Tanzania's Abuse Of US Copyright Law To Silence Critics On Twitter Should Be A Warning For Regulators Looking To Mess With Content Moderation
from the it-will-always-always-be-abused dept
We were just highlighting how rules that enable the easy takedown of content on social media will always lead to over-blocking, and this is why we should be quite careful about government attempts to mandate content removal — like those of Senator Amy Klobuchar to require websites to remove “health misinformation.” It’s not like we don’t have tremendous evidence of this. Daphne Keller over at Stanford has been keeping tabs on studies of “over-removal”, with the key culprit being copyright law.
In the US, copyright law remains the main tool for silencing speech (which is why there’s still a very strong argument that the DMCA fundamentally has a 1st Amendment problem). It didn’t get that much attention, but a recent revelation from Twitter about removing networks of coordinated inauthentic behavior online, reveals just how US copyright law can be weaponized by foreign governments to silence critics — and it should be a very loud warning to those looking to create government mandates for the removal of information online.
Twitter shared the details of these removals with the Internet Observatory at Stanford and it’s from that organization’s report that the details of what happened here come. However, Stanford IO released reports on a bunch of different networks at once, so what happened with Tanzania seems to have gotten less attention than the overall set of examples. But the Tanzania example should send up signal flares about why making it easy to remove content online is so dangerous.
For years we’ve highlighted a tactic that people have used to silence others: faking a copyright on material and then claiming infringement. The tactic is stupidly brilliant. If you find some content you don’t like, just copy it onto your own website/blog and then backdate it so it looks like it came out before the content you want to have deleted. Then, send a DMCA takedown notice claiming that yours is the original, and the actual original is infringing.
A year ago, the good folks at Access Now spotted how they had been alerted to Tanzanian activists being silenced on Twitter through this technique:
Notably, ahead of Tanzania?s upcoming elections, our Helpline has received reports of hundreds of DMCA takedown demands to censor Tanzanian activists on Twitter.
Twitter has now dealt with this effort, but the details, as noted by Stanford are really eye-opening.
Twitter suspended a network of 268 accounts that were supportive of the Tanzanian government and used copyright reporting adversarially to target accounts belonging to Tanzanian activists and an opposition politician. This Tanzanian operation worked by first taking text or images tweeted by accounts that criticized the ruling Chama Cha Mapinduzi party, then putting the same content on WordPress sites and modifying the date to make it appear as if the WordPress post preceded the tweet. Fake accounts pretending to be Tanzanians or South Africans then reported the content to Twitter for violations of the US Digital Millennium Copyright Act (DMCA). Twitter then notified the accounts of the reported copyright claim. To counter such DMCA takedowns, however, the accused copyright infringer must share their personal information with Twitter. At least one of the targeted accounts relied on anonymity for safety, possibly making it undesirable for them to counter through Twitter?s process. This operation succeeded in getting Twitter to suspend at least two of the targeted accounts, though both have since been reinstated.
The details in the report show the lengths that this network went through to abuse US copyright law to silence Tanzanian activists.
The typical starting point in this operation was a tweet?sometimes just text, sometimes with an image?from a targeted account, which included the prominent activist known as Kigogo (@kigogo2014 on Twitter, 640,000 followers). Kigogo is affiliated with human rights organization Fichua Tanzania, which advocates for a politically free and open Tanzania. @kigogo2014 is a pseudonymous account that shares inside information on the country?s elites and is on occasion critical of the government, which has threatened to unveil and arrest the individual behind the account. Also targeted in this scheme was @RealHauleGluck (237,000 followers), who self-describes as a human rights watcher in Tanzania.
The network then created websites?we know of three of them based on a tweet from @kigogo2014 (see Figures 3 and 4). These sites were undeveloped and existed exclusively to post content copied from the targeted Twitter accounts. Each post on the websites was typically just an image or some of the words from the original tweet.
You can see an archive of one of these WordPress sites. It has no real info on it other than copies of the tweets or images in the tweets. The Stanford researchers looked at the metadata of the WordPress posting to see how they were backdated:
These websites then backdated a blog post to make it appear as if it had been created prior to the date of the original tweet. For example, Figure 5 shows source code from one of the WordPress sites. The post shows the publication date of September 27, 2020, making it appear as if it had been published several days before the original content was tweeted on October 1, 2020?but the source code shows the post was actually edited on October 2, 2020. Note that the minute fields for the published and updated dates are within two minutes of each other (19 and 21, respectively), further suggesting that the blog post was created on October 2nd at 3:19pm, manually backdated to September 27th (but preserving the time field at 3:19pm), then completed on October 2nd at 3:21pm.
Metadata. It’ll get you every time.
But the real weaponry here was… the US DMCA notice-and-takedown scheme:
In the next step of the scheme, Twitter accounts in the network filed DMCA complaints on Twitter. From screenshots the targeted accounts posted (see Figure 6 on the following page), we can see what these complaints looked like. They include a name?likely fake, and often appear to be Nigerian. The phone number does not appear to map onto the format of real phone numbers in Tanzania, where cell phone numbers begin with +2557 or +2556 and landline numbers begin with 02. Additionally, the same phone number was used for complaints linked to multiple individuals. The complaints linked to the allegedly violative content, along with the ?original? content. In one somewhat comical example, the complaint was over a generic photo of a sunset (Figure 7 on page 8).
The newstzolivia.wordpress.com site had a post that consisted entirely of likely backdated tweet-length content, often stolen from @kigogo2014; examples are shown in Figure 8 on page 9. The site listed the email firstname.lastname@example.org under one post, and one of the suspended accounts used the display name Olivia Patel. The account, created on June 16, 2020, had no followers.
The complaints also included the address of the complainant. Interestingly, 99 of the suspended Twitter accounts included an address in their bio, primarily in South Africa. We suspect the network thought their complaints would seem more credible if the address listed in the complaint matched the address listed in the bio, though it is unclear if this mattered. Many of the accounts that listed addresses had no visible tweets, suggesting their primary purpose may have been copyright reporting.
While this network was caught, and the suspended Twitter accounts were reinstated, this still should serve as a warning sign. When you, under the threat of legal liability, force websites to remove content based solely on the say-so of reporters, it will inevitably be abused, and sometimes to dangerous ends.
This is just the latest striking example of how that works.