On September 28th the Data Exchange and Intelligence Forum took place in Amsterdam as part of project CPORT. The goal of this event was to bring stakeholders together to explore and optimise the direct data and information exchange across sectors in the fight against Child Sexual Abuse Material (CSAM). The CPORT Project facilitates information exchange and intelligence flow between key players by providing law enforcement agencies with access to ICCAM.


Over 60 representatives from key players such as INTERPOL, Europol, The European Commission, Discord, WeTransfer, Ziuz Forensic Investigation, Council of Europe, and WeProtect Global Alliance, as well as law enforcement officials from 14 different countries within the EU and hotlines representatives from 19 different countries, came together to exchange knowledge and experiences.

Welcoming

The Data Exchange and Intelligence Forum began with Denton Howard, Executive Director of INHOPE, welcoming the audience and encouraging the participants to actively engage and network throughout the day.

Project CPORT and ICCAM

Chloe Comstock, Product Manager at INHOPE and Jos Flury, Project Executive at ZIUZ Forensic Investigation, introduced the work of INHOPE and explained how the INHOPE secure platform ICCAM works. Participants were informed about the data flow and functionality of ICCAM and explained how reports are assessed by hotlines, processed on the platform and shared with INTERPOL.

Once the audience was familiar with ICCAM, Chloe and Jos introduced project CPORT. One of the main goals of this project is to build on the current functionality of ICCAM by developing a secure access portal for law enforcement. This is intended to facilitate intelligence and information flow between key players in this field, such as INTERPOL, national law enforcement departments and the INHOPE network of hotlines.

The system will further improve image and video hash sharing to reduce duplication and hotline exposure to known CSAM material and enable a two-way data exchange between law enforcement and hotlines. This in turn will allow hotlines to directly contribute to the ICSE database and INTERPOL 'Worst Of' List (IWOL) - a list of domains that disseminate the most severe CSAM worldwide.

The system will be available for law enforcement agencies located in countries with INHOPE member hotlines in 2024. Among its main objectives project CPORT will focus on improving the efficiency of victim identification and decreasing the public access to online CSAM.

Obstacles and possibilities in the joint fight against CSAM

The Forum went on with a multi-sectoral panel discussion where Meltini Christodouloki, Data Protection Officer at Safeline/FORTH, Regis Villette, Head of the French National Centre for CSEM analysis, Rolando Vega, Senior Manager of the Legal Response Team at Discord, and Rui Vieira, Criminal Intelligence Officer at Crimes Against Children at INTERPOL discussed the obstacles and possibilities in the joint fight against CSAM. The panel discussion was chaired by Grete Raidma, Project Manager at INHOPE.

Among the major challenges, the panellists underlined the difficulties connected to different jurisdictions and the lack of a harmonised procedural mechanism on a global scale. Panellists also noted that criminals have become more tech-savvy and use different techniques like platform hopping and ICAP (invite child abuse pyramid) sites which make the detection more complex.

While on the potential proactive improvement, they remarked on the importance of harmonising national legislations with a focus on countries with high online crime rates, enhancing cooperation with the private sector, and being able to “speak the same language” by having common definitions and ways of communication in relation to child sexual abuse and exploitation online.

The panel discussion concluded with panellists unanimously stating that it is extremely difficult but crucial to find the right balance between protecting user privacy while still effectively counteracting to child sexual abuse and exploitation online. Encryption was highlighted as one of the main challenges related to these investigations.

Some examples of balancing the combat of this crime while ensuring user privacy that were mentioned were hash matching used through AI, a heavy focus on policies, ensuring that users are informed about detection tools, and PhotoDNA. All panellists agreed that there is still much work to be done and cross-sector cooperation is important for the way forward.

CSAM Information leading to successful CSAM investigation

Yves Goethals, Judicial Commissioner at the Belgian Federal Police, took the participants through the main stages of a CSAM investigation process, going from the initial reception of intelligence or information, assessment of the content (i.e., legal or illegal), redaction of police report and start of the investigation. He further introduced the role of the LEAs intelligence channels and explained the minimum requirements needed for CSAM investigation, such as identifiable elements.

In reference to challenges faced by law enforcement, he highlighted the necessity for uniformed reports, the importance of building on trust between different stakeholders from different sectors and finding the balance between the right to privacy and crime fighting. Questions from the audience focused on tips on how to involve more law enforcement departments within the CPORT project, and if a standardised approach (e.g., a frame of good practices) with the aim to tackle CSAM and in-person abuse could be a possible approach from a law enforcement agencies’ stand.

Innovative ways to tackle CSAM

Jeff Sen the Head of Trust and Safety at WeTransfer delivered a comprehensive presentation on WeTransfer's robust strategies for proactively preventing the upload of Child Sexual Abuse Material (CSAM) to their encrypted servers and effectively identifying already uploaded CSAM. Despite the inability to access the encrypted content, WeTransfer exemplified its commitment to responsibility by carefully looking at the behaviours of its user base, both uploaders and downloaders.

WeTransfer places the highest priority on CSAM detection and employs three approaches on its platform:

1. Leveraging 3rd party tools.
2. Implementing in-house solutions.
3. External reports.

In collaboration with the Internet Watch Foundation (IWF), WeTransfer has integrated the PhotoDNA technology into their platform. This integration enables immediate recognition and action upon the presence of known CSAM materials, ensuring prompt removal and reporting. Additionally, WeTransfer maintains a close and effective partnership with the Dutch National Police to enhance their efforts.

WeTransfer has successfully harnessed an in-house solution known as the Header Referral tool. This tool empowers WeTransfer to identify and block traffic originating from suspicious websites, thereby preventing them from utilising their services. Regrettably, this approach sometimes prompts perpetrators to migrate to alternative cloud-based file transfer services that lack traffic origin checks, granting them the means to continue disseminating Child Sexual Exploitation Material (CSEM).

SCARt.io

Wido Potters from AbuseIO introduced the organisation and explained that its objective is to provide resources that help to combat internet abuse with a particular focus on Open-Source Software (OSS) and tools based on open standards to help manage and detect abuse. Furthermore, he introduced SCARt (Sexual Child Abuse Reporting Tool) a software tool developed by AbuseIO that automates and simplifies CSAM handling and reporting processes.

He helped the audience navigate through the basic functionality of the tool and illustrated the interface and the main follow-up action that can be initiated within SCARt (e.g., input, data gathering, compute, sharing, and output). Questions from the participants addressed the following subjects: accuracy of the SCARt tool, cryptographic hashing matches, the potential use of perpetual hashing (normally implemented to determine whether images or videos are very similar), and available languages of the SCARt tool (i.e., currently Dutch and English).

Key takeaways and closing

Denton Howard and Grete Raidma concluded the Forum by congratulating the participants for embracing and enriching the sessions, and warmly thanking everyone for joining the Forum. The discussions that were held at the Forum reflect that there is a clear necessity to continually improve information exchange between the stakeholders from different sectors. Looking forward, we need to find more innovative ways to enhance communication sustainability across our community that aim for a collective effort in combating online child abuse.


During the CPORT Data Exchange & Intelligence Forum many key stakeholders had the opportunity to meet in person and discuss the future of data exchange within online child protection. If you would like to be part of the discussion and keep yourself in the loop make sure to register for the CPORT newsletter.