Featured Article – ‘Snake’ Ransomware, A Threat To Your Whole Network

Over the last couple of weeks, there have been reports of a new type of ransomware known as ‘Snake’ which can encrypt all the files stored on your computer network and on all the connected devices.

Discovered

Snake ransomware is so-called because it is the reverse order spelling of the ‘ekans’ file marker that it attaches to each file that it encrypts.  It was discovered by the MalwareHunterTeam and studied in detail by Vitali Kremez who is the Head of SentinelLabs and who describes himself as an “Ethical Hacker”, “Reverse Engineer” and “Threat Seeker”.

How Does It Infect Your Network?

Snake can be introduced to a computer network in infected email attachments (macros) e.g. phishing emails with attached Office or PDF documents, RAR or ZIP files, .exe files, JavaScript files, Trojans, torrent websites, unpatched public-facing software and malicious ads.

How Does Snake Operate?

As ransomware, the ultimate goal of the cybercriminals who are targeting (mainly) businesses with Snake is to lock away (through encryption) important files in order to force the victim to pay a ransom in order to release those files, with the hope of restoring systems to normal as the motivator to pay.

In the case of Snake, which is written in Go (also known as Golang), an open-source programming language that’s syntactically similar to C and provides cross-platform support, once it is introduced to an operating system e.g. after arriving in an email, it operates the following way:

– Firstly, Snake removes Shadow Volume Copies (backup copies or snapshots of files) and stops processes related to SCADA Systems (the supervisory control and data acquisition system that’s used for gathering and analysing real-time data). Snake also stops any Virtual Machines, Industrial Control Systems, Remote Management Tools, and Network Management Software.

– Next, Snake (relatively slowly) uses powerful AES-256 and RSA-2048 cryptographic algorithms to encrypt files and folders across the whole network and on all connected devices, while skipping files in the Windows system folders and system files.

– As part of the encryption process, and unlike other ransomware, Snake adds a random five-character string as a suffix to file extension names e.g. myfile.jpg becomes myfile.jpgBGyWl. Also, an “EKANS” file marker is added to each encrypted file.

Ransom Note

Lastly, Snake generates a ransom note named Fix-Your-Files.txt which is posted on the desktop of the victim.  This ransom note advises the victim that the only way to restore their files is to purchase a decryption tool which contains a private key that has been created specifically for their network and that, once run on an affected computer, it will decrypt all encrypted files.

The note informs the victim that in order to purchase the decryption software they must send an email to bapcocrypt@ctemplar.com which has up to 3 of the encrypted files from their computers attached, not databases or spreadsheets (up to 3MB size) so that the cybercriminals can send back decrypted versions as proof that the decryption software (and key) works on their files (and to encourage payment and restoration of business).

Timing

Snake allows cybercriminals to not only target chosen businesses network but also to choose the time of the attack and the time that encryption takes place could, therefore, be after hours, thereby making it more difficult for admins to control the damage caused by the attack. Also, cybercriminals can choose to install additional password-stealing trojans and malware infections together with the Snake ransomware infection.

What To Do If Infected

If your network is infected with Snake ransomware there is, of course, no guarantee that paying the ransom will mean that you are sent any decryption software by the cybercriminals and it appears unlikely that those who targeted your company to take your money would do anything other to help than just take that money and disappear.

Some companies on the web are offering Snake removal (for hundreds of dollars), and there are some recommendations that running Spyhunter anti-malware software on your systems may be one way to remove this particularly damaging ransomware.

Ransomware Protection

News of the severity of Snake is a reminder to businesses that protection from malware is vital.  Ways in which companies can protect themselves from falling victim to malware, including ransomware include:

– Staff education and training e.g. about the risks of and how to deal with phishing and other suspicious and malicious emails, and other threats where social engineering is involved.

– Ensuring that all anti-virus software, updates and patching are up to date.

– Staying up to date with malware and ransomware resources e.g. the ‘No More Ransom’ portal (https://www.nomoreransom.org/ ), which was originally released in English, is now available in 35 other languages, and thanks to the cooperation between more than 150 partners, provides a one-stop-shop of tools that can help to decrypt ransomware infections – see https://www.nomoreransom.org/en/decryption-tools.html.

– Making sure that there is a regular and secure backup of company data, important business file and folders.

– Developing (and communicating to relevant staff) and updating a Business Continuity and Disaster Recovery Plan.

Eating Lunch At Your Desk Brings Health Risks

Recent research by BUPA has highlighted how many UK workers don’t take a proper lunch break each day and end up risking their health and happiness and reducing their productivity by eating at their desks.

The Number

The research, which involved the study of the habits of 2,000 full-time workers revealed that almost two thirds (64 per cent) claim they are not always able to take their legally required 20-minute break when working six hours or more.  Also, only 29 per cent of employees said they take a full hour for lunch every day and only 28 per cent of workers said they never take a breather of any kind during the working day.

Working Lunch & Eating At The Desk

According to the research, with 45 per cent of employees not leaving the workplace during what should be lunchtime, and with one-third of employees (31 per cent) usually eating at their desk, this results in them having what is essentially just a working lunch as they have to respond to work calls (42 per cent) and to emails (40 per cent) while they’re eating at their desk.

Health (and Happiness) Risks

There are many health risks associated with not taking a proper lunch break and with having a ‘working lunch’ at the desk.  These include:

– Overeating due to distraction.  The ‘working lunch’ at the desk means that you don’t get/feel as full, which then leads to feeling hungry in the afternoon and then eating more.  This behaviour and its effects were studied and identified by researchers from the University of Surrey in 2012.

– Negative effects on health from sitting down most of the day.  Not taking a break, and not moving from your desk, let alone the workplace, can contribute to some serious health problems.  For example, a University of Leicester Study (2012) showed that sitting for long periods increases your risk of diabetes, heart disease and death and that this can be the case for people who meet typical physical activity guidelines.

– Staying seated at the desk for long periods during the day can cause tension in muscles, pain in joints, and can weaken hip and core muscles, which can, in turn, lead to other problems with muscles and joints.

– Increased stress levels can come from not having a break and from interruptions during eating.

– Risks from bacteria on the desk and on the keyboard (and phone) that can be exacerbated during eating and by dropping food particles from lunch at the desk.  For example, a Printerland survey (March 2018) showed that the average desk contains 400 times more germs than a toilet seat and that only a third of staff members follow guidelines about cleaning up their workplace, and one in 10 never clean their desks.

Productivity Affected

Not having a proper lunchbreak and detachment from work also affects the brain’s ability to effectively ‘reset’ and boost our attention and our body’s ability to refresh our energy.  This can lead to reduced productivity in the afternoon. It can also mean that we miss out on the inspiration, ideas, and clarity of thought (to potentially realise the solution to a work problem) that a break can deliver.

Happiness

With the reduced productivity, increased stress, and physical problems that staying at a desk to eat brings can come lower levels of satisfaction and happiness at work and a faster route to ‘burnout’.

Why?

It is thought that feeling obliged to eat at the desk by the work culture in the UK, being seen to be at your desk through fear of appearing absent or not committed to and part of the company, work and culture, and/or feeling too busy/overloaded with work are some of the reasons for these unhealthy work break (or no break) patterns.

What Does This Mean For Your Businesses?

It is understandable that businesses, particularly where customers come in, frequently phone, or where service is particularly urgent, always need to have staff available to deal with customers and enquiries during business hours.  This, however, can still be achieved by the planning of rotas and by encouraging staff to make arrangements to ensure that communications are covered fairly while allowing for fixed breaks for all staff members.

Some ways that businesses and organisations can help staff to look after themselves, and in doing so, look after the company and its productivity include encouraging their employees to take lunches away from their desk, creating a physical environment where employees can take themselves away from their desks, managers leading the way in the behaviour they want to see in the workplace and in encouraging a healthy break-taking culture.  Also, workers can help to improve their own health at work by walking around more (and perhaps placing a laptop on a filing cabinet so they have to stand), having standing meetings, reducing TV viewing time when not at work (to help offset any continuing unhealthy behaviours at work), scheduling lunches with friends or alone to ensure that they actually leave the office and are more productive on their return.

That said, the workload, management style and values and the work culture can have a strong influence on whether workers feel able and safe to take breaks, and managers need to authorise, endorse, and be seen to reward a break-taking culture for it to succeed and hopefully, benefit the business in the process.

EU Considers Ban on Facial Recognition

It has been reported that the European Commission is considering a ban on the use of facial recognition in public spaces for up to five years while new regulations for its use are put in place.

Document

The reports of a possible three to five-year ban come from an 18-page EC report, which has been seen by some major news distributors.

Why?

Facial recognition trials in the UK first raised the issues of how the technology can be intrusive, can infringe upon a person’s privacy and data rights, and how facial recognition technology is not always accurate.  These issues have also been identified and raised in the UK, For example:

– In December 2018, Elizabeth Denham, the UK’s Information Commissioner launched a formal investigation into how police forces used FRT after high failure rates, misidentifications and worries about legality, bias, and privacy. This stemmed from the trial of ‘real-time’ facial recognition technology on Champions League final day June 2017 in Cardiff, by South Wales and Gwent Police forces, which was criticised for costing £177,000 and yet only resulting in one arrest of a local man whose arrest was unconnected.

– Trials of FRT at the 2016 and 2017 Notting Hill Carnivals led to the Police facing criticism that FRT was ineffective, racially discriminatory, and confused men with women.

– In September 2018 a letter, written by Big Brother Watch (a privacy campaign group) and signed by more than 18 politicians, 25 campaign groups, and numerous academics and barristers highlighted concerns that facial recognition is being adopted in the UK before it has been properly scrutinised.

– In September 2019 it was revealed that the owners of King’s Cross Estate had been using FRT without telling the public, and with London’s Metropolitan Police Service supplying the images for a database.

– In December 2019, a US report showed that, after tests by The National Institute of Standards and Technology (Nist) of 189 algorithms from 99 developers, their facial recognition technology was found to be less accurate at identifying African-American and Asian faces, and was particularly prone to misidentifying African-American females.

Impact Assessment

The 18-page EC report is said to contain the recommendation that a three to five-year ban on the public use of facial recognition technology would allow time to develop a methodology for assessing the impacts of (and developing risk management measures for) the use of facial recognition technology.

Google Calls For AI To Be Regulated

The way in which artificial intelligence (AI) is being widely and quickly deployed before the regulation of the technology has had a chance a to catch up is the subject of recent comments by Sundar Pichai, the head of Google’s parent company, Alphabet’.  Mr Pichai (in the Financial Times) called for regulation with a sensible approach and for a set of rules for areas of AI development such as self-driving cars and AI usage in health.

What Does This Mean For Your Business?

It seems that there is some discomfort in the UK, Europe and beyond that relatively new technologies which have known flaws, and are of concern to government representatives, interest groups and the public are being rolled out before the necessary regulations and risk management measures have had time to be properly considered and developed.  It is true that facial recognition could have real benefits (e.g. fighting crime) which could have benefits for many businesses and that AI has a vast range of opportunities for businesses to save money and time plus innovating products, services and processes.  However, the flaws in these technologies, and their potential to be used improperly, covertly, and in a way that could infringe the rights of the public cannot be ignored, and it is likely to be a good thing in the long term, that time is taken and efforts are made now to address the issues of stakeholders and develop regulations and measures that could prevent bigger problems involving these technologies further down the line.

£100m Fines Across Europe In The First 18 Months of GDPR

It has been reported that since the EU’s General Data Protection Regulation (GDPR) came into force in May 2018, £100m of data protection fines have been imposed on companies and organisations across Europe.

The Picture In The UK

The research, conducted by law firm DLA Piper, shows that the total fines imposed in the UK by the ICO stands at £274,000, but this figure is likely to be much higher following the finalising of penalties to be imposed on BA and Marriott.  For example, Marriott could be facing a £99 million fine for data breach between 2014 and 2018 that, reportedly involved up to 383 million guests, and BA (owned by IAG) could be facing a record-breaking £183 million for a breach of its data systems last year that could have affected 500,000 customers.

Also, the DLA Piper research shows that although the UK did not rankly highly in terms of fines, the UK ranked third in the number of breach notifications, with 22,181 reports since May 2018.  This equates to a relative ranking of 13th for data breach notifications per 100,000 people in the UK.

Increased Rate of Reporting

On the subject of breach notifications, the research shows a big increase in the rate of reporting, with 247 reports per day over the six months of GDPR between May 2018 and January 2019, which rose to 278 per day throughout last year. This rise in reporting is thought to be due to a much greater (and increasing) awareness about GDPR and the issue of data breaches.

France and Germany Hit Hardest With Fines

The fines imposed in the UK under GDPR are very small compared to Germany where fines totalled 51.1 million euros (top of the table for fines in Europe) and France where 24.6 million euros in fines were handed out.  In the case of France, much of the figure of fines collected relates to one penalty handed out to Google last January.

Already Strict Laws & Different Interpretations

It is thought that businesses in the UK having to meet the requirements of the already relatively strict Data Protection Act 1998 (the bones of which proved not to differ greatly from GDPR) is the reason why the UK finds itself (currently) further down the table in terms of fines and data breach notifications per 100,000 people.

Also, the EU’s Data Protection Directive wasn’t adopted until 1995, and GDPR appears to have been interpreted differently across Europe because it is principle-based, and therefore, apparently open to some level of interpretation.

What Does This Mean For Your Business?

These figures show that a greater awareness of data breach issues, greater reporting of breaches, and increased activity and enforcement action by regulators across Europe are likely to contribute to more big fines being imposed over the coming year.  This means that businesses and organisations need to ensure that they stay on top of the issue of data security and GDPR compliance.  Small businesses and SMEs shouldn’t assume that work done to ensure basic compliance on the introduction of GDPR back in 2018 is enough or that the ICO would only be interested in big companies as regulators appear to be increasing the number of staff who are able to review reports and cases.  It should also be remembered, however, the ICO is most likely to want to advise, help and guide businesses to comply where possible.

Tech Tip – Clipboard History

If you’d like to see the history of all the things you’ve attached to your clipboard in Windows 10 there’s a fast and easy way to do it. To see and to manage your clipboard items:

– Hold down the Windows key + V.  This brings up the scrollable clipboard panel listing all the items you’ve copied.

– Click on an item to paste it into your current document.

– Click on the cross symbol to permanently delete an item from the clipboard.

– Click on the pin symbol to keep an item even when you clear your clipboard history (there is a link to clear the history) or when you restart your PC.

– This feature also allows syncing across other devices so you can paste items from your clipboard to your other devices when you sign in with a Microsoft or work account.

Featured Article – Windows 7 Deadline Now Passed

Microsoft’s Windows 7 Operating system and Windows Server 2008 formally and finally reached their ‘End of Life’ (end of support, security updates and fixes) earlier on Wednesday 14 January.

End of Life – What Now?

End of life isn’t quite as final as it sounds because Windows 7 will still run but support i.e. security updates and patches and technical support will no longer be available for it. If you are still running Windows 7 then you are certainly not alone as it still has a reported 27 per cent market share among Windows users (Statcounter).

For most Windows 7 users, the next action will be to replace (or upgrade) the computers that are running these old operating systems.  Next, there is the move to Windows 10 and if you’re running a licensed and activated copy of Windows 7, Windows 8 or Windows 8.1, Home or Pro, you can get it for free by :

>> going to the Windows 10 download website

>>  choosing to Create Windows 10 installation media

>> Download tool now and Run

>> Upgrade this PC now (if it’s just one PC –  for another machine choose ‘Create installation media for another PC’ and save installation files) and follow the instructions.   >> After installation, you can see your digital license for Windows 10 by going to Settings Update & Security > Activation.

Windows Server

Windows Server 2008 and Windows Server 2008 R2 have also now reached their end-of-life which means no additional free security updates on-premises or non-security updates and free support options, and no online technical content updates.

Microsoft is advising that customers who use Windows Server 2008 or Windows Server 2008 R2 products and services should migrate to its Microsoft Azure.

About Azure

For Azure customers, the Windows Virtual Desktop means that there’s the option of an extra three years of extended support (of critical and important security updates) as part of that package, but there may be some costs incurred in migrating to the cloud service.

Buying Extended Security Updates

‘Extended Security Updates’ can be also purchased by customers with active Software Assurance for subscription licenses for 75% of the on-premises annual license cost, but this should only really be considered as a temporary measure to ease the transition to Windows 10, or if you’ve simply been caught out by the deadline.

Unsupported Devices – Banking & Sensitive Data Risk

One example of the possible risks of running Windows 7 after its ‘end-of-life’ date has been highlighted by the National Cyber Security Centre (NCSC), the public-facing part of GCHQ.  The NCSC has advised Windows 7 users to replace their unsupported devices as soon as possible and to move any sensitive data to a supported device.  Also, the NCSC has advised Windows 7 users to not use unsupported devices for tasks such as accessing bank and other sensitive accounts and to consider accessing email from a different device.

The NCSC has pointed out that cyber-criminals began targeting Windows XP immediately after extended support ended in 2015. It is likely, therefore, that the same thing could happen to Windows 7 users.

Businesses may wish to note that there have already been reports (in December) of attacks on Windows 7 machines in an attempt to exploit the EternalBlue vulnerability which was behind the serious WannaCry attacks.

Windows 7 History

Windows 7 was introduced in 2009 as an upgrade in the wake of the much-disliked Windows Vista.  Looking back, it was an unexpected success in many ways, and looking forward, if you’re one of the large percentage of Windows users still running Windows 7 (only 44% are running Windows 10), you may feel that you’ve been left with little choice but to move away from the devil you know to the not-so-big-bad Windows 10.

Success For Microsoft

Evolving from early codename versions such as “Blackcomb”, “Longhorn,” and then “Vienna” (in early 2006), what was finally named as Windows 7 in October 2008 proved to be an immediate success on its release in 2009.  The update-turned Operating System, which was worked upon by an estimated 1,000 developers clocked-up more than 100 million sales worldwide within the first 6 months of its release. Windows 7 was made available in 6 different editions, with the most popularly recognised being the Home Premium, Professional, and Ultimate editions.

Improvement

Windows 7 was considered to be a big improvement upon Windows Vista which, although achieving some impressive usage figures (still lower than XP though) came in for a lot of criticism for its high system requirements, longer boot time and compatibility problems with pre-Vista hardware and software.

Some of the key improvements that Windows 7 brought were the taskbar and a more intuitive feel, much-improved performance, and fewer annoying User Account Control popups. Some of the reasons for switching to Windows 7 back in 2009 were that it had been coded to support most pieces of software that ran on XP, it could automatically install device drivers, the Aero features provided a much better interface, it offered much better hardware support, the 64-bit version of Windows 7 could handle a bigger system memory, and the whole Operating System had a better look and feel.

Embracing the Positive

It may even be the case that in the process of worrying about the many complications and potential challenges of migrating to Windows 10 you haven’t allowed yourself to focus on the positive aspects of the OS such as a faster and more dynamic environment and support for important business software like Office 365 and Windows server 2016.

What To Do Now

The deadline to the end of support/end of life for Windows 7 has now passed and the key factor to remember is that Windows 7 (and your computers running Windows 7) is now exposed to any new risks that come along. If you have been considering some possible OS alternatives to Windows 10, these could bring their own challenges and risks and you may now have very limited time to think about them. Bearing in mind the targeting of Windows XP immediately at the end of its extended support (in 2015), we may reasonably expect similar targeting of Windows 7 which makes the decision to migrate more pressing.

For most businesses, the threat of no more support now means that continuing to run Windows 7 presents a real risk to the business e.g. from every new hacking and malware attack, and as the NCSC has highlighted, there is a potentially high risk in using devices running Windows 7 for anything involving sensitive data and banking.

If you choose to upgrade to Windows 10 on your existing computers, you will need to consider factors such as the age and specification of those computers, and there are likely to be costs involved in upgrading existing computers.  You may also be considering (depending on the size/nature of your business and your IT budget) the quick solution of buying new computers with Windows 10 installed, and in addition to the cost implications, you may also be wondering how and whether you can use any business existing systems or migrate any important existing data and programs to this platform.  The challenge now, however, is that time has officially run out in terms of security updates and support so, the time to make the big decisions has arrived.

Want A Walkie-Talkie? Now You Can Use Your Phone and MS Teams

Microsoft has announced that it is introducing a “push-to-talk experience” to its ‘Teams’ collaborative platform that turns employee or company-owned smartphones and tablets into walkie-talkies.

No Crosstalk or Eavesdropping

The new ‘Walkie Talkie’ feature will offer clear, instant and secure voice communication over the cloud.  This means that it will not be at risk from traditional analogue (unsecured network) walkie-talkie problems such as crosstalk or eavesdropping, and Microsoft says that because Walkie Talkie works over Wi-Fi or cellular data, it can also be used across geographic locations.

Teams Mobile App

The Walkie Talkie feature can be accessed in private preview in Teams in the first half of this year and will be available in the Teams mobile app.  Microsoft says that Walkie Talkie will also integrate with Samsung’s new Galaxy XCover Pro enterprise-ready smartphone for business.

Benefits

The main benefits of Walkie Talkie are making it easier for firstline workers to communicate and manage tasks as well as reducing the number of devices employees must carry and lowering IT costs.

One Better Than Slack

Walkie Talkie also gives Teams another advantage over its increasingly distant rival Slack, which doesn’t currently have its own Walkie Talkie-style feature, although things like spontaneous voice chat can be added to Slack with Switchboard.

Last month, Microsoft announced that its Teams product had reached the 20 million daily active users (and growing) mark, thereby sending Slack’s share price downwards.

Slack, which has 12 million users (a number which has increased by 2 million since January 2019) appears to be falling well into second place in terms of user numbers to Teams in the $3.5 billion chat-based collaborative working software market.  However, some tech commentators have noted that Slack has stickiness and strong user engagement and that its main challenge is that although large companies in the US use it and like it, they currently have a free version, so Slack will have to convince them to upgrade to the paid-for version if it wants to start catching up with Teams

Apple Watch Walkie-Talkie App

Apple Watch users (Series 1 or later with watch OS 5.3 or later, not in all countries though) have been able to use a ‘Walkie-Talkie’ app since October last year.

What Does This Mean For Your Business?

For businesses using Microsoft Teams, the new Walkie Talkie feature could be a cost-saving and convenient tool for firstline workers, and the fact that it integrates Samsung’s new Galaxy XCover Pro will give it even more value for businesses.

For Microsoft, the new Walkie Talkie feature, along with 7 other recently announced new tools for Teams focused firmly on communication and task management for firstline workers are more ways that Teams can gain a competitive advantage over rival Slack, and increase the value of Office 365 to valuable business customers.

Facebook Bans Deepfake Videos

In a recent blog post, ahead of the forthcoming US election, Monika Bickert, Vice President, of Facebook’s Global Policy Management has announced that the social media giant is banning deepfakes and “all types of manipulated media”.

Not Like Last Time

With the 59th US presidential election scheduled for Tuesday, November 3, 2020, Facebook appears to be taking no chances after the trust-damaging revelations around unauthorised data sharing with Cambridge Analytica, and the use of the platform by foreign powers such as Russia in an attempt to influence the outcome of the 2016 election of Donald Trump.

The fallout of the news that 50 million Facebook profiles were harvested as early as 2014 in order to build a software program that could predict and use personalised political adverts to influence choices at the ballot box in the last U.S. election includes damaged trust in Facebook, a substantial fine, plus a fall in the number of daily users in the United States and Canada for the first time in its history.

Deepfakes

One of the key concerns to Facebook this time around appears to be so-called ‘deepfake’ videos.  These use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create very convincing videos of the subjects saying and doing whatever the video-maker wants them to. These videos could obviously be used to influence public thinking about political candidates, and as well as having an influence in election results, it would be very damaging for Facebook, which has been very public about trying to rid itself of ‘fake news’ and not to be seen as a platform for the easy distribution of deepfake videos.  No doubt Facebook’s CEO Mark Zuckerberg would like to avoid having to appear before Congress again to answer questions about his company’s handling of personal data, as he had to back in April 2018.

The New Statement From Facebook

This latest blog post statement from Facebook says that as a matter of policy, it will now remove any misleading media from its platform if the media meets two criteria, which are:

  • If it has been synthesised i.e. more than just adjustments for clarity or quality to the point where the ‘average person’ could be misled into thinking the subject of the media/video is saying words that they did not actually say, and…
  • If the media is the product of artificial intelligence or machine learning that has merged, replaced or superimposed content onto a video, in order to make it appear to be authentic.

Not Satire

Facebook has been careful to point out that this policy change will not affect content that is clearly intended to be parody or satire, or videos that have been edited just to omit or change the order of the words featured in them.

Existing Policies

Any media posted to Facebook is subject to the social media giant’s existing comply-or-be-removed ‘Community Standards’ policies which cover, among other things, voter suppression and hate speech.

What Will Happen?

Facebook says that any videos that don’t meet its standards for removal are still eligible for review by one its independent third-party fact-checkers (which include 50+ partners worldwide) and that any photos or videos rated as false or partly false (by a fact-checker) will have its distribution “significantly” reduced in News Feed and will be rejected if it’s being run as an ad. Also, those who see it and try to share it, or have already shared it, will be shown warnings alerting them that it’s false.

Measures

Facebook has taken many measures to ensure that it is not seen as a platform that can’t be trusted with user data or as a distributor of fake news.  For example:

– In January 2019 Facebook announced (in the UK) that it was working with London-based, registered charity ‘Full Fact’ to review stories, images and videos, in an attempt to tackle misinformation that could “damage people’s health or safety or undermine democratic processes”.

– In September 2019, Facebook launched its Deep Fake Detection Challenge, with $10 million in grants and with a cross-sector coalition of organisations in order to encourage the production of tools to detect deepfakes.

– In October 2019, Facebook launched the ‘News’ tab on its mobile app to direct users to unbiased, curated articles from credible sources in a bid to publicly combat fake news and help restore trust in its own brand.

– Facebook has partnered with Reuters to produce a free online training course to help newsrooms worldwide to identify deepfakes and manipulated media.

Criticism

Despite this recent announcement of policy change to help eradicate deepfakes from its platform, Facebook has been criticised by some commentators for appearing to allow some videos which some could describe as misinformation in certain situations (apparently of its choosing).  For example, Facebook has said that content that violates its policies could be allowed if it is deemed newsworthy e.g. presumably, the obviously doctored videos of Labour’s Keir Starmer and US House Speaker Nancy Pelosi.

What Does This Mean For Your Business?

Clearly, any country would like to guard against outside influence in its democratic processes and the deliberate spread of misinformation, and bearing in mind the position of influence that Facebook has, it is good for everyone that it is taking responsibility and trying to block obvious attempts to spread misinformation by altering its policies and working with other organisations. Businesses that use Facebook as an advertising platform also need to know that Facebook users have trust in (and will continue to use) that platform (and see their adverts) so it’s important to businesses that Facebook is vigilant and takes action where it can.  Also, by helping to protect the democratic processes of the countries it operates in, particularly in the US at the time of and election (and bearing in mind what happened last time), it is in Facebook’s own interest to protect its brand against any accusations of not allowing political influence through a variety of media on its platform, and any further loss of trust by its public. This change of policy also shows that Facebook is trying to show readiness to deal with the most up to date threat of deepfakes (even though they are relatively rare).

That said, Google and Twitter (with its new restrictions on micro-targeting for example), have both been very public about trying to stop all lies in political advertising on their platforms, but Facebook has just been criticised by the IPA over its decision not to ban political ads that are using micro-targeting and spurious claims to sway the opinions of voters.

Facebook Bans Deepfake Videos

In a recent blog post, ahead of the forthcoming US election, Monika Bickert, Vice President, of Facebook’s Global Policy Management has announced that the social media giant is banning deepfakes and “all types of manipulated media”.

Not Like Last Time

With the 59th US presidential election scheduled for Tuesday, November 3, 2020, Facebook appears to be taking no chances after the trust-damaging revelations around unauthorised data sharing with Cambridge Analytica, and the use of the platform by foreign powers such as Russia in an attempt to influence the outcome of the 2016 election of Donald Trump.

The fallout of the news that 50 million Facebook profiles were harvested as early as 2014 in order to build a software program that could predict and use personalised political adverts to influence choices at the ballot box in the last U.S. election includes damaged trust in Facebook, a substantial fine, plus a fall in the number of daily users in the United States and Canada for the first time in its history.

Deepfakes

One of the key concerns to Facebook this time around appears to be so-called ‘deepfake’ videos.  These use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create very convincing videos of the subjects saying and doing whatever the video-maker wants them to. These videos could obviously be used to influence public thinking about political candidates, and as well as having an influence in election results, it would be very damaging for Facebook, which has been very public about trying to rid itself of ‘fake news’ and not to be seen as a platform for the easy distribution of deepfake videos.  No doubt Facebook’s CEO Mark Zuckerberg would like to avoid having to appear before Congress again to answer questions about his company’s handling of personal data, as he had to back in April 2018.

The New Statement From Facebook

This latest blog post statement from Facebook says that as a matter of policy, it will now remove any misleading media from its platform if the media meets two criteria, which are:

  • If it has been synthesised i.e. more than just adjustments for clarity or quality to the point where the ‘average person’ could be misled into thinking the subject of the media/video is saying words that they did not actually say, and…
  • If the media is the product of artificial intelligence or machine learning that has merged, replaced or superimposed content onto a video, in order to make it appear to be authentic.

Not Satire

Facebook has been careful to point out that this policy change will not affect content that is clearly intended to be parody or satire, or videos that have been edited just to omit or change the order of the words featured in them.

Existing Policies

Any media posted to Facebook is subject to the social media giant’s existing comply-or-be-removed ‘Community Standards’ policies which cover, among other things, voter suppression and hate speech.

What Will Happen?

Facebook says that any videos that don’t meet its standards for removal are still eligible for review by one its independent third-party fact-checkers (which include 50+ partners worldwide) and that any photos or videos rated as false or partly false (by a fact-checker) will have its distribution “significantly” reduced in News Feed and will be rejected if it’s being run as an ad. Also, those who see it and try to share it, or have already shared it, will be shown warnings alerting them that it’s false.

Measures

Facebook has taken many measures to ensure that it is not seen as a platform that can’t be trusted with user data or as a distributor of fake news.  For example:

– In January 2019 Facebook announced (in the UK) that it was working with London-based, registered charity ‘Full Fact’ to review stories, images and videos, in an attempt to tackle misinformation that could “damage people’s health or safety or undermine democratic processes”.

– In September 2019, Facebook launched its Deep Fake Detection Challenge, with $10 million in grants and with a cross-sector coalition of organisations in order to encourage the production of tools to detect deepfakes.

– In October 2019, Facebook launched the ‘News’ tab on its mobile app to direct users to unbiased, curated articles from credible sources in a bid to publicly combat fake news and help restore trust in its own brand.

– Facebook has partnered with Reuters to produce a free online training course to help newsrooms worldwide to identify deepfakes and manipulated media.

Criticism

Despite this recent announcement of policy change to help eradicate deepfakes from its platform, Facebook has been criticised by some commentators for appearing to allow some videos which some could describe as misinformation in certain situations (apparently of its choosing).  For example, Facebook has said that content that violates its policies could be allowed if it is deemed newsworthy e.g. presumably, the obviously doctored videos of Labour’s Keir Starmer and US House Speaker Nancy Pelosi.

What Does This Mean For Your Business?

Clearly, any country would like to guard against outside influence in its democratic processes and the deliberate spread of misinformation, and bearing in mind the position of influence that Facebook has, it is good for everyone that it is taking responsibility and trying to block obvious attempts to spread misinformation by altering its policies and working with other organisations. Businesses that use Facebook as an advertising platform also need to know that Facebook users have trust in (and will continue to use) that platform (and see their adverts) so it’s important to businesses that Facebook is vigilant and takes action where it can.  Also, by helping to protect the democratic processes of the countries it operates in, particularly in the US at the time of and election (and bearing in mind what happened last time), it is in Facebook’s own interest to protect its brand against any accusations of not allowing political influence through a variety of media on its platform, and any further loss of trust by its public. This change of policy also shows that Facebook is trying to show readiness to deal with the most up to date threat of deepfakes (even though they are relatively rare).

That said, Google and Twitter (with its new restrictions on micro-targeting for example), have both been very public about trying to stop all lies in political advertising on their platforms, but Facebook has just been criticised by the IPA over its decision not to ban political ads that are using micro-targeting and spurious claims to sway the opinions of voters.

.ORG Silence Continues After ICANN Imposes Temporary Sale Halt

Internet companies are still none-the-wiser about the details of the proposed sale of the .org registry to private equity firm Ethos Capital following DNS overseer ICANN putting a temporary halt on the sale back on 9 December.

What Sale?

The rights to the .org domain registry, one of the largest internet registries in the world, with over 10 million names, was/is due to be sold by ISOC (aka the Internet Society), the parent company of PIR (the organisation that currently runs it) for an as-yet-undisclosed sum to Ethos Capital.

Always Not For Profit

The relatively sudden announcement of the sale caused shock and some dismay within the industry over the thought that a registry that has held its non-profit status since 2003 will now be ending up in private hands. Historically, .org domains have always been the outward sign of non-profit organisations.

About Ethos

Some industry commentators have also expressed concern about the lack of knowledge within the industry about Ethos Capital, and some worries have, therefore, been expressed about how qualified and able they may be to manage the .org registry.

Other Criticism

Other criticisms about the sale, which have been voiced online include:

– Suspicion about possible conflicts of interest e.g. around Fadi Chehade, a former CEO of ICANN who is credited by some with encouraging a free-market approach to internet addresses, and who some appear to believe is connected to Ethos Capital.

– After ICANN lifted the price caps on .org domains for the next 10 years (allowing unlimited price increases on the millions of .org domain names) many high-profile non-profit organisations have rejected ICANN’s claim that the move was simply to make the process consistent with the base form registry agreement and have accused ICANN of disregarding the public interest in favour of ICANN’s own administrative convenience.

– Worries that ICANN’s decision to approve the proposed sale may have been subject to bias and may not have reflected the true strength of feeling against the sale.

– Concerns were even expressed by those who supported the proposal e.g. ICANN’s At Large Advisory Committee (ALAC) and Non-Commercial Stakeholder Group (NCSG).

– Anger that ICANN appeared to move ahead with the decision to lift caps without any explanation, and that there still appears to be a level of secrecy surrounding the sale.

– Suspicion by some that the deal has long been the subject of informal discussion among key players.

Temporary Halt

A temporary halt was placed on the proposed sale of the .org Registry right to Ethos Capital in early December and since then, the Packet Clearing House (PCH) has argued (in a letter to ICANN) that the sale and move to non-profit status would mean less money being spent on .org’s operational costs, and could affect stability and could disrupt “critical real-time functions” of organisations using .org domains.

Silence

There is now a sense of frustration from many parties in the industry over the apparent silence, and the distinct lack of information since the temporary halt was placed on the sale.

What Does This Mean For Your Business?

There are many important organisations that use .org domains e.g. air traffic control, and these, as well as the 10 million others who have .org domains, will be concerned not just about the possible price rises of .orgs due to the lifting of the price cap, but also about the possible disruption and instability that the sale of this kind could cause.

There also appears to be a good deal of anger, concern, and unanswered questions in the Internet market about the decision to sell and the details of the sale, as well as apparent feelings of a possible lack of transparency and feelings that things may possibly have been rushed through with important arguments against the sale not being adequately addressed. That said, ICANN must have seen good enough reason to put a temporary halt on the sale, for the time being.

It remains to be seen exactly what happens next but in the interests of the industry and .org owners, the hope is that there will more communication, information and transparency very soon.

Tech Tip – Tidy & Focused

If you’d like to quickly clean up a messy desktop in Windows 10, and if you’d like to stay focused by clearing away all open apps except for the one you’re working on, here’s how:

To hide desktop icons quickly:

– Press and hold (or right-click) the desktop.

– Select ‘View’ and ‘Show desktop icons’ – this will clear the desktop.

To get the desktop icons back, select ‘Show desktop icons’.

– To clear your workspace of all open apps except the one you’re working on:

– Select and hold the window you want to stay open.

– Give your mouse (or finger) a back-and-forth shake.

– All the other open apps will automatically minimise.