healthcarereimagined

By EDWARD GRAHAMJULY 21, 2022

The message to staff said that “more could be done” to streamline planned deployment of new health record software at Boise VA Medical Center.

The Veterans Affairs Department has indefinitely postponed its planned rollout of the Oracle Cerner Millennium electronic health record system at the Boise VA Medical Center as technical issues and critical reports from the VA’s Office of Inspector General continue to stymie the implementation of the software.

In an internal VA email to staff distributed on Wednesday and obtained by Nextgov, VA Deputy Under Secretary for Health Steven Lieberman called the postponement “not a setback, but rather part of the process.” 

The VA announced last month that all of its originally planned software deployments for the year, with the exception of Boise, would be delayed until 2023, following a series of outages and logistical issues that have highlighted serious flaws in the EHR system. The deployment at Boise VA Medical Center was originally scheduled for June 25, before being pushed back to July 23. The most recent delay indefinitely postpones the software’s go-live date.

“At this time, VA has not scheduled a new launch date for the electronic health record system at the Boise VA Medical Center,” VA spokesman Randal Noller said.

“Many thanks go to our Boise VAMC and [Electronic Health Record Modernization Integration Office] staff, who worked tirelessly to get us to this point,” the email said. “There are positive improvements in many areas because of their hard work. However, in assessing Boise’s readiness for deployment this weekend, VA made the decision that more could be done to ensure a safe and successful deployment. VA continues to work with Oracle Cerner to implement important system enhancements and make the necessary improvements to ensure system stability.”

VA Secretary Denis McDonough confirmed the delayed software rollout at the Boise VA Medical Center during a press conference on Wednesday, but said “we’ve learned from these issues around patient safety” when asked about the long-term viability of the EHR system.

The next EHR system deployments are currently scheduled for January 28, 2023, in Michigan’s Aleda E. Lutz VA Medical Center and the VA Ann Arbor Healthcare System. According to EHRM’s online deployment schedule, the tentative go-live date for both facilities—as of June—was the second quarter of 2023. 

News of the postponement came the same day that VA leaders overseeing the agency’s software deployment were grilled by members of the Senate Veterans’ Affairs Committee about outages, cost overruns and patient care concerns that have impacted the five VA medical sites where the system is currently live. Committee Chairman Jon Tester, D-Mont., said during the hearing that a third-party estimate of the EHR software project presented to Congress found that it would cost more than $50 billion over 20-plus years.

Idaho’s entire congressional delegation said in a joint press release that it raised concerns with the VA about the software’s deployment at the Boise VA Medical Center following a series of critical OIG reports about the EHR system. One of the recent watchdog reports found that the software implemented at the Mann-Grandstaff VA Medical Center in Eastern Washington—the first commercial rollout of the EHR system—had a critical flaw that improperly routed more than 11,000 clinical orders to an “unknown queue” without the knowledge of clinicians. 

While Idaho’s lawmakers said that some of these deficiencies had been addressed, their release noted that “numerous outstanding issues remain.”

“As the VA works to determine a viable path forward for the new EHR system, we once again call on VA and Oracle Cerner leadership to put veterans first by fixing the long-identified issues with the program that pose a threat to patient care,” Republican Sens. Mike Crapo and Jim Risch, along with Republican Reps. Mike Simpson and Russ Fulcher, said. “Before the system is rolled out at any additional sites, it must be made safe, reliable and user-friendly.”

Article link: https://www.nextgov.com/it-modernization/2022/07/internal-va-email-calls-postponement-ehr-rollout-boise-part-process/374772/

The service is expected to issue a memorandum regarding policies that will support the cyber ready concept and continue to grow the use of DevSecOps. 

Nikki Henderson Fri, 07/22/2022 – 12:04

The Department of the Navy is shifting its IT development priorities toward cyber readiness and DevSecOps as it prepares to more fully implement zero trust.

The Navy is currently working on recommendations that focus on instating Continuous Authorization To Operate (cATO) procedures needed to streamline development cycles and safeguard network security.     

Tony Plater, CISO at the Navy, said being cyber ready is the service’s top priority. Plater described the ultimate goal as a more responsive and iterative approach to security.

“The right to operate is earned and managed every day because we need to be looking at cybersecurity every day.  Including how our shift to cyber ready is going to shift us to an active cyber ready state, how it’s going to enable acquisition speed and how it’s going to better defend our information,” Plater said during Federal News Network’s The Connection Between Zero Trust and DevSecOps webinar.   

The Navy views cybersecurity as a compliance problem and has identified cybersecurity requirements as well as audits to evaluate these processes. However, internal review has shown that Navy’s current compliance model is not providing the cybersecurity posture needed.  

“The Navy needs to fundamentally shift our cybersecurity from a compliance approach to an active cyber ready state,” Plater said. “Cybersecurity needs to be an enabler and it can’t be seen as a check at the end or as a barrier.  We also think this active cyber state will help us better defend our information.”   

Plater outlined that in order to be cyber ready, the Navy should follow key principles such as measuring cybersecurity more holistically through a risk and readiness framework that stays ahead of an evolving threat landscape.    

“It’s not just patching and trying to keep up with every cyber vulnerability. It means understanding what the risks are, where the threat is, prioritize and then go at it,” Plater said.   

Two other key factors that will support cyber readiness include accelerating the authorization process while avoiding risk, and fostering a culture of change needed to incorporate these new operating principles.  

Plater stated that Navy plans to launch the first of these new cybersecurity pilot programs within the next 60 to 90 days.  

“We will release a strategic intent memo which will outline our expectations for the services. Following that, those pilots will be used to help us guide actual policy. We will continue to work closely with DOD to share what we’re learning and then distribute that knowledge where it makes sense across the department,” Plater said.        

According to Plater, guidance will soon be coming from the Navy and Marine Corps CISOs on how to make better and more comprehensive use of DevSecOps. 

“The Navy has launched a new platform called Black Pearl. We have teams that meet on weekly basis who are working to establish the guidance, policy and processes it takes to certify pipelines that will produce securely coded products,” Plater said.   

“By putting all this code through a DevSecOps process we can understand how the software is developed, the pipeline is developed and establish the correct security posture,” Plater added.  

During the event Plater also gave an update on the Navy’s zero trust journey.  

“We’re conducting gap analysis. Identifying routes to and from authorized users, looking at maturity within each pillar and formulating internal roadmaps to prioritize risks that are found,” Plater said. “We will continue to emphasize that you should not automatically trust traffic inside the perimeter and to authenticate, validate and verify every request.”

Article link: https://governmentciomedia.com/navy-release-cyber-readiness-devsecops-guidelines-ahead-zero-trust

By ALEXANDRA KELLEYJULY 19, 2022 04:32 PM ET

A new report from the White House points to advanced cloud technologies to help bolster artificial intelligence R&D at the federal level.

Federal agencies that want to successfully scale and implement cloud computing systems into existing infrastructure can do so through several key practices, including designating expert teams, two-factor authentication, and enhanced education opportunities among users. 

Outlined in a White House report published earlier this month, officials documented how cloud computing systems can support further federal research and development in artificial intelligence, a goal within the broader Biden administration.

Authored by the Machine Learning and Artificial Intelligence Subcommittee within the National Science and Technology Council, the report notes that leveraging cloud computing technology can enable better on-demand resources for researchers working with AI technologies. It went on to highlight opportunities for public agencies looking to bolster AI research efforts with advanced computing systems.

“Agencies that have undertaken early efforts to leverage commercial cloud computing resources to advance AI R&D have commonly experienced benefits to their investments in terms of providing internal and external researchers persistent, on-demand access to cutting-edge capabilities, accelerating experimentation and the use of AI in new domains, and enabling reproducibility and scalability of the research activities and results,” the report explains. 

Four best practices emerged from a survey of federal agencies adopting cloud computing for R&D purposes, the first being the designation of administrative teams to manage the implementation of cloud systems into existing infrastructure. These teams will also focus on providing training to other federal employees engaging with cloud computing to facilitate individual research goals.

The subcommittee recommended improving security features, namely two-factor authentication, as a baseline security measure and the second best practice. Further training assistance for employees and pre-computed workflows were also recommended among best practices to help employee access and prevent duplicate work.

The report also outlined common challenges agencies faced in adopting cloud computing technologies, particularly related to a lack of funding and staffing across departments. 

“Agencies have also encountered challenges relating to (1) the costs of data storage and access, complicating the ability for multiple teams to access shared data, and (2) ensuring that the users of a given cloud computing platform can locate and maintain awareness of data, experiments and results relevant to their work and interests,” the report stated. 

The report ultimately emphasized the need for a more specialized workforce, a common challenge many agencies face when working with emerging technologies. It suggested more federal investments in training resources for professionals at every level of cloud computing systems, including end users, cloud architects and data scientists.

“Workforce development has remained a critical limiting factor in the ability to adopt and scale cloud computing-based research efforts. Many federal employees have limited familiarity with cloud computing technologies, and few have industry certification on cloud computing systems,” the report said. “These limitations challenge both internal research efforts and the ability to provide guidance and resources to external researchers.”

Article link: https://www.nextgov.com/emerging-tech/2022/07/white-house-advocates-cloud-investment-path-artificial-intelligence/374663/

By WILLIAM D. EGGERSJULY 20, 2022 08:00 AM ET

President Biden wants to make it easier and more efficient to access critical government services. Here’s some ways to make that happen.

Organizing government services around life events has become increasingly popular worldwide. Late last year, President Joe Biden signed an executive order to bring life-event service delivery to citizens across the United States. 

The president’s directive reorganizes the delivery of government services around five specific life events for citizens, including retirement, having children, leaving the military, surviving natural disasters and navigating financial shocks. It represents a transformational and highly impactful mindset shift for government agencies who provide critical services to Americans.

https://html5-player.libsyn.com/embed/episode/id/23568989/height/90/theme/custom/thumbnail/yes/direction/forward/render-playlist/no/custom-color/000000/

Today, accessing federal resources around any significant life event requires American citizens to navigate a time-consuming and complex obstacle course of bureaucracy. The president’s executive order aims to make it easier and more efficient to access critical government services by streamlining digital entry points, improving the quality of information about vital programs and investing meaningful resources in federal technology modernization. It can significantly strengthen the way that government agencies do business and enhance the citizen experience. 

To achieve the goals outlined in the president’s directive, federal agencies will need to cooperate, share information and get their technology to better communicate – all while putting citizens, not agency convenience, at the center of their missions. Agencies can get there by embracing six key strategies:

1. Put users at the heart of service integration: The citizen must remain at the center of every design choice. Agency leaders should test each new digital service improvement by conducting interviews with citizens and identifying major pain points and sources of friction. Listening to feedback from everyday Americans will help agencies fine tune their services and enhance the citizen experience. 
2. Design a governance model that’s right for each agency: A multi-agency project must assign accountability and determine authority. The ideal governance model for a life-event-centered service model will allow government leaders to give different agencies responsibility for different segments of the citizen experience.
3. Incentivize agencies to work together through shared funding: To overworked federal staff, a whole-of-government approach can feel like an added responsibility. As one worker put it, “We’re going to be measured on our own performance, and not on cross-agency performance.” Funding mechanisms for shared responsibilities should provide appropriate incentives and give agencies more flexibility. 
4. Determine the right data-sharing and technology model: Sharing data makes it imperative for government computers to speak the same language. Shared Application Programming Interfaces (APIs) and shared data formats can help agencies collaborate. 
5. Prioritize privacy and data security: Seamless API integration can make data sharing easy. It must also make data sharing secure. Offering citizens an opportunity manage their information on one central and secure platform can provide more security than requiring citizens to enter their personal information on a dozen different applications. 
6. Prioritize user trust: Citizens won’t try new approaches unless they trust them. And secure data protections can help strengthen citizen trust in life-event service delivery. 

Each of these six strategies is mutually reinforcing. Focusing on the individual user informs an effective governance model. An effective governance model can efficaciously and efficiently distribute interagency funding. A safe API and data-sharing model ensures citizen privacy and data security. Citizens with a secure experience accessing government services will have more trust in government. And with more trust in government, agencies can continue to successfully serve the American people and fulfill their missions. 

The transformation to life-event service delivery won’t be easy. It requires behind-the-scenes wrangling – from getting different agency computer systems to better share data, to aligning funding models that incentivize collaboration. But these six strategies can help advance the shift.

Article link: https://www.nextgov.com/ideas/2022/07/six-strategies-transforming-citizen-service-delivery/374631/

William D. Eggers serves as the executive director of the Deloitte Center for Government Insights. A noted expert on government reform, he has authored numerous books, including: “Delivering on Digital,” “The Solution Revolution,” “If We Can Put a Man on the Moon” and “Governing by Network.” He recently testified before the Senate Committee on Homeland Security and Governmental Affairs on CX and life events-based service delivery.

By Jaspreet Gill on July 13, 2022 at 3:34 PM

WASHINGTON: The Air Force needs a strategy to get more out of its investments in its different “raindrops” of software factories, according to a former Pentagon official who said he also fears the service isn’t growing enough talent in those initiatives.

Ed Wilson, former deputy principal cyber advisor to the secretary of defense, said though he’s a “big fan” of the “software factories for DevSecOps,” and sees their continued growth, he questioned how the service could “gain a bit more efficiency at times.” DevSecOps refers to an approach that combines software development, cyber security and software operations.

“I’m not…for more bureaucracy, but we kind of have raindrops of software factories out there,” Wilson said at the America’s Future Space Innovation Summit on Tuesday. “Not all are created equal. There’s more success stories than others.”

He added his “fear would be we’re not growing enough talent that can be successful in those environments. And so I think we need to pay attention to that talent pool for the DevSecOps.”

The Air Force has a number of software factories tasked with developing and delivering new software spread throughout the country, including space-specific innovation hubs and platformONE, the Defense Department’s DevSecOps environment. In total, 29 software factories exist today across the military services.

Wilson’s comments appear echo some concerns that were addressed in a Pentagon-wide software modernization strategy released Feb. 2. That strategy called for harnessing all 29 factories and establishing an enterprise-level “ecosystem” in a move to more rapidly acquire and deliver software at speed.

RELATED: The Pentagon wants to turn its 29 software factories into one ‘ecosystem’

The goal of the modernization strategy is to have a centralized software hub that would help streamline control points for end-to-end software delivery and speed innovation into soldiers’ hands. It also warned that current DoD processes governing the way the department buys, implements and operates across missions can’t keep up with the changing pace of technology.

To Wilson’s comments about not growing enough talent, a major objective in the strategy calls for “advancing technical competencies,” or improving the workforce.

DoD wants to establish a “standard and dynamic inventory of baseline training and augment that training with investments in cross-Service, on-the-job apprenticeship programs and rotation opportunities,” according to the strategy.

Jason Weiss, DoD’s chief software officer, told reporters in February that the Pentagon had also created a task force under the Software Modernization Steering Group to recommend best practices and policy changes for the factories.

“We’re seeing lots of lessons learned start to percolate to the top and a lot of collaboration taking place through things like our DevSecOps community of practice,” Weiss said. “So it is a living and breathing ecosystem. And we are going to be looking at and listening to those software factories to determine what policy changes to prioritize and when to affect them.”

Article link: https://breakingdefense-com.cdn.ampproject.org/c/s/breakingdefense.com/2022/07/air-force-needs-more-efficiency-from-raindrop-software-factories-former-dod-cyber-official/amp/

The Biden administration has already hosted expansive summits on ransomware and open-source software security. Now it’s taking a similar approach in an attempt to tackle problems in the cybersecurity workforce.

On Tuesday, the White House will bring experts, private sector companies and federal agencies together to brainstorm around one of the most pressing challenges in cybersecurity: people or, more accurately, the lack of them.

The meeting will be led by National Cyber Director Chris Inglis and includes leadership from the Departments of Homeland Security, Commerce and Labor, as well as Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency; Anne Neuberger, White House deputy national security advisor for cyber and emerging technology; Susan Rice, director of the Domestic Policy Council; and James Kvaal, undersecretary of education.

While the total number varies depending on the source, most estimates peg the shortage of qualified cybersecurity workers in the hundreds of thousands. CyberSeek, a non-profit organization backed by the National Institute for Cybersecurity Education that maps job openings, currently flags more than 714,000 open or unfilled cybersecurity positions around the country. It’s a problem that impacts both governments and businesses alike and is happening as both sectors are attempting to coalesce around ambitious long-term plans to increase the resiliency of systems and data against nation-state and criminal hackers alike.

“With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressive. During the summit, participants will help chart a path toward a more secure future in which all Americans have the opportunity to raise the bar on cybersecurity through greater awareness, education, and training,” the White House said in the announcement. “The summit will also serve as a call to action — to ensure that all Americans can capitalize on the benefits of the digital domain and to ensure that our nation carries through on the positive opportunities ahead of us.”

A snapshot of open cybersecurity jobs around the country. (Source: CyberSeek)

They will be joined by executives from the private sector and experts from academia and the cyber community, though the White House says more announcements on that front are forthcoming. Thus far, SC Media has confirmed that Barbara Massa, executive vice president of business operations at Mandiant, will be in attendance, as will Heather Adkins, vice president of security engineering at Google. A Microsoft spokesperson declined to comment and directed SC Media to the White House.

The summit will focus on three core challenges that have kept the supply of cybersecurity talent from keeping up with demand. One is finding a way to better utilize trade schools, apprenticeships, community colleges and other non-traditional educational institutions to create new skill-based pathways into a cybersecurity career. Another will look at tapping into underserved and diverse communities, including women and people of color, who have long been underrepresented in the field and industry leaders are working to make the field more welcoming to other backgrounds.

Finally, the meeting will look at how to invest wisely in educational initiatives to ensure American workers are trained to succeed and stay secure in a digital economy, regardless of whether they work directly in cybersecurity or other fields. While more cyber practitioners are badly needed, a massive part of any organization’s attack surface comes from the actions and decisions of their non-cyber employees, who can often upend millions of dollars in security spending by clicking on a malicious link.

As Inglis put it earlier this year when discussing the need for fundamental skills up and down the workforce: “We don’t necessarily need to make [everyone] a python programmer —  but that we make them cyber aware.”

Boosting the national cyber workforce has been a long-held goal for the Biden administration as well as its predecessor, the Trump administration. There are few, if any, straightforward solutions to the problem, at least in the short-term. More and more of our national infrastructure is being put under the control or direction of potentially vulnerable software, or connected to the internet, where it’s within reach for state-backed or criminal hacking groups. But the often highly technical work needed to secure those systems is being carried out by an increasingly smaller proportion of the workforce.

There is no easy method to quickly teach or acclimate new workers the fundamentals of cybersecurity or the IT and networking principles that underpin them. That means that even as companies and agencies are desperate to fill open roles, they’re often not willing to put the security of their organization or its customers in the hands of a novice.

Some have questioned whether untrained or undertrained cybersecurity workers would ultimately be a net boon or drag on companies remains an active debate.

Jake Williams, a former hacker at the National Security Agency and current executive director of threat intelligence at Scythe, has argued that putting untrained or lightly trained cybersecurity workers on the job is irresponsible and wouldn’t be accepted in other fields where safety and competence are considered core priorities.

“Your airline pilot started in a single engine Cessna. Nobody called it gatekeeping. And before that, they learned lots of ‘mostly irrelevant’ facts in ground training,” Williams remarked last week on Twitter. “Cyber is one of the only fields where we pretend that skipping the basics is okay to put butts in seats.”

In an email, Williams told SC Media he thinks the government and military actually do a very good job of recruiting and training cyber employees but “for the commercial workforce, the situation is a bit more bleak.” That’s in part due to what Williams, who is also a senior instructor in digital forensics at the SANS Institute, characterized as the poor state of many commercial cybersecurity training programs that churn out degrees without ensuring that graduates are being properly schooled on the fundamentals of IT security that they require before they can be trusted with protecting an organization’s sensitive data.

“Those trying to break into the cybersecurity field, often lament that employers need to ‘be realistic about skills’ and ‘take a chance on someone with passion to learn.’ The unfortunate reality is that [small and medium-sized businesses], many of which are making their first security hire, simply cannot afford to hire people without a broader cross section of security knowledge and/or experience. This leaves a disconnect between expectations and reality for many cybersecurity bootcamp graduates.

Others have called for the country to respond with a mass mobilization effort to train a generation of cybersecurity workers and put them in a position to gain experience as they work. James Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies, said last month that the U.S. is not “serious” about solving the cyber workforce shortage and won’t get anywhere near closing the gap by relying on slower, more traditional means of education or training.

He drew a comparison to efforts by the U.S. military during World War II to train an entire generation of pilots to compete with Germany, Japan and others for dominance of the skies. There is no initiative on the part of policymakers to do something similar with cybersecurity, while shortages and competition with the private sector for qualified workers only continues to grow.

“You need to create a pipeline, you need to put untrained bodies at the front, and you need to have pilots come out the other end, and you need to do that at scale and we’re not doing that,” Lewis said.

Article link: https://www.scmagazine.com/editorial/analysis/careers/white-house-to-hold-summit-on-addressing-the-thousands-of-unfilled-cybersecurity-jobs?

By NATALIE ALMSJULY 12, 2022

Workforce, interoperability and governance all feature in the new goals set for the President’s Management Agenda.

The White House filled in some of the blanks on the President’s Management Agenda last Friday with an update on flexing federal procurement muscles to advance administration priorities like addressing climate change. 

“We can harness this collective power and make connections across the federal acquisition and financial assistance systems to strengthen the U.S. manufacturing base and support American workers, catalyze new solutions that address the climate crisis and enhance sustainability, and advance equity,” the document states.

The government oversees over $1.5 trillion in federal contracts and financial assistance annually, according to performance.gov.

One goal is to “create a diverse and resilient federal marketplace.” The administration has already set goals around increasing the number of awards given to small, disadvantaged businesses generally and minority-owned small disadvantaged businesses specifically.

The Office of Management and Budget also pins down interoperability and sharing of acquisition data and tools as a second goal, and building an “inspired, engaged acquisition workforce” as a third goal for procurement and acquisition.

An OMB spokesperson told FCW that acquisition workforce improvements could involve modernizing training and development, and pursuing pilots meant to “support user-friendly access to information to support decision-making by the Federal acquisition workforce.”

The second half of the “business of government” priority focuses on federal financial management, where the administration says it wants to further improve processes and “build capacity.”

The PMA website points to lessons learned from implementing the American Rescue Plan Act and the bipartisan Infrastructure Investment and Jobs Act as evidence that the time is ripe to make progress in managing government business on an enterprise level, as well as an “increasing federal focus on program and payment integrity.”

Success metrics and milestones for this area of the PMA – something the other two priorities of workforce and customer experience already have – will be published in the next update to performance.gov, according to a blog post accompanying the latest update.

Article link: https://www.nextgov.com/cxo-briefing/2022/07/white-house-updates-acquisition-business-government-priorities/374111/

July 12, 2022

Europe’s new Digital Services Act opens a new era in access to justice for disinformation and online hate. Americans should take a close look.

When victims face disinformation or online hate speech today, they enjoy little hope of redress. They are more likely to try to look away – closing their browser windows or leaving online spaces altogether – than to seek justice. Even when faced with illegal content such as defamation or harassment – situations in which legal grounds to go to court exist – few possess the financial or emotional resources to hire a lawyer and put pressure on a powerful platform. 

Europe’s Digital Services Act (DSA) changes this equation.  

It represents the first sustained attempt to modernize rules for online content in a democratic and rule-of-law environment. While preserving free speech, the DSA reinforces access to justice in content moderation decisions, imposing on platforms a variety of scaffolded transparency and accountability requirements.   

Among other changes, platforms must open an “internal complaint handling system” where users can submit complaints about content moderation decisions, both in cases of over-moderation (take downs) and under-moderation (when platforms decide not to act on reported content). When complaints contain sufficient grounds, the platform will need to reverse its decision.  

While many platforms already have procedures for reporting content and appealing content moderation decisions, their formulation, scope, and accountability vary, and our research shows that all have ample room for improvement. Disinformation and hate speech proliferate, while it is prohibitively challenging for people to appeal wrongful content moderation decisions.  

Consider LGBTQ+ hate. In their most recent report on ‘LGBTI-phobies’, the French NGO SOS Homophobie found once again that online environments remain the most prevalent spaces for anti-LGBTQ+ sentiment. At the same time, the NGO notes a decline in reporting, which they attribute to victims and witnesses’ frustrations with effective moderation and insufficient resources devoted to answering their complaints. 

Content moderation is particularly lacking in languages other than English. During her testimony before the US Congress, Facebook whistle-blower Frances Haugen revealed that 87% of misinformation spending by Facebook is on English-language content, but only about 9% of their users are English speakers. Even globally spoken languages like Spanish are neglected. In March 2021, a coalition of organizations launched the campaign #YaBastaFacebookcalling for better Facebook protection of Spanish-speakers. 

Facebook isn’t alone. Spanish YouTube and TikTok influencer Naim Darrechi claimed recently in a viral video that he had legally become a woman by filling out a simple form and that he could change sex to increase his welfare payments every six months. This is false: Spanish law offers no such right. Even now, this misogynistic and transphobic disinformation remains available online. 

In such cases – or when initial reporting and appeals processes fail –the DSA will provide the option of “out-of-court dispute settlement.” Independent bodies in different European countries will be established to deal with content moderation disputes. This option will be especially useful for dealing with ‘lawful but awful’ content such as LGBTQ+ hate, much of which would not have grounds to be brought to court under national laws. At the same time, the independent bodies’ decision will not be legally binding, so the justice system can still have the final say.

Another DSA innovation allows representation. Specialized organizations will be able to exercise the rights of individuals under the DSA on their behalf. This will be critical since victims and witnesses of hateful content may be hesitant to appeal content moderation decisions given the emotional or traumatic engagement they have suffered. 

The DSA is not just about Europe. It’s reasonable to expect that it will raise the bar globally: once a platform improves redress mechanisms in Europe, it would be logical to harmonize these policies and implement them for all their users. 

The DSA is set to enter into force in 2024 for all online platforms. It will come into force even earlier for so-called Very Large Online Platforms, those with more than 45 million European users. This gives platforms plenty of time to design and implement accessible, intuitive appeals systems – and to begin offering Europeans real access to justice online.

Article link: https://cepa.org/the-eus-rights-based-approach-against-disinformation/

Claire Pershan is Policy Coordinator for EU DisinfoLab, an independent non-profit organization focused on tackling disinformation.

by Todd C. Helmus

Related Topics:

Artificial Intelligence,

Data Analysis,

The Internet,

Media Literacy,

Social Media Analysis

DOWNLOAD FREE ELECTRONIC DOCUMENT

PDF file 2.4 MBTechnical Details »

The purpose of this Perspective is to provide policymakers an overview of the deepfake threat. It first reviews the technology undergirding deepfakes and associated artificial intelligence (AI)–driven technologies that provide the foundation for deepfake videos, voice cloning, deepfake images, and generative text. It highlights the threats deepfakes pose, as well as factors that could mitigate such threats. The paper then reviews the ongoing efforts to detect and counter deepfakes and concludes with an overview of recommendations for policymakers. This Perspective is based on a review of published literature on deepfake- and AI-disinformation technologies. Moreover, leading experts in the disinformation field contributed valuable insights that helped shape the work.

Article link: https://www.rand.org/pubs/perspectives/PEA1043-1.html

By PATIENCE WAITJULY 15, 2022

But it’s not yet open warfare.

During the four years between the 2016 and 2020 presidential elections, many cyber experts and pundits were concerned that Russia or other nation-states would evolve their ability to manipulate U.S. voter perceptions by migrating from social media memes to deepfakes. That emerging technology can be used by employing computer-altered images and video footage to denigrate candidates in some way, hurting their chances at the polls.

The RAND Corporation has released a new report, “Artificial Intelligence, Deepfakes, and Disinformation: A Primer,” that concludes “the potential for havoc is yet to be realized. For example, some commentators expressed confidence that the 2020 election would be targeted and potentially upended by a deepfake video. Although the deepfakes did not come, that does not eliminate the risk for future elections.”

The report identifies several reasons why deepfakes have not yet lived up to their threatening reputation, in particular that “well-crafted deepfakes require high-end computing resources, time, money and skill.”

Matthew Stamm, Ph.D., associate professor of electrical and computer engineering at Drexel University, has been working in the field of detecting fake media for about 15 years, and has contributed to the Defense Advanced Research Projects Agency’s programs on detection algorithms. He agrees that making outstanding deepfakes is not easy or cheap, but isn’t sure how much that matters in regard to their effectiveness.

“Over time [they] will improve,” he says. “But we also have to contend with another factor—we are predisposed to believe something that confirms our prior beliefs.”

Stamm cites as an example the doctored Nancy Pelosi video that ran rampant over social media during the summer of 2020, which made it appear that her speech was slurred—Speaker Pelosi is a teetotaler. It was not a sophisticated deepfake, he says—and he helped debunk it. The sound was just slowed down a little bit to make it seem as if she was impaired. But no matter how often it’s disproved by fact checkers or flagged by social media, plenty of people accept it as “fact.”

“You can often get the same result by using ‘cheapfakes,’ Stamm said. “You have to think about what’s your goal? You can spend a lot of time and money to create a very good deepfake that will last a long time, but is that your goal?”

While videos have, to date, garnered the most attention, the RAND report identifies other types of deepfakes that are easier to execute and have already shown their potential to cause harm. Voice cloning is one technique.

“In one example, the CEO of a UK-based energy firm reported receiving a phone call from someone who sounded like his boss at a parent company. At the instruction of the voice on the phone, which was allegedly the output of voice-cloning software, the CEO executed a wire transfer of €220,000—approximately $243,000—to the bank account of a Hungarian supplier.”

Another technique is creating deepfake images—the headshots that people use everywhere on social media. The report outlines the case of such an image placed on LinkedIn, “one that was part of a state-run espionage operation.” The deepfake was discovered in 2019, where it “was connected to a small but influential network of accounts, which included an official in the Trump administration who was in office at the time of the incident.”

The value of creating such deepfake images is that they aren’t detected by a reverse image search that looks for matches to original, verified images, the report observes.

The fourth form of deepfake identified in the report is generative text—using natural language computer models and AI to generate fake, but human-like, text. This would be valuable for operating social media bot networks that would not need human operators to create content. It also could be used to mass-produce fake news stories that would flood social media networks.

The report lists four key ways that deepfakes can be weaponized by adversaries or bad actors—manipulating elections; exacerbating social divisions; weakening trust in government institutions and authorities; and undermining journalism and other trustworthy information sources.

“These are large-scale social threats, but others are economic,” Stamm notes. “There have already been [cases] of audio deepfakes. There are a lot of highly criminal opportunities,” any of these deepfake methods could be used for.

The report identifies several approaches to mitigate the threat that deepfakes of all kinds pose to information integrity: detection, provenance, regulatory initiatives, open-source intelligence techniques, journalistic approaches and citizen media literacy.

Detection often gets the most attention, because most detection efforts are aimed at automated tools. DARPA has invested heavily in this area, first with its Media Forensics program that ended in 2021, and currently with its Semantic Forensics program.

But this is where the parallels to other kinds of escalation most apply. Think of the battle in cybersecurity to try to ever get ahead of hostile actors.

“Although detection capabilities have significantly improved over the past several years, so has the development of deepfake videos. The result is an arms race, which is decidedly in favor of those creating the deepfake content,” the report states. “One challenge is that as AI programs learn the critical cues associated with deepfake video content, those lessons are quickly absorbed into the creation of new deepfake content.”

Provenance is already being used in some ways. If you have ever noticed a small “i” enclosed in a circle on an image, it means the photographer used a secure mode on their smartphone to take the picture, which embeds critical information into the digital image’s metadata. “Although this technology is not a panacea for deepfakes, it does provide a way for the viewers of a photograph (or a video or recording) to gain confidence that an image has not been synthetically altered,” the report observes, but “the technology only works if it is enabled at the time the photo is taken, so promoting effective adoption of the technology will be critical.”

Stamm suggests that the Department of Defense and the Intelligence Community should consider wargaming different scenarios that could be brought about by successful deepfakes. The report suggests the same thing, recommending that government “conduct wargames and identify deterrence strategies that could influence the decision-making of foreign adversaries.”

“Dealing with fake information is one of the big challenges of the 21st century,” Stamm says. “In the 20th century it was cryptography, but now we live in a world where information sources are decentralized … We may not trust, but we still need to consume.”

Article link: https://www.nextgov.com/emerging-tech/2022/07/deepfake-arms-race-heating/374536/