Petition Urging House to Stop Non-Consensual Deepfakes

FOR IMMEDIATE RELEASE: December 4, 2024

Contact: comms@encodeai.org

Petitions support the DEFIANCE Act and TAKE IT DOWN Act

WASHINGTON, D.C. – On Wednesday, Americans for Responsible Innovation and Encode announced a new petition campaign, urging the House of Representatives to pass protections against AI-generated non-consensual intimate images (NCII) and revenge porn before the end of the year. The campaign, which is expected to gather thousands of signatures over the course of the next week, supports passage of the TAKE IT DOWN ACT and the DEFIANCE Act. Petitions are being gathered at StopAIFakes.com.

The TAKE IT DOWN Act, introduced by Sens. Ted Cruz (R-TX) and Amy Klobuchar (D-MN), criminalizes the publication of non-consensual, sexually exploitative images — including AI-generated deepfakes — and requires online platforms to have in place notice and takedown processes. The DEFIANCE Act was introduced by Sens. Dick Durbin (D-IL) and Lindsey Graham (R-SC) in the Senate and Rep. Alexandria Ocasio-Cortez (D-NY) in the House. The bill empowers survivors of AI NCII — including minors and their families — to take legal action by suing their perpetrators. Both bills have passed the Senate.

“We can’t let Congress miss the window for action on AI deepfakes like they missed the boat on social media,” said ARI President Brad Carson. “Children are being exploited and harassed by AI deepfakes, and that causes a lifetime of harm. The DEFIANCE Act and the TAKE IT DOWN Act are two easy, bipartisan solutions that Congress can get across the finish line this year. Lawmakers can’t be allowed to sit on the sidelines while kids are getting hurt.”

“Deepfake porn is becoming a pervasive part of our schools and communities, robbing our children of the safe upbringing they deserve,” said Encode Vice President of Public Policy Adam Billen. “We owe them a safe childhood free from fear and exploitation. The TAKE IT DOWN and DEFIANCE Acts are Congress’ chance to create that future.”

###

About Encode Justice: Encode is the world’s first and largest youth movement for safe and responsible artificial intelligence. Powered by 1,300 young people across every inhabited continent, Encode Justice fights to steer AI development in a direction that benefits society.

Critical AI Legislation in the Lame Duck Session

As we enter the lame duck session of the 118th Congress, we stand at a critical juncture for artificial intelligence policy in the United States. The rapid advancement of AI technologies has created both unprecedented opportunities and challenges that demand a coordinated legislative response. Throughout the year, Encode has been working tirelessly with lawmakers and coalition partners to advocate for a comprehensive AI package that addresses safety, innovation, and American leadership in this transformative technology.

With the election behind us, we congratulate President-elect Trump and Vice President-elect Vance and look forward to supporting their administration’s efforts to maintain American leadership in AI innovation. The coming weeks present a unique opportunity to put in place foundational, bipartisan policies that will help the next administration hit the ground running on AI governance.

1. The DEFIANCE Act: Protecting Americans from AI-Generated Sexual Abuse

The Problem: In recent years the technology used to create AI-generated non-consensual intimate imagery (NCII) has become widely accessible. Perpetrators are now able to create highly realistic deepfake NCII of individuals with a single, fully clothed photo and access to the internet. That has resulted in an explosion of this content – 96% of all deepfakes are nonconsensual pornography and 99% of it targets women. Today, 15% of children say they know of other children who have been a victim of synthetic NCII in their own school just in the last year. Victims often grapple with anxiety, shame, isolation, and deep fears about reputational harm, future career repercussions, and the ever-present risk that photos might reappear at any time.

The Solution: The DEFIANCE Act (S. 3696) creates the first comprehensive federal law allowing victims to sue not just the people who create these fake images and videos, but also those who share them. Importantly, the bill gives victims up to 10 years to take legal action — critical because many people don’t discover this content until long after it’s been created. The bill also includes special protections to keep victims’ identities private during court proceedings, making it safer for them to seek justice without fear of further harassment.

Why It Works: With deepfake models becoming increasingly decentralized and accessible, individuals can now create harmful content with limited technical expertise. Given how easy it is for perpetrators to spin up these models independently, establishing a private right of action is crucial. The DEFIANCE Act creates a meaningful pathway for victims to directly target those responsible for creating and distributing harmful content.

2. Future of AI Innovation Act: Ensuring AI Systems Are Safe and Reliable

The Problem: AI systems are becoming increasingly powerful and are being used in more critical decisions. Yet we currently lack standardized ways to evaluate whether these systems are safe, reliable, or biased. As companies race to deploy more powerful AI systems, we need a trusted way to assess their capabilities and risks.

The Solution: The Future of AI Innovation Act (S. 4178/H.R. 9497) codifies America’s AI Safety Institute (AISI) at NIST, our nation’s standards agency. Through collaborative partnerships with companies, the institute will develop testing methods and evaluation frameworks to help assess AI systems. Companies can voluntarily work with AISI to evaluate their AI technologies before deployment.

Why It Works: This bill creates a collaborative approach where government experts work alongside private companies, universities, and research labs to develop voluntary testing standards together. Unlike regulatory bodies, AISI has no authority to control or restrict the development or release of AI models. Instead, it serves as a technical resource and research partner, helping companies voluntarily assess their systems while ensuring America maintains its leadership in AI development.

The Support: This balanced approach has earned unprecedented backing from across the AI ecosystem. Over 60 organizations — from major AI companies like OpenAI and Google to academic institutions like UC Berkeley and Carnegie Mellon to advocacy groups focused on responsible AI — have endorsed the bill. This broad coalition shows that safety and innovation can go hand in hand.

3. The EPIC Act: Building America’s AI Infrastructure

The Problem: As AI becomes more central to our economy and national security, NIST (our national standards agency) has been given increasing responsibility for ensuring AI systems are safe and reliable. However, the agency faces two major challenges: it struggles to compete with private sector salaries to attract top AI talent, and its funding process makes it difficult to respond quickly to new AI developments.

The Solution: The EPIC Act (H.R. 8673/S. 4639) creates a nonprofit foundation to support NIST’s work, similar to successful foundations that support the NIH, CDC, and other agencies. This foundation would help attract leading scientists and engineers to work on national AI priorities, enable rapid response to emerging technologies, and strengthen America’s voice in setting global AI standards.

Why It Works: Rather than relying solely on taxpayer dollars, the foundation can accept private donations and form partnerships to support critical research. This model has proven highly successful at other agencies – for example, the CDC Foundation played a crucial role in the COVID-19 response by quickly mobilizing resources and expertise. The EPIC Act would give NIST similar flexibility to tackle urgent AI challenges.

The Support: This practical solution has been endorsed by four former NIST directors who understand the agency’s needs, along with major technology companies and over 40 civil society organizations who recognize the importance of having a well-resourced standards agency.

4. CREATE AI Act: Democratizing AI Research

The Problem: Today, cutting-edge AI research requires massive computing resources and extensive datasets that only a handful of large tech companies and wealthy universities can afford. This concentration of resources means we’re missing out on innovations and perspectives from researchers at smaller institutions, potentially overlooking important breakthroughs and lines of research that the largest companies aren’t incentivized to invest in.

The Solution: The CREATE AI Act (S. 2714/H.R. 5077) establishes a National AI Research Resource (NAIRR) — essentially a shared national research cloud that gives researchers from any American university or lab access to the computing power and data they need to conduct advanced AI research.

Why It Works: By making these resources widely available, we can tap into American talent wherever it exists. A researcher at a small college in rural America might have the next breakthrough idea in AI safety or discover a new application that helps farmers or small businesses. This bill ensures they have the tools to pursue that innovation.

5. Nucleic Acid Standards for Biosecurity Act: Securing America’s Biotech Future

The Problem: Advances in both AI and biotechnology are making it easier and cheaper to create, sell and buy synthetic DNA sequences. While this has enormous potential for medicine and research, it also creates risks if bad actors try to recreate dangerous pathogens or develop new biological threats. Currently, there is no standardized way for DNA synthesis companies to screen orders for potentially dangerous sequences, leaving a critical security gap.

The Solution: The Nucleic Acid Standards for Biosecurity Act (H.R. 9194) directs NIST to develop clear technical standards and operational guidance for screening synthetic DNA orders. It creates a voluntary framework for companies to use to identify and stop potentially dangerous requests while facilitating legitimate research and development.

Why It Works: Rather than creating burdensome regulations, this bill establishes voluntary standards through collaboration between industry, academia, and government. It helps make security protocols more accessible and affordable, particularly for smaller biotech companies. The bill also addresses how advancing AI capabilities could be used to design complex and potentially dangerous new genetic sequences that could go undetected by existing screening mechanisms, ensuring our screening approaches keep pace with technological change.

The Support: This approach has gained backing from both the biotechnology industry and security experts. By harmonizing screening standards through voluntary cooperation, it helps American businesses compete globally while cementing U.S. leadership in biosecurity innovation.

6. Securing Nuclear Command: Human Judgment in Critical Decisions

The Problem: As AI systems become more capable, there’s increasing pressure to use them in Nuclear Command, Control, and Communications (NC3). While AI can enhance many aspects of NC3, we need to make it absolutely clear to our allies and adversaries that humans remain in control of our most consequential military decisions — particularly those involving nuclear weapons.

The Solution: A provision in the National Defense Authorization Act would clearly require human control over all critical decisions related to nuclear weapons. This isn’t about banning AI from Nuclear Command, Control, and Communications — it’s about establishing clear boundaries for its most sensitive applications.

Why It Works: This straightforward requirement ensures that while we can benefit from AI’s capabilities in NC3, human judgment remains central to the most serious decision points. It’s a common-sense guardrail that has received broad support.

The Path Forward

These bills represent carefully negotiated, bipartisan solutions that must move in the coming weeks. The coalitions are in place. The urgency is clear. What’s needed now is focused attention from leadership to bring these bills across the finish line before the 118th Congress ends.

As we prepare for the transition to a new administration and Congress, these foundational measures will ensure America maintains its leadership in AI development while protecting our values and our citizens.

———

This post reflects the policy priorities of Encode, a nonprofit organization advocating for safer AI development and deployment.

Encode Urges Immediate Action Following Tragic Death of Florida Teen Linked to AI Chatbot Service

FOR IMMEDIATE RELEASE: Oct. 24, 2024

Contact: cecilia@encodeai.org

Youth-led organization demands stronger safety measures for AI platforms that emotionally target young users.

WASHINGTON, D.C.Encode expresses profound grief and concern regarding the death of Sewell Setzer III, a fourteen-year-old student from Orlando, Florida. According to a lawsuit filed by his mother, Megan Garcia, a Character.AI chatbot encouraged Setzer’s suicidal ideation in the days and moments leading up to his suicide. The lawsuit alleges that the design, marketing, and function of Character.AI’s product led directly to his death.

The 93-page complaint, filed with the District Court of Orlando, names both Character.AI and Google as defendants. The lawsuit details how platforms failed to adequately respond to messages indicating self-harm and documents “abusive and sexual interactions” between the AI chatbot and Setzer. Character.AI now claims to have strengthened protections on their platform against platform promoting self-harm, but recent reporting shows that it still hosts chatbots with thousands or millions of users explicitly marketed as “suicide prevention experts” that fail to point users towards professional support.

“It shouldn’t take a teen to die for AI companies to enforce basic user protections,” said Adam Billen, VP of Public Policy at Encode. “With 60% of Character.AI users being below the age of 24, the platform has a responsibility to prioritize user wellbeing and safety beyond simple disclaimers.”

The lawsuit alleges that the defendants “designed their product with dark patterns and deployed a powerful LLM to manipulate Sewell – and millions of other young customers – into conflating reality and fiction.”

Encode emphasizes that AI chatbots cannot substitute for professional mental health treatment and support. The organization calls for:

  • Enhanced transparency in systems that target young users.
  • Prioritization of user safety in emotional chatbot systems.
  • Immediate investment into prevention mechanisms.

We extend our deepest condolences to Sewell Setzer III’s family and friends, and join the growing coalition of voices that are demanding increased accountability in this tragic incident.

About Encode: Encode is the world’s first and largest youth movement for safe and responsible artificial intelligence. Powered by 1,300 young people across every inhabited continent, Encode fights to steer AI development in a direction that benefits society.

Media Contact:

Cecilia Marrinan

Deputy Communications Director, Encode

cecilia@encodeai.org

Comment: Reporting Requirements for the Development of Advanced Artificial Intelligence Models and Computing Clusters (BIS)

Department of Commerce

Undersecretary of Commerce for Security and Industry

Bureau of Industry and Security

14th St NW & Constitution Ave. NW

Washington, DC 20230

Comment on Establishment of Reporting Requirements for the Development of Advanced Artificial Intelligence Models and Computing Clusters

Encode Justice, the world’s first and largest youth movement for safe, equitable AI writes to express our support for the Bureau of Industry and Security’s (BIS) proposed reporting requirements for the Development of Advanced Artificial Intelligence Models and Clusters. The proposed rule would create a clear structure and method of implementation for sections 4.2(a)(i) and 4.2(a)(ii) under Executive Order 14110.1 In light of the massive potential benefits and risks of dual-use foundation models for American national security, it is critical that our security apparatus has a clear window into the activities of the companies developing these systems.2

Transparency for national security

There is no doubt that today we are leading the race to develop Artificial Intelligence. Overly burdensome regulations could stifle domestic innovation and potentially undermine national security efforts. We support the Bureau of Industry and Security’s proposed rules as a narrow, non-burdensome method of increasing developer-to-government transparency without covering small entities. This transparency is key to ensuring that models released to the public are safe, the military and government agencies can confidently adopt AI technologies, and that dual-use foundation model developers are responsibly protecting their technologies from theft or tampering by foreign actors.

The military or government falling behind on the adoption of AI technologies would not only hurt government efficiency domestically but harm our ability to compete on the world stage. Any measures that can facilitate the confident military and government adoption of AI should be treated as critical to our national security and global competitiveness. Integrating these technologies is only possible when we can be confident that the frontier of this technology is safe and reliable. Reliability and safety are critical, not counter, to maintaining our international competitiveness.

A nimble approach

As we have long stated, government reactions to AI must be nimble. This technology moves rapidly, and proposed rules should be similarly capable of swift adaptation. Because BIS maintains the ability to change the questions asked in surveys and modify the technical conditions for covered models, these standards will not become obsolete within two or three generations of model development.

We believe the timing of reports could also be improved. Generally, a quarterly survey should be adequate but there are circumstances in which BIS authority to request reporting out of schedule may be necessary. Recent reporting indicates that one of the largest frontier model developers provided its safety team just 9 days to test a new dual-use foundation model before being released.3 After additional review post-launch, the safety team re-evaluated the model as unsafe. Employee accounts differ as to the reason. There is currently no formal mechanism for monitoring such critical phases of the development process. Under the current reporting schedule, BIS may have gone as long as two and a half months before learning of such an incident. For true transparency, BIS should retain the ability to request information from covered developers outside of the typical schedule under defined certain circumstances. These circumstances should include a two-week period before or after a new large training run and a two-week period leading up to the public release of a new model.

Clarifying thresholds for models trained on biological synthesis data

One area for improvement is the definition of thresholds for models trained on biological synthesis data. While we support a separate threshold for such models, the current definition of “primarily trained on biological synthesis data” is ambiguous and could lead to inconsistencies. If read as being a simple majority of the total training data, there are models that should be covered that would not be. You may, for example, have a model where the training data is 60% biological synthesis data and another where it is only 40%. In this scenario, if the second model is trained on twice as much total data as the first model, the total amount of biological synthesis data the model is trained on may be higher than the first while evading the threshold as currently defined.

As an alternative, we would suggest either setting a clear percentage threshold on the ratio of data for a model to be considered “primarily” trained on biological synthesis data, or setting a hard threshold on the total quantity of biological synthesis data trained on instead of a ratio. Both methods are imperfect. Setting the definition as a ratio of training data means that some models trained on a higher total quantity but a lower overall percentage of biological synthesis data may be left uncovered, while smaller models trained on less total data but a higher overall percentage may be unduly burdened. Shifting to a hard threshold on the total quantity of biological synthesis data would leave the threshold highly susceptible to advances in model architecture, but may provide more overall consistency. Regardless of the exact method chosen, this is an area in the rules that should be clarified before moving forward.

Regular threshold reevaluation

More broadly, BIS should take seriously its responsibility to regularly reevaluate the current thresholds. As new evaluation methods are established and standards agreed upon, more accurate ways of determining the level of risk from various models will emerge. Firm compute thresholds are likely the best proxy for risk currently available but should be moved away from or modified as soon as possible. Models narrowly trained on biological synthesis data well below the proposed thresholds, for example, could pose an equal or greater risk than a dual-use foundation model meeting the currently set threshold.4 Five years from now, the performance of today’s most advanced models could very well be emulated in models with a fraction of the total floating point operations.5 Revised rules should include a set cadence for the regular revision of thresholds. With the current pace of advancements, a baseline of twice-yearly revisions should be adequate to maintain flexibility without adding unnecessary administrative burden. In the future, it may be necessary to increase the regularity of revisions if rapid advancements in model architecture cause high fluctuations in the computational cost of training advanced models.

Conclusion

The proposed rulemaking for the establishment of reporting requirements for the development of advanced AI models and computing clusters is a flexible, nimble method to increase developer-to-government transparency. This transparency will bolster public safety and trust, ensure the government and military can confidently adopt this technology, and verify the security of dual-use frontier model developers. In an ever-changing field like AI, BIS should maintain the ability to change the information requested from developers and the thresholds for coverage. The revised rules should include a clarified definition of “primarily trained on biological synthesis data” and the flexibility to request information from developers outside of the normal quarterly schedule under certain circumstances. 

Encode Justice strongly supports BIS’s proposed rule and believes that, with the suggested adjustments, it will significantly enhance both American national security and public safety.

  1. U.S. Executive Order 14110. “Further Providing for the National Emergency with Respect to the COVID-19 Pandemic.” 2020. Federal Register. ↩︎
  2. Ryan Heath, “U.S. Tries to Cement Global AI Lead With a ‘Private Sector First’ Strategy,” Axios, July 9, 2024, https://www.axios.com/2024/07/09/us-ai-global-leader-private-sector.
    ↩︎
  3.  “OpenAI’s Profit-Seeking Move Sparks Debate in AI Industry.” The Wall Street Journal, October 5, 2023. https://www.wsj.com/tech/ai/open-ai-division-for-profit-da26c24b. ↩︎
  4.  James Vincent, “AI Suggested 40,000 New Possible Chemical Weapons in Just Six Hours,” The Verge, March 17, 2022, https://www.theverge.com/2022/3/17/22983197/ai-new-possible-chemical-weapons-generative-models-vx
    ↩︎
  5. Cottier, B., Rahman, R., Fattorini, L., Maslej, N., & Owen, D. (2024). The rising costs of training frontier
    AI models [Preprint]. arXiv. https://arxiv.org/pdf/2405.21015.
    ↩︎