us – Techdirt (original) (raw)
Microsoft Warns That China Wants To Use AI To Disrupt Elections; But Basically Ignores Its Failures To Disrupt The Taiwanese Election
from the let's-not-get-ahead-of-ourselves dept
I’m not sure we should welcome in our new AI-powered robot overlords determining how elections come about just yet.
The media keeps telling me that deep fakes and generative AI are going to throw all of the important elections this year into upheaval. And maybe it’s true, but to date, we’ve seen very little evidence to support anything serious. There are a lot of questions this year about the impact that generative AI tools will have on elections, but the predictions of the power of these tools still remain greatly exaggerated.
The latest is the Guardian reporting that China is looking to use AI to “disrupt elections in the US, South Korea, and India” based on warnings from Microsoft:
China will attempt to disrupt elections in the US, South Korea and India this year with artificial intelligence-generated content after making a dry run with the presidential poll in Taiwan, Microsoft has warned.
The US tech firm said it expected Chinese state-backed cyber groups to target high-profile elections in 2024, with North Korea also involved, according to a report by the company’s threat intelligence team published on Friday.
“As populations in India, South Korea and the United States head to the polls, we are likely to see Chinese cyber and influence actors, and to some extent North Korean cyber actors, work toward targeting these elections,” the report reads.
Microsoft said that “at a minimum” China will create and distribute through social media AI-generated content that “benefits their positions in these high-profile elections”.
And, I mean, anything’s possible, and it’s certainly good for companies and individuals alike to be on the lookout, but remember, one of the most important elections for China already happened earlier this year. The election in Taiwan. And it didn’t turn out the way that China wanted. At all.
That doesn’t mean China won’t continue to try to interfere in foreign elections, because of course it will. But it should, at the very least, lead to questions about just how effective these kinds of campaigns to manipulate elections can be.
I mean, part of Microsoft’s announcement was that China tried to use AI to influence the Taiwanese election, and it didn’t seem to have much of an impact.
Microsoft said in the report that China had already attempted an AI-generated disinformation campaign in the Taiwan presidential election in January. The company said this was the first time it had seen a state-backed entity using AI-made content in a bid to influence a foreign election.
A Beijing-backed group called Storm 1376, also known as Spamouflage or Dragonbridge, was highly active during the Taiwanese election. Its attempts to influence the election included posting fake audio on YouTube of the election candidate Terry Gou – who had bowed out in November – endorsing another candidate. Microsoft said the clip was “likely AI generated”. YouTube removed the content before it reached many users.
The Beijing-backed group pushed a series of AI-generated memes about the ultimately successful candidate, William Lai – a pro-sovereignty candidate opposed by Beijing – that levelled baseless claims against Lai accusing him of embezzling state funds. There was also an increased use of AI-generated TV news anchors, a tactic that has also been used by Iran, with the “anchor” making unsubstantiated claims about Lai’s private life including fathering illegitimate children.
Looking at Microsoft’s actual announcement, there’s surprisingly little discussion of why the attempts in Taiwan failed. It certainly talks about increased efforts, but not the rate of success.
There’s no reason not to be careful and to be thinking about these threats. But it seems like a much more interesting bit of research would have been to look at why this was so ineffective in the Taiwanese election, and if there were lessons to learn from that, rather than just hyping up the fear, uncertainty, and doubt about future elections.
Of course, if you’re still super worried, well, we’ve got a great brainstorming tool to check out…
Filed Under: ai, china, democracy, election manipulation, elections, south korea, us
Companies: microsoft
As The US Freaks Out About TikTok, It’s Revealed That The CIA Was Using Chinese Social Media To Try To Undermine The Gov’t There
from the gee,-maybe-we-should-clean-up-our-own-house dept
You know that line, “every accusation is a confession?” For no reason at all, that’s coming to mind all of a sudden. No reason.
Anyway, a decade ago, Henry Farrell and Martha Finnemore wrote a fantastic piece for Foreign Affairs on “The End of Hypocrisy” (which we also wrote about here at Techdirt). They argued that, even as many people mock American hypocrisy around the world, at least the plausible deniability of Americans taking the moral high ground was an incredibly powerful and effective tool of soft pressure. And how it was squandered with each revelation of just how little Americans respected the sovereignty of other nations, and regularly abused our access to internet backbones to spy on others.
The deeper threat that leakers such as Manning and Snowden pose is more subtle than a direct assault on U.S. national security: they undermine Washington’s ability to act hypocritically and get away with it. Their danger lies not in the new information that they reveal but in the documented confirmation they provide of what the United States is actually doing and why. When these deeds turn out to clash with the government’s public rhetoric, as they so often do, it becomes harder for U.S. allies to overlook Washington’s covert behavior and easier for U.S. adversaries to justify their own.
Speaking of all that: what interesting timing to have Reuters break the news that the Trump administration gave the go ahead on a covert program by the CIA to try to use social media inside China to turn the public against the government and cause chaos.
Two years into office, President Donald Trump authorized the Central Intelligence Agency to launch a clandestine campaign on Chinese social media aimed at turning public opinion in China against its government, according to former U.S. officials with direct knowledge of the highly classified operation.
Three former officials told Reuters that the CIA created a small team of operatives who used bogus internet identities to spread negative narratives about Xi Jinping’s government while leaking disparaging intelligence to overseas news outlets. The effort, which began in 2019, has not been previously reported.
I am also suddenly reminded of how the US government ran this big campaign for a few years about how no one should use Chinese networking equipment from companies like Huawei. This is despite the fact that a comprehensive White House report could find no evidence of nefarious behavior. Oh, but also, how some of the Ed Snowden docs revealed that the US government was actually installing secret backdoors in Cisco networking equipment to spy on people elsewhere?
Of course, there are a few different ways to look at this. One argument is that “well, we’re doing this, so we know that they must be too, and that justifies the US’s actions to try to cut them off.” And that would be maybe more compelling if there were more serious evidence that any of this actually works and that it doesn’t look absolutely ridiculous when it inevitably leaks out later.
The other way of looking at it is that the US comes off as a bunch of hypocrites who repeatedly squander whatever moral high ground they have on these arguments. As Farrell and Finnemore highlighted in that piece a decade ago, US foreign policy and the soft power it traditionally wielded relied heavily on (1) US politicians believing in the principles of freedom and openness we espoused, (2) our allies being able to back us up on those claims, and (3) our adversaries looking weak and pathetic in trying to go up against those principles.
But with each revelation of the US doing exactly what they accuse others of doing, all of that falls apart. US politicians making such claims look ever less sincere. Our allies can no longer continue to claim the moral high ground with a straight face. And our adversaries use our own stupid policies to justify their even worse ones.
I know (because I heard it all the time) that some people will say “but our adversaries don’t need any justification to do bad stuff.” That’s only true to some extent. Global pressure can be effective, but it’s harder to use that pressure legitimately when the US is doing something just as bad. In making it easier for our adversaries to justify their bad actions by pointing to similar activities by the US, it makes it even easier for them to go further, and to convince others to join them.
As that article noted towards the end, the solution should be that the US should act in a way that lives up to its rhetoric, rather than just being pathetically hypocritical.
A better alternative would be for Washington to pivot in the opposite direction, acting in ways more compatible with its rhetoric. This approach would also be costly and imperfect, for in international politics, ideals and interests will often clash. But the U.S. government can certainly afford to roll back some of its hypocritical behavior without compromising national security. A double standard on torture, a near indifference to casualties among non-American civilians, the gross expansion of the surveillance state — none of these is crucial to the country’s well-being, and in some cases, they undermine it.
The US’s attempts to use social media in China as a propaganda tool does not appear to have been very effective. The end result looks pretty silly and helps justify China doing very dangerous shit:
The covert propaganda campaign against Beijing could backfire, said Heer, the former CIA analyst. China could use evidence of a CIA influence program to bolster its decades-old accusations of shadowy Western subversion, helping Beijing “proselytize” in a developing world already deeply suspicious of Washington.
The message would be: “‘Look at the United States intervening in the internal affairs of other countries and rejecting the principles of peaceful coexistence,’” Heer said. “And there are places in the world where that is going to be a resonant message.”
But, coming at the same time that we’re looking to ban TikTok (or force its divestiture from a company based in China), maybe we should actually consider that suggestion from Farrell and Finnemore again. Maybe we should try to live up to our ideas. Maybe we should believe that if America is about freedom, and freedom is better than the authoritarian tyranny of China, we should be able to resist whatever they wish to pull with any social media propaganda campaign they could cook up.
Or do we think so little of Americans in general, that we think they won’t be able to resist the allure of this one social media app and its algorithm? If American freedom can’t resist an app of short videos, mostly used by kids, what kind of freedom is it really?
Filed Under: china, cia, covert programs, donald trump, propaganda, social media, surveillance, us
Companies: tiktok
The Massive Fine The EU Hit Meta With… Is Really About The NSA, Not Meta
from the privacy-or-privacy dept
You may have heard the news that the EU hit Meta with a $1.3 billion fine for violating EU “data privacy rules” and assumed that this was just Meta being Meta and being bad about your privacy. But that’s not really an accurate portrayal of what happened, and it hides how this fine is actually pretty problematic for a lot of reasons that have nothing to do with Meta whatsoever, and a lot to do with the NSA.
Also, it may actually be a total disaster for privacy.
And on top of that, it makes US politicians trying to ban TikTok over fears of China spying on users appear to be total hypocrites.
The Backstory:
Some background is in order. First, almost exactly a decade ago, Ed Snowden first revealed the existence of PRISM, which unfortunately was widely misreported in the original articles about it. The original reports suggested that it was a story of tech companies giving full access to their backend data for the intel community to search. The reality, which came out a few days later, was that it was more of a system for the intel community to request data via a (HIGHLY QUESTIONABLE) legal process, and for the companies to deliver that info. It was still extremely problematic, but not in the ways it was originally reported.
Still, the revelation of the program raised many reasonable concerns, including how it was that these very same companies who had been handling “data transfers” of EU user data to US data centers under what was called the data protection “safe harbor” agreement were doing so. Part of the safe harbor agreement between the US and the EU was that the US companies would protect the data of EU users, and this didn’t seem to be happening.
Privacy activist Max Schrems sued over this, and a few years later, the EU Court of Justice tossed out the “safe harbor” agreement between the US and the EU, saying that because of the PRISM revelations and NSA’s snooping, that the agreement did not comport with EU data protection laws. Sometime after this, the EU and the US came to a new agreement, which became known as the “privacy shield” to again allow data transfers from the EU to the US. But, as we noted, the problem wasn’t the agreement, the problem was the NSA’s surveillance. And if that didn’t change, we didn’t see how the “privacy shield” was any better than the privacy “safe harbor” agreement.
Once again, Schrems sued. And once again, the court said that the agreement was invalid. Last year, the US and the EU announced yet another deal on transatlantic data flows. And, as we noted at the time (once again!) the lack of any changes to NSA surveillance meant it seemed unlikely to survive yet again.
In the midst of all this, Schrems also went after Meta directly, claiming that because these US/EU data transfer agreements were bogus, that Meta had violated data protection laws in transferring EU user data to US servers.
And that’s what this fine is about. The European Data Protection Board fined Meta all this money based on the fact that it transferred some EU user data to US servers. And, because, in theory, the NSA could then access the data. That’s basically it. The real culprit here is the US being unwilling to curb the NSA’s ability to demand data from US companies.
So, this isn’t about Meta doing anything particularly egregious on its own (I mean, it likely has, but that’s not the crux of this ruling).
The Damage to Privacy
Of course, the end result of all this could actually be hugely problematic for privacy around the globe. That might sound counterintuitive, seeing as here is Meta being dinged for a data protection failure. But, when you realize what the ruling is actually saying, it’s a de facto data localization mandate.
And data localization is the tool most frequently used by authoritarian regimes to force foreign internet companies (i.e., US internet companies) to host user data within their own borders where the authoritarian government can snoop through it freely. Over the years, we’ve seen lots of countries do this, from Russia to Turkey to India to Vietnam.
And, now, because of this ruling, they (and others) can continue to justify the demands for privacy-destroying data localization by pointing to the EU decision.
There are different privacy interests at play here. And while some will cheer this on simply because it dings Meta/Facebook, the reality is that for much of the world, getting their user data out of their local country and onto Meta’s US servers actually is much more protective of their privacy.
Of course, there’s a simple way to solve much of this: the US could cut back on NSA surveillance. What a concept.
The Hypocrisy Issue
It’s kind of amazing that all this is playing out against the backdrop of bipartisan efforts all around the US to “ban TikTok,” claiming that there’s a (still unproven) direct link enabling the Chinese government to access TikTok data. Nevermind that the US has already pressured TikTok into localizing US user data in the US under “Project Texas” (which, as we’ve already described, might also undermine US national security).
So, just as we’re forcing TikTok to locate US user data in the US and freaking out that the Chinese government might access TikTok US user data… the EU is slapping Meta with a large fine and effectively forcing it to locate EU data in the EU and freaking out that the US government might access Meta EU user data.
Basically, we’re doing exactly what we’re freaking out and claiming China is doing. Maybe we should stop?
And, of course, there are some simple ways to fix this: seriously cut back the NSA’s access to data from US companies without a valid reason. The fishing expeditions need to stop. They were an affront to the 4th Amendment all along and now they’re having a large, negative impact on US internet companies.
And then, pass a real federal privacy law that is focused on actual privacy violations, not some nonsense that simply empowers the biggest companies (i.e., Meta) to gain more control over the market, and ends up with something silly and useless like more cookie popups.
But, instead, the US will go on freaking out about TikTok, pushing garbage, broken, fake “privacy” fixes (often on a state by state business where those laws will conflict with one another), and refusing to admit that maybe the powers we gave the NSA are the problem?
Filed Under: data localization, data protection, data transfers, eu, fines, hypocrisy, localization, nsa, prism, privacy, privacy shield, surveillance, us
Companies: meta
DOJ, Pentagon Open Investigation After Ukraine War Docs Leak Online
from the all-up-in-everyone's-business dept
It’s tough to be considered a trusted partner in the resistance against the Russian invasion of Ukraine if you can’t keep your most secret documents secret. No source for the embarrassing (and possibly harmful) leak has been identified, but that’s presumably what the US government hopes to find out ASAP.
The Justice Department has joined the Pentagon in an urgent effort to determine how secret military documents on the war in Ukraine made their way onto multiple social media sites.
A small number of documents, including some marked “top secret,” were found on Twitter and Telegram on Wednesday. Since then, journalists, researchers, and social media sleuths have uncovered additional classified documents posted as early as March 1 on additional sites. This raises a host of questions about how widespread the breach may be and how much damage it could cause.
The Defense Department has confirmed the leaked documents are authentic. So, that identifies the source. But why they’ve been posted publicly remains a mystery. The Ukraine government is pointing its finger at Russian operatives, claiming it’s an attempt to muddy the international waters with this seemingly counterproductive public posting.
If the Russians are indeed behind this, the leak could be a strategic move designed to expose the extent of the US government’s Ukraine war-related surveillance dragnet. This report from the New York Times delves into the leaked documents and comes away with some surprising findings. Like the fact that our participation in the war effort involves spying on… Ukraine’s government and military.
_The leak, the source of which remains unknown, also reveals the American assessment of a Ukrainian military that is itself in dire straits. The leaked material, from late February and early March but found on social media sites in recent days, outlines critical shortages of air defense munitions and discusses the gains being made by Russian troops around the eastern city of Bakhmu_t.
The intelligence reports seem to indicate that the United States is also spying on Ukraine’s top military and political leaders, a reflection of Washington’s struggle to get a clear view of Ukraine’s fighting strategies.
This does seem a bit strange, but the documents show the Defense Department is doing a better job tracking the Russian military effort than getting a handle on the details of Ukraine’s response to the invasion. The leaks ultimately help the Russian war effort, though, giving that government an idea of what’s being watched and where its own operational security is failing.
It also suggests the US government can’t be trusted to keep secrets, which is always an uncomfortable position to be in, especially when efforts to circumvent other nations’ operational security are now part of the public record, thanks to OPSEC failures on the home front.
With tensions already high, this sort of thing just doesn’t help.
The documents could also hurt diplomatic ties in other ways. The newly revealed intelligence documents also make plain that the United States is not spying just on Russia, but also on its allies. While that will hardly surprise officials of those countries, making such eavesdropping public always hampers relations with key partners, like South Korea, whose help is needed to supply Ukraine with weaponry.
There are only about 100 pages, of which the NYT viewed 50. But there’s a wealth of information in them, apparently all of it real. It includes information pulled from several sources, including the NSA, CIA, the State Department. It also mentions intel drawn from FISA-authorized surveillance sources. It not only discusses what’s been collected but how it’s being collected.
But for all the effort made to keep an eye on the war in Ukraine, all it apparently took was the existence of pockets to circumvent multiple layers of operational security.
The documents appeared online as hastily taken photographs of pieces of paper sitting atop what appears to be a hunting magazine. Former officials who have reviewed the material say it appears likely that a classified briefing was folded up, placed in a pocket, then taken out of a secure area to be photographed.
Sometimes the best tech is almost no tech at all. From the hands of a hunting magazine purchaser to Discord, and from Discord to everywhere else. Something in those photos is bound to give investigators something to work with, but the Defense Department admits “hundreds, if not thousands” of government employees and officials have the security clearance to access these briefings. And it’s a safe bet a decently sized percentage of those thousands have at least a passing interest in hunting.
Whatever the origin story of this leak, it clearly helps Russia more than anyone else. But if there’s an upside, it’s that Russia’s entire military apparatus appears to be compromised. Plugging those leaks will take time and the US government will be watching this response the entire time.
Filed Under: dod, doj, leaks, russia, ukraine, us
Leaks Suggest EU Set To Approve Microsoft, Activision Acquisition
from the so-much-for-that dept
For months and months now, we have been talking about Microsoft’s proposed acquisition of Activision Blizzard. The $68 billion mega-deal had drawn narrow glares from several regulatory bodies, including in America, the UK, and the EU. While the FTC in the States and CMA in the UK have thus far not come off some very strongly worded concerns about approving the purchase, the EU appears like it will be the first domino to fall in this whole thing moving forward.
According to Reuters, the European Commission is not expected to ask Microsoft to divest large parts of Activision—like separating out its Call of Duty business—to win approval. Instead, long-term licensing deals of lucrative games that Microsoft has offered to rivals could suffice, in addition to agreeing to “other behavioral remedies to allay concerns of other parties than Sony,” one insider told Reuters.
This was exactly Microsoft’s playbook. The company announced the deal and then started making all sorts of wishy-washy comments about what franchises would be exclusive, how they would be exclusive, which ones wouldn’t be exclusive, and varying lengths of time it would promise to make non-exclusives available on which platforms. When that didn’t satisfy literally anyone — because how could it? — the company pivoted to inking 10 year promises for major franchises like Call of Duty appearing on competing platforms, such as Nintendo and Sony’s consoles.
Which might mean that Microsoft intends to keep these titles multi-platform for longer than that. Or Microsoft could be playing the long game here, willing to be multi-platform for a decade only to claw those franchises, or new franchises, back to exclusivity in the 2030s. Who knows? Not these EU regulators, but that apparently doesn’t matter.
Microsoft appears to being trying to get creative with the UK as well.
Microsoft got its big chance to sway the UK this week when it attended a private hearing with UK’s antitrust watchdog, the Competition and Markets Authority (CMA), to discuss “feasible remedies,” Bloomberg reported. Sources said that Microsoft offered to pay a third-party monitor to oversee the company’s compliance with any behavioral remedies proposed by the UK to approve the deal. The CMA is expected to make its decision on April 26.
We shall see if the CMA, like the EU, is willing to give into this sort of easily circumvented window dressing.
Now, to be clear, acquisitions, even massive ones, aren’t always bad in general, nor bad for the market. In times of economic turmoil, it’s quite common to see industries consolidate for a period of time, where large entities gobble up smaller ones that cannot survive the bad times. That culling of the industry can be a good thing, opening up space for new startups to break into the market when the lean times get better.
But none of that makes what Microsoft is doing to get the regulators to play ball any less suspect. Nor are comments like this.
An Activision spokesperson told Ars that the merger would help the company continue to make multi-platform games that can compete in an “industry dominated by growing competitors.” Activision’s spokesperson also said that the solutions Microsoft has presented “are legally binding, and beyond that, our passionate player community would hold Microsoft accountable for keeping its promises.”
That last bit is pure fantasy. That just isn’t how monopolistic practices work. The market can’t hold Microsoft accountable if the most major gaming franchises are taken exclusive. Or, rather, it _could_… but won’t.
Otherwise, we’d see Nintendo games be far more cross-platform. And they most certainly are not.
Filed Under: antitrust, call of duty, uk, us
Companies: activision, microsoft
The UK Wants A Trade Deal With India That Would Boost The Already Healthy Profits Of Big Pharma, And Cause Millions Of People To Sicken
from the devastating-impact dept
Although trade deals are nominally about, well, trade, Techdirt readers know that they have become an important way to force through changes in areas like copyright and patents without any meaningful democratic scrutiny. That’s because trade deals are negotiated in secret, and then presented as done and dusted once talks have been concluded. The argument typically rolled out is that it was “necessary” to make various concessions in the area of copyright and/or patents in order to obtain a deal, and that now the final text has been agreed, nothing can be done about it.
That’s certainly how things developed in the case of three major trade agreements covered by Techdirt in recent years — ACTA, TTIP and TPP — and looks to be true of a new UK-India trade deal under discussion. Being able to negotiate trade agreements independently, rather than as part of the EU, was supposed to one of the big benefits of Brexit, but it hasn’t worked out that way. Although plenty of trade deals have been signed between the UK and other nations, they are almost without exception “rollover” deals: that is, they merely continue the trade terms that were already in place when the UK was part of the EU. The really important new trade deals that Brexiters promised — with the US and China — show no signs of materializing, for various political reasons. That leaves India as the only major market where the UK has some hope of agreeing a new deal.
Sadly, the UK is trying to use these negotiations to force through some really bad changes to India’s patent laws. As usual, we only know this thanks to the leak of the relevant chapter of the UK-India Free Trade Agreement. A letter from health and development NGOs to the UK’s International Trade Secretary spells out the harmful ideas revealed there, including:
A greenlight for ‘evergreening’ patents for medically inconsequential changes, allowing pharmaceutical corporations to extend their monopolies and keep prices artificially high for years beyond the end of the original 20-year patent term.
Closing down the opportunity to block unjustified patents before they are granted, meaning more products will be awarded unjustified patent monopolies.
New monopoly protections on the clinical data used to prove a medicine is safe and effective, delaying the advancement of medical science by blocking others from using this evidence to produce generic medicines.
As the letter emphasizes, these proposals would undermine the public health safeguards that India has implemented in its patent laws. They would also have a devastating impact on the health of millions of people in developing economies, for whom India’s low-cost versions of key drugs are literally a matter of life or death:
India’s long standing ability to produce quality-assured, affordable medicines for HIV, TB, viral hepatitis, malaria and other diseases, medicines that save millions of lives globally every year, relies upon its carefully drafted intellectual property laws and medical regulatory processes which balance the monopoly rights of manufacturers with everybody’s right to health.
It’s disappointing to see the UK use its much ballyhooed “Brexit freedom” to push for a trade deal that would boost the already healthy profits of its own pharma industry, whilst causing millions of people around the world to sicken and suffer unnecessarily.
Follow me @glynmoody on Twitter or Mastodon.
Filed Under: acta, big pharma, brexit, china, evergreening, india, intellectual monopolies, patents, tpp, ttip, uk, us
Ready Or Not, Here Comes Net Neutrality War 2.0
from the trolls-under-the-bridge dept
Mon, Oct 31st 2022 05:38am - Karl Bode
I’ve got some bad news for those of you who were frustrated or bored by decades of net neutrality bickering: it’s about to kick off all over again. And this time it’s even more global.
In the UK, US, EU, and South Korea, telecom lobbyists have been making successful inroads on plans that would force “Big Tech” to pay “Big Telecom” companies billions of dollars for no coherent reason. They’ve convinced gullible lawmakers that tech companies get a “free ride” on the Internet, and should therefore be forced to pay telecom giants even more money to shore up essential infrastructure.
Of course there are numerous problems here. One, the common claim that a tech company like Netflix or Google gets a “free ride” on the Internet is a lie pushed by telecom companies that we’ve debunked countless times. It’s a several decade old attempt by telecom giants with a rich history of subsidy fraud and skimping on fiber upgrades to “double dip” — effectively getting paid extra for no reason.
Somehow telecom lobbyists and the the politicians paid to love them have tried to dress this up as a serious adult policy proposal. Here in the states, Trump appointed FCC Commissioner Brendan Carr, who has never seen an AT&T policy proposal he hasn’t fawned over, has been beating this drum for several years. The effort has seen greater traction in the EU and South Korea, where one ISP went so far as to sue Netflix, claiming Squid Game’s popularity strained their networks unfairly.
Just like in the older net neutrality wars, when the press covers this stuff they utterly fail to illustrate to readers how much of it is bullshit. This CNBC article, for example, frames the issue this way:
Telecom groups are pushing European regulators to consider implementing a framework where the companies that send traffic along their networks are charged a fee to help fund mammoth upgrades to their infrastructure, something known as the “sender pays” principle.
Their logic is that certain platforms, like Amazon Prime and Netflix, chew through gargantuan amounts of data and should therefore foot part of the bill for adding new capacity to cope with the increased strain.
“The simple argument is that telcos want to be duly compensated for providing this access and growth in traffic,” media and telecoms analyst Paolo Pescatore, from PP Foresight, told CNBC.
But none of this framing is remotely true. It’s Netflix customers who are demanding this content over broadband subscriptions they already pay an arm and a leg for due to limited broadband competition. It’s being delivered by content companies that have spent countless billions on their own transit routes, undersea cables, bandwidth, cloud infrastructure, and content delivery networks.
If an ISP network can’t handle this demand, the reason is uniformly because the ISP in question didn’t scale its network upgrades to meet demand. This isn’t your fault. This isn’t “Big Tech’s” fault. It’s the fault of telecom monopolies that routinely hoover up billions in subsidies and tax breaks in exchange for networks they always, routinely, half-deliver.
CNBC goes on, claiming this is all a big problem with “no clear solution,” with the closest it gets to skepticism being some questions about the logistics about it all:
But the solution is clear and simple: don’t listen to telecom monopolies when they make up problems, then demand billions in new taxes and subsidies for no reason. Telecom experts in the EU and US have been trying to tell policymakers this with very mixed results.
This whole mess is basically just Ma Bell looking for a hand out and dressing it up as serious adult policymaking, with the help of a gullible press. Meanwhile companies like Netflix, whose dedication to net neutrality grew strained as they grew big and powerful, now find themselves trying to, once again, fend off calls that they should subsidize big telecom, suggesting that such maybe their original principles shouldn’t have been so easily discarded.
One “tell” if you’re struggling to detect who’s engaging this policy conversation in good faith: the captured policymakers pushing the idea never discuss the real reason broadband is so spotty and expensive: monopoly power, mindless consolidation, corruption, and decades of subsidy fraud by the biggest players (see our recent report on just this subject).
Captured politicians frame this tax on big tech as some kind of miracle cure for the “digital divide.” A super easy way to nab some easy political brownie points. In reality, it’s just another way to distract you from the real problem: telecom monopolization and the corruption that protects it.
Filed Under: bandwidth, broadband, cable, eu, fiber, high speed internet, net neutrality, sender pays, telecom, telecom subsidies, uk, us
In EU And US, Big Telecom Desperately Wants Big Tech To Pay It Billions Of Dollars For No Coherent Reason
from the troll-toll dept
Fri, Oct 14th 2022 06:26am - Karl Bode
We’ve noted for years how “Big Telecom” is desperate to have “Big Tech” pay them billions of dollars for no coherent reason. This effort is what began the net neutrality wars, and, despite the fact it’s routinely dressed up as adult policy making, it’s little more than a lobbyist-fueled cash grab.
The effort always starts with claims that Big Tech isn’t “paying its fair share” to access the Internet, despite tech giants like Amazon, Google, Netflix, and others paying billions of dollars for bandwidth — and their own cloud storage, transit, undersea cables, and in Google’s case… it’s own residential ISP.
From there, the argument suggests that because Big Tech consumes so much bandwidth, they should be paying Big Telecom billions of additional dollars annually — just because. It genuinely doesn’t make much sense, in large part because this demand is coming from the users of big tech, who have already paid an arm and a leg for bandwidth. It’s also daft because we’ve refused repeatedly (in both the EU and US) to meaningfully police telecom monopolies’ routine abuse of the billions in subsidies they already receive annually.
This dumb telecom industry policy ploy has been going on since 2002 or so. But in both the US and EU, telecom lobbyists have exploited legitimate, growing annoyance at tech giants to convince captured regulators they should once again consider this new “Big Tech tax.” Those captured regulators (like Trump appointed FCC Commissioner Brendan Carr here in the US) then show up in major news outlets trying to pass the cash grab off as something grander than it is.
Carr once again popped up this week in the (paywalled) Financial Times, insisting that it’s absolutely urgent that the EU and US begin taxing Google, Amazon, Netflix, and others to fund broadband infrastructure around the world:
“It’s a ripe issue and it’s at a pivot point,” Carr told the Financial Times. “The time where big tech was untouchable has passed.” “We need hundreds of billions of dollars to finance improvements to public networks but the current finance models are straining. The benefits are collecting in the hands of these big tech corporations and it’s time for a rebalancing,”
Carr of course is never to be found when it comes to policing subsidy fraud by giant telecom companies. He’s never so much as mentioned whistleblower complaints that AT&T has been ripping off U.S. school districts for years. He’s a no show when a company like Frontier Communications repeatedly rips off the U.S. government to the tune of multiple millions of dollars. You’ll not hear a peep from him when it’s found that Verizon failed to deploy fiber despite decades of tax breaks and subsidies.
Carr’s right, of course, that the programs we have to subsidize broadband access need shoring up. But if you watch him carefully he’ll never advocate for anything that would hold existing telecom giants accountable for subsidy fraud. And he’s avoiding that subject (at least when big companies are involved), because he’s operating as a direct, captured proxy for those telecom giants.
Last week, a group of top telecom experts wrote to EU policymakers to politely explain how this whole policy play is really just an empty-headed cash grab by telecom giants hoping to capitalize on (often legitimate) anger at Big Tech. They noted that existing “sender pays” terminology from peering arrangements has been hijacked by industry to try and dress this up as real policy.
And this week top EU telecom regulator BEREC issued a report that, once again, found this proposal to force tech giants to pay telecom giants even more money was absolute nonsense. They found, once again, no genuine examples of CAPS (content and application providers) getting a “free ride”:
both sides of the market – CAPs on the one hand and users of these applications on the other hand– already contribute to paying for Internet connectivity. There is no evidence that operators’ network costs are already not fully covered and paid for in the Internet value chain (from CAPs at one end, to the end users, at the other).
BEREC has stated this repeatedly, but it just doesn’t matter. Guys like Carr (and his equivalent in the EU) will just beat this “free ride” drum mercilessly, hoping that repetition forges reality. And they’re doing this not because they’re genuinely interested in the welfare of broadband consumers (most of these same gentlemen couldn’t care less about monopoly power or consumer protection), but because they’re helping telecom giants saddle tech giants with billions in additional new costs.
At this point, BEREC’s job is to just provide recommendations as EU lawmakers consider the EU’s digital policy trajectory for the next decade. But the fact they’ve had to deflate this idiotic balloon yet again shows how easily adult policymaking can be hijacked by a few telecom giants and their various political marionettes.
Just an unrelenting amount of effort has been poured into trying to pretend that this idea is a good faith, adult policy proposal, when it’s just a multi-decade attempt to get paid for doing nothing by telecom giants with a long history of subsidy fraud. If you really want to shore up broadband access, start by policing telecom monopolies, and the billions we throw at them for perpetually unfinished networks.
Once regulators have that corruption-fueled money pit repaired, maybe then they can talk seriously about dramatically expanding the broadband deployment contribution base with a straight face.
Filed Under: big tech, big telecom, brendan carr, broadband, corruption, digital divide, eu, fcc, high speed internet, subsidies, tax breaks, telecom, us
Biden’s Executive Order On Surveillance Doesn’t Do Nearly Enough To Protect Privacy; Playing Word Games Doesn’t Actually Limit NSA Surveillance
from the that's-not-going-to-fly dept
Back in March, we noted that the EU and US had announced that they had come to an agreement on transatlantic data flows. This is actually a really big and important story that gets almost no attention, because “transatlantic data flows” sounds boring. However, it’s really, really big and matters for the future of a global internet as opposed to an extremely splintered regional set of internets. People within Facebook have suggested that this is the single biggest issue facing the future of the company, which might be slight hyperbole, but just… slight.
It’s a big deal.
And, back in March when the initial agreement was announced, it seemed like the US government was going through the motions, rather than fixing the real issue. That’s because for the past few years, whenever people talked about the issue with transatlantic data flows, they focused on boring claims about “data protection,” and kept leaving out the very thing that created these problems: the NSA spying on all sorts of internet traffic and data indiscriminately.
I know, I know this sounds boring, but stick with it and this is actually pretty interesting. Years back, the EU and the US set up a “safe harbor” provision, that basically said that American internet companies could collect data on EU citizens and residents so long as the American companies took certain steps to comply with some fairly straightforward protections for the data of those EU citizens. There was a certification process (as an American company, we even went through it ourselves) to make sure that we protected the data of EU users.
However, when Ed Snowden revealed the details of the NSA’s mass surveillance program, Max Schrems, a privacy advocate from Austria, noted that American companies could no longer actually claim that they were keeping data from the EU safe, because the NSA was snarfing it up. Valid point.
The way to actually fix this was for the NSA to stop all the snarfing. But that’s not what happened. Instead, after the EU Court of Justice agreed with Schrems and tossed out the privacy safe harbor, the EU and the US went back to the drawing board and announced… the “privacy shield.” Which was basically just the privacy safe harbor with a new badass name. Schrems went back to the Court of Justice and the Court of Justice said, “yo, that agreement does nothing about NSA spying.” And, thus, the privacy shield was also tossed out.
So, then we get to this year, and I fully expected yet another weak agreement, based on the announcement back in March. So I’m a little surprised that the final Executive Order from President Biden actually suggests a change in strategy to NSA surveillance. That’s because for years in covering the various debates about transatlantic data flows, I felt like I was one of the few people who remembered we were actually talking about NSA surveillance. It felt like politicians in both countries would just trot out bland nonsense about “data protection,” and “proportionality,” without addressing the only issue that really mattered: the NSA scooping up so much data on people in the EU.
So, at the very least, the new executive order actually is focused on NSA surveillance. And, to be sure, there’s some nice language in there, like:
(ii) Signals intelligence activities shall be subject to appropriate safeguards, which shall ensure that privacy and civil liberties are integral considerations in the planning and implementation of such activities so that:
(A) signals intelligence activities shall be conducted only following a determination, based on a reasonable assessment of all relevant factors, that the activities are necessary to advance a validated intelligence priority, although signals intelligence does not have to be the sole means available or used for advancing aspects of the validated intelligence priority; and
(B) signals intelligence activities shall be conducted only to the extent and in a manner that is proportionate to the validated intelligence priority for which they have been authorized, with the aim of achieving a proper balance between the importance of the validated intelligence priority being advanced and the impact on the privacy and civil liberties of all persons, regardless of their nationality or wherever they might reside.
(iii) Signals intelligence activities shall be subjected to rigorous oversight in order to ensure that they comport with the principles identified above.
But this is the Intelligence Community that we’re talking about, and in the more than two decades we’ve spent covering the IC, we’ve long learned that if you give them even the smallest of loopholes, including the ability to come up with their own made up definitions of common English words, then they will use those loopholes to keep on spying.
Of course, part of this new executive order is the partial revocation of a problematic Obama Presidential Policy Directive, that was an earlier weak attempt to pretend that he was somehow putting some limits on the surveillance powers of the NSA when it was yet another cover story for more surveillance.
So at the very least, the fact that rather than just putting a fresh coat of paint on a random agreement on privacy to allow data flows, it’s a positive step that attempts to address the NSA and its surveillance activities.
But… that’s about all the good that can be said about this. Because it doesn’t actually address the underlying NSA surveillance. Instead, it’s more of a pinky promise that the NSA will be better now, without putting much behind actually making that happen.
Specifically, while the new EO talks about “necessary” and “proportionate” surveillance (two words the EU law requires), it seems pretty clear to basically everyone that the NSA and the White House are up to the old trick where they’ll say those words, but define them how they want them defined, rather than the way everyone else in the world uses them.
Max Schrems, who helped kill off the last two deals, has put out a statement highlighting how this is just words games, rather than actual change:
Bulk surveillance continues via two types of “proportionality”. The US highlights, that the new executive order uses the wording of EU law (“necessary” and “proportionate” as in Article 52 CFR) instead of the previous term “as tailored as feasible” used in Section 1(d) of PPD-28. This could solve the problem, if the US would follow the same understanding and also apply the proportionality test of the CJEU.
However, despite changing these words, there is no indication that US mass surveillance will change in practice. So-called “bulk surveillance” will continue under the new Executive Order (see Section 2 (c)(ii)) and any data sent to US providers will still end up in programs like PRISM or Upstream, despite of the CJEU declaring US surveillance laws and practices as not “proportionate” (under the European understanding of the word) twice.
How is this possible? It seems, the EU and the US agreed to copy the words “necessary” and “proportionate” into the Executive Order, but did not agree that it will have the same legal meaning. If it would have the same meaning, the US would have to fundamentally limit its mass surveillance systems to comply with the EU understanding of “proportionate” surveillance.
So, yes, the White House is now acknowledging that the NSA surveillance is the problem, and making noises about how it’s fixing it, but the reality is that it’s playing word games to pretend it’s fixing it, when it is not. And everyone seems to see that.
The ACLU has also called out how this is not nearly enough:
“President Biden’s executive order does not go far enough. It fails to adequately protect the privacy of Americans and Europeans, and it fails to ensure that people whose privacy is violated will have their claims resolved by a wholly independent decision-maker,” said Ashley Gorski, senior staff attorney with the ACLU National Security Project. “Although the executive order is a step in the right direction, it does not meet basic legal requirements in the EU, leaving EU-U.S. data transfers in jeopardy going forward.”
[….]
“The problems with the U.S. surveillance regime cannot be cured by an executive order alone,” said Gorski. “To protect our privacy and to put transatlantic data transfers on a sound legal footing, Congress must enact meaningful surveillance reform. Until that happens, U.S. businesses and individuals will continue to pay the price.”
TACD, the Trans Atlantic Consumer Dialogue, also put out a statement saying, nice try, but not enough.
The Transatlantic Consumer Dialogue’s (TACD) first analysis of the announced measures reveals that the new provisions would not adequately protect European consumers’ fundamental rights to privacy and data protection, as established in the EU Charter of Fundamental Rights and the General Data Protection Regulation (GDPR), seen in the light of the CJEU’s decision on Privacy Shield
For one, the measures do not seem to solve the issue of the lack of proportionality of the U.S. surveillance laws and practices – one of the main elements that render the current system incompatible with EU law, according to the CJEU. The Executive Order refers to new safeguards and includes the wording “proportionate” as in Article 52 of the EU Charter of Fundamental Rights (EU Charter), but it does not establish any mechanisms to limit the U.S. mass surveillance systems in place. For another, it seems like the Executive Order still does not provide for real judicial redress to European consumers.
The Order establishes a two-step procedure that includes an officer under the Director of National Intelligence and a so-called “Data Protection Review Court”. However, it seems that the latter might not be a judicial body as foreseen under Article 47 of the EU Charter or the US Constitution, but a body within the US government’s executive branch. The procedures before these two bodies will need to be closely analysed before a final statement can be made, but the structure currently looks closer to the “Ombudsperson” position that had existed under the previous framework, Privacy Shield. The CJEU has already proclaimed such form of executive bodies as being in breach of the essence of Article 47 of the EU Charter and reiterated a need for judicial review or approval by an actual court.
The first analysis of the measures shows that the Executive Order does not provide the necessary basis for a decision that the U.S. offers effective and meaningful data protection. Together with the above shortcomings, the failure of the U.S. to have a robust overarching data protection law that ensures the privacy of its own citizens and consumers creates a barrier to any serious consideration on adequacy.
As we’ve been saying for almost a decade now: there is one way to fix this and that’s to stop the NSA’s mass surveillance program. The powers that be (Congress and the President) simply seem incapable of admitting that, and thus we go through this same dance every few years.
Filed Under: eu, executive order, max schrems, nsa, privacy shield, surveillance, transatlantic data flows, us
Can We Save A Truly Global Internet?
from the one-would-hope... dept
As we’ve been noting for years now, the global internet is at risk. China walled off its part of the internet early on, and other authoritarian regimes followed suit, with Russia and Iran taking the lead. But, at the same time, we’ve seen other regimes start to layer on their own regulatory regimes that effectively cut off other parts of the world, including the EU, which seems to believe its writing rules for the global internet, but may only be hastening the further fragmentation of the internet.
And yet, some of us still would like to believe that the concept of a truly global internet is one worth saving. Recently, the Council on Foreign Relations put out a report that basically calls that belief naïve, saying that we need to “confront reality in cyberspace,” with that apparently “reality” being that a global internet is impossible.
The United States has heavily influenced every step of the internet’s development. The technologies that undergird the internet were born out of U.S. federal research projects, while U.S. companies and technical experts made significant contributions. Similarly, the internet’s governance structures reflected American values, with a reliance on the private sector and technical community, light regulatory oversight, and the protection of speech and the promotion of the free flow of information.
For many years, this global internet served U.S. interests, and U.S. leaders often called for countries to embrace an open internet or risk being left behind. But this utopian vision became just that: a vision, not the reality. Instead, over time the internet became less free, more fragmented, and less secure. Authoritarian regimes have managed to limit its use by those who might weaken their hold and have learned how to use it to further repress would-be or actual opponents.
The lack of regulation around something so integral to modern economies, societies, political systems, and militaries has also become dangerous. This openness presents a tempting target for both states and nonstate actors seeking to undermine democracy, promote terrorism, steal intellectual property, and cause extraordinary disruption. Even more dangerous is the vulnerability of critical infrastructure to cyberattacks. Making the circumstances all the more difficult, figuring out who is behind a given attack remains challenging, allowing states and nonstate actors to carry out cyberattacks with a high degree of deniability and avoid significant consequences. In addition, because most cyberattacks occur well below the threshold of the use of force, the threat of retaliation is less credible.
Frankly, U.S. policy toward cyberspace and the internet has failed to keep up. The United States desperately needs a new foreign policy that confronts head on the consequences of a fragmented and dangerous internet.
I guess it’s not that surprising that a group like CFR would strike such a stance. Reading it feels very much like the stance of political bureaucrats with a philosophical bent, and a belief in politics, rather than those who understand the underlying nature and promise of the internet.
It’s good to see the report getting some serious pushback. Jason Pielemeier and Chris Riley have a strong piece in response, In Defense of the Global, Open Internet.
Cyber warfare and information warfare are undoubtedly in our midst. However, embracing the CFR report’s narrative and changing the course of U.S. policy in response to the continued trajectory of attacks not only would undermine human rights, democracy, and the internet itself but also would empower governments like China and Russia that benefit most from the “every country for itself” approach to the digital world. Instead, the United States should recommit to its vision for internet freedom by articulating and demonstrating how democratic states can address complex cybersecurity threats and digital harms through innovative, collaborative, and democratic means.
As the response notes, by giving up on the belief in a global, open, and interconnected internet, we’re actually aiding authoritarians tremendously:
If the United States, in particular, portrays the future of the internet as inevitably isolationist, it is as likely to push governments toward authoritarian models as it is to incentivize governments away from them. This could result in a potentially disastrous fait accompli that will likely imperil innovation, equity, economic growth, and human rights in the decades ahead.
But I think the most important part of this response is that it points out that CFR’s underlying assumptions are not just wrong… but fundamentally weird.
In sum, the CFR report seems to equate a free and global internet with anarchy at worst and naive insecurity at best. That is simply not true. Internet freedom posits a rights-centered and rules-based approach to internet governance. Necessary efforts that restrict rights are allowed under international human rights law, when they are clearly articulated, serve legitimate purposes, are proportionately tailored, and are accompanied by relevant accountability and transparency measures. These are the yardsticks against which future actions will continue to be measured, regardless of how the United States frames its cyber policy. They also happen to be the clearest principles policymakers and analysts can use to draw distinctions between authoritarian approaches and democratic ones.
They also highlight something that is true across a wide scope of discussions about internet policy. Everyone focuses solely on the negative aspects they see as being caused by the internet, rather than even acknowledging the massive positive benefits that have accrued as well.
Focusing on negatives also risks ignoring much of the value that the internet has created and continues to create. And the primary remaining value that the United States must prioritize is freedom. As one of us has argued previously, when compared to offline spaces, the internet continues to create significant opportunities for courageous, consequential, and U.S.-interest-aligned activities including independent journalism, accountability, and the protection of minority rights.
Frankly, the fact that a group like CFR is now arguing for effectively walling up the internet should be seen as a scary turn of events. It’s exactly what countries like China and Russia want. The interconnectedness of the internet, and the freedom it has enabled (especially of expression) have long been threats to them. For the US to go back on that would be seen as a huge win for Russia and China, and suggest that (1) their approach had been correct all along, and that (2) the US’s commitment (as hollow as it may ring) to freedom was a disaster.
If you don’t think that won’t be used against the US, you haven’t been paying attention.
Obviously, the US has plenty of problems right now (as it always has), but even when it’s exaggerated, keeping our guiding star pointed towards more freedom has always been good policy. Our failures tend to be when we move away from that (and this isn’t the first time that CFR has tried to point the country in that wrong direction).
Filed Under: china, freedom, global internet, internet, open internet, regulations, splinternet, us
Companies: cfr