Microsoft wants Congress to pass a new law regulating deepfake fraud and governing artificial intelligence, which the Big Tech company said is necessary to protect the legitimacy of elections, as well as vulnerable senior citizens and women and children.
The company’s multiplying failures to protect its own customers, including the federal government, from security breaches has prompted a congressional showdown, highlighted by testimony by Microsoft President Brad Smith in the House Homeland Security Committee last month.
Now, the Big Tech company is back with new recommendations for lawmakers to follow. Mr. Smith issued a new white paper on Tuesday on the problem of “abusive AI-generated content” that implores Congress to move quickly.
Mr. Smith, who parried questions about his company’s missteps that got one congressman hacked by China-linked attackers, made new demands of the lawmakers in the paper, after an opening quote from a book Mr. Smith himself wrote several years ago.
“Congress should enact a new federal ’deepfake fraud statute,’” Mr. Smith said. “We need to give law enforcement officials, including state attorneys general, a stand-alone legal framework to prosecute AI-generated fraud and scams as they proliferate in speed and complexity.”
Mr. Smith said Congress must also force AI system providers to label content and ensure federal laws on child sexual exploitation are updated to include provisions to handle AI-generated content.
Fears about AI causing political disruptions are widespread. The U.S. intelligence community, for example, has branded AI as a “malign influence accelerant” amid fears of deepfakes of politicians.
Whether AI presents more of an imminent threat than Microsoft’s own products and services remains unclear, however. Millions of computers running Microsoft’s Windows operating system failed to function globally after a CrowdStrike software update earlier this month, leaving computers knocked offline at major airports, businesses and elsewhere.
A devastating hack compromised the emails of Microsoft’s government clients last year, with the culprits linked to China. Mr. Smith defended Microsoft’s operations in China during testimony to Congress in June.
But Microsoft has reportedly told its China-based employees to use Apple products amid security concerns about cyberespionage.
Not to be outdone, Russian-linked hackers also breached Microsoft’s defenses. Microsoft said earlier this year the hackers targeted the company’s executives to learn what Microsoft knew about the hackers themselves.
The company also found Russian cyberattackers using the company’s conferencing platform last year to victimize espionage targets.
Breaching Microsoft’s defenses has not proven difficult. An unprotected Microsoft Azure server holding 3 terabytes of government data sat exposed last year, spilling U.S. military emails into the open. The server was likely not password-protected, according to a cybersecurity researcher who examined the problem, and it is not fully known who accessed the data.
Given Microsoft’s many security failures, some lawmakers appear less likely to bow to the company’s policy recommendations regarding security.
Rep. Carlos Gimenez, Florida Republican, told Mr. Smith in June he doubted Microsoft’s assurance that its work was safe from the Chinese Communist Party influence.
“I just don’t trust a word you’re saying to me, OK?” Mr. Gimenez told Mr. Smith at a House hearing.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.