At a Glance.
- The FCC bans scam robocalls using AI-generated voices.
- CISA launched a new program aimed at securing elections across the country.
The FCC votes to ban scam robocalls that use AI-generated voices.
The News.
In an update from a story from last week, the Federal Communications Commission (FCC) has announced that the agency is immediately outlawing scam robocalls that utilize fake, artificial intelligence (AI) voices. This vote occurred after reports emerged that AI deep fake robocalls impersonating President Biden were used to call New Hampshire voters and convince them to not vote in the primary election. Late last week, the FCC voted unanimously to classify unsolicited AI deepfake calls by recognizing those voices as “artificial” under the Telephone Consumer Protection Act.
The FCC’s chairwoman, Jessica Rosenworcel, stated that this vote is intended to put “the fraudsters behind these robocalls on notice.” With this vote, the FCC also announced that those who wish to send robocalls “must obtain prior express consent from the called party before making a call.” Additionally, authorities have linked the Biden deep fake robocalls to a Texas man and two companies in an ongoing investigation with potential civil and criminal penalties.
The Knowledge.
With the FCC updating the status of deepfake robocalls as “artificial,” the federal agency aims to begin directly addressing concerns surrounding both AI misuse as well as the large volume of robocalls targeting American citizens. While this update is not expected to have an immediate effect on deterring robocalls, it will enable the FCC to act faster and deter malicious actors.
This status update has also renewed calls to revise the Telephone Consumer Protection Act and increase the bill's regulations and fines. House Democrats recently introduced a new bill at the end of January, known as the Do Not Disturb Act, which would aim to strengthen existing restrictions on robocalls and telemarketing. While no further action has been taken on this act, the new legislation would close loopholes, increase penalties, and require the disclosure of AI usage during texting or phone call exchanges.
The Impact.
With this new update, the FCC has given itself the ability to target robocall scammers more effectively. While US citizens should not expect a noticeable decrease in the volume of spam calls, the action demonstrates the federal government's increased involvement in managing both AI and addressing the high volume of scam calls and texts within the US.
As federal oversight continues to grow, US citizens should expect bills, like the Do Not Disturb Act, to gain increased traction within Congress as well as government agencies to continue to increase their supervisory activities.
Threats to US election systems prompt federal and state cooperation.
The News.
Last Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) launched a new program designed to increase state election security. With this new program, CISA is looking to increase support to local offices and reassure voters that the upcoming 2024 elections will be secure and accurate. Eric Goldstein, CISA’s executive assistant director for cybersecurity, highlighted the importance of using these partnerships to secure elections from hostile foreign actors, naming nations China, Russia, Iran, and North Korea.
This new program will hire new staff and use them to assist in conducting cyber and physical security reviews for election offices that request the program's services. The agency’s director, Jen Easterly, announced that this new program will meet with state election directors in July to begin working to assess the US’s existing cybersecurity posture.
The Knowledge.
With this new program, CISA is aiming to address the growing concerns related to election security within the US. This new program has already been met with praise by state election officials as Karen Brinson Bell, the executive director of the North Carolina State Board of Elections, announced she had already spoken with CISA about getting increased support for her region. While the program has just started, its auditing efforts should provide state election officials with detailed information about what steps can be taken to improve election security.
This new program represents a growing need for increased election security across the US as malicious attackers have continued to target elections across the globe. A new Tidal Cyber cybersecurity election report was recently released discussing the state of election security worldwide. This report echoes Goldstein's comments that Russia, China, Iran, and North Korea are the four key adversaries using cyber election disinformation and espionage to disrupt electoral processes. Additionally, Tidal’s report highlighted nation-state hackers' various attack methodologies when targeting elections. These attack methodologies included social engineering attacks, identity-based attacks, defacement attacks, denial of service attacks, ransomware, insider threats, infrastructure attacks, and web application attacks.
The Impact.
While US elections will not occur for several months, citizens are already experiencing how attackers are attempting to target elections as seen with malicious attackers using deep fake robocalls in New Hampshire. As CISA launches this new program to help secure upcoming elections, citizens should stay informed and remain vigilant against potential election attackers, especially when related to social engineering and misinformation.
Additionally, US election officials should also take increased care over the next months to increase monitoring efforts and security systems to ensure that rival nation-state attackers are unable to compromise November’s elections. Concerned state officials should also look to attend CISA’s meeting in July to work with this new program to get audited and see where existing weak points may exist and what steps can be taken to secure their election processes better.
Other Noteworthy Stories.
Lawsuit against OpenAI was partially dismissed.
What: In California, a court has partially dismissed a copyright case that was filed against OpenAI by several authors who alleged that ChatGPT is pirating their work. The court ruled that it would dismiss all but the plaintiffs’ direct infringement claim.
Why: After this ruling, the court announced that it did not believe the plaintiff’s allegations of unlawful business practices and fraudulent conduct. While this case is still ongoing, several other lawsuits have been filed against both OpenAI and Microsoft for copyright infringement including those from both The New York Times and the Authors’ Guild. As these cases continue, AI developers could potentially face significant legal battles related to AI usage and copyright infringement.
UN experts investigate North Korea cyberattacks.
What: United Nations (UN) sanction monitors have announced that they are currently investigating dozens of suspected cyberattacks launched by North Korea. The UN estimates that these attacks have earned a combined three billion US dollars, which the North Korean government has used to further develop its nuclear weapons program.
Why: The UN has announced that it is investigating fifty-eight suspected North Korean cyberattacks that were aimed at targeting cryptocurrency-related companies between 2017 and 2023. The UN also announced that these attacks were used to target company supply chains, infrastructure, and tools. A full report is set to be released later this month or early next month that will further detail the UN’s findings. While further sanctions are considered to be unlikely as the issue has been deadlocked for several years, this reflects an ongoing issue on how to effectively hold nation-states accountable for their cyber attacks.
Mayor Bowser signs order outlining AI plan for DC government.
What: The District of Columbia’s (D.C.) Mayor Muriel Bowser, of the District of Columbia has signed an executive order that outlines her government’s plans to integrate artificial intelligence (AI) into local government agencies. Mayor Bowser’s plans to use AI to improve city services and increase efficiency as well as help the city government to better manage and analyze data.
Why: With this new announcement, the D.C. government marks a significant milestone with government bodies beginning to implement AI into their services. While concerns surrounding AI remain high, Mayor Bowser has also announced that she is creating an advisory group that will oversee how AI is being implemented within her government and ensure that it is being used in a safe, accountable, equitable, and sustainable manner. Additionally, in this initiative, each D.C. agency will create AI strategic plans over the next three years and create AI training plans.
Full Report: China’s Cyber Revenge Campaign.
What: In a comprehensive report released earlier this week, Sentinel Labs summarizes and analyzes how the Chinese government has been launching an offensive media campaign across the globe. Within the report, Sentinel Labs details how China has conducted its hostile cyber operations dating back several years and how the nation has only continued to increase its hostile activity both through cyber initiatives and media operations.
Why: Throughout this report, Sentinel Labs detailed how the People’s Republic of China (PRC) began to rapidly increase its hostile activities after a 2021 joint statement released by the US, United Kingdom, and European Union condemned China’s hostile behaviors in cyberspace.
Reportedly, the Chinese government took significant offense at the statement, which was followed by a notable rise in hostile cyberspace behaviors as well as launching its own media campaign to begin pushing various narratives surrounding US hacking operations. These narratives consistently discussed foreign espionage efforts specifically highlighting US hacking activities. However, despite the Chinese media publishing these narratives, these media outlets have not added any new analysis to their articles, rather recycling old content for propaganda purposes. This report additionally noted that in 2023, PRC media outlets began to spread new allegations of US hacking operations unrelated to past incidents; however, these claims are still unsubstantiated.