Commonwealth DPP taking briefs on deepfakes from police – Security – Software


The Commonwealth Director of Public Prosecutions (CDPP) is already handling evidentiary briefs involving the use of deepfakes but is worried at its ability to act on them.



Deepfakes are typically images that are manipulated using artificial intelligence to depict things that never happened. 

The prosecution service is concerned at the limited options under the federal criminal code to pursue a case involving deepfakes, and – as a result – at the maximum possible sentence that can be imposed.

“The CDPP has received referrals from investigative agencies in relation to deepfakes, being cases where individuals have created media which depict victims in certain poses or saying or doing things, where those victims have not in fact said or done those things,” it said in a submission to a cybercrime inquiry. [pdf]

“Where an individual engages in conduct relating to deepfakes using a carriage service, the most likely available Commonwealth offence will be that available under s474.17(1) of the criminal code. 

“The CDPP observes that the maximum penalty for an offence against s474.17(1) is three years’ imprisonment.”

Although a related crime for the carriage of “private sexual material” exists, with a higher maximum sentence, the prosecution service indicated it would have trouble mounting a successful case for a crime involving deepfakes.

“The issue that arises is that, as the victim was not involved in the creation of the fictional ‘deepfake’ version of themselves, it cannot be said that any expectation of privacy attaches to the depiction of the victim,” the CDPP said.

A recent civil case involved the creation and publication of deepfakes of “Australian public figures”. The creator was ultimately fined for not removing the images, but the case only progressed when the alleged offender relocated to Australia from overseas.

Device data hard to access, sift

The CDPP is also worried about the level of resourcing and longer lead times required to access and analyse data on suspects’ devices.

While not an investigative agency itself, the prosecution service needs sufficient evidence a crime was committed in order to take it to court.

“It is not uncommon for digital devices, such as mobile phones and computers, to be seized when a defendant is arrested and charged with a criminal offence,” the CDPP said.

“However, it may take many months for investigating agencies to be able to gain access to all of the data on those devices. 

“This can delay the progress of a criminal prosecution.”

The CDPP took aim at end-to-end encryption, but also at an apparent gap in technical capability to analyse large datasets taken from devices or presumably cloud accounts associated with a device.

“Increasing data volumes present challenges to all parties in the justice system, including police, prosecutors, defendants, defence legal representatives, and the courts,” the CDPP said.

“At the same time, new technology also offers the prospect of being able to interrogate and sort large data sets more quickly to identify relevant information.”

Stolen data access

The CDPP also warned that current laws may be inadequate to deal with certain alleged offences involving stolen data.

It appears to want provisions for a specific offence around accessing stolen data.

“There may be no available offence to cover an individual who has knowingly or recklessly dealt with unlawfully obtained data but may not yet have engaged in further criminal conduct by using that unlawfully obtained data in the commission of a criminal offence,” the CDPP said.

Cybercrime prosecutions

In Australia, charges related to “cyber-dependent” offences were brought against 34 defendants between July 1 2018 and November 30 last year.

Of those charged, 26 were convicted “of at least one offence” and another six are awaiting sentence. “One prosecution remains ongoing … [and] one matter was discontinued and withdrawn,” the CDPP said.



Source link