- Blog Post
- Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.
Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
The Ethical Minefield of Facial Recognition: Chinese startups have been building facial recognition products aimed at identifying Uyghurs across China for both local police departments and the Chinese central government. The Uyghurs, a predominantly Muslim minority group located mostly in China’s Xinjiang Autonomous Region, have been subjected to a widespread government crackdown aimed at restricting Islam in the region. China’s new facial recognition systems raise clear ethical concerns because they are aimed explicitly at identifying Uyghurs from non-Uyghurs, with one national database storing the faces of all Uyghurs leaving Xinjiang. Demand for ethnic profiling technology is high and vendors of the technology include major Chinese unicorns Yitu, Megvii, and SenseTime, while the central government’s Ministry of Public Security has allocated billions toward policing and surveillance. Other ethical dilemmas in facial recognition technology include the databases which are used to train facial recognition technologies, which the Financial Times reports often contain photos taken without user consent or data scraped from publicly-available internet searches. In the United States, however, it appears that tech companies are beginning to wake up to the problems posed by facial recognition. On Tuesday, Microsoft announced that it had refused to provide similar AI technology to California law enforcement and foreign governments due to “human rights concerns” including the potential for disproportionate targeting of minorities and women.
The EU’s Anti-terrorism Bill: Spurred by last month’s Christchurch shooting, the European Parliament has passed legislation to combat the spread of terrorist content online. Under the legislation, content providers that receive removal orders from regulatory agencies would be required to take down the offending content in all EU member states within an hour of receiving the notice, a provision that has faced criticism for its projected impact on smaller firms. Repeated violators may face fines up to 4 percent of revenues. The legislation is subject to further negotiations before becoming law.
The UK’s Internet Safety Crusade: The United Kingdom (UK) has announced that its “porn block” will be taking effect starting July 15. Part of the Digital Economy Act of 2017, the block requires that sites whose content is more than a third pornographic material must implement age checks to prevent underage individuals from accessing adult content. Because the government hasn’t mandated any specific system to verify users’ ages, British internet users can expect a variety of age check schemes, from online government ID uploads to in-person “porn passes” available at stores and news stalls. Non-compliant sites could be blocked by internet providers and be denied service by other platforms such as payment processors. Critics have raised concerns about user privacy and the ineffectiveness of the block. Notably the Act is only one part of the UK’s broader crusade to regulate child safety online. The UK’s Information Commissioner’s Office also unveiled a proposal on Monday to protect child privacy by stopping platforms from using designs and “nudge techniques” that “exploit unconscious psychological processes” in children to obtain their personal data. Part of the proposal is quite radical, and would prevent children from “liking” content on social media.
Sea Turtles in MENA: Cisco’s Talos security group revealed on Wednesday that a new campaign dubbed “Sea Turtle” has used DNS hijacking to target “at least 40 different organizations across thirteen different countries” in the Middle East and North Africa region. A technique affecting some of the fundamental infrastructure of the internet, DNS hijacking redirects innocent URL queries to malicious servers; Armenia’s .am domain name is confirmed to have been hacked by Sea Turtle, and Saudi Arabia’s .sa could have also been affected . Some of Sea Turtle’s effects were detected earlier this year, but they were mistakenly thought to be part of Iran’s DNSpionage campaign. Sea Turtle has also been linked to the hack of Sweden’s Netnod, a key player for in the global DNS system. Talos believesthe hacks were state-sponsored but did not identify either the attacker or any specific victims.
Facebook’s White Supremacy Ban: After announcing in March that it would explicitly prohibit white nationalism and white separatism on its platforms, Facebook handed out permanent bans this week to UK-based far-right organizations including the British National Party, the English Defence League, the National Front, and Knights Templar International. In addition to the specific groups and individuals named by Facebook, the platform will also ban content supporting those groups and “users who coordinate support for the groups.” Facebook’s decision is the latest in a string of actions taken by social media platforms against far-right activists that have included Twitter’s ban of Laura Loomer last year and Facebook’s bans of Britain First and Tommy Robinson earlier in 2019.
Iran is Hacked: A top Iranian hacker group known as APT34 or OilRig is having its own “Shadow Brokers” moment, as an anonymous Telegram channel called “Read My Lips” is publicly releasing its secrets. The leak has been ongoing for the past month, and data released includes hacking tools such as the code for DNSpionage, a list of 66 APT34 victims, Iranian intelligence’s server addresses, and alleged identities of APT34 hackers. The leaker apparently contacted a number of news organizations in an attempt to drive publicity for the Telegram channel, and Alphabet’s cybersecurity division Chronicle independently confirmed the leaks are authentic. According to Chronicle’s Head of Applied Intelligence, the leak is “unlikely to see widespread use,” in contrast to the Shadow Brokers tools in 2016 that were later used to build WannaCry and NotPetya.