Eddie Murphy has made the US news for sying 'shit' on the long running TV comedy show Saturday Night Live.
During a sketch that spoofed Food Network's Holiday Baking Championship on SNL Saturday, Murphy let slip a rather minor expletive
that was bleeped out for some but wasn't for others. But in a borderline-cute case of modern political correctness, the comic realized the gaffe and put his hand over his mouth.
Google reported on 20th November 2019 that electoral announcements can no longer be targeted to specific groups. The political advertisements in Google Ads can only be segmented based on the general categories: age, sex, and general location (postal
This new regulation will enter into force on 6th January 20120 in the United States.
Brad Parscale, the director of the Trump 2020 campaign criticized Google's new advertising policy for considering that it was specially designed to
prevent the re-election of the president. He told Fox News:
2016 freaked them out because I used a whole bunch of liberal platforms to do it.I guarantee you, this decision came from another room full of people going,
'Oh my God, we've got to stop them.'
The new rules imply that campaign advisers will not be able to target voters based on their political affiliations, even if they have previously stated that they would like to be contacted.
Critical voices about Google's new policy were also heard from the Democratic side. In an article published in Medium magazine, a group of Democratic digital operatives and strategists stated that the measure has a strong impact on the Democratic voting base, which uses digital media relatively more.
After being heavily fined for child privacy issues about personalised advertising on YouTube, Google is trying to get its house in order. It will soon be rolling out new rules that prevent the profiling of younger viewers for advertising purposes.
restrictions on personalised advertising will negatively affect the livelihoods of many YouTube creators. It is pretty clear that Peppa Pig videos will be deemed off limits for personalised adverts, but a more difficult question is what about more
general content that appeals to adults and children alike?
YouTube is demanding clearer guidelines about this situation from the government internet privacy censors of the Federal Trade Commission (FTC). The law underpinning the requirements is known
as COPPA [the Children's Online Privacy Protection Act]. YouTube wrote to the FTC asking:
We believe there needs to be more clarity about when content should be considered primarily child-directed
are also writing to the FTC out of fear that the changes and vague guidance could destroy their channels.
The FTC has responded by initiating a public consultation.
In comments filed with the FTC Monday , YouTube invoked arguments raised by
creators, writing that adult users also engage with videos that could traditionally be considered child-directed, like crafting videos and content focused on collecting old toys:
Sometimes, content that isn't intentionally
targeting kids can involve a traditional kids activity, such as DIY, gaming and art videos. Are these videos 'made for kids,' even if they don't intend to target kids? This lack of clarity creates uncertainty for creators.
By the way
of a comparison, the British advert censors at ASA has a basic rule that if the proportion of kids watching is greater than 25% of the total audience then child protection rules kick in. Presumably the figure 25% is about what one expect for content that
appeals to all ages equally.
Yesterday the US Senate Judiciary Committee held a hearing on encryption and lawful access. That's the fanciful idea that encryption providers can somehow allow law enforcement access to users' encrypted data while otherwise preventing the bad guys
from accessing this very same data.
But the hearing was not inspired by some new engineering breakthrough that might make it possible for Apple or Facebook to build a secure law enforcement backdoor into their encrypted devices
and messaging applications. Instead, it followed speeches, open letters, and other public pressure by law enforcement officials in the U.S. and elsewhere to prevent Facebook from encrypting its messaging applications, and more generally to portray
encryption as a tool used in serious crimes, including child exploitation. Facebook has signaled it won't bow to that pressure. And more than 100 organizations including EFF have called on these law enforcement officials to reverse course and avoid
gutting one of the most powerful privacy and security tools available to users in an increasingly insecure world.
Many of the committee members seemed to arrive at the hearing convinced that they could legislate secure backdoors.
Among others, Senators Graham and Feinstein told representatives from Apple and Facebook that they had a responsibility to find a solution to enable government access to encrypted data. Senator Graham commented:
advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you.
But when it came to questioning witnesses, the senators had trouble
establishing the need for or the feasibility of blanket law enforcement access to encrypted data. As all of the witnesses pointed out, even a basic discussion of encryption requires differentiating between encrypting data on a smartphone, also called
encryption at rest, and end-to-end encryption of private chats, for example.
As a result, the committee's questioning actually revealed several points that undercut the apocalyptic vision painted by law enforcement officials in
recent months. Here are some of our takeaways:
There's No Such Thing As an Unhackable Phone
The first witness was Manhattan District Attorney Cyrus Vance, Jr., who has called for Apple and Google to
roll back encryption in their mobile operating systems. Yet by his own statistics, the DA's office is able to access the contents of a majority of devices it encounters in its investigations each year. Even for those phones that are locked and encrypted,
Vance reported that half could be accessed using in-house forensic tools or services from outside vendors. Although he stressed both the high cost and the uncertainty of these tools, the fact remains that device encryption is far from an insurmountable
barrier to law enforcement.
As we saw when the FBI dramatically lowered its own estimate of unhackable phones in 2017, the level of security of these devices is not static. Even as Apple and Google patch vulnerabilities that might
allow access, vendors like Cellebrite and Grayshift discover new means of bypassing security features in mobile operating systems. Of course, no investigative technique will be completely effective, which is why law enforcement has always worked every
angle it can. The cost of forensic tools may be a concern, but they are clearly part of a variety of tools law enforcement use to successfully pursue investigations in a world with widespread encryption.
Lawful Access to
Encrypted Phones Would Take Us Back to the Bad Old Days
Meanwhile, even as Vance focused on the cost of forensic tools to access encrypted phones, he repeatedly ignored why companies like Apple began fully encrypting their
devices in their first place. In a colloquy with Senator Mike Lee, Apple's manager of user privacy Erik Neuenschwander explained that the company's introduction of full disk encryption in iOS in 2014 was a response to threats from hackers and criminals
who could otherwise access a wealth of sensitive, unencrypted data on users' phones. On this point, Neuenschwander explained that Vance was simply misinformed: Apple has never held a key capable of decrypting encrypted data on users' phones.
Neuenschwander explained that he could think of only two approaches to accomplishing Vance's call for lawful access, both of which would dramatically increase the risks to consumers. Either Apple could simply roll back encryption on
its devices, leaving users exposed to increasingly sophisticated threats from bad actors, or it could attempt to engineer a system where it did hold a master key to every iPhone in the world. Regarding the second approach, Neuenschwander said as a
technologist, I am extremely fearful of the security properties of such a system. His fear is well-founded; years of research by technologists and cryptographers confirm that key escrow and related systems are highly insecure at the scale and complexity
of Apple's mobile ecosystem.
End-to-End Encryption Is Here to Stay
Finally, despite the heated rhetoric directed by Attorney General Barr and others at end-to-end encryption in messaging
applications, the committee found little consensus. Both Vance and Professor Matt Tait suggested that they did not believe that Congress should mandate backdoors in end-to-end encrypted messaging platforms. Meanwhile, Senators Coons, Cornyn, and others
expressed concerns that doing so would simply push bad actors to applications hosted outside of the United States, and also aid authoritarian states who want to spy on Facebook users within their own borders. Facebook's director for messaging privacy Jay
Sullivan discussed ways that the company will root out abuse on its platforms while removing its own ability to read users' messages. As we've written before, an encrypted Facebook Messenger is a good thing , but the proof will be in the pudding.
Ultimately, while the Senate Judiciary Committee hearing offered worrying posturing on the necessity of backdoors, we're hopeful that Congress will recognize what a dangerous idea legislation would be in this area.
Comment: Open Rights Group joins international outcry over UK government calls to access private messages
Open Rights Group has joined dozens of other organizations signing an open letter to the UK government to express significant concerns raised by their recent statements against encryption.
The UK Home Secretary, Priti Patel,
has joined her US counterparts in demanding weaker encryption and asking i nternet companies to design digital back doors into their messaging services. The UK government suggests stronger capabilities to monitor private messages will aid inf fighting
terrorism and child abuse. ORG disagrees, arguing that alternative approaches must be used as the proposed measures will weaken the security of every internet user.
ORG is concerned that this attack on encryption forms a pattern
of attacks on digital privacy and security by the UK government. Only last week leaked documents showed that the UK wants to give the US access to NHS records and other personal information, in a free flow of data between the two countries.
The open letter was also addressed to US and Australian authorities, and was coordinated by the US-based Open Technology Institute and was signed, among others, by Amnesty International, Article 19, Index on Censorship, Privacy
International and Reporters Without Borders.
Javier Ruiz Diaz, Policy Director for Open Rights Group, said:
The Home Secretary wants to be able to access our private messages in WhatsApp and
similar apps, demanding that companies remove the technical protections that keep out fraudsters and other criminals. This is wrong and will make the internet less safe. Surveillance measures should be targeted and not built into the apps used by
millions of people to talk to their friends and family.
Comment: Facebook has also responded to UK/US/Australian government calls for back doors
As the Heads of WhatsApp and Messenger, we are writing in response to your public letter addressing our plans to strengthen private messaging for our customers. You have raised important issues that could impact the future of free societies in the
digital age and we are grateful for the opportunity to explain our view.
We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals or repressive regimes. Every day,
billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages they share private information that they only want the person they
message to see. And it is the fact that these messages are encrypted that forms the first line of defense, as it keeps them safe from cyber attacks and protected from falling into the hands of criminals. The core principle behind end-to-end encryption is
that only the sender and recipient of a message have the keys to unlock and read what is sent. No one can intercept and read these messages - not us, not governments, not hackers or criminals.
We believe that people have a right
to expect this level of security, wherever they live. As a company that supports 2.7 billion users around the world, it is our responsibility to use the very best technology available to protect their privacy. Encrypted messaging is the leading form of
online communication and the vast majority of the billions of online messages that are sent daily, including on WhatsApp, iMessage, and Signal, are already protected with end-to-end encryption.
Cybersecurity experts have
repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The backdoor access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for
them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People's private messages would be less
secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.
The head of TikTok is reportedly planning a trip to Washington, D.C., next week to meet with lawmakers who have harshly criticized the app over its purported ties to the Chinese government and concerns over censorship and privacy.
This appears to be
the first visit that the TikTok chief, Alex Zhu, has been called to account for the short video-sharing platform. TikTok has become an oft-discussed target among those in the US government, who recently opened a national security investigation and have
questioned how close the relationship is between the platform and its China-based parent company, ByteDance.
TikTok has been downloaded more than 1.5 billion times globally, an indicator of its rapid rise as a platform -- especially loved by teens
-- for creating and sharing short videos and launching the latest viral memes across the internet.
TikTok has faced increasing scrutiny over ties to its parent company, a $75 billion company based out of China called ByteDance. TikTok has
consistently defended itself by asserting that none of its moderators are based in China, and that no foreign government asks the platform to censor content. However when pro-democracy protests broke out in Hong Kong earlier this year, TikTok was
curiously devoid of any hints of unrest, and videos instead documented a prettier picture.
In a letter to Attorney General William Barr, four Republican members of Congress are demanding that the Justice Department enforce existing obscenity laws to censor pornography.
The letter was signed by Jim Banks of Indiana, Mark Meadows of North
Carolina, Vicky Hartzler of Missouri and Brian Babin of Texas. The representatives remind the AG of a promise made by President Trump to go after the adult industry with obscenity laws already on the books. The letter reads:
Attorney General Barr:
We write to you today out of concern for the rule of law as well as the welfare of our people.
The Internet and other evolving technologies are fueling the explosion of obscene
pornography by making it more accessible and visceral. This explosion in pornography coincides with an increase in violence towards women and an increase in the volume of human trafficking as well us child pornography. Victims are not limited to those
directly exploited, however, and include society writ large. This phenomenon is especially harmful to youth, who are being exposed to obscene pornography at exponentially younger ages.
Fortunately, U.S. obscenity laws exist that,
if enforced, can ameliorate this problem, as you well know from your previous term as U.S. Attorney General when you effectively shut down the pornography industry and dramatically decreased child pornography in America.
U.S. laws prohibit distribution of obscene pornography on the Internet. on cable/satellite TV. in hotels/motels, by retail or wholesale establishments, and by common carrier. Yet the enforcement of obscenity laws was stopped by the Obama Administration
when Attorney General Eric Holder disbanded the Obscenity Prosecution Task Force in the Criminal Division.
In August 2016, then-candidate Donald J. Trump signed the first-ever anti-pornography pledge. This asserted that, if
elected, President Trump would enforce federal obscenity laws to stop the explosion of obscene pornography. This pledge has so far been ignored in the Trump Administration with the result that the harms of illegal pornography have continued unabated,
affecting children and adults so acutely to the point that 15 state legislatures have declared that pornography is causing a public health crisis. It is imperative that you follow through on this important campaign promise diode by Mr. Trump.
Given the pervasiveness of obscenity it's our recommendation that you declare the prosecution of obscene pornography a criminal justice priority and urge your U.S. Attorneys to bring prosecutions against the major producers and
distributors of such material.
We urge you to take this simple yet important step toward protecting the lives of those affected by these long ignored crimes. We look forward to your response regarding this request and other action
the Department of Justice is prepared to take in light of these abuses.
Jim Banks of Indiana Mark Meadows of North Carolina Vicky Hartzler of Missouri Brian Babin of Texas.
In a major victory for privacy rights, a federal court has held that the federal government's suspicionless searches of smartphones, laptops, and other electronic devices at airports or other U.S. ports of entry are unconstitutional.
In recent years,
as the number of devices searched at the border has quadrupled, international travelers returning to the United States have increasingly reported cases of invasive searches.
Documents and testimony we and the Electronic Frontier Foundation
obtained as part of our lawsuit challenging the searches revealed that the government has been using the border as a digital dragnet. CBP and ICE claim sweeping authority to search our devices for purposes far removed from customs enforcement, such as
finding information about someone other than the device's owner.
The court's order makes clear that these fishing expeditions violate the Fourth Amendment. The government must now demonstrate reasonable suspicion that a device contains illegal
contraband. That's a far more rigorous standard than the status quo, under which officials claim they can rummage through the personal information on our devices at whim and with no suspicion at all.
The US authorities came down heavily on Google for YouTube's violations of the 1998 US children's data privacy law called COPPA. This ended up with Google handing over $170 million in settlement of claims from the US FTC (Federal Trade Commission).
COPPA restricts operators of websites and online services from collecting the personal information of under-13 users without parental permission. The definition of personal information includes personal identifiers used in cookies to profile internet
users for targeted advertising purposes.
So now YouTube has announced new procedures starting 1st January 2010. All content creators will have to designate whether or not each of their videos is directed to children (aka kid-directed aka
child-directed) by checking a box during the upload process. Checking that box will prevent the video from running personalized ads. This rule applies retrospectively so all videos will have to be reviewed and flagged accordingly.
It is probably
quite straightforward to identify children's videos, but creators are worried about more general videos for people of all ages that also appeal to kids.
And of course there are massive concerns for all those creators affected about revenues decreasing
as adverts switch from personalised to general untargeted ads.
tubefilter.com ran a small
experiment suggesting that revenues will drop between 60 and 90% for videos denies targeted advertising.
And of course this will have a knock on to the viability of producing videos for a young audience. No doubt the small creators will be hit
hardest, leaving the market more open for those that can make up the shortfall by working at scale.
TikTok has surged in popularity over the past year, becoming not just a place for music mashups, but also short memes in the spirit of Vine. However, the rise of TikTok has also piqued the interest of US federal officials, who are worried that the
China-owned social media network could be storing user data improperly or censoring content.
The Committee on Foreign Investment in the United States (CIFUS), which reviews buyouts from foreign companies for national security risks, is said to be
investigating unpublished concerns.
US senators are also worried about TikTk's collection of user data, and whether the service censors content in the U.S.
An absurd thing is happening in the halls of Congress. Major ISPs such as Comcast, AT&T, and Verizon are banging on the doors of legislators to stop the deployment of DNS over HTTPS (DoH), a technology that will give users one of the biggest
upgrades to their Internet privacy and security since the proliferation of HTTPS . This is because DoH ensures that when you look up a website, your query to the DNS system is secure through encryption and can't be tracked, spoofed, or blocked.
But despite these benefits, ISPs have written dozens of congressional leaders about their concerns, and are handing out misleading materials invoking Google as the boogeyman. EFF, Consumer Reports, and National Consumers League wrote
this letter in response .
The reason the ISPs are fighting so hard is that DoH might undo their multi-million dollar political effort to take away user privacy. DoH isn't a Google technology--it's a standard, like HTTPS. They know
that. But what is frustrating is barely two years ago, these very same lobbyists, and these very same corporations, were meeting with congressional offices and asking them to undo federal privacy rules that protect some of the same data that encrypted
DNS allows users to hide.
ISPs Want to Protect an Illegitimate Market of Privacy Invasive Practices to "Compete" with Google's Privacy Invasive Practices, Congress Should Abolish Both
Congress shouldn't take its cues from these players on user privacy. The last time they did, Congress voted to take away users' rights . As long as DNS traffic remains exposed, ISPs can exploit our data the same way that Facebook and Google do. That's the subtext of this ISP effort. Comcast and its rivals are articulating a race to the bottom. ISPs will compete with Internet giants on who can invade user privacy more, then sell that to advertisers.
The major ISPs have also pointed out that centralization of DNS may not be great for user privacy in the long run. That's true, but that would not be an issue if everyone adopted DoH across the board. Meaning, the solution isn't
to just deny anyone a needed privacy upgrade. The solution is to create laws that abolish the corporate surveillance model that exists today for both Google and Comcast.
But that's not what the ISPs want Congress to do, because
they're ultimately on the same side as Google and other big Internet companies--they don't want us to have effective privacy laws to handle these issues. Congress should ignore the bad advice it's getting from both the major ISPs and Big Tech on consumer
privacy, and instead listen to the consumer and privacy groups.
EFF and consumer groups have been pleading with Congress to pass a real privacy law, which would give individuals a right to sue corporations that violate their
privacy, mandate opt-in consent for use of personal information, and allowing the states to take privacy law further, should the need arise . But many in Congress are still just listening to big companies, even holding Congressional hearings that only
invite industry and no privacy groups to "learn" what to do next. In fact the only reason we don't have a strong federal privacy law because corporations like Comcast and Google want Congress to simply delete state laws like California's CCPA
and Illinois's Biometric Protection Act while offering virtually nothing to users.
DNS over HTTPS Technology Advances More than Just Privacy, It Advances Human Rights and Internet Freedom
from the debate is the impact DoH has on Internet freedom and human rights in authoritarian regimes where the government runs the broadband access network. State-run ISPs in Venezuela , China , and Iran have relied on insecure DNS traffic to censor
content and target activists . Many of the tools governments like China and Iran rely on in order to censor content relies on exposed DNS traffic that DoH would eliminate. In other words, widespread adoption of encrypted DNS will shrink the censorship
toolbox of authoritarian regimes across the world. In other words the old tools of censorship will be bypassed if DoH is systematically adopted globally. So while the debate about DoH is centered on data privacy and advertising models domestically, U.S.
policymakers should recognize the big picture being that DoH can further American efforts to promote Internet freedom around the world. They should in fact be encouraging Google and the ISPs to offer encrypted DNS services and for them to quickly adopt
it, rather than listen to ISP's pleas to stop it outright.
For ISPs to retain the power to censor the Internet, DNS needs to remain leaky and exploitable. That's where opposition to DoH is coming from. And the oposition to DoH
today isn't much different from early opposition to the adoption of HTTP.
EFF believes this is the wrong vision for the Internet. We've believed, since our founding, that user empowerment should be the center focus. Let's try to
advance the human right of privacy on all fronts. Establishing encrypted DNS can greatly advance this mission - fighting against DoH is just working on behalf of the censors.
The U.S. House of Representatives has passed the CASE Act, a new bill that proposes to institute a small claims court for copyright disputes. Supporters see the legislation as the ideal tool for smaller creators to protect their works, but opponents
warn that it will increase the number of damages claims against regular Internet users. The new bill, which passed with a clear 410-6 vote, will now progress to the Senate.
The bill is widely supported by copyright-heavy industry
groups as well as many individual creators. However, as is often the case with new copyright legislation, there's also plenty of opposition from digital rights groups and Internet users who fear that the bill will do more harm than good.
Supporters of the CASE Act point out that the new bill is the missing piece in the present copyright enforcement toolbox. They believe that many creators are not taking action against copyright infringers at the moment, because filing
federal lawsuits is too expensive. The new small claims tribunal will fix that, they claim.
Opponents, for their part, fear that the new tribunal will trigger an avalanche of claims against ordinary Internet users, with potential
damages of up to $30,000 per case. While targeted people have the choice to opt-out, many simply have no clue what to do, they argue.
Thus far legislators have shown massive support for the new plan. Yesterday the bill was up for
a vote at the U.S. House of Representatives where it was passed with overwhelming bipartisan support. With a 410-6 vote , the passage of the CASE Act went smoothly.
Public Knowledge and other groups, such as EFF and Re:Create ,
fear that the bill will lead to more copyright complaints against regular Internet users. Re:Create's Executive Director Joshua Lamel hopes that the Senate will properly address these concerns. Lamel notes:
CASE Act will expose ordinary Americans to tens of thousands of dollars in damages for things most of us do everyday. We are extremely disappointed that Congress passed the CASE Act as currently written, and we hope that the Senate will do its due
diligence to make much-needed amendments to this bill to protect American consumers and remove any constitutional concerns,
A bill has being considered by Massachusetts state lawmakers that bans the derogatory use of the word bitshc and is worded:
A person who uses the word 'bitchh' directed at another person to accost, annoy, degrade or demean
the other person shall be considered to be a disorderly person in violation of this section.
If the bill is turned into law, those who violate the policy would be subject to penalties such as prison time of six months or less and a
fine of $200 or less.
However the bill is more of a resident's petition than a seriously supported move by lawmakers and has little prospect of proceeding. The Bill was presented by the state House Representative Daniel Hunt who explained the
One of the responsibilities of all Representatives is to serve as a conduit for direct petitions from our constituents to the General Court. It's a long-held tradition that gives every Massachusetts resident
a voice inside the halls of the State House and a chance to raise their personal interests before the legislature. While this specific instance may amuse some and alarm others, it remains a important process for self-representation.
The US House of Representatives has just voted in favor of the Copyright Alternative in Small-Claims Enforcement Act (CASE Act) by 410-6 (with 16 members not voting), moving forward a bill that Congress has had
no hearings and no debates on so far this session. That means that there has been no public consideration of the
serious harm the bill could do to regular Internet users and their expression online.
The CASE Act creates a new body in the Copyright Office which will receive copyright complaints, notify the person being sued, and then decide
if money is owed and how much. This new Copyright Claims Board will be able to fine people up to $30,000 per proceeding. Worse, if you get one of these notices (maybe an email, maybe a letter--the law actually does not specify) and accidentally ignore
it, you're on the hook for the money with a very limited ability to appeal. $30,000 could bankrupt or
otherwise ruin the lives of many Americans.
California Governor Gavin Newsom has signed legislation that institutes penalties for nonconsensual, sexually explicit digital videos, tagged deep fakes.
The legislation, Assembly Bill 602, targets companies and individuals who create and distribute
the videos in California without the consent of the individual being depicted.
The issue is particularly pertinent in California as Hollywood and US TV stars are very much those targeted by the deep fakers.
The Screen Actors Guild-American
Federation of Television and Radio Artists (SAG-AFTRA) is a union representing many of the film and TV stars.
SAG-AFTRA has commended California Newsom for signing the legislation into law. The group said that the legislation was meaningful
recourse for the victims, many of whom are members of SAG-AFTRA. The group's president Gabrielle Carteris said:
We are absolutely thrilled that Gov. Newsom stood by the victims, most of whom are women, of nonconsensual
pornography by signing AB 602 into law. I want to thank the governor; the bill's authors, Assembly member Marc Berman and Sen. Connie Leyva; and all the California lawmakers who unanimously voted for this legislation. AB 602 is a victory for all
Californians. Deepfake technology can be weaponized against any person. Every person deserves the basic human right to live free from image-based sexual abuse.
Update: A second deep fake bill protects
politicians from having words put in their mouths
Governor Gavin Newsom in fact signed two bills into law that limit what people can do with deep fakes. The second law makes it illegal to make and distribute a malicious deep fake of a politician within two months of an
Presumably the lawmakers are worrying that politicians can be depicted as saying thing that they did not in fact say.
However this bill seems a little ahead of its time as deep fakes are not really being used for this reason so
far. A new report by DeepTrace, a company that builds tools to spot synthetic media. The company says that it has identified 14,678 deepfakes on the internet but most of them weren't created to mess with elections. In fact 96% of the deepfakes were still
plain old fake porn.
Facebook has quietly rescinded a policy banning false claims in advertising, creating a specific exemption that leaves political adverts unconstrained regarding how they could mislead or deceive.
Facebook had previously banned adverts containing
deceptive, false or misleading content, a much stronger restriction than its general rules around Facebook posts. But, as reported by the journalist Judd Legum , in the last week the rules have narrowed considerably, only banning adverts that include
claims debunked by third-party fact-checkers, or, in certain circumstances, claims debunked by organisations with particular expertise.
A separate policy introduced by the social network recently declared opinion pieces and satire ineligible for
verification, including any website or page with the primary purpose of expressing the opinion or agenda of a political figure. The end result is that any direct statement from a candidate or campaign cannot be fact-checked and so is automatically
exempted from policies designed to prevent misinformation. (After the publication of this story, Facebook clarified that only politicians currently in office or running for office, and political parties, are exempt: other political adverts still need to
Home Secretary Priti Patel has signed an historic agreement that will enable British law enforcement agencies to directly demand electronic data relating to terrorists, child sexual abusers and other serious criminals from US tech firms.
The world-first UK-US Bilateral Data Access Agreement will dramatically speed up investigations and prosecutions by enabling law enforcement, with appropriate authorisation, to go directly to the tech companies to access data, rather
than through governments, which can take years.
The Agreement was signed with US Attorney General William P. Barr in Washington DC, where the Home Secretary also met security partners to discuss the two countries' ever deeper
cooperation and global leadership on security.
The current process, which see requests for communications data from law enforcement agencies submitted and approved by central governments via Mutual Legal Assistance (MLA), can
often take anywhere from six months to two years. Once in place, the Agreement will see the process reduced to a matter of weeks or even days.
The US will have reciprocal access, under a US court order, to data from UK
communication service providers. The UK has obtained assurances which are in line with the government's continued opposition to the death penalty in all circumstances.
Any request for data must be made under an authorisation in
accordance with the legislation of the country making the request and will be subject to independent oversight or review by a court, judge, magistrate or other independent authority.
The Agreement does not change anything about
the way companies can use encryption and does not stop companies from encrypting data.
It gives effect to the Crime (Overseas Production Orders) Act 2019, which received Royal Assent in February this year and was facilitated by
the CLOUD Act in America, passed last year.
Letter to Mark Zuckerberg asking him not to keep his internet users safe through encrypted messages
The Home Secretary has also published an open letter to
Facebook, co-signed with US Attorney General William P. Barr, Acting US Homeland Security Secretary Kevin McAleenan and Australia's Minister for Home Affairs Peter Dutton, outlining serious concerns with the company's plans to implement end-to-end
encryption across its messaging services. The letter reads:
Dear Mr. Zuckerberg,
We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the
content of communications to protect our citizens.
In your post of 6 March 2019, 'A Privacy-Focused Vision for Social Networking', you acknowledged that "there are real safety concerns to address before we can implement
end-to-end encryption across all our messaging services." You stated that "we have a responsibility to work with law enforcement and to help prevent" the use of Facebook for things like child sexual exploitation, terrorism, and extortion.
We welcome this commitment to consultation. As you know, our governments have engaged with Facebook on this issue, and some of us have written to you to express our views. Unfortunately, Facebook has not committed to address our serious concerns about
the impact its proposals could have on protecting our most vulnerable citizens.
We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications. We also
respect promises made by technology companies to protect users' data. Law abiding citizens have a legitimate expectation that their privacy will be protected. However, as your March blog post recognized, we must ensure that technology companies protect
their users and others affected by their users' online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world. We must find a way to balance the need to secure data with public safety and the need
for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. Not doing so hinders our law enforcement agencies' ability to stop criminals and abusers in their tracks.
Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a
company's ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries' attempts to undermine democratic values and institutions, preventing the prosecution of offenders
and safeguarding of victims. It also impedes law enforcement's ability to investigate these and other serious crimes.
Risks to public safety from Facebook's proposals are exacerbated in the context of a single platform that would
combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.
Facebook currently undertakes significant work to identify and tackle the most
serious illegal content and activity by enforcing your community standards. In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC) -- more than 90% of the 18.4 million total reports that year.
As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life. The UK National Crime Agency (NCA)
estimates that, last year, NCMEC reporting from Facebook will have resulted in more than 2,500 arrests by UK law enforcement and almost 3,000 children safeguarded in the UK. Your transparency reports show that Facebook also acted against 26 million
pieces of terrorist content between October 2017 and March 2019. More than 99% of the content Facebook takes action against -- both for child sexual exploitation and terrorism -- is identified by your safety systems, rather than by reports from users.
While these statistics are remarkable, mere numbers cannot capture the significance of the harm to children. To take one example, Facebook sent a priority report to NCMEC, having identified a child who had sent self-produced child
sexual abuse material to an adult male. Facebook located multiple chats between the two that indicated historical and ongoing sexual abuse. When investigators were able to locate and interview the child, she reported that the adult had sexually abused
her hundreds of times over the course of four years, starting when she was 11. He also regularly demanded that she send him sexually explicit imagery of herself. The offender, who had held a position of trust with the child, was sentenced to 18 years in
prison. Without the information from Facebook, abuse of this girl might be continuing to this day.
Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be
possible if Facebook implements its proposals as planned. NCMEC estimates that 70% of Facebook's reporting -- 12 million reports globally -- would be lost. This would significantly increase the risk of child sexual exploitation or other serious harms.
You have said yourself that "we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves". While this trade-off has not been quantified, we are very
concerned that the right balance is not being struck, which would make your platform an unsafe space, including for children.
Equally important to Facebook's own work to act against illegal activity, law enforcement rely on
obtaining the content of communications, under appropriate legal authorisation, to save lives, enable criminals to be brought to justice, and exonerate the innocent.
We therefore call on Facebook and other companies to take the
embed the safety of the public in system designs, thereby enabling you to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims
enable law enforcement to obtain lawful access to content in a readable and usable format
engage in consultation with governments to facilitate this in a way that is substantive and genuinely
influences your design decisions
not implement the proposed changes until you can ensure that the systems you would apply to maintain the safety of your users are fully tested and operational
We are committed to working with you to focus on reasonable proposals that will allow Facebook and our governments to protect your users and the public, while protecting their privacy. Our technical experts are confident that we can
do so while defending cyber security and supporting technological innovation. We will take an open and balanced approach in line with the joint statement of principles signed by the governments of the US, UK, Australia, New Zealand, and Canada in August
2018 and the subsequent communique agreed in July this year .
As you have recognised, it is critical to get this right for the future of the internet. Children's safety and law enforcement's ability to bring criminals to justice
must not be the ultimate cost of Facebook taking forward these proposals.
Rt Hon Priti Patel MP, United Kingdom Secretary of State for the Home Department
Barr, United States Attorney General
Kevin K. McAleenan, United States Secretary of Homeland Security (Acting)
Hon Peter Dutton MP, Australian Minister for Home Affairs
Top law enforcement officials in the United States, United Kingdom, and Australia told Facebook today that they want backdoor access to all encrypted messages sent on all its platforms. In an
open letter , these governments called on Mark Zuckerberg to stop Facebook's
plan to introduce end-to-end encryption on all of the company's messaging products and instead promise that it
will "enable law enforcement to obtain lawful access to content in a readable and usable format."
This is a staggering attempt to undermine the security and privacy of communications tools used by billions of people.
Facebook should not comply. The letter comes in concert with the signing of a new agreement between the US and UK to provide access to allow law enforcement in one jurisdiction to more easily obtain electronic data stored in the other jurisdiction. But
the letter to Facebook goes much further: law enforcement and national security agencies in these three countries are asking for nothing less than access to every conversation that crosses every digital device.
The letter focuses
on the challenges of investigating the most serious crimes committed using digital tools, including child exploitation, but it ignores the severe risks that introducing encryption backdoors would create. Many people--including journalists, human rights
activists, and those at risk of abuse by intimate partners--use encryption to stay safe in the physical world as well as the online one. And encryption is central to preventing criminals and even corporations from spying on our private conversations, and
to ensure that the communications infrastructure we rely on is truly working as intended . What's more, the backdoors
into encrypted communications sought by these governments would be available not just to governments with a supposedly functional rule of law. Facebook and others would face immense pressure to also provide them to authoritarian regimes, who might seek
to spy on dissidents in the name of combatting terrorism or civil unrest, for example.
We would like to bring to your attention an issue that is of concern to all our organizations. Google is beginning to implement encrypted Domain Name System lookups into its Chrome browser and Android operating system through a new protocol for wireline
and wireless service, known as DNS over HTTPS (DoH). If not coordinated with others in the internet ecosystem, this could interfere on a mass scale with critical internet functions, as well as raise data competition issues. We ask that the Committee seek
detailed information from Google about its current and future plans and timetable for implementing encrypted DNS lookups, as well as a commitment not to centralize DNS lookups by default in Chrome or Android without first meeting with others in the
internet ecosystem, addressing the implications of browser- and operating-system-based DNS lookups, and reaching consensus on implementation issues surrounding encrypted DNS.
Google is unilaterally moving forward with centralizing
encrypted domain name requests within Chrome and Android, rather than having DNS queries dispersed amongst hundreds of providers. When a consumer or enterprise uses Google's Android phones or Chrome web browser, Android or Chrome would make Google the
encrypted DNS lookup provider by default and most consumers would have limited practical knowledge or ability to detect or reject that choice. Because the majority of worldwide internet traffic (both wired and wireless) runs through the Chrome browser or
the Android operating system, Google could become the overwhelmingly predominant DNS lookup provider.
While we recognize the potential positive effects of encryption, we are concerned about the potential for default, centralized
resolution of DNS queries, and the collection of the majority of worldwide DNS data by a single, global internet company. By interposing itself between DNS providers and the users of the Chrome browser (> 60% worldwide share) and Android phones (>
80% worldwide share of mobile operating systems), Google would acquire greater control over user data across networks and devices around the world. This could inhibit competitors and possibly foreclose competition in advertising and other industries
Moreover, the centralized control of encrypted DNS threatens to harm consumers by interfering with a wide range of services provided by ISPs (both enterprise and public-facing) and others. Over the last several decades, DNS has been
used to build other critical internet features and functionality including: (a) the provision of parental controls and IoT management for end users; (b) connecting end users to the nearest content delivery networks, thus ensuring the delivery of content
in the fastest, cheapest, and most reliable manner; and (c) assisting rights holders' and law enforcement's efforts in enforcing judicial orders in combatting online piracy, as well as law enforcement's efforts in enforcing judicial orders in combatting
the exploitation of minors. Google's centralization of DNS would bypass these critical features, undermining important consumer services and protections, and likely resulting in confusion because consumers will not understand why these features are no
longer working. This centralization also raises serious cybersecurity risks and creates a single point of failure for global Internet services that is fundamentally at odds with the decentralized architecture of the internet. By limiting the ability to
spot network threat indicators, it would also undermine federal government and private sector efforts to use DNS information to mitigate cybersecurity risks.
For these reasons, we ask that the Committee call upon Google not to
impose centralized, encrypted DNS as a default standard in Chrome and Android. Instead, Google should follow the Internet Engineering Task Force best practice of fully vetting internet standards, and the internet community should work together to build
consensus to ensure that encrypted DNS is implemented in a decentralized way that maximizes consumer welfare and avoids the disruption to essential services identified above
CTIA NCTA The
Internet & Television Association US Telecom The Broadband Association