Information Technology

Researchers demonstrated how remote attackers could steal UltraLoq digital keys with minimal effort. More

Image: APH
The most striking aspects of Australia’s new Cyber Security Strategy, launched on Thursday, are how vague and unambitious it is, especially when compared to the strategy launched by then-Prime Minister Malcolm Turnbull in 2016.
With the 2020 strategy now online, Turnbull’s vision has of course been thrown down the memory hole despite the government’s claim that it’s now building on its “strong foundations”.
Fortunately for us, the 2016 strategy and its first and only “annual” update are preserved at the Internet Archive.
A comparison of the two is far from flattering to the newcomer.
Turnbull had set out his vision, which in typical Turnbullian style, he referred to as his “philosophy” for a “cyber smart nation”.
“The need for an open, free and secure internet goes far beyond economics,” he wrote.
“It is important for ensuring public and financial accountability and strengthening democratic institutions. It underpins freedom of expression and reinforces safe and vibrant communities.”
Turnbull said that the internet had to be governed by those who use it, not dominated by governments.
He talked about innovation, about a “national cyber partnership”, and about Australia taking on “global responsibility and influence”.
His action plan included appointing Australia’s first Ambassador for Cyber Affairs and publishing an international cyber engagement strategy — perhaps two of the strategy’s greatest successes.
Indeed, Australia continues to play an important role in global cyber diplomacy.
The proposal for a cybersecurity growth centre turned into AustCyber, promoting Australian businesses internationally.
The strategy created the Cyber Security Cooperative Research Centre and the Joint Cyber Security Centres (JCSCs), although the latter have struggled to find their precise role.
Importantly, Turnbull appointed a minister to assist the prime minister on cybersecurity, giving the whole strategy some focus and leadership.
Also importantly, the action plan was to be completed by 2020, although admittedly most of the items didn’t come with measurable outcomes.
Turnbull’s strategy didn’t totally succeed. Far from it. But with its panoramic vision and international engagement, it was seen as world-leading.
Making cybersecurity more cybersecure
By comparison, the new strategy from the Minister for Home Affairs Peter Dutton is drab and inward-looking.
“The Australian Government’s vision is to create a more secure online world for Australians, their businesses, and the essential services upon which we all depend,” it says.
That’s it. Our vision for cybersecurity is to be more cybersecure.

Australia’s new vision for cybersecurity is to make things cyber better.
Image: Department of Home Affairs 
That said, the Dutton strategy does contain some solid proposals.
Commonwealth network operations will be centralised as a “first priority”, reversing the previous doctrine of leaving each agency to fend for itself.
Some AU$35.3 million will go to the Australian Cyber Security Centre (ACSC) to deliver a “new partner portal coupled with a multi-directional threat-sharing platform” that will operate at “machine speed”.
Such a capability has been promised for years and it’s long overdue.
New laws will enable better responsiveness in cyber emergencies, though exactly what they might contain remains to be seen.
The recommendations of the industry advisory panel are pretty much adopted wholesale, including an active cyber defence program.
But much diminished is Turnbull’s focus on developing and growing Australia’s cybersecurity industry and on innovation. The AU$90 million allocated to industry development is all about cyber skills and education.
Such broader industry development does get a mention, but it’s overshadowed by the emphasis made on intelligence, cyber response, and law enforcement.
The main new international development will be a Cyber and Critical Technology International Engagement Strategy. The rest is to carry on as before.
Looking ahead, the items relating to the internet of things (IoT) are a voluntary cybersecurity code of practice for device manufacturers and something about consumer awareness.
The word “quantum” does not appear in the document.
The Turnbull strategy was long on vision but short on numbers. In fact, it didn’t mention dollar values at all. In your correspondent’s view that’s just fine. A strategy should be about describing a vision and setting goals, not detailing the implementation.
The Dutton strategy is short on vision but does come with a sprinkling of numbers. However, those numbers are a bit of a furphy.
Of the AU$1.67 billion totalled up in the document, the vast majority is the AU$1.35 billion cyber kitty for the Cyber Enhanced Situational Awareness and Response (CESAR) package announced in June.
And for all the waving of the big numbers, this budget is spread across 10 years, or three election cycles. The strategy doesn’t specify a target date at all.

Cyber circle within cyber circle, being some sort of diagram from Australia’s new 2020 Cyber Security Strategy.
Image: Department of Home Affairs
Does Peter Dutton understand his own cyber strategy?
Rather than sell the whole strategy, Dutton has reverted to his usual “we’re protecting the kiddies, don’t you worry about that” schtick when talking about new policing powers.
“If you’re a pedophile you should be worried about these powers,” Dutton said at a press conference on Thursday.
“If you’re a terrorist you should be worried about these powers if you’re committing serious offence[s] in relation to trafficking of drugs, of ice [methamphetamine], for example, that’s being peddled to children, you should be worried about these powers as well,” he said.
“If you’re part of the Australian community, the 99% of people that aren’t involved in those activities, then I don’t think you have anything to concern yourself with.”
The controversial Assistance and Access Act got another plug too, inevitably using terrorism as the example.
“Somehow we allow end-to-end encryption where an exchange of this information can take place but even with a warrant the police can’t recover that information or stop a terrorist attack from taking place.”
One might be forgiven for getting the impression that Dutton isn’t across the whole strategy and is only capable of parrot talking points.
The document itself contains some odd ideas too.
“Cybersecurity allows families and businesses to prosper from the digital economy, just as pool fences provide peace of mind for households,” it says. This is despite its emphasis on building resilience, which would be teaching people to swim and perform CPR.
Overall, for a document that took 11 months to gestate and was delivered four months behind schedule, one might have expected something a bit more substantial.
One gets the feeling that Home Affairs produced this strategy just because everyone expected them to, so it’s a by-the-numbers exercise.
It also feels like the industry advisory panel has done all the hard work, with Dutton handing up the homework as his own.
Finally, it remains that “the Minister for Home Affairs has primary responsibility for delivering this Strategy, with support from other ministers as required”.
Dutton is already spread thin across his sprawling department. How well do we think this strategy will progress under his leadership?
Related Coverage
AFP used voluntary powers in Australia’s encryption laws three times in 2019-20
Australian Federal Police say carriers are more willing to assist under TOLA Act.
Scott Morrison cries ‘Cyber wolf!’ to deniably blame China
Australia’s prime minister didn’t name China as the source of recent ‘sophisticated’ cyber attacks in Friday’s press conference. He didn’t have to.
Labor floats active cyber defence and a civilian cyber corps for Australia
Labor proposes a public health approach, to cybersecurity, addressing the risk and susceptibility of the whole nation to cyber attack, not just critical infrastructure or ‘big-ticket capabilities’.
New Australian cybersecurity strategy will see Canberra get offensive
Powers to be created will allow the Commonwealth to actively defend networks.
Committee hits roadblock in probing Commonwealth cybersecurity performance
It’s a complex accountability tree, but there’s no central mechanism allowing a transparent view of where each Commonwealth entity is at with cybersecurity. More

The Australian Federal Police (AFP) used the non-compulsive Technical Assistance Requests (TARs) three times between 1 July 2019 and 30 June 2020.
Writing in a supplementary submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA Act), the AFP said the three requests were related to “serious computer offences and other serious crime types”.
At the same time, the AFP reiterated numbers first published in January that it had issued five TARs in the 2018-19 period. Over the same twelve months, NSW Police had used the voluntary powers two times.
Technical Assistance Requests are voluntary requests for designated communications providers to use their existing capabilities to access user communications, while the TOLA Act also allows for Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs), which are compulsory notices to compel communications providers to use or create a new interception capability, respectively.
“Our experience is that Schedule 1 of TOLA has accelerated cooperation from industry, with providers increasingly willing to assist due to TOLA providing legal certainties and assurances regarding the commercial scope and impact of requests,” the AFP said in its submission.
“The fact the AFP has not sought any TANs or TCNs to date, does not indicate these provisions are not required. Rather, it demonstrates the effectiveness of TOLA’s tiered approach.”
See also: Commissioner touts reach of AFP’s ‘tentacles’ as he rejects calls for end-to-end encryption
The AFP also stated between December 2018 and 30 June 2019 that it had obtained seven computer access warrants, two of which received extensions, and between 1 July 2019 and 30 June 2020, it had gained 16 computer access warrants.
“In addition to the refused application in 2018-2019, a further two applications in the same matter were also refused,” it said. “However, the warrant was ultimately issued during the 2019-2020 reporting period.”
In a report into the encryption laws, the then-Independent National Security Legislation Monitor Dr James Renwick recommended an independent body be established to oversee the issuance of warrants related to the TOLA Act.
TANs and TARs can currently be approved by the head of the requesting law enforcement or intelligence agency. TCNs must be approved jointly by the attorney-general and the minister for communications.
Earlier on Thursday, the Australian government handed down its 2020 Cyber Security Strategy, which would see law enforcement agencies handed powers to target “criminal activity on the dark web”.
“The Australian government will confront illegal activity, including by using our offensive cyber capabilities against offshore criminals, consistent with international law,” it said. “The Australian government will continue to strengthen the defences of its networks, including against threats from sophisticated nation states and state-sponsored actors.”
Continuing to paint encryption as a tool used by criminals, the strategy said the government would “ensure” law enforcement has powers to tackle cyber crime.
“If our law enforcement agencies are to remain effective in reducing cyber crime, their ability to tackle the volume and anonymity enabled by the dark web and encryption technologies must be enhanced,” it said.
Related Coverage More

United States Secretary of State Mike Pompeo announced on Wednesday the extension of Washington’s 5G Clean Path program to encompass carriers, app stores, cloud computing, and subsea cables under the Clean Network umbrella.
Pompeo said the extension was needed to guard against “aggressive intrusions” by the Chinese Communist Party, and called other nations to create a “Clean fortress” around citizen’s data.
Under the Clean Carrier label, the United States will seek to ensure Chinese carriers aren’t connected to US telco networks.
“Such companies pose a danger to US national security and should not provide international telecommunications services to and from the United States,” Pompeo said.
Similarly, under the Clean Cable moniker, the US will attempt to prevent China from gathering intelligence from subsea cables “at hyper scale”.
For cloud computing, Washington will seek to prevent the “most sensitive” information of US citizens and businesses from being stored or processed on cloud platforms “accessible to our foreign adversaries” from Alibaba, Baidu, and Tencent.
With apps, Pompeo said the US will remove “untrusted applications” from US mobile app stores and prevent Chinese phone markers from pre-installing “trusted” apps on these app stores.
“Huawei, an arm of the PRC surveillance state, is trading on the innovations and reputations of leading US and foreign companies,” Pompeo said.
“These companies should remove their apps from Huawei’s app store to ensure they are not partnering with a human rights abuser.”
Pompeo added that apps from China threaten privacy and spread malware, propaganda, and disinformation.
Also on Wednesday evening, Facebook pulled a video posted by the Trump campaign and said it violated the company’s COVID-19 misinformation policies.
The video showed footage from a Fox News interview, where Trump was pushing for the reopening of schools. During the interview, he said children are “virtually immune” to coronavirus.
Pompeo said over 30 countries had been labelled as “Clean Countries” with “many” of the world’s largest telcos being “Clean Telcos”.
“The United States calls on our allies and partners in government and industry around the world to join the growing tide to secure our data from the CCP’s surveillance state and other malign entities,” the Secretary of State said.
“Building a Clean fortress around our citizens’ data will ensure all of our nations’ security.”
Last month, the US added a further 11 companies to its entity list for their alleged involvement in repressing Uyghur Muslims and other Muslim ethnic minorities within China. The US initially blocked 28 Chinese companies in October.
In June, the US Federal Communications Commission formally designated Huawei and ZTE as national security threats.
Related Coverage
DOJ indicts two Chinese hackers for attempted IP theft of COVID-19 research
The DOJ suggests in the indictment that the hackers were working for both themselves and for the benefit the Chinese government’s Ministry of State Security.
Zoom will stop selling directly to Chinese customers
The video-conferencing platform has announced that customers in mainland China will have to rely on third-party partners instead.
What happens when coronavirus travel bans hit the US?
Fresh from taking out the world’s second-largest economy, coronavirus is going to play havoc when it hits the largest.
Alibaba Cloud turns on new hyperscale data centres in China
The three new facilities are part of the Chinese tech giant’s three-year $28 billion investment to modernise its cloud infrastructure and support customers’ digital transformation needs.
Huawei just overtook Samsung as the world’s biggest smartphone maker
But Huawei’s milestone wouldn’t have happened now were it not for the COVID-19 pandemic, says analyst Canalys. More

Robots used in hospitals and care homes to assist patients and the vulnerable can be fully hijacked by cyberattackers. 

Black Hat 2020

On Thursday at Black Hat USA, McAfee’s Advanced Threat Research (ATR) team disclosed new research into the robots, in which remotely-exploitable vulnerabilities were uncovered, potentially leading to mobile, audio, and video tampering on the hospital floor. 
The robot in question is Robotemi Global’s Temi, a “personal robot” that uses a range of sensors, artificial intelligence (AI) and machine learning (ML) technologies, as well as modern voice activation and mobile connectivity to perform functions including personal assistance tasks, answering Internet queries, and facilitating remote video calls.  
Available for both personal and business use, Temi has found itself put to work in the enterprise, as well as in senior living and healthcare facilities. All it takes to set up is for a mobile device to scan the robot’s QR code, in order to become Temi’s administrator. Teams of contacts can also be set up that are able to call the robot, a useful feature for medical professionals and family members alike. 
Over the course of several months, McAfee security researchers took the robot for a spin, testing everything from its firmware and update processes to app connectivity and responsiveness to commands. 
In total, four vulnerabilities were found, the use of hard-coded credentials, an origin validation error, missing authentication for critical functions, and an authentication bypass. The security issues spotted by McAfee have been assigned CVE-2020-16170, CVE-2020-16168, CVE-2020-16167, and CVE-2020-16169. 
“Together, these vulnerabilities could be used by a malicious actor to spy on Temi’s video calls, intercept calls intended for another user, and even remotely operate Temi — all with zero authentication,” the researchers say. 
See also: Cybersecurity 101: Protect your privacy from hackers, spies, and the government
The robot itself and its accompanying Android app were both explored. The first bug, found in the Android application, only required a user’s phone number to exploit.
A few modifications to the Android app, made possible through the discovery of static IDs and credentials, and attackers could intercept or eavesdrop on phone calls intended for the victim. 
Using a combination of ADB, Apktool, Keytool, and Jarsigner, the team were then able to adapt the app further for the purpose of privilege escalation due to a lack of integrity checks either by the app itself or Temi servers used to connect mobile apps to their robots.
CNET: The best home security camera of 2020
A combination of caller authentication check failures and the ability to send crafted packets to add malicious actors to contact lists with escalated controls was then exploited, and in theory, attackers would then have the tools required to remotely control the victim’s Temi robot, including moving the device and activating both the camera and microphone. 
“With the phone number of anyone who has called a Temi recently, an attacker can observe what room number and condition a hospitalized member of Congress is in,” the team says. “Temi can watch the security guard type in the building alarm code. Temi can observe the dog pictures on the nurse’s desk labeled with its cute name and birthday, that just happens to also be part of their password.”
TechRepublic: Security analysts: Industry has not solved the talent gap or provided clear career paths
The vulnerabilities were present in Temi running firmware version 20190419.165201, Launcher OS version 11969, and Robox OS version 117.21. The vulnerable Android app was running version 1.3.3. 
McAfee reported its findings on March 5 to Robotemi Global. The cybersecurity company says that the robotics vendor was one of the “most responsive, proactive, and efficient” firms it has worked with, and the vulnerabilities were patched rapidly after disclosure. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Asha Barbaschow/ZDNet
The Australian government has handed down its 2020 Cyber Security Strategy [PDF], with the Commonwealth to develop legislation that would impose cyber standards on operators of critical infrastructure and systems of national significance; consider what laws need to be changed to have a minimum cyber baseline across the economy; and create powers that allow the federal government to get on the offensive and actively defend networks and critical infrastructure.
“We work to actively prevent cyber attacks, minimise damage, and respond to malicious cyber activity directed against our national interests. We deny and deter, while balancing the risk of escalation,” the strategy states in its only use of bold typeface.
“Our actions are lawful and aligned with the values we seek to uphold, and will therefore be proportionate, always contextual, and collaborative.
“We can choose not to respond.”
As well as allowing it to attack networks, the new powers would also help the private sector recover from an attack.
“The nature of this assistance will depend on the circumstances, but could include expert advice [and] direct assistance or the use of classified tools. This will reduce the potential down-time of essential services and the impact of cyber attacks on Australians,” the strategy states.
The government intends to spend AU$62.3 million on a “classified national situational awareness capability” that would allow the government to “understand and respond” to threats on critical infrastructure and high priority networks.
“This will be complemented by increased incident reporting and near-real-time threat information from the most essential pieces of infrastructure as part of future regulatory requirements,” it said.
“To make use of all sources of threat information, the Australian government will deliver an enhanced threat-sharing platform, enabling critical infrastructure operators to share intelligence about malicious cyber activity with government and other providers at machine speed, and block emerging threats as they occur.”
An enforceable “positive security obligation” will be imposed on designated critical infrastructure operators through amendments to the Security of Critical Infrastructure Act 2018.
The government said it would also ensure Australia is not a soft target and continue to publicly call out countries when it is in the nation’s interest. The government would also hand law enforcement powers to target “criminal activity on the dark web”.
“The Australian government will confront illegal activity, including by using our offensive cyber capabilities against offshore criminals, consistent with international law,” it said. “The Australian government will continue to strengthen the defences of its networks, including against threats from sophisticated nation states and state-sponsored actors.”
Continuing to paint encryption as a tool used by criminals, the strategy said the government would “ensure” law enforcement has powers to tackle cyber crime.
“If our law enforcement agencies are to remain effective in reducing cyber crime, their ability to tackle the volume and anonymity enabled by the dark web and encryption technologies must be enhanced,” it said.
The government has also reversed its stance on leaving government departments responsible for their own cybersecurity, and will instead centralise the management and operations of Commonwealth networks.
“Centralisation could reduce the number of targets available to hostile actors such as nation states or state-sponsored adversaries, and allow the Australian government to focus its cyber security investment on a smaller number of more secure networks,” the strategy said.
“A centralised model will be designed to promote innovation and agility while still achieving economies of scale.”
The government also said it would work to get agencies to implement the Essential Eight mitigation strategies.
For businesses, the government will introduce a voluntary code of practice for internet-connected devices, as well as getting larger businesses to support smaller ones, as outlined in the industry advisory panel paper released last month.
“The Australian government will work with large businesses and service providers to provide SMEs with cybersecurity information and tools as part of ‘bundles’ of secure services (such as threat blocking, antivirus, and cybersecurity awareness training),” it states.
“Integrating cybersecurity products into other service offerings will help protect SMEs at scale and recognises that many businesses cannot employ dedicated cybersecurity staff.”
Should the code of practice fail to “drive change”, the government said it would look at implementing additional steps and also look to draw up a set of supply chain principles.
Per its recommendations, the industry advisory panel will also be morphing into a standing advisory committee.
In June, Australian Prime Minister Scott Morrison stated the country was under cyber attack from a state-based actor, widely tipped to be China.
“The Australian government knows it was a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” the strategy said on the attack.
The strategy also revealed that the Australian Signals Directorate will be used to target COVID-themed phishers, taking down their systems and “blocking their access to stolen information”.
Last month, the government announced the Cyber Enhanced Situational Awareness and Response (CESAR) package which would spend AU$1.35 billion over a decade on the nation’s security agencies. Around AU$470 million will be used to create 500 cyber-related jobs within the Australian Signals Directorate.
Beyond CESAR, the strategy put forward another AU$320 million in funding.
The strategy also introduced new cyber analogies.  
“Cybersecurity allows families and businesses to prosper from the digital economy, just as pool fences provide peace of mind for households,” it said.  
Related Coverage
Support grows for an Australian active cyber defence program
It’s a proven model supported by industry, analysts, and the Labor opposition. It’s even been given token funding. But can the government deliver?
Scott Morrison cries ‘Cyber wolf!’ to deniably blame China
Australia’s prime minister didn’t name China as the source of recent ‘sophisticated’ cyber attacks in Friday’s press conference. He didn’t have to.
Prime Minister says Australia is under cyber attack from state-based actor
Light on detail and refusing to attribute, Scott Morrison says state-based attacks are targeting all levels of government, as well as the private sector.
Labor floats active cyber defence and a civilian cyber corps for Australia
Labor proposes a public health approach, to cybersecurity, addressing the risk and susceptibility of the whole nation to cyber attack, not just critical infrastructure or ‘big-ticket capabilities’.
COVID-19 fuels cyber attacks, exposes gaps in business recovery
Some 91% of businesses reported an increase in cyber attacks with employees working from home, including 93% in Singapore, where 89% and 86% also noted gaps in their business recovery planning and IT operations, respectively, as a result of the global pandemic.
Labor asks for the whereabouts of Australia’s overdue cybersecurity strategy
Shadow Assistant Minister for Cyber Security Tim Watts hopes the new strategy shows the ‘substance and imagination that our national cyber-resilience deserves’ and that it’s accompanied by an accountable minister. More

Google has published today the second edition of its TAG Bulletin, a report that details all the coordinated influence operation campaigns that have been discovered taking place on Google-owned platform.
The report was authored by the Google Threat Analysis Group (TAG), a division inside Google’s security department that tracks nation-state and high-end cybercrime groups, and was compiled based on Google’s own investigations, but also tips and reports received from third-parties, such as social media analysis firm Graphika, cyber-security firm FireEye, the Atlantic Council investigation unit, and other social networks.
The latest TAG Bulletin covers influence ops takedowns that have taken place in the second quarter of this year, between April and June 2020.
Per Google, this quarter, the company had shut down multiple influence operation campaigns ran out of Russia, China, Iran, and Tunisia.
In total, Google said it tracked ten influence operations in Q2 2020, with some also taking place and being exposed by Twitter and Facebook as well. A summary of all is below.
April
Campaign #1
16 YouTube channels, 1 advertising account and 1 AdSense account
Linked to the Iranian state-sponsored International Union of Virtual Media (IUVM) network
Network posted content in Arabic related to the US’ response to COVID-19 and US’ relationship with Iran.
Campaign #2
15 YouTube channels and 3 blogs
Linked to Russia
Posted content in English and Russian about the EU, Lithuania, Ukraine, and the US
Content was similar to a years-long operation called Secondary Infektion
Campaign #3
7 YouTube channels
Linked to Russia
Posted content in Russian, German, and Farsi about Russian and Syrian politics and the U.S. response to COVID-19
Campaign #4
186 YouTube channel
Linked to China
Most accounts uploaded spammy, non-political content
A small subset posted political content primarily in Chinese, criticizing the US’ response to the COVID-19 pandemic
More in this Graphika report
Campaign #5
3 YouTube channels
Linked to Iran
Posted content in Bosnian and Arabic that was critical of the U.S. and the People’s Mujahedin Organization of Iran (PMOI), a militant organization fighting against the official Iranian government
May
Campaign #6
1,098 YouTube channels
Linked to China
Connected/same as campaign #4
Campaign #7
47 YouTube channels and 1 AdSense account
Linked to Russia
Posted content in a coordinated manner primarily in Russian about domestic Russian and international policy issues
June
Campaign #8
1,312 YouTube channels
Linked to China
Connected/same as campaign #4 and #7
Campaign #9
17 YouTube channels
Linked to Russia
Posted comments in Russian in a coordinated manner under a small set of Russian language videos
Campaign #10
3 Google Play developers and 1 advertising account
Linked to Tunisian PR company Ureputation
Posted news content in English and French, targeting audiences in Africa
More in this DFRLab report More

A video posted from the Facebook page of United States President Donald Trump has been pulled down by the social media giant as it violated the company’s COVID-19 misinformation policies.

The video showed footage from a Fox News interview, where Trump was pushing for the reopening of schools. During the interview, he said children are “virtually immune” to coronavirus.
“If you look at children, children are almost — and I would almost say definitely — but almost immune from this disease. So few — they’ve got stronger, hard to believe, and I don’t know how you feel about it, but they’ve got much stronger immune systems than we do somehow for this,” the president said during the interview.
“They just don’t have a problem.”
The video, which is no longer available on Facebook, is still available on Trump’s Twitter account, where it has clocked over 916,000 views.
“This video includes false claims that a group of people is immune from COVID-19 which is a violation of our policies around harmful COVID misinformation,” Facebook spokesman Andy Stone said in a statement issued to sister site CNET.
Facebook’s community standards outline what is and what is not allowed on Facebook, and was crafted based on feedback from its “community” and the advice of experts in fields such as technology, public safety, and human rights.
“We want people to be able to talk openly about the issues that matter to them, even if some may disagree or find them objectionable,” Facebook writes.
“In some cases, we allow content that would otherwise go against our Community Standards — if it is newsworthy and in the public interest. We only do this after weighing the public interest value against the risk of harm and we look to international human rights standards to make these judgments.”
The social network said the consequences for violating its standards vary depending on the severity of the violation and the person’s history on the platform.
“For instance, we may warn someone for a first violation, but if they continue to violate our policies, we may restrict their ability to post on Facebook or disable their profile,” the standards note. “We may also notify law enforcement when we believe that there is a genuine risk of physical harm or a direct threat to public safety.”
While the video is still available via Trump’s own Twitter account, his campaign account was asked to remove the post. According to a Washington Post report, Twitter said it will require the account to remove the post, or the account will be banned from tweeting until it does so as the tweet is “in violation of the Twitter Rules on COVID-19 misinformation”.
Twitter was previously accused by Trump of “interfering” with the 2020 presidential election, after the company slapped fact-checking links on his tweets that claimed mail-in voting would lead to a “rigged election”.
Updated 11:06am AEST Wednesday August 6, 2020: Added banning of Trump’s campaign account until its copy of the video is removed.
RELATED COVERAGE More