Senate holds hearing on child safety on social media
The Senate Judiciary Committee held a hearing this week on “Big Tech and the Online Child Sexual Exploitation Crisis” with the CEOs of five major tech companies. Discord’s Jason Citron, Meta’s Mark Zuckerberg, TikTok’s Shou Zi Chew, Snap’s Evan Spiegel, and X’s (formerly Twitter) Linda Yaccarino all testified. Several senators were combative in their questioning, with Senator Lindsey Graham (R-SC) telling Zuckerberg he “had blood on his hands” because Meta failed to ensure safety on its platforms. The senators invited a number of victims and their families to the hearing, some of whom testified about the impact of social media platforms on their lives. The five CEOs faced wide ranging questions. Several senators interrogated Zuckerberg over his denial of a request in 2021 by Nick Clegg, Meta’s head of global affairs, for an expanded child safety team. Chew fielded inquiries about TikTok’s child safety policies, TikTok’s data practices, ties to the Chinese government, and his personal affiliation with the Chinese government (Chew is from Singapore and still resides there), which some experts criticized as xenophobic and distracting from the focus of the hearing. After the hearing, two of the CEOs, X’s Yaccarino and Snap’s Spiegel, said they would support the proposed Kids Online Safety Act, which would require online services to strengthen content controls for children; the bill has been criticized for its broad scope and vagueness, and Senator Marsha Blackburn (R-TN) has suggested the bill could allow the government to force companies to censor content related to transgender people.
U.S. disables botnet run by Chinese threat actor Volt Typhoon
The Department of Justice announced that the U.S. government disabled a botnet, known as KV Botnet, operated by Chinese state-sponsored hackers, tracked as Volt Typhoon, in December 2023. The botnet had been made up of small office and home office (SOHO) routers that had reached their end of life, meaning that their manufacturers were no longer pushing patches or security updates for those routers. One section of the botnet, the KY cluster, was used for complex attacks against high-value targets, while the other cluster, JDY, was used for broader attacks. The botnet could be used to mask internet traffic associated with Volt Typhoon hacking campaigns, allowing it to distribute commands and exfiltrate data while appearing to come from somewhere in the United States, or another location. Volt Typhoon has been a major focus of U.S. authorities since May 2023, when the U.S. government issued a joint advisory with Five Eyes partners about Volt Typhoon’s presence in critical infrastructure throughout the United States.
Taylor Swift explicit deepfake images flood X/Twitter
Explicit deepfake images of Taylor Swift proliferated across social media, especially on the platform X (formerly known as Twitter). A day after the incident, X made “Taylor Swift” unsearchable and suspended or restricted flagged accounts that shared these photos. Later in the week, X stated that the company has a “zero-tolerance policy” for explicit content and was actively working to remove identified images. X has significantly cut its content moderation staff since Elon Musk acquired the platform in October 2022, and some experts said its response to the spread of the deepfakes highlighted how X’s approach to content moderation has failed. The White House released a statement expressing alarm and called for legislation to address deepfake targeting. Ninety- six percent of deep fakes online are pornographic and disproportionally affect women and girls. A 2023 UNESDOC report cautioned that generative AI tools can lead to an increased number of attackers and will place the burden on women and girls, especially to protect themselves against online abuse.
AI companies will be required to report safety test results to U.S. government
The Biden-Harris administration announced that it is invoking the Defense Production Act (DPA) to require major AI developers to report the results of safety tests conducted on foundation models and to alert the U.S. government within 90 days when they begin new AI development projects that require more than 100 septillion floating operations per second (FLOPS), around 1000 times lower than the amount of FLOPS used to train the most advanced models. This rule follows President Biden’s Executive Order on AI signed in October 2023, which had called for the government to invoke the DPA to address AI safety risks. The Department of Commerce is also expected to implement rules that would require cloud providers to disclose when a foreign company uses its cloud infrastructure to train a model that surpasses the same 100 septillion FLOPS threshold. If implemented, this rule would detect and alert the government to possible foreign actors who may have malign intentions, limiting their accessibility to data centers and AI training models.
Brazilian police launch investigation into former intelligence chief over use of spyware
Brazilian Federal Police are investigating Alexandre Ramagen, the former head of Brazil’s intelligence agency from 2019-2022, over a large spying operation that allegedly targeted over thirty thousand people, including journalists, judges, lawmakers, and politicians. The police said they had raided several locations associated with Ramagen, who is a close associate of former President Jair Bolsonaro, and seized mobile phones, laptops, and data storage devices as part of the investigation. The investigation, ordered by Brazil’s Supreme Court, is focused on the possibility that Ramagen illegally monitored political opponents and public authorities for the “benefit of the Bolsonaro family.” Bolsonaro has faced a number of investigations since he lost Brazil’s presidential election in 2022, and in July 2023 was banned from seeking public office until 2030 by Brazil’s highest electoral court.
Cecilia Marrinan is the intern for the Digital and Cyberspace Policy Program.