Connect with us

Technology

‘A catastrophic failure’: computer scientist Hany Farid on why violent videos circulate on the internet | Social media

Voice Of EU

Published

on

In the aftermath of yet another racially motivated shooting that was live-streamed on social media, tech companies are facing fresh questions about their ability to effectively moderate their platforms.

PaytonGendron, the 18-year-old gunman who killed 10 people in a largely Black neighborhood in Buffalo, New York, on Saturday, broadcasted his violent rampage on the video-game streaming service Twitch. Twitch says it took down the video stream in mere minutes, but it was still enough time for people to create edited copies of the video and share it on other platforms including Streamable, Facebook and Twitter.

So how do tech companies work to flag and take down videos of violence that have been altered and spread on other platforms in different forms – forms that may be unrecognizable from the original video in the eyes of automated systems?

On its face, the problem appears complicated. But according to Hany Farid, a professor of computer science at UC Berkeley, there is a tech solution to this uniquely tech problem. Tech companies just aren’t financially motivated to invest resources into developing it.

Farid’s work includes research into robust hashing, a tool that creates a fingerprint for videos that allows platforms to find them and their copies as soon as they are uploaded. The Guardian spoke with Farid about the wider problem of barring unwanted content from online platforms, and whether tech companies are doing enough to fix the problem.

This interview has been edited for length and clarity. Twitch, Facebook and YouTube did not immediately respond to a request for comment.

Twitch says that it took the Buffalo shooter’s video down within minutes, but edited versions of the video still proliferated, not just on Twitch but on many other platforms. How do you stop the spread of an edited video on multiple platforms? Is there a solution?

It’s not as hard a problem as the technology sector will have you believe. There’s two things at play here. One is the live video, how quickly could and should that have been found and how we limit distribution of that material.

The core technology to stop redistribution is called “hashing” or “robust hashing” or “perceptual hashing”. The basic idea is quite simple: you have a piece of content that is not allowed on your service either because it violated terms of service, it’s illegal or for whatever reason, you reach into that content, and extract a digital signature, or a hash as it’s called.

This hash has some important properties. The first one is that it’s distinct. If I give you two different images or two different videos, they should have different signatures, a lot like human DNA. That’s actually pretty easy to do. We’ve been able to do this for a long time. The second part is that the signature should be stable even if the content is being modified, when somebody changes say the size or the color or adds text. The last thing is you should be able to extract and compare signatures very quickly.

So if we had a technology that satisfied all of those criteria, Twitch would say, we’ve identified a terror attack that’s being live-streamed. We’re going to grab that video. We’re going to extract the hash and we are going to share it with the industry. And then every time a video is uploaded with the hash, the signature is compared against this database, which is being updated almost instantaneously. And then you stop the redistribution.

How do tech companies respond right now and why isn’t it sufficient?

It’s a problem of collaboration across the industry and it’s a problem of the underlying technology. And if this was the first time it happened, I’d understand. But this is not, this is not the 10th time. It’s not the 20th time. I want to emphasize: no technology’s going to be perfect. It’s battling an inherently adversarial system. But this is not a few things slipping through the cracks. Your main artery is bursting. Blood is gushing out a few liters a second. This is not a small problem. This is a complete catastrophic failure to contain this material. And in my opinion, as it was with New Zealand and as it was the one before then, it is inexcusable from a technological standpoint.

But the companies are not motivated to fix the problem. And we should stop pretending that these are companies that give a shit about anything other than making money.

Talk me through the existing issues with the tech that they are using. Why isn’t it sufficient?

I don’t know all the tech that’s being used. But the problem is the resilience to modification. We know that our adversary – the people who want this stuff online – are making modifications to the video. They’ve been doing this with copyright infringement for decades now. People modify the video to try to bypass these hashing algorithms. So [the companies’] hashing is just not resilient enough. They haven’t learned what the adversary is doing and adapted to that. And that is something they could do, by the way. It’s what virus filters do. It’s what malware filters do. [The] technology has to constantly be updated to new threat vectors. And the tech companies are simply not doing that.

Why haven’t companies implemented better tech?

Because they’re not investing in technology that is sufficiently resilient. This is that second criterion that I described. It’s easy to have a crappy hashing algorithm that sort of works. But if somebody is clever enough, they’ll be able to work around it.

When you go on to YouTube and you click on a video and it says, sorry, this has been taken down because of copyright infringement, that’s a hashing technology. It’s called content ID. And YouTube has had this technology forever because in the US, we passed the DMCA, the Digital Millennium Copyright Act that says you can’t host copyright material. And so the company has gotten really good at taking it down. For you to still see copyright material, it has to be really radically edited.

So the fact that not a small number of modifications passed through is simply because the technology’s not good enough. And here’s the thing: these are now trillion-dollar companies we are talking about collectively. How is it that their hashing technology is so bad?

These are the same companies, by the way, that know just about everything about everybody. They’re trying to have it both ways. They turn to advertisers and tell them how sophisticated their data analytics are so that they’ll pay them to deliver ads. But then when it comes to us asking them, why is this stuff on your platform still? They’re like, well, this is a really hard problem.

The Facebook files showed us that companies like Facebook profit from getting people to go down rabbit holes. But a violent video spreading on your platform is not good for business. Why isn’t that enough of a financial motivation for these companies to do better?

I would argue that it comes down to a simple financial calculation that developing technology that is this effective takes money and it takes effort. And the motivation is not going to come from a principled position. This is the one thing we should understand about Silicon Valley. They’re like every other industry. They are doing a calculation. What’s the cost of fixing it? What’s the cost of not fixing it? And it turns out that the cost of not fixing is less. And so they don’t fix it.

Why is it that you think the pressure on companies to respond to and fix this issue doesn’t last?

We move on. They get bad press for a couple of days, they get slapped around in the press and people are angry and then we move on. If there was a hundred-billion-dollar lawsuit, I think that would get their attention. But the companies have phenomenal protection from the misuse and the harm from their platforms. They have that protection here. In other parts of the world, authorities are slowly chipping away at it. The EU announced the Digital Services Act that will put a duty of care [standard on tech companies]. That will start saying, if you do not start reining in the most horrific abuses on your platform, we are going to fine you billions and billions of dollars.

[The DSA] would put pretty severe penalties for companies, up to 6% of global profits, for failure to abide by the legislation and there’s a long list of things that they have to abide by, from child safety issues to illegal material. The UK is working on its own digital safety bill that would put in place a duty of care standard that says tech companies can’t hide behind the fact that it’s a big internet, it’s really complicated and they can’t do anything about it.

And look, we know this will work. Prior to the DMCA it was a free-for-all out there with copyright material. And the companies were like, look, this is not our problem. And when they passed the DMCA, everybody developed technology to find and remove copyright material.

It sounds like the auto industry as well. We didn’t have seat belts until we created regulation that required seat belts.

That’s right. I’ll also remind you that in the 1970s there was a card called a Ford Pinto where they put the gas tank in the wrong place. If somebody would bump into you, your car would explode and everybody would die. And what did Ford do? They said, OK, look, we can recall all the cars, fix the gas tank. It’s gonna cost this amount of dollars. Or we just leave it alone, let a bunch of people die, settle the lawsuits. It’ll cost less. That’s the calculation, it’s cheaper. The reason that calculation worked is because tort reform had not actually gone through. There were caps on these lawsuits that said, even when you knowingly allow people to die because of an unsafe product, we can only sue you for so much. And we changed that and it worked: products are much, much safer. So why do we treat the offline world in a way that we don’t treat the online world?

For the first 20 years of the internet, people thought that the internet was like Las Vegas. What happens on the internet stays on the internet. It doesn’t matter. But it does. There is no online and offline world. What happens on the online world very, very much has an impact on our safety as individuals, as societies and as democracies.

There’s some conversation about duty of care in the context of section 230 here in the US – is that what you envision as one of the solutions to this?

I like the way the EU and the UK are thinking about this. We have a huge problem on Capitol Hill, which is, although everybody hates the tech sector, it’s for very different reasons. When we talk about tech reform, conservative voices say we should have less moderation because moderation is bad for conservatives. The left is saying the technology sector is an existential threat to society and democracy, which is closer to the truth.

So what that means is the regulation looks really different when you think the problem is something other than what it is. And that’s why I don’t think we’re going to get a lot of movement at the federal level. The hope is that between [regulatory moves in] Australia, the EU, UK and Canada, maybe there could be some movement that would put pressure on the tech companies to adopt some broader policies that satisfy the duty here.

Source link

Technology

EU-backed project to trial uncrewed flight ecosystem in Shannon

Voice Of EU

Published

on

The Shannon-based project aims to integrate the operations of uncrewed and conventional aircraft to modernise air traffic management in Europe.

A European consortium based in Shannon has received EU funding to develop a flight ecosystem for drones and help integrate uncrewed aircraft into our airspace.

Coordinated by Future Mobility Campus Ireland (FMCI), this consortium will conduct a three-year engineering project to develop, deploy and optimise this type of system in Europe.

Describing itself as Ireland’s “first testbed for future mobility”, FMCI is a development centre based in the Shannon Free Zone focused on innovation in both ground and air mobility tech.

Illustration of an unmanned vehicle testing site, with drones visible. A landing and take off zone is highlighted, along with a mobile operations unit where a van is parked. A small building is labelled as the AAM operations centre.

Illustration of the Advanced Aerial Mobility Hub at FMCI. Image: FMCI

FMCI said the research project, known as EALU-AER, represents a “major vote of confidence” in Ireland’s local expertise, industry operators and the resourcing of air mobility development.

Other members of the consortium include Shannon Group, the Irish Aviation Authority, Collins Aerospace, Dublin-based Avtrain, and Deep Blue in Italy.

The consortium has received the three-year funding award to develop uncrewed aviation business opportunities in Ireland, as part of a collaborative research project that could help modernise air traffic management in Europe.

The consortium said the new funding will help build an end-to-end ecosystem that supports the safe operation of uncrewed flights. The goal is to help integrate the operations of both uncrewed and conventional aircraft.

“This will result in developing and building out the critical infrastructure to allow advanced air mobility proliferate across Europe,” FMCI CEO Russell Vickers said.

“It will secure access to airspace for large numbers of drones and eVTOL [electric vertical take-off and landing] aircraft, resulting in safe, cost-effective and sustainable transport of freight and people in the future.”

The project’s work will be based at FMCI’s Advanced Aerial Mobility Research Test and Development Facilities in Shannon, but will include a network of Advanced Air Mobility routes across Ireland.

FMCI has already worked with Avtrain and Shannon Group to trial freight delivery services using beyond visual line of sight (BVLOS) drones.

“We are entering a new era of innovation where the success of the industry will depend on the integration of uncrewed aircraft into our airspace, rather than the segregation of airspace,” Avtrain CEO Julie Garland said.

Funding for the project came from the SESAR 3 Joint Undertaking, which is partnership of private and public sector entities in the EU that aim to accelerate the delivery of the Digital European Sky through research and innovation.

It comes as people are increasingly looking at the potential of drones and uncrewed flight technology. A Dublin City Council initiative recently looked to show how local government can utilise drones in areas such as civil defence, emergency response, public safety and environmental monitoring.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Goodbye silicone? A new era of breast reconstruction is on the horizon | Breast cancer

Voice Of EU

Published

on

Having an ice pack strapped to your chest – that’s how some describe the experience of taking a walk in cold weather when you have breast implants. Silicone only slowly reaches body temperature once out of the cold, so that icy feeling can persist for hours. As well as being uncomfortable, for breast cancer survivors it can be an unwelcome reminder of a disease they would rather put behind them.

Every year, 2 million people worldwide are diagnosed with breast cancer and the treatment often involves removing at least one breast. But most choose not to have their breasts reconstructed; in the UK, it is only about 30%. Now a handful of startups want to change that, armed with 3D-printed implants that grow new breast tissue before breaking down without a trace. “The whole implant is fully degradable,” says Julien Payen, CEO of the startup Lattice Medical, “so after 18 months you don’t have any product in your body.”

It could spell the end not only of cold breasts, but the high complication rates and long surgeries associated with conventional breast reconstruction. The first human trial of such an implant, Lattice Medical’s Mattisse implant, is scheduled to begin on 11 July in Georgia. Others will soon follow. “We expect to start clinical trials in two years’ time,” says Sophie Brac de la Perrière, CEO of another startup, Healshape.

“It’s exciting,” says Stephanie Willerth, professor of biomedical engineering at the University of Victoria, Canada, who is not involved with the companies. “As engineers, we’ve been playing with 3D printing for half a decade”, but having a clinical use that doctors recognise as useful for patients is key to getting the technology out there, she says.

But in a field fraught with difficult medical compromises, unequal access issues and expectations about what women want, the question is how big an impact the new technology will actually have.


Today, there are two main types of breast reconstruction: silicone implants and flap surgery. While implants are easy to install, flap surgery is a highly specialised business that requires a tissue “flap” being taken from the stomach, thigh or back. Surgeons often recommend flaps because, while there’s a lot of initial surgery and a longer recovery period, it gives a good, long-lasting result.

Silicone is still the most common choice. It is easy and simple, which appeals to cancer patients who either medically can’t have or mentally can’t face having tissue removed from another part of their body. But “it’s far from perfect”, says Shelley Potter, an oncoplastic surgeon at the University of Bristol and the Bristol Breast Care Centre. “It’s quite high risk. There’s a 10% chance of losing an implant.”

Healshape’s 3D-printed hydrogel implant
Healshape’s 3D-printed hydrogel implant, designed to be colonised by the patient’s fat cells over six to nine months. The company hopes to start trials in two years’ time. Photograph: Healshape

Silicone implants also require replacement every 10 or so years and they have had their fair share of scandals: the 2010s PIP scandal, in which a major implant manufacturer was found to have made its implants of dodgy silicone, and the 2018 Allergan scandal, in which popular textured implants were linked to an increased risk of a rare lymphoma. And as an American study from last year shows, it is mainly the idea of having that foreign object stuck inside your body that puts many off reconstruction altogether.

“So what we want to do,” says Brac de la Perrière, “is to give the benefits of the different solutions without the constraints.” In other words: the single, simple surgery of an implant, but without any lingering foreign material to cause trouble.

This can be achieved in different ways. Healshape uses a hydrogel to 3D-print a soft implant that will slowly be colonised by the person’s own fat cells, the initial batch of which is injected, while the implant disappears over six to nine months. The company CollPlant is developing something similar using a special collagen bioink, extracted from tobacco leaves it has genetically engineered to produce human collagen. “I think it will change the opinion of many patients,” says CEO, Yehiel Tal.

Lattice Medical has a different approach. Its implant is a 3D-printed cage made of a degradable biopolymer, in which they encase a small flap from underneath the breast area. This flap then grows to fill the cage with fat tissue, while the cage itself is absorbed by the body, ultimately leaving a regrown breast in its place.

Lattice Medical’s Mattisse implant
Lattice Medical’s Mattisse implant. Vascular adipose tissue is inserted into a bio-resorbable ‘tissue engineering chamber’, which degrades over 18 months. Trials are imminent. Photograph: Lattice Medical

Regrowing breasts using a cage has been shown to work in humans before, in a 2016 trial. However, it only worked in one of five women and the cages were not degradable. Andrea O’Connor from the University of Melbourne, Australia, who led the trial’s engineering team, hopes the new trial will address the problems raised in the first – for example, that patient responses can vary greatly. But if successful, it “would have the potential to help many women to achieve a superior reconstruction”, she says. Lattice Medical says its cage is an improvement because a flat base and larger pores help the tissue grow.

One big unknown is how much feeling the regrown breasts will have. A mastectomy usually means losing some sensation and, according to plastic surgeon Stefania Tuinder from the Maastricht University Medical Centre+ in the Netherlands, reconstruction affects it too. “From our data, it seems that implants have a negative effect on sensation, so the feeling in the skin is less than when you have only a mastectomy,” she says. In comparison, reconstruction from a flap with connected nerves can bring back some feeling within a few years.

Tuinder suspects the implant numbness is both because of nerve damage when the implants are inserted, and because the nerves can’t grow back once they are blocked by a lump of silicone. Whether that will also apply to the new implants remains to be seen, but since eventually there will be nothing to block the nerves, hopes are that sensation will be better.


Tissue engineered implants, however, are not the only recent innovations in the field. Many groups are working on perfecting a reconstruction technique using injections of the person’s own fat, boosted with extra stem cells to help the tissue survive. Medical professionals are still debating the safety and how the breasts hold up long term. In contrast to the new implants, the procedure might have to be done several times.

While any of these new techniques could result in something better than what’s currently on offer, Potter warns that we have a tendency to jump at new and shiny tech – an optimism bias. “We always think it’s going to be brilliant,” she says, but “we don’t want a situation like with vaginal mesh, where in 10 years’ time … we find out we have done something that isn’t helpful.”

Other solutions to the problems of reconstruction do exist. One is living without breasts, known as “going flat”. Contrary to the companies that think they can turn the reconstruction statistics around, people within the flat movement argue that if people were better informed, even more would opt out. “I reckon if [going flat] was given as an equal option,” says Gilly Cant, founder of the charity Flat Friends, “at least another 30-50% of women wouldn’t have [reconstruction].”

A Healshape scientist using software to determine the shape of an implant prior to 3D printing. The implants can be custom-made to suit the patient.
A Healshape scientist using software to determine the shape of an implant prior to 3D printing. The implants can be custom-made to suit the patient. Photograph: Healshape

At the moment, the guidance from the National Institute for Health and Care Excellence (Nice) says that doctors should be aware that some might not want reconstruction. But Cant says it is often presented to people as part of the treatment process. “It’s like, ‘OK, we need to do a mastectomy. Then you have chemo. Then you’ll have your radiotherapy and then we’ll do reconstruction.’ So women live for that reconstruction at the end,” she says. It comes to signal the finish line.

It is particularly contentious when only one breast is removed, because some might want the other taken off to feel and look symmetrical, rather than have a new one made. But according to Cant, many doctors don’t want to remove a healthy breast. Part of the doctors’ concern is that women will regret their decision, says Potter, but “women know what they want to do with their own bodies. We should help and support them to do what they want to do.”

Potter herself would like to see more of the ultimate alternative: not having a mastectomy in the first place. “There’s no evidence that mastectomy gives you better cancer outcomes than a breast-conserving operation,” she says. In this case, the tumour is removed but the breast is kept. For example, one of her patients had a breast reduction that removed her cancer while giving her breasts a lift. “She calls them her silver lining breasts.”


So even without tissue-engineered implants, there are enough options to make the choice a hard one. To help people choose, some charities pair up people considering a specific procedure with someone who has already been through it. At the charity Keeping Abreast, show and tell sessions give people the chance to ask the questions they might be uncomfortable asking their doctor and see the results for themselves.

But according to a 2018 report by the all-party parliamentary group on breast cancer, knowing what you want is not the same as having access to it. “There’s a massive postcode lottery,” says Potter. It stems from flap surgery being so involved that it often requires specialist plastic surgeons who can do minute surgery under a microscope. Many clinics don’t have such experts in-house and while the Nice guidance says people should still have the option, in practice it limits access.

The companies say this won’t be a problem with the new implants, because they are specifically designed to be easy to put in. Flap surgery can take from three to 12 hours depending on the flap, but insertion of Lattice Medical’s implant, for example, takes only one hour and 15 minutes. “It’s really accessible to all plastic surgeons,” says Payen.

This accessibility will no doubt be crucial in taking the new implants from a cool technology to something with real impact. But from Potter’s perspective, it’s just one potential piece in a big puzzle, not a techno-fix. The implants “would be an option for a lot of women”, she says. “But I think the main advance is all around access, proper information, giving women choice and hopefully reducing the number of mastectomies that we need.”

Source link

Continue Reading

Technology

What to do about inherent security flaws in ICS? • The Register

Voice Of EU

Published

on

The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. 

But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that control electric grids and keep clean water flowing through faucets, according to some industrial cybersecurity experts.

“Industrial control systems have these inherent vulnerabilities,” Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register. “That’s just the way they were designed. They don’t have patches in the traditional sense like, oh, Windows has a vulnerability, apply this KB.”

In research published last week, Forescout’s Vedere Labs detailed 56 bugs in devices built by ten vendors and collectively named the security flaws OT:ICEFALL. 

As the report authors acknowledged, many of these holes are a result of OT products’ being built with no basic security controls. Indeed, Forescout’s analysis comes ten years after Digital Bond’s Project Basecamp that also looked at OT devices and protocols and deemed them “insecure by design.”

A few hours after Forescout published its research, CISA issued its own security warnings related to the OT:ICEFALL vulnerabilities.

CVEs: The problem? Or the fix?

“Up until this point, CVEs haven’t been generated for these insecure-by-design-things, and there’s a reason for that,” Fabela said. “It’s bad for the industry.”

Once a CVE is generated, it sets into motion a series of actions by industrial systems’ operators, especially in heavily regulated industries like electric utilities and oil and gas pipelines. 

First, they have to determine if the environment contains any affected products. But unlike enterprise IT, which usually has centralized visibility and control over IT assets, in OT environments, “everything is distributed,” Fabela noted.

If industrial and manufacturing environments do have any products impacted by the vulnerability, that triggers an internal review and regulatory process that involves responding to CISA and developing a plan to improve security.

One SynSaber customer sarcastically described OT:ICEFALL as “the gift that keeps on giving,” Fabela said. “He said, ‘Now I have this on top of all my other like, the real vulnerabilities’,” which present a slew of other problems when it comes to patching — such as having to wait until a planned maintenance outage that may be months out — if the manufacturer has a patch at all.

OT protocols don’t use authentication

For example: The current Modbus protocol, which is very commonly used in industrial environments, does not have authentication. 

Forescout’s analysis details nine vulnerabilities related to unauthenticated protocols and disputes the argument that against assigning a CVE ID to a product with an insecurity OT protocol.

“On the contrary, we believe a CVE is a community recognized marker that aids in vulnerability visibility and actionability by helping push vendors to fix issues and asset owners to assess risks and apply patches,” the authors wrote.

While this makes sense from an IT security perspective, Fabela said it’s unrealistic from an OT perspective, and ultimately doesn’t make critical infrastructure any more secure.

Modbus, as a protocol that does not use authentication, could generate “thousands” of CVEs that “affect every product line in the world,” he Fabela. “You’re tying up the product security teams with the OEMs and you’re tying up the customers, the asset owners with CVE that they can’t do anything about.” 

Basecamp researcher weighs in

Reid Wightman is a senior vulnerability researcher with OT security shop Dragos’ threat intel team. He’s also one of the original Project Basecamp researchers, and, more recently has done work on the ProConOs and MultiProg software vulnerabilities.

Forescout cited some of his research, and dedicated a section of the ICEFALL analysis to security flaws with the ProConOS runtime in PLCs.

In an email to The Register, Wightman noted that a lot of industrial controllers have the same set of problems that isn’t going away: “they allow unauthenticated code to run on the PLC.” 

“This means that one malicious logic transfer to the PLC may permanently compromise the PLC,” he added, noting that, because the control logic is causing the change, it can happen outside of a normal firmware update. “It’s kind of a thing I’ve harped on since the Basecamp days, but may be worth repeating. Over and over again. Until the sun burns out, probably.”

Lately, one of Wightman’s “big, personal concerns” is that some vendors say they can use TLS and client certificates to secure controllers, presumably to avoid. In reality, this would just make the traffic more difficult to inspect, Wightman said.

“If an attacker gets onto the engineering system, they may load a malicious payload using CVE-2022-31800/CVE-2022-31801 (or any of the similar problems that exist in almost every logic runtime) into the controller,” he added. “Only, now we have no way of telling whether they did it because the traffic is encrypted.”

So how do we fix the problem? 

“I guess my answer would be: if your engineering system is compromised, throw away all of the controllers that it was allowed to talk to,” Wightman said. “And I doubt most end users would go to that level of paranoia.”

Which, again, points to the insecure-by-design nature of how these systems are engineered.

“Thankfully, we see no signs of any widespread abuse of these protocols or ‘features’ in spite of some of the bugs being well-known for years,” Wightman added. “I really do hope it stays that way.” ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!