SPECIAL REPORT: Cybersecurity
Our team's special coverage on Cybersecurity
Big tech companies need to be liable for illicit activity on their platforms, experts tell House committee
Most of the organized crime syndicates operate on the open web and tech companies should be liable for their activity on their websites.
read more
GAO report: Not clear if U.S. infrastructure protected from cyber threats
A report from the Government Accountability Office showed federal agencies had largely failed to collect data on cybersecurity improvements among the nation’s critical infrastructure.
read more
For Election Security, Experts Say Paper May Still Be The Answer
“A really serious attack on the integrity of the election, which [Russia] probably could accomplish if they wanted to, would require paper ballots to recover from,” he said. “If you can go back and you can actually physically count ballots, that’s a way to assure the American people that you will never be able to do digitally.”
read more
As 2020 Looms, Election Security Experts Worry
William Carter, deputy director for the CSIS technology policy program, says that he is very worried about the prospect of a cyberattack on the 2020 election, but it’s not vulnerable voting machines that keep him up at night. To understand where the Russian threat is coming from, he says, “you have to understand the way that they think about attacking our elections.”
read more
International Cooperation Necessary to Keep Japan Cybersecure During the 2020 Olympics, Say Experts
The 2020 summer Olympic games in Tokyo are ripe targets for cyberattacks, and the best defense is international cooperation, experts said Tuesday. “These kinds of international events are ripe for bad actors like Russia to carry out cyberattacks, whether they’re testing new capabilities or whether they’re angry they’re prevented from participating,” said Meg King, strategic and national security advisor to the Wilson Center’s CEO & President.
read moreInside the government’s war against deepfakes
WASHINGTON — Adult film star Raquel Roper was watching a trailer for popular Youtuber Shane Dawson’s new series focusing on the video manipulation trend known as deepfakes. Near the end of the video, she noticed a clip taken from one of her films — but it wasn’t her face depicted onscreen. It was Selena Gomez’s.
Selena Gomez “deepfaked” onto Roper’s video.
Roper was shocked. “You’re taking … the artist’s work, and you are turning it into something that I didn’t want it to be. Selena Gomez has not given consent to have her face morphed into an adult video,” she said in a response video.
“There is no way for me to take legal action against this, and I think that’s what the scariest part of it all is.”
That may soon change. Members of Congress, government officials and researchers are in what some call an “arms race” against deepfakes and their creators, which could lead to legislation against this emerging technology.
The term “deepfakes” refers to videos that have used artificial intelligence techniques to combine and superimpose multiple images or videos onto source material, which can be make it look as if people did or said things they did not. The most widely reported instances of deepfakes include celebrity pornography videos like Roper’s or video manipulations of politicians.
Some, however, believe deepfakes are not as dangerous as reported. The Verge argued deepfake hoaxes haven’t yet materialized, even though the technology is widely available.
In December, Sen. Ben Sasse, R-Neb., introduced a bill criminalizing the creation and distribution of harmful deepfakes — the first federal legislation of its kind. The bill died at the end of the 115th Congress on Jan. 3, but Sasse’s office said he plans to introduce it again in the current session of Congress.
“Washington isn’t paying nearly enough attention…” Sasse said. “To be clear, we’re not talking about a kid making photoshops in his dorm room. We’re talking about targeting the kind of criminal activity that leads to violence or disrupts elections. We have to get serious about these threats.”
Bobby Chesney, director of the Robert S. Strauss Center for International Security and Law at the University of Texas School of Law, briefed House Intelligence Committee Chairman Adam Schiff on the issue. Chesney said the legal solution to the proliferation of harmful deepfakes would not be a complete ban on the technology, which he said would be unethical and nearly impossible to enforce. What is feasible, he said, would be a federal law that would further penalize state crimes many deepfake creators are already committing — whether it’s fraud, intentional infliction of emotional distress, theft of likeness or similar statutes.
Chesney said Sasse’s bill seems to have that purpose, but the problem will most likely not be solved with one piece of legislation.
Government agencies have also begun fighting the falsified videos through research into detection and protection against malicious deepfakes. The Defense Advanced Research Projects Agency began researching methods to counteract deepfakes in 2016 through its Media Forensics program, which has focused on creating technical solutions such as automatically detecting manipulations and providing information on the integrity of visual media.
The program manager, Dr. Matt Turek, said the goal is to create an automated system across the internet that would provide a truth measure of images and videos.
To do so, Turek said, researchers look at digital, physical and semantic indicators in the deepfake. Inconsistencies in pixel levels, blurred edges, shadows, reflections and even weather reports are used to detect the presence of a manipulation.
One of the researchers Siwei Lyu, an associate professor of computer science at the University of Albany, and his team have been looking into detection of deepfakes by exploring two signals he said the fakes often possess — unrealistic blinking and facial movement.
Lyu’s team is also attempting to stop the creation of deepfakes by inserting “noise” into photos or videos that would stop them from being used in automated deepfake software. This “noise,” he said, would most likely be added numbers or pixels inserted into the image, and would be imperceptible to the human eye.
An early prototype will be available on ArXiv, an electronic repository of scientific papers, by early March, he said. The tool could be used as an add-on plugin for users before they upload an image or video online, he said, or could be an add-in used by platforms like Instagram or Youtube to protect images and videos already uploaded by users.
Especially with Russian involvement in the 2016 election, Lyu said, protections are needed against malicious false videos affecting politics.
“So far, deepfake videos have been generated by individuals — a bigger organization hasn’t done it,” he said. “If there is sponsoring of this activity I think they will actually cause a lot of problems.”
Turek said the research project is expected to wrap up in 2020.
However many deepfake creators and tech experts are worried about overregulating the technology. Alan Zucconi, a London-based programmer, is a creator of deepfake tutorials posted on his website and Patreon. They teach people about deepfakes’ potential positive applications, he said, such as historical re-enactments, more realistic dubbing for foreign language films, digitally recreating an amputee’s limb or allowing transgender people to see themselves as a different gender.
Zucconi said the definition of a deepfake given in Sasse’s bill is wrong. The bill defines it as “an audiovisual record created or altered in a manner that the record would falsely appear to a reasonable observer to be an authentic record of the actual speech or conduct of an individual.” But Zucconi said a deepfake is actually a specific product created by a process called deep learning that concerns artificial intelligence.
The solution to malicious deepfakes, he said, is education, which he said should include the topic of consent. Victims of deepfakes typically do not consent to their likenesses being used, he said, and women are disproportionately targeted. Zucconi said this points to a larger issue.
“Deepfakes are not the problem,” he said. “Deepfakes are the manifestation of something much more complex that we as a society need to address.”
Another creator of deepfakes, Youtube personality “derpfakes,” agreed, saying education would be a more effective solution than regulation. Creators of malicious deepfakes would “likely not be dissuaded by such things” as legislation, he said.
Derpfakes has focused on creating satirical deepfakes, such as inserting the actor Nicolas Cage into various pieces of pop culture. So far, derpfakes has inserted Cage into movie series like The Terminator, James Bond, Indiana Jones and Star Trek.
“My main goal with my deepfakes is to bring a smile to some faces and to show the world that deepfakes are not inherently a bad thing,” derpfakes said.
Raquel Roper, however, hopes for a law to prevent the spread of malicious deepfakes like her own stolen video.
“I feel so shocked that this is legal,” she said. “…the original video is a video that I charge people money for…. It is my product. You just need to be more aware that what you may think is just a joke or a fun little project for you, it can really affect people.”
Published in conjunction with 
Pentagon OFFICIALS TOUT ADVANCES IN AI, STRESS NEED FOR MORE DEVELOPMENT
WASHINGTON – Developing more complex artificial intelligence is necessary for the United States to keep pace with Russia and China, top defense technology officials said Tuesday.
Leaders from several Defense Department technology agencies told senators at an armed services subcommittee hearing that efforts are underway to create more advanced AI systems that can learn and use reasoning.
The Defense Advanced Research Projects Agency “research efforts will forge new theories and methods that will make it possible for machines to adapt contextually to changing situations,” said DARPA Deputy Director Peter Highnam.
Lt. Gen. John Shanahan, director of the Defense Department’s new Joint Artificial Intelligence Center, called for a greater sense of urgency in developing technology.
“The speed and scale of technological change required is daunting,” he said. “Ultimately, this [sense of urgency] needs to extend across our entire department, government and society.”
Democrats introduce bill to reinstate net neutrality
WASHINGTON — House and Senate Democrats Wednesday introduced legislation to restore net neutrality protections undone by the Trump administration.
The three-page “Save the Internet Act” would restore a 2015 Obama-era order allowing the Federal Communications Commission to enforce net neutrality, the principle which requires Internet service providers to treat all users as equal. Without it, providers are allowed to set different price points and prioritize some kinds of Internet traffic over others.
The bill would also reclassify broadband Internet as a “utility” under Title II of the Communications Act, which means it can be heavily regulated by the FCC. This is the greatest point of contention between Republicans and Democrats.
In late 2017, the FCC, under Trump appointee Ajit Pai, voted along party lines to remove broadband internet from Title II, thereby repealing net neutrality protections. The move received broad criticism, with the FCC receiving 24 million comments about the 2017 action — more than six times the amount they received about the decision to protect net neutrality in 2015. Many internet content companies, including Netflix, have supported net neutrality, opposing telecom companies like Comcast and AT&T.
The rule change took effect in June 2018, but the FCC has been far from unified on the decision. FCC commissioner Jessica Rosenworcel showed her support for the “Save the Internet Act” on Wednesday.
Rep. Mike Doyle, D-Pa., a sponsor of the bill, said it allows for FCC jurisdiction flexibility, so the Title II issue will be dealt with. Through this act, the agency can regulate new technologies or legal loopholes that may crop up — like broadband Internet did.
Doyle said without net neutrality, internet service providers are too powerful, noting examples of providers slowing down service or blocking applications.
“Consumers and small businesses want the protections and the certainty it’s shown that net neutrality will provide,” he said.
John Howes, a policy counsel at the Computer and Communications Industry Association, said the nonprofit advocacy group is a strong supporter of the bill. The text states no order similar to the 2017 decision could be made again — something Howes said will provide certainty to both industry members and consumers.
“Net neutrality rules are important for consumers and important for small businesses to be able to go anywhere they want to go on the Internet,” he said. “Without clear net neutrality rules, those companies could arbitrarily be prevented from reaching new customers and new markets.”
Democratic leadership showed their support Wednesday, with Minority Leader Chuck Schumer saying the bill would stop the costs of Internet service from rising for “average folk.” House Speaker Nancy Pelosi emphasized its effects on small businesses, saying it allowed them to remain on an “equal playing field” with larger corporations.
“A free and open Internet is a pillar…of our democracy, of economic possibility, of entrepreneurships and creating opportunities and empowering communities,” she said.
Both House and Senate Democrats hope to attract Republican co-sponsors, though none have signed on thus far. Pelosi cited that 86 percent of Americans oppose the repeal of net neutrality, including 82 percent of Republicans.
The bill faces an uphill battle in the Republican-controlled Senate, and a possible veto from President Trump, who has critiqued net neutrality before. Republican criticism of the bill could come from the Title II designation, where they worry about over-regulation from the FCC.
Rep. Greg Walden, R-Ore., top Republican on the House Energy and Commerce Committee, which has jurisdiction over the bill, expressed his concern last year over reclassifying broadband Internet as under the FCC’s jurisdiction.
“Title II is the outlier here,” he said. “Title II sounds innocuous, but it gives big government unlimited authority to micromanage every single aspect of a provider’s business, that includes setting rates. There is nothing neutral about this kind of authority.”
Hal Singer, a senior fellow at the George Washington University Regulatory Studies Center, predicted the bill will not garner GOP support because of that distinction.
Pelosi said House hearings on the bill will start as soon as next week.
Experts Warn Of Ongoing Foreign Threat To U.S. Election Security
WASHINGTON — A House Appropriations committee said Wednesday that not only did foreign actors attempt to interfere in the 2016 election, but that ahead of the 2020 election, vulnerabilities in many state election systems have not been fixed.
Their testimony reaffirmed the assessment of the Director of National Intelligence as part of the Worldwide Threat Assessment last month, which forecast that “our adversaries and strategic competitors probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests.”
Alex Halderman, center, a professor of computer science at the University of Michigan, gives testimony to a House Appropriations subcommittee on vulnerabilities in the U.S. elections system. (Cameron Peters/MNS)
All three witnesses at the hearing supported the committee’s assessment and identified specific concerns about the state of United States elections infrastructure. They also, however, agreed that there is no evidence that a foreign power has affected the outcome of an American election.
Eric Rosenbach, the co-director of Harvard University’s Belfer Center for Science and International Affairs and former Pentagon chief of staff, said that Congress must prioritize domestic defenses, offensive cybersecurity capabilities and a posture of public deterrence if further attempts to interfere in elections are to be avoided.
Digital voting machines were identified as a particular vulnerability in some states’ systems, and direct-record electronic (DRE) voting machines were subject to particular scorn. DRE voting machines, which Rep. Matt Cartwright, D-Penn., described as a “clear and present danger” to election security, are currently in use in several states, in some cases without an accompanying paper trail.
Witnesses stressed that digital-only voting machines could potentially be manipulated undetected, and that paper ballots are preferable.
According to Alex Halderman, a professor of computer science at the University of Michigan and an expert on election security, a paper trail is an important step toward more secure elections, but it’s not enough by itself.
Halderman said a rigorous audit of election results is also necessary to assure a high degree of confidence in an election. However, eleven states do not have auditable elections.
He also advocated for federal policymaking to strengthen the election system. “I think it would be excellent if we had a uniform national policy that elections be rigorously audited,” Halderman said.
Steven Sandvoss, the executive director the Illinois State Board of Elections, said that Illinois voting machines are antiquated and in dire need of replacement. He estimated the cost of replacement at around $175 million, but noted that the Illinois budget would likely preclude replacing the machines.
The House Appropriations subcommittee on Financial Services and General Government hears testimony on vulnerabilities in the U.S. elections system Wednesday (Cameron Peters/MNS)
Rosenbach said that U.S. Cyber Command should also take on a larger, more proactive role in preventing election interference. States, he said, shouldn’t be left to deal with attacks on their own.
He added that the states should receive federal funding to combat the threat. “This is a nation-state actor,” Rosenbach said. “The states are not designed to have cybersecurity to defend against that threat.”
As the 2020 election approaches, the disparity in levels of election security between states presents another challenge. Halderman said that it may not matter which state is targeted by cyberattacks if that attack undermines confidence in the national outcome.
As such, he said, “until we bring up the most weakly protected states to an adequate level of security, the whole nation will be at risk.”
Medill Today | March 2, 2023