Cyber Week in Review: August 30, 2024

U.S. appellate court rules TikTok not shielded from Section 230 liability in wrongful death case

The U.S. Third Circuit Court of Appeals released a decision this week that found that Section 230 of the Communications Decency Act did not shield TikTok from liability in a wrongful death case. The plaintiff in the case, Tawainna Anderson, had sued TikTok and its parent company, ByteDance, over TikTok’s role in the death of Anderson’s ten-year-old daughter, Nylah, from a viral “blackout challenge.” The ruling is a major departure from precedent, which has typically regarded social media platforms as immune from liability for the content they recommend to users. The author of the opinion, U.S. Circuit Judge Patty Shwartz, justified the change by citing a U.S. Supreme Court ruling from July, which she said found that “editorial judgements” were not shielded by Section 230. Judge Shwartz concluded that algorithmic content recommendation systems reflected editorial judgements on the part of social media platforms and were thus exempt from Section 230 protection. The decision by the Third Circuit Court is almost certain to draw scrutiny, and will likely be appealed to the U.S. Supreme Court, creating a new opening for review of a statute that has been fundamental to the growth of internet platforms and the protection of free speech.

Telegram founder Pavel Durov arrested and charged in France

Telegram founder and CEO Pavel Durov was charged with several criminal counts by French authorities yesterday, including receipt of stolen goods, money laundering, fraud, and terrorism; French authorities have said the investigation extends beyond Durov, and have also issued an arrest warrant for Durov’s brother, Nikolai Durov, on similar charges. The investigation reportedly centers around Telegram’s failure to cooperate with French authorities’ investigations into criminal activity on the app. Telegram has repeatedly refused to take down content on the platform, often citing freedom of speech as its reasoning, and claims it rarely, if ever, discloses user data to governments. Telegram has refused to report child sexual abuse material (CSAM) found on its platform to the U.S. National Center for Missing and Exploited Children (NCMEC), for example. French President Emmanuel Macron released a statement saying that Durov’s arrest was “in no way a political decision” and that France remains committed to freedom of expression. Durov is a citizen of Russia, among other countries, and a spokesperson for the Russian government, Dmitry Peskov, said that the accusations against Durov “are very serious indeed, and they require an equally serious basis of evidence.” It is currently unclear if Durov was arrested because of direct complicity in certain crimes or if French authorities charged him over Telegram’s failure to cooperate. Experts noted that Durov’s arrest raises major questions around liability for platforms’ decision-making, as most countries have avoided assigning personal liability for platforms content moderations to employees of said companies.

Chinese hackers broke into networks of American internet service providers

Chinese hackers penetrated deep into the networks of at least three U.S. internet service providers (ISP) in recent months. The attackers leveraged their access to the ISPs to target government officials and undercover operatives for surveillance, according to U.S. intelligence officials. Some of the hacking techniques were similar to ones used by Chinese-backed group, Volt Typhoon, which has carried out a string of major hacks of U.S. critical infrastructure in recent months that might have been aimed at physically destroying U.S. infrastructure. Lumen Technologies, a U.S. cybersecurity company, published a report on one specific intrusion by Volt Typhoon; the report documents how Volt Typhoon used a zero-day bug in servers produced by the company Versa to infiltrate the networks of at least one ISP.

Tech companies criticize Malaysia’s plan for social media licensing

The Malaysian government’s proposal to create a licensing regime for social media and private messaging platforms has come under fire from an industry group representing several major tech companies. The Asia Internet Coalition (AIC), an industry group whose members include Google, Meta, and X, sent a letter to the Malaysian prime minister’s office citing concerns around the rollout of the law. The government’s plan would require platforms with more than eight million users in the country to buy an annual operating license and could open platforms to criminal liability for user-generated content posted on the platform. The AIC said that the regulation would curtail investment and stifle innovation and criticized the lack of public consultation before the release of some of the licensing rules. The Malaysian government will also require companies subject to the regulations to establish an office incorporated in Malaysia, a proposal which has been criticized in other contexts as a potential source of coercion.

Misinformation surges in India around unrest in Bangladesh

Traditional news outlets and social media platforms in India have been flooded with misinformation around anti-Hindu violence in Bangladesh since the recent resignation of Bangladesh’s Prime Minister, Sheikh Hasina after months of student protests. After Hasina’s resignation, clashes between protestors and police have grown increasingly violent, and allegations of targeted violence against Hindus (a minority in predominantly Muslim Bangladesh) have flooded social media platforms and been aired by major news outlets. Indian news channel Republic TV aired a segment claiming that a fire at a Hindu temple in Bangladesh was set by so-called Islamists, despite expert reports that the temple itself had not been targeted for arson. Right-wing Hindu groups in India have held rallies in the states of Uttar Pradesh, Maharashtra, and others to protest what they have called “Islamist communal attacks on Hindus.” Experts and fact-checkers continue emphasizing that protestors were largely attacking members of Hasina’s Awami League political party or members of the police and military, rather than targeting individuals based on their ethnicity or religious beliefs.