10 Reasons Why the GDPR Is the Opposite of a ‘Notice and Consent’ Type of Law

The below piece was originally published on Medium. For a version with humorous images, head to the original post.

10th Annual Privacy Papers for Policymakers – Send Us Your Work!

The 10th Annual Privacy Papers for Policymakers awards have been announced. Register here to attend the event on February 6, 2020. We will open the submissions process for next year’s awards in fall 2020.

Have you conducted privacy-related research that policymakers should know about? If so, we can help you get it in front of key government officials. The Future of Privacy Forum will return to Capitol Hill early next year (date TBD) for the 10^th installment of our annual Privacy Papers for Policymakers (PPPM) awards program.

PPPM recognizes the year’s leading privacy research and analysis that has practical implications for policymakers in Congress, federal agencies, and data protection authorities internationally. Winners are selected by a diverse team of academics, advocates, and industry privacy professionals. Awarded articles are chosen both for their scholarly value and because they offer policymakers concrete solutions and practical insights into real-world challenges.

Submit Your Work!

We are currently accepting finished papers to be considered for next year’s awards. The deadline for regular submissions is October 4, 2019, and the deadline for student submissions is October 25, 2019. For more on submission guidelines, please review this page.

Last year’s winning papers examined topical privacy issues: sexual privacy, data subject rights, how local laws can fill gaps in state and federal laws, and more. PPPM honors papers from academics, practitioners, technologists and lawyers, which allows for a wide range of approaches to research and analysis.

For 10 years, the research compiled in PPPM has informed the policy debate in Congress, in the states, and around the world. By submitting your work for consideration, you are providing a valuable tool for legislators and staff considering the structure and elements of a national privacy framework.

Please send any questions about the program or submission process to [email protected]. We look forward to reading your work!

New FPF Study: More Than 200 European Companies are Participating in Key EU-US Data Transfer Mechanism

Co-Authored by: Daniel Neally & Jeremy Greenberg

EU Companies’ Participation in Privacy Shield Grew by More than One-Third Over the Past Year 

EU-US Privacy Shield Essential to Leading European Companies

From Major Employers such as Aldi and Dr. Oetker to Leading Technology Firms like CRISPR Therapeutics and Workwave, European Companies Depend on the EU-US Agreement

Privacy Shield Program Supports European Employment While Adding to Employee Data Protections – Nearly One-Third of Privacy Shield Companies Rely on the Framework to Transfer HR Information of European Staff

The Future of Privacy Forum conducted a study of the companies enrolled in the US-EU Privacy Shield program and determined that 202 European headquartered companies are active Privacy Shield participants. This is a 32% increase from last year’s total of 152 EU companies in the cross-border data transfer framework. These European firms rely on the program to transfer data to their US subsidiaries or to essential vendors that support their business needs. Nearly one-third of Privacy Shield companies use the mechanism to process human resources data – information that is crucial to employ, pay, and provide benefits to workers.

Thousands of major companies, many of which are headquartered or have offices in Europe, rely on the protections granted under the data transfer agreement. With dozens of new companies joining each week to retain and pay their employees or create new job opportunities in Europe, the Privacy Shield has become an integral data protection mechanism for European companies and the European marketplace as a whole.

Overall, FPF found that more than 5,000 companies have signed up for Privacy Shield since the program’s inception – more than 1,300 participants joined in the last year.

Leading EU companies that rely on Privacy Shield include:

–       ALDI, German grocery market chain

–       Alter Domus S.a.r.l., Luxembourg corporate and management services company

–       CRISPR Therapeutics, Swiss gene editing technology

–       Dr. August Oetker KG, German food, drink, household goods and industrial firm

–       EuroNext, European stock exchange

–       International Drug Development Institute SA, Belgian biostatistical and eClinical services company

–       LVMH (also known as Louis Vuitton), French luxury goods maker

–       Modern Times Group, Swedish digital media entertainment company

–       Omni Partners, British hedge fund

–       Randstad – Dutch human resources consultants

–       Workwave – Swedish software developer

FPF research also determined that more than 1,580 companies, nearly one-third of the total number analyzed, joined Privacy Shield to transfer their human resources data.

The research identified 202 Privacy Shield companies headquartered or co-headquartered in Europe. This is a conservative estimate of companies that rely on the Privacy Shield framework – FPF staff did not include global companies that have major European offices but are headquartered elsewhere. The 202 companies include some of Europe’s largest and most innovative employers, doing business across a wide range of industries and countries. EU-headquartered firms and major EU offices of global firms depend on the Privacy Shield program so that their related US entities can effectively exchange data for research, to improve products, to pay employees and to serve customers.

The Privacy Shield is a living and growing instrument, guaranteeing protection of the personal data of European consumers and employees as the backbone of fundamental rights protection within transatlantic commercial exchanges. Given the importance of this mechanism to supporting protection while enabling commerce on both sides of the Atlantic, we encourage careful review of the agreement this year by the European Commission and continued oversight and enforcement of the framework by authorities on both sides of the Atlantic.

The conclusions follow previous FPF studies, which highlighted similar increases in participation and reliance by EU firms on the Privacy Shield program.

Methodology:

• FPF staff recorded a list of 4,818 active Privacy Shield companies as of June 2019 from https://www.privacyshield.gov.
• FPF staff performed a web search for each current company by name, checking the location of the company’s headquarters on a combination of public databases such as LinkedIn, CrunchBase, Bloomberg, and companies’ own websites.
• A company that listed its headquarters in an EU member state or in Switzerland was counted as a match; companies that merely had a prominent EU office or were founded in an EU member state were not counted.
• 202 total EU-headquartered companies were identified using this method.

For the full list of European companies in the Privacy Shield program, or to schedule an interview with Jeremy Greenberg, John Verdi, or Jules Polonetsky, email [email protected].

FTC Reaches Landmark Settlement Regarding Kids’ Privacy, Clarifies Platforms’ and Video Creators’ COPPA Obligations for Child-Directed Content

By Sara Collins

Last week the Federal Trade Commission (FTC) released details of a settlement with YouTube under the Children’s Online Privacy Protection Act (COPPA). Although notable for its landmark monetary penalty, the settlement is probably more important for the other requirements that it places on YouTube and content creators. Some of YouTube’s settlement obligations exceed COPPA’s statutory and regulatory requirements. Under the settlement:

• YouTube will implement a system that enables channel owners to self-identify their child-directed content on the YouTube platform;
• YouTube will notify channel owners that their child-directed content may be subject to the COPPA Rule’s obligations;
• YouTube will provide annual training about complying with COPPA for employees who deal with YouTube channel owners;
• Businesses that operate YouTube channels will be required to self-identify their child-directed content; and
• The FTC will perform a future sweep of YouTube content to identify child-directed channels that continue to collect information from children.

According to a public statement, YouTube will disable personalized advertising (i.e. behavioral advertising), commenting, and public playlist sharing on content identified as “child-directed.” While not required by the settlement, YouTube will also deploy a machine-learning algorithm to identify videos that are in fact child-directed, but have not been self-identified by content creators.

Basis for the Settlement

The FTC concluded that YouTube had actual knowledge that many channels hosting content on its platform are “child-directed” and therefore trigger COPPA obligations for the company. Google and its subsidiary YouTube will pay a record $170 million to settle allegations by the Commission and the New York Attorney General that the YouTube video sharing service illegally collected personal information from children without their parents’ consent. The settlement includes a monetary penalty of $136 million to the FTC and $34 million to New York State. The $136 million penalty is by far the largest amount the FTC has ever obtained in a COPPA case since Congress enacted the law in 1998; the previous record was $5.7 million against Music.ly/TikTok.

Actual Knowledge

The settlement hinges on COPPA’s “actual knowledge” criteria. COPPA imposes obligations on online services that have actual knowledge that they are collecting, using, or disclosing personal information from children under 13. Services with actual knowledge of such data collection must implement privacy safeguards, including: obtaining verified parental consent to collection of personal information from children; providing parents with access to children’s data retained by the company; and publishing enhanced transparency regarding data practices.

The settlement characterizes YouTube as a third-party operator, rather than a platform. According to the FTC’s COPPA FAQ, third-party operators are deemed to have actual knowledge that children are using a service if:

1. a child-directed content provider (which is strictly liable for any collection) directly communicates the child-directed nature of its content to the third-party operator; or

2. a representative of the third-party operator’s ad network recognizes the child-directed nature of the content.

YouTube meets both prongs of this test. The complaint details Google’s knowledge that the YouTube platform hosts numerous child-directed channels. YouTube marketed itself as a top destination for kids in presentations to the makers of popular children’s products and brands. For example, Google and YouTube told Mattel, maker of Barbie and Monster High toys, that “YouTube is today’s leader in reaching children age 6-11 against top TV channels” and told Hasbro, which makes My Little Pony and Play-Doh, that YouTube is the “#1 website regularly visited by kids.” Several channel owners also told YouTube and Google that their channels’ content was directed to children. In other instances, YouTube’s own content rating system identified content as directed to children. 

This set of facts, combined with those from the Musical.ly settlement, puts companies on notice that their interactions with the public, board members, potential advertising partners, and content creators are all relevant factors when the FTC determines whether  platforms have actual knowledge that they collect information from children under the age of thirteen.

Content Creators = Operators

Chairman Simons’ and Commissioner Wilson’s statement notes that individual channels on a general audience platform are “website[s] or online service[s]” and, therefore, each individual creator who operates a channel is “on notice that [the Commission] consider[s] them to be standalone ‘operators’ under COPPA.” This means that YouTube creators may face strict liability for COPPA non-compliance — likely a shock to most creators as they do not control the information collected by YouTube, contract with advertisers, and cannot negotiate how revenue is split. However, because creators can choose whether or not to allow targeted advertising on their channels, the Commission construes YouTube as collecting personal information from children on behalf of individual creators. This raises economic and compliance challenges for creators, because YouTube warns creators that opting out of targeted advertising “may significantly reduce [the] channel’s revenue.” Channel owners who publish child-directed content will likely face a choice: either eschew targeted advertising and the associated data collection, or obtain verified parental consent from parents of under-thirteen viewers to collect personal information from their children.

The statement also announces that the FTC will conduct sweeps of channels following YouTube’s implementation of the order’s provisions. Because COPPA applies to commercial entities (defined broadly to include anyone who makes money from an enterprise that is not a governmental body or non-profit), monetized channels will need to be aware of potential COPPA implications. 

YouTube also stated that the platform would voluntarily implement a machine-learning algorithm to identify child-directed content that is not self-designated by content creators. We expect that this will be similar to other algorithmic screeners, such as those used for DMCA compliance. Critics have charged that YouTube’s algorithms are biased, opaque, and inaccurate. It will be challenging for the platform to algorithmically determine what content is or is not child directed; this analysis will necessarily be nuanced and complex. The analysis is also likely to be subjective. Some YouTube content is plainly child-directed, some channels are clearly not child-directed, and reasonable people can and will disagree about a diverse range of content in between. Any algorithm will be imperfect, creating the risk that the assessments will be both over- and under-inclusive when determining what is and is not child-directed content. 

One probable issue: videos that are appropriate for children (but directed to adults or general audiences) can be inadvertently flagged as directed toward children. The Commission’s Complaint notes that YouTube videos were manually reviewed prior to being featured on the homepage of the YouTube Kids app — a separate service specifically designed for kids, and distinct from the general audience YouTube service. The Commission did not detail what the review entailed; however, one could imagine reviewers making determinations based on the content’s appropriateness for children rather than assessing the content to see if it was specifically directed toward children. For example, a David Attenborough video about sharks might be perfectly acceptable on the homepage of the YouTube Kids app, but on the general audience YouTube service, it probably would not be considered child-directed. Conflating child-appropriate content and child-directed content is common. Machine-learning algorithms may mitigate or exacerbate this problem. The implications for creators of children’s media (and child-adjacent media) are uncertain, but, at a minimum, creating content for kids will likely be less lucrative.

Targeted Advertising vs. Internal Operations

Several aspects of the settlement hinge on the Commission’s interpretation of COPPA’s “internal operations” exception – a provision that permits operators to collect persistent identifiers from children without parental consent if the identifiers are only used for internal operations – e.g. personalizing content, protecting user security, or ensuring legal compliance. The settlement reinforces the FTC’s interpretation that, in the context of child-directed content, targeted advertising without verifiable parental consent is prohibited by COPPA. While this position is not necessarily controversial — the DMA, IAB, NAI, and most industry leaders agree — it is useful for the FTC to reiterate this point.

The “internal operations” exception also drives the Commissioners’ civil penalty analysis. Commissioner Chopra notes that YouTube used viewing data to enhance the effectiveness of its recommendation engines, and that the value of that enhancement should have been considered when negotiating the ultimate monetary penalty of the settlement. Chairman Simons and Commissioner Wilson disagree, characterizing recommendation engine data as being used within the bounds of the “internal operations” exception to obtaining parental consent. They argue that “obtaining penalties in this matter based on the argument that enhancement of Google’s other products and services through analytics such as page views, time spent on a video, or algorithms for recommending videos is ill-gotten, is highly speculative.” The FTC has requested comment regarding the appropriate boundaries of the “internal operations” exemption, and the subject is likely to be a focus of the upcoming FTC COPPA workshop.

ICYMI: FPF's Amelia Vance Raises Concerns about School Surveillance Technologies on WOSU

WASHINGTON, D.C. – Future of Privacy Forum Senior Counsel and Director of Education Privacy Amelia Vance joined National Public Radio’s Ohio affiliate, WOSU, for an interview on All Sides with Ann Fisher to discuss student data privacy.

As more schools explore surveillance technologies to address school safety issues, Vance explained, it’s critical to ensure certain guardrails are in place to protect students’ information.

“Communities should absolutely adopt the school safety measures that they think are necessary for their community, but we [also] want to make sure that they don’t have unintended consequences – that they don’t actually harm students more than they help ensure school safety,” Vance said. Listen to the full interview.

During the interview, Vance highlighted concerns that must be considered as schools and state and local officials explore school safety technologies that collect data and personal information, including social media content, images, and website search history, and use this data to identify students that could be deemed a threat.

Specifically, Vance highlighted examples of students who have typed a sensitive word or phrase, like “shooting hoops,” or posted images that are falsely flagged as problematic. As a result, these students – and the school administrators – can end up trapped in time-consuming “threat assessment process” that can lead to unjust school suspension or even expulsion.

Vance noted, “You have students who have gone through the threat assessment process, which is intended to make things better for students… but what we’ve seen is, in some cases, these threat assessments are discriminating against students with autism or students with disabilities… Those students aren’t threats, they’re simply students who need additional help.”

Vance also warned that some surveillance technologies could inadvertently deter students from seeking help (e.g. searching for resources and support for depression) because they believe certain search terms they will be ‘flagged’ as potential threats.

Click here to listen to the full interview. To learn more about the Future of Privacy Forum, visit www.fpf.org.

MEDIA CONTACT: [email protected]

How the FTC Became a "Super CNIL"

By Winston Maxwell

European data protection authorities are quick to remind citizens and companies that the U.S. lacks adequate protection of personal data. Many Europeans therefore assume that the U.S. is a privacy no-man’s-land. Yet on July 24, 2019 the FTC levied a privacy fine against Facebook that is far above GDPR levels, and imposed accountability obligations that come straight out of the GDPR playbook. The Facebook settlement order highlights a U.S. privacy paradox: The U.S. has inadequate privacy laws, but in some respects the US has the toughest privacy enforcement in the world. How can that be? In an August 11, 2019 article, I try to explain to French readers how the FTC uses Section 5 of the FTC Act and settlement orders to become a world class privacy enforcer. The title of the article – intentionally provocative – is “how the FTC transformed itself into a super CNIL”.

Some French readers objected to my calling the FTC the “most powerful privacy regulator in the world.” Others objected to my comparing the FTC to a “super CNIL”; others pointed out that Facebook’s market value increased after announcement of the fine, so the FTC’s sanction must have been too low. The purpose of my article was not to defend the Facebook settlement on the merits, but to explain how the FTC got there. The article draws on an article on the FTC and the New Common Law of Privacy by Professors Daniel J. Solove and Woodrow Hartzog, which explains how the FTC transformed the words “unfair and deceptive practices” in Section 5 of the FTC Act into a full corpus of privacy law, on par with many parts of the 1995 Data Protection Directive, and now the GDPR. Gaps remain, of course. A recent Op-Ed by Jessica Rich highlights the challenges faced by the FTC, and the huge gaps left open by the 100-year-old FTC Act. After reading Ms. Rich’s article, I would probably no longer call the FTC the “most powerful privacy regulator in the world.” But it is important for Europeans to understand how much the FTC has done to apply the FTC Act’s consumer protection language to new threats raised by massive data processing. The European Commission’s second annual review of the Privacy Shield framework does justice to the FTC’s work, noting the FTC’s enforcement program and its activities in fields such as algorithmic decision-making.

Of particular interest for Europeans is the FTC’s creative use of settlement orders. The FTC Act does not give the FTC direct sanctioning authority for violations of the “unfair and deceptive practices” rule. As pointed out by FPF CEO Jules Polonetsky, this is a big statutory gap that should be filled. Under current law the FTC needs to bring (or ask the DOJ to bring) a separate action in court. However, the FTC Act does give the FTC the right to impose penalties for breaching a prior consent order. The reason the FTC could act forcefully against Facebook in 2019 was that Facebook violated provisions of a previous settlement, signed in 2012. Settlement orders also permit the FTC to impose ongoing accountability and reporting obligations. When I tell privacy students in France that the FTC’s audit and reporting obligations under settlement orders last for 20 years, they are amazed – for digital businesses, 20 years is an eternity.

Christopher Wolf and I have tried for years to dispel the impression in Europe that the U.S. lacks any effective privacy protection outside of special sectors like health care. While it’s true that the U.S. does not have anything close to a GDPR, the FTC’s recent fine shows that the FTC can do a lot with little, sometimes going beyond the GDPR. Obviously there are limits on what the FTC can do under the FTC Act, particularly when it comes to prohibiting certain business practices that might be challengeable under the GDPR but are not challengeable under current U.S. legislation. Federal privacy legislation would help fill the remaining gaps and give the FTC the resources it needs to be more effective.

Yet Europeans can still learn from the FTC’s existing playbook. Settlement orders are frequent for competition law violations in Europe (they are called “behavioral commitments”), but so far nonexistent for privacy violations. Article 58 of the GDPR might be improved to expressly allow data protection regulators to accept behavioral, or even structural, commitments in the context of sanction proceedings.[1] Another interesting aspect of the Facebook settlement order is the FTC’s requirement that Facebook’s CEO, Mark Zuckerberg, sign a personal attestation. This measure is inspired by anti-corruption laws, which frequently require senior officers to sign attestations. The attestations increase the risk of personal liability and might add a useful layer to the GDPR’s already impressive array of accountability tools.

Whatever one thinks of the Facebook fine, it is by far the largest fine ever imposed for a privacy violation. And the 20-year-long governance and reporting obligations are far from trivial. Those in Europe who continue to think that the U.S. has no privacy laws should read the 2019 settlement order and the European Commission’s second review of the Privacy Shield framework, which together paint a more accurate picture of the U.S. situation.

Winston Maxwell is Director, Law and Digital Technology, for TELECOM Paris.

[1] A resourceful DPA could potentially include something that resembles commitments in a sanction order under the GDPR, and that may or may not be valid. My point is just that unlike competition law, European privacy law does not envisage commitments as a standard tool in the regulator’s toolbox.

Digital Deep Fakes

Why are they deep?

What are they faking?

What does it mean for the rest of us?

Co-authored by William Marks and Brenda Leong

Introduction

Nicholas Cage played Lois Lane in a Superman film. Nancy Pelosi drunkenly slurred her words on stage. Barack Obama claimed Killmonger, the villain in Black Panther, was right. And Mark Zuckerberg told the world that whoever controlled data would control the future. Or did they?

These events seem unlikely, but click the hyperlinks; they were all recorded on video—they must be real! Or so it seems. There have long been many varieties of video manipulation, but those processes were generally expensive, time-consuming, and imperfect. That is no longer the case.  Professional tools are increasingly effective and affordable, and open-source code that even relative amateurs can use will soon be available to produce believable digital video forgeries. 

Already impressive, these new tools are improving quickly. It may soon be nearly impossible for average viewers, and challenging even for technical experts, to distinguish the authentic from the digitally faked, a circumstance described as having “the potential to disrupt every facet of our society.” From the mass market of news and viral memes to the exchanges between individuals or businesses, bad actors will be able to create fake videos (and other media) with the intent to harm personal, political, economic, and social rivals. Unable to believe what their own eyes see, trust in the news will decline. This may be exacerbated by what Robert Chesney and Danielle Citron refer to as the liar’s dividend: the benefit to unscrupulous people from denouncing authentic events as forgeries, creating enough doubt or confusion to have the same impact or accompanying harm as if the events were fake, while minimizing any consequences to themselves.

The media has recently labeled these manipulated videos of people “deepfakes,” a portmanteau of “deep learning” and “fake,” on the assumption that AI-based software is behind them all. But the technology behind video manipulation is not all based on deep learning (or any form of AI), and what are lumped together as deepfakes actually differ depending on the particular technology used. So while the example videos above were all doctored in some way, they were not all altered using the same technological tools, and the risks they pose – particularly as to being identifiable as fake – may vary. 

First (and Still), There Were “Cheapfakes”

Video manipulation is not new. The Nancy Pelosi video, for example, uses no machine learning techniques, but rather editing techniques that have been around quite awhile. It is what is now being called a “cheapfake.” Rather than requiring a tech-savvy troll equipped with state-of-the art artificial intelligence, this result was achieved through more traditional means by running at 75 percent speed, and with a modified pitch to correct for the resultant deepening of her voice. Because live (unedited) video of this type of event may also exist, it’s generally not as difficult for viewers to quickly check and identify this as fake. However, if Pelosi were a less famous person, and finding an unedited video record was more difficult, this type of fake could still confuse viewers, be harder to validate, and cause even more potential fallout for the person being misrepresented. Their simplicity does not render them harmless. As we have seen, even falsifiable fake news stories can mislead people and influence their views. But the editing process is likely to be discernible from the video file by those with the capacity to review it, and thus these types of fakes can be publicly identified. 

When Machines Learn, the Fakes Get Smarter

Two more recent versions of machine learning-based video editing are causing more concern. One is what is accurately a “deepfakes,” and the other, even newer process, is a deep video portraits (DVP). Because the processes are similar, and the outcomes and risks aligned, most common media references will likely consider them all deepfakes moving forward.

Technically, the term deepfake refers to what are essentially “faceswaps,” wherein the editor essentially pastes someone’s face like a mask over the original person’s face on an existing source video. Deepfakes generally attribute one person’s actions and words to someone else. The term was coined in 2017 by a reddit user who used the technology to make believable fake celebrity porn videos. That is – the editor took a selected clip of a pornographic video, and then needed some amount of actual video of the celebrity to be defamed, which the AI software could use to “learn” that celebrity’s movements well enough to place his or her face over the original porn film actor. Thus, it appeared the celebrity was the person in the porn film. Here, John Oliver’s face is placed over Jimmy Fallon’s as though Oliver were the one dancing and telling jokes. 

In these examples, the original videos may be fairly easily accessible to demonstrate that the altered versions were faked. Alternatively, observing other aspects of the video (such as height or other physical characteristics) may make it clear the substituted face is not the original person in the video. The technology is not seamless—close observation shows that the “fit” of Oliver’s face isn’t perfect, particularly when he turns to the side. And in some cases, the editing may be discernible upon examination of the altered file. However, quality is improving steadily and this sort of substitution may be harder to visually identify in the future. 

These extremely realistic deepfakes are the result of a powerful machine learning technology, known as “generative adversarial networks” (GANs), a programming architecture based on deep Neural Networks. 

The other process – creating Deep Video Portraits (DVPs) – is even newer, more powerful, and potentially more dangerous. DVPs are also created through GANs and likewise commonly referred to as deepfakes. But whereas actual deepfakes allow someone to place a mask of someone else’s face onto an existing video clip, DVPs allow the creator to digitally control the movements and features of an already-existent face, essentially turning them into a puppet in a new video recording. As demonstrated here, using a relative short amount of existing video from the target (the person to be faked), the program allows a source actor to move his head and mouth, talk, and blink so that it seamlessly appears that the targeted person is doing exactly those movements and expressions, being controlled to say or express exactly what the editor desires.

In a video created in this manner, Jordan Peele digitally manipulated Obama’s face to speak words and make facial expressions that Obama never did. After making this fake video with FakeApp (first released in 2018), Peele edited the file further with Adobe After Effects to create a particularly convincing altered performance.

Since the DVP process is creating a new video file directly (not manipulating an existing file), there is no digital editing trail to technologically identify changes. And there is no original video to find or contrast it with. There are AI systems being developed that may be able to detect DVPs based on the inconsistencies of movements and other performance discrepancies, but whether they can keep up with the improving quality of the faked imagery remains to be seen.

“When Machines Compete”: How GANS Work

GANs are a relatively recent development in neural net technology, first proposed by Ian Goodfellow in a 2014 paper. GANs allow machine-learning based systems to be “creative.” In addition to developing deepfake videos sophisticated enough to fool both humans and machines, these programs can be written to make audio recordings, paint portraits that sell for hundreds of thousands of dollars, and write fiction. 

GANs work by having two neural networks compete directly with each other.¹ The first (the “generator”)  is tasked with creating fake data – in this case, a video – based on a training set of real data (video, audio, or text data from existing files or recordings).  The program is trained to emulate the data in the real files: learning what human faces looks like; how people move their heads, lips, and eyebrows when they talk; and what sounds are made in speech. 

The second neural net (the “adversary”), a program also trained on the real video data, uses its learned analysis of how people move and speak to try to distinguish an AI-generated video—that is, the job of the adversary is to spot the fakes created by the generator. The more original video data it is fed, the better this adversarial network becomes at catching the fake outputs. But concurrently, the generator uses the experience of being caught out to improve its fakes. This drives an upward spiral of excellence, as each of the algorithms continually gets better and better until the first is finally able to consistently create outputs so believable that the second cannot distinguish them from real footage.

Identifying Fakes: “Technically,” It’s A Problem

As a society, we have long known that photos can be altered, even when they look real. And some are fairly obviously fakes to all but the most willfully ignorant, simply based on their level of outlandishness. Examples that come to mind include edited images of George Bush holding a book upside-down, Vladimir Putin riding a bear, and President Trump playing with plastic dinosaurs. But many fake images are more subtle, and as we’ve seen in recent years with the rise of “fake news” generally, the false can often mislead the unsuspecting or the less discerning. People accept straight out lies, generated by human writers because fabrications get clicks, as true. What will happen when people are urged to routinely critically question what appears to be unedited footage?

How will we deal with the problem when average users can generate realistic looking images, videos, and stories with nothing more than an easily accessible program that requires minimal input? Potential concerns include an abundance of fake nude photos, admissions of treason or fraud, and fabricated news stories all across the internet and social media. The private sector, government, and individuals will all need to react.²

A skeptical eye may be able to identify many of the current deepfakes as forgeries, but this may be a temporary comfort. While researchers are employing the same challenge-and-improve process to systems designed to search-and-detect artificial files, the process is uneven between creators and detectors. This is at least partly because of a disparity of attention and research. The number of people working on the fakers’ side, as opposed to the detector side, may be as high as 100 to 1, although any potential future breakthrough might quickly tip the balance. And just as the generator learns what gets it caught by the discriminator neural net, creators learn from their mistakes. For example, when some detection technology relied on the fact that deep-fakes were not able to blink naturally, creators quickly improved the technology to incorporate smooth blinking.

Even once identified, technical controls are limited. Reddit shut down r/deepfakes, where the initial deepfake pornographic content was shared. Youtube removed the Pelosi video, and Facebook notifies users who re-post about its veracity. But these actions are complicated, and don’t scale well. Trying to automate this sort of monitoring leads to problems such as deleting the history of Nazis in Germany while trying to suppress the imagery of white supremecists. It has also prompted questions over whether platforms are now fact-checking art. After all, the deepfake of Zuckerberg was created by an artist. 

The generators of these technologies will also have to wrestle with the ethical implications of their decisions, as use cases run the gamut of useful and creative applications as well as those which might be concerning. OpenAI, a group which actively promotes cooperativeness in AI research, designed a fake text generator they felt was so good, they decided the risks it posed made it too dangerous to release. The program was designed to flesh out a full story or news article based on just a short opening phrase. However, despite the group’s central policy to support open source code, they opted not to release the full model of the system, GPT-2m, “due to […] concerns about malicious applications of the technology” because of the ease of potential use for social engineering attacks, to impersonate people, or to create fake news and content.

We’ve seen how rumors and fake news can crash stock prices, raise ethnic tensions, or lead a man to burst into a pizza shop with an assault rifle. Yet even when the true accounts are available to distinguish fake from real, problems emerge. The implications and challenges posed by such content-generation systems are significant. Technological fixes alone will be insufficient to combat undesired impacts. 

Identifying Solutions: Political Will

Any proposed solutions are likely to include at least some degree of regulatory intervention. Specific to the U.S. legislative context, one proposal to deal with the potential proliferation of fake videos, news, and photos, is to amend section 230 of the Communications Decency Act. The law has currently established that ISPs and many online services are not responsible for content posted by users. Free speech groups maintain that if companies were responsible for the content posted by users, they would be forced to block or strictly censor at mass scale, with a subsequent chilling effect on internet free speech. 

Danielle Citron and Benjamin Wittes have proposed amending Section 230 to hold companies liable for the failure to take reasonable steps to prevent or address unlawful uses of their services. Members of Congress and state governments have proposed bills to criminalize both the ‘malicious’ creation and distribution of deepfakes, and to prohibit creating videos, photos, and audio of someone without their consent. These proposals presuppose that the ability to reliably identify synthetic or manipulated media remains possible. Increasing liability for something platforms literally cannot provide will not solve the problem, although technical breakthroughs remain possible.

The feasibility of finding practical ways to identify and enforce such requirements is questionable, and there would be inevitable First Amendment challenges to resolve. These questions only expand when considering global regulatory implications.

Identifying Solutions: Social Norms

An information flow in which it is difficult or even impossible to distinguish what is real from what is not is a dangerous one. Forgeries may be accepted as true, and truth can be undermined by doubt. In 1994, Johnson and Seifert called this the “continued influence effect.” When a fake is later to be proven false (the Protocols of the Elders of Zion), or a truth is doubted when clearly proven to be correct (scientific progress such as the history of women’s physiology; or the recent anti-vax movement based on a retracted study suggesting a connection between vaccines and autism), the initial negative or positive associations remain, and can have significant, lingering effects.

Democracy depends on an informed electorate. Encouraging the population at large to think critically about the source and content validity of news and stories they hear is essential. As stated in a 2018 New York Times Op-ed,  “Democracy assumes that its citizens share the same reality.” Or as Daniel Patrick Moynihan once put it, “You are entitled to your own opinion. You are not entitled to your own facts.” It is unhealthy for a democracy to exist in which facts are doubted and “alternative facts” are accepted. This is a condition that U.S. society is already grappling with, and the introduction of false information via deepfakes will only exacerbate the problem. 

Some people may align themselves with sources they deem reliable, while some may deny the pursuit of truth as a meaningful endeavor altogether. But many will want to proactively ensure they are receiving a comprehensive and accurate reporting of the world around them. If unable to confidently determine the truth for themselves, these people may seek an arbiter of some kind, looking to fact-checking applications, reliable media companies, or public and non-profit agencies to supply, verify, or validate information. It may be that more or different organizations are needed to formally fill this role, to objectively and disinterestedly provide news “about” the news.

People do adapt. New technologies, like film in the late 1800s or the proliferation of Photoshop in the late 20th century, force people to recognize and react to new realities. And technology certainly will play a role, as companies seek to leverage AI and other tools to identify fakes. But we are in the midst of the steep transition between technological capability and counter strategies. As Sandra Wachter of the Oxford Institute reminds us, while this problem is not new, the rate at which technology is developing is challenging our ability to adapt quickly enough. 

We need to confront the technical and political issues arising from computer-generated fake videos and media. A first step certainly includes at least increasing public awareness that these technologies exist, are getting better, and that people must assume some responsibility to critically analyze the information that they consume.

¹ This paper addresses the use of GANs to generate fake videos specifically, but the use of GANs in ML developments generally have many different applications and use cases, including advancement of music, recreating voices for those who cannot speak, addressing various medical conditions, and other simulated or synthetic applications that, while “artificial” are not designed with the intent to deceive.

² While detection is one clear, and probably necessary, arm of research, there are multiple ways to consider how to meet this threat, including ways to track original files, establish provenance, and otherwise validate certain files. These methods also raise questions of risk, however, for anonymous uses such as whistleblowers or civil rights activists, so all options include challenges that preclude “easy” fixes.

Donate to Fund an FPF Fellowship Today

Despite demand for privacy experts at mid and senior levels, it continues to be difficult for young professionals to start a career in this area, and even harder for students without the resources to take low paying internships. And with bias and discrimination playing such a central role in data protection today, the privacy community needs to do more to engage the expertise of candidates who can add diverse views to the conversation.

The Christopher Wolf Diversity Law Fellowship is a two year position created in recognition of FPF Founder Christopher Wolf’s career long dedication to fighting discrimination and hate.

The Elise Berkower Memorial Fellowship is a one year position for candidates demonstrating the ethical commitment and collegiality exemplified by our dear friend Elise Berkower and in memory of her life. Elise passed away on May 31, 2017.

We have a 100% success record at helping the past fellows gain employment post-fellowship at companies, law firms and civil society groups.

The fellowships are supported in part by the Berkower family, the Nielsen Foundation, FPF, and by friends in the privacy community.

Please help us fully support the positions for the upcoming term. Thank you!

DONATE

Elise Berkower Memorial Fellow Michelle Bae co-moderates an FPF Book Club discussion.

Former Christopher Wolf Diversity Law Fellow Chanda Marlowe moderates a panel on Internet of Things accessibility for persons with disabilities.

Congressional Leaders Join Future of Privacy Forum, Charter Communications to Discuss Consumer Privacy

Will Congress advance a federal privacy law? FPF Vice President of Policy John Verdi spoke with two leading House members to find out.

Watch the video below of John’s July 19th conversation with House Energy & Commerce Subcommittee on Consumer Protection Chair Jan Schakowsky and Ranking Member Cathy McMorris Rodgers.

Thank you to Charter Communications for co-hosting the event.

If you would like to stay up to date on policy discussions related to privacy, please subscribe to our newsletter

COPYRIGHTS AND PRIVACY: What is the Irrevocable License and is it Really a Privacy Concern?

“By submitting a Posting, you hereby authorize [us] to use, and authorize others to use, your Postings and User Names in whole or in part, on a royalty-free basis, throughout the universe in perpetuity in any and all media, now known or hereafter devised, alone, or together or as part of other material of any kind or nature, including without limitation commercial use on and advertising and promotion of the Site. Without limiting the foregoing, [we] will have the right to use and change the Postings in any manner, either with or without the User Name, that [we] may determine.”

Scary sounding, isn’t it? There are so many words, packed into two sentences that all seem to say “we can do whatever we want with your information forever!” But where did this (specific) “throughout the universe” license come from, typo and all? Was it Facebook? No. Google? No. Amazon? No. What about the controversial FaceApp? No, again. This specific license came from Nickelodeon’s terms of service.* Yes, the children’s media company that brought us Spongebob Squarepants also brings us a license that seems to say they can access an individual’s data forever and do whatever they want with it. As does PBS kids, the New York Times, Panda Express, Wells Fargo Banking, UnitedHealth Group, Wikipedia, School Loop, the National Park Service, the International Association of Privacy Professionals (IAPP), and basically every single other website that allows their users to interact, comment, or sign–up.

Whenever a new app or technology is unveiled, or new controversy that raises privacy concerns arises, eventually someone will go through the company’s Terms of Service (TOS), find this sort of licensing clause and reference this language to allege potential privacy abuses on a grand scale. (In 2017, there was an initial blog concerned about Ancestry.com’s licensing language for DNA data, the Ancestry response, and even a Snopes article clarifying the specifics. More recently, Wired expressed similar concerns in an article on FaceApp). However, this language is not typically targeted at undermining privacy controls governing consumer data, but instead establishes the copyright permissions and liabilities a company has in users’ posted content. 

Due to the strength of copyright protections, and harsh penalties against those who violate them, this language must be broad to comply with existing laws. Unfortunately, this has the effect of making the language easy to misunderstand, especially for consumers who do not understand the variety of legal requirements that may apply. The truth is, while the perpetual license language affects the copyright of content, any personal information a company possesses is equally controlled and limited by its legally binding Privacy Policies. In addition,  there may be various state, national, and international laws that apply further restrictions. 

The reasons for the development and inclusion of these clauses, and the privacy controversies the terms can trigger, tell an interesting tale about the intersection of data protection and intellectual property law.

First, why does the “perpetual license” language exist? Simply put, this is a copyright clause used to protect the company from being sued for copyright infringement. Copyright law exists to allow content creators to protect their works. Under copyright law, unlike some other forms of intellectual property, the content creator automatically gains exclusive rights immediately upon creating their work in a “tangible medium,” i.e. making it exist in the world. These automatic rights include the right to reproduce or copy the work, to create derivative works (any work based on the original in any form of media or material), to distribute the work, and to publicly display or perform the work. Sound familiar? That is because these same rights are often listed using the same or similar language in perpetual licenses for digital products and services. All of these rights spring into existence the moment any person creates their own original text message, sound recording, picture, drawing, or other types of works. 

A user who posts content immediately has copyright rights in original content they provide, such as text, pictures, or other submitted content. Once the user clicks “post” or “submit” or “send,” the company or website or app receiving the copyrighted content needs to copy it onto their servers, transform it into different mediums for their servers, then copy, distribute, and publicly display the original (copyrighted) post for other users to see or to provide the service the user originally requested. In essence, the website must take actions that are governed by copyright law to accomplish exactly what the user intended when sharing the work with the platform. Platforms must make sure that the user, who likely owns the copyright, has provided them with the rights and permissions they need to provide the desired service.

While it is worth mentioning that the Digital Millennium Copyright Act does provide some exceptions to these infringement actions, these exceptions apply narrowly–to services that transmit or cache content, rather than display it. Companies that host and display content can rely on the DMCA to protect them from third party claims–but they still should ensure they have permission from the poster themselves to take all the actions needed to provide the service. Rather than risk copyright liability for displaying or altering content without a poster’s permission and expose themselves to statutory damages for copyright infringement, most websites prefer to get a license from their user that will be effective for as long as the business is active (perpetually), that will not require them to pay millions of users (royalty-free), that is accessible to other users (worldwide or throughout the universe), and that cannot be rescinded by consumers so the consumer can turn-around and sue the company (irrevocable and non-exclusive). 

So even though the perpetual license language exists because a website needs permission to use any original work that a user provides, isn’t that still a privacy concern? The company now has the information. Doesn’t that license still mean they can use the information however they like, even if they don’t own all rights to it? Because copyright law is distinct from privacy law, the answers are “not exactly,” and “no.”

The rights and requirements of the TOS are not independent of other contracts, terms, policies, and laws. As such, while the TOS legally create a license to some uses of the information a user provides, the Privacy Policy i limits what information can be collected, stored, used, and sold, by who, and for what purposes. Both the TOS and Privacy Policy bind the company and the language of one does not mitigate the language of the other. Take, for example, Nickelodeon’s “throughout the universe” license posted above. Nickelodeon also has a strong Privacy Policy that outlines, in very explicit terms, exactly what information they obtain and why (found here), exactly how and why they use the information they collect (found here) and exactly who they share information with and why (found here). Should Nickelodeon be found to be in breach of any of these specific terms in the Privacy Policy, they could be fined by regulatory agencies for deceptive trade practices–but not sued for statutory damages for copyright infringement

This same overlapping of restraints also affects the interplay of the perpetual license and the various legal statutes that govern data practices. Nickelodeon has both a “throughout the universe” license and a comprehensive Privacy Policy, but is still further constrained by required compliance with the Children’s Online Privacy Protection Act (COPPA). 

Thus, the existence of this licensing language dealing with copyright law does not mean that every website and company instantly has full and complete ownership, access, and control over every bit of information that a user provides, always and forever. The license is a protective shield used to create a right for the company to use original material created by someone else – even if that is just the text of a user-posted comment – as well as to limit liability under intellectual property law. These rights do not typically limit additional liabilities under other statutes. 

Perpetual licenses, while they may sound scary, are necessary for a functioning internet and are often substantially limited by both Privacy Policies and statutes. Although this language can become an easy target for privacy-minded critiques, the language itself is a product of intellectual property practices used to mitigate legal liabilities and has minimal impact on data collection, use, or privacy protections. The real privacy concerns come from weak or insufficient Privacy Policies that may not create sufficiently strong protections for user-provided data, including personal information well beyond that covered under copyright. It is their Privacy Policy that determines what a company can or cannot do with a user’s data and is where users should look for the details of what a company may be allowed to do with their data.

*FPF is not criticizing or critiquing Nickelodeon’s Terms of Service. Nickelodeon was chosen as a useful example to highlight the issue due to their unique position in media, strong privacy policy, and intersection with a federal privacy statute.

Co-Authored by Dan Neally, FPF Summer Intern, and Brenda Leong