tackle Deepfakes
Vulnerabilities to Deepfake Attacks
The broad accessibility of Parliament TV means the videos are highly susceptible to deepfake attacks, with the researchers identifying three key threats:
Hacking the Stream
Attackers can hijack a live stream by breaking into the network and chain of video, intercepting the data that's going into or out of the building’s encoders to reach the front-end video player and inserting a foreign video source.
Viewers would then see the manipulated video on the live stream platform and on the YouTube syndicated channel, and external broadcasters would instantly refeed it.
Additionally, attackers could use a live deepfake targeting people who dial in to Parliament by Zoom to give evidence. This would require the compromise of the individual’s laptop in their home.
While such attacks would be difficult to conduct as they require significant technical expertise, a similar incident did occur in 2024 when Iranian armed forces hacked into a streaming services run by the United Arab Emirates with a broadcast featuring an AI-generated news anchor.
This threat is a question of cybersecurity for the Scottish Parliament, the researchers said.
Wider Social Media Dissemination
The second potential deepfake threat relates to malicious actors creating deepfake videos of Parliament and distributing them via social media channels.
This can be done in a variety of ways, including downloading and manipulating clips from Scottish Parliament TV to spread via personal social media channels and creating fake social media accounts posing as the Scottish Parliament and streaming or uploading synthetic content.
This threat is more feasible than hacking video streams as it requires less sophisticated technical capacity and is harder to prevent.
Training Material
The researchers noted that the parliamentary video archive provides training “feedstock” for creating harassment and abuse materials targeting members of the Scottish Parliament (MSPs), with those who are female, LGBTQ, people of color and have disabilities particularly at risk from such campaigns.
Tackling Deepfake Threats to Parliamentary Streaming
Currently, the Scottish Parliament has no formal processes in place to respond to deepfake threats.
#, strong “institutional resilience” was identified in the study, with many of the staff employed at Scottish Parliament TV have more than a decade of experience in broadcast and in parliamentary business. This means there is significant expertise in detecting unusual activity quickly.
Nevertheless, the researchers set out several institutional solutions that the Scottish Parliament should adopt to mitigate the risk of deepfake attacks:
- Develop formal intervention plan and reporting procedures for a deepfake or misinformation attack
- Institute further material and human-in-the-loop checks, including having cameras dump a live feed to file locally straight from the recording apparatus itself and authentication checks for participants dialling in to give evidence
- Establish a communications team within the broadcasting unit to support to MSPs who encounter or are victims of misinformation and track how parliamentary content is being circulated and used