Tag: Microsoft on the Issues

Growing up in Newton, Kansas our local newspaper, The Kansan, was the lifeblood of our community. At 3:30 p.m. every afternoon it landed on porches and lawns across the town, and we saw our local culture reflected in its pages: updates about important local events, high school sports scores, who won the local debate competition, and the weather forecasts our farming community depended on for their livelihoods. Years later, as the lawyer for Microsoft’s news and information portal MSN and our news services, I gained an even greater appreciation for high-quality, fact-based journalism and the important role trusted news played in society.

We’ve been looking at ways Microsoft’s technology and resources can help address some of the challenges journalism faces, and today I want to share some of the initial work of our initiative. It includes a new community-based pilot program that looks at ways to provide journalists and newsrooms new tools, technology and capacity, and expand reach for local news outlets. It also includes a new pro bono program, also in pilot form, to provide legal support to journalists and smaller newsrooms, and an expansion of AccountGuard to help protect journalists from cyberattacks. We will build on top of work already under way by Microsoft Research and the Microsoft Defending Democracy team that’s designed to tackle issues such as disinformation.

We’re starting with a very targeted approach. We don’t have all the answers, but we are committed to listening and learning, and we hope our contributions and learnings will be useful to others. We’ll also look to add additional steps and programs to our initiative as we learn more and identify additional opportunities.

The challenges

News and journalism face an accelerating crisis. Changes in digital advertising and in the way people receive their news – news aggregators, search engines and social media – have had a significant impact on journalism and its business model. Over the past 15 years, newsroom employment in the United States has dropped by half and 2,100 newspapers have closed. In recent months, the pandemic has put even more stress on newsrooms as advertisers pulled back. Since January, 11,000 newsroom jobs were cut in the U.S.

Digital technologies create opportunities for innovation and operational efficiencies, but they also create the risk that content can be manipulated and used to spread disinformation, undermining trust in all media. People’s digital literacy – the ability to find, analyze, evaluate and compose information – has not kept pace with technological innovation, making some people susceptible to manipulated content. Around the world, journalists themselves are also under attack, both physically and increasingly as targets for cyberattacks. According to survey conducted by Forrester Consulting, more than half of media and entertainment companies experienced three or more cyberattacks over a 12-month period.

Our approach

We believe there are specific areas where our technology or our resources can help. Initially, our initiative is focused on three areas:

• Support local newsrooms: Provide tools, technology, expanded distribution and funding for pilot programs
• Integrity: Use technology to tackle tech-driven threats such as deepfakes and disinformation, and tools to improve media literacy
• Security & safety: Help to support and protect journalists from threats, including legal and cyberthreats

Our approach is targeted and, in most cases, focused on initial pilots with specific partners and communities. We learned from our TechSpark program the importance of working with a community to understand their priorities, being open about what we don’t know and making a commitment to learning. Like TechSpark, we hope that by working with others, and by innovating and testing, we can play a role in finding sustainable solutions to some of the challenges journalism faces.

Supporting local newsrooms

The first focus area of the initiative is to work in partnership with local community foundations to help support local newsrooms. We hope we can support these newsrooms and journalists as they use the latest tools and technology to tell stories in new ways, experiment with new revenue streams and funding models, and work together with community organizations. We will bring technical expertise to the pilot community newsrooms and will partner with other industry organizations and foundations to share expertise and experience that will further expand the reach and impact of the initiative. Specifically, we will:

• Provide direct funding to the community foundations for operating costs, to bolster collaboration and attract matching funding and resources from foundations and other local or regional businesses
• Up-level technology through donations, deeply discounted software products and services from Microsoft and others
• Build capacity around technology transformation and technical support, business intelligence including customer-based analytics, and modern journalism skills such as data journalism, using AI and machine learning tools and technology built specifically for journalists, audio and video production, and modern storytelling.
• Expand news distribution to increase their reach and recognition, as well as generate new sources of revenue. Participating newsrooms that aren’t already a Microsoft News partner will have the opportunity to become one. As a partner, they may reach more than 500 million people in 180 countries every month across MSN, Bing, Microsoft Edge, Microsoft News apps and many mobile manufacturers and third-party distribution partners. Over 25 years, we’ve built a worldwide community of 1,200 publishers and 4,500 media brands and are proud to have shared over $1 billion of revenue with them since 2014.
• Convening experts on new sources of revenue and funding so pilot communities can learn and build on approaches that have worked elsewhere. For example, The Seattle Times will share with the pilot newsrooms its working model and experiences of community-funded journalism.

We are starting this work with pilots in Fresno, Calif.; the El Paso–Ciudad Juárez cross-border region; Jackson, Miss. and the Delta; and Yakima, Wash. These four communities were selected because of the serious challenges their local newsrooms face, the diversity of each community, the strong support of local news by the community, and referrals by third parties working on the future of news.

Addressing the challenges these local newsrooms face requires a new collaborative approach across pilot newsrooms, with community foundation leaders, local and regional academia, and non-profit organizations. We’ve spent the last few months engaged with each of these local communities to help define our approach and where we can be most helpful. These unique networks of local organizations are working together to identify the issues critical to their communities and where additional reporting, support and resources are needed. You can see the list of organizations involved in the pilots here.

Integrity

The second focus area is to begin to restore trust in the news and information people receive. Our efforts in this area draws on work by Microsoft Research and Microsoft’s Defending Democracy team. Tom Burt and Eric Horvitz recently announced a number of new steps to combat disinformation including new technologies such as Microsoft Video Authenticator to help tackle deepfakes, and new Azure-based tools to help detect manipulated content. They also highlighted new partnerships with news organizations, and an expansion of our NewsGuard implementation. It’s clear that public education and media literacy are critical components, and Tom and Eric referenced our work with the University of Washington (UW) Center for an Informed Public, Sensity and USA Today on media literacy, as well as an interactive quiz for consumers.

Security and safety

The third focus area is about using our technology, expertise and partnerships to help with legal issues, safeguard journalists’ digital data and help spot threats. We’re starting with two initiatives:

Legal support: As watchdogs of political systems, government institutions and others in power, journalists rely on legal public records requests to get information for use in their reporting. Government agencies sometimes refuse to agree to these requests and media outlets are faced with filing an expensive and time-consuming lawsuit to have them honored. News outlets are also facing an increasing number of lawsuits by individuals or groups seeking to use the legal system to stop or impede stories they don’t want published.

To begin to address these challenges, in partnership with Davis Wright Tremaine LLP, we are piloting the Protecting Journalists Pro Bono Program in California and Washington. To start, volunteer attorneys from Microsoft and Davis Wright Tremaine will provide legal support to journalists and small news organizations that are not otherwise able to afford legal support across three workstreams: pre-publication review, access to public records and defending journalists against subpoenas for confidential information. We’re currently accepting requests for assistance only through referrals via three non-profit partners: Reporters Committee for Freedom of the Press, First Amendment Coalition and Washington Coalition for Open Government. We’re also working directly with several small news organizations that are focused on underserved communities. As we learn from the pilot, we hope to expand to other regions and add additional partners.

Cyberattacks: Newsrooms and journalists are particularly vulnerable as they deal with large amounts of data and sensitive information from and about sources. We are expanding our Microsoft AccountGuard threat notification service with a new offering AccountGuard for Journalists. AccountGuard is available at no cost to M365 customers to provide notification of nation-state cyberattacks, tracking threat activity on M365 emails and personal accounts, including Outlook.com and Hotmail, of its employees who opt-in. AccountGuard also includes access to cybersecurity training and early access to new security features. It currently protects more than 2 million accounts across 30 countries, and enrollees have received more than 1,500 notifications of nation-state attacks to date. AccountGuard for Journalists will initially be available at no cost to newsrooms participating in the local pilot program and existing Microsoft News publishing partners.

Healthy Journalism

Beyond the work we are doing with others, we believe there are important public policy issues, too. We are committed to using our voice to advocate on issues that matter to news and journalism.  We will work to help advance a national dialogue with a particular focus on protecting the safety of journalists, protecting free speech for journalists and others, and promoting the sustained health of local news.

Healthy democracies require healthy journalism, and we hope our initiative can play a role in helping to support quality journalism locally and nationally, as well as promote trust in news. Over the past 10 months we’ve met with people in newsrooms and across the communities of Fresno, El Paso-Juarez, Jackson and Yakima, and our optimism about local news is stronger than ever. Local newsrooms are the heart of their communities. They not only provide updates about the important local events and high school sports scores that I remember from my childhood but, then and now, provide in-depth local investigations with national importance. Integrity, security and safety are critical to journalists around the globe. We hope our tools will give journalists some ease from worrying about attacks and more time to focus on their essential work. With these global tools, partnerships and local pilot programs, we hope to play a role in supporting journalists, newsrooms and communities as they work to ensure they have healthy journalism for generations to come.

Tags: cyberattacks, deepfakes, Defending Democracy Program, journalism, Microsoft AccountGuard, newsguard

Since 2008, Microsoft’s Law Firm Diversity Program (LFDP) has been a vehicle for the company to partner with our strategic partner law firms to advance diversity in the legal profession. We report annually on the program’s results, spotlight top performances among our law firm participants and provide insight into how we will evolve the program in the next year to drive continued progress.

This year, we are pleased to share that we continue to see diversity gains by our program participants and to announce that Perkins Coie and Latham & Watkins have earned special recognition for their diversity achievements and contributions to our program.

We’re also announcing that in this fiscal year, we will expand the program bonus pool and the number of law firms that can participate to drive more and faster progress with a greater focus on African American, Black, Hispanic and Latinx representation in leadership.

Continued progress in 2020

The LFDP is an incentive-based program that rewards participating firms for increasing diversity within the firms, with a specific focus on:

• diverse attorneys working on Microsoft matters
• diversity within the firm’s partnership
• diversity within the firm’s executive management

This last fiscal year, participating firms were eligible to earn a full bonus of up to 2 percent of their annual fees by meeting diversity targets in each of these areas. For purposes of the program, we define increases in diversity as greater inclusion of women, racial and ethnic minorities, LGBTQ+ people, people with disabilities, and veterans.

For the 12^th consecutive year, diversity has increased within the teams working on Microsoft matters from participant firms. This year’s gains contributed to nearly a 30 pecentage point overall increase in the percentage of hours worked by diverse attorneys on our matters since the program launched. Since we added a focus on diversity in firm leadership to the program in 2015, diverse representation among management committees has increased by 12 percentage points, and diverse partner composition has grown from 33% to over 38%.

This growth represents commitment, innovation and partnership across our partner firms participating in the program. Given the health and economic crises caused by COVID-19 this year, we are especially grateful to our partner firms for their steadfast focus on creating a more diverse and inclusive industry and legal system during this time. Though we celebrate the gains we have made within the program, we have much more work to do as individual organizations and a profession, and it is as important as ever that we do not lose focus.

Our 2020 Law Firm Diversity Program award recipients

This year, as last year, we have two special awards within the program:

• “Top Performer” for the firm that made the greatest gains across the diversity focus areas for the program
• “Most Innovative” for the firm recognized, by a vote of their peers within the program, for exceptional innovation in efforts to increase diversity and inclusion at their firm

We are pleased to share that Perkins Coie is this year’s Top Performer, and for the second year in a row, Latham & Watkins is our LFDP Most Innovative firm.

Top Performing Law Firm – Perkins Coie

In the last five years, Perkins Coie has achieved impressive progress against LFDP program goals, growing diverse attorney hours on Microsoft matters by 12.3 percentage points (from 56.7% to 69%), and a 10.3 point increase in overall diverse partner representation at the firm (from 33.6% to 43.9%). Perkins Coie has also made great progress in diverse representation on its management committee, with over 64% of their committee members identifying as women, minorities, LGBTQ+ people, people with disabilities and veterans. Perkins Coie’s proactive approach earned the firm recognition on Fortune’s list of Best Workplaces for Diversity last year and has positioned the firm as a leader for diversity in the profession. We celebrate Perkins Coie’s efforts and congratulate their earning of this year’s award.

Most Innovative Law Firm – Latham & Watkins

The LFDP Most Innovative award was created last year to incentivize real, meaningful and sustained progress through innovation as a core principle for the LFDP. For the second consecutive year, Latham & Watkins has been recognized by a vote of its peer participants as the LFDP Most Innovative firm. This year, the firm won over its peers with two new initiatives intended to create a culture of allyship at the firm and reward firm timekeepers for investing their time in diversity and inclusion efforts.

Encouraging allyship  

Latham & Watkins created an allyship campaign that aims to provide practical steps on how to be an ally, highlight examples of allyship at the firm and facilitate “safe space” opportunities for everyone to engage in meaningful dialogue about diversity and inclusion, and allyship. The firm anticipates the campaign’s launch in the coming year.

Earning credit for diversity and inclusion  activities  

Latham & Watkins launched a program starting this year where associates and counsel can earn up to a certain number of bonus-eligible hours working on activities.  In this way, Latham & Watkins understands that providing this credit is an incentive that underscores not only the importance of diversity and inclusion contributions, but also helps increase engagement, both of which are key toward making headway in this space.

We believe that innovative ideas and approaches are necessary to move our profession forward. We also believe that when it comes to diversity and inclusion, sharing ideas will help us all to accelerate our progress. We celebrate Latham & Watkins’s commitment to innovation and sharing, so that others can learn from their efforts.

Expanding the Law Firm Diversity Program to drive greater progress

While we are grateful for all the progress in the last year and in the last 12 years, we can’t lose sight of the fact that there is much progress to still be made. Indeed, the data on this is quite sobering. Numerous reports from the last year find that we are far from the diverse and inclusive profession that we need to be.

For example, though Asian American, African American and Black, Latinx and Hispanic, and Native American people comprise between 35% and 40% of the U.S. population, Law360 reports in its 2019 snapshot that only 10% of partners at the firms it surveyed identified with these communities.

The data also reflects that the pace of change for some demographics has been too slow, particularly in leadership and for African American, Black, Hispanic and Latinx people. The National Association for Law Placement reports that representation of Black or African American partners rose only a quarter of one percentage point in the 10 years between 2009 and 2019, from 1.7% to 1.9%. Similarly, in the same period, representation for Latinx partners grew less than one percentage point, from 1.6% to 2.5%. At this rate of change, reaching proportional representation for these communities will take more than 50 years. We must make faster progress, and that progress must be inclusive of all diverse communities.

With this context in mind, Microsoft is taking three steps to evolve the LFDP this year:

1. Inviting more firms to participate in the program
   In past years, the program has been open to our 12 to 15 strategic partner firms. This year, we are expanding the program to include more than 20 additional firms who also do a substantial amount of work for us in the U.S. Similar to our strategic partner firms that have been longstanding participants, the firms that are new to the program will be rewarded for year-over-year growth in diversity on the team that services Microsoft’s matters, within their leadership at the partner level, and within their management committees.
2. Increasing the financial incentive for progress
   Starting this year, we are increasing the potential bonus within the program for strategic partner participants from 2% to 3% of their annual fees.
3. Putting a greater focus on growth of African American, Black, Hispanic and Latinx people in leadership
   One third of the bonus that firms are eligible to earn will be allocated for growth in representation of African American, Black, Hispanic and Latinx peoples within the firms’ partnership ranks.

Additionally, we are working with our law firm partners in the United Kingdom to pilot a version of the LFDP in that region. We hope to share what we learn from that pilot next year.

With this latest evolution of the program, we increase our commitment to diversity and inclusion by strengthening our partnership with our law firms to make continued progress together over the next year.

Sources and where to learn more about the journey toward increasing diversity in the legal profession:

The legal profession must not let COVID-19 weaken our commitment to diversity

Left Out and Left Behind on the experiences of women of color in the profession published by the ABA Commission on Women

NALP 2019 Report on Diversity in U.S. Law Firms

2019 Law360 Diversity Snapshot

Tags: diversity, Law, Law Firm Diversity Program, LFDP

Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.

In addition to attacks becoming more sophisticated, threat actors are showing clear preferences for certain techniques, with notable shifts towards credential harvesting and ransomware, as well as an increasing focus on Internet of Things (IoT) devices. Among the most significant statistics on these trends:

• In 2019, we blocked over 13 billion malicious and suspicious mails, out of which more than 1 billion were URLs set up for the explicit purpose of launching a phishing credential attack.
• Ransomware is the most common reason behind our incident response engagements from October 2019 through July 2020.
• The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits.
• IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.

Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace: that all organizations, whether government agencies or businesses, invest in people and technology to help stop attacks; and that people focus on the basics, including regular application of security updates, comprehensive backup policies and, especially, enabling multi-factor authentication (MFA). Our data shows that enabling MFA would alone have prevented the vast majority of successful attacks.

In this blog post I’ll summarize some of the most important insights in this year’s report, including related suggestions for people and businesses.

Criminal groups are evolving their techniques

Criminal groups are skilled and relentless. They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work.

Over the past several months, we have seen cybercriminals play their well-established tactics and malware against our human curiosity and need for information. Attackers are opportunistic and will switch lure themes daily to align with news cycles, as seen in their use of the COVID-19 pandemic. While the overall volume of malware has been relatively consistent over time, adversaries used worldwide concern over COVID-19 to socially engineer lures around our collective anxiety and the flood of information associated with the pandemic. In recent months, the volume of COVID-19-themed phishing attacks has decreased. These campaigns have been used for broadly targeting consumers, as well as specifically targeting essential industry sectors such as health care.

In past years, cybercriminals focused on malware attacks. More recently, they have shifted their focus to phishing attacks (~70%) as a more direct means to achieve their goal of harvesting people’s credentials. To trick people into giving up their credentials, attackers often send emails imitating top brands. Based on our Office 365 telemetry, the top spoofed brands used in these attacks are Microsoft, UPS, Amazon, Apple and Zoom.

Additionally, we are seeing attack campaigns that are being rapidly changed or morphed to evade detection. Morphing is being used across sending domains, email addresses, content templates and URL domains. The goal is to increase the combination of variations to remain unseen.

Nation-state actors are shifting their targets

Nation-states have shifted their targets to align with the evolving political goals in the countries where they originate.

Microsoft observed 16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics. These COVID-themed attacks targeted prominent governmental health care organizations in efforts to perform reconnaissance on their networks or people. Academic and commercial organizations involved in vaccine research were also targeted.

In recent years there has been an important focus on vulnerabilities in critical infrastructure. While we must remain vigilant and continue to increase security for critical infrastructure, and while these targets will continue to be attractive to nation-state actors, in the past year such actors have largely focused on other types of organizations. In fact, 90% of our nation-state notifications in the past year have been to organizations that do not operate critical infrastructure. Common targets have included nongovernmental organizations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security. This trend may suggest nation-state actors have been targeting those involved in public policy and geopolitics, especially those who might help shape official government policies. Most of the nation-state activity we observed the past year originated from groups in Russia, Iran, China and North Korea.

Each nation-state actor we track has its own preferred techniques and the report details the preferred ones for some of the most active groups.

Ransomware continues to grow as a major threat

The Department of Homeland Security, FBI and others have warned us all about ransomware, especially its potential use to disrupt the 2020 elections. What we’ve seen supports the concerns they’ve raised.

Encrypted and lost files and threatening ransom notes have now become the top-of-mind fear for most executive teams. Attack patterns demonstrate that cybercriminals know when there will be change freezes, such as holidays, that will impact an organization’s ability to make changes (such as patching) to harden their networks. They’re aware of when there are business needs that will make organizations more willing to pay ransoms than incur downtime, such as during billing cycles in the health, finance and legal industries.

Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system – compromising, exfiltrating data and, in some cases, ransoming quickly – apparently believing that there would be an increased willingness to pay as a result of the outbreak. In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes.

At the same time, we also see that human-operated ransomware gangs are performing massive, wide-ranging sweeps of the internet, searching for vulnerable entry points, as they “bank” access – waiting for a time that is advantageous to their purpose.

Working from home presents new challenges

We all know that COVID-19 has accelerated the work-from-home trend that was already well underway in 2019.

Traditional security policies within an organization’s perimeter have become much harder to enforce across a wider network made up of home and other private networks and unmanaged assets in the connectivity path. As organizations continue to move applications to the cloud, we’re seeing cybercriminals increase distributed denial of service (DDoS) attacks to disrupt user access and even obfuscate more malicious and harmful infiltrations of an organization’s resources.

It’s also important to address the human element as fundamental to a secure workforce by looking at challenges such as insider threats and social engineering by malicious actors. In a recent survey conducted by Microsoft, 73% of CISOs indicated that their organization encountered leaks of sensitive data and data spillage in the last 12 months, and that they plan to spend more on insider risk technology owing to the COVID-19 pandemic.

During the first half of 2020, we saw an increase in identity-based attacks using brute force on enterprise accounts. This attack technique uses systematic guessing, lists of passwords, dumped credentials from previous breaches or other similar methods to forcibly authenticate to a device or service. Given the frequency of passwords being guessed, phished, stolen with malware or reused, it’s critical for people to pair passwords with some second form of strong credential. For organizations, enabling MFA is an essential call to action.

A community approach to cybersecurity is critical

At Microsoft, we use a combination of technology, operations, legal action and policy to disrupt and deter malicious activity.

As a technical measure, for example, we are investing in sophisticated campaign clustering intelligence in Microsoft 365 to enable security operations center (SOC) teams to piece together these increasingly complex campaigns from their fragments. We also try to make it more difficult for criminals to operate by disrupting their activities through legal action. By taking proactive action to seize their malicious infrastructure, the bad actors lose visibility, capability and access across a range of assets previously under their control, forcing them to rebuild. Since 2010, our Digital Crimes Unit has collaborated with law enforcement and other partners on 22 malware disruptions, resulting in over 500 million devices rescued from cybercriminals.

Even with all of the resources we dedicate to cybersecurity, our contribution will only be a small piece of what’s needed to address the challenge. It requires policymakers, the business community, government agencies and, ultimately, individuals to make a real difference, and we can only have significant impact through shared information and partnerships. This is one of the reasons we initially launched Microsoft’s Security Intelligence Report in 2005, and it’s one of the reasons we’ve evolved that report into this new Digital Defense Report. We hope this contribution will help us all work together better to improve the security of the digital ecosystem.

Tags: AI, artificial intelligence, cybersecurity, Digital Defense Report, email security, IoT, machine learning, network security, phishing, ransomware, security intelligence, security strategies

This week, the United Nations celebrated its 75^th anniversary, and Microsoft announced the launch of its UN Affairs team, led by John Frank. In addition to being the 75^th anniversary, this year saw the first all-virtual UN week.

Lively conversations took place around the UN General Assembly, addressing topics that impact people across the globe, and included leaders such as Microsoft President Brad Smith.

Here’s a look at recent events from the week:

In Conversation: Trevor Noah | September 23, 2020

How does having “the mind of a pessimist and the soul of an optimist” affect Trevor Noah’s view of the world? Microsoft President Brad Smith had the chance to interview him for this first edition of In Conversation, a discussion series launched from the sidelines of the UN General Assembly in celebration of the UN’s 75^th anniversary.

In Conversation: Brad Smith and Trevor Noah from the 2020 UN General Assembly

Net Zero Carbon Panel: Climate Action and Ambition | September 16, 2020

Microsoft kicked off a series of livestreams in partnership with the Eurasia Group’s GZero Media. The first, Net Zero: Climate Ambition and Action, was moderated by Julia Pyper, host and producer of the Political Climate podcast. It also included Gerald Butts, vice chairman and senior advisor, Eurasia Group; Lucas Joppa, Chief Environmental Officer, Microsoft; Rachel Kyte, Dean of Tufts University’s Fletcher School; and Mark Carney, UN Special Envoy for Climate Action and Finance.

Net Zero Carbon LIVE Panel: Climate Action and Ambition | GZERO with Microsoft & Eurasia Group

Peace One Day: Q&A with Microsoft President Brad Smith | September 21, 2020 

Brad Smith participated in a live Q&A for Peace One Day, to mark the UN’s International Day of Peace. Kate O’Sullivan, General Manager, Digital Diplomacy at Microsoft, was part of the event along with Fabrizio Hochschild, Under-Secretary-General, UN; Robert Redfield, Director, Centers for Disease Control and Prevention; Tedros Adhanom Ghebreyesus, Director-General, World Health Organization; and performers Annie Lennox and Jude Law, among other guests.

Peace One Day Live Global Digital Experience

Reimagining While Rebuilding: Panel with Brad Smith | September 23, 2020

Brad Smith and Ian Bremmer discussed the concept of multilateralism – where civil and public organizations band together to solve complex societal problems – and whether the global challenges of 2020 will lead to more inclusive multilateralism in the future. They were joined by guests including former U.S. Secretary of Homeland Security Jeh Johnson, Microsoft’s Director of UN Affairs John Frank, and the New Yorker’s Susan Glasser, with special appearances by European Central Bank President Christine Lagarde, UN Secretary-General António Guterres and The Daily Show’s Trevor Noah.

Reimagining While Rebuilding: Livestream Panel | GZERO with Microsoft and Eurasia Group

High-Level Climate Change Roundtable | September 24, 2020

Brad Smith participated in the live High-Level Climate Change Roundtable convened by UN Secretary-General António Guterres. The session brought together a select group of global climate leaders who are taking bold action as they recover from the COVID-19 pandemic.

High-Level Roundtable on Climate Action – 24 September 2020

Learn more on the Microsoft UN Affairs site and follow @MSFTIssues on Twitter.

Whether it is being used to analyze the human immune response to COVID-19 or map the spread of wildfires, artificial intelligence (AI) has proven itself to be a powerful tool for tackling the kinds of challenges that have been thrust into the spotlight this year. However, as the use of AI becomes more widespread, it is also becoming clear that, without action to ensure AI will be used responsibly, it could create problems of its own, disrupting jobs, threatening social and economic inequality and potentially undercutting progress on human rights.

As the use of AI grows, a broad discussion is needed about how to realize its full potential in a way that also addresses the challenges it creates. And, as the ones who will live and work with this technology for years to come, the voice of young people must be at the forefront of these discussions. Launching today, the NextGen Network report How AI Can Work for Humanity seeks to elevate the perspectives of young people around the world, helping them inform the debate on how AI can be used responsibly. The report includes three core recommendations:

• Governments must take the lead in putting into practice new frameworks for responsible AI.
• Countries must work together to drive greater international co-operation on AI and create an international framework for responsible AI use.
• Organizations of all kinds should put a set of values at the center of how AI is deployed to ensure its use is human-centered, accountable and transparent.

Broadening the conversation on AI

The mission of the NextGen Network is to provide a platform for young people to help shape decisions on technology. The report and today’s launch event with Věra Jourová, EU Commissioner for Values and Transparency, and Sarah Bird, Responsible AI lead for Azure AI at Microsoft, provide an opportunity for young people to share their ideas on how the technology should be developed and used.

NextGen member Enrique Zapata, the data and new technologies lead at the Latin American Development Bank, explained why it’s so important for young people to be part of these discussions: “Our generation, as well as generations Z and A will be the ones living the impact of AI in our lifetimes. It is critical that our voice, values and expectations are taken into account as the main inputs for the future use of digital technologies, even more than those of previous generations, which already had their chance.”

The report is the product of six workshops and a poll of young people from 13 different countries. It finds that the group is positive about the impact that AI will have in general and its ability to drive breakthroughs in healthcare and environmental sustainability. But it also highlights concerns about potential disruption to the world of work, as well as the impact of AI on income inequality and human rights.

The report seeks to add to the global discussion about how to use AI responsibly. This discussion is advancing in many parts of the world, with the EU Commission having recently launched its white paper on AI, the New Zealand government publishing its Algorithm Charter and the UK Government creating its Centre for Data Ethics and Innovation. These developments take place alongside many fruitful conversations happening elsewhere. The hope is that the ideas represented in this report can help catalyze further discussion and translate this into positive action.

The breadth of geographical representation and wide range of backgrounds of those feeding into the report was designed to help foster a more international conversation around AI. In doing so, the Network hopes to broaden the conversation around AI and help address concerns that have been raised that the current discussion on AI may be dominated by a narrow group of countries and people in a way that could hinder efforts to ensure responsible use. NextGen member Henri Brebant, graduate student at the Harvard Kennedy School, stressed the need for this diverse and global conversation, stating that “only a global conversation on AI ethics can generate the momentum that is needed.”

NextGen perspectives on next generation technology

The report is the first of its kind from the NextGen Network, a partnership between the Aspen Institute and Microsoft. The Network was launched in 2018 to provide a forum for young people from around the world to discuss issues of technology and society. Currently active in Mexico, India, UK, France, Germany, and Central and Eastern Europe, the Network brings together people from the fields of science, business, government and journalism as well as civil society, creating a diverse conversation. The Network also looks to create spaces for young people to interact with leaders from across government, business and civil society, providing a platform for an intergenerational conversation on how to ensure technology can be used for the benefit of society.

The opportunity to share ideas with others is often why young people join the Network. Suhasini Vira, NextGen member and founder of the Clean Hands Initiative, said she “got involved in the Network because of its focus on creating spaces for thought-provoking, structured and open conversations about the role of technology in society.”

Similarly, Charlotte Douglas, NextGen member and post-doctoral researcher at the Francis Crick Institute, said that “engaging in the NextGen network gave me this incredible opportunity to meet like-minded individuals and passionately discuss the impact of digital technologies and how the conversation regarding these technologies is growing and expanding globally.”

Learn more about the NextGen Network here and get the report here.

Tags: AI, artificial intelligence, NextGen Network

Last December, before the onset of COVID-19, I had the opportunity to visit Zaatari in Jordan – the world’s largest camp for Syrian refugees – to learn more about the challenges and opportunities refugees face. I met a young girl, Doha, who was participating in a computing class. I asked her what she thought about this class, and she said, “Computing is the language of life today. It’s how things get done.”

This week, while participating in the 75^th United Nations General Assembly, I’m reflecting on Doha and the inspiring leaders of the camp to see what more we can do to empower refugees and vulnerable communities, especially given the impact of the global pandemic. With the urgency of the moment, this week Microsoft Philanthropies will expand the reach of one of our programs to help underserved communities.

Two years ago at the 73^rd United Nations General Assembly, Microsoft President Brad Smith announced AI for Humanitarian Action as part of the Microsoft AI for Good program, a $165 million initiative to help unlock the power of data and AI to address some of the biggest challenges facing society today. The five-year AI for Humanitarian Action commitment was launched to help change the way front-line relief organizations anticipate, predict and better target response efforts related to disaster recovery, the needs of children, promotion of human rights, and protection of refugees and displaced people.

Over the past two years, we’ve worked with selected nonprofit and humanitarian organizations to deliver on the program’s promise to help respond to global humanitarian issues. Some examples include:

• Human rights – Empowering the Clooney Foundation for Justice with innovative technology that supports monitoring and responding to trials around the world that pose a high risk of human rights violations.
• Refugees and displaced people – Combating wrongful deportation of asylum seekers with the Asylum Seeker Advocacy Project and KIND.
• Disaster response – Improving the reach of open mapping of vulnerable areas with Bing and the Humanitarian OpenStreetMap Team (HOT)
• Needs of children – Enhancing surgical outcomes and helping more children in need of facial surgery through the use of a facial modeling algorithm with long-time nonprofit partner Operation Smile.

Since 2018, the need to accelerate the pace of innovation has increased rapidly due to growing inequality and the COVID-19 pandemic. Building on the progress of the past two years and the urgency of the moment, we’re expanding the program beyond nonprofits to include applications from any type of organization through October 31, 2020, with this web portal.

The challenges faced by children are inextricably linked to those of women, including access to healthcare, which is disproportionally affecting women and children during COVID-19. As a result, we have also expanded the focus on children to include women.

“An effective response to COVID-19 accounts for the disproportionate impact on vulnerable communities, including women and girls,” said Michelle Nunn, President and CEO of CARE. “It is essential to listen to women and girls and ensure that all involved collect, publish and act on sex-disaggregated data to design inclusive and effective responses to COVID-19. That’s why Microsoft’s expansion of its AI for Humanitarian Action initiative to be inclusive of the needs of women and children is needed now more than ever.”

As we work with new partners through AI for Humanitarian Action to enable their work and accelerate their impact, we remain committed  to using our expertise to help empower vulnerable populations – like those in Zaatari – by ensuring we leverage technology to address the broadest societal needs.

Tags: AI for Humanitarian Action, children, COVID-19, disaster response, human rights, Microsoft Philanthropies, Refugees

Microsoft announced earlier this year the launch of a new United Nations representation office to deepen our support for the UN’s mission and work, and I am thrilled to be leading this initiative. Until March, I was based in Brussels leading Microsoft’s European Union government affairs team. That role instilled a passion for working with multilateral institutions and participating in multi-stakeholder projects such as the Paris Call for Trust and Security in Cyberspace. It has been a few years since I was a law student in New York City studying international legal and policy issues, but it’s great to be returning to NYC to learn and participate in today’s issues.

The new UN Affairs team has been operating in startup mode for the past several months as we build relationships with the UN community and begin expanding Microsoft’s engagements. Our commitment to building a team focused on the UN is rather unique, and we have received several questions, and a few puzzled expressions on why we are doing this now. And so today I want to provide an update on our mission, activities for the 75^th UN General Assembly, and our team.

Our mission

Many of the big challenges facing society can only be addressed effectively through multi-stakeholder action. Whether it’s public health, environmental sustainability, cybersecurity, terrorist content online or the UN’s Sustainable Development Goals, we at Microsoft have found that progress requires two elements. We need both international cooperation among governments and inclusive initiatives that bring in civil society and private sector organizations to collaborate on solutions.

One of the most significant transformations since the UN was established 75 years ago has been the advent of the internet. In this interconnected world, the internet can both hasten progress and exploit vulnerabilities. We are committed to continuing to support Secretary-General Guterres’ call to harness technology to respond to and recover from the devastating health, economic and social consequences of COVID-19.

We have been considering where we can make the greatest contributions. Microsoft is focused on supporting and promoting cooperation to advance progress towards a more accessible and equitable digital environment and a healthier planet, and enabling the UN and its agencies to achieve more using computer and data science. In this 75^th UN General Assembly, we are committed to collaborating to advance six priorities:

1. Human rights, ensuring technology protects and empowers everyone, all peoples and all nations, and exploits no one
2. Environmental sustainability, curbing emissions to foster a more sustainable future, reducing waste, promoting new approaches to ensure access to clean drinking water, and preserving and protecting the biodiversity and health of the world’s ecosystems
3. Defending democracy and cyberpeace, promoting strong democratic institutions and electoral systems and advocating for clear rules of the road for state actors in cyberspace
4. Decent work and economic growth, helping 25 million people worldwide acquire the digital skills needed in a recovering economy
5. Quality education, launching global platforms to support remote learning and help address the education crisis
6. Broadband availability and accessibility, building out internet access to 40 million people across Africa, Latin America and Asia by 2022

These imperatives cannot be achieved without close cooperation among Member States, multilateral institutions, civil society and the private sector. As we work to make substantive progress, we should also devote our collective time and effort to building consensus on how our global institutions should be reformed and strengthened. We are at an inflection point.

A series of crises have exposed the fragility of our global governance systems and institutions. Given the scale of challenges we face today, the need for reform is clear, but the international community has yet to elaborate and agree upon the necessary solutions. Now is the time to think more broadly and reimagine what effective, inclusive global governance can do for society, and to strengthen the systems and institutions that are tasked with this work.

Our activities for UNGA75

In the midst of a pandemic and economic shock, the UN opened its 75^th General Assembly this week. Meetings and conferences will be conducted online, with a socially distanced hybrid General Assembly. “High-level week” won’t be the same without the heads of state and governments convening in person, but the UN’s agenda, and the global challenges facing all of us, are no less pressing and urgent.

This year, we have adjusted our plans, but retained our ambitions. We are excited to announce a series of events around each of these six priority topics during high-level week. Several of us at Microsoft will be participating in UN-sponsored events as well as joining others’ virtual programming, including Concordia’s 10^th Annual Summit. Microsoft is partnering with GZERO Media and Eurasia Group to provide briefings, analysis and debate on the most pressing issues facing the 75^th UN General Assembly. We encourage all stakeholders – from individuals and activists to government and UN officials – to attend, participate and make your voices heard.

UN Affairs team

This is a great opportunity to introduce our UN Affairs team. Lani Cossette, Senior Director and Chief of Staff, comes to New York from her previous role in Brussels with our European Government Affairs team, and Jamal Edwards, Senior Program Manager, is joining us from our Digital Diplomacy team. Jean-Yves Art, Senior Director, and Daniel Akinmade Emejulu, Program Manager, remain in Geneva where they will continue their engagements with the UN offices in Geneva and the OECD. Our human rights specialists, Steve Crown, Vice President and Deputy General Counsel, and Bernard Shen, Assistant General Counsel, remain in Seattle, while Michael Karimian, Senior Manager, is based in New York.

UNGA high-level week comes around only once each year. The UN’s work around the world continues 365 days each year. Let’s work together not only this month but all year to make a difference.

Tags: broadband access, Defending Democracy Program, Education and Jobs, Environmental Sustainability, human rights, UN Affairs team, UN General Assembly, United Nations

The new school year is beginning for many across the globe and, although COVID-19 continues to necessitate at least some distance-learning, the realities of bullying – both online and off – remain. A new Microsoft study shows 4 in 10 teens in 32 countries report being “involved” in a bullying incident and, perhaps surprisingly, nearly the same percentage of adults, as well.

Some 40% of teenagers in 32 countries¹ say they’ve been involved in a bullying incident as the target of the bullying, someone who displayed bullying behaviors or as a bystander. Meanwhile, 37% of adults said they were involved in a “bullying” incident. Combining both teens and adults, 38% of respondents say they were involved, with 19% identifying as the “target,” 21% as a “bystander” and 1% each as both “contributor” and “bully.” Respondents were asked about both online and offline bullying, and adults were asked about “bullying” (perhaps better termed “harassment”) both inside and outside the workplace.

Interestingly, those who admitted to either contributing to or exhibiting bullying behaviors responded overwhelmingly that they felt social pressure to act (68%) and they said that they regret their actions (79%). Among those who felt significant pressure to act, regret was even higher at nearly 9 in 10 (89%).

The findings are from Microsoft’s latest research into aspects of digital civility ­– encouraging safer, healthier and more respectful online interactions among all people. The study, “Civility, Safety and Interaction Online ­­– 2020,” polled teens ages 13-17 and adults ages 18-74 about their exposure to 21² different online risks. This latest research builds on similar studies undertaken annually from 2016 to 2019. Previous years’ projects polled the same demographic groups in 14, 22, 23 and 25 countries, respectively. A total of 16,051 individuals participated in this latest study, and we have surveyed more than 58,000 people over the last five years. Full results from this latest installment will be made available on international Safer Internet Day 2020 on Feb. 9.

Most common response: block “bullies”

For nearly a decade, young people around the world have been advised to “Stop, Block and Tell” when it comes to online bullying, and that was the predominant response reported in this study. Two-thirds of respondents (66%) said they blocked the instigator while more than half (54%) said they talked to a friend, and more than 4 in 10 either ignored the person (44%) or told a trusted adult (42%). Sadly, given the importance of reporting unwelcome behavior to tech companies to help keep online communities safe and collegial, less than a third of respondents (30%) said they told a service provider, such as a social media company, about the incident.

We’ve all seen various webforms and online tools for reporting instances of cyberbullying, harassment, or other forms of digital abuse to tech companies. But how many of us have experienced or witnessed cruel or malicious treatment online or stumbled upon harmful content and actually submitted a report? In addition to specific in-product or service links to report abuse or concerns to Microsoft, we also make available a series of topic-specific webforms to report non-consensual pornography (unartfully referred to as “revenge porn”), terrorist content and hate speech. These issues, as well as bullying, harassment and other inappropriate behavior are all violations of Microsoft’s Code of Conduct as detailed in the Microsoft Services Agreement. On the other hand, if consumers feel their content was removed or their account was closed in error, they can complete this form to request reinstatement.

Microsoft and other online service providers have a business interest in protecting our customers and the integrity of our services by removing illegal and harmful content and addressing prohibited conduct. Furthermore, customer-reporting plays an important role in achieving those aims. So, we encourage people who participate in our communities to make us aware of content that is illegal or violates our code of conduct. General research shows that many users are reluctant to report terms-of-service violations because they feel their reports will go unnoticed or they would simply prefer to let someone else do the reporting.

At Microsoft, reports are reviewed, evaluated and actioned as appropriate. Depending on the severity of the offense, different Microsoft consumer services undertake different enforcement actions.

So, as the new – largely virtual – school year begins, pledge to be an “upstander.” Embrace the Microsoft Digital Civility Challenge and, if it’s safe and prudent to do so, stand up for yourself and others online who may be targeted for abuse or cruel treatment. Make use of technology companies’ reporting features, and promote good digital citizenship and digital civility in all communities.

To learn more about responding to online bullying and harassment, consult this resource, and for more on digital safety and digital civility generally, visit our website and resources page.

¹ Countries polled in 2020 were: Argentina, Australia*, Belgium, Brazil, Canada, Chile, Colombia, Denmark*, France, Germany, Hungary, India, Indonesia*, Ireland, Italy, Malaysia, Mexico, Netherlands, Peru, Philippines*, Poland, Russia, Sweden*, Singapore, Spain*, South Africa, Taiwan, Thailand*, Turkey, U.K., U.S., Vietnam. *Indicates country was added (or re-added) to the study in 2020

² The 21 risks span four broad categories: behavioral, sexual, reputational and personal/intrusive. Specifically: Reputational – “Doxing” and damage to personal or professional reputations; Behavioral – Being treated meanly; experiencing trolling, online harassment or bullying; encountering hate speech and microaggressions; Sexual – Sending or receiving unwanted sexting messages and making sexual solicitations; receiving unwanted sexual attention and being a victim of sextortion or non-consensual pornography (aka “revenge porn”); Personal/intrusive – Being the target of unwanted contact, experiencing discrimination, swatting, misogyny, exposure to extremist content/recruiting, or falling victim to hoaxes, scams or fraud.

Tags: bullying, COVID-19, digital civility challenge, education, Online Safety

In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below. We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions. The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported. We also report here on attacks against other institutions and enterprises worldwide that reflect similar adversary activity.

We have observed that:

• Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants
• Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community
• Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

The majority of these attacks were detected and stopped by security tools built into our products. We have directly notified those who were targeted or compromised so they can take action to protect themselves. We are sharing more about the details of these attacks today, and where we’ve named impacted customers, we’re doing so with their support.

What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues. These activities highlight the need for people and organizations involved in the political process to take advantage of free and low-cost security tools to protect themselves as we get closer to election day. At Microsoft, for example, we offer AccountGuard threat monitoring, Microsoft 365 for Campaigns and Election Security Advisors to help secure campaigns and their volunteers. More broadly, these attacks underscore the continued importance of work underway at the United Nations to protect cyberspace and initiatives like the Paris Call for Trust and Security in Cyberspace.

Strontium

Strontium is an activity group operating from Russia whose activities Microsoft has tracked and taken action to disrupt on several previous occasions. It was also identified in the Mueller report as the organization primary responsible for the attacks on the Democratic presidential campaign in 2016. Microsoft’s Threat Intelligence Center (MSTIC) has observed a series of attacks conducted by Strontium between September 2019 and today. Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations. Many of Strontium’s targets in this campaign, which has affected more than 200 organizations in total, are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe. These targets include:

• U.S.-based consultants serving Republicans and Democrats;
• Think tanks such as The German Marshall Fund of the United States and advocacy organizations;
• National and state party organizations in the U.S.; and
• The European People’s Party and political parties in the UK.

Others that Strontium targeted recently include businesses in the entertainment, hospitality, manufacturing, financial services and physical security industries.

Microsoft has been monitoring these attacks and notifying targeted customers for several months, but only recently reached a point in our investigation where we can attribute the activity to Strontium with high confidence. MSTIC’s investigation revealed that Strontium has evolved its tactics since the 2016 election to include new reconnaissance tools and new techniques to obfuscate their operations. In 2016, the group primarily relied on spear phishing to capture people’s credentials. In recent months, it has engaged in brute force attacks and password spray, two tactics that have likely allowed them to automate aspects of their operations. Strontium also disguised these credential harvesting attacks in new ways, running them through more than 1,000 constantly rotating IP addresses, many associated with the Tor anonymizing service. Strontium even evolved its infrastructure over time, adding and removing about 20 IPs per day to further mask its activity.

We are also working with our customers to assist them in proactively hunting for these types of threats in their environments and have published additional detail and guidance on Strontium activity.

Zirconium

Zirconium, operating from China, has attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election. We’ve detected thousands of attacks from Zirconium between March 2020 and September 2020 resulting in nearly 150 compromises. Its targets have included individuals in two categories.

First, the group is targeting people closely associated with U.S. presidential campaigns and candidates. For example, it appears to have indirectly and unsuccessfully targeted the Joe Biden for President campaign through non-campaign email accounts belonging to people affiliated with the campaign. The group has also targeted at least one prominent individual formerly associated with the Trump Administration.

Second, the group is targeting prominent individuals in the international affairs community, academics in international affairs from more than 15 universities, and accounts tied to 18 international affairs and policy organizations including the Atlantic Council and the Stimson Center.

Zirconium is using what are referred to as web bugs, or web beacons, tied to a domain they purchased and populated with content. The actor then sends the associated URL in either email text or an attachment to a targeted account. Although the domain itself may not have malicious content, the web bug allows Zirconium to check if a user attempted to access the site. For nation-state actors, this is a simple way to perform reconnaissance on targeted accounts to determine if the account is valid or the user is active.

Phosphorus

Phosphorus is an activity group operating from Iran that MSTIC has tracked extensively for several years. The actor has operated espionage campaigns targeting a wide variety of organizations traditionally tied to geopolitical, economic or human rights interests in the Middle East region. Microsoft has previously taken legal action against Phosphorus’ infrastructure and its efforts late last year to target a U.S. presidential campaign. Last month, as part of our ongoing efforts to disrupt Phosphorus activity, Microsoft was again given permission by a federal court in Washington D.C. to take control of 25 new internet domains used by the Phosphorus. Microsoft has since taken control of these domains. To date, we have used this method to take control of 155 Phosphorus domains.

Since our last disclosure, Phosphorus has attempted to access the personal or work accounts of individuals involved directly or indirectly with the U.S. presidential election. Between May and June 2020, Phosphorus unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump for President campaign staff.

Bolstering Cybersecurity

We disclose attacks like these because we believe it’s important the world knows about threats to democratic processes. It is critical that everyone involved in democratic processes around the world, both directly or indirectly, be aware of these threats and take steps to protect themselves in both their personal and professional capacities. We report on nation-state activity to our customers and more broadly when material to the public, regardless of the actor’s nation-state affiliation. We are taking extra steps to protect customers involved in elections, government and policymaking. We’ll continue to disclose additional significant activity in our efforts to defend democracy.

We also believe more federal funding is needed in the U.S. so states can better protect their election infrastructure. While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem. We continue to encourage state and local election authorities in the U.S. to harden their operations and prepare for potential attacks. But as election security experts have noted, additional funding is still needed, especially as resources are stretched to accommodate the shift in COVID-19-related voting. We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy.

Tags: cyberattacks, cybersecurity, Defending Democracy Program, Election Security Advisors, ElectionGuard, Microsoft 365 for Campaigns, MSTIC, security

Today, we’re announcing two new technologies to combat disinformation, new work to help educate the public about the problem, and partnerships to help advance these technologies and educational efforts quickly.

There is no question that disinformation is widespread. Research we supported from Professor Jacob Shapiro at Princeton, updated this month, cataloged 96 separate foreign influence campaigns targeting 30 countries between 2013 and 2019. These campaigns, carried out on social media, sought to defame notable people, persuade the public or polarize debates. While 26% of these campaigns targeted the U.S., other countries targeted include Armenia, Australia, Brazil, Canada, France, Germany, the Netherlands, Poland, Saudi Arabia, South Africa, Taiwan, Ukraine, the United Kingdom and Yemen. Some 93% of these campaigns included the creation of original content, 86% amplified pre-existing content and 74% distorted objectively verifiable facts. Recent reports also show that disinformation has been distributed about the COVID-19 pandemic, leading to deaths and hospitalizations of people seeking supposed cures that are actually dangerous.

What we’re announcing today is an important part of Microsoft’s Defending Democracy Program, which, in addition to fighting disinformation, helps to protect voting through ElectionGuard and helps secure campaigns and others involved in the democratic process through AccountGuard, Microsoft 365 for Campaigns and Election Security Advisors. It’s also part of a broader focus on protecting and promoting journalism as Brad Smith and Carol Ann Browne discussed in their Top Ten Tech Policy Issues for the 2020s.

New Technologies

Disinformation comes in many forms, and no single technology will solve the challenge of helping people decipher what is true and accurate. At Microsoft, we’ve been working on two separate technologies to address different aspects of the problem.

One major issue is deepfakes, or synthetic media, which are photos, videos or audio files manipulated by artificial intelligence (AI) in hard-to-detect ways. They could appear to make people say things they didn’t or to be places they weren’t, and the fact that they’re generated by AI that can continue to learn makes it inevitable that they will beat conventional detection technology. However, in the short run, such as the upcoming U.S. election, advanced detection technologies can be a useful tool to help discerning users identify deepfakes.

Today, we’re announcing Microsoft Video Authenticator. Video Authenticator can analyze a still photo or video to provide a percentage chance, or confidence score, that the media is artificially manipulated. In the case of a video, it can provide this percentage in real-time on each frame as the video plays. It works by detecting the blending boundary of the deepfake and subtle fading or greyscale elements that might not be detectable by the human eye.

This technology was originally developed by Microsoft Research in coordination with Microsoft’s Responsible AI team and the Microsoft AI, Ethics and Effects in Engineering and Research (AETHER) Committee, which is an advisory board at Microsoft that helps to ensure that new technology is developed and fielded in a responsible manner. Video Authenticator was created using a public dataset from Face Forensic++ and was tested on the DeepFake Detection Challenge Dataset, both leading models for training and testing deepfake detection technologies.

We expect that methods for generating synthetic media will continue to grow in sophistication. As all AI detection methods have rates of failure, we have to understand and be ready to respond to deepfakes that slip through detection methods. Thus, in the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media. There are few tools today to help assure readers that the media they’re seeing online came from a trusted source and that it wasn’t altered.

Today, we’re also announcing new technology that can both detect manipulated content and assure people that the media they’re viewing is authentic. This technology has two components. The first is a tool built into Microsoft Azure that enables a content producer to add digital hashes and certificates to a piece of content. The hashes and certificates then live with the content as metadata wherever it travels online. The second is a reader – which can exist as a browser extension or in other forms – that checks the certificates and matches the hashes, letting people know with a high degree of accuracy that the content is authentic and that it hasn’t been changed, as well as providing details about who produced it.

This technology has been built by Microsoft Research and Microsoft Azure in partnership with the Defending Democracy Program. It will power an initiative recently announced by the BBC called Project Origin.

Partnerships

No single organization is going to be able to have meaningful impact on combating disinformation and harmful deepfakes. We will do what we can to help, but the nature of the challenge requires that multiple technologies be widely adopted, that educational efforts reach consumers everywhere consistently and that we keep learning more about the challenge as it evolves.

Today, we’re highlighting partnerships we’ve been developing to help these efforts.

First, we’re partnering with the AI Foundation, a dual commercial and nonprofit enterprise based in San Francisco, with the mission to bring the power and protection of AI to everyone in the world. Through this partnership, the AI Foundation’s Reality Defender 2020 (RD2020) initiative will make Video Authenticator available to organizations involved in the democratic process, including news outlets and political campaigns. Video Authenticator will initially be available only through RD2020, which will guide organizations through the limitations and ethical considerations inherent in any deepfake detection technology. Campaigns and journalists interested in learning more can contact RD2020 here.

Second, we’ve partnered with a consortium of media companies including the BBC, CBC/Radio-Canada and the New York Times on Project Origin, which will test our authenticity technology and help advance it as a standard that can be adopted broadly. The Trusted News Initiative, which includes a range of publishers and social media companies, has also agreed to engage with this technology. In the months ahead, we hope to broaden work in this area to even more technology companies, news publishers and social media companies.

Media Literacy

We’re also partnering with the University of Washington (UW), Sensity and USA Today on media literacy. Improving media literacy will help people sort disinformation from genuine facts and manage risks posed by deepfakes and cheap fakes. Practical media knowledge can enable us all to think critically about the context of media and become more engaged citizens while still appreciating satire and parody. Though not all synthetic media is bad, even a short intervention with media literacy resources has been shown to help people identify it and treat it more cautiously.

Today, we are launching an interactive quiz for voters in the United States to learn about synthetic media, develop critical media literacy skills and gain awareness of the impact of synthetic media on democracy. The Spot the Deepfake Quiz is a media literacy tool in the form of an interactive experience developed in partnership with the UW Center for an Informed Public, Sensity and USA Today. The quiz will be distributed across web and social media properties owned by USA Today, Microsoft and the University of Washington and through social media advertising.

Additionally, in collaboration with the Radio Television Digital News Association, The Trust Project and UW’s Center for an Informed Public and Accelerating Social Transformation Program, Microsoft is supporting a public service announcement (PSA) campaign encouraging people to take a “reflective pause” and check to make sure information comes from a reputable news organization before they share or promote it on social media ahead of the upcoming U.S. election. The PSA campaign will help people better understand the harm misinformation and disinformation have on our democracy and the importance of taking the time to identify, share and consume reliable information. The ads will run across radio stations in the United States in September and October.

Finally, in recent months we have significantly expanded our implementation of NewsGuard, which enables people to learn more about an online news source before consuming its content. NewsGuard operates a team of experienced journalists who rate online news websites on the basis of nine journalistic integrity criteria, which they use to create both a “nutrition label” and a red/green rating for each rated news website. People can access NewsGuard’s service by downloading a simple browser extension, which is available for all standard browsers. It is free for users of the Microsoft Edge browser. Importantly, Microsoft has no editorial control over any of NewsGuard’s ratings and the NewsGuard browser extension does not limit access to information in any way. Instead, NewsGuard aims to provide greater transparency and encourage media literacy by providing important context about the news source itself.

Policy considerations

Governments, companies, non-profits and others around the world have a critical part to play in addressing disinformation and election interference broadly. In 2018, the Paris Call for Trust & Security in Cyberspace brought together a multistakeholder group of global leaders committing to nine principles that will help ensure peace and security online. One of the most critical of these principles is defending electoral processes. In May, Microsoft, the Alliance for Securing Democracy and the Government of Canada launched an effort to lead global activities on this principle. We encourage any organization interested in contributing to join the Paris Call.

Tags: Azure, COVID-19, deepfakes, Defending Democracy Program, disinformation, ElectionGuard, Microsoft AccountGuard, Microsoft Research, newsguard, Project Origin, Video Authenticator