假新聞，假社交媒體賬號，線上調查假受訪者，還有假購票者。造假泛濫反映出一個趨勢：程序造假泛濫。

什么時候才能去偽存真，制止造假程序？

造假程序幾乎占互聯網流量的20%。這些電腦程序竊取商業網站的內容，迫使一些網站關閉，影響收費廣告指標的正常表現，在各種論壇灌水，還會搶購百老匯音樂劇《漢密爾頓》（Hamilton ）的票高價倒賣。

隨著媒體曝光俄羅斯利用程序干涉美國總統大選，《紐約時報》推出有關Twitter僵尸粉絲交易和轉發帖子的熱門調查報道，事實已經生動地說明，造假程序比大多數人意識的嚴重。

然而造假程序仍在泛濫，主要由于兩大因素：一是開發和銷售程序的監管法律含糊不清，二是社交媒體公司對用戶數量的真實性睜一只眼閉一只眼。

嚴厲打擊造假程序并非易事，但新近一些實例顯示行動已經開始。我們應該將造假程序視為社會公敵。

造假程序滲透社交媒體

不久以前，造假程序主要涉及信息技術或者某些深奧的商業問題，犯罪分子的主要手段包括網頁抓取、暴力破解攻擊、競爭數據挖掘、侵入賬號、未經授權的漏洞檢測、發送垃圾郵件和點擊量作假等。

可如今，造假程序的應用趨勢令人不安，已經能通過大型社交媒體平臺操縱選舉和政治議題。

去年10月，美國國會議員舉行聽證會，召集Facebook、Twitter和谷歌的高管，要求其解釋俄羅斯方面如何利用三家公司旗下的平臺干擾2016年美國總統大選。三家公司的高管承諾會改進。今年1月末，美國民主黨議會領袖又呼吁Facebook和Twitter分析俄羅斯的程序在網上競選活動中發揮的作用，并公布一份包含美國聯邦調查局（FBI）對俄羅斯政府干擾大選絕密信息的備忘錄。

今年2月16日，美國特別檢察官羅伯特·米勒起訴13名俄羅斯公民，指控其操縱電腦程序傳播不實信息，在社交媒體散布有利于現任美國總統唐納德·特朗普的宣傳信息。

造假程序在Twitter上肆虐的形勢比很多人意識中還嚴重。Twitter的高管在美國國會作證稱，約5%的Twitter賬號來自造假程序。但一些研究顯示，實際占比高達15%。去年11月，Facebook告知股東，社交平臺上約有6000萬賬號可能是虛假賬號，占其月均用戶總數的2%。

和線上內容出版商一樣，社交媒體公司容許平臺上存在造假程序，因為月度活躍用戶是衡量業績的一大指標。不管背后是不是真人，賬號就是賬號。

制止瘋狂

這個問題上，社交媒體公司非常虛偽，就像好萊塢經典電影《卡薩布蘭卡》（Casablanca）里反面人物雷諾局長（Captain Renault）。片中，身為警察局局長的雷諾一邊在男主人公的酒吧里賭錢，轉頭又驚呼“我非常震驚，這里（酒吧）居然有賭場。”現狀必須改變。因為社交媒體實際上有能力影響言論，所以在造假程序操縱選舉和公眾議論的過程中，其不作為造成了極大危害。社交媒體必須積極行動，加強自我管理。

他們完全能做到。看看吧，在《紐約時報》公布上述調查后，Twitter的幾十個知名用戶賬號一下子減少了超過100萬關注者。我可不信這是巧合。

Twitter應該考慮將“認證”服務范圍擴大到所有人類用戶，認證賬號會獲得藍色徽標，可以幫用戶識別賬號真偽。假如Twitter這么做，技術上會是個大工程，畢竟造假程序太難阻止，一般來說虛假賬號會假扮合法用戶，又通過人工智能技術模仿人類。不過，人工智能同樣可以用來鑒定賬號身份。

政府的作用

與此同時，政府應該參與打擊造假程序的戰爭。這場仗不好打，因為造假程序的傳播者是匿名的，無法識別身份就很難通過法律手段懲治。

2016年9月，美國聯邦政府才第一次針對造假程序立法。當時國會通過了打擊黃牛票的《優化線上售票法案》（BOTS）。耐人尋味的是，法案推出后票務問題仍然存在。部分原因是美國聯邦貿易委員會（FTC）沒怎么落實。

國會接下來會更新早已過時的《電腦欺詐和濫用法》（CFAA），明確侵入電腦獲取和修改信息屬于違法行為。令人吃驚的是，直到現在這部1986年出臺的法案還是執法依據。美國的法律應該清晰地界定允許和禁止的行為。

美國各州政府也能發揮作用。今年1月，紐約州檢察長史樹德就做出了一項為人稱道的決定：調查出售社交媒體假粉絲賬號的公司Devumi，也是《紐約時報》調查報道中曝光的對象。

無須再忍

最后，我們身為消費者也都受夠了造假程序。公平地說，受害者就兩塊：一是社交媒體公司二是用戶。當年創始人創立Twitter時并沒料到會被俄羅斯攻擊，初衷是幫助人們互相交流。用戶也沒想到身份信息會被竊取，賬號被濫用。盡管如此，我們仍然要求社交媒體平臺更透明，否則只能拋棄。

現在當務之急是認清造假程序的危險性，然后著手解決問題。不能容忍造假繼續，不然每個人都會受害。（財富中文網）

本文作者拉米·埃塞德是Distil Networks的聯合創始人兼董事長。該公司主要業務為檢測造假程序并降低危害。

譯者：Pessy

審稿：夏林

Fake news. Fake social media accounts. Fake online poll takers. Fake ticket buyers. And behind them all: The prolific fakery of botnets.

When will we get real and stop them?

Malicious bots account for nearly 20% of all Internet traffic. These robotic computer scripts have been responsible for stealing content from commercial websites, shutting down websites, swaying advertising metrics, spamming forums, and snatching away Hamilton tickets for exorbitant resale.

But revelations about Russian bots meddling in the U.S. election and a scorching New York Times investigation into the selling of fake Twitter followers and retweets vividly illustrate that the bot epidemic is even more severe than most people realized.

And yet the bots march on, aided by a double whammy: murky laws governing their creation and sale, and social media companies that have too often turned a blind eye to the veracity of their reported user numbers.

Tightening our defenses against malicious bots won’t be easy, but recent events show that the effort is warranted. Bots should be considered nothing less than a public enemy.

Bots infiltrate social media

Not long ago, bots were mainly thought of as an IT or somewhat esoteric business problem—the main culprits behind web scraping, brute force attacks, competitive data mining, account hijacking, unauthorized vulnerability scans, spam, and click fraud.

But the use of bots to manipulate elections and political discussion via the major social media platforms is a new and unnerving trend.

In October, members of Congress hauled executives from Facebook, Twitter, and Googleinto a hearing to explain Russian interference via their platforms in the 2016 presidential campaign. The executives promised to do better. And yet in late January, top congressional Democrats called on Facebook and Twitter to analyze the role of Russian bots in the online campaign to release a memo containing classified information about the federal investigation into Russia’s meddling.

On Feb. 16, Special Counsel Robert Mueller filed an indictment accusing 13 Russians of running a bot farm and disinformation operation that spread pro-Donald Trump propaganda on social media.

Bots are more prevalent on Twitter than many realize. While Twitter testified before Congress that about 5% of its accounts are run by bots, some studies have shown that number to be as high as 15%. In November, Facebook told shareholders that around 60 million, or 2%, of its average monthly users may be fake accounts.

Social media companies—just like online publishers—have a vested interest in letting bots exist on their platforms because monthly active users are one of their main measurements of success. Accounts, human or not, are accounts.

Stopping the madness

Social media companies’ disingenuous Captain Renault act—he was the character in Casablanca who declared, “I’m shocked, shocked, to find that gambling is going on here”—must stop. With its ability to influence opinions, social media does remarkable harm by playing a role in the rigging of elections and public debate. So social media companies must step up and more aggressively self-police.

We know they can do it. Look at how more than a million followers disappeared from the accounts of dozens of prominent Twitter users right after the New York Timesinvestigation was published. I doubt this was a coincidence.

Twitter should consider extending its “verified” program—that blue badge that lets people know an account of public interest is authentic—to all human users. This would be a huge technological undertaking—after all, bots are so hard to prevent because they act as a legitimate user would—but the same artificial intelligence technologies that allow bots to emulate humans could be used to verify humans.

The government’s role

Meanwhile, government needs to join the fight against bad bots. This won’t be easy, as bot promulgators are anonymous and it’s difficult to legislate against those you can’t identify.

The bot problem didn’t prompt its first piece of federal legislation until September 2016, when Congress passed the anti-ticket scalping Better Online Ticket Sales (BOTS) Act. Interestingly, the ticket problem persists despite the law, in part because the Federal Trade Commission has done little to enforce it.

A good next move for Congress would be to launch a long-overdue update of the Computer Fraud and Abuse Act from 1986, which makes it unlawful to break into a computer to access or alter information and, astoundingly, still serves as a legal guidepost today. U.S. law needs better definition of what’s allowed and what’s not.

States can play a role too, as evidenced by New York Attorney General Eric Schneiderman’s laudable decision to investigate Devumi, the company selling fake social media followers and the subject of the New York Times investigation.

Enough is enough

Finally, we as consumers should say we’re tired of these shenanigans. Now, to be fair, there are two victims: the social media companies and the users. Twitter’s founders didn’t create its platform expecting it to be under attack from the Russians; they wanted people to communicate. Users didn’t expect their profiles to be stolen and their accounts to be abused. Nevertheless, we can demand that social media platforms be more transparent—or else we won’t use them.

It’s high time to recognize that bad bots are a serious threat and start addressing the problem head-on. The fakery can’t be allowed to continue, or we all suffer.

Rami Essaid is co-founder and chairman of Distil Networks, a bot detection and mitigation company.